As network technologies are developing and widely applied, network devices are not only required to perform rapid message forwarding, but also required to provide security-related services. Demands of the market encourages development of network security devices which are required to provide relatively good performance when implementing security-related processing on network data, such as security inspection and filtering, and so on.
To satisfy the above requirements, improved hardware performance and optimized service processing procedure of network security devices are key factors.
In the prior art, after receiving a packet, a network security device firstly searches security information entries in security-related configuration information one by one for one or more security information entries which match the 5-tuple information of the packet. Each time when finding a matching security information entry, the network security device performs security-related processing on the packet according to the security information entry. Security information entries are generally stored in multiple tables. Each table entry (or item) defines a type of security-related processing to be implemented on packets satisfying a certain condition, and each of those limitations is generally set for a specified stream (also called a session or a service). After implementing all matching security-related processing on the packet, the network security device then searches for packet forwarding information, and forwards the packet.
It can be seen that according to the prior art, the packet processing procedure is relatively long and the processing efficiency is relatively low. How to improve the packet processing performance of a network security device becomes a problem that security products need to deal with.