1. Field of the Invention
The present invention relates to a method, and apparatus for performing stateful packet inspection in real time using a session table processing method that allows more efficient generation of state information.
2. Description of the Related Art
Stateful packet inspection used in network security fields is a technology that extends conventional inspection performed on a packet-by-packet basis and performs inspection and tracking in units of sessions or connections, each corresponding to a stream of packets. For example, stateful firewalls can efficiently block TCP ACK packets of each session having no preceding TCP SYN packets. This session or connection-based tracking and inspection has been applied not only to stateful firewalls but also to various other fields such as virtual private networks (VPN), traffic monitoring, traffic load balancing, accounting and charging, network intrusion detection systems (NIDS), and network intrusion prevention systems (NIPS).
However, the rapid evolution of recent network technologies to Giga network environments require existing stateful packet inspection equipment to have more improved functions and performance. Stateful packet inspection basically requires a session table which stores source and destination IP addresses and port numbers. It is necessary to perform real-time packet inspection by checking, for each input packet, whether or not a corresponding entry is present in the session table. Real-time packet processing at wire speed should not cause any packet delay or loss even when the number of managed sessions is increased to more than one million.
Previously developed software-based solutions cannot meet these requirements. One software-based technique has attempted to use a distributed system. However, as the number of sessions increases, this technique requires a higher processing speed, thereby causing performance problems. Thus, software-based solutions cannot perform real-time packet inspection ensuring the wire speed.
To overcome these problems, hardware-based solutions have been developed. The performance of stateful packet inspection equipment mainly depends on a process of generating state information through session table processing and a process of inspecting packets using this state information. As many studies have already been conducted on the packet inspection, good solutions such as parallel bloom filters have been developed. However, the state information generation process through session table processing has not been studied enough.