Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for using NFQUEUE mechanism to realize gateway

A mechanism and gateway technology, which is applied in the field of gateways using the NFQUEUE mechanism, can solve problems affecting product portability and stability, insufficient matching data package options, and no statistical data display, etc., to achieve rich statistical data display and development The effect of low difficulty and convenient operation

Inactive Publication Date: 2015-11-25
般固(北京)网络科技有限公司
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1) The options for matching data packets are not rich enough (such as matching data packets according to content, matching according to a set of IP addresses);
[0007] 2) Implementing new matching options requires writing a kernel module, which affects product portability;
[0008] 3) It does not provide rich statistical data display (such as: a user's current connection, bandwidth, and new additions per second). If you want to realize rich statistical data functions, you need to modify the Linux kernel, which will affect the portability and stability of the product

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for using NFQUEUE mechanism to realize gateway

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention belong to the protection scope of the present invention.

[0041] Such as figure 1 As shown, a method for implementing a gateway using the NFQUEUE mechanism according to an embodiment of the present invention includes the following steps:

[0042] Step 1: Grab data packets from the pre-configured network card through the pre-set NFQUEUE mechanism;

[0043] Step 2: Receive the data packet from the NFQUEUE mechanism through a preset user state process, and read the data packet through a preset calling function;

[0044] Step 3: The user state process...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for using an NFQUEUE mechanism to realize a gateway. The method comprises the steps of: 1, grabbing a data packet from a network card by means of the NFQUEUE mechanism; 2, receiving the data packet from the NFQUEUE mechanism through a user state process, and reading the data packet; 3, matching data packet information with a connection table by the user state process, if the data packet information is matched with one connection record in the connection table, then modifying and forwarding the data packet, and jumping to a step 5, otherwise carrying out a step 4; 4, according to strategies configured by a user, carrying out comparison one by one between strategy information and the data packet information by the user state process, and when the data packet is matched with the strategy information, carrying out an operation instruction matched with the strategy information on the data packet, simultaneously establishing a connection record, and storing the record into the connection table; and 5, monitoring the state of connection records in the connection table, and when connection is overtime, executing an operation instruction for releasing the connection, and executing an operation instruction for jumping to the step 1.

Description

technical field [0001] The invention relates to computer network technology, in particular to a method for realizing a gateway by using the NFQUEUE mechanism. Background technique [0002] Since the private address in address translation in the prior art cannot be on the public network, in order to solve the problem of insufficient IP addresses, address translation technology has emerged; before the private address accesses the public network, source address translation (SNAT) needs to be performed on the gateway device ; Destination address translation (DNAT) is often used to convert the destination address of public network access to the address of the intranet server; source-destination address translation (FULLNAT) refers to the translation of both the source address and the destination address. [0003] In addition, Netfilter is a firewall framework of the Linux kernel. Users can add policy matching data packets to the firewall framework through the iptables command, an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12H04L12/66
Inventor 高明
Owner 般固(北京)网络科技有限公司