| 发明名称 | Rule verification apparatus and rule verification method | ||
| 摘要 | A flow state monitoring part obtains a frame that is output from firewall units using former and new rules, and monitors a flow state to which each of the former and new rules is applied. When the flow has ended for both the former and new rules, the flow state monitoring part notifies a frame holding part of the end of the frame. Upon receiving the notice of the end of the flow, the frame holding part outputs two captured information items each including a group of frames for the flow in accordance with each rule to a flow comparison part. The flow comparison part compares the two captured information items, and abandons those captured information items if they completely coincide with each other. If there is a difference, the flow comparison part outputs those captured information items. | ||
| 申请公布号 | US8875275(B2) | 申请公布日期 | 2014.10.28 |
| 申请号 | US200812026817 | 申请日期 | 2008.02.06 |
| 申请人 | Fujitsu Limited | 发明人 | Matoba Kazumine |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Katten Muchin Rosenman LLP | 代理人 | Katten Muchin Rosenman LLP |
| 主权项 | 1. A rule verification apparatus for examining a change in traffic due to a difference between rules for controlling traffic, the verification apparatus comprising: a processor and a memory, the memory embodying instructions that when executed by the processor cause the processor to execute a procedure, the procedure comprising: obtaining a first group of first frames obtained by applying a first rule to a flow of traffic corresponding to a transaction;obtaining a second group of second frames obtained by applying a second rule to the flow;referring to the first group and the second group obtained by said obtaining;monitoring starts and ends of each of the flows to which each of the first and second rules is applied;holding the first frames included in the first group and the second frames included in the second group obtained by said obtaining;comparing the first frames and the second frames held by said holding, when said monitoring detects both the end of the flow in the first group and the end of the flow in the second group; anddiscarding both the first frames in the first group and the second frames in the second group held by said holding only when the first frames and the second frames held by said holding coincide with each other, based on a result of the comparing on each detecting of both the end of the flow in the first group and the end of the flow in the second group. | ||
| 地址 | Kawasaki JP | ||