Ipv6-based Firewall System Design And Realization

With the high-speed development,computer network is used in many ways,Such as politics,economy,and culture.Network is becoming an important part in our life. Therewith,network security is breaking open directly,and becoming a primary problem, which is faced to the applications of network in many corporations. And then,network security is unparalleled regarded broadly nowadays.As one of the most important technology of network security, firewall technology is becoming an important way in the research of network security.Firewall is a system, which is running between two networks. Firewall controls the level of accessing between two networks by the protocol, which is promised beforehand. This control can assure the security of system and data.At present,the trunk network is Internet,which is based on IPv4 protocol.In the process of the Internet development, the localization of IPv4 is exposure gradually. These localizations restricted the applications of IP technology and development of network. As the foundation of next generation protocol, IPv6 is ratified abroad by its brilliance superiority of technology. Many countries in the world are researching in IPv6 technology with a great deal of fund in order to take lead possession of IPv6 technology. The applications, which are used of IPv6 technology in many countries,are becoming popular.In China,although the network based on IPv6 is built up ,the network based on IPv4 will exist and be used in a long time. In this transition period, the research of the application based on IPv6/IPv4 transform technology has an important theory and practicality usage.The dissertation presents the design and implementation of packet filtering system of an IPv6 firewall prototype. Firstly it indicates the background of the question for discussion,the main contents and organization of the dissertation.And then,it analyzes the protocol IPv6 and the standard of IPSec.The third chapter discusses the network security, compares the firewall technology.Based on these,the dissertation describes the overall architecture of the packet filtering system which includes the packet resolving platform, the static rule matching module and the statefule inspection system.There are great differences between IPv4 and IPv6 packet format.Further more,there are one or more extension headers in the IPv6 packet.The packet resolving platform can resolve IPv6 packet.It can also traverse every existing extension header until higher protocol. The matching of firewall static rule belongs to the problem of packet classification. This dissertation analyses the RFC algorithms of Packet classfication which is popular used in IPv4,then design and implement a Range Matching Multidimensional algorithm based on RFC.