摘要
传统防火墙包过滤过程是通过数据包与过滤规则顺序匹配,直到有一条规则匹配后即可停止。当过滤规则日益增多时,防火墙的吞吐量也不断下降,严重影响了网络的性能。该文提出并设计了快速的规则匹配算法,改变了以往的顺序匹配,极大地提高了防火墙的吞吐量和性能。
The process of traditional firewall's packet filtration is performed through the data packet matching filtration rules orderly.It doesn't cease until one rule is matched.While filtration rules come in increasing numbers,the throughput of firewalls and network performance will decline accordingly.This paper presents and designs quick rules matching arithmetic that replaces former sequent matching.The throughput and performance of firewalls will be enhanced in the extreme.
出处
《计算机工程与应用》
CSCD
北大核心
2005年第20期166-168,172,共4页
Computer Engineering and Applications
关键词
防火墙
哈希算法
索引
过滤规则
firewall,Hash arithmetic,index,filtration rules
