CN106936719A - A kind of IP messages strategy matching method - Google Patents
A kind of IP messages strategy matching method Download PDFInfo
- Publication number
- CN106936719A CN106936719A CN201710348137.XA CN201710348137A CN106936719A CN 106936719 A CN106936719 A CN 106936719A CN 201710348137 A CN201710348137 A CN 201710348137A CN 106936719 A CN106936719 A CN 106936719A
- Authority
- CN
- China
- Prior art keywords
- strategy
- messages
- parameters
- matched
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
Abstract
The present invention discloses a kind of IP messages strategy matching method, it is related to network data processing field, host computer sets the parameters of IP message strategies, and distributing policy is to slave computer memory module, the storage address for obtaining strategy by the transformation calculations of parameters is stored, and parameters are parsed when IP messages are reached, and policy store address to be matched is obtained according to identical transformation calculations, it is compared with the strategy in slave computer memory module and is matched, obtains IP message strategies.
Description
Technical field
The present invention discloses a kind of IP messages strategy matching method, is related to network data processing field.
Background technology
In network exchange or routing device, one or more Policy Table is often maintain, to Match IP message strategy,
The IP messages of access arrangement are forwarded, are abandoned, a series for the treatment of such as encryption and decryption.Because contents in table may be thousands of tens of thousands of
Even more many, message strategy matching speed is with efficiency just into the key point of influence network service speed.When need set certain
When a certain parameter meets the matching strategy of all messages of ad hoc rules under the conditions of individual, generally require to add many rules, ability
All may cover, therefore tactful bar number can increase in Policy Table, and matching efficiency can equally decrease.The present invention is disclosed
A kind of IP messages strategy matching method, host computer distributing policy to policy store module, by the transformation calculations of certain way
Go out every specific storage address of strategy, the policy store address of matching can be quickly found out by same procedure when message is reached,
Efficiently complete strategy matching.Tactful each parameter can be set to " all " simultaneously, the bit value whole zero setting of correspondence parameter, Ran Houzai
Carry out Transformation Matching so that all legal IP messages can be rapidly completed matching, can rule of simplification setting procedure, it is complete
Rule setting function, while rate matched is ensured, saves storage resource.
IP message structures IP agreement is network layer protocol, and the data structure of Internet is commonly referred to as IP messages.
The content of the invention
The present invention provides a kind of IP messages strategy matching method, with highly versatile, be easy to implement the features such as, with wide
Application prospect.
Concrete scheme proposed by the present invention is:
A kind of IP messages strategy matching method:
Host computer sets the parameters of IP message strategies, and distributing policy is to slave computer memory module, by parameters
The storage address that transformation calculations obtain strategy is stored, and parameters are parsed when IP messages are reached, and is counted according to identical conversion
Calculation obtains policy store address to be matched, is compared with the strategy in slave computer memory module and matched, and obtains IP message plans
Slightly.
If the parameters of the parsing IP messages, obtain in policy store address to be matched according to identical transformation calculations
It is sky to hold, then IP messages are processed according to default processing method, address contents reading is otherwise stored the policies into, with slave computer
Strategy in memory module is compared matching, obtains IP message strategies.
The parameters of the IP messages strategy are set to meet the particular value of network message general rule or by items
Parameter is respectively set to be owned, and represents that corresponding strategy is all suitable for all network messages for meeting parameter current.
The parameter that host computer sets IP message strategies is all, and by parameter whole bit value zero setting, distributing policy is arrived down
Position machine memory module, the new storage address of strategy is obtained by the transformation calculations of parameter, and IP messages parse parameters when reaching,
Policy store address to be matched is obtained according to identical transformation calculations, is compared with the new storage address of strategy in memory module
Matching, obtains IP message strategies.
If IP messages do not have to the policy store address to be matched reached with the new storage address of strategy in memory module
There is matching, then checked whether that parameter setting is all, if in the presence of, by the corresponding parameter whole bit value zero setting of IP messages,
Matched again.
The parameters of the IP messages strategy include:Source IP address, source subnet mask, purpose IP address, purpose subnet
Mask, protocol type, source port number, destination slogan.
Usefulness of the present invention is:
The present invention provides a kind of IP messages strategy matching method, and host computer sets the parameters of IP message strategies, and issues plan
Slave computer memory module is slightly arrived, the storage address for obtaining strategy by the transformation calculations of parameters is stored, when IP messages
Parameters are parsed during arrival, policy store address to be matched is obtained according to identical transformation calculations, with slave computer memory module
In strategy be compared matching, obtain IP message strategies;
Compared with prior art, the present invention can obtain every specific storage address of strategy by transformation calculations mode, work as message
The policy store address of matching can be quickly found out during arrival by same procedure, strategy matching is efficiently completed.While can be tactful each
Parameter is set to " all ", the bit value whole zero setting of correspondence parameter, Transformation Matching is then carried out again so that all legal
IP messages can be rapidly completed matching, can rule of simplification setting procedure, complete rule setting function, in the same of guarantee rate matched
When, save storage resource.
Brief description of the drawings
Fig. 1 is the inventive method schematic flow sheet;
Fig. 2 is that parameter is set to all rear the inventive method schematic flow sheets.
Specific embodiment
A kind of IP messages strategy matching method of present invention offer, the parameters of host computer setting IP message strategies, and under
Hair strategy obtains tactful storage address and is stored to slave computer memory module, by the transformation calculations of parameters, works as IP
Message parses parameters when reaching, and policy store address to be matched is obtained according to identical transformation calculations, is stored with slave computer
Strategy in module is compared matching, obtains IP message strategies.
With reference to accompanying drawing, specific explanations explanation is carried out to the present invention.And specific embodiment described herein is only used to solve
The present invention is released, is not intended to limit the present invention.
With reference to Fig. 1, the technology specifically comprises the steps of:
(1)Every parameters of IP message strategies are set by upper computer software, slave computer strategy is issued to after being provided with
Memory module is stored, and storage address is made ad hoc fashion conversion and obtained by each parameter;
(2)When network IP messages are reached, outgoing packet parameters are parsed, obtain possible by identical particular transform mode
Policy store address;
(3)If this address content is sky, illustrate without corresponding strategy, IP messages are processed according to default processing method;It is no
Then, this address content is read, is compared and matches with parameter and strategy in policy store module, obtain IP message strategies;
Above-mentioned particular transform mode can be realized using hash conversion;
The parameters of above-mentioned IP messages, can also be by parameter in addition to it may be configured as meeting the particular value of network message general rule
" all " are respectively set to, represent that this strategy is all suitable for all network messages for meeting parameter current;Such as can be by source port
" 21 " are set to, be may be alternatively provided as " all ", represented from " 1 " to any value " 65535 ";
As shown in Fig. 2 when a certain parameter is set to " all ", by parameter whole bit value zero setting, such as by source port 16
Data whole zero setting(16’b0), then carry out step(1)Particular transform, obtain new policy store address;
When IP messages are reached, first by the step(2)And(3)Particular transform is carried out to each parameter to obtain storage address and open
Beginning is matched, if not matching, parameter setting has been checked whether for " all ", if in the presence of the ginseng for being set as " all "
Number, then by the corresponding parameter whole bit value zero setting of IP messages, then by the step(2)And(3)Matched, completed current IP
The matching process of message.
The parameters of above-mentioned IP messages strategy can include:Source IP address, source subnet mask, purpose IP address, purpose
Subnet mask, protocol type, source port number, destination slogan etc..
Can rule of simplification setting procedure, complete rule setting function, in the same of guarantee rate matched using the inventive method
When, save storage resource.
Claims (6)
1. a kind of IP messages strategy matching method, it is characterized in that
Host computer sets the parameters of IP message strategies, and distributing policy is to slave computer memory module, by parameters
The storage address that transformation calculations obtain strategy is stored, and parameters are parsed when IP messages are reached, and is counted according to identical conversion
Calculation obtains policy store address to be matched, is compared with the strategy in slave computer memory module and matched, and obtains IP message plans
Slightly.
2. method according to claim 1, if it is characterized in that the parameters of the parsing IP messages, according to identical conversion
It is sky to be calculated policy store address contents to be matched, then IP messages are processed according to default processing method, otherwise
Address contents reading is stored the policies into, is compared with the strategy in slave computer memory module and matched, obtain IP message strategies.
3. method according to claim 1 and 2, it is characterized in that the parameters of the IP messages strategy are set to meet net
The particular value of network message general rule or be respectively set to parameters owns, and represents that corresponding strategy meets current to all
The network message of parameter is all suitable for.
4. method according to claim 3, it is characterized in that the parameter that host computer sets IP message strategies is all, this is joined
Number whole bit value zero setting, distributing policy to slave computer memory module obtains the new storage of strategy by the transformation calculations of parameter
Address, IP messages parse parameters when reaching, and policy store address to be matched are obtained according to identical transformation calculations, with storage
The new storage address of strategy in module is compared matching, obtains IP message strategies.
5. method according to claim 4, if it is characterized in that IP messages are to the policy store address to be matched reached
Do not matched with the new storage address of the strategy in memory module, then checked whether that parameter setting is all, if in the presence of by IP
The corresponding parameter whole bit value zero setting of message, then matched.
6. the method according to claim 1,2,4 or 5 any one, it is characterized in that the parameters bag of the IP messages strategy
Include:Source IP address, source subnet mask, purpose IP address, purpose subnet mask, protocol type, source port number, destination slogan.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710348137.XA CN106936719A (en) | 2017-05-17 | 2017-05-17 | A kind of IP messages strategy matching method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710348137.XA CN106936719A (en) | 2017-05-17 | 2017-05-17 | A kind of IP messages strategy matching method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106936719A true CN106936719A (en) | 2017-07-07 |
Family
ID=59430195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710348137.XA Pending CN106936719A (en) | 2017-05-17 | 2017-05-17 | A kind of IP messages strategy matching method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106936719A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707485A (en) * | 2017-10-23 | 2018-02-16 | 济南浪潮高新科技投资发展有限公司 | A kind of range type IP message strategy matching circuits and method |
| CN108449445A (en) * | 2018-04-13 | 2018-08-24 | 济南浪潮高新科技投资发展有限公司 | A kind of range type message match circuit and method |
| CN108650181A (en) * | 2018-04-20 | 2018-10-12 | 济南浪潮高新科技投资发展有限公司 | A kind of IP packet strategy matching circuit and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111331A (en) * | 2010-12-17 | 2011-06-29 | 曙光信息产业(北京)有限公司 | Matching method based on hash table and adopting mask five-element rule |
| US20140090014A1 (en) * | 2005-11-22 | 2014-03-27 | Fortinet, Inc. | Policy-based content filtering |
| CN104184842A (en) * | 2013-05-24 | 2014-12-03 | 中兴通讯股份有限公司 | Message forwarding method and device |
| CN104579970A (en) * | 2013-10-29 | 2015-04-29 | 国家计算机网络与信息安全管理中心 | Strategy matching method and device of IPv6 message |
-
2017
- 2017-05-17 CN CN201710348137.XA patent/CN106936719A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140090014A1 (en) * | 2005-11-22 | 2014-03-27 | Fortinet, Inc. | Policy-based content filtering |
| CN102111331A (en) * | 2010-12-17 | 2011-06-29 | 曙光信息产业(北京)有限公司 | Matching method based on hash table and adopting mask five-element rule |
| CN104184842A (en) * | 2013-05-24 | 2014-12-03 | 中兴通讯股份有限公司 | Message forwarding method and device |
| CN104579970A (en) * | 2013-10-29 | 2015-04-29 | 国家计算机网络与信息安全管理中心 | Strategy matching method and device of IPv6 message |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107707485A (en) * | 2017-10-23 | 2018-02-16 | 济南浪潮高新科技投资发展有限公司 | A kind of range type IP message strategy matching circuits and method |
| CN108449445A (en) * | 2018-04-13 | 2018-08-24 | 济南浪潮高新科技投资发展有限公司 | A kind of range type message match circuit and method |
| CN108650181A (en) * | 2018-04-20 | 2018-10-12 | 济南浪潮高新科技投资发展有限公司 | A kind of IP packet strategy matching circuit and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7782859B2 (en) | Enhanced packet classification | |
| CN103905315B (en) | Transmit the method, apparatus and system of virtualization and the distribution of routing iinformation used in network | |
| US7990893B1 (en) | Fast prefix-based network route filtering | |
| Bando et al. | FlashTrie: beyond 100-Gb/s IP route lookup using hash-based prefix-compressed trie | |
| CN106657637A (en) | Handheld device capable of providing data tethering services while maintaining suite of handheld service functions | |
| CN106936719A (en) | A kind of IP messages strategy matching method | |
| CN109639579B (en) | Multicast message processing method and device, storage medium and processor | |
| CN104486228B (en) | The method and routing update device of a kind of routing update | |
| EP2768200B1 (en) | Receiving data packets | |
| CN102857491A (en) | Management schemes for filter sets | |
| JP6395867B2 (en) | OpenFlow communication method and system, control unit, and service gateway | |
| CN104270475A (en) | System and method for achieving intercommunication between IPv4 network and IPv6 network based on NAT64 | |
| CN108011824A (en) | A kind of message processing method and the network equipment | |
| US10673748B2 (en) | Method and system for accessing cloud services | |
| CN104734955A (en) | Network function virtualization implementation method, wide-band network gateway and control device | |
| CN110061921B (en) | Cloud platform data packet distribution method and system | |
| WO2017036291A1 (en) | Access control list implementation method, device and storage medium | |
| US20150256459A1 (en) | Packet processing method and apparatus | |
| CN107360089A (en) | A kind of method for routing foundation, business datum conversion method and device | |
| CN101977189A (en) | Trusted authentication and safe access control method of MPLS network | |
| US20140082216A1 (en) | Performing offline bgp prefix origin and path validation at route reflectors | |
| CN109309570A (en) | Quantum key method used in SSL VPN and relevant device and storage medium | |
| CN108270671A (en) | Service is performed to grouping | |
| CN105357332B (en) | A kind of method for network address translation and device | |
| US20130077530A1 (en) | Scaling IPv6 on Multiple Devices Virtual Switching System with Port or Device Level Aggregation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170707 |