| Growing on the Internet today, the people through the Internet their own vision and awareness also will be an increasingly wider and deeper. With the increasing convenience and timely communication, network information security is also increasingly affected by people's concern and attention. Although the early firewall access control superior performance, but for the network packet lack of analysis of the data content. The traditional x86 architecture-based software, network packet analysis system Although it can to ensure information security, but the overall system speed intolerable. Although NP is a class of proprietary technology platform, deep packet filtering to meet the requirements, but because of its portability is poor, expensive and other reasons the customer is generally not acceptable. Therefore, the study and design cost-effective depth of the content of network packet filtering equipment necessary to become an exception.In this paper, the existing technology platform at this stage were analyzed and compared, for a variety of firewall technology, and content filtering algorithms have been studied to the firewall control technology and depth of content filtering technology, the integration of network data packets are divided into the depth of content filtering access control and deep packet content retrieval in two phases, the former according to a fixed IP packet processing and control information, the latter under the IP packet in the content analysis and processing.Developed in this project, the use of FPGA hardware platforms to build the depth of the content of the network packet filtering equipment. The depth of the content of network packet filtering rule table right by the initial IP packet classification processing; only in accordance with rules table that is subject to suspected IP reported that the content of literary talent to the next steps part of the analysis and processing, using the program received a higher system throughput. In addition, in order to further improve the system throughput, using a "state table" and a number of parallel "content search engine" technical means. "Status table" already been dealt with under the rules table, and from the same IP and port of the packet for quick search and processing; parallel "content search engines" through parallel the contents of the search engine to improve the depth of content search throughput. Finally, the project design based on the design requirements, the completion of the hardware schematic diagram of the system hardware design and FPGA programming, hardware design verification of its rationality and correctness. |
PDF Full Text Request