A system and method based on ip message quintuple filtering strategy

A technology of IP packets and quintuples, applied in the field of network security, can solve problems such as increasing system call overhead, achieve the effects of enhancing monitoring capabilities, reducing overhead, and improving performance

Active Publication Date: 2014-10-22
DAWNING INFORMATION IND BEIJING +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It uses a lot of Linux kernel resources and increases the overhead caused by system calls

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A system and method based on ip message quintuple filtering strategy
  • A system and method based on ip message quintuple filtering strategy
  • A system and method based on ip message quintuple filtering strategy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The method mainly detects the source-destination IP address, source-destination port and protocol of the network data packet, and matches them with the source-destination IP address, source-destination port and protocol in the rule table. For data packets with consistent results, filter the results according to the rules, analyze the packet header information and filtering actions, and judge whether to send blocking packets and which type of blocking packets to send.

[0024] The invention adopts FPGA programmable technology to filter the source-destination IP address, source-destination port and protocol. First, write the rule table set by the user to a certain address of the QDR through the PCIe interface according to a certain algorithm. When the FIFO storing the quintuple has data, read a set of data from the FIFO, and pass the quaternion according to the same The algorithm calculates and stores the corresponding rules in QDR, compares them after taking them out, if...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a system and a method based on IP (Internet Protocol) message quintuple filtering strategy. The system comprises a quintuple FIFO (First-in, First-out), a DispatchFSM (Finite State Machine) arbitration module, HashFilters, a result collector module and an SRAM (Static Random Access Memory) access controller, wherein FIFO data storing quintuple is dispensed in a plurality of HashFilters through the DispatchFSM arbitration module; and the SRAM access controller reads the data from a plurality of Hash filters and conducts rule matching. The method comprises the following steps: a rule list set by a user is written into some address of QDR (Quad Data Rate) according to a certain algorithm through a PCIE (Peripheral Component Interface Express) interface at first, and when data is available in FIFO storing the quintuple, a group of data is read from the FIFO, rules stored in the QDR, which correspond to the data, are calculated according to the same algorithm through a tetrad and then extracted for comparison with the data, in case of successful matching, an action message in the rules is extracted and transmitted to a follow-up module, and a corresponding data packet is generated according to requirement of the user. By adopting the system and the method based on the filtering strategy, inner core resource can not be occupied too much, and the expenditure on system calling is reduced.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to a system and method based on IP message quintuple filtering strategy. Background technique [0002] The patent application with publication number CN101068229 is based on the Linux system platform, which realizes network content analysis and real-time monitoring. The purpose of filtering application layer information at the network layer is realized, and the network filter Netfilter framework is used to collect and filter data packets in the kernel state. It uses a lot of Linux kernel resources and increases the overhead caused by system calls. [0003] The invention adopts the FPGA to realize the strategy of filtering the source-destination IP address, source-destination port and protocol in the IP packet, which can liberate the CPU, thereby improving the performance of the host, enhancing the monitoring ability of the network, and ensuring the security of the networ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/883H04L49/9015
Inventor 白宗元刘朝辉窦晓光张磊邵宗有
Owner DAWNING INFORMATION IND BEIJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap