Unlock instant, AI-driven research and patent intelligence for your innovation.

Packet filtering method, system and device

A packet filtering and IP packet technology, applied in the field of communications, can solve the problem that network devices cannot implement the URPF function, and achieve the effect of reducing requirements and preventing network attacks.

Inactive Publication Date: 2010-05-12
ZTE CORP
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Many network devices use ASIC chips to implement data forwarding. At present, most ASIC chips do not support the URPF function, which makes these network devices unable to implement the URPF function.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Packet filtering method, system and device
  • Packet filtering method, system and device
  • Packet filtering method, system and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The technical solutions of the present invention will be described below with reference to the accompanying drawings.

[0028] refer to figure 1 , the packet filtering method according to the present invention is described. The method includes the following steps: S102, enable a unicast reverse path lookup function on one or more interfaces of a network device, and bind a first access control list on one or more interfaces to prevent all routing The IP packet is passed; S104, adding device routing information to the forwarding table corresponding to one or more interfaces with a unicast reverse path lookup function, wherein the device routing information includes source IP address, mask, and outgoing interface information; S106, Bind a second access control list to one or more interfaces of the network device, where the second access control list has a higher priority than the first access control list, and the second access control list only allows source IP addresses...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a message filtering method, system and device. The method includes the following steps: S102, starting a uni-cast reverse-direction look-up path function on one or more interfaces of a network device and bonding a first access control list on the one or more interfaces to prevent IP messages of all desired routes to pass through; S104, adding device route information in forwarding table corresponding to the one or more interfaces of the uni-cast reverse-direction look-up path function by the network device, wherein the device route information including source IP address, mask and outlet interface information; and S106, bonding a second access control list at one or more interfaces of the network device, wherein the priority of the second access control list is higher than the first access control list; and the second access control list only allows the message having a source IP address matching that of the device route information to pass through.

Description

technical field [0001] The present invention relates to the field of communications, and more particularly to a message filtering method, system and device. Background technique [0002] URPF is short for Unicast Reverse Path Forwarding. URPF obtains the source address and inbound interface of the packet, and uses the source address as the destination address to look up the route in the forwarding table. In loose mode, as long as the route is found, it will pass; in strict mode, the interface corresponding to the source address found in the forwarding table must match the incoming interface to pass. Otherwise, the source address is considered to be spoofed, and the packet is discarded. Many network devices use ASIC chips to implement data forwarding. At present, most ASIC chips do not support the URPF function, so these network devices cannot implement the URPF function. The main function of URPF is to prevent network attacks based on source address spoofing, and more and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/56H04L29/06H04L45/74
Inventor 陈遗保
Owner ZTE CORP