Design And Realization Of The Application-level Firewall

The firewall can carry out and carry out the network interview strategy, but, how the traditional firewall technique concentrate on how to guard against the exterior network invade and attack to the internal network, but the study of the problem of how to control the internal customer interview the outward network is not deep enough, related control techniques are also not much. The simplicity depends on traditional firewall techniques of wrap filter, will certainly affect the network function seriously. Different from the traditional filter wrap of the firewall technique, this thesis starts with the application-level gateways technique, going deep into the discuss about making use of the Winsock 2 SPI to carry on the problem of controlling the network contents visit. This is a new content of the network safety, In other word, it provides a new way of thinking for the safe technique of network for the developed personnel.This thesis firstly goes deep into the study of the Windows network structure mode: The delaminating structure in the Windows, the relation of the application layer and the core layer, In application layer, the EXE and DLL are two kinds of different work methods applied procedures of deliver the objects. Analyze the mechanism that application layer circulate, give out the golden rules of the solution and concrete realization, then studied Winsock 2 technique, research and analyze in emphasis the API and SPI, analyze making use of the Winsock 2 SPI to carry out the possibility of the interview control function. At the customers request the service of HTTP, First, build up the conjunction of the target spot, after the successful conjunction, send out the HTTP claim data wrap. As the interface, it can only discover and make use of the first floor to deliver the agreement to complete the correspondence. So, in the process of design firewall can use own mature network layer agreement directly and the drive module, simplify the design and make the work satisfy the new request in the fireproofing wall of the application layer. The SPI is divided into two parts, the foundation service promoter and the layering service promoter, this topic studies the position of the foundation service promoter the place of the procedure of DLL of the firewall system. The foundation service promoter performs the network delivering the concrete detail of agreement( for example TCP/ IP), among them including the core network agreement function that receives and dispatches the data on the network.Though analyzing the existing firewall function, adopt the prototype design method, Theusage of substituted system DLL document that intercepts and seize the data to carry on the research and carried out the interview control of the applied procedure, carried out an according to Winsock 2 SPI personal firewall according to the system of the modern software engineering , carried out the function about the filter and control of the application layer program, the surveillance of package, inquire about the log. Finally, test the firewall system and analyze the result, validate the rationality and feasibility of foregoing design project.