Design And Implementation Of Driver System Of Protocol Stack In NP-Based Firewall

Active Secure Defence System introduces a new firewall technology named active security, aimed at overcoming singularity of firewall function and depending on the hypothesis that security in the interior network possessed by tradition firewall, and it can recovery the data drive attack efficiency. Simultaneity in the technology it uses network processor platform which can overcome two facet of obstacle, one is some obstacle on behavior,the other is obstacle of allegro support between functional and protocol. Whereas the hardware framework of multi-processor and delamination of architecture press for sufficiency exerting the advantage of the architecture in order to making the TCP/IP stack in the os kernel mode transact the packets that aimed at local. For downright settle this problem, the stack drviver must be design and implement between the local TCP/IP stack and the device driver of hardware interfaces of light, which can lead to get through the path between the hardware interfaces and TCP/IP stack, while it can provide conveniency for configuring the light interfaces under the user space of the operation system.Aiming at the design and implementation of the stack driver, my work on it can be divided into three parts:the first part is that through researching and scooping out the architecture of protocol stack driver within the Intel IXA, the basic component and mechanism inside of the stack driver emerges out, under the groundwork of this and allowing for the whole system implement condition at present, I have designed the stack driver in detail and divided it into some sub module according to different function, all of these are done follow the two principle that one is functional compatible with the whole system and the other is hierarchy design of the intel IXA. Having researched the technology of the device driver for linux os, the paper has clarified the problem involved into design of the device driver which must be solved. Then combining with the general mode of device driver on linux operation system, I have realizated the stack driver for NP firewall and parsed in detail the main data structure and data flow which been involved in the implementation of stack driver. Finally some many orientation of test have proved the stack driver satisfies the demand of the design. The second part is that following the packet classification in the stack driver architecture, I have researched several packet classification algorithm used in firewall and finally designed an algorithm, which can be used in our NP firewall, combined with the advantage of RFC and Grid of Tries algorithm, And a theory analysis has given out for the consumption according to time and space. The last part has summaried the whole research work on the point of theoretical and practical facet, and prospecting the next step work.