Network packet classification is a key functionality for packet filters and firewalls, and its performance is crucial for such systems to maintain a high packet throughput under heavy load situations. However, many existing packet filters employ slow classification algorithms which cannot provide the required lookup performance due to slow rule set traversal. In this work, we address this problem by providing a novel rule set transformation strategy called Minflate which combines the advantages of existing orthogonal transformation schemes by first minimizing a source rule set and then encoding decision trees into the minimized rule set. Our results show that the Minflate-generated rule sets are both small and can in many cases be traversed faster than rule sets transformed by existing techniques in isolation.
