Skip to content

Sakshiii963/linux-network-optimizer-firewall

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.Module.symvers.cmd
.Module.symvers.cmd
 
 
.firewall.ko.cmd
.firewall.ko.cmd
 
 
.firewall.mod.cmd
.firewall.mod.cmd
 
 
.firewall.mod.o.cmd
.firewall.mod.o.cmd
 
 
.firewall.o.cmd
.firewall.o.cmd
 
 
.modules.order.cmd
.modules.order.cmd
 
 
MakeApp
MakeApp
 
 
Makefile
Makefile
 
 
Module.symvers
Module.symvers
 
 
README.md
README.md
 
 
all_rules.txt
all_rules.txt
 
 
all_rules.txt.tgz
all_rules.txt.tgz
 
 
black_add.txt
black_add.txt
 
 
create_dev.sh
create_dev.sh
 
 
create_nw.sh
create_nw.sh
 
 
delete_nw.sh
delete_nw.sh
 
 
firewall.c
firewall.c
 
 
firewall.ko
firewall.ko
 
 
firewall.mod
firewall.mod
 
 
firewall.mod.c
firewall.mod.c
 
 
firewall.mod.o
firewall.mod.o
 
 
firewall.o
firewall.o
 
 
firewall_app
firewall_app
 
 
firewall_app.cpp
firewall_app.cpp
 
 
firewall_app.o
firewall_app.o
 
 
firewall_ioctl.h
firewall_ioctl.h
 
 
info.txt
info.txt
 
 
iptables.sh
iptables.sh
 
 
modules.order
modules.order
 
 
network_commands_list.txt
network_commands_list.txt
 
 
udp_client
udp_client
 
 
udp_client.c
udp_client.c
 
 

Repository files navigation

Linux Network Optimization & Kernel Firewall

Overview

This project implements a high-performance Linux kernel module that optimizes inter-network namespace communication and integrates a scalable in-kernel firewall.

It reduces packet traversal overhead by bypassing virtual bridges and enables efficient firewall rule management using Red-Black Trees.

Key Features

Inter-Namespace Optimization

  • Direct packet reinjection using MAC-based routing
  • Eliminates multiple virtual bridge hops
  • Achieved ~71% latency reduction (1.74 ms → 0.51 ms)

Scalable Kernel Firewall

  • Implemented using Red-Black Trees
  • O(log n) rule lookup vs iptables' O(n)
  • Reduced CPU usage from ~89% → ~0.7%

User-Kernel Communication

  • ioctl-based interface via character device
  • Supports dynamic rule insertion/deletion from user space

Tech Stack

  • C (Linux Kernel Development)
  • C++ (User-space application)
  • Netfilter Hooks
  • Linux Networking Stack

Components

  • firewall.c → Kernel module (routing + firewall logic)
  • firewall_app.cpp → User-space control application
  • Additional test utilities (UDP client, scripts, etc.)

Results

  • Significant latency reduction in inter-namespace communication
  • High scalability under large rule sets
  • Efficient CPU utilization compared to iptables

About

High-performance Linux kernel module for namespace packet optimization and scalable firewall (Netfilter + RB Trees)

Topics

performance networking firewall linux-kernel systems-programming netfliter

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages