CN102014070A - Method for improving hardware message classification rule matching efficiency through software - Google Patents
Method for improving hardware message classification rule matching efficiency through software Download PDFInfo
- Publication number
- CN102014070A CN102014070A CN2010105977560A CN201010597756A CN102014070A CN 102014070 A CN102014070 A CN 102014070A CN 2010105977560 A CN2010105977560 A CN 2010105977560A CN 201010597756 A CN201010597756 A CN 201010597756A CN 102014070 A CN102014070 A CN 102014070A
- Authority
- CN
- China
- Prior art keywords
- rule
- hash
- conflict
- list
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method for improving hardware message classification rule matching efficiency through software. Through combination of software and hardware and the hash table storage rule, the software maintains the message classification rules, adjusts collision in the hash table and puts the new rules on the head of the collision chain when the rules are added or deleted, thus easily finding the most common rules and improving the rule matching efficiency.
Description
Technical field
The present invention relates to the network data management field, be specifically related to a kind of method that improves hardware message classification rule match efficient by software.
Background technology
In hardware message classification system, storage for message rule, general most common form is that the mode of order array is stored, newly be configured to message classification rule in the hardware and be put into the end of rule list, yet because new rule of adding generally is the most frequently used at that time, along with the increase of regular capacity, this machine-processed matching efficiency can reduce.
In hardware message classification system, according to service needed, need frequent to the message classification rule increase, operation such as deletion, because in the original system, regular capacity is not very big, the mode of general all employings order array is stored, this storage is for the low capacity rule, to searching, increase, delete influence is not very big, but along with capacity increases, the drawback of this mechanism--efficient is low just slowly to come out.
In traditional ordinal number prescription formula storage, when increasing a rule, according to dope vector, increase rule at the end of array, when one of deletion is regular, scans this array and navigate to this rule position, delete this rule then, and follow-up rule is all moved forward a position.But along with business demand, regular capacity is increasing, and this efficient will be more and more lower.
Realize matched rule efficiently, general fashion is that the strictly all rules array is formed an array indexing, all up-to-date rule is placed on the foremost of whole array pointer, as increasing rule or deletion rule newly at every turn, the index of regulation rule guarantees the foremost of up-to-date rule in array.But increase along with regular capacity, the shortcoming of matching efficiency difference has appearred in the prior art scheme, because need quick matched rule for the message on the High Speed Network, and in this scheme, search a rule and need the too normal time, basically need to search whole regular array list, just complexity is the scale of O (n), could matched rule.
Summary of the invention
The objective of the invention is to solve the shortcoming of above-mentioned prior art scheme, by the mode of conflict chain is set,, design a hash function according to the characteristics of rule, guarantee that as far as possible each regular hash counts uniqueness and conflict minimizes, like this, when rule of needs coupling, only need to calculate this regular hash number, just can be in the hash position and the hash collision position find this rule, data in hardware are arrived, and when needing matched rule, have guaranteed the efficient of coupling.When increasing, during deletion rule, only need adjusting the relevant position and get final product according to hash number and hash conflict chained list.
A kind of method by software raising hardware message classification rule match efficient, it is characterized in that: step is as follows:
A, in host memory region of memory of application, wherein a part is used for storage rule, another part is used for storing the hash table;
B, by interface library, be that each rule generates hash keyword, and rule added in host memory rule list and the hardware rule list according to the hash keyword;
C, increase or during deletion rule, interface function is searched the position at the hash keyword place of this rule correspondence by the hash function, searches whether there is conflict, if there is not conflict, directly this rule is put in rule list and the rule conflict chain when needs; If there is conflict, then this rule is dosed a position of conflict chain place chained list;
D, interface library upgrade the storage rule in the host memory, after storage rule upgrades and finishes in the host memory, again according to adjusted rule list, upgrade the rule list of hardware end;
E, when the packets need rule match, by the hash function, search the rule in the hardware, according to the hash keyword, at hash key position and collision position matched rule.
The present invention creates a hash function according to the characteristic of rule, and is that each rule generates a hash number, by the hash number, rule is scattered in the array, when several rules have identical hash when counting, just there is conflict between them, searches concrete rule according to conflict relationship.Search so a regular efficient than sequential storage at the array efficiency height, simultaneously, because up-to-date rule is always on the head of conflict chain, matching efficiency is also the highest.
Description of drawings
Fig. 1 is a work schematic diagram of the present invention
Embodiment
The present invention searches characteristics fast by the hash table, sets up the hash table of a rule in Installed System Memory, realizes the efficient coupling of hardware message classification by the hash table.
Concrete scheme is as follows:
(1) region of memory of application in host memory, wherein in this piece region of memory, a part of storage rule, part storage hash table.
(2),, and rule is added in main frame rule list and the hardware rule list according to the hash number for each rule generates the hash number by interface library.
(3) when needs increase, deletion rule, interface function is by the hash function, and the hash that searches this rule correspondence counts the position at place, searches whether to have conflict, and if there is no conflict is directly put this rule in rule list and the rule conflict chain into; If there is conflict, then this rule is added to a position of conflict chain place chained list.
(4) influence the hardware message classification in order to prevent in the process of operation rules, interface library at first upgrades the storage rule of host side, after having upgraded the host side rule, again according to adjusted rule list, upgrades the rule list of hardware end.
(5) when the packets need matched rule, by the hash function, search the rule in the hardware, according to the hash number, put and the collision position matched rule in the hash numerical digit.
The present invention uses in the network security private server of dawn production, proves can realize big capacity rule is managed, and has improved regular matching efficiency.
Claims (1)
1. one kind is improved the method for hardware message classification rule match efficient by software, and it is characterized in that: step is as follows:
A, in host memory region of memory of application, wherein a part is used for storage rule, another part is used for storing the hash table;
B, by interface library, be that each rule generates hash keyword, and rule added in host memory rule list and the hardware rule list according to the hash keyword;
C, increase or during deletion rule, interface function is searched the position at the hash keyword place of this rule correspondence by the hash function, searches whether there is conflict, if there is not conflict, directly this rule is put in rule list and the rule conflict chain when needs; If there is conflict, then this rule is dosed a position of conflict chain place chained list;
D, interface library upgrade the storage rule in the host memory, after storage rule upgrades and finishes in the host memory, again according to adjusted rule list, upgrade the rule list of hardware end;
E, when the packets need rule match, by the hash function, search the rule in the hardware, according to the hash keyword, at hash key position and collision position matched rule.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010597756.0A CN102014070B (en) | 2010-12-17 | 2010-12-17 | Method for improving hardware message classification rule matching efficiency through software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010597756.0A CN102014070B (en) | 2010-12-17 | 2010-12-17 | Method for improving hardware message classification rule matching efficiency through software |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102014070A true CN102014070A (en) | 2011-04-13 |
| CN102014070B CN102014070B (en) | 2014-05-21 |
Family
ID=43844091
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010597756.0A Active CN102014070B (en) | 2010-12-17 | 2010-12-17 | Method for improving hardware message classification rule matching efficiency through software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102014070B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103365918A (en) * | 2012-04-09 | 2013-10-23 | 腾讯科技(深圳)有限公司 | Method and device for processing data |
| CN103780460A (en) * | 2014-01-15 | 2014-05-07 | 珠海市佳讯实业有限公司 | System for realizing hardware filtering of TAP device through FPGA |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050254502A1 (en) * | 2004-05-11 | 2005-11-17 | Lynn Choi | Packet classification method through hierarchical rulebase partitioning |
| CN101309216A (en) * | 2008-07-03 | 2008-11-19 | 中国科学院计算技术研究所 | IP packet classification method and apparatus |
| CN101753445A (en) * | 2009-12-23 | 2010-06-23 | 重庆邮电大学 | Fast flow classification method based on keyword decomposition hash algorithm |
-
2010
- 2010-12-17 CN CN201010597756.0A patent/CN102014070B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050254502A1 (en) * | 2004-05-11 | 2005-11-17 | Lynn Choi | Packet classification method through hierarchical rulebase partitioning |
| CN101309216A (en) * | 2008-07-03 | 2008-11-19 | 中国科学院计算技术研究所 | IP packet classification method and apparatus |
| CN101753445A (en) * | 2009-12-23 | 2010-06-23 | 重庆邮电大学 | Fast flow classification method based on keyword decomposition hash algorithm |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103365918A (en) * | 2012-04-09 | 2013-10-23 | 腾讯科技(深圳)有限公司 | Method and device for processing data |
| CN103780460A (en) * | 2014-01-15 | 2014-05-07 | 珠海市佳讯实业有限公司 | System for realizing hardware filtering of TAP device through FPGA |
| CN103780460B (en) * | 2014-01-15 | 2017-06-30 | 珠海市佳讯实业有限公司 | It is a kind of that the system that TAP device hardwares are filtered is realized by FPGA |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102014070B (en) | 2014-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102402605B (en) | Mixed distribution model for search engine indexing | |
| CN105701098B (en) | The method and apparatus for generating index for the table in database | |
| US10678654B2 (en) | Systems and methods for data backup using data binning and deduplication | |
| CN101650717B (en) | Method and system for saving storage space of database | |
| CN102629269B (en) | Searching and storing method for embedded database | |
| CN103902698A (en) | Data storage system and data storage method | |
| CN103020131B (en) | A kind of the most single storing and the method and system of inquiry that realize communicating | |
| CN104572727A (en) | Data querying method and device | |
| CN103139300A (en) | Virtual machine image management optimization method based on data de-duplication | |
| CN102915382A (en) | Method and device for carrying out data query on database based on indexes | |
| CN104794146A (en) | Method and device for real-time screening and ranking of commodities | |
| CN102819586A (en) | Uniform Resource Locator (URL) classifying method and equipment based on cache | |
| CN102169491B (en) | Dynamic detection method for multi-data concentrated and repeated records | |
| CN111552692A (en) | Plus-minus cuckoo filter | |
| CN102779138A (en) | Hard disk access method of real time data | |
| CN104933051A (en) | File storage space recovery method and device | |
| CN104572862A (en) | Mass data storage access method and system | |
| CN103064908A (en) | Method for rapidly removing repeated list through a memory | |
| CN103902592A (en) | Method and system for realizing analytic functions based on MapReduce | |
| CN104956340A (en) | Scalable data deduplication | |
| CN102014070B (en) | Method for improving hardware message classification rule matching efficiency through software | |
| CN103870511A (en) | Shared memory-based information inquiring equipment and method | |
| US20180285693A1 (en) | Incremental update of a neighbor graph via an orthogonal transform based indexing | |
| CN1834957A (en) | Multi-chart information initializing method of database | |
| CN110413724B (en) | Data retrieval method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20221230 Address after: 430040 NO.666, Wuhuan Avenue, linkonggang economic and Technological Development Zone, Wuhan City, Hubei Province (10) Patentee after: Dawning Network Technology Co.,Ltd. Address before: 300384 Xiqing District, Tianjin Huayuan Industrial Zone (outside the ring) 15 1-3, hahihuayu street. Patentee before: DAWNING INFORMATION INDUSTRY Co.,Ltd. |