Research Of The Key Technologies In Firewall Based On Flow Filtering

With the development of computer network technology, network security issues become increasingly more serious, firewall technology is one of the most effective methods to protect network security. Stream filter technology is a new firewall technology,which not only can supervise the network layer as packet filtering firewall, but also can supervise transport layer and application layer as the application proxy firewall. We mainly study how to maintain the information of every TCP connection and how to design and implement the TCP timer.Hash table algorithm has been often used to manage the TCP stream table in firewall.However, the 4-tuple of TCP stream is not uniform distribution, it may lead to worst case when search in the hash table. When the worst case happens on the firewall, the quality of service may become very bad in the network. In order to control the worst case, we propose two-level hash tables algorithm based on bloom filter counter algorithm and multi-level hash tables algorithm. We search in the small hash table firstly, if it's fail, then search in the big hash table. The algorithm we proposed can not only decline the probability of worst case, but also reduce the number of memory access in worst case. And our theoretical research and simulation experiments proof that.Since firewall based on stream filter technology has to build connections to both client and server, there will be a mass of timers in the firewall. The proprietary user-mode TCP/IP stack of firewall need update timers,as soon as it sends or receives a packet. A large sum of timers may efficient the quality of service in network. We study the features of timers in TCP connection referencing to the RFCs, and propose the user-mode TCP stream timer algorithm for firewall based on stream filter technology. We classify the timers by period and expired time, so we need only simply compute and alter several pointers when we update the event.Then we aanalysis the advantages and disadvantages of this algorithm, and take experiments to show the algorithm is good at deal with the case that the frequency of update timer events is much higher than that add or delete timer events.