CN115270955A - Online data packet classification method based on rule prefix space - Google Patents

Online data packet classification method based on rule prefix space Download PDF

Info

Publication number
CN115270955A
CN115270955A CN202210878321.6A CN202210878321A CN115270955A CN 115270955 A CN115270955 A CN 115270955A CN 202210878321 A CN202210878321 A CN 202210878321A CN 115270955 A CN115270955 A CN 115270955A
Authority
CN
China
Prior art keywords
rule
priority
group
grouping
splitting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210878321.6A
Other languages
Chinese (zh)
Inventor
李巍
兰岸
李云春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202210878321.6A priority Critical patent/CN115270955A/en
Publication of CN115270955A publication Critical patent/CN115270955A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9014Indexing; Data structures therefor; Storage structures hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9024Graphs; Linked lists

Abstract

The invention relates to an online data packet classification method based on a rule prefix space. Adding and deleting rules, classifying data packets and the like can be carried out after initializing the two mapping tables, and when the rules are added, the rule prefix space is scaled and added into a proper rule group; fast processing is achieved by the records of the two mapping tables when a rule is deleted. The invention has the advantages that the rule prefix space is scaled, and the number of rule groups is reduced; when the rule groups are selected, optimization is carried out based on the priority, so that the high-priority rules are mainly concentrated on the previous rule groups, and the matching rate of the data packet is improved while the updating performance of the rules is ensured.

Description

Online data packet classification method based on rule prefix space
Technical Field
The invention belongs to the field of data packet classification, and particularly relates to an online data packet classification method based on a rule prefix space.
Background
The goal of packet classification is to determine which rule a packet matches according to a given rule set, and these rules often consist of multiple fields, where common rule fields include source ip address, destination ip address, source port, destination port, protocol number, and so on.
The packet classification is a key component of services such as network routing, firewalls and the like, and most of the conventional packet classification techniques are offline methods, i.e., a static data structure supporting high-speed packet matching is established by giving a static rule set. However, with the development of technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), new requirements for flexible resource allocation and live migration arise, which require an online method for packet classification, that is, a dynamic data structure is used to perform high-speed packet classification and simultaneously update rules quickly.
The existing data packet classification method can be mainly divided into two types: a classification method based on decision trees and a data packet classification method based on tuple space. The classification method based on the decision tree divides the rule into a plurality of groups and distributes the groups to different child nodes by uniformly or non-uniformly dividing some fields in the rule. The classification method based on the decision tree has a rule copying problem, namely, when a field is cut, one rule can be divided into a plurality of child nodes, so that on one hand, the use of a memory space is increased, and on the other hand, the difficulty is brought to rule updating. The data packet classification method based on the tuple space divides the rule set into a plurality of rule groups according to the matching prefix space of a plurality of fields in the rule, thereby avoiding rule duplication and realizing quick update; when data packet matching is carried out, all regular packets need to be traversed by a tuple space-based method, and although some optimization methods of regular packet combination and early termination based on priority exist, the data packet classification efficiency is still low due to the large number of packets.
Disclosure of Invention
The technical scheme of the invention is as follows: the method overcomes the defects of the prior art, provides an online data packet classification method based on a rule prefix space, is used for solving the problem that the current data packet classification method cannot realize high-speed classification and rule updating at the same time, and improves the data packet matching rate.
The specific technical scheme of the invention is as follows: an online data packet classification method based on a regular prefix space, the method comprising the steps of:
step 1: initializing a rule grouping mapping table and a rule splitting mapping table; the rule grouping mapping table is used for recording rule groups to which a rule is distributed; the rule splitting mapping table is used for recording whether a rule is split or not; circularly receiving a rule adding request, a rule deleting request and a data packet matching request by using a first-in first-out request queue;
and 2, step: processing the rule adding request in the step 1, adding the rule into a rule group, firstly selecting from the existing rule group, and judging the feasibility of rule addition by using the prefix length of the rule and the prefix length of the rule group; when the rule is not feasible, splitting the rule, and using the rule priority and the rule grouping priority to assist in selecting the rule grouping; if the rule still can not be added, a rule group is newly created, and the value of the prefix length of the rule group is obtained by scaling on the basis of the rule prefix space;
and step 3: processing the rule deleting request in the step 1, deleting a rule from the rule group, and acquiring rule group information to which the rule is distributed and information whether the rule is split or not according to the rule group mapping table and the rule splitting mapping table; if the rule is not split, the rule is directly deleted from the rule group, otherwise, a group of rules formed after splitting is deleted from the rule group according to the rule splitting information;
and 4, step 4: and (2) processing the data packet matching request in the step (1), traversing the currently existing rule packet according to the priority sequence, acquiring the rule which can be matched with the data packet in the rule packet, recording the rule with the highest priority, if the highest priority is greater than the priority of the next rule packet to be accessed, terminating the matching operation in advance, and returning the recorded rule.
By scaling the prefix space of the rule and introducing the establishment of the priority optimization rule grouping, the data packets can be classified quickly, and the rule with the highest priority matched with the data packets is obtained; meanwhile, the invention can update the rule on line, so that the rule updating and the data packet matching are carried out concurrently, and the data packet matching availability during the rule updating is improved.
Further, the specific implementation in step 1 is as follows:
(11) Each table entry of the rule grouping mapping table consists of a rule number and a pointer pointing to a rule grouping, and a record is added into the rule grouping mapping table when each rule is added; each entry of the rule split mapping table consists of a rule number and a split record of the rule. The two tables are used for quickly finding out rule groups needing to be processed when the rules are updated, and memory access and calculation are reduced;
(12) Circularly receiving requests, wherein the requests are divided into three types: adding a rule into the rule group, deleting a rule from the rule group, and performing rule matching on a data packet, wherein the first two requests are triggered by a user, and when the network card receives a data packet, the third request is triggered. When a plurality of requests exist at the same time, the requests are processed in a first-come first-serve mode.
Further, the specific implementation in step 2 is as follows:
(21) Analyzing the rule to obtain the matching field content, the rule prefix length and the rule priority of the rule; traversing the existing rule groups, and acquiring the use field of the rule groups, the prefix length of the rule groups and the priority of the rule groups for each rule group;
(22) Comparing the prefix length of the rule with the prefix length of the rule group, if the prefix length of the rule is greater than or equal to the prefix length of the rule group and the sum of the difference values of the prefix length of the rule and the prefix length of the rule group is less than or equal to a set threshold value for each field used by the rule group, calculating the hash value of the rule under the prefix of the rule group, and adding the rule to the rule group;
(23) If a rule is not added to the rule packet, then an attempt is made to split the rule: first, the number of bits that the rule needs to split is calculatedCalculating the difference between the prefix length of the regular grouping and the prefix length of the rule for each field used by the regular grouping, taking the sum of the differences larger than 0 as the number of bits to be split of the rule, and calculating the score F = alpha (-2) of the rule splittingk+ b) - β (max (P-P, 0)), where α, b, β are pre-set parameters, and n is an index of 2, for limiting rule splitting; alpha is an integer between 1 and 5; beta is a decimal number between 0 and 1, k is the number of bits that the rule needs to split, P is the priority of the rule, and P is the priority of the rule grouping;
(24) If F>0, then split the rule into 2kAdding records in the rule splitting mapping table, sequentially adding all rules into the rule groups, and modifying the rule group mapping table; if F is less than or equal to 0, a rule group is newly established: sampling is carried out on the basis of a rule prefix space, a sampling value which has the largest difference with the current existing rule grouping is selected as the prefix length of the newly established rule grouping, and the rule is added into the newly established rule grouping;
(25) If the rule priority is greater than or equal to the priority of the rule packet to which the rule is added, all rule packets are reordered according to priority.
The specific implementation in step 3 is as follows:
(31) Inquiring the rule groups to which the rule is distributed in a rule group mapping table, inquiring the split records of the rule in a rule split mapping table, and deleting the related records of the rule from the two tables;
(32) If the rule is not split, then the rule is removed from the rule packet; if the rule is split, a rule delete operation is performed for each sub-rule in the split record.
The specific implementation in step 4 is as follows:
(41) Traversing the existing rule groups according to the priority order, acquiring field information used by the rule groups, calculating hash values of the data packets on the fields, and finding out the corresponding rule linked list through the hash table maintained by the rule groups to obtain the matched rule with the highest priority.
(42) Recording the highest priority of the matching rules, and if the priority is less than the priority of the next rule group, continuously traversing the next rule group; if the priority is higher than the priority of the next rule packet, the matching is terminated in advance, and the number of the highest priority rule of the current record is returned.
Compared with the prior art, the invention has the following beneficial effects:
(1) The rule grouping quantity is reduced by scaling the rule prefix space; by introducing priority to optimize rule grouping, the high-priority rule is mainly concentrated on the previous rule grouping, so that matching can be finished in advance when data packets are matched. The data packet matching rate is improved while the rule updating performance is ensured.
(2) The method can be used for optimizing the data packet classification algorithm of the software defined network system (OvS, VPP), can perform online rule updating while performing high-speed data packet matching, and improves the data packet exchange performance of the software defined network system.
The invention can quickly classify the data packets by scaling the prefix space of the rule and introducing the establishment of the priority optimization rule grouping to obtain the rule with the highest priority matched with the data packets; meanwhile, the invention can update the rule on line, so that the rule updating and the data packet matching are carried out concurrently, and the data packet matching availability during the rule updating is improved.
Drawings
FIG. 1 is a general flow diagram of a method;
FIG. 2 is a rule addition flow diagram;
FIG. 3 is a rule deletion flow diagram;
FIG. 4 is a packet matching flow diagram;
FIG. 5 is a comparison of packet match times;
FIG. 6 is a rule update time comparison.
Detailed Description
The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, rather than all embodiments, and all other embodiments obtained by a person skilled in the art based on the embodiments of the present invention belong to the protection scope of the present invention without creative efforts.
TABLE 1 rule example Table
Figure BDA0003763083930000041
Figure BDA0003763083930000051
As shown in fig. 1, the method for classifying online data packets based on a regular prefix space of the present invention includes:
step 1, creating a rule grouping mapping table and a rule splitting mapping table, and circularly receiving a request;
11 Creating the rule grouping mapping table, wherein each table entry of the table consists of a rule number and a pointer pointing to a rule grouping; the rule grouping mapping table is initialized to be empty, and a record is added into the rule grouping mapping table every time a rule is added, so that rule groups needing to be processed can be quickly found when the rule is updated;
12 Creating the rule splitting mapping table, wherein each table item of the table consists of a rule number and a splitting record of the rule; the rule splitting mapping table is initialized to be empty, and a record is added into the rule splitting mapping table every time a split rule is added, so that repeated calculation can be reduced when the split rule is deleted;
13 Rule grouping mapping table and rule splitting mapping table can quickly index to a rule grouping through rule numbering, the rule grouping is a data structure used for storing rules, each rule grouping needs to specify the rule fields used by the rule grouping when being created and the prefix lengths used by the fields, each rule grouping maintains a hash table, wherein key is the hash value of the specified fields of the rules, value is a rule linked list, and the rule linked list is initialized to be empty and used for storing specific rule information;
14 ) receive requests in a round-robin fashion using a first-in-first-out queue of requests, the requests being divided into three categories: adding a rule to the rule group, deleting a rule from the rule group, and performing rule matching on a data packet. The first two requests are triggered by the user, and the third request is triggered when the network card receives a data packet. When a plurality of requests exist at the same time, the requests are processed in a first-come first-serve mode. When the request needing to be processed is to add a rule to the rule group, turning to step 2; when the request needing to be processed is to delete a rule from the rule group, the step is switched to the step 3; when the request to be processed is a regular match for a packet, go to step 4.
And 2, adding a rule into the rule group, namely newly creating a rule group or selecting an existing rule group, adding the rule into a rule linked list corresponding to the rule group, and performing corresponding record modification on a rule group mapping table and a rule splitting mapping table.
The method specifically comprises the following steps:
21 Parsing rule to obtain the content S = (S) of rule matching field1,s2……sn) Regular prefix length l = (l)1,l2……ln) And priority (p) of the rule;
22 Traverse the rule packet that already exists currently, obtain the field information I = (I) that the rule packet uses1,i2,……im) I.e. using m (m ≦ n) fields, im(imEpsilon {1,2 \8230;/n } is the index of the used m-th field in the rule matching field, and the rule grouping prefix length L = (L)1,L2……Lm) L is the prefix length of the rule and is given when a rule is set manually; l is the prefix length of the rule grouping, is given when one grouping is created, and the priority P of the rule grouping is the highest priority of all rules in the rule grouping;
23 Compare the prefix length L of the rule with the prefix length L of the rule packet, go to step 24) if the following two equations are satisfied), otherwise go to step 25);
Figure BDA0003763083930000061
li≥Lifor each field used by the regular grouping, the prefix length of the rule is greater than or equal to the prefix length of the regular grouping;
i∈Ili-Lithe prefix length of the rule and the prefix length of the rule grouping are calculated for each field used by the rule grouping, the difference is summed, and the result is less than or equal to the set threshold thresh;
24 Calculate a hash value for a rule that has multiple fields but only the field used by the rule packet (I = (I))1,i2,……im) Only to participate in the calculation of the hash value and each field is truncated according to the prefix length of the regular packet (for example for the number i)mThe field of (a) is selected,
Figure BDA0003763083930000062
for the content of this field, LmFor the prefix length of this field in the regular packet, take L for this fieldmIs cut off to obtain
Figure BDA0003763083930000063
) The resulting hash value is
Figure BDA0003763083930000064
Finding out a corresponding rule linked list from a hash table maintained by the rule packet according to the hash value, adding the rule into the rule linked list, adding the record of the rule into the rule packet mapping table, and turning to step 28);
25 Whether to perform regular splitting is calculated using the following formula, where α, b, and β are preset parameters. b, taking an index of 2 to limit rule splitting; alpha is a smaller integer; beta is a decimal number between 0 and 1, k is the number of bits that the rule needs to split, P is the priority of the rule, and P is the priority of the rule grouping. By carrying out rule splitting, a rule with high priority can be added into a rule group with high priority, so that the classification rate of a data packet can be improved;
k=∑i∈Imax(Li-li0), for each field used by the rule packet, calculating the difference between the prefix length of the rule packet and the prefix length of the rule, taking a larger value than 0, k being the sum of these larger values;
F=α(-2k+b)-β(max(p-P,0))
f denotes the score of the rule splitting, when F >0, go to step 26), otherwise check the traversal of all the currently existing rule packets: if the traversal is finished, go to step 27), otherwise go to step 22) to continue the traversal operation;
26 Split the rule into 2kAdding records in the rule splitting mapping table, adding all rules into the rule groups in sequence, modifying the rule group mapping table, and turning to the step 28);
27 New establishment of a rule group, prefix length of current rule is l = (l)1,l2……ln),lnThe prefix length of the nth field is expressed, and the sampling interval [ RL1, RL2 ] of the prefix length of the regular grouping is calculated according to the following formula];
RL1=l;RL2=(max(l1-2,0),max(l2-2,0),…,max(ln-2,0));
Sampling in a sampling interval to obtain a prefix length R of a packet to be selected, and calculating the prefix length of the selected regular packet according to the following formula
Figure BDA0003763083930000071
Where n is the number of established rule groups, LiPrefix length for the established ith rule group;
Figure BDA0003763083930000072
finally, establishing a new rule group, adding the rule into the group, and adding the record of the rule into a rule group mapping table;
28 All rule packets are reordered according to priority, ending step 2, going to step 14), the next request is processed.
Step 3, deleting a rule from the rule group, namely firstly finding the rule group where the rule is located, then calculating a hash value, finding a corresponding rule linked list according to a hash table maintained by the rule group, and deleting the rule from the rule linked list;
the method specifically comprises the following steps:
31 Obtain a rule packet to which the rule maps from a rule packet mapping table, delete a record from the table;
32 Access a rule split mapping table, if the rule is not split, compute a hash value for the rule, remove the rule from the rule packet, go to step 34), otherwise go to step 33);
33 Read a set of rules formed after the rule splitting from the rule splitting mapping table, traverse each rule therein, calculate the hash value of the rule, delete the rule from the rule group, delete the record from the rule splitting mapping table;
34 If the deleted rule is the highest priority rule of the rule groups, reordering all rule groups according to the highest priority; ending the step 3, and turning to the step 14), and processing the next request;
step 4, carrying out rule matching on a data packet, and sequentially accessing rule groups according to a priority order to finally obtain the serial number of the rule with the highest priority matched with the data packet;
the processing of each rule packet specifically comprises the following steps:
41 Obtaining field information used by the rule packet, calculating hash values of the data packets on the fields, finding a corresponding rule linked list through a hash table maintained by the rule packet, and traversing the rule linked list to obtain a matched rule with the highest priority;
42 Record the highest priority of all matching rules, go to step 41) if the priority is less than the priority of the next rule packet; if the priority is higher than the priority of the next rule packet, the matching is terminated in advance, the highest priority rule of the current record is returned, the step 4 is ended, and the step 14) is switched to process the next request.
The invention can quickly classify the data packets by scaling the prefix space of the rule, introducing the establishment of the priority optimization rule packet and guiding the rule to be added into the proper rule packet, thereby obtaining the rule with the highest priority matched with the data packets; meanwhile, the invention can update the rule on line, so that the rule updating and the data packet matching are carried out concurrently, and the data packet matching availability during the rule updating is improved.
The following description will be made in detail with reference to specific examples.
As shown in fig. 1, in the present invention, the rule shown in table 1 is used to completely describe the whole process of the method. The method specifically comprises the following steps:
1. creating a rule grouping mapping table and a rule splitting mapping table, and circularly receiving a request, wherein the steps specifically comprise:
11 Create rule packet mapping table: and storing the mapping information of the number id of the rule to the group where the rule is positioned. The table is initialized to be empty, and a record is added to the table every time a rule is added, so that a rule group needing to be processed can be quickly found when the rule is updated.
12 Create a rule split mapping table: the splitting record is used for mapping the number id of the rule to the rule and storing the detailed information of the rule split into a plurality of rules. The table is initialized to be empty, and a record is added to the table every time a split rule is added, so that repeated calculation can be reduced when the split rule is deleted.
13 Circular reception request: when the request to be processed is to add a rule to the rule group, turning to step 2; when the request needing to be processed is to delete a rule from the rule group, the step is switched to the step 3; when the request to be processed is a regular match for a packet, go to step 4. When a plurality of requests exist at the same time, the requests are processed in a first-come first-serve mode.
2. Adding a rule to the rule group, fig. 2 shows the whole rule adding process, which specifically includes the following steps:
21 Parsing rule to obtain the content S = (S) of its matching field1,s2……sn) Regular prefix length l = (l)1,l2……ln) The priority (p) of the rule. Taking rule R5 as an example, the analysis result is as follows: s corresponds to a quadruplet (source IP address, destination IP address, source port, destination port) where the source port is represented by 16 bits, whose range is (0000 0100 0000 1111-0000 0111 1111) whose first 6 bits are fixed, which can be scaled to (0000 0100 0000 0000-0000 0111 1111) in order to be able to use the prefix expression, when the prefix length is 6.
S=(s1,s2……s4)=(10.218.234.1,10.4.241.0,4.0,0.0)
l=(l1,l2……l4)=(24,31,6,0)
22 Traverse the regular packet that currently exists, assuming field information I = (I) used by the packet is obtained1,i2) = (1, 2), prefix length of regular packet L = (L)1,L2) = 16, priority of the regular packet (P, which is the highest priority of all the rules in the regular packet):
23 Compare the prefix length of the rule L with the prefix length of the rule packet L, go to step 24) if the prefix length of the rule is greater than or equal to the prefix length of the rule packet for each field used by the rule packet and the sum of the differences between the prefix length of the rule and the prefix length of the rule packet is less than 16 for each field used by the rule packet, else go to step 25)
24 ) calculation of
Figure BDA0003763083930000091
The Hash function here uses Cuckoo Hash. From a hash table maintained by regular packets according to the hash valueFinding out the corresponding rule linked list, adding the rule into the rule linked list, adding the record of the rule into the rule grouping mapping table, and turning to step 28)
25 Whether rule splitting is possible is calculated using the following formula, where α = β =1, n =8 is a preset parameter, k is the number of bits that the current rule needs to split, P is the priority of the rule, and P is the priority of the rule packet. When F >0, go to step 26), otherwise check the traversal of all the currently existing regular packets: if the traversal is finished, go to step 27), otherwise go to step 22) to continue the traversal operation.
k=∑i∈Imax(Li-li,0),F=α(-2k+b)-β(max(p-P,0))
26 Assume that the current regular packet prefix length is L = (L)1,L2) = (25, 32), then k = (25-24) + (32-31) =2 can be calculated, splitting the rule into 22=4, as shown in table 2, add record in rule splitting mapping table, add all rules to the rule group in turn, modify rule group mapping table, rule splitting mapping table, go to step 28)
TABLE 2 rule R5 splitting results table
Rules Source IP address Destination IP address Source port Destination port Priority level
R5-1 10.218.234.1/25 10.4.241.0/30 1039:2047 0:65535 5
R5-2 10.218.234.129/25 10.4.241.128/30 1039:2047 0:65535 5
R5-3 10.218.234.1/25 10.4.241.128/30 1039:2047 0:65535 5
R5-4 10.218.234.129/25 10.4.241.0/30 1039:2047 0:65535 5
27 Newly establishing a rule group, the length of the rule prefix currently processed is l = (l)1,l2……ln) The sampling interval [ RL1, RL2 ] of the prefix length of the regular packet is calculated according to the following formula]
RL1=l;RL2=(max(l1-2,0),max(l2-2,0),…,max(ln-2,0))
Taking average sampling as an example, the prefix length R of the rule packet to be selected belongs to { RL1, RL2, (RL 1+ RL 2)/2 }, and the prefix length of the rule packet is calculated as follows according to the following formula
Figure BDA0003763083930000092
Wherein L isiIs the prefix length of the existing regular packet. Finally, establishing a new rule group, adding the rule into the group, and adding the record of the rule into a rule group mapping table;
Figure BDA0003763083930000093
28 All rule packets are reordered according to priority, ending step 2, going to step 13), the next request is processed.
3. Deleting a rule from the rule group, as shown in fig. 3, specifically includes the following steps:
31 Obtaining the content of the matching field of the rule to be deleted, obtaining the rule group mapped by the rule from a rule group mapping table, deleting the record from the table, and obtaining the field information and the prefix length used by the rule group;
32 Access the rule split mapping table, go to step 33) if the rule is split, otherwise calculate the hash value of the rule, find the corresponding rule linked list, delete the rule from it, go to step 34);
33 Read a set of rule splitting records formed after the rule splitting from the rule splitting mapping table, traverse each rule therein, calculate a hash value, delete a rule from the rule grouping, and delete a record from the rule splitting mapping table, go to step 34);
34 If the rule deleted is the highest priority rule in the rule group, all rule groups are reordered according to the highest priority. End step 3, go to step 13), process the next request.
4. Performing rule matching on a data packet, wherein rule groups need to be sequentially accessed according to a priority order, and finally the serial number of the rule with the highest priority matched with the data packet is obtained, as shown in fig. 4, the process specifically includes the following steps:
41 Obtaining field information used by the rule packet, calculating hash values of the data packets on the fields, finding a corresponding rule linked list through a hash table maintained by the rule packet, traversing the rule linked list, and if the rule linked list is matched, returning a matched rule with the highest priority;
42 Record the highest priority of all matching rules, if the priority is less than the priority of the next rule packet, go to step 41); if the priority is higher than the priority of the next rule packet, terminating the matching in advance, returning the number of the highest priority rule of the current record, ending the step 4, and going to the step 13) to process the next request.
Comparing the method with other methods, the invention uses an open source test set ClassBench for testing, and uses four test sets of acl1, acl2, fw1 and ipc1, as shown in FIG. 5 and FIG. 6: the invention realizes the improvement of 10-40% of the data packet matching performance on the premise of only increasing a small amount of rule updating overhead, and improves the data packet matching rate while ensuring the rule updating performance.

Claims (3)

1. An online data packet classification method based on a rule prefix space is characterized in that: the method comprises the following steps:
step 1: initializing a rule grouping mapping table and a rule splitting mapping table; the rule grouping mapping table is used for recording rule groups to which a certain rule is distributed; the rule splitting mapping table is used for recording whether a rule is split or not; each table entry of the rule grouping mapping table consists of a rule number and a pointer pointing to a rule grouping, and a record is added into the rule grouping mapping table when each rule is added; each table entry of the rule splitting mapping table consists of a rule number and a splitting record of the rule; the two tables are used for quickly finding out rule groups needing to be processed when the rules are updated, and memory access and calculation are reduced;
step 2: circularly receiving requests by using a first-in first-out request queue, wherein the requests are divided into three types, namely a rule adding request, a rule deleting request and a data packet matching request; the rule adding request is to add a rule in the rule group, the rule deleting request is to delete a rule from the rule group, and the data packet matching request is to perform rule matching on a data packet; wherein the first two requests are triggered by a user; when the network card receives a data packet, a third request is triggered; when a plurality of requests exist at the same time, processing in a first-come first-serve mode;
and step 3: processing the rule adding request in the step (2), adding the rule into a rule group, firstly selecting from the existing rule group, and judging the feasibility of rule addition by using the prefix length of the rule and the prefix length of the rule group; when the rule is not feasible, splitting the rule, and using the rule priority and the rule grouping priority to assist in selecting the rule grouping; if the rule still can not be added, a rule group is newly created, and the value of the prefix length of the rule group is obtained by scaling on the basis of the rule prefix space;
and 4, step 4: processing the rule deleting request in the step 2, deleting a rule from the rule group, acquiring rule group information to which the rule is distributed and information whether the rule is split or not according to the rule group mapping table and the rule splitting mapping table, and deleting records of the information from the rule group mapping table and the rule splitting mapping table, if the rule is not split, directly deleting the rule from the rule group, otherwise, deleting a group of rules formed after splitting from the rule group according to the rule splitting information;
and 5: and (3) processing the data packet matching request in the step (2), and returning a classification result of the data packet: traversing the rule groups which exist currently according to the priority sequence, acquiring the rules which can be matched with the data packet in the rule groups, recording the rule with the highest priority, if the highest priority is higher than the priority of the next rule group which needs to be accessed, terminating the matching operation in advance, and returning the recorded rule with the highest priority, wherein the rule is the result of data packet classification.
2. The method for on-line classification of data packets based on regular prefix space according to claim 1, characterized in that: the specific implementation in step 3 is as follows:
(31) Analyzing the rule, and acquiring the matching field content, the rule prefix length and the rule priority of the rule; traversing the currently existing rule groups, and acquiring the use field of the rule groups, the prefix length of the rule groups and the priority of the rule groups for each rule group;
(32) Comparing the prefix length of the rule with the prefix length of the rule grouping, if the prefix length of the rule is greater than or equal to the prefix length of the rule grouping and the sum of the difference values of the prefix length of the rule and the prefix length of the rule grouping is less than or equal to a set threshold value for each field used by the rule grouping, adding the rule to the existing rule grouping is feasible, calculating the hash value of the rule under the prefix of the rule grouping, and adding the rule to the rule grouping;
(33) If a rule is not added to a rule packet, i.e. it is not feasible to add a rule directly to an existing rule packet, then an attempt is made to split the rule: firstly, calculating the number of bits of the rule to be split, namely for each field used by the rule group, calculating the difference between the prefix length of the rule group and the prefix length of the rule, taking the sum of the differences larger than 0 as the number of bits of the rule to be split, and calculating the score F = alpha (-2) of the rule splittingk+ b) - β (max (P-P, 0)), where α, b, β are pre-set parameters, and b is an index of 2 to limit rule splitting; alpha is an integer between 1 and 5; beta is a decimal number between 0 and 1, k is the number of bits that the rule needs to split, P is the priority of the rule, and P is the priority of the rule grouping;
(34) If F>0, i.e. by rule splitting, a rule can be added to an existing rule packet, then split rule to 2kAdding records in the rule splitting mapping table, sequentially adding all rules into the rule groups, and modifying the rule group mapping table; if F is less than or equal to 0, i.e. the rule still can not be added, a new one needs to be establishedThe rules are grouped into: sampling is carried out on the basis of a rule prefix space, a sampling value which has the largest difference with the current existing rule grouping is selected as the prefix length of the newly established rule grouping, and the rule is added into the newly established rule grouping;
(35) If the rule priority is greater than or equal to the priority of the rule packet to which the rule is added, all rule packets are reordered according to priority.
3. The method for on-line classification of data packets based on regular prefix space according to claim 1, characterized in that: the specific implementation in step 5 is as follows:
(51) Traversing the existing rule groups according to the priority order, acquiring field information used by the rule groups, calculating hash values of data packets on the fields, and finding out a corresponding rule linked list through a hash table maintained by the rule groups to obtain a rule matched with the highest priority;
(52) Recording the matched rule with the highest priority, and if the highest priority in the matched rule is smaller than the priority of the next rule group, continuously traversing the next rule group; if the highest priority is higher than the priority of the next rule packet, the matching is terminated in advance, and the number of the currently recorded highest priority rule is returned.
CN202210878321.6A 2022-07-25 2022-07-25 Online data packet classification method based on rule prefix space Pending CN115270955A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210878321.6A CN115270955A (en) 2022-07-25 2022-07-25 Online data packet classification method based on rule prefix space

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210878321.6A CN115270955A (en) 2022-07-25 2022-07-25 Online data packet classification method based on rule prefix space

Publications (1)

Publication Number Publication Date
CN115270955A true CN115270955A (en) 2022-11-01

Family

ID=83769130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210878321.6A Pending CN115270955A (en) 2022-07-25 2022-07-25 Online data packet classification method based on rule prefix space

Country Status (1)

Country Link
CN (1) CN115270955A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117828487A (en) * 2024-02-23 2024-04-05 深圳赋乐科技集团有限公司 Method, system, equipment and medium for judging matching result of flow classification rule

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117828487A (en) * 2024-02-23 2024-04-05 深圳赋乐科技集团有限公司 Method, system, equipment and medium for judging matching result of flow classification rule

Similar Documents

Publication Publication Date Title
KR102307957B1 (en) Stream selection for multi-stream storage
US6263364B1 (en) Web crawler system using plurality of parallel priority level queues having distinct associated download priority levels for prioritizing document downloading and maintaining document freshness
US7937355B2 (en) Decision tree multi-field classification dynamic rules updating and rebuilding
US5555405A (en) Method and apparatus for free space management in a forwarding database having forwarding entry sets and multiple free space segment queues
US10460250B2 (en) Scope in decision trees
AU762980B2 (en) Fast string searching and indexing
US7752628B2 (en) Method and apparatus for reassigning objects to processing units
EP2040184B1 (en) Database and database processing methods
US6751627B2 (en) Method and apparatus to facilitate accessing data in network management protocol tables
KR102230245B1 (en) Computer program for processing a pivot query
US20180165335A1 (en) Parallel processing of queries with inverse distribution function
CN115270955A (en) Online data packet classification method based on rule prefix space
US10592153B1 (en) Redistributing a data set amongst partitions according to a secondary hashing scheme
US20080133493A1 (en) Method for maintaining database clustering when replacing tables with inserts
US20070088854A1 (en) Apparatus for searching TCP and UDP sockets
CN112688881B (en) Network data packet classification method based on size domain rule division
US8935508B1 (en) Implementing pseudo content access memory
US7523218B1 (en) O(log n) dynamic router tables for prefixes and ranges
CN112783644A (en) Distributed inclined stream processing method and system based on high-frequency key value counting
US11681680B2 (en) Method, device and computer program product for managing index tables
US20030236819A1 (en) Queue-based data retrieval and transmission
CN108614879A (en) Small documents processing method and device
WO2019183962A1 (en) Method for classifying network packet on basis of equal length and equal density segmentation
JP3591426B2 (en) Method and apparatus for searching for associative information using a plurality of addresses including a prefix
KR20210029174A (en) Computer program for processing a pivot query

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination