摘要
为了满足龙芯、飞腾等国产处理器平台在网络防火墙方面的性能需求,通过对Linux内核中Netfilter子系统、柏克莱封包过滤器技术以及快速数据路径框架的研究,提出了一种在Linux系统中具备良好兼容性、灵活性和通用性的网络防火墙构架,并详细描述了其核心要素、工作原理、软件模块组成、实现要点和技术优势。最后,在实际硬件环境中对传统框架和新框架下性能进行了对比测试和分析,并对如何进一步提高防火墙效率提出了一些建议。
In order to meet the performance requirements of network firewall of domestic processor platforms such as Loongson and Phytium,through the research on Netfilter subsystem,BPF technology and XDP framework in Linux kernel,this paper proposes a network firewall architecture with good compatibility,flexibility and universality in Linux system,and describes its core elements,working principles,software module composition,key points and technical advantages in detail.Finally,in the actual hardware environment,through the comparative test and analysis of the system performance under the traditional framework and the new framework,this paper puts forward some suggestions on how to further improve the efficiency of the firewall.
作者
解永亮
付国楷
房利国
XIE Yongliang;FU Guokai;Fang Liguo(NO.30 Institute of CETC,Chengdu Sichuan 610041,China)
出处
《通信技术》
2021年第12期2711-2716,共6页
Communications Technology
