Searching device and method for Ethernet internet protocol security (IPSec) database

The invention discloses a searching device for an Ethernet IPSec database. According to the device, a processing unit configures a security database, a receiving module receives a data frame from the Ethernet and unpacks the data frame into an IP data packet, an IPSec database searching module conducts selector extraction and compression on the IP data packet unpacked by the receiving module, a compressed character serves as an input address of a security policy database (SPD) storage unit, the SPD storage unit outputs a security policy and submits the security policy to the IPSec database searching module for analysis, information that whether IPSec protocol processing is to be conducted or not and an input address of a security association database (SAD) storage unit can be obtained from the security policy, the SAD storage unit outputs a security association, and the IPSec database searching module analyzes the security association to generate a task descriptor. By the aid of the device, the requirements for high-speed searching can be met, and the security database can be configured simply and flexibly. The invention also discloses a corresponding security database searching method as well as a device and a method which are used for achieving Ethernet IPSec database searching.