摘要
流过滤技术是对包过滤、状态检测及应用代理的一种"融合",实现了高性能、可扩展、透明的对应用层协议的保护。分析了流过滤技术的基本原理以及实现原理,并对流过滤技术和其他防火墙技术进行了比较;详细研究了流过滤的实现过程,针对流过滤技术实现过程中的大量TCP报文重组问题,提出了一种解决方案;最后指出流过滤防火墙并不是完全透明的以及进一步研究的方向。
Flow filtration technology is a kind of "integration" which compounds packet filtration, state detection and the agent of application. This technology helps to realize the high performance, scalability and the transparent management protection to the application layer. This paper analyzes the basic theories and implementation principles of the flow filtration technology and makes a comparison between flow filtration technology and other firewall techniques. Pealization process also has been studied in detail here. In view of massive TCP text reorganization question in the realization process of flow filtration technology this paper proposes a kind of solution. Finally, this paper points out that filtering firewall is not entirely transparent and directions in future study.
出处
《计算机安全》
2009年第2期57-59,共3页
Network & Computer Security
关键词
流过滤技术
TCP/IP协议栈
报文重组
透明
Flow filtration technology
TCP / IP protocol stack
Packet reorganization
Transparent
