Claims
- 1. A method, operable in a multithreaded environment, of accessing a database, wherein for a first access by an executing thread to a record of the database matching a search key the method comprises the steps:
obtaining database lock, walking the database to locate a record, copying a database update code into a saved update code, copying a pointer to the record into a saved record pointer, releasing database lock; and wherein, for an access by an executing thread to a record that has already been located in the database, the method comprises the steps of: obtaining database lock, comparing the database update code to the saved update code, if the database update code failed to match the saved update code, walking the database to locate the record, if the database update code matched the saved update code, accessing the database through the saved record pointer, and releasing database lock; wherein the step of changing the database update code is performed whenever database structure is altered.
- 2. The method of claim 1 wherein the steps of walking the database to locate the record are performed by steps further comprising:
generating a hash function from a search key; locating an initial record pointer by indexing a hash bucket table with the generated hash function; and if the initial record pointer is not null, searching for a record key matching the search key in a list of records located through the initial record pointer.
- 3. The method of claim 1 wherein the database contains connection and rule information for a firewall system.
- 4. A computer program product comprising machine readable media having recorded therein computer readable code for instructing a computer to perform database accesses in a multithreaded environment, wherein the computer readable code comprises computer readable code for locating a record for initial accesses by an executing thread by executing steps comprising:
obtaining database lock, walking the database to locate a record, copying a database update code into a saved update code in memory associated with the executing thread, copying a pointer to the record into a saved record pointer, releasing database lock; and wherein the computer readable code further comprises computer readable code for locating a record that has been previously accessed by steps comprising: obtaining database lock, comparing the database update code to the saved update code, if the database update code failed to match the saved update code, walking the database to locate the record, if the database update code matched the saved update code, accessing the database through the saved record pointer, and releasing database lock wherein the step of changing the database update code is performed whenever database structure is altered.
- 5. Apparatus for performing database accesses in a multithreaded environment comprising at least one processor and a memory system having recorded therein a database and computer readable code for instructing the processor to perform accesses to the database, wherein the computer readable code comprises computer readable code for locating a record for initial accesses by an executing thread by executing steps comprising:
obtaining database lock, walking the database to locate a record, copying a database update code into a saved update code in memory associated with the executing thread, copying a pointer to the record into a saved record pointer, releasing database lock wherein the step of changing the database update code is performed whenever database structure is altered; and wherein the computer readable code further comprises computer readable code for locating a record where a saved update code copy and saved record pointer are available by steps comprising: obtaining database lock, comparing the database update code to the saved update code, if the database update code failed to match the saved update code, walking the database to locate the record, if the database update code matched the saved update code, accessing the database through the saved record pointer, and releasing database lock wherein the step of changing the database update code is performed whenever database structure is altered.
- 6. The method of claim 5 wherein the database contains connection and rule information for a firewall system.
- 7. The method of claim 6, wherein the steps of walking the database to locate a record further comprise generating a hash function of a search key, the search key comprising a source internet protocol address, a destination internet protocol address, and a destination upper level protocol port number.
- 8. A method of accessing a connection count database of a firewall system comprises, for an access by a thread processing a SYN packet, the steps of:
preparing a search key from information comprising packet source IP, destination IP and ULP port number, obtaining database lock, walking the database to locate any matching record, copying a database update code into a saved update code in memory associated with the thread, if a record is found, copying a pointer to the record found into a saved record pointer, and if no record is found copying a pointer indicating a location in the database to which a new record should be linked into a saved addition location pointer, releasing database lock applying any filter rules found in the database to the SYN packet to determine if a new connection is allowed; and if a new connection is allowed and no record was found in the database, the method further comprises the steps of: obtaining database lock, comparing the database update code to the saved update code, if the database update code failed to match the saved update code, walking the database and adding a new record to the database, if the database update code matched the saved update code, accessing the database through the addition pointer to add a new record to the database, initializing the new record, updating the database update code, and releasing database lock.
- 9. The method of claim 8 wherein the steps of walking the database to locate the further comprise:
generating a hash function from a search key comprising a source IP address, a destination IP address, and a destination port number; locating an initial record pointer by indexing a hash bucket table with the generated hash function; and if the initial record pointer is not null, searching for a record key matching the search key in a list of records located through the initial record pointer.
- 10. The method of claim 8 wherein if an existing record is found in the database and a connection is allowed, further comprising incrementing a connection count in the record.
- 11. The method of claim 10 wherein the database further comprises IP address and port specific rules for restricting connections through the firewall.
RELATED APPLICATIONS
[0001] The present application is related to the material of copending, cofiled, U.S. patent application Ser. No. ______ attorny docket number 200312201-1, entitled “System for Controlling Client-Server Connection Requests Using Default Rules” the disclosure of which is hereby incorporated herein by reference.