Quick method for realizing authentication function of firewall
An implementation method and firewall technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as the increase of firewall internal rules, the degradation of system operation performance, and the impact on the overall performance of user networks, so as to reduce rule matching entries and quickly Firewall authentication, the effect of improving the speed of label setting
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Examples
Embodiment 1
[0022] Embodiment 1: the present invention comprises the following steps successively:
[0023] (1) Label definition
[0024] The length of the label is 4 bytes. For the convenience of processing, the length of each information field is one byte, as shown in the following table:
[0025] Extended Information ACL rules Downlink Bandwidth Rules Uplink Bandwidth Rules
[0026] 1) Extended information:
[0027] The length is one byte, mainly for future expansion;
[0028] 2) ACL rules:
[0029] The length is one byte, mainly used to control the scope of user access, corresponding to the ACL rules;
[0030] 3) Downlink bandwidth rules:
[0031] The length is one byte, mainly used to control the user's downlink bandwidth, corresponding to the downlink bandwidth rules;
[0032] 4) Uplink bandwidth rules:
[0033] The length is one byte, mainly used to control the user's uplink bandwidth, corresponding to the uplink bandwidth rules;
[0034] Since the length...
Embodiment 2
[0046] Embodiment 2: In order to realize label setting quickly, further improve the label search speed, in step (3), adopted fast mapping method to optimize, concrete implementation steps are as follows:
[0047] 1) After receiving the user IP and tag, the secure access authentication platform checks whether the index array corresponding to the IP address exists, and if it exists, writes the tag tag to the location corresponding to IP-IP&FFFFFFOO; if it does not exist, the kernel creates a length It is an array of 256, and write the array address and the IP address range of the index (IP&FFFFFFOO~IP&FFFFFFOO+255) into a specific linked list (list) in the kernel, and write the tag into the corresponding position of the index array, that is, write To the element of IP-IP&FFFFFFOO of the array;
[0048] 2) When the data message is forwarded through the secure access authentication platform, the kernel searches the linked list list according to the IP header information of the mes...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com