首页>
外国专利>
Security rule database searching in a network security environment
Security rule database searching in a network security environment
展开▼
机译:网络安全环境中的安全规则数据库搜索
展开▼
页面导航
摘要
著录项
相似文献
摘要
Ipsec rules are searched in order from rules containing the most specificity to those containing the least specificity of attributes. The static rules include placeholders for sets of dynamic rules. Dynamic rules are searched only if a placeholder is the first matching rule in the static table. For connection oriented protocols, security rule binding information is stored in association with the connection. This allows the searching of the rules to be performed only when a connection is first established. If a static or dynamic rule is changed during a connection, a search is repeated. For selected connectionless protocols, packets are treated as if they were part of a simulated connection. A pseudo-connection memory block is allocated with the creation of each socket and Ipsec security binding information is stored in the pseudo-connection memory block on a first packet.
展开▼