Method, device and apparatus for message forwarding of firewall equipment, and storage medium

A packet forwarding and firewall technology, applied in the field of network security, can solve the problems of large memory space, increased probability of cache access failure, and the overall forwarding performance of firewall devices, so as to save memory space, improve overall forwarding performance, and avoid cache access. The effect of increasing the probability of failure

Active Publication Date: 2019-02-19
NEUSOFT CORP
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Embodiments of the present invention provide a packet forwarding method, device, device, and storage medium for a firewall device to solve the problem of constructing session entries in a memory pool in advance in an existing firewall device and consuming a large amount of memory in advance space, which leads to an increase in the probability of cache access failure when there are many session entries, which greatly reduces the overall forwarding performance of the firewall device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and apparatus for message forwarding of firewall equipment, and storage medium
  • Method, device and apparatus for message forwarding of firewall equipment, and storage medium
  • Method, device and apparatus for message forwarding of firewall equipment, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] figure 1 It is a flow chart of the message forwarding method of the firewall device provided in Embodiment 1 of the present invention; figure 2 A schematic structural diagram of a simplified session array hash table provided by Embodiment 1 of the present invention. The embodiment of the present invention aims at constructing the session table items in the memory pool in advance in the existing firewall device, which consumes a large amount of memory space in advance, resulting in an increase in the probability of cache access failure when there are many session table items, so that the overall firewall device For the problem of significant drop in forwarding performance, a packet forwarding method for firewall devices is provided. The method in this embodiment is applied to a firewall device. Such as figure 1 As shown, the specific steps of the method are as follows:

[0048] Step S101. Obtain a message to be forwarded, where the message to be forwarded includes 5...

Embodiment 2

[0074] image 3 It is a flow chart of the message forwarding method of the firewall device provided in Embodiment 2 of the present invention; Figure 4 It is a schematic structural diagram of a general session hash list provided by Embodiment 1 of the present invention. On the basis of the first embodiment above, in this embodiment, if there is no simplified session entry matching the message to be forwarded in the simplified session array hash table, query the pre-built general session hash according to the hash value Whether there is a general session entry address matching the packet to be forwarded in the linked list; if there is a general session entry address matching the packet to be forwarded in the general session hash list, then according to the matching general session entry address Obtain the matching general session entry from the general session table, and forward the message to be forwarded according to the matching general session entry. Such as image 3 As sh...

Embodiment 3

[0113] Figure 5 It is a schematic structural diagram of a packet forwarding device of a firewall device provided in Embodiment 3 of the present invention. The packet forwarding device of the firewall device provided in the embodiment of the present invention can execute the processing procedure provided in the embodiment of the packet forwarding method of the firewall device. Such as Figure 5 As shown, the packet forwarding device 50 of the firewall device includes: a data acquisition module 501 , a hash module 502 , a matching processing module 503 and a forwarding processing module 504 .

[0114]Specifically, the data obtaining module 501 is configured to obtain a message to be forwarded, and the message to be forwarded includes quintuple data.

[0115] The hash module 502 is configured to calculate the hash value of the five-tuple data.

[0116] The matching processing module 503 is configured to query whether there is a simplified session entry matching the message to...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a method, a device, and an apparatus for message forwarding of firewall equipment, and a storage medium. The method comprises the following steps: obtaining ato-be-forwarded message which comprises quintuple data; calculating a hash value of the quintuple data; querying whether a simplified session table item matched with the to-be-forwarded message existsin a simplified session array hash table previously built in the current CPU or not according to the hash value; obtaining a corresponding session table item template according to a template sessionaddress in the matched simplified session table item if the simplified session table item matched with the to-be-forwarded message exists in the simplified session array hash table; and forwarding theto-be-forwarded message according to the session table item template. According to the method, the device, and the apparatus for message forwarding of firewall equipment, and the storage medium, a large amount of memory space can be saved during the whole forwarding process; the problem that cache access failure probability is increased when a session table item is large due to large memory spaceoccupation can be avoided; and the stability of the overall forwarding performance of the firewall device can be improved.

Description

technical field [0001] The embodiments of the present invention relate to the technical field of network security, and in particular to a message forwarding method, device, device and storage medium of a firewall device. Background technique [0002] A firewall is a network security system located between an internal network and an external network, which allows or restricts the transmission of data according to specific rules. [0003] The robustness and high performance of the firewall's forwarding system have become important indicators to promote the development of the firewall. Especially with the development of science and technology, the performance of the network card has been upgraded to 10G level, and the replacement of the CPU is still unable to adapt to the performance improvement of the network card. If you want to match such a high-performance network card, you need to buy an expensive CPU to achieve the forwarding performance of the firewall. promote. Even i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/743H04L29/06
CPCH04L45/7453H04L63/0236
Inventor 刘健男党丽娜
Owner NEUSOFT CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap