摘要:
Security policy databases capable of being fast retrieved while securing sequentiality. An IPSec processing device of the present invention performs communications by encrypting IP packets exchanged between a first IP network and a second IP network. The IPSec processing device includes a security policy database that stores security policies. The security policy database includes first, second, and third security policy databases. The first and third security policy databases include a linear list structure, and the second security policy database includes a hash list structure. The IPSec processing device, when performing at least one of transmission and reception of the IP packet, retrieves a security policy in the order of the first, second, and third security policy databases.
摘要:
Security policy databases capable of being fast retrieved while securing sequentiality. An IPSec processing device of the present invention performs communications by encrypting IP packets exchanged between a first IP network and a second IP network. The IPSec processing device includes a security policy database that stores security policies. The security policy database includes first, second, and third security policy databases. The first and third security policy databases include a linear list structure, and the second security policy database includes a hash list structure. The IPSec processing device, when performing at least one of transmission and reception of the IP packet, retrieves a security policy in the order of the first, second, and third security policy databases.