摘要
为了在网络设备中嵌入防火墙状态检测系统,研究防火墙状态检测技术,设计了一种状态检测系统,以及通用的状态机模型,记录和维护网络中所有通信连接的状态和过程,并根据状态机模型进行连接的状态变迁,保证通信的完整性和安全性,支持更多应用、协议。同时还提出了一种基于IP流的报文快速转发算法,实验证明该算法可以加快报文的转发效率,并在保证系统安全的同时,有效提高系统性能。
In order to embed the state inspection system of firewall into network device,the state inspection technology of firewall is studied.A state inspection system and a universal status machine model are designed,which could record and maintain the state and the process of all the communication connections in the network,change the state of the connections according to the status machine model,ensure the integrity and security of communications,and support more applications and protocols.And this paper also proposes a fast packet forwarding algorithm based on IP flow.The experiment indicates that the algorithm could raise the forwarding efficiency of packets,and improve the system performance effectively while guarantee the system security.
出处
《通信技术》
2011年第5期74-76,共3页
Communications Technology
关键词
状态检测
状态机
防火墙
state inspection
status machine
firewall
