摘要
为了提高双网口相互转发数据包的透明模式防火墙的性能,在分析数据包收发流程以及Netfilter框架的基础上,提出了一种获取发送网卡信息的新方法,并且基于该方法设计并实现了带状态检测和简单包过滤两种功能的透明模式防火墙。测试结果表明,与使用Linux bridge结合Netfilter构建的透明模式防火墙相比,这两种防火墙中的数据转发和过滤更加简洁高效。
To improve the performance of the firewall in which two Ethernet cards transmit mutually receiving packets,a new method for getting the information of the Ethernet card,which was used to send a packet,was presented after the analysis of receiving,transmitting and the Netfilter.Based on this method,two kinds of transparent firewall,state inspection and simple packet filtering,were implemented.The test results showed that,compared with the transparent firewalls which are based on Linux bridge and Netfilter,th...
出处
《四川大学学报(工程科学版)》
EI
CAS
CSCD
北大核心
2008年第4期109-114,共6页
Journal of Sichuan University (Engineering Science Edition)
基金
国家973计划资助项目(2007CB311106)
信息产业部2006电子发展基金资助项目(信部运634号)
