The Design Of Embedded Firewall Based IXP425 Network Processor

The Internet has entered a new era, and becomes a part of our life day by day; however, the security problem it brings has also became increasingly inevitable, which we have to pay attention to. Embedded System as a safety, low-cost, efficient platform has been widely used in various fields, and of course network security is one of them.Traditional antivirus softwares protect the computer depend on huge antivirus character library, but along with the increasing virus, the library become more and more expanded, and the library's update can not match up the diffusion of virus. The style of network protection presents a world of limitations.And most of the firewall products inner were based on Intel X86 series architecture. For the limitation of X86, it's performance can't be exceed. Though the firewall accelerated by hardware using ASIC can improve the throughput capability,the flexibility and extention of the update is inadequate, the cost of development is high and the development cycle is long.Network Processor combine the advantages of both programmable of General Processor and ASIC. It is designed specialty for the network device to manage the network traffic. It's architecture and instructions were optimized for the arithmetic and operation of package filtrate, transmit etc. it can implement the generan operation of TCP/IP protocol stack with high efficiency, and deal with the network traffic in high speed subsequently.This thesis gives a firewall which combines the network processor and embedded Linux operating system,It uses the policy that forbidden all the packages as default, and users can give rules to allow packages they had been chosen, and implements the function of the fireware can protect the inner network on high level. This design is based on the full analyse of IXP425 hardware develop platform, customize the bootloader Redboot, customize the Linux kernel as the operating system, give steady support. We study the thorey and mastery the architecture of Linux firewall. This project implementes a embedded firewall which has the package filtrate function based on the platform integrated the IXP425 network processor, and developes the manage interface for users to customize the firewall, and add rules.