CN107835175B - Network connection tracking method adopting balanced binary tree algorithm - Google Patents

Network connection tracking method adopting balanced binary tree algorithm Download PDF

Info

Publication number
CN107835175B
CN107835175B CN201711096312.7A CN201711096312A CN107835175B CN 107835175 B CN107835175 B CN 107835175B CN 201711096312 A CN201711096312 A CN 201711096312A CN 107835175 B CN107835175 B CN 107835175B
Authority
CN
China
Prior art keywords
node
binary tree
nodes
tree
subtree
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711096312.7A
Other languages
Chinese (zh)
Other versions
CN107835175A (en
Inventor
肖立昕
程雅峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Cloudsecurity Technology Co ltd
Original Assignee
Shenzhen Cloudsecurity Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Cloudsecurity Technology Co ltd filed Critical Shenzhen Cloudsecurity Technology Co ltd
Priority to CN201711096312.7A priority Critical patent/CN107835175B/en
Publication of CN107835175A publication Critical patent/CN107835175A/en
Application granted granted Critical
Publication of CN107835175B publication Critical patent/CN107835175B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network connection tracking method adopting a balanced binary tree algorithm, which comprises the following steps: obtaining each connected five-tuple Y, said Y comprising: inserting the Y into a balanced binary tree by using a source IP, a target IP, a source port, a target port and a protocol; step S102, searching whether Y exists in the balanced binary tree T, and if Y exists, updating the current root node RXIf said Y is not present. The technical scheme provided by the invention has the advantages of realizing high-speed connection matching under limited memory and tracking network connection by application layer equipment such as a firewall and the like.

Description

Network connection tracking method adopting balanced binary tree algorithm
Technical Field
The invention relates to the field of information security, in particular to a network connection tracking method adopting a balanced binary tree algorithm.
Background
The prior art provides an optimization method for connection tracking under a netfilter frame, and provides an optimization method for connection tracking under the netfilter frame, which comprises the following steps: defining and initializing a current connection tracking number M, a maximum connection tracking number Mmax, a currently applied connection tracking number N and a maximum applied connection tracking number Nmax, wherein Nmax is more than Mmax; when a new application for connection tracking, add 1 to N, judge M > Mmax? If so, creating a new connection trace after aging treatment; if not, then judge N > Nmax? If yes, returning an error, otherwise, creating a new connection track; after the newly applied connection trace is confirmed, M is added with 1 and added into the confirmed connection trace linked list. The embodiment of the invention ensures the number of effective connection tracking; the exception handling is optimized; the responsibility of connection tracking in two stages of alloc initialization and confirm is clarified; the normal internet surfing is ensured, and resources with good speed can be well reserved during downloading.
The prior art further provides a system and a method for identifying network traffic based on dynamic packet sampling, and provides a method and a system for tracking network connection, where the method includes a connection tracking logic, where the connection tracking logic includes a table for processing unconfirmed connections and a table for processing confirmed connections, and the method includes the following steps: judging whether the unconfirmed connection meets the confirmation condition; if the confirmation condition is met, migrating to a table for processing the confirmed connection; and sequentially processing the connections in the list for processing the confirmed connections by the protocol stack. The invention utilizes a two-stage connection tracking table structure to minimize the occupation of limited network resources by invalid connections or meaningless connections, and simultaneously distinguishes data packets in advance so as to track the connection state of the data packets.
The prior art can not realize the high-speed connection matching under the limited memory and the problem that the application layer equipment such as a firewall tracks the network connection.
Disclosure of Invention
The application provides a network connection tracking method adopting a balanced binary tree algorithm. The method solves the problems that the technical scheme in the prior art can not realize high-speed connection matching under a limited memory and application layer equipment such as a firewall tracks network connection.
In one aspect, a network connection tracking method using a balanced binary tree algorithm is provided, the method comprising the following steps:
step S101, obtaining five-tuple Y of each connection, wherein Y comprises: inserting the Y into a balanced binary tree by using a source IP, a target IP, a source port, a target port and a protocol;
step S102, searching whether Y exists in the balanced binary tree T, and if Y exists, updating the current root node RXIf said Y is not present, step 103 and subsequent steps;
step S103, judging whether the number of the nodes in the balanced binary tree T has vacancy or not, if the number of the nodes in the balanced binary tree T has no vacancy, finishing the operation, and if the number of the nodes in the balanced binary tree T has vacancy, judging the RXWhether or not data is present, e.g. RXAbsence of data, inserting data into said RXStep 105 and the subsequent steps are executed; such as RXPresence data, perform step S104;
step S104, the Y and the five-tuple X of the current root nodeXBy comparison, if Y<Xx, entering the left child node Rx-1 of the Rx and then performing the step D, if Y is>Xx, entering a right child node Rx +1 of the Rx, then performing step D, and if Y is equal to Xx, updating data of the current root node Rx;
step S105, determining the balance inversion sequence of the binary tree to be F1 or F2 according to the state;
the right subtree of the current root node is marked as R, and the left subtree of the current root node is marked as L;
f1, if the number of the nodes of the right subtree of R is larger than that of the nodes of L, turning the binary tree T to the left, if the number of the nodes of the left subtree of R is larger than that of the nodes of L, turning R to the right first, updating the node information of R, and then turning the binary tree T to the left;
f2, if the number of the nodes of the left sub-tree of the L is larger than that of the nodes of the R, turning the binary tree T to the right, if the number of the nodes of the right sub-tree of the L is larger than that of the nodes of the R, turning the L to the left first, updating the node information of the L, and then turning the binary tree T to the right;
step S106, turning over the child nodes, specifically comprising:
taking the left sub-tree of the current root node as a root node, turning over the left sub-tree in the step F, and updating the information of the left sub-tree;
taking the right subtree of the current root node as a root node, and turning over the right subtree in the step F to update the information of the right subtree;
step S107, after data processing is carried out in the double linked list, the quintuple of the current data is moved to the head node of the time linked list in the double linked list;
and step S108, deleting the quintuple in the balanced binary tree and deleting the quintuple in the doubly linked list when the connection is finished.
Optionally, the searching whether the Y exists in the balanced binary tree T includes:
a comparison is made between Y and Xx,
if Y < Xx, enter the left child node Rx-1 of the root node Rx and compare,
if Y > Xx, the right child node Rx +1 entering the root node Rx is compared,
if Y ═ Xx, then said Y is present in the binary tree T; and if the node is empty, the Y does not exist in the binary tree T.
Optionally, the balancing whether the number of nodes in the binary tree T is empty includes:
if the current node number N is larger than or equal to the maximum node number M, no binary tree node is left;
if N < M, the nodes of the binary tree have residue.
Optionally, when the connection is ended, deleting the five-tuple in the balanced binary tree and deleting the five-tuple in the doubly linked list, including:
firstly, searching a node A needing to be deleted, and checking whether the node A has a left subtree and a right subtree or not;
if the left and right subtrees do not exist, the node A is directly deleted.
If only the left sub-tree or the right sub-tree exists, deleting the node A and replacing the node A by using the child node of the node A;
if the left subtree and the right subtree exist, deleting the node A, selecting the right child node with a large value to replace the node A according to conditions, and updating the content of the time chain table.
In a second aspect, there is provided a computer program product comprising a non-transitory computer readable storage medium having a computer program stored thereon, the computer program being operable to cause a computer to perform the method of the first aspect.
In a third aspect, a computer-readable storage medium storing a computer program for electronic data exchange, wherein the computer program causes a computer to perform the method of the first aspect.
The technical scheme provided by the invention can complete insertion, matching and deletion at a higher speed by performing connection tracking on the balanced binary tree, and the increase speed of the matching speed of the connection tracking is n times under the condition that the connection number is increased by 2 n-1. After the balanced binary tree is used for connection tracking, because the calculation method is stable and can be estimated, the consumed memory and time can be accurately calculated and controlled without being influenced by the change of flow addresses in the network, and the matching speed is stable and unchanged no matter whether the quintuple is centralized or scattered.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a network connection tracking method using a balanced binary tree algorithm according to a first preferred embodiment of the present invention;
fig. 2 is a block diagram of a network connection tracking system according to a second preferred embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a network connection tracking method using a balanced binary tree algorithm according to a first preferred embodiment of the present invention, where the method is shown in fig. 1 and includes the following steps:
A. and acquiring a five-tuple { source IP, target IP, source port, target port and protocol } of each connection, marking as Y, and inserting the connection Y into the balanced binary tree.
And B, marking the binary tree as T, marking the maximum node number of the binary tree as M, marking the current node number as N, marking the current root node as Rx, and marking the current root node quintuple as Xx.
C, searching whether Y exists in the binary tree T:
the specific way of executing C may be:
y is compared to Xx.
If Y < Xx, enter the left child node Rx-1 of the root node Rx and compare.
If Y > Xx, the right child node Rx +1 of the root node Rx is entered and compared.
If Y is Xx, it is indicated that Y exists in the binary tree T, and only the data of the current root node Rx needs to be updated; and if the node is empty, the fact that Y does not exist in the binary tree T is indicated, and the step D is carried out.
D: and judging whether the number of the nodes in the binary tree T is vacant or not.
The specific way of executing D may be: comparison of N with M is performed.
If N is larger than or equal to M, the nodes of the binary tree are not remained, and no processing is performed.
If N < M, judging whether data exists in current root node Rx, namely whether data can be inserted. If Rx has data, executing step E; and if the Rx does not have data, inserting the data into the Rx, and performing the step F to overturn the binary tree.
E, comparing the quintuple Y with the quintuple Xx.
If Y < Xx, enter the left child node Rx-1 of the root node Rx and then go to step D.
And if Y is larger than Xx, entering the right child node Rx +1 of the root node Rx and then performing the step D.
If Y is equal to Xx, the description data is the same, and only the data of the current root node Rx needs to be updated.
And F, balanced inversion of the binary tree. The order of flipping is determined to be F1 or F2 according to the state.
The right sub-tree of the current root node is denoted as R and the left sub-tree of the current root node is denoted as L.
F1, updating R. And if the number of the nodes of the right subtree of the R is greater than that of the nodes of the L, turning the binary tree T leftwards. And if the number of the nodes of the left subtree of the R is greater than that of the nodes of the L, turning the R to the right, updating the node information of the R, and turning the binary tree T to the left. Otherwise, no processing is carried out;
f2, updating L. And if the number of the nodes of the left subtree of the L is greater than that of the nodes of the R, turning the binary tree T rightwards. And if the node number of the right sub-number of the L is larger than that of the R, turning the L to the left, updating the node information of the L, and turning the binary tree T to the right. Otherwise, no processing is performed.
G: and turning over the child nodes.
And F, taking the left sub-tree of the current root node as the root node, turning the left sub-tree in the step F, and updating the information of the left sub-tree.
And F, taking the right subtree of the current root node as the root node, turning the right subtree in the step F, and updating the information of the right subtree.
And F, the current root node turns the left subtree.
And F, the current root node turns the right subtree.
And H, after data processing is carried out in the double linked list, moving quintuple of the current data to a head node of the time linked list in the double linked list, and ensuring that the current accessed data is always arranged at the beginning of the time linked list.
I: when the connection is finished, deleting the quintuple in the balanced binary tree and deleting the quintuple in the doubly linked list.
Firstly, searching a node A needing to be deleted, and checking whether the node A has a left subtree and a right subtree.
If the left and right subtrees do not exist, the node A is directly deleted.
And if only the left sub-tree or the right sub-tree exists, deleting the node A and replacing the node A by using the child nodes of the node A.
If the left subtree and the right subtree exist, deleting the node A, and selecting the right child node with a large value to replace the node A according to conditions.
The contents of the time linked list are updated at the same time.
The invention has the beneficial effects that:
by performing connection tracing using a balanced binary tree, insertion, matching and deletion can be completed at a higher speed, and the matching speed of the connection tracing is increased by n times under the condition that the number of connections is increased by 2 n-1.
After the balanced binary tree is used for connection tracking, because the calculation method is stable and can be estimated, the consumed memory and time can be accurately calculated and controlled without being influenced by the change of flow addresses in the network, and the matching speed is stable and unchanged no matter whether the quintuple is centralized or scattered.
It should be noted that, for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts or combinations, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The content downloading method, the related device and the system provided by the embodiment of the present invention are described in detail above, and a specific example is applied in the text to explain the principle and the embodiment of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (5)

1. A network connection tracking method using a balanced binary tree algorithm, the method comprising the steps of:
step S101, obtaining five-tuple Y of each connection, wherein Y comprises: inserting the Y into a balanced binary tree by using a source IP, a target IP, a source port, a target port and a protocol;
step S102, searching whether Y exists in the balanced binary tree T, and if Y exists, updating the current root node RXIf said Y is not present, step 103 and subsequent steps;
step S103, judging whether the number of the nodes in the balanced binary tree T has vacancy or not, if the number of the nodes in the balanced binary tree T has no vacancy, finishing the operation, and if the number of the nodes in the balanced binary tree T has vacancy, judging the RXWhether or not data is present, e.g. RXAbsence of data, inserting data into said RXStep 105 and the subsequent steps are executed; such as RXPresence data, perform step S104;
step S104, the Y and the five-tuple X of the current root nodeXBy comparison, if Y<Xx, entering the left child node Rx-1 of the Rx and then performing the step D, if Y is>Xx, entering a right child node Rx +1 of the Rx, then performing step D, and if Y is equal to Xx, updating data of the current root node Rx;
step S105, determining the balance inversion sequence of the binary tree to be F1 or F2 according to the state;
the right subtree of the current root node is marked as R, and the left subtree of the current root node is marked as L;
f1, if the number of the nodes of the right subtree of R is larger than that of the nodes of L, turning the binary tree T to the left, if the number of the nodes of the left subtree of R is larger than that of the nodes of L, turning R to the right first, updating the node information of R, and then turning the binary tree T to the left;
f2, if the number of the nodes of the left sub-tree of the L is larger than that of the nodes of the R, turning the binary tree T to the right, if the number of the nodes of the right sub-tree of the L is larger than that of the nodes of the R, turning the L to the left first, updating the node information of the L, and then turning the binary tree T to the right;
step S106, turning over the child nodes, specifically comprising:
taking the left sub-tree of the current root node as the root node, performing step F1 to turn over the left sub-tree, and updating the information of the left sub-tree;
taking the right subtree of the current root node as a root node, and performing step F2 to turn the right subtree and update the information of the right subtree;
step S107, after data processing is carried out in the double linked list, the quintuple of the current data is moved to the head node of the time linked list in the double linked list;
and step S108, deleting the quintuple in the balanced binary tree and deleting the quintuple in the doubly linked list when the connection is finished.
2. The method of claim 1, wherein the finding whether the Y is present in a balanced binary tree T comprises:
a comparison is made between Y and Xx,
if Y < Xx, enter the left child node Rx-1 of the root node Rx and compare,
if Y > Xx, the right child node Rx +1 entering the root node Rx is compared,
if Y ═ Xx, then said Y is present in the binary tree T; and if the node is empty, the Y does not exist in the binary tree T.
3. The method of claim 1, wherein balancing whether the number of nodes in the binary tree T is free comprises:
if the current node number N is larger than or equal to the maximum node number M, no binary tree node is left;
if N < M, the nodes of the binary tree have residue.
4. The method according to claim 1, wherein deleting the quintuple in the balanced binary tree when the connection is ended and deleting the quintuple in the doubly linked list comprises:
firstly, searching a node A needing to be deleted, and checking whether the node A has a left subtree and a right subtree or not;
if the left and right subtrees do not exist, the node A is directly deleted;
if only a left sub-tree or a right sub-tree exists, deleting the node A and replacing the node A by using the child node of the node A;
if the left subtree and the right subtree exist, deleting the node A, selecting the right child node with a large value to replace the node A according to conditions, and updating the content of the time chain table.
5. A computer-readable storage medium, characterized in that it stores a computer program for electronic data exchange, wherein the computer program causes a computer to perform the method according to any one of claims 1-4.
CN201711096312.7A 2017-11-09 2017-11-09 Network connection tracking method adopting balanced binary tree algorithm Active CN107835175B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711096312.7A CN107835175B (en) 2017-11-09 2017-11-09 Network connection tracking method adopting balanced binary tree algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711096312.7A CN107835175B (en) 2017-11-09 2017-11-09 Network connection tracking method adopting balanced binary tree algorithm

Publications (2)

Publication Number Publication Date
CN107835175A CN107835175A (en) 2018-03-23
CN107835175B true CN107835175B (en) 2020-09-22

Family

ID=61654085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711096312.7A Active CN107835175B (en) 2017-11-09 2017-11-09 Network connection tracking method adopting balanced binary tree algorithm

Country Status (1)

Country Link
CN (1) CN107835175B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109445763B (en) * 2018-10-25 2022-02-01 长沙新弘软件有限公司 Unbalanced binary tree construction method based on binary boundary value calculation
CN109787755B (en) * 2018-12-14 2021-11-12 魏勇 Key generation method, key generation device and electronic equipment
CN113778948A (en) * 2021-09-01 2021-12-10 中国人民银行清算总中心 Message persistent storage method and device

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1493040A (en) * 2001-02-24 2004-04-28 �Ҵ���˾ Global tree network for computing structures
CN1831830A (en) * 2006-04-13 2006-09-13 复旦大学 Topological structure optimization method of clock tree
CN1934561A (en) * 2004-02-12 2007-03-21 城域信息包系统公司 Restoration mechanism for network topologies
CN101068186A (en) * 2007-06-05 2007-11-07 华为技术有限公司 Customer end node network topological structure method and stream media distributing system
CN101188535A (en) * 2007-12-06 2008-05-28 上海大学 Method for identifying the section energy balance route of wireless sensor network based on 2-child tree
CN101436981A (en) * 2007-11-13 2009-05-20 中国电信股份有限公司 Domain name server system of extended IPv4 network
CN101554021A (en) * 2006-08-02 2009-10-07 佛罗里达大学研究基金会股份有限公司 Succinct representation of static packet classifiers
US7865608B1 (en) * 2005-01-21 2011-01-04 Oracle America, Inc. Method and apparatus for fast and scalable matching of structured data streams
CN104253712A (en) * 2013-06-26 2014-12-31 北京思普崚技术有限公司 Method utilizing deep packet detection technology to carry out P2P network identification

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20050091611A (en) * 2004-03-12 2005-09-15 삼성전자주식회사 Method and apparatus for performing fast handover
KR101210273B1 (en) * 2008-12-18 2012-12-10 한국전자통신연구원 Method for composing On-Chip network topology
US9819575B2 (en) * 2015-03-10 2017-11-14 Dell Products Lp Path selection based on error analysis
US9893979B2 (en) * 2015-05-23 2018-02-13 Cisco Technology, Inc. Network topology discovery by resolving loops

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1493040A (en) * 2001-02-24 2004-04-28 �Ҵ���˾ Global tree network for computing structures
CN1934561A (en) * 2004-02-12 2007-03-21 城域信息包系统公司 Restoration mechanism for network topologies
US7865608B1 (en) * 2005-01-21 2011-01-04 Oracle America, Inc. Method and apparatus for fast and scalable matching of structured data streams
CN1831830A (en) * 2006-04-13 2006-09-13 复旦大学 Topological structure optimization method of clock tree
CN101554021A (en) * 2006-08-02 2009-10-07 佛罗里达大学研究基金会股份有限公司 Succinct representation of static packet classifiers
CN101068186A (en) * 2007-06-05 2007-11-07 华为技术有限公司 Customer end node network topological structure method and stream media distributing system
CN101436981A (en) * 2007-11-13 2009-05-20 中国电信股份有限公司 Domain name server system of extended IPv4 network
CN101188535A (en) * 2007-12-06 2008-05-28 上海大学 Method for identifying the section energy balance route of wireless sensor network based on 2-child tree
CN104253712A (en) * 2013-06-26 2014-12-31 北京思普崚技术有限公司 Method utilizing deep packet detection technology to carry out P2P network identification

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
《A Novel Key Management Scheme Supporting Network Dynamic Update in Wireless Sensor Network》;Sai Ji, Liping Huang ,Jin Wang;《International Journal of Grid and Distributed Computing》;20130215;全文 *
《Kowari: A Platform for Semantic Web Storage and Analysis》;David Wood,Paul Gearon,Tom Adams;《XTech 2005 Conference》;20050314;全文 *
《ε实数比较方法对平衡二叉树节点归并算法的影响》;高洪涛,林峰,颜永年;《清华大学学报(自然科学版) 》;20060703;全文 *
《一种基于二叉树结构的入侵检测研究》;纪祥敏,纪祥敏,戴英侠,连一峰,刘青普戴英侠,连一峰,刘青普;《计算机应用研究》;20050810;全文 *
《二叉树顺序存储结构探讨》;沈华;《电脑编程技巧与维护》;20141030;全文 *
《几种BC网络上完全二叉树的嵌入研究》;刘钊;《中国博士学位论文全文数据库》;20161103;全文 *
《基于P2P网络的分布式存储关键技术研究》;彭邓华;《湖南理工学院》;20170604;全文 *

Also Published As

Publication number Publication date
CN107835175A (en) 2018-03-23

Similar Documents

Publication Publication Date Title
US10021026B2 (en) Incremental update of a shape graph
CN109688057B (en) Message forwarding method and device of segment routing network based on IPV6
CN109617927B (en) Method and device for matching security policy
CN107835175B (en) Network connection tracking method adopting balanced binary tree algorithm
US10148571B2 (en) Jump on a match optimization for longest prefix match using a binary search tree
US11012358B2 (en) Forwarding table management
CN110083746B (en) Quick matching identification method and device based on character strings
EP3145134A1 (en) Lookup device, lookup configuration method and lookup method
CN110557335B (en) Ternary Content Addressable Memory (TCAM) table item processing method and device
CN108259218A (en) A kind of IP address distribution method and device
WO2014047863A1 (en) Generating a shape graph for a routing table
CN106487769B (en) Method and device for realizing Access Control List (ACL)
RU2454008C2 (en) Fitness based routing
US10289384B2 (en) Methods, systems, and computer readable media for processing data containing type-length-value (TLV) elements
EP3384642B1 (en) Forwarding table compression
CN113037681A (en) ACL rule management method, device, computer equipment and computer readable medium
US8730961B1 (en) System and method for optimizing router lookup
US20160337232A1 (en) Flow-indexing for datapath packet processing
CN107870925B (en) Character string filtering method and related device
CN111641555B (en) Route convergence method and device
WO2022002123A1 (en) Verification method and apparatus for network configuration
CN113596098A (en) Session retrieval method, device, equipment and computer-readable storage medium
CN107948091B (en) Method and device for classifying network packets
CN109522326B (en) Data distribution method, device, equipment and storage medium
CN112579006A (en) Data storage life cycle management method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: Unit 308, unit a and B, MinLong Pavilion, New District Avenue, Mintai community, Minzhi street, Longhua District, Shenzhen City, Guangdong Province

Patentee after: SHENZHEN CLOUDSECURITY TECHNOLOGY Co.,Ltd.

Address before: 518000 Guangdong city of Shenzhen province Futian District North Road Home sculpture 27-33B

Patentee before: SHENZHEN CLOUDSECURITY TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder
CP02 Change in the address of a patent holder

Address after: A708, Huibaojiang Building, No. 398, Minzhi Avenue, Minzhi Community, Longhua District, Shenzhen, Guangdong 518000

Patentee after: SHENZHEN CLOUDSECURITY TECHNOLOGY CO.,LTD.

Address before: 518000 Unit 308, Minlongge A and B, New Area Avenue, Mintai Community, Minzhi Street, Longhua District, Shenzhen City, Guangdong Province

Patentee before: SHENZHEN CLOUDSECURITY TECHNOLOGY CO.,LTD.