JP2008085886A - Packet processing apparatus, packet processing method, and packet processing program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To avoid a reduction in a data transfer rate of a network device, by reducing a load of output processing due to imparting an extension header. <P>SOLUTION: A packet processing apparatus is equipped with: a policy storage means for making policy identification information indicating transmission control processing to be applied to a packet correspond to transmission control information and storing them; a transmission control information extracting means for extracting transmission control information from an input packet; a policy identification information retrieving means for retrieving, from the policy storage means, one or more policy identification information items corresponding to the extracted transmission control information; a packet notifying means for notifying a packet processing means about the one or more policy identification information items retrieved by the retrieval means while suppressing redundancy in a data size of the input packet; and the packet processing means which performs transmission control processing corresponding to the input packet, on the basis of the one or more policy identification information items notified from the packet notifying means. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a packet processing device, a packet processing method, and a packet processing program. For example, a packet processing device, a packet processing method, and a packet processing program for analyzing packet information of a received packet in a network device such as a router or a switch device. Applicable to.

  For example, network devices such as routers and switch devices basically transfer communication packets that flow on the network toward the destination, but in order to meet recent network service needs, On the other hand, there is one equipped with a function for applying various processes (see Patent Document 1).

  In such a network device, it is necessary to analyze the header information of the received packet and search for a process to be applied to the packet based on the analysis result. As this search process, for example, the header information of the received packet There is a method of searching a policy of processing applied to a packet using an associative memory (for example, CAM; Content Addressable-Memory, etc.) using as a search key (see Patent Document 2).

  FIG. 2 is a block diagram showing a part of the internal configuration of a network device provided with a conventional CAM, and FIG. 3 is a flowchart for briefly explaining a policy search process using the CAM.

  In FIG. 3, first, when a communication packet is received by the network device through the network, the communication packet is given to the packet analysis unit 1, and the header information is extracted by the packet analysis unit 1, and a part of the extracted header information. Alternatively, all the search commands are given to the CAM 2 as search data (step S1).

  Then, the packet analysis unit 1 searches whether there is an identifier that matches the search data using a policy table prepared in advance in the CAM 2, and if there is a matching identifier after a predetermined response time, Then, the reply of the address of the retrieved identifier is received, and when there is no matching identifier, a notification that the matching has not been received is received (step S2).

  Note that the number of searches can be set and changed in advance, for example. When searching a plurality of times, the process returns to S1 and the search is repeated (step S3).

  Further, the packet analysis unit 1 provides an extension header at the head of the frame to be searched, assigns the result from the CAM 2 (also referred to as an acquisition index) to the extension header (step S3), and adds the frame with the extension header added to the NPU 3 The NPU 3 performs corresponding processing based on the extension header (step S4).

JP 2003-198607 A JP 2006-101343 A

  However, according to the above-described search method, when the number of CAM searches for one packet is increased, the extension header added to the received frame is also increased as shown in FIG. As a result, the total data size of the search target frame increases.

  Therefore, the data size of one frame becomes larger than the data size when it is input from the network, the bandwidth of the path between the packet distribution unit 2 and the NPU 3 is insufficient, or the packet accompanying the addition of the extension header The output processing capability of the distribution unit 2 cannot follow, and as a result, the data transfer rate of the network device may decrease.

  Therefore, a packet processing device, a packet processing method, and a packet processing program capable of avoiding a decrease in the data transfer rate of the network device by reducing the load of the output processing from the packet analysis (notification) means due to the addition of the extension header Is required.

  In order to solve this problem, a packet processing device according to a first aspect of the present invention is a packet processing device that performs transmission control processing corresponding to an input packet based on transmission control information included in header information of the input packet. (1) Policy storage means for storing policy identification information indicating transmission control processing applied to a packet in association with transmission control information, and (2) extracting transmission control information contained in the header of the input packet Transmission control information extraction means; (3) policy identification information search means for searching one or more policy identification information corresponding to the transmission control information extracted by the transmission control information extraction means from the policy storage means; and (4) search. One or more policy identification information retrieved by the means is notified to the packet processing means while suppressing redundancy of the data size of the input packet That a packet notifying means, (5) based on one or more policy identification information notified from the packet notifying means, the packet processing device and a packet processing unit for performing transmission control processing corresponding to the input packet.

  A packet processing method according to a second aspect of the present invention is a packet processing method for performing transmission control processing corresponding to an input packet based on transmission control information included in header information of the input packet. Policy storage means for associating and storing policy identification information indicating transmission control processing and transmission control information is provided, and (2) transmission control information extracting means extracts transmission control information included in the header of the input packet. A transmission control information extraction step; and (3) a policy identification information search in which the policy identification information search means searches the policy storage means for one or more policy identification information corresponding to the transmission control information extracted by the transmission control information extraction means. And (4) the packet notifying unit converts the one or more policy identification information searched by the searching unit into a data source of the input packet. A packet notification step for notifying the packet processing means while suppressing redundancy of the packet, and (5) the packet processing means transmitting the packet corresponding to the input packet based on the one or more policy identification information notified from the packet notification means. A packet processing method comprising: a packet processing step for performing control processing.

  A packet processing program according to a third aspect of the present invention is (1) applied to a packet in a packet processing program for performing transmission control processing corresponding to an input packet based on transmission control information included in header information of the input packet. Policy storage means for associating and storing policy identification information indicating transmission control processing and transmission control information, and (2) transmission control information extraction for extracting transmission control information included in the header of the input packet in a computer Means, (3) policy identification information retrieval means for retrieving one or more policy identification information corresponding to the transmission control information extracted by the transmission control information extraction means from the policy storage means, and (4) one or more retrieved by the retrieval means Notification of multiple policy identification information to the packet processing means while suppressing redundancy of the data size of the input packet That packet notifying unit, based on (5) one or more policy identification information notified from the packet notifying means, to function as a packet processing unit for performing transmission control processing corresponding to the input packet.

  According to the packet processing device, the packet processing method, and the packet processing program of the present invention, it is possible to avoid a decrease in the data transfer rate of the network device by reducing the load of the output processing from the packet notification means due to the addition of the extension header. Can do.

(A) First Embodiment Hereinafter, a first embodiment of a packet processing device, a packet processing method, and a packet processing program of the present invention will be described with reference to the drawings.

  1st Embodiment demonstrates the case where the packet processing apparatus of this invention, the packet processing method, and the packet processing program are applied to the received packet processing part of the router arrange | positioned on a network.

(A-1) Configuration of First Embodiment FIG. 5 is a configuration diagram illustrating an internal configuration of a router that is an example of a network device according to the first embodiment.

  5, the router 5 of the first embodiment includes a plurality of physical ports 8 (8-1 to 8-N), a physical termination unit 4, a packet analysis unit 10A, a policy table storage unit 2, and a reception. The packet processing unit 6 includes a network processor (NPU) unit 3 and a transmission packet processing unit 7.

  The physical ports 8-1 to 8-N are connection ports that are connected to transmission media constituting the network. Here, as the transmission medium, either a wired medium (that is, a wired line) or a wireless medium (that is, a wireless line) can be applied.

  The physical termination unit 4 performs processing of the physical layer and data link layer of the OSI reference model. That is, a packet received from the network via the physical port 8 is given to the packet analysis unit 10A. In addition, when receiving a received packet from the physical port 8, the physical termination unit 4 extracts a protocol unit of the network layer from a MAC frame that is a protocol data unit of the data link layer, and gives it to the received packet processing unit 6. When the physical termination unit 4 receives the protocol unit of the network layer from the transmission packet processing unit 7, the physical termination unit 4 accommodates the protocol unit of the network layer in a MAC frame that is a protocol unit of the data link layer and gives it to the physical port 8. It is.

  The packet analysis unit 10A captures a packet input from the network via the physical termination unit 4, extracts header information from the captured packet, and uses the policy table storage unit 2 to perform processing corresponding to the header information. Search for policies. The packet analysis unit 10A also overwrites the MAC address field of the packet with the content reflecting the policy search result using the policy table storage unit 2 (that is, the content to be written in the conventional extension header), and the network processor ( NPU) part 3.

  The policy table storage unit 2 is a storage area for storing a policy table 2a having a correspondence relationship between an identifier included in packet header information and an address (also referred to as an index) indicating a policy of processing applied to the packet, For example, an associative memory (for example, CAM or the like) is applicable.

  The network processor unit 3 realizes the function as the router 5, performs a transfer function for the packet from the received packet processing unit 6, and overwrites the contents of the extension header in the MAC address field from the packet analysis unit 10A. When the received frame is received, processing to be applied to the packet is performed based on the contents of the overwritten extension header.

  When receiving a network layer protocol unit (for example, an IP packet) from the physical termination unit 4, the reception packet processing unit 6 performs a predetermined reception process and gives it to the network processor unit 3.

  The transmission packet processing unit 7 transmits a packet instructed by the network processor unit 3. For example, the transmission packet processing unit 7 performs packet discarding or packet transmission processing to the next transfer destination under the control of the network processor unit 3.

  FIG. 1 is a functional block diagram illustrating an internal configuration of the packet analysis unit 10A according to the first embodiment and a configuration centering on the packet analysis unit 10A.

  In FIG. 1, the packet analysis unit 10 </ b> A according to the first embodiment includes at least a packet buffer unit 11, an identifier extraction unit 12, a search management unit 13, and a packet processing execution unit 14.

  The packet buffer unit 11 temporarily stores the packet received from the physical termination unit 4, and gives the temporarily stored packet to the packet processing execution unit 14.

  The identifier extraction unit 12 extracts a search identifier included in the header information of the packet stored in the packet buffer unit 11 and gives the extracted search identifier to the search management unit 13.

  Here, the search identifier is transmission control information included in the packet header information, and this transmission control information is an identifier for searching the policy table 2a for searching a policy of processing applied to the packet. Become. For example, in the case of an IP packet header, a destination IP address, a source IP address, a ToS (service type), a protocol number (a type of a higher level protocol), and the like are applicable.

  The search management unit 13 receives the search identifier extracted by the identifier extraction unit 12, and uses the search identifier as a search key and corresponds to the search identifier from the policy table 2 a stored in the policy table storage unit 2. The policy number to be searched is searched. Further, the search management unit 13 refers to the ACL action table 13a using the retrieved policy number, retrieves the address (index) of the policy for processing the packet, and uses the retrieved address (index) as the packet. This is given to the processing execution unit 14.

  The ACL action table 13a is a table in which the contents of actions are registered in association with the policy numbers of the respective rows of the policy table 2a. Actions registered in the ACL action table 13a may include actions related to QoS control in the case of passing, in addition to passing and discarding of packets.

  The policy address (index) includes at least identification information indicating whether or not the policy corresponding to the search identifier has been hit or missed by searching the policy table 2a, and the policy address number. Composed.

  The action content may be configured to be registered in the policy table 2a by preparing data items for that purpose, but here, the ACL action table 13a is prepared separately from the policy table 2a. As a result, the listability is lowered, but the management becomes easy and the possibility of saving storage resources is high. This is because the same action is often associated with many different rows on the policy table 2a in practice.

  The packet processing execution unit 14 performs packet processing on the packet reflecting the content of the action obtained by searching the ACL action table 13a. For example, the packet processing execution unit 14 performs a packet discarding process or the like.

  The packet processing execution unit 14 overwrites the MAC address field (destination address part and transmission source address part) of the packet output from the packet buffer unit 11 and outputs the address (index) searched by the search management unit 13. To do.

  At this time, the packet processing execution unit 14 sequentially overwrites from the beginning of the MAC address field, and after overwriting, data (for example, all 0) intended to be blank is left in the remaining portion of the overwritten MAC address field. Shall be granted.

  The packet processing execution unit 14 overwrites the MAC address field of the packet with the contents of the extension header. The MAC address field is replaced by the packet transmission processing unit 7 when the packet is transmitted. This is the part that is done. That is, since the MAC address field is at least a portion that is not used in the processing inside the router 5, the contents that have been written in the extension header until now are overwritten on the unused field portion.

  Thus, by overwriting the contents of the extension header in the MAC address field, it is not necessary to add a new extension header, so that the data size of the frame can be suppressed. As a result, the packet analysis unit 10A and the NPU The bandwidth shortage of the path to the unit 3 can be solved, and a decrease in output processing of the packet analysis unit 10A due to the addition of the extension header as in the past can be suppressed.

(A-2) Operation of First Embodiment Next, the operation of the packet information analysis processing of the first embodiment will be described with reference to the drawings.

  In FIG. 1, a packet input from the network to the physical termination unit 4 is given to the packet buffer unit 11 and temporarily held in the packet buffer unit 11 (step S11).

  For the packet held in the packet buffer unit 11, the identifier extraction unit 12 extracts the search identifier included in the packet header information (step S 12), and gives the extracted search identifier to the search management unit 13. (Step S13).

  When the search identifier is given to the search management unit 13, the search management unit 13 refers to the policy table 2a stored in the policy table storage unit 2, searches for a policy number corresponding to the search identifier, and performs an ACL action. With reference to the table 13a, a process for a packet corresponding to the searched policy number is searched (step S14).

  When the search management unit 13 searches for the policy number and the packet processing for the policy number, and the search result is given to the packet processing execution unit 14 (step S15), the packet processing execution unit 14 is held in the packet buffer unit 11. (Step S16), the packet processing retrieved from the ACL action table 13a (for example, packet discard) is performed, and the MAC address field of the packet is overwritten with the policy address retrieved from the policy table 2a. (Step S17).

  FIG. 6 is an image diagram of processing for overwriting an address (index) as a search result of the policy table 2a in the MAC address field of the packet.

  As shown in FIG. 6, the address (field) to be overwritten is the same as the contents previously entered as the extension header. That is, in the contents of the extension header shown in FIG. 6, the “A to D” portion 31 includes identification information indicating hit or miss hit by the search of the policy table 2a (for example, “1” in case of hit, in case of miss hit) "0") is entered, and the address of the policy number at the time of a search hit in the policy table 2a is entered in the "acquisition index" 32 portion (in the case of a miss hit, for example, all "0").

  Then, the packet processing execution unit 14 gives the packet in which the policy address is overwritten in the MAC address field to the NPU 3, and executes processing for the packet (step S18).

(A-3) Effects of the First Embodiment As described above, according to the first embodiment, the packet processing execution unit 14 uses the contents previously written in the extension header in the MAC address field of the packet. By overwriting, since a new extension header is not added, the output processing load of the packet analysis unit can be reduced, and a decrease in data transfer rate as a router can be prevented.

(B) Second Embodiment Next, a second embodiment of the packet processing apparatus, the packet processing method, and the packet processing program of the present invention will be described with reference to the drawings.

  Similarly to the first embodiment, the second embodiment also describes the case where the packet processing device, the packet processing method, and the packet processing program of the present invention are applied to the received packet processing unit of the router arranged on the network. To do.

(B-1) Configuration of Second Embodiment FIG. 7 is a block diagram illustrating an internal configuration of a router that is an example of a network device according to the second embodiment.

  In FIG. 7, the router 5 according to the second embodiment includes a plurality of physical ports 8 (8-1 to 8-N), a physical termination unit 4, a packet analysis unit 10B, a policy table storage unit 2, and a reception. The packet processing unit 6 includes a network processor (NPU) unit 3, a transmission packet processing unit 7, and an index content storage unit 9.

  The second embodiment differs from the first embodiment in that the router 5 of the second embodiment includes an index content storage unit 9 and the function of the packet analysis unit 10B.

  Therefore, hereinafter, the configuration and operation of the index storage unit 9 and the packet analysis unit 10B will be described in detail, and the functional configuration described in the first embodiment will be omitted.

  The index content storage unit 9 receives a search result when the packet analysis unit 10B searches the policy table 2a for a certain packet, that is, a policy address (index) from the packet analysis unit 10B, and receives the policy address (index). Is stored for each packet to be searched. For example, a storage device such as a DPRAM can be applied to the index content storage unit 9.

  At this time, it is assumed that the memory address at which the index content storage unit 9 stores the address (index) of the policy is recognized by the packet analysis unit 10B. This recognition of the memory address can be realized, for example, by incrementing the memory address counter for each packet to be searched and the packet analysis unit 10B holding this count value.

  When the packet analysis unit 10B searches for a packet by using the policy table 2a and obtains a policy address (index), the packet analysis unit 10B stores the policy address (index) in the index content storage unit 9.

  The packet analysis unit 10B adds the memory address and the number of searches stored in the index content storage unit 9 as an extension header of the packet or overwrites the MAC address field.

  When the first embodiment is applied, as the number of searches in the policy table 2a increases, the content to be overwritten increases, and a data field greater than the MAC address field is required. However, in the second embodiment, the packet analysis unit 10B only needs to add the memory address and the number of searches of the index content storage unit 9 to the packet, so that the data field to be overwritten or overwritten is made constant. Therefore, there is no case where the MAC address field is exceeded.

  The NPU 3 reads the policy address (index) stored in the index content storage unit 9 based on the memory address and the number of searches entered at the beginning of the packet from the packet analysis unit 10B, and reads the policy address (index) The packet is processed according to a policy based on (index).

(B-2) Operation of Second Embodiment Next, the operation of the packet analysis processing of the second embodiment will be described with reference to the drawings.

  FIG. 8 is a diagram illustrating the packet analysis unit 10B according to the second embodiment and the components centering on the packet analysis unit 10B.

  In FIG. 8, as in the first embodiment, when a packet from the network is input to the packet analysis unit 10B (step S11), the identifier for search included in the header information of the packet is extracted by the identifier extraction unit 12. (Step S12) A search identifier is given to the search management unit 14 (Step S13), and the search management unit 15 searches the packet by the policy table 2a (Step S14).

  Here, FIG. 10 is a flowchart showing operations in the search management unit 15 and the packet execution unit 16.

  When the search management unit 15 receives the search identifier from the identifier extraction unit 12, the search management unit 15 gives a search request command and a search identifier to the policy table storage unit 2 (step S201).

  Then, the policy table storage unit 2 compares the internal entry of the policy table 2a with the search identifier, and as a response, another response that matches or does not match, and the policy address if they match, the search management unit 15 (Step S202).

  If the number of searches N in the search management unit 15 is “1”, the process proceeds to step S204. If the number of searches N is “1 or more”, the process returns to step S201 to repeat the process (step S203).

  In step S204, the search management unit 15 performs a predetermined preparation for writing the contents of the searched index to the index content storage unit 9 (step S204), and manages the memory address to which the contents of the index are written (step S205). ).

  Then, the search management unit 15 writes the content of the index searched this time to the memory address managed by the index content storage unit 9 (step S205, step S21 in FIG. 8).

  FIG. 9 shows an image of an index content storage mode in the index content storage unit 9.

  As shown in FIG. 9, the index content storage unit 9 stores the index content 42 from the search management unit 15 in association with a predetermined memory address 41. The memory address 42 is also managed by the search management unit 15, and for example, the index contents are sequentially stored in the order of the numbers of the memory addresses 42. The index contents 42 can change the data width (data length) stored according to the number of searches. As a result, it is possible to store index contents that increase the data length as the number of searches increases.

  When the search management unit 15 gives the packet execution unit 16 the memory address to which the contents of the index searched this time are written and the number of searches of the current search (step S22 in FIG. 8), the packet execution unit 16 The corresponding packet held in the unit 11 is read (step S23 in FIG. 8), and the memory address of the index content storage unit 9 and the number of searches are added to the head of the packet frame (step S207, step in FIG. 8). 24).

  Then, the packet execution unit 16 gives the NPU 3 a packet to which the memory address of the index content storage unit 9 and the number of searches are given (step S25 in FIG. 8).

  The NPU 3 reads the index content stored in the index content storage unit 9 based on the memory address given to the head of the packet and the number of searches (steps S26 and S27 in FIG. 8), and the NPU 9 reads the index content read The policy based on is performed on the packet.

(B-3) Effects of Second Embodiment As described above, according to the second embodiment, the same effects as those of the first embodiment can be obtained.

  Further, according to the second embodiment, the index content storage unit 9 is provided, and the packet analysis unit 10B stores the index content of the retrieved policy in the index content storage unit 9, and the memory address and the number of searches are stored in the frame. By adding to the beginning, the data size to be added to the frame can be made constant even when the amount of index content data to be overwritten increases by increasing the number of searches, so a new extension header is added. Therefore, it is possible to reduce the load of the output processing of the packet analysis unit, and to prevent the data transfer rate as a router from being lowered.

(C) Third Embodiment Next, a third embodiment of the packet processing device, the packet processing method, and the packet processing program of the present invention will be described with reference to the drawings.

  As in the first embodiment, the third embodiment also describes the case where the packet processing device, the packet processing method, and the packet processing program of the present invention are applied to the received packet processing unit of the router arranged on the network. To do.

(C-1) Configuration and Operation of the Third Embodiment FIG. 11 is a block diagram showing the internal configuration of the packet analysis unit 10C of the third embodiment.

  The third embodiment is different from the first and second embodiments in that the search management unit 17 of the packet analysis unit 10C performs the processing described in the first embodiment and the processing described in the second embodiment. It is a point provided with the switching part 171 which switches.

  As a result, the packet analysis unit 10C performs the processing described in the first embodiment (that is, overwrite processing on the MAC address field) and the processing described in the second embodiment according to the number of searches or the input packet type. Any one of the processes (that is, the process of writing the index contents in the index internal storage unit 9 and assigning the memory address and the number of searches to the head of the frame) can be switched.

  As a switching method by the switching unit 171, for example, there are a method of switching according to the number of searches, or a method of switching according to the type of input packet.

  For example, in the case of a method of switching according to the number of searches, the switching unit 171 performs the processing described in the first embodiment when the number of searches is equal to or less than the predetermined number of searches, and exceeds the predetermined number of searches. In such a case, the processing described in the second embodiment is performed.

  Specifically, for one search, if the data size of the reply from the policy table storage unit 2, that is, the total data size of the match / mismatch reply and the index is 2 bytes, the search count is 1 to 6 As in the first embodiment, the index content is overwritten in the MAC address field, and when the number of searches exceeds 6, the index content is stored in the index content storage unit 9 as in the second embodiment. The operation mode is switched so that the memory address and the number of searches are given to the head of the frame.

  In this case, the switching unit 171 can be realized based on the number of searches set in advance in the internal register of the packet analysis unit 10C.

  Further, for example, in the case of a method of switching according to the packet type, the switching unit 171 determines the type of the input packet, and according to the packet type, the number of searches, the process of the first embodiment, or the second embodiment. You may make it change the process of.

  Specifically, referring to the Type field in the ether header and determining whether or not the packet is an IP packet, the IP packet is searched for all the times. Perform a minute search only once.

  In this case, if it is not an IP packet, the index contents are overwritten in the MAC address field as in the first embodiment, and if it is an IP packet, the index contents are stored in the index contents storage unit as in the second embodiment. 9 and the operation mode is switched so that the memory address and the number of searches are given to the head of the frame.

(C-2) Effects of Third Embodiment As described above, according to the third embodiment, the same effects as those obtained in the first and second embodiments can be obtained.

  Further, according to the third embodiment, the processing described in the first embodiment or the processing described in the second embodiment can be switched according to the number of searches or the type of input packet.

It is a block diagram which shows the internal structure of the packet analysis part of 1st Embodiment. It is a block diagram which shows a part of internal structure of the network apparatus provided with the conventional CAM. 10 is a flowchart for briefly explaining a policy search process using a conventional CAM. It is explanatory drawing which shows the structural example of the data frame which provided the conventional extended header. It is a block diagram which shows the internal structure of the network device of 1st Embodiment. It is an image figure of the process which overwrites the extension header content of 1st Embodiment on a MAC address field. It is a block diagram which shows the internal structure of the network apparatus of 2nd Embodiment. It is a block diagram which shows the internal structure of the packet analysis part of 2nd Embodiment. It is explanatory drawing explaining the memory | storage aspect in the index content memory | storage part of 2nd Embodiment. It is a flowchart which shows operation | movement of the search management part and packet process execution part of 2nd Embodiment. It is a block diagram which shows the internal structure of the packet analysis part of 3rd Embodiment.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 2 ... Policy table memory | storage part, 2a ... Policy table, 11 ... Packet buffer part, 12 ... Identifier extraction part, 13, 15 and 17 ... Search management part, 14 and 16 ... Packet processing execution part, 3 ... NPU, 9 ... Index Content storage unit.

Claims (6)

In a packet processing device that performs transmission control processing corresponding to the input packet based on transmission control information included in header information of the input packet,
Policy storage means for storing policy identification information indicating transmission control processing applied to a packet and transmission control information in association with each other;
Transmission control information extracting means for extracting transmission control information included in the header of the input packet;
Policy identification information search means for searching one or more policy identification information corresponding to the transmission control information extracted by the transmission control information extraction means from the policy storage means;
A packet notification means for notifying the packet processing means of the one or more policy identification information searched by the search means while suppressing redundancy of the data size of the input packet;
A packet processing device comprising: packet processing means for performing transmission control processing corresponding to the input packet based on the one or more pieces of policy identification information notified from the packet notification means.   2. The packet notifying means for notifying the packet processing means by overwriting the one or a plurality of policy identification information in a header field of an upper layer in a configuration frame of the input packet. Packet processing equipment. The packet notification unit includes a policy identification information holding unit that holds the one or more policy identification information in association with a holding address;
The packet notification means gives the holding address and the search count of the one or more policy identification information held in the policy identification information holding section to the head part of the input packet and notifies the packet processing means. The packet processing device according to claim 2.   The packet notification means overwrites the one or more policy identification information in the header field of the upper layer in the configuration frame of the input packet according to the number of searches for the input packet or the type of the input packet. And switching the assignment of the holding address and the number of searches of the one or more policy identification information held in the policy identification information holding unit to the head portion of the input packet. 4. The packet processing device according to 3. In a packet processing method for performing transmission control processing corresponding to the input packet based on transmission control information included in header information of the input packet,
Policy storage means for storing policy identification information indicating transmission control processing applied to a packet and transmission control information in association with each other,
A transmission control information extracting means for extracting transmission control information included in the header of the input packet;
A policy identification information search step in which policy identification information search means searches the policy storage means for one or more policy identification information corresponding to the transmission control information extracted by the transmission control information extraction means;
A packet notification step in which the packet notification means notifies the packet processing means of the one or more policy identification information searched by the search means while suppressing redundancy of the data size of the input packet;
A packet processing step, wherein the packet processing means performs a transmission control process corresponding to the input packet based on the one or more pieces of policy identification information notified from the packet notification means. In a packet processing program for performing transmission control processing corresponding to the input packet based on transmission control information included in header information of the input packet,
Policy storage means for storing policy identification information indicating transmission control processing applied to a packet and transmission control information in association with each other,
On the computer,
Transmission control information extracting means for extracting transmission control information contained in the header of the input packet;
Policy identification information search means for searching one or more policy identification information corresponding to the transmission control information extracted by the transmission control information extraction means from the policy storage means;
A packet notification means for notifying the packet processing means of the one or more policy identification information searched by the search means while suppressing redundancy of the data size of the input packet;
A packet processing program for functioning as packet processing means for performing transmission control processing corresponding to the input packet based on the one or more pieces of policy identification information notified from the packet notification means.

Images