Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Implementation method and device for security gateway based on stream strategy

A technology of a security gateway and an implementation method, which is applied in the field of data communication, can solve problems such as poor parallelism, low utilization efficiency of processors, multi-core processors, and large repetitions, so as to improve the degree of parallelism, improve utilization efficiency, The effect of improving query efficiency

Inactive Publication Date: 2012-11-28
成都卫士通信息产业股份有限公司
View PDF3 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide an integrated multi-functional security gateway implementation method based on flow policy, aiming at solving the problem of each security function module in the prior art. Policy query and matching lead to poor parallelism and a large amount of repetition, resulting in very low processing efficiency of data packets and utilization efficiency of processors, especially multi-core processors.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Implementation method and device for security gateway based on stream strategy
  • Implementation method and device for security gateway based on stream strategy
  • Implementation method and device for security gateway based on stream strategy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] Embodiment one: if figure 2 As shown, the implementation process of the flow policy-based integrated multifunctional security gateway implementation method provided by the embodiment of the present invention is described in detail as follows:

[0046] In step 1, the processor defines the data flow according to the quintuple combined with the address mask and the port range, and performs unified policy setting on the data flow, and configures only one flow policy covering a specific security function for the data flow. A flow policy forms a flow policy list;

[0047] In step 2, the processor starts a plurality of safety function detection threads to implement each safety function respectively. On a multi-core platform, different processor cores can run different function threads, so that each function module can achieve maximum parallelism.

[0048] In step 3, the processor queries and matches the data packet received by the network card with each flow policy in the fl...

Embodiment 2

[0050] Embodiment 2: On the basis of Embodiment 1, the flow policy list in step 1 includes multiple flow policies, and the flow policies are different quintuple information, different address masks, different port ranges and multiple security function flags composed flow policy.

Embodiment 3

[0051] Embodiment three: on the basis of embodiment one or two, as image 3 As shown, the specific process of querying and matching the data message received by the network card in step 3 with each flow policy in the flow policy list is described in detail as follows:

[0052] Step 31: By ANDing the source IP address of the data message received by the network card and the destination IP address of the data message with the address mask of each flow policy, if the AND operation result is the same as the source IP address in the flow policy If the destination IP address of the traffic policy is the same, the source IP address of the data packet and the destination IP address of the data packet meet the conditions; otherwise, the data packet is deemed not to match the policy;

[0053] Step 32: By judging that the source port address of the data message received by the network card and the destination port address of the data message received by the network card correspond to the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of data communication, in particular to an implementation method and device for a security gateway based on a stream strategy. The implementation method for the security gateway based on the stream strategy provided aims to solve the problem that in the prior art, the processing efficiency of data messages and the utilization ratio of the processor, in particular the multi-core processor are very low. The strategy is uniformly set for the data stream by combining address mask and port range according to quintuple. One-step stream strategy match is carried for a data message and associated security function module is invoked on demand according to the match result, therefore, the inquiry efficiency of the stream strategy is enhanced when multiple security function modules coexist. The invention is mainly applied to the field of data communication.

Description

technical field [0001] The invention relates to the field of data communication, in particular to a method and device for realizing an integrated multifunctional security gateway based on a flow policy. Background technique [0002] At present, UTM (Unified Threat Management, network security products) and other multi-functional security gateway devices on the market usually use software processing procedures in which each security function configures and queries security policies separately, and each security function can only process data serially Messages cannot be processed in parallel. A data message has to go through many times of policy retrieval and processing in the entire system, which is very inefficient. The more functions there are, the worse the actual processing effect is. The processing model is as follows: figure 1 Shown: [0003] After the network card receives the data message, it needs to go through the layer-by-layer interception processing of multiple ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/66H04L29/06
Inventor 罗俊
Owner 成都卫士通信息产业股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com