CN106131086A - A kind of matching process accessing control list and device - Google Patents
A kind of matching process accessing control list and device Download PDFInfo
- Publication number
- CN106131086A CN106131086A CN201610786736.5A CN201610786736A CN106131086A CN 106131086 A CN106131086 A CN 106131086A CN 201610786736 A CN201610786736 A CN 201610786736A CN 106131086 A CN106131086 A CN 106131086A
- Authority
- CN
- China
- Prior art keywords
- address
- acl
- acl rule
- vector
- bitmap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The present invention relates to field of network data transmission technology, it discloses a kind of matching process and device accessing and controlling list, the matching efficiency solving to control in conventional art the existence of list match means is low, builds complicated problem.This device includes controlling plane, is lower target acl rule table for building with priority, and to build with address object be the first dimension, and source, purpose ip address are the second dimension, and ACL priority is the bitmap vector table of third dimension;Datum plane, address object coupling is carried out for the ip address, source of the message according to entrance datum plane and purpose ip address, the bitmap array comprising ACL priority is constructed according to the address object matched, travel through described bitmap array and carry out the coupling of acl rule table, obtain the acl rule table of the limit priority of coupling, and according to this acl rule table, message is processed.The program meets the requirement of efficient matchings magnanimity ACL, reduces space consuming, and autgmentability is good, can apply to the product such as router, fire wall.
Description
Technical field
The present invention relates to field of network data transmission technology, be specifically related to a kind of matching process and dress accessing and controlling list
Put.
Background technology
The high-end safety product possible configuration ACL of magnanimity (accesses and controls list), and on second filial generation fire wall, ACL advises
Then comprise following eight tuples: source interface (or source domain), purpose interface (or purpose territory), source IP address object, purpose IP ground
Location object, IP protocol type, destination interface, user's (or user's group), the time period.The ACL of magnanimity has priority requirement, message
Need to match the most efficiently the ACL of optimum, then determine that the subsequent treatment of message (turns according to the action of ACL configuration
Send out, abandon or perform depth detection further).
Existing access controls list match device, and this device is made up of following components:
Control plane: the tuple quoted by acl rule divides equivalence class, and these equivalence classes can hit same group of ACL;Thoroughly
Lift the combination of different tuple equivalence class, build ACL mapping table.
Datum plane: each tuple in message mates equivalence class successively, obtains the matching result of all tuple equivalence classes,
Go out mapping table according to these results hash, find the ACL that can hit;Extract the ACL of limit priority again;
The combination of existing control list match is exhaustive different tuple equivalence classes, if coupling tuple is too much, and acl rule
During magnanimity, equivalence class can be caused too much, matching efficiency promotes inconspicuous, and the internal memory needed is more, the most existing match party
Method does not support reference address object, simply quotes single ip address, and building process is complex.
Summary of the invention
The technical problem to be solved is: proposes a kind of matching process and device accessing and controlling list, solves
The matching efficiency controlling the existence of list match means in conventional art is low, builds complicated problem.
On the one hand, the embodiment of the present invention provides a kind of coalignment accessing and controlling list, comprising:
Control plane, be lower target acl rule table for building with priority, and to build with address object be the first dimension
Degree, source, purpose IP address are the second dimension, and ACL priority is the bitmap vector table of third dimension;
Datum plane, carries out address object for source IP address and the purpose IP address of the message according to entrance datum plane
Coupling, constructs, according to the address object matched and described bitmap vector table, the bitmap array comprising ACL priority, travels through institute
Rheme figure array carries out the coupling of acl rule table, it is thus achieved that the acl rule table of the limit priority of coupling, and according to this acl rule
Message is processed by table.
As optimizing further, described control plane is the first dimension for building with address object, source IP address, purpose
IP address is the second dimension, and ACL priority is the bitmap vector table of third dimension, specifically includes:
For any one address object a [i], calculate source IP address vector SAddr [i] of N position and destination address to
Amount DAddr [i], j is from 1 to N in circulation: if the source IP address of acl rule rule [j] refer to address object a [i], then source IP
The jth position 1 of address vector SAddr [i], if the purpose IP address reference of rule [j] address object a [i], then purpose
The jth bit position 1 of address vector DAddr [i], described 1≤j≤N.
As optimizing further, datum plane is for according to the address object matched and described bitmap vector table structure
Comprise the bitmap array of ACL priority, specifically include:
Mate the address object set obtained according to source IP address, obtain each vector table of corresponding source IP address, by right
The all of vector table answering former IP address is carried out or computing, obtains primary vector table;The ground obtained is mated according to purpose IP address
Location object set, obtains each vector table of corresponding purpose IP address, is carried out by all of vector table of corresponding purpose IP address
Or computing, obtain secondary vector table;Primary vector table and secondary vector table are carried out and computing, obtain one group excellent with acl rule
First level is lower target bitmap array.
As optimizing further, described datum plane carries out the coupling of acl rule table for traveling through described bitmap array, obtains
The acl rule table of the limit priority that must mate, and according to this acl rule table, message is processed, specifically include:
Datum plane travels through described bitmap array in order, if finding the bitmap element that value is 1, then obtains this right
The acl rule table answered, carries out ACL coupling, when hitting some acl rule, stops coupling, holds according to the acl rule of hit
Row Message processing action.
As optimizing further, if described datum plane is additionally operable to travel through whole bitmap array all cannot hit acl rule
Time, then obtain the default acl rule being pre-configured with, carry out ACL coupling, if the acl rule of the most miss acquiescence, then message is entered
Row clearance processes.
As optimizing further, described datum plane is additionally operable to, when performing Message processing action, record respective handling day
Will information.
On the other hand, the embodiment of the present invention provides a kind of matching process accessing and controlling list, comprises the following steps:
A, to build be lower target acl rule table with priority, and to build with address object be the first dimension, source IP address,
Purpose IP address is the second dimension, and ACL priority is the bitmap vector table of third dimension;
B, carry out address object coupling according to the source IP address of message and purpose IP address entering datum plane, according to
The address object being fitted on and described bitmap vector table construct the bitmap array comprising ACL priority;
C, travel through described bitmap array and carry out the coupling of acl rule table, it is thus achieved that the acl rule of the limit priority of coupling
Table, and according to this acl rule table, message is processed.
As optimizing further, in step A, described structure is the first dimension with address object, source IP address, purpose IP ground
Location is the second dimension, and ACL priority is the bitmap vector table of third dimension, including:
For any one address object a [i], calculate source IP address vector SAddr [i] and the purpose IP address of N position
Vector DAddr [i], j is from 1 to N in circulation: if the source IP address of acl rule rule [j] refer to address object a [i], then source
The jth position 1 of IP address vector SAddr [i], if the destination address of rule [j] refer to address object a [i], then purpose
The jth position 1 of IP address vector DAddr [i], described 1≤j≤N.
As optimizing further, in step B, address object and described bitmap vector table that described basis matches construct
Comprise the bitmap array of ACL priority, including:
Mate the address object set obtained according to source IP address, obtain each vector table of corresponding source IP address, by right
The all of vector table answering former IP address is carried out or computing, obtains primary vector table;The ground obtained is mated according to purpose IP address
Location object set, obtains each vector table of corresponding purpose IP address, is carried out by all of vector table of corresponding purpose IP address
Or computing, obtain secondary vector table;Primary vector table and secondary vector table are carried out and computing, obtain one group excellent with acl rule
First level is lower target bitmap array.
As optimizing further, in step C, described traversal described bitmap array carries out the coupling of acl rule table, it is thus achieved that
The acl rule table of the limit priority joined, and according to this acl rule table, message is processed, including:
Datum plane travels through described bitmap array in order, if finding the bitmap element that value is 1, then obtains this right
The acl rule table answered, carries out ACL coupling, when hitting some acl rule, stops coupling, holds according to the acl rule of hit
Row Message processing action.
As optimizing further, in step C, including:
When traveling through whole bitmap array and all cannot hit acl rule, then obtain the default acl rule being pre-configured with, enter
Row ACL mates, if the acl rule of the most miss acquiescence, then message is carried out clearance process.
The invention has the beneficial effects as follows: by the way of the bitmap array that structure comprises ACL priority, travel through described bitmap
Array carries out the coupling of acl rule table, thus obtains the acl rule table of the limit priority of coupling;The program meets efficient
Joining the requirement of magnanimity ACL, reduce space consuming, autgmentability is good, can apply to the product such as router, fire wall.
Accompanying drawing explanation
Accompanying drawing 1 is that the access of the embodiment of the present invention controls list match device schematic diagram;
Accompanying drawing 2 is the matching process flow chart accessing control list of the embodiment of the present invention.
Detailed description of the invention
The embodiment of the present invention is directed to a kind of matching process and device accessing and controlling list, solves to control in conventional art
The matching efficiency that list match means processed exist is low, builds complicated problem.Below in conjunction with the accompanying drawings and embodiment is to the present invention's
Scheme is further described:
Embodiment:
As it is shown in figure 1, the coalignment that accessing in the embodiment of the present invention controls list includes:
Control plane, be lower target acl rule table for building with priority, and to build with address object be the first dimension
Degree, source IP address, purpose IP address are the second dimension, and ACL priority is the bitmap vector table of third dimension:
For any one address object a [i], calculate source address vector SAddr [i] and the destination address vector of N Bit
DAddr [i], j is from 1 to N in circulation: if the source address of acl rule rule [j] refer to address object a [i], then SAddr [i]
Jth bit position 1, if the destination address of rule [j] refer to a [i], then the jth bit position 1 of DAddr [i], institute
State 1≤j≤N:
Datum plane, carries out address object for source IP address and the purpose IP address of the message according to entrance datum plane
Coupling, constructs, according to the address object matched and described bitmap vector table, the bitmap array comprising ACL priority: according to source
The address object set obtained is mated in IP address, obtains each vector table of corresponding source IP address, by the institute of corresponding source IP address
Some vector tables are carried out or computing, obtain primary vector table;Mate the address object set obtained according to purpose IP address, obtain
Each vector table of corresponding purpose IP address, carries out all of vector table of corresponding purpose IP address or computing, obtains second
Vector table, is carried out and computing primary vector table and secondary vector table, obtain one group with acl rule priority as subscript, be worth and be
The bitmap array of 0/1;
Datum plane is additionally operable to travel through described bitmap array and carries out the coupling of acl rule table, it is thus achieved that coupling the highest preferentially
The acl rule table of level, and according to this acl rule table, message is processed: datum plane travels through described bitmap number in order
Group, if finding the bitmap element that value is 1, then obtains this corresponding acl rule table, carries out ACL coupling, when hitting some
During acl rule, stop coupling, perform Message processing action according to the acl rule of hit.If described datum plane is additionally operable to traversal
When whole bitmap array all cannot hit acl rule, then obtain the default acl rule being pre-configured with, carry out ACL coupling, if still
The acl rule of miss acquiescence, then carry out clearance process to message.
The access that the embodiment of the present invention provides controls list match device, is comprised the bitmap number of ACL priority by structure
The mode of group, travels through described bitmap array and carries out the coupling of acl rule table, it is possible to efficient matchings goes out the ACL of magnanimity.
Fig. 2 illustrates to access the flow process controlling list match method in the embodiment of the present invention, is applied to visit as described in Figure 1
Ask in the coalignment controlling list, comprising:
S201, building is lower target acl rule table with priority, and to build with address object be the first dimension, source IP ground
Location, purpose IP address are the second dimension, and ACL priority is the bitmap vector table of third dimension.
This step, building with address object is the first dimension, and source IP address, purpose IP address are the second dimension, and ACL is preferential
Level is the bitmap vector table of third dimension, including:
For any one address object a [i], calculate source IP address vector SAddr [i] and the purpose IP address of N position
Vector DAddr [i], j is from 1 to N in circulation: if the source IP address of acl rule rule [j] refer to address object a [i], then source
The jth position 1 of IP address vector SAddr [i], if the destination address of rule [j] refer to address object a [i], then purpose
The jth position 1 of IP address vector DAddr [i], described 1≤j≤N.
S202, the source IP address of message and purpose IP address according to entering datum plane carry out address object coupling, root
The bitmap array comprising ACL priority is constructed according to the address object matched and described bitmap vector table.
In this step, the source IP address of message and purpose IP address according to entering datum plane carry out address object
Join, according to the set of the address object that acquisition conversation has been matched to;According to the address object matched and described bitmap to
Scale structure comprises the bitmap array of ACL priority, specifically includes
Mate the address object set obtained according to source IP address, obtain each of corresponding source IP address according to bitmap vector table
Individual vector table, carries out all of vector table of corresponding former IP address or computing, obtains primary vector table;According to purpose IP address
The address object set that coupling obtains, obtains each vector table of corresponding purpose IP address, by correspondence mesh according to bitmap vector table
The all of vector table of IP address carry out or computing, obtain secondary vector table;Primary vector table and secondary vector table are carried out
With computing, obtaining one group with acl rule priority is lower target bitmap array.
S203, travels through described bitmap array and carries out the coupling of acl rule table, it is thus achieved that the ACL rule of the limit priority of coupling
Then table, and according to this acl rule table, message is processed.
In this step, according to the set of the address object that acquisition conversation has been hit, including source IP address object and purpose
IP address object.Travel through described bitmap array and carry out the coupling of acl rule table, specific implementation include:
S2031, obtains the number (each array element supports 64bit) of element in bitmap array.
S2032, it is judged that currently processed bitmap element number whether more than its total number, the most then performs step 2037,
Otherwise, step 2033 is performed.
S2033, obtains the hit results of current bitmap array element.Specifically include following steps:
According to the message bit pattern specified, obtain bitmap vector;Obtain source IP address and ground is not the most hit in purpose IP address
The bitmap vector of location object;Obtain the address object of source IP address hit, the position of the address object that purpose IP address is not hit
Figure vector;Obtain source IP address and there is no hit address object, the bitmap vector of the address object of purpose IP address hit;Acquisition source
IP address and purpose IP address can the bitmap vectors of hit address object;Obtain and represent the bitmap vector that source IP address is ANY;
Obtain and represent the bitmap vector that purpose IP address is ANY;The vector of all address objects that source IP address can be hit gather into
Row or computing, obtain the bitmap vector of source IP address;The vector of all address objects that purpose IP address can be hit gather into
Row or computing, obtain the bitmap vector of purpose IP address;Carry out obtaining with computing by the bitmap vector that source and destination address can be hit
Bitmap vector to source IP address and purpose IP address.All bit of the bitmap vector of traversal source IP address and purpose IP address
(position), if 1 carries out ACL coupling, if hit, returns the ACL of hit.
S2034, by currently processed bitmap element number from increasing, and judges whether to hit acl rule, if hit, then holds
Row step 2035, otherwise returns step 2032.
S2035, obtains the acl rule of hit, records this ACL ID in a session.
S2036, performs corresponding Message processing action according to the acl rule of hit, terminates flow process.
S2037, obtains the last bitmap element less than 64bit, obtains the hit results of current bitmap array element.
S2038, it may be judged whether hit acl rule, if hit, then performs step 2035, otherwise, performs step 2039.
S2039, obtains the default acl rule list being pre-configured with and carries out ACL coupling, and judge whether to hit acl rule, if
Hit, then perform step 2035, otherwise message carried out clearance process.
Claims (10)
1. one kind accesses the coalignment controlling list, it is characterised in that including:
Control plane, be lower target acl rule table for building with priority, and to build with address object be the first dimension, source
IP address, purpose IP address are the second dimension, and ACL priority is the bitmap vector table of third dimension;
Datum plane, carries out address object for source IP address and the purpose IP address of the message according to entrance datum plane
Joining, construct, according to the address object matched and described bitmap vector table, the bitmap array comprising ACL priority, traversal is described
Bitmap array carries out the coupling of acl rule table, it is thus achieved that the acl rule table of the limit priority of coupling, and according to this acl rule table
Message is processed.
A kind of coalignment accessing control list the most as claimed in claim 1, it is characterised in that described control plane, uses
Being the first dimension in building with address object, source IP address, purpose IP address are the second dimension, and ACL priority is third dimension
The mode of bitmap vector table, specifically include:
For any one address object a [i], calculate source IP address vector SAddr [i] and the purpose IP address vector of N position
DAddr [i], j is from 1 to N in circulation: if the source IP address of acl rule rule [j] refer to address object a [i], then source IP ground
The jth position 1 of location vector SAddr [i], if the destination address of rule [j] refer to address object a [i], then purpose IP ground
The jth position 1 of location vector DAddr [i], described 1≤j≤N.
3. the coalignment accessing control list as claimed in claim 1, it is characterised in that described datum plane is used for basis
The address object matched and described bitmap vector table construct the bitmap array comprising ACL priority, specifically include:
Mate the address object set obtained according to source IP address, obtain each vector table of corresponding source IP address, correspondence is former
The all of vector table of IP address is carried out or computing, obtains primary vector table;The address pair obtained is mated according to purpose IP address
As set, obtain each vector table of corresponding purpose IP address, all of vector table of corresponding purpose IP address is carried out or transports
Calculate, obtain secondary vector table;Primary vector table and secondary vector table are carried out and computing, obtains one group with acl rule priority
For lower target bitmap array.
4. the coalignment accessing control list as claimed in claim 1, it is characterised in that described datum plane is used for traveling through
Described bitmap array carries out the coupling of acl rule table, it is thus achieved that the acl rule table of the limit priority of coupling, and advises according to this ACL
Then message is processed by table, specifically includes:
Datum plane travels through described bitmap array in order, if finding the bitmap element that value is 1, then obtains this corresponding
Acl rule table, carries out ACL coupling, when hitting some acl rule, stops coupling, performs report according to the acl rule of hit
Literary composition process action.
5. the coalignment accessing control list as described in claim 1-4, it is characterised in that described datum plane is additionally operable to
If traveling through whole bitmap array when all cannot hit acl rule, then obtain the default acl rule being pre-configured with, carry out ACL
Join, if the acl rule of the most miss acquiescence, then message is carried out clearance process.
6. one kind accesses the matching process controlling list, it is characterised in that comprise the following steps:
A, to build be lower target acl rule table with priority, and to build with address object be the first dimension, source IP address, purpose
IP address is the second dimension, and ACL priority is the bitmap vector table of third dimension;
B, carry out address object coupling, according to matching according to the source IP address of message and purpose IP address entering datum plane
Address object and described bitmap vector table structure comprise the bitmap array of ACL priority;
C, travel through described bitmap array and carry out the coupling of acl rule table, it is thus achieved that the acl rule table of the limit priority of coupling, and
According to this acl rule table, message is processed.
7. the matching process accessing control list as claimed in claim 6, it is characterised in that in step A, described structure is with ground
Location object is the first dimension, and source IP address, purpose IP address are the second dimension, and ACL priority is the bitmap vector of third dimension
Table, including:
For any one address object a [i], calculate source IP address vector SAddr [i] and the purpose IP address vector of N position
DAddr [i], j is from 1 to N in circulation: if the source IP address of acl rule rule [j] refer to address object a [i], then source IP ground
The jth position 1 of location vector SAddr [i], if the destination address of rule [j] refer to address object a [i], then purpose IP ground
The jth position 1 of location vector DAddr [i], described 1≤j≤N.
8. the matching process accessing control list as claimed in claim 6, it is characterised in that in step B, described according to coupling
To address object and described bitmap vector table structure comprise the bitmap array of ACL priority, including:
Mate the address object set obtained according to source IP address, obtain each vector table of corresponding source IP address, correspondence is former
The all of vector table of IP address is carried out or computing, obtains primary vector table;The address pair obtained is mated according to purpose IP address
As set, obtain each vector table of corresponding purpose IP address, all of vector table of corresponding purpose IP address is carried out or transports
Calculate, obtain secondary vector table;Primary vector table and secondary vector table are carried out and computing, obtains one group with acl rule priority
For lower target bitmap array.
9. the matching process accessing control list as claimed in claim 6, it is characterised in that in step C, described in described traversal
Bitmap array carries out the coupling of acl rule table, it is thus achieved that the acl rule table of the limit priority of coupling, and according to this acl rule table
Message is processed, including:
Datum plane travels through described bitmap array in order, if finding the bitmap element that value is 1, then obtains this corresponding
Acl rule table, carries out ACL coupling, when hitting some acl rule, stops coupling, performs report according to the acl rule of hit
Literary composition process action.
10. the matching process accessing control list as described in any one of claim 6-9, it is characterised in that in step C, bag
Include:
When traveling through whole bitmap array and all cannot hit acl rule, then obtain the default acl rule being pre-configured with, carry out ACL
Coupling, if the acl rule of the most miss acquiescence, then carries out clearance process to message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610786736.5A CN106131086B (en) | 2016-08-31 | 2016-08-31 | A kind of matching process and device of accesses control list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610786736.5A CN106131086B (en) | 2016-08-31 | 2016-08-31 | A kind of matching process and device of accesses control list |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106131086A true CN106131086A (en) | 2016-11-16 |
| CN106131086B CN106131086B (en) | 2019-10-11 |
Family
ID=57272568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610786736.5A Active CN106131086B (en) | 2016-08-31 | 2016-08-31 | A kind of matching process and device of accesses control list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106131086B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109284234A (en) * | 2018-09-05 | 2019-01-29 | 珠海昇生微电子有限责任公司 | A kind of memory address allocation method and system |
| CN109547502A (en) * | 2019-01-22 | 2019-03-29 | 成都亚信网络安全产业技术研究院有限公司 | Firewall ACL management method and device |
| CN110022281A (en) * | 2018-01-08 | 2019-07-16 | 中国移动通信有限公司研究院 | Test method, equipment and the computer storage medium of accesses control list capacity |
| CN110837647A (en) * | 2018-08-16 | 2020-02-25 | 迈普通信技术股份有限公司 | Method and device for managing access control list |
| CN110855629A (en) * | 2019-10-21 | 2020-02-28 | 新华三信息安全技术有限公司 | Matching method of IP address, generating method of matching table and related device |
| CN111327546A (en) * | 2020-02-25 | 2020-06-23 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
| CN112714040A (en) * | 2020-12-11 | 2021-04-27 | 深圳供电局有限公司 | Holographic message detection method, device, equipment and storage medium |
| CN113904798A (en) * | 2021-08-27 | 2022-01-07 | 长沙星融元数据技术有限公司 | Multi-group filtering method, system, equipment and storage medium for IP message |
| CN113923002A (en) * | 2021-09-29 | 2022-01-11 | 山石网科通信技术股份有限公司 | Computer network intrusion prevention method and device, storage medium and processor |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6377577B1 (en) * | 1998-06-30 | 2002-04-23 | Cisco Technology, Inc. | Access control list processing in hardware |
| CN1964324A (en) * | 2006-11-24 | 2007-05-16 | 中兴通讯股份有限公司 | A method for carrying out automatic selection of packet classification algorithm |
| CN1992674A (en) * | 2005-12-31 | 2007-07-04 | 华为技术有限公司 | Method of multi-dimensional Packet Classification based on muti-bit segmentation |
| US20090257434A1 (en) * | 2006-12-29 | 2009-10-15 | Huawei Technologies Co., Ltd. | Packet access control method, forwarding engine, and communication apparatus |
| CN102487374A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Access control list realization method and apparatus thereof |
| CN103457854A (en) * | 2013-09-16 | 2013-12-18 | 杭州华三通信技术有限公司 | Method and equipment for forwarding message |
| CN105099917A (en) * | 2014-05-08 | 2015-11-25 | 华为技术有限公司 | Service message transmitting method and device |
-
2016
- 2016-08-31 CN CN201610786736.5A patent/CN106131086B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6377577B1 (en) * | 1998-06-30 | 2002-04-23 | Cisco Technology, Inc. | Access control list processing in hardware |
| CN1992674A (en) * | 2005-12-31 | 2007-07-04 | 华为技术有限公司 | Method of multi-dimensional Packet Classification based on muti-bit segmentation |
| CN1964324A (en) * | 2006-11-24 | 2007-05-16 | 中兴通讯股份有限公司 | A method for carrying out automatic selection of packet classification algorithm |
| US20090257434A1 (en) * | 2006-12-29 | 2009-10-15 | Huawei Technologies Co., Ltd. | Packet access control method, forwarding engine, and communication apparatus |
| CN102487374A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Access control list realization method and apparatus thereof |
| CN103457854A (en) * | 2013-09-16 | 2013-12-18 | 杭州华三通信技术有限公司 | Method and equipment for forwarding message |
| CN105099917A (en) * | 2014-05-08 | 2015-11-25 | 华为技术有限公司 | Service message transmitting method and device |
Non-Patent Citations (1)
| Title |
|---|
| 万云凯等: "流量自适应的多维度包分类方法研究", 《计算机学报》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110022281A (en) * | 2018-01-08 | 2019-07-16 | 中国移动通信有限公司研究院 | Test method, equipment and the computer storage medium of accesses control list capacity |
| CN110837647A (en) * | 2018-08-16 | 2020-02-25 | 迈普通信技术股份有限公司 | Method and device for managing access control list |
| CN109284234A (en) * | 2018-09-05 | 2019-01-29 | 珠海昇生微电子有限责任公司 | A kind of memory address allocation method and system |
| CN109284234B (en) * | 2018-09-05 | 2020-12-04 | 珠海昇生微电子有限责任公司 | Storage address allocation method and system |
| CN109547502A (en) * | 2019-01-22 | 2019-03-29 | 成都亚信网络安全产业技术研究院有限公司 | Firewall ACL management method and device |
| CN110855629A (en) * | 2019-10-21 | 2020-02-28 | 新华三信息安全技术有限公司 | Matching method of IP address, generating method of matching table and related device |
| CN111327546A (en) * | 2020-02-25 | 2020-06-23 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
| CN112714040A (en) * | 2020-12-11 | 2021-04-27 | 深圳供电局有限公司 | Holographic message detection method, device, equipment and storage medium |
| CN112714040B (en) * | 2020-12-11 | 2022-10-28 | 深圳供电局有限公司 | Holographic message detection method, device, equipment and storage medium |
| CN113904798A (en) * | 2021-08-27 | 2022-01-07 | 长沙星融元数据技术有限公司 | Multi-group filtering method, system, equipment and storage medium for IP message |
| CN113904798B (en) * | 2021-08-27 | 2024-03-22 | 长沙星融元数据技术有限公司 | Multi-group filtering method, system, equipment and storage medium for IP message |
| CN113923002A (en) * | 2021-09-29 | 2022-01-11 | 山石网科通信技术股份有限公司 | Computer network intrusion prevention method and device, storage medium and processor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106131086B (en) | 2019-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106131086A (en) | A kind of matching process accessing control list and device | |
| WO2020057196A1 (en) | Blockchain smart contract verification method and apparatus, and storage medium | |
| CN110110509A (en) | Right management method and Related product | |
| WO2018103214A1 (en) | Scheme testing method, and server | |
| CN105024919B (en) | A kind of groups of users method for building up and device | |
| CN107092667B (en) | Group's lookup method and device based on social networks | |
| CN103916306A (en) | Method and device for achieving instant communication | |
| CN105335355A (en) | Method, apparatus and system for automatically translating text message in instant communication software | |
| CN105939324A (en) | Message forwarding method and device | |
| CN106549790A (en) | A kind of update method of mapping table and device for tracing to the source | |
| CN110738577A (en) | Community discovery method, device, computer equipment and storage medium | |
| CN106993048A (en) | Determine method and device, information recommendation method and the device of recommendation information | |
| CN105306210A (en) | Method, device and system for realizing authorization through application | |
| CN102624536A (en) | Guest inviting method and system for net meeting | |
| CN107317890B (en) | A kind of data transmission realizing method of intelligent vehicle support grid | |
| CN109657801B (en) | Shunting method and device of recommendation system and readable storage medium | |
| CN107798239A (en) | Operational risk processing method, device, computer equipment and storage medium | |
| CN103812774B (en) | Tactics configuring method, message processing method and related device based on TCAM | |
| CN105233486A (en) | Bodybuilding-assisting information acquiring system and method | |
| CN108632078A (en) | A kind of acquisition methods of configuration | |
| CN106254579A (en) | A kind of dynamic IP agent pool and building and management method | |
| US20170149719A1 (en) | Method for providing social network service with dual accounts of interest and identification | |
| CN102651863A (en) | Realization method of 6LoWPAN (IPv6 over Low power Wireless Personal Area Network) wireless sensor network system | |
| CN105148516A (en) | Online game accelerating method | |
| CN108769138A (en) | A kind of efficient car networking data communications method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |