微型电脑应用2025,Vol.41Issue(4):73-77,5.
一种适用于安全网关的定制化网络协议栈设计方法
A Design Method of Specialized Network Stack for Security Gateway
摘要
Abstract
The security gateway is a type of application layer middlebox deployed at the border of the enterprise network.It can audit and forward the traffic entering/leaving the enterprise and manage sessions.To process complex application layer traffic,the security gateway should rely on the support of the network stack.The mechanism of traditional network stacks cannot sat-isfy the requirement of the security gateway.Meanwhile,current research on specialized network stacks focuses on the data center network.They are not suitable for security gateway.To satisfy the requirement of the security gateway and adapt to its scenario,this paper designes and implements a specialized network stack.This network stack enables the security gateway to manage sessions and audit traffic without the awareness of clients and servers,meanwhile providing a lightweight audit/forward application program interface to reduce the cost of forwarding.The experiment results show that the cost of the network stack is reduced by no less than 6%for the TCP forwarding task,and no less than 49%for the UDP forwarding task when adopting the lightweight application program interface.关键词
安全网关/中间件/企业网/定制化网络协议栈/应用程序接口Key words
security gateway/middlebox/enterprise network/specialized network stack/application program interface分类
信息技术与安全科学引用本文复制引用
谢靖,黄小红,杨满智,蔡琳,田野..一种适用于安全网关的定制化网络协议栈设计方法[J].微型电脑应用,2025,41(4):73-77,5.基金项目
工业互联网创新发展工程(TC190H3WR) (TC190H3WR)
