An Algorithm of Managing the TCP Stream Based on Two-Level Hash Tables

With the development of computer network technology, network security issues become increasingly more serious, firewall technology is one of the most effective methods to protect network security. Stream filter technology is a new firewall technology, which not only can supervise the network layer as packet filtering firewall, but also can supervise transport layer and application layer as the application proxy firewall. Hash table algorithm has been often used to manage the TCP stream table in firewall. However, the 4-tuple of TCP stream is not uniform distribution, it may lead to the worst case when searching in the hash table. When the worst case happens on the firewall, the quality of service may become very bad in the network. In order to control the worst case, we propose two-level hash tables algorithm based on bloom filter counter algorithm and multi-level hash tables algorithm. We search in the small hash table firstly, if it's fail, then search in the big hash table. The algorithm we proposed can not only decline the probability of worst case, but also reduce the number of memory access in worst case. And our theoretical research and simulation experiments proof that.