Study And Application Of The Stateful Inspection Technology Of Firewall

Small and medium-sized enterprises always consider following points while network: 1.applications, such as file downloading, network games, voice communication, irrelevant with work in an enterprise network take up lots of network bandwidth, in order to ensure bandwidth demand of normal work services, the enterprise has to distribute the limited bandwidth reasonably; 2, the enterprise manages daily on-line behaviours of staffs, for example, the enterprise forbids the staffs from browsing web pages irrelevant with work during normal work time, forbids staffs from using instant chatting software, such as QQ, so as to guarantee production efficiency; 3, for saving cost, multiple functions, including route forwarding, security and flow rate control, are integrated on one network apparatus. Based on characteristics and demands of small and medium-sized enterprises on networking, it is very importable for filtering application data messages on an export network apparatus of the enterprise.Some telecommunication apparatus manufacturer in Sichuan province proposes demand on application data message filtering while router apparatuses for small and medium-sized enterprises are developed. The article is sourced to the demand of the project.State inspecting technology has advantages on message filtering aspect as follows:a stream is defined by five-element information including a source address, a target address, a source port, a target port and a network layer protocol of the message, the way of considering the message in the stream can realize a better understanding on communication progress and higher filtering accuracy; 2, the state inspecting technology carries out state management upon stream where the message belongs rather than filters each message, and is higher in filtering performance. The state inspecting technology was realized in a firewall product:at present, there is not any academic research and public research result that realizes state inspecting technology for application filtering in a router apparatus. The article reaches state inspecting technology and designs a state application filtering system in the router apparatus for supporting accurate and effective filtering to application data messages; the system primarily comprises two parts of a state inspecting frame and an application filtering module.The article researches protocol stack message processing codes of the router apparatus, designs and realizes the state inspecting frame in an apparatus. The frame provides uniform programming interface and managing system for the application filtering sub-modules, and can support addition of more application sub-modules as well. Besides, the article improves key technologies, for example, state table and state machine, of the frame, so the state inspecting frame is more suitable for the router apparatus, can support application filtering in a better way, and is increased in filtering efficiency. Experiment proves that message forwarding performance can be effectively improved if the router apparatus is added with the state inspecting frame.At last, the article analyzes basic theory of application filtering, designs and realizes application filtering modules, including HTTP URL filter, FTP file filtering, QQ application filtering, MSN application filtering and SKYPE application filtering, based on the state inspecting frame, identifies and filters applications in feature value identification way. The article analyzes, concludes and summarizes load feature values of various versions of application protocols HTTP, FTP, MSN, QQ and SKYPE, and realizes complete test upon function of the application filtering module, result of the test shows that the application filtering module is steady in function. The application filtering module is independently designed and developed on a basis of the state inspecting frame, and is limited on upgrading and maintenance, for solving the problem, the article analyzes realization way of application protocol feature library, designs and realizes a feature library model combining with the state inspecting frame, the feature library model can support identification upon several network games, web messages and QQ messages.