CN111444218A - Matching method and device of combination rules - Google Patents
Matching method and device of combination rules Download PDFInfo
- Publication number
- CN111444218A CN111444218A CN202010237013.6A CN202010237013A CN111444218A CN 111444218 A CN111444218 A CN 111444218A CN 202010237013 A CN202010237013 A CN 202010237013A CN 111444218 A CN111444218 A CN 111444218A
- Authority
- CN
- China
- Prior art keywords
- rule
- group
- combination
- rules
- quintuple
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a matching method and a matching device of a combination rule, which are applied to network equipment, wherein the method comprises the following steps: respectively matching the received message with a first group rule and a first subgroup rule in the flexible quintuple rule and a second subgroup rule in the mask quintuple rule; if the message is determined to be matched with at least one rule in the first rule group and at least one rule in the second rule group at the same time, determining at least one candidate combination rule according to the matched at least one rule in the first rule group and at least one rule in the second rule group; and determining the combination rule matched with the message from the candidate combination rules repeated by the at least one candidate combination rule and a preset combination rule table. By applying the embodiment of the application, the omission of the candidate combination rules can be avoided, and the combination rule on message matching can be ensured to be optimal.
Description
Technical Field
The application relates to the technical field of network communication, in particular to a matching method and a matching device for a combination rule.
Background
With the rapid development of network technology, more and more users and more messages need to be processed by network devices. The network device may set a certain rule and a corresponding action, and process the packet matching the rule according to the corresponding action. At present, the common rule matching method includes a flexible quintuple rule matching method and a mask quintuple rule matching method, wherein the flexible quintuple rule matching method can set any several elements in quintuple information as concerned or not, calculate a hash value of a concerned field as a storage address of the concerned field, and store the concerned field in the storage address, and has the advantages that as long as the memory is enough, under the condition of not considering performance, at most 31 rules can be matched for a message (except the condition of no five-element carelessness), and the method has the defects that once any element is configured as concerned, for example, a source Internet Protocol (IP) address, the whole field of the source IP address needs to be taken for matching, and partial fields of the source IP address cannot be matched; the mask five-tuple rule matching method has no such limitation, the mask field is the same as the five-tuple field in length and can be masked according to any bit, the method is realized based on a Ternary Content Addressable Memory (TCAM), whether the method is concerned or not can be configured based on the bit, and the defect is that only the result with the highest priority in all matching results can be returned for one message.
Based on the defects of the two matching methods, the matching method of the combination rule appears, the matching method can support multiple types of simultaneous searching matching like a flexible quintuple rule matching method, and can also support any field configuration to be concerned or not to be concerned like a mask rule matching method, and the specific implementation process is as follows: adding special marks to the rules which can form the combination rules in the flexible quintuple rule and the mask quintuple rule, if the received message is matched with the rules which are added with the special marks in the flexible quintuple rule and the mask rule at the same time, considering that the message is matched with the combination rules, and processing the message according to the action corresponding to the combination rules.
In the matching method of the combination rules, it is assumed that the packet matches a plurality of rules in the flexible quintuple rules or the mask quintuple rules respectively, only the rule with the highest priority is selected, and then the two rules with the highest priority are combined to be used as the combination rule matched with the packet.
Disclosure of Invention
In view of this, the present application provides a matching method and apparatus for a combination rule, so as to solve the problem that a packet cannot be matched with the combination rule, or the matched combination rule is not optimal.
Specifically, the method is realized through the following technical scheme:
a matching method of combination rules is applied to network equipment, and the method comprises the following steps:
respectively matching a received message with a first group rule and a first subgroup rule in a flexible quintuple rule and a second subgroup rule in a mask quintuple rule, wherein the first group rule is a rule which is not repeated with the mask quintuple rule in the flexible quintuple rule, the first subgroup rule is a rule which is repeated with the mask quintuple rule in the flexible quintuple rule, the second subgroup rule is a rule which is not repeated with the flexible quintuple rule in the mask quintuple rule, and the first subgroup rule and the second subgroup rule form a second group rule;
if the message is determined to be matched with at least one rule in the first rule group and at least one rule in the second rule group at the same time, determining at least one candidate combination rule according to the matched at least one rule in the first rule group and at least one rule in the second rule group;
and determining the combination rule matched with the message from the candidate combination rules repeated by the at least one candidate combination rule and a preset combination rule table.
A matching device for combination rules, applied in a network device, the device comprising:
a matching module, configured to match a received packet with a first group rule and a first subgroup rule in a flexible quintuple rule, and a second subgroup rule in a mask quintuple rule, respectively, where the first group rule is a rule in the flexible quintuple rule that is not repeated with the mask quintuple rule, the first subgroup rule is a rule in the flexible quintuple rule that is repeated with the mask quintuple rule, the second subgroup rule is a rule in the mask quintuple rule that is not repeated with the flexible quintuple rule, and the first subgroup rule and the second subgroup rule form a second group rule;
a first determining module, configured to determine at least one candidate combination rule according to at least one rule in the first rule group and at least one rule in the second rule group that are matched if it is determined that the packet matches at least one rule in the first rule group and at least one rule in the second rule group at the same time;
and the second determining module is used for determining the combination rule matched with the message from the candidate combination rule repeated by the at least one candidate combination rule and a preset combination rule table.
An electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the above method steps when executing the program stored in the memory.
A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the above-mentioned method steps.
It can be seen from the above technical solutions that, a rule in the flexible quintuple rule that is not repeated with the mask quintuple rule is used as a first group rule, a rule in the flexible quintuple rule that is repeated with the mask quintuple rule is used as a first subgroup rule, a rule in the mask quintuple rule that is not repeated with the flexible quintuple rule is used as a second subgroup rule, the first subgroup rule and the second subgroup rule form a second group rule, that is, the flexible quintuple rule includes both the first group rule and a part of rules in the second group rule, the received packet can be respectively matched with the first group rule and the first subgroup rule in the flexible quintuple rule and the second subgroup rule in the mask quintuple rule, and at least one candidate combination rule is determined according to at least one rule in the matched first rule group and at least one rule in the second rule group, and then determining the combination rule matched with the message from the candidate combination rules repeated by at least one candidate combination rule and the preset combination rule table, thereby completely determining all possible candidate combination rules, avoiding missing the candidate combination rules and further ensuring that the combination rule matched with the message is optimal.
Drawings
FIG. 1 is a flow chart of a method for matching a composition rule shown in the present application;
FIG. 2 is a schematic structural diagram of a matching device for a combination rule shown in the present application;
fig. 3 is a schematic structural diagram of an electronic device shown in the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In order to solve the above problem, embodiments of the present invention provide a matching method for a combination rule, so as to avoid missing a candidate combination rule, and further ensure that the combination rule on packet matching is optimal. Referring to fig. 1, fig. 1 is a flowchart of a matching method for a combination rule, which is applied to a network device.
S11: and respectively matching the received message with a first group rule and a first subgroup rule in the flexible quintuple rule and a second subgroup rule in the mask quintuple rule.
The first group of rules are rules which are not repeated with the mask quintuple rules in the flexible quintuple rules, the first subgroup of rules are rules which are repeated with the mask quintuple rules in the flexible quintuple rules, the second subgroup of rules are rules which are not repeated with the flexible quintuple rules in the mask quintuple rules, and the first subgroup of rules and the second subgroup of rules form the second group of rules.
The network device will not continuously receive the messages from the terminal or other network devices, and for each received message, the quintuple information of the message can be respectively matched with the first group rule and the first subgroup rule in the flexible quintuple rule and the second subgroup rule in the mask quintuple rule.
The quintuple information of the packet includes a source Internet Protocol (IP) address, a destination IP address, a source port, a destination port, and a Protocol.
S12: if the message is determined to be matched with at least one rule in the first rule group and at least one rule in the second rule group at the same time, determining at least one candidate combination rule according to the matched at least one rule in the first rule group and at least one rule in the second rule group.
Two rules in the candidate combination rule must be one from the first set of rules and the other from the second set of rules, so that the candidate combination rule can be further determined when the message is required to match at least one rule in the first set of rules and at least one rule in the second set of rules.
S13: and determining the combination rule matched with the message from the candidate combination rules repeated by the at least one candidate combination rule and the preset combination rule table.
A preset combination rule table may be preset, the defined combination rules are stored in the preset combination rule table, and then the combination rule on message matching is determined from at least one candidate combination rule and the repeated candidate rule combination of the preset combination rule table.
It can be seen from the above technical solutions that, a rule in the flexible quintuple rule that is not repeated with the mask quintuple rule is used as a first group rule, a rule in the flexible quintuple rule that is repeated with the mask quintuple rule is used as a first subgroup rule, a rule in the mask quintuple rule that is not repeated with the flexible quintuple rule is used as a second subgroup rule, the first subgroup rule and the second subgroup rule form a second group rule, that is, the flexible quintuple rule includes both the first group rule and a part of rules in the second group rule, the received packet can be respectively matched with the first group rule and the first subgroup rule in the flexible quintuple rule and the second subgroup rule in the mask quintuple rule, and at least one candidate combination rule is determined according to at least one rule in the matched first rule group and at least one rule in the second rule group, and then determining the combination rule matched with the message from the candidate combination rules repeated by at least one candidate combination rule and the preset combination rule table, thereby completely determining all possible candidate combination rules, avoiding missing the candidate combination rules and further ensuring that the combination rule matched with the message is optimal.
In a specific embodiment, the determining at least one candidate combination rule according to at least one rule in the first rule group and at least one rule in the second rule group in the matching at S12 specifically includes:
respectively selecting at least one rule in the matched first group of rules, wherein the rule is not more than a first set number of rules with the priority in the order from high to low, and at least one rule in the second group of rules, wherein the rule is not more than a second set number of rules with the priority in the order from high to low;
and determining all selected combinations of the rules with the number not more than the first set number and the rules with the number not more than the second set number to obtain at least one candidate combination rule.
The first set number and the second set number may be set according to actual needs, and the following description will be given by taking the first set number as 2 and the second set number as 3 as an example, and assuming that the rules of not more than the first set number are a0 and a1 and the rules of not more than the second set number are b0, b1 and b2, the maximum number of all combinations of these rules is 6, that is, the maximum number of candidate combination rules is 6. The maximum number of first and second sub-groups of rules in the second set of rules that match may be further refined, e.g. the maximum number of rules that match the first sub-group of rules may be set to 2 and the maximum number of rules that match the second sub-group of rules to 1.
The above is a way to select at least one rule in the first set of rules with no more than a first set number of rules in the order of priority from high to low and at least one rule in the second set of rules with no more than a second set number of rules in the order of priority from high to low. There are, of course, many other ways to select rules not more than the first set number and rules not more than the second set number, for example, the first set of rules may be sequentially traversed, and when the number of matched rules reaches the first set number, the traversal may be stopped; and, the second set of rules may be traversed sequentially, the traversal may be stopped when the number of matched rules reaches a second set number, and then the candidate combination rules may be further determined according to the rules of the first set number and the rules of the second set number.
A specific implementation manner, in the S13, the determining the combination rule in the packet matching from the candidate combination rules repeated by the at least one candidate combination rule and the preset combination rule table specifically includes:
searching at least one candidate combination rule in a preset combination rule table;
and determining the searched candidate combination rule with the highest priority as the combination rule matched with the message.
A priority may be set for each combination rule in the preset combination rule table, and then when at least one candidate combination rule is searched in the preset combination rule table, the candidate combination rule with the highest priority may be determined as the combination rule on the packet matching.
In a specific embodiment, the searching for at least one candidate combination rule in the preset combination rule table specifically includes:
combining the identifiers of the first group of rules and the identifiers of the second group of rules included by each candidate combination rule in at least one candidate combination rule to obtain the combination rule identifiers corresponding to the candidate combination rules;
and searching the combination rule identification of at least one candidate combination rule in a preset combination rule table.
In order to facilitate searching the candidate combination rule in the preset combination rule table, a combination rule identifier may be set for each combination rule in the preset combination rule table in advance, an identifier may be set for each rule in the first group of rules, and an identifier may be set for each rule in the second group of rules, then the identifiers of the first group of rules and the identifiers of the second group of rules included in the candidate combination rule may be used as the combination rule identifiers of the candidate combination rule, and then the candidate combination rule may be searched in the preset combination rule table according to the combination rule identifiers of the candidate combination rule. The related identification can be set according to actual needs.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a matching apparatus for combining rules, applied to a network device, the apparatus including:
a matching module 21, configured to match the received packet with a first group rule and a first subgroup rule in the flexible quintuple rule, and a second subgroup rule in the mask quintuple rule, respectively, where the first group rule is a rule that is not repeated with the mask quintuple rule in the flexible quintuple rule, the first subgroup rule is a rule that is repeated with the mask quintuple rule in the flexible quintuple rule, the second subgroup rule is a rule that is not repeated with the flexible quintuple rule in the mask quintuple rule, and the first subgroup rule and the second subgroup rule form a second group rule;
a first determining module 22, configured to determine, if it is determined that the packet matches at least one rule in the first set of rules and at least one rule in the second set of rules at the same time, at least one candidate combination rule according to the at least one rule in the matched first set of rules and the at least one rule in the second set of rules;
the second determining module 23 is configured to determine a combination rule on packet matching from candidate combination rules repeated by at least one candidate combination rule and the preset combination rule table.
It can be seen from the above technical solutions that, a rule in the flexible quintuple rule that is not repeated with the mask quintuple rule is used as a first group rule, a rule in the flexible quintuple rule that is repeated with the mask quintuple rule is used as a first subgroup rule, a rule in the mask quintuple rule that is not repeated with the flexible quintuple rule is used as a second subgroup rule, the first subgroup rule and the second subgroup rule form a second group rule, that is, the flexible quintuple rule includes both the first group rule and a part of rules in the second group rule, the received packet can be respectively matched with the first group rule and the first subgroup rule in the flexible quintuple rule and the second subgroup rule in the mask quintuple rule, and at least one candidate combination rule is determined according to at least one rule in the matched first rule group and at least one rule in the second rule group, and then determining the combination rule matched with the message from the candidate combination rules repeated by at least one candidate combination rule and the preset combination rule table, thereby completely determining all possible candidate combination rules, avoiding missing the candidate combination rules and further ensuring that the combination rule matched with the message is optimal.
In an optional implementation manner, the first determining module 22 is configured to determine at least one candidate combination rule according to at least one rule in the first rule group and at least one rule in the second rule group in matching, and specifically is configured to:
respectively selecting at least one rule in the matched first group of rules, wherein the rule is not more than a first set number of rules with the priority in the order from high to low, and at least one rule in the second group of rules, wherein the rule is not more than a second set number of rules with the priority in the order from high to low;
and determining all selected combinations of the rules with the number not more than the first set number and the rules with the number not more than the second set number to obtain at least one candidate combination rule.
In an optional implementation manner, the second determining module 23 is configured to determine a combining rule on packet matching from candidate combining rules repeated by at least one candidate combining rule and a preset combining rule table, and specifically is configured to:
searching at least one candidate combination rule in a preset combination rule table;
and determining the searched candidate combination rule with the highest priority as the combination rule matched with the message.
In an optional implementation manner, the second determining module 23 is configured to look up at least one candidate combination rule in a preset combination rule table, and specifically configured to:
combining the identifiers of the first group of rules and the identifiers of the second group of rules included by each candidate combination rule in at least one candidate combination rule to obtain the combination rule identifiers corresponding to the candidate combination rules;
and searching the combination rule identification of at least one candidate combination rule in a preset combination rule table.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the application. One of ordinary skill in the art can understand and implement it without inventive effort.
An electronic device is further provided in the embodiment of the present application, please refer to fig. 3, which includes a processor 310, a communication interface 320, a memory 330, and a communication bus 340, wherein the processor 310, the communication interface 320, and the memory 330 complete communication with each other through the communication bus 340.
A memory 330 for storing a computer program;
the processor 310 is configured to implement the matching method of the combination rule according to any one of the above embodiments when executing the program stored in the memory 330.
The communication interface 320 is used for communication between the above-described electronic device and other devices.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
It can be seen from the above technical solutions that, a rule in the flexible quintuple rule that is not repeated with the mask quintuple rule is used as a first group rule, a rule in the flexible quintuple rule that is repeated with the mask quintuple rule is used as a first subgroup rule, a rule in the mask quintuple rule that is not repeated with the flexible quintuple rule is used as a second subgroup rule, the first subgroup rule and the second subgroup rule form a second group rule, that is, the flexible quintuple rule includes both the first group rule and a part of rules in the second group rule, the received packet can be respectively matched with the first group rule and the first subgroup rule in the flexible quintuple rule and the second subgroup rule in the mask quintuple rule, and at least one candidate combination rule is determined according to at least one rule in the matched first rule group and at least one rule in the second rule group, and then determining the combination rule matched with the message from the candidate combination rules repeated by at least one candidate combination rule and the preset combination rule table, thereby completely determining all possible candidate combination rules, avoiding missing the candidate combination rules and further ensuring that the combination rule matched with the message is optimal.
Accordingly, an embodiment of the present application further provides a computer-readable storage medium, in which instructions are stored, and when the instructions are executed on a computer, the computer is caused to execute the matching method of the combination rule described in any one of the above embodiments.
It can be seen from the above technical solutions that, a rule in the flexible quintuple rule that is not repeated with the mask quintuple rule is used as a first group rule, a rule in the flexible quintuple rule that is repeated with the mask quintuple rule is used as a first subgroup rule, a rule in the mask quintuple rule that is not repeated with the flexible quintuple rule is used as a second subgroup rule, the first subgroup rule and the second subgroup rule form a second group rule, that is, the flexible quintuple rule includes both the first group rule and a part of rules in the second group rule, the received packet can be respectively matched with the first group rule and the first subgroup rule in the flexible quintuple rule and the second subgroup rule in the mask quintuple rule, and at least one candidate combination rule is determined according to at least one rule in the matched first rule group and at least one rule in the second rule group, and then determining the combination rule matched with the message from the candidate combination rules repeated by at least one candidate combination rule and the preset combination rule table, thereby completely determining all possible candidate combination rules, avoiding missing the candidate combination rules and further ensuring that the combination rule matched with the message is optimal.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. A matching method of a combination rule is applied to network equipment, and is characterized in that the method comprises the following steps:
respectively matching a received message with a first group rule and a first subgroup rule in a flexible quintuple rule and a second subgroup rule in a mask quintuple rule, wherein the first group rule is a rule which is not repeated with the mask quintuple rule in the flexible quintuple rule, the first subgroup rule is a rule which is repeated with the mask quintuple rule in the flexible quintuple rule, the second subgroup rule is a rule which is not repeated with the flexible quintuple rule in the mask quintuple rule, and the first subgroup rule and the second subgroup rule form a second group rule;
if the message is determined to be matched with at least one rule in the first rule group and at least one rule in the second rule group at the same time, determining at least one candidate combination rule according to the matched at least one rule in the first rule group and at least one rule in the second rule group;
and determining the combination rule matched with the message from the candidate combination rules repeated by the at least one candidate combination rule and a preset combination rule table.
2. The method according to claim 1, wherein determining at least one candidate combination rule according to the at least one rule in the first rule group and the at least one rule in the second rule group that are matched includes:
respectively selecting at least one rule in the first group of rules which is not more than a first set number of rules with the priority in the sequence from high to low and at least one rule in the second group of rules which is not more than a second set number of rules with the priority in the sequence from high to low;
and determining all selected combinations of the rules with the number not more than the first set number and the rules with the number not more than the second set number to obtain at least one candidate combination rule.
3. The method according to claim 2, wherein determining the combination rule on the packet match from the candidate combination rules repeated by the at least one candidate combination rule and a preset combination rule table specifically comprises:
searching the at least one candidate combination rule in a preset combination rule table;
and determining the searched candidate combination rule with the highest priority as the combination rule matched with the message.
4. The method according to claim 3, wherein searching the at least one candidate composition rule in a predetermined composition rule table specifically comprises:
combining the identifiers of the first group of rules and the identifiers of the second group of rules included in each candidate combination rule in the at least one candidate combination rule to obtain a combination rule identifier corresponding to the candidate combination rule;
and searching the combination rule identification of the at least one candidate combination rule in a preset combination rule table.
5. An apparatus for matching a combination rule, applied to a network device, the apparatus comprising:
a matching module, configured to match a received packet with a first group rule and a first subgroup rule in a flexible quintuple rule, and a second subgroup rule in a mask quintuple rule, respectively, where the first group rule is a rule in the flexible quintuple rule that is not repeated with the mask quintuple rule, the first subgroup rule is a rule in the flexible quintuple rule that is repeated with the mask quintuple rule, the second subgroup rule is a rule in the mask quintuple rule that is not repeated with the flexible quintuple rule, and the first subgroup rule and the second subgroup rule form a second group rule;
a first determining module, configured to determine at least one candidate combination rule according to at least one rule in the first rule group and at least one rule in the second rule group that are matched if it is determined that the packet matches at least one rule in the first rule group and at least one rule in the second rule group at the same time;
and the second determining module is used for determining the combination rule matched with the message from the candidate combination rule repeated by the at least one candidate combination rule and a preset combination rule table.
6. The apparatus of claim 5, wherein the first determining module is configured to determine at least one candidate combination rule according to at least one rule in the first rule group and at least one rule in the second rule group that match, and is specifically configured to:
respectively selecting at least one rule in the first group of rules which is not more than a first set number of rules with the priority in the sequence from high to low and at least one rule in the second group of rules which is not more than a second set number of rules with the priority in the sequence from high to low;
and determining all selected combinations of the rules with the number not more than the first set number and the rules with the number not more than the second set number to obtain at least one candidate combination rule.
7. The apparatus according to claim 6, wherein the second determining module is configured to determine the combining rule on the packet match from candidate combining rules repeated by the at least one candidate combining rule and a preset combining rule table, and is specifically configured to:
searching the at least one candidate combination rule in a preset combination rule table;
and determining the searched candidate combination rule with the highest priority as the combination rule matched with the message.
8. The apparatus according to claim 7, wherein the second determining module is configured to look up the at least one candidate composition rule in a preset composition rule table, and is specifically configured to:
combining the identifiers of the first group of rules and the identifiers of the second group of rules included in each candidate combination rule in the at least one candidate combination rule to obtain a combination rule identifier corresponding to the candidate combination rule;
and searching the combination rule identification of the at least one candidate combination rule in a preset combination rule table.
9. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1-4 when executing a program stored on a memory.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010237013.6A CN111444218B (en) | 2020-03-30 | 2020-03-30 | Matching method and device of combination rules |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010237013.6A CN111444218B (en) | 2020-03-30 | 2020-03-30 | Matching method and device of combination rules |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111444218A true CN111444218A (en) | 2020-07-24 |
| CN111444218B CN111444218B (en) | 2022-09-30 |
Family
ID=71649303
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010237013.6A Active CN111444218B (en) | 2020-03-30 | 2020-03-30 | Matching method and device of combination rules |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111444218B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112367262A (en) * | 2020-08-20 | 2021-02-12 | 国家计算机网络与信息安全管理中心 | Matching method and device for quintuple rule |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105681201A (en) * | 2015-12-28 | 2016-06-15 | 曙光信息产业(北京)有限公司 | Rule matching method and device of message |
| CN105939284A (en) * | 2016-01-08 | 2016-09-14 | 杭州迪普科技有限公司 | Message control strategy matching method and device |
| US20170171362A1 (en) * | 2015-12-15 | 2017-06-15 | Intel Corporation | High speed flexible packet classification using network processors |
| CN107181605A (en) * | 2016-03-09 | 2017-09-19 | 阿里巴巴集团控股有限公司 | Message detecting method and system, contents extraction device, flow matches device |
| CN108650181A (en) * | 2018-04-20 | 2018-10-12 | 济南浪潮高新科技投资发展有限公司 | A kind of IP packet strategy matching circuit and method |
| CN109327395A (en) * | 2018-11-30 | 2019-02-12 | 新华三信息安全技术有限公司 | A kind of message processing method and device |
-
2020
- 2020-03-30 CN CN202010237013.6A patent/CN111444218B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170171362A1 (en) * | 2015-12-15 | 2017-06-15 | Intel Corporation | High speed flexible packet classification using network processors |
| CN105681201A (en) * | 2015-12-28 | 2016-06-15 | 曙光信息产业(北京)有限公司 | Rule matching method and device of message |
| CN105939284A (en) * | 2016-01-08 | 2016-09-14 | 杭州迪普科技有限公司 | Message control strategy matching method and device |
| CN107181605A (en) * | 2016-03-09 | 2017-09-19 | 阿里巴巴集团控股有限公司 | Message detecting method and system, contents extraction device, flow matches device |
| CN108650181A (en) * | 2018-04-20 | 2018-10-12 | 济南浪潮高新科技投资发展有限公司 | A kind of IP packet strategy matching circuit and method |
| CN109327395A (en) * | 2018-11-30 | 2019-02-12 | 新华三信息安全技术有限公司 | A kind of message processing method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112367262A (en) * | 2020-08-20 | 2021-02-12 | 国家计算机网络与信息安全管理中心 | Matching method and device for quintuple rule |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111444218B (en) | 2022-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7349382B2 (en) | Reverse path forwarding protection of packets using automated population of access control lists based on a forwarding information base | |
| US9794263B2 (en) | Technologies for access control | |
| US20070055664A1 (en) | Pipeline sequential regular expression matching | |
| US20180107759A1 (en) | Flow classification method and device and storage medium | |
| EP3012747B1 (en) | Tcam-based table query processing method and apparatus | |
| CN111444218B (en) | Matching method and device of combination rules | |
| CN108664518B (en) | Method and device for realizing table look-up processing | |
| US20060190679A1 (en) | Content addressable memory supporting multiple width searches | |
| CN112187636B (en) | ECMP route storage method and device | |
| US20230041395A1 (en) | Method and Device for Processing Routing Table Entries | |
| US7788445B2 (en) | Intelligent allocation of programmable comparison operations for reducing the number of associative memory entries required | |
| KR100456671B1 (en) | Parallel lookup engine and method for fast packet forwarding in network router | |
| CN109039911B (en) | Method and system for sharing RAM based on HASH searching mode | |
| CN116962348A (en) | Domain name resolution-based video flow processing method, system and electronic equipment | |
| US10795580B2 (en) | Content addressable memory system | |
| CN113992579B (en) | Routing table entry storage method, routing table entry searching method and routing table entry searching device | |
| US20160105363A1 (en) | Memory system for multiple clients | |
| CN103368852A (en) | Method and system for processing hash conflict | |
| CN114374637A (en) | Route processing method and device | |
| CN113660165A (en) | Mask rule matching method based on TCAM, electronic equipment and storage medium | |
| CN116600031B (en) | Message processing method, device, equipment and storage medium | |
| CN109344222B (en) | Searching and storing method and device of high-bandwidth TCAM | |
| CN117540071B (en) | Configuration method and device for attribute table item of search engine | |
| US11916789B2 (en) | Prefix length expansion in packet processors | |
| CN111464455A (en) | Message output method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |