Research And Implementation Of Dynamic And Configurable On-line Filtering Technology Based On NetFPGA

With the rapid development of network technology, more and more information are transmitted through the Internet. Nowadays information sharing is increasingly becoming the trend of network society, however, people have to face some puzzles prevailed by Internet, such as viruses, network attacks and other problems brought by illegal means, so the firewall comes into being. The enhancing of network bandwidth, the increase of network applications and the diversity of attacks poses a severe challenge to firewall. The traditional packet filtering, state inspection and other firewalls can not satisfy our demands. The performance bottleneck and single function have become network security challenges.In this paper, we introduce the present research situation of security filtering system at first, analyze the advantages and disadvantages of secure filtering architecture and combine the high-performance and flexibility of FPGA in network processing, we propose dynamic and configurable on-line filtering system based on NetFPGA. Then, we make a brief introduction on the overall system design framework and make a detail introduction on realization method of each module. Finally, we summarize the entire design process and propose some improved proposals.In his paper, we use FPGA to implement packet filtering and state inspection firewall. We propose a new method to store status table to overcome the large occupied space of traditional state firewall, the occupied space is much less than traditional state inspection. Then, we use FPGA to implement some snort rules. In reference to RISC computer instruction set, we make a statistics and classification on snort rules, extract some common rules and design the content inspection template and implement it with FPGA, we implement others rules with software. At the same time, we propose head-tail parallel matching method and this method can match 30 rules at one time. Last, we use RAW Socket to implement remote configuration on the NetFPGA. The study of dynamic and configurable on-line filtering technology has been completed systematically.