Policy tree based packet filtering and management method

A technology of packet grouping and management method, which is applied in the field of packet filtering and management based on the policy tree, which can solve problems such as network performance bottlenecks, potential safety hazards, and difficulty in policy management, and achieve the effect of improving processing efficiency

Inactive Publication Date: 2005-04-06
JIANGSU NANDASOFT TECHNOLOGY COMPANY LIMITED +1
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When the firewall filters data packets, the firewall compares the parameters in the data packet with the rules in the rule table to generate the next processing action. With the increase of the number of rules in the rule table, the first It will become more and more difficult for users to manage policies, and it is easy to cause security risks caused by misoperations such as accidental deletion of policies. At the same time, the search performance of the rule table will be significantly reduced, resulting in network performance bottlenecks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Policy tree based packet filtering and management method
  • Policy tree based packet filtering and management method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0079] The present invention is applied as a policy analysis engine module in the firewall device, and the module completes the policy search for the data package, and returns the next security action of the data package and the attribute information that the data package should have in the subsequent action.

[0080] Get the data packet from the buffer, after basic security processing, judge whether the data packet is the first data packet of a session connection, if it is not the first data packet, it means that this session has already done the policy search work, and the corresponding information Should have been recorded in the state table item, then the data packet will be processed by the state table processing module. Otherwise, enter the strategy analysis engine module. Processing steps such as figure 1 shown.

[0081] The specific processing steps are:

[0082] Step 41: Get the IP layer and transport layer header information of the data packet.

[0083] Step 42: ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

It is a message division filter and management method based on strategy tree, which comprises the following steps: first to align strategy to users and pre-edit strategy tree; to generate strategy tree memory image by pre-edit files; to get network card subarea property through data pack pre-process; then to inject data pack into strategy tree analyze engineer to get next operation of data pack and its relative property.

Description

technical field [0001] The invention provides a method for grouping and filtering messages by adopting a tree structure to organize and manage user policies, and taking the generation and search of the policy tree as the core. Background technique [0002] Packet filtering is the way to implement firewalls. Packet filtering is implemented at the IP layer, so it can be done only with routers. Packet filtering judges whether to allow the packet to pass according to the header information such as the source IP address, destination IP address, source port, destination port, and packet transmission direction of the packet. [0003] Packet filters are widely used because the CPU spends negligible time on packet filtering. Moreover, this protective measure is transparent to users, and legitimate users do not feel its existence at all when entering or exiting the network, so it is very convenient to use. Another key weakness of packet filtering is that it...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L47/20
Inventor 蔡圣闻齐竞艳李论秦立鹏
Owner JIANGSU NANDASOFT TECHNOLOGY COMPANY LIMITED
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap