CN112350947B - Message matching decision tree updating method and device - Google Patents
Message matching decision tree updating method and device Download PDFInfo
- Publication number
- CN112350947B CN112350947B CN202011147204.XA CN202011147204A CN112350947B CN 112350947 B CN112350947 B CN 112350947B CN 202011147204 A CN202011147204 A CN 202011147204A CN 112350947 B CN112350947 B CN 112350947B
- Authority
- CN
- China
- Prior art keywords
- decision tree
- storage space
- updated
- matching
- rule set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/48—Routing tree calculation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present specification provides an updating method for a message matching decision tree, which allocates a count variable to each storage space in advance, for representing the number of messages being subjected to matching processing based on the decision tree in the storage space. After the network equipment constructs a new decision tree according to the updated matching rule set, judging whether a counting variable value corresponding to the standby state storage space is 0 or not, thereby determining whether a message which is subjected to matching processing based on the decision tree in the standby state storage space exists or not, and if not, updating the decision tree; if yes, the decision tree updating is not executed.
Description
Technical Field
The present disclosure relates to the field of computer network technologies, and in particular, to a method and an apparatus for updating a message matching decision tree.
Background
After receiving the message, the network device needs to match the message based on a preset matching rule set, and determines which message processing strategy the message is suitable for according to the matching result, which is specifically implemented as follows:
technical personnel deploy a matching rule set for the network equipment according to the message characteristics corresponding to each message service processing strategy, and the network equipment constructs a decision tree according to the matching rule set for matching messages. Wherein, one decision tree path corresponds to a message processing strategy, such as the decision tree shown in fig. 1, and is applicable to the message processing strategy 1 if the message matching satisfies the rules one and three; if the rule I and the rule IV are met, the method is applicable to a message processing strategy 2; if the rules two and five are met, the method is applicable to the message processing strategy 3.
In practical applications, sometimes the matching rule set is updated, and in order to update the decision tree without interrupting the packet matching process, two storage spaces are usually set on the network device for storing one decision tree respectively. One of the storage spaces is set in a use state so that the network device performs message matching based on the decision tree in the storage space in the use state, and the other storage space is set in a standby state so that the network device performs updating of the matching rule set based on the decision tree in the storage space in the standby state (firstly, the decision tree in the storage space in the standby state is replaced by a new decision tree generated based on the updated matching rule set, and then the states of the two storage spaces are exchanged), so that the updated matching rule set can be put into use.
However, in some cases, some messages are still performing message matching using the decision tree in the storage space in the standby state, and at this time, if the matching rule set is updated again, it means that the decision tree in the storage space in the standby state needs to be deleted again, which may cause interruption of the matching process of these messages.
Disclosure of Invention
In order to solve the problem of interruption of the matching process of some messages, the specification provides a method and a device for updating a message matching decision tree.
The present specification provides an updating method of a message matching decision tree, which is applied to a network device and respectively allocates counting variables to two storage spaces of the network device in advance; the value of the counting variable corresponding to each storage space is used for representing, and the number of the messages which are subjected to matching processing based on the decision tree in the storage space is determined; the method comprises the following steps:
when the matching rule set is found to be updated, constructing a new decision tree based on the updated matching rule set;
if the value of the counting variable corresponding to the storage space in the standby state is 0, performing decision tree updating, including: writing the new decision tree into the storage space under the condition that the storage space is emptied, and interchanging the states of the two storage spaces;
and if the value of the counting variable corresponding to the storage space in the standby state is not 0, the decision tree is not updated.
The present specification also provides an updating apparatus for a message matching decision tree, which is applied to a network device and allocates count variables to two storage spaces of the network device in advance; the value of the counting variable corresponding to each storage space is used for representing, and the number of the messages which are subjected to matching processing based on the decision tree in the storage space is determined; the device comprises:
The decision tree construction module is used for constructing a new decision tree based on the updated matching rule set when the matching rule set is found to be updated;
a decision tree updating module, configured to execute a decision tree update if a value of a count variable corresponding to a storage space in a standby state is 0, where the decision tree update includes: writing the new decision tree into the storage space under the condition that the storage space is emptied, and interchanging the states of the two storage spaces;
and the waiting module is used for not executing decision tree updating if the value of the counting variable corresponding to the storage space in the standby state is not 0.
In the technical solution of the embodiment of the present specification, a count variable is allocated to each storage space in advance, and is used for representing the number of messages which are subjected to matching processing based on a decision tree in the storage space. After the network equipment constructs a new decision tree according to the updated matching rule set, judging whether a counting variable value corresponding to the standby state storage space is 0 or not, thereby determining whether a message which is subjected to matching processing based on the decision tree in the standby state storage space exists or not, and if not, updating the decision tree; if yes, the decision tree updating is not executed.
By the technical scheme of the embodiment of the specification, when the message matching is carried out without using the decision tree of the standby state storage space, the message matching decision tree is updated, so that the problem that some message matching processes are interrupted is solved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
FIG. 1 is a schematic diagram of a decision tree shown in this specification.
Fig. 2 is a schematic diagram of a process for performing decision tree update shown in this specification.
Fig. 3 is a schematic diagram of the decision tree updating process shown in this specification.
Fig. 4 is a flowchart illustrating an update of a message matching decision tree according to this specification.
Fig. 5 is a flowchart illustrating an update of a message matching decision tree according to this specification.
Fig. 6 is a flowchart illustrating an update of a message matching decision tree according to this specification.
Fig. 7 is a flowchart illustrating an update of a message matching decision tree according to this specification.
Fig. 8 is a flowchart illustrating updating a message matching decision tree according to the present disclosure.
Fig. 9 is a block diagram of an updating apparatus for a packet matching decision tree shown in the present specification.
Fig. 10 is a schematic diagram of a hardware structure of a network device shown in this specification.
Detailed Description
The network device, which may be a network security device or a network distribution device, performs packet matching through the matching rule set after receiving the packet, thereby determining what packet processing needs to be performed on the packet. The matching rule set is deployed by technicians according to message characteristics corresponding to each message processing policy, wherein the message characteristics can be a source address, a destination address, a port number, a protocol type or a flag bit element of a message.
In practical application, if each message is matched with the rules in the matching rule set one by one, a lot of time is consumed, and under the scene of receiving hundreds of thousands of messages, the matching rule set is very large, and the matching rules one by one are low in efficiency, so that a method for constructing a decision tree according to the matching rule set and matching the messages by using the decision tree is provided by technical personnel, as shown in fig. 1, so that the messages can be matched quickly.
However, the matching rule set is not constant, and sometimes the matching rule set is updated, and in order to update the decision tree without interrupting the packet matching process, two storage spaces are usually set on the network device for storing one decision tree respectively. One of the storage spaces is set in a use state (also referred to as an operation state) so that the network device performs message matching based on the decision tree in the storage space in the use state, and the other storage space is set in a standby state so that the network device performs updating of the matching rule set based on the decision tree in the storage space in the standby state (firstly, the decision tree in the storage space in the standby state is replaced by a new decision tree generated based on the updated matching rule set, and then, the states of the two storage spaces are interchanged), so that the updated matching rule set can be put into use.
As shown in fig. 2, for convenience of description, two storage spaces deployed on a network device are referred to as a first storage space and a second storage space, respectively. During initialization, the first storage space is set in a use state, the second storage space is set in a standby state, if the matching rule set is updated, the network device constructs a new decision tree according to the updated matching rule set (namely, the decision tree is compiled and generated according to the matching rule set), and replaces the decision tree of the second storage space with the new decision tree (specifically, the decision tree in the second storage space is deleted, and the new decision tree is stored in the second storage space). Thereafter, the first storage space is state-swapped with the second storage space such that the decision tree (corresponding to the updated set of matching rules) in the second storage space is taken into use and the decision tree in the first storage space is taken out of use. Fig. 2 actually shows the flow of decision tree updating based on the updated set of matching rules.
However, when the decision tree needs to be updated based on the updated matching rule set, the network device may be performing matching on a plurality of messages based on the decision tree in the first storage space, and the matching process of the legacy messages is not yet finished, although switching the first storage space to the standby state does not affect the network device to continue to perform matching on the legacy messages based on the decision tree in the first storage space, if the matching rule set is updated again at this time, according to the decision tree updating process shown in fig. 2, the old decision tree in the first storage space needs to be deleted (so as to store the regenerated new decision tree into the first storage space), and doing so may cause the network device to fail to continue to perform matching on the legacy messages based on the old decision tree in the first storage space, resulting in abnormal message matching. As shown in fig. 3, the remaining messages still use the decision tree of the first storage space to perform message matching, but since the matching rule set is updated again, the decision tree needs to be deleted, and the new decision tree' is written into the first storage space, and these remaining messages cannot complete message matching, so that corresponding message processing cannot be obtained.
One solution to the above problem is: when updating the decision tree each time, before deleting the decision tree of the standby state storage space, waiting for a period of time (such as 1 second), then deleting the decision tree of the standby state storage space, and writing the new decision tree. However, in this scheme, the waiting time needs to be set by the experience of the technician, the waiting time is short, the problem that the matching of some remaining messages is not completed may still exist, and the waiting time is long, which may affect the timely effectiveness of the updated matching rule set.
In the technical solution of the embodiment of the present specification, a counting variable is allocated to each storage space in advance, where a value of the counting variable represents the number of messages that are being subjected to matching processing by the network device based on the decision tree in the storage space, where when the network device receives a message and performs matching processing on the message based on the decision tree in the storage space, a value of the counting variable is incremented by one, and when the network device completes matching processing on a message based on the decision tree in the storage space, a value of the counting variable is decremented by one.
And after the network equipment constructs a new decision tree according to the updated matching rule set, determining whether a message which is subjected to matching processing based on the decision tree in the standby state storage space exists according to the fact that whether the counting variable value corresponding to the standby state storage space is 0 or not. The value of the counting variable is 0, which indicates that no message is subjected to matching processing based on the decision tree in the standby state storage space, and the decision tree can be updated at the moment; if the value of the counting variable is not 0, it indicates that there are messages which are being subjected to matching processing based on the decision tree in the standby state storage space, and at this time, the decision tree cannot be updated until the matching processing of the remaining messages is completed (meaning that the value of the counting variable becomes 0), and then the decision tree is updated.
According to the technical scheme of the embodiment of the specification, firstly, when the decision tree in the storage space in the standby state is not occupied, the decision tree in the storage space in the standby state is allowed to be updated, so that the decision tree which is occupied in the storage space in the standby state is prevented from being deleted, and the problem that the message matching process is interrupted is also avoided.
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first storage space may also be referred to as a second storage space, and similarly, the second storage space may also be referred to as a first storage space, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The following is a detailed description of examples of the present specification.
Taking the first storage space as an example, the counting variable of the first storage space will be described. The principle of counting variables of the second memory space is similar.
Assuming that the first storage space is currently in use, the network device actually performs packet matching based on the decision tree in the first storage space. Assuming that the value of the counting variable corresponding to the current first storage space is 10, the number of messages for performing message matching on the decision tree occupying the current first storage space is 10. If the network device receives a message again at this time, the message is subjected to matching processing based on the decision tree of the first storage space in the use state, which means that the number of messages subjected to matching processing based on the decision tree of the first storage space is increased to 11, and the value of the count variable corresponding to the first storage space is increased by one to 11.
Then, if the network device completes the matching process for one packet based on the first storage space, which means that the number of packets in the decision tree occupying the first storage space is decreased by one, the value of the count variable corresponding to the first storage space is decreased by one (from 11 to 10).
Then, if the matching rule set is updated, a new decision tree is generated, which results in that the decision tree in the second storage space needs to be replaced by the new decision tree, and then the states of the first storage space and the second storage space are exchanged, so that the second storage space containing the new decision tree is switched to a use state, and the first storage space is switched to a standby state. At this time, although the first storage space is already in the standby state, there may still be some messages being subjected to matching processing based on the first storage space, and the count variable of the first storage space is not 0. It should be noted, however, that the network device does not perform matching processing on the newly received packet based on the first storage space any more, which means that the count variable of the first storage space already in the standby state is only decreased and is not increased until it is decreased to 0, which means that the matching processing is already completed on the legacy packet corresponding to the first storage space already in the standby state.
It should be noted that, in a specific implementation, two array tables [0] and [1] and one global variable lower may be pre-designed in the network device. Each array comprises a decision tree pointer and a counting variable, the decision tree pointer is used for pointing to a decision tree corresponding to the array, and the counting variable is used for representing the number of messages which are subjected to matching processing based on the decision trees in the array. The counting variable can be an atomic variable, and errors can be prevented from occurring when a plurality of message matching processes modify the value of the counting variable concurrently. The global variable newer is used for representing the array in the use state, if the global variable newer is 0, the array table [0] is in the use state, and the array table [1] is in the standby state; if 1, it means that the array table [1] is in the use state, and the array table [0] is in the standby state.
In addition, in one or more embodiments of the present application, the process may loop indefinitely, and in an operating system in a non-preemption mode, if the process executing the process does not yield the CPU actively, the process scheduling blocking of the CPU will be caused, and even the CPU will be halted. Because the operation of judging whether the matching rule set is updated or not is carried out in each cycle, the process scheduling operation can be executed once before the operation is carried out, a CPU can be guaranteed to be yielded once in each cycle, and the problem of process scheduling blockage and even crash is avoided. If no other process is run on the CPU, the process immediately obtains the running opportunity of the CPU again, and in this case, the influence of the process scheduling operation on the process is negligible.
As shown in fig. 4, fig. 4 is a flowchart of a method for updating a packet matching decision tree according to an exemplary embodiment, where the method includes the following steps:
in step 402, when an update of the matching rule set is found, a new decision tree is constructed based on the updated matching rule set.
The set of matching rules is typically stored in the form of a hash table. The updating of the matching rule set may include adding a rule, deleting a rule, modifying a rule (which may be implemented in a manner of deleting first and then adding), clearing a matching rule set, and the like. It should be noted that after the matching rule set is emptied, an empty decision tree can still be constructed based on the emptied matching rule set.
In practical applications, the matching rule set may be continuously detected (or periodically detected), and once the matching rule set is found to be updated, the following steps are triggered: and constructing a new decision tree based on the updated matching rule set.
It should be noted that, in practice, if the matching rule set is updated continuously for multiple times, the new decision tree referred to herein is a decision tree constructed based on the matching rule set of the current latest version. Herein, when the matching rule set is found updated again, the new decision tree is reconstructed based on the updated matching rule set again. Reconstructing the new decision tree means to ensure that the matching rule set corresponding to the new decision is the current latest version.
In step 404, if the value of the counting variable corresponding to the storage space in the standby state is 0, the decision tree update is performed.
Under the condition that the value of the counting variable corresponding to the storage space in the standby state is judged to be 0, the decision tree in the storage space which does not use the standby state is not occupied by the left message any more to carry out message matching, and at the moment, the decision tree is updated under the condition, so that the problem that the message matching process is interrupted is avoided.
Herein, the updating of the execution decision tree described herein refers to: and under the condition that the storage space in the standby state is determined to be emptied, writing the new decision tree into the storage space in the standby state, and interchanging the states of the two storage spaces. In practical application, the new decision tree may be used to replace the decision tree of the storage space in the standby state only when the decision tree update needs to be performed, or the storage space in the standby state may be directly emptied whenever the counting variable of the storage space in the standby state becomes 0 regardless of whether the decision tree update needs to be performed.
In step 406, if the value of the counting variable corresponding to the storage space in the standby state is not 0, no decision tree update is performed.
Under the condition that the value of the counting variable corresponding to the storage space in the standby state is judged to be not 0, the message which is still using the decision tree of the storage space to perform message matching still exists, and the decision tree is updated at the moment, so that the message matching process is interrupted. Therefore, no decision tree update is possible at this time.
In some embodiments, after finding that the count variable of the storage space in the standby state is not 0, the count variable of the storage space in the standby state may be checked continuously (or periodically), and once the count variable value is found to become 0, a decision tree update is performed using the new decision tree. In case the set of matching rules is updated again in the process of detecting that the counting variable of the storage space of the standby state changes from not 0 to 0, a new decision tree needs to be reconstructed in this process to ensure that the new decision tree for performing the decision tree update is always generated based on the latest version of the set of matching rules.
As shown in the method flow of fig. 5, after the matching rule set is updated, the network device constructs a new decision tree according to the updated matching rule set, first determines whether the value of the count variable corresponding to the standby state storage space is 0, and if not, does not perform the decision tree update. If the number of the storage spaces is 0, further judging whether the storage spaces in the standby state are emptied, and if the storage spaces in the standby state are emptied, performing decision tree updating, wherein the updating comprises writing a new decision tree into the storage spaces in the standby state and exchanging the states of the two storage spaces; if not, the storage space of the standby state is emptied, namely the decision tree of the storage space of the standby state is deleted, and then the decision tree is updated.
Furthermore, the method flow shown in fig. 4 may be executed in a loop. As shown in fig. 6, when the loop starts each time, it is found that the matching rule set is not updated, and it can be continuously determined whether there is an unused new decision tree. If a new unused decision tree exists (namely, the new decision tree constructed during the last update of the matching rule still cannot be written into the storage space in the standby state because the count variable of the storage space in the standby state is not 0), further judging whether the count variable of the storage space in the standby state has changed into 0, if the count variable has changed into 0, executing the update of the decision tree based on the new unused decision tree, and if the count variable is still not 0, no operation is performed any more, and the next loop is entered for detection. And if the unused new decision tree does not exist, no operation is performed any more, and the next loop is entered for detection.
Continuing to refer to fig. 6, in a cycle execution, if the matching rule set is found to be updated, constructing a new decision tree of the latest version, and continuing to judge whether an unused new decision tree of the previous version exists, if an unused new decision tree of the previous version exists, discarding the unused new decision tree of the previous version, and updating the unused new decision tree into the new decision tree of the latest version; and if the unused new decision tree of the previous version does not exist, directly taking the new decision tree of the latest version as the new decision tree to be written into the storage space of the standby state. And then, further judging whether the counting variable of the storage space in the standby state is changed into 0, if the counting variable is changed into 0, updating the decision tree based on the unused new decision tree, and if the counting variable is still not 0, not performing any operation, and entering the next cycle for detection.
In summary, in one or more embodiments where cycle detection is performed:
1. in one cycle execution, if it is determined that the matching rule set is not updated and it is determined that there is no unused new decision tree, the cycle may be directly terminated and the next cycle may be entered.
2. In one loop execution, whether the matching rule set is updated or not, if the counting variable value corresponding to the standby state storage space is judged not to be 0, the loop can be terminated and the next loop can be entered.
3. In one cycle, even if it is determined that the matching rule set is not updated, if an unused new decision tree (a new decision tree constructed in the last matching rule update) exists and the value of the count variable is 0, the decision tree update is performed.
4. In one cycle execution, if it is determined that the matching rule set is updated, an unused new decision tree also exists, and the value of the counting variable is 0, then a new decision tree of the latest version needs to be constructed to replace the new decision tree of the previous version as a current unused new decision tree, and then, based on the current unused new decision tree, the decision tree update is executed.
It should be noted that, in one loop execution, a situation may occur that the matching rule set is found to be updated, but the construction of the new decision tree fails, and how to perform the processing in this situation is the same as the situation that the matching rule set is found not to be updated, and details are not described again.
In addition, the determination sequence of "determining whether the matching rule set is updated" and "determining whether the value of the count variable corresponding to the spare state storage space is 0" shown in fig. 6 is not fixed, and as shown in fig. 7, it may be determined whether the value of the count variable corresponding to the spare state storage space is 0, and it may be determined whether the spare state storage space is empty, and then it may be determined whether the decision tree is updated. In one cycle execution, firstly, judging whether a counting variable value corresponding to the standby state storage space is 0, namely whether the decision tree can be updated or not, if the counting variable value corresponding to the standby state storage space is not 0, stopping the cycle, and entering the next cycle; and if the counting variable value corresponding to the standby state storage space is 0, further judging whether the storage space is emptied, directly carrying out the next step if the storage space is emptied, and carrying out the next step if the storage space is not emptied.
With continued reference to fig. 7, after determining that the decision tree update is possible (i.e., the value of the count variable corresponding to the standby state storage space is 0 and the standby state storage space is empty), it is further determined whether the matching rule set is updated, i.e., whether the decision tree update needs to be performed. And if the matching rule set is not updated and an unused new decision tree does not exist, continuously judging whether the matching rule set is updated or not. And if the matching rule set is not updated but a new decision tree which is not used exists, executing decision tree updating and then entering the next cycle. If the matching rule set is found to be updated, constructing a new decision tree of the latest version, continuously judging whether the new decision tree of the previous unused version exists, if the new decision tree of the previous unused version exists, abandoning the new decision tree of the previous unused version, and updating the new decision tree of the previous unused version into the new decision tree of the latest version; and if the unused new decision tree of the previous version does not exist, directly taking the new decision tree of the latest version as the new decision tree to be written into the storage space of the standby state.
As shown in fig. 8, after determining that the matching rule set is not updated, it may be determined whether there is a new decision tree that is not used after determining whether the spare storage space is empty instead of determining whether there is a decision tree that is not used in the previous version. The specific implementation process can be referred to the descriptions of fig. 6 and fig. 7.
Different from fig. 6, in the flowchart shown in fig. 8, when it is determined that the matching rule set is not updated, it is no longer determined whether there is a new decision tree that is not used in the previous version, but after determining whether the spare-state storage space is empty, it is determined whether there is a new decision tree that is not used, that is, whether there is a new decision tree to be written into the spare-state storage space.
Corresponding to the foregoing method embodiment, the present specification further provides an updating apparatus for a message matching decision tree, which is applied to a network device, and allocates count variables to two storage spaces of the network device in advance, as shown in fig. 9; the value of the counting variable corresponding to each storage space is used for representing, and the number of the messages which are subjected to matching processing based on the decision tree in the storage space is determined; the device comprises:
a decision tree construction module 910, configured to, when the matching rule set is found to be updated, construct a new decision tree based on the updated matching rule set;
a decision tree updating module 920, configured to execute a decision tree update if a value of a count variable corresponding to the storage space in the standby state is 0, where the decision tree update includes: writing the new decision tree into the storage space under the condition that the storage space is emptied, and interchanging the states of the two storage spaces;
The waiting module 930 is configured to not perform the decision tree update if the value of the count variable corresponding to the storage space in the standby state is not 0.
A loop detection module 940, configured to determine whether the matching rule set is updated every time a loop starts; if yes, determining that the matching rule set is found to be updated; if not, determining that the matching rule set is not updated.
A storage space determining module 950, configured to determine whether the storage space currently in the standby state is empty if the value of the count variable corresponding to the storage space is 0;
the storage space emptying module 960 is configured to empty the storage space if the determination result is negative.
The embodiment of the updating apparatus for a message matching decision tree in this specification can be applied to network devices, such as routers, switches, and the like. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and as a logical device, the device is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor in which the file processing is located. From a hardware aspect, as shown in fig. 10, which is a hardware structure diagram of a computer device in which a file processing apparatus is located in the embodiment of this specification, except for the processor 1010, the memory 1020, the input/output interface 1030, and the communication interface 1040 shown in fig. 10, a device in which a message processing apparatus is located in the embodiment may also include other hardware according to an actual function of the network device, and details of this are not described again.
Accordingly, the present specification also provides a network device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor is configured to perform the method as shown in fig. 4.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
Embodiments of the present description also provide a computer-readable storage medium on which a computer program is stored, where the program is executed by a processor to perform the method shown in fig. 4.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A message matching decision tree updating method is characterized in that the method is applied to network equipment, and counting variables are respectively allocated to two storage spaces of the network equipment in advance; the value of the counting variable corresponding to each storage space is used for representing, and the number of the messages which are subjected to matching processing based on the decision tree in the storage space is determined; the method comprises the following steps:
when the matching rule set is found to be updated, constructing a new decision tree based on the updated matching rule set;
if the value of the counting variable corresponding to the storage space in the standby state is 0, performing decision tree updating, including: writing the new decision tree into the storage space under the condition that the storage space is emptied, and interchanging the states of the two storage spaces;
if the value of the counting variable corresponding to the storage space in the standby state is not 0, the updating of the decision tree is not executed;
and the storage space in the standby state does not participate in the matching process of the newly received message.
2. The method of claim 1, wherein constructing a new decision tree based on the updated set of matching rules comprises:
and if the updated matching rule set is empty, constructing an empty new decision tree.
3. The method of claim 1, wherein prior to said building a new decision tree based on the updated set of matching rules, the method further comprises:
judging whether the matching rule set is updated or not;
if yes, determining that the matching rule set is found to be updated;
if not, determining that the matching rule set is not updated.
4. The method of claim 3, wherein the method further comprises:
if the value of the counting variable corresponding to the storage space currently in the standby state is 0, judging whether the storage space is emptied;
and if the judgment result is negative, emptying the storage space.
5. The method of claim 1, wherein writing the new decision tree to the memory space if the memory space is cleared comprises:
deleting the decision tree in the storage space, and then writing the new decision tree into the storage space.
6. The method of claim 1, wherein the method further comprises:
And when the matching rule set is found to be updated again, reconstructing the new decision tree based on the updated matching rule set.
7. An updating device of a message matching decision tree is characterized in that the updating device is applied to network equipment and respectively allocates counting variables for two storage spaces of the network equipment in advance; the value of the counting variable corresponding to each storage space is used for representing, and the number of the messages which are subjected to matching processing based on the decision tree in the storage space is determined; the device comprises:
the decision tree construction module is used for constructing a new decision tree based on the updated matching rule set when the matching rule set is found to be updated;
a decision tree updating module, configured to execute a decision tree update if a value of a count variable corresponding to a storage space in a standby state is 0, where the decision tree update includes: writing the new decision tree into the storage space under the condition that the storage space is emptied, and interchanging the states of the two storage spaces;
the waiting module is used for not executing decision tree updating if the value of the counting variable corresponding to the storage space in the standby state is not 0;
and the storage space in the standby state does not participate in the matching process of the newly received message.
8. The apparatus of claim 7, wherein the apparatus further comprises:
the cycle detection device is used for judging whether the matching rule set is updated or not before the new decision tree is constructed based on the updated matching rule set; if yes, determining to find the updating of the matching rule set; if not, determining that the matching rule set is not updated.
9. The apparatus as recited in claim 8, wherein said apparatus further comprises:
the storage space judging module is used for judging whether the storage space is emptied or not if the value of the counting variable corresponding to the storage space currently in the standby state is 0;
and the storage space emptying module is used for emptying the storage space if the judgment result is negative.
10. A network device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor is configured to perform the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011147204.XA CN112350947B (en) | 2020-10-23 | 2020-10-23 | Message matching decision tree updating method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011147204.XA CN112350947B (en) | 2020-10-23 | 2020-10-23 | Message matching decision tree updating method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112350947A CN112350947A (en) | 2021-02-09 |
| CN112350947B true CN112350947B (en) | 2022-07-29 |
Family
ID=74359989
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011147204.XA Active CN112350947B (en) | 2020-10-23 | 2020-10-23 | Message matching decision tree updating method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112350947B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102084332A (en) * | 2008-04-06 | 2011-06-01 | 弗森-艾奥公司 | Apparatus, system, and method for converting a storage request into an append data storage command |
| CN103858386A (en) * | 2011-08-02 | 2014-06-11 | 凯为公司 | Packet classification by an optimised decision tree |
| CN104866314A (en) * | 2015-05-27 | 2015-08-26 | 常州大学 | Cyclic update mode-based decision tree construction method |
| CN106612322A (en) * | 2016-07-11 | 2017-05-03 | 四川用联信息技术有限公司 | Data recovery method for distribution optimization of data storing nodes in cloud storage |
| CN111131079A (en) * | 2019-12-26 | 2020-05-08 | 杭州迪普科技股份有限公司 | Policy query method and device |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4452183B2 (en) * | 2002-09-12 | 2010-04-21 | インターナショナル・ビジネス・マシーンズ・コーポレーション | How to create a programmable state machine data structure to parse the input word chain, how to use the programmable state machine data structure to find the resulting value corresponding to the input word chain, deep wire speed A method for performing packet processing, a device for deep packet processing, a chip embedding device, and a computer program including programming code instructions (method and device for deep packet processing) |
| US7548944B2 (en) * | 2003-07-15 | 2009-06-16 | Intel Corporation | Statistics collection framework for a network processor |
| JP4738941B2 (en) * | 2005-08-25 | 2011-08-03 | 株式会社日立製作所 | Storage system and storage system management method |
| JP5685454B2 (en) * | 2010-02-18 | 2015-03-18 | 富士通株式会社 | Storage device and storage system |
| KR20140033964A (en) * | 2012-09-11 | 2014-03-19 | 삼성전자주식회사 | Device and method for saving data in terminal |
| CN105447059B (en) * | 2014-09-29 | 2019-10-01 | 华为技术有限公司 | A kind of data processing method and device |
| CN105187845B (en) * | 2015-08-10 | 2018-07-03 | 珠海全志科技股份有限公司 | Apparatus for decoding video data and coding/decoding method |
| CN105939269A (en) * | 2015-12-18 | 2016-09-14 | 杭州迪普科技有限公司 | Message translation method and device based on net address translation (NAT) rule |
| WO2017196138A2 (en) * | 2016-05-12 | 2017-11-16 | Lg Electronics Inc. | System and method for early data pipeline lookup in large cache design |
| CN106960054B (en) * | 2017-04-01 | 2020-10-02 | 北京奇虎科技有限公司 | Data file access method and device |
| CN108121569B (en) * | 2017-12-18 | 2020-12-04 | 杭州迪普科技股份有限公司 | Interface configuration method and device |
-
2020
- 2020-10-23 CN CN202011147204.XA patent/CN112350947B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102084332A (en) * | 2008-04-06 | 2011-06-01 | 弗森-艾奥公司 | Apparatus, system, and method for converting a storage request into an append data storage command |
| CN103858386A (en) * | 2011-08-02 | 2014-06-11 | 凯为公司 | Packet classification by an optimised decision tree |
| CN104866314A (en) * | 2015-05-27 | 2015-08-26 | 常州大学 | Cyclic update mode-based decision tree construction method |
| CN106612322A (en) * | 2016-07-11 | 2017-05-03 | 四川用联信息技术有限公司 | Data recovery method for distribution optimization of data storing nodes in cloud storage |
| CN111131079A (en) * | 2019-12-26 | 2020-05-08 | 杭州迪普科技股份有限公司 | Policy query method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112350947A (en) | 2021-02-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2014505959A (en) | Managing buffer overflow conditions | |
| CN105357042B (en) | A kind of highly available cluster system and its host node and from node | |
| CN114265670B (en) | Memory block sorting method, medium and computing device | |
| CN110781016B (en) | Data processing method, device, equipment and medium | |
| CN110704438B (en) | Method and device for generating bloom filter in blockchain | |
| US20190199794A1 (en) | Efficient replication of changes to a byte-addressable persistent memory over a network | |
| CN108062235B (en) | Data processing method and device | |
| CN112350947B (en) | Message matching decision tree updating method and device | |
| CN108829498A (en) | Service data visitation method and apparatus | |
| CN111162947B (en) | PCRE hot switching method, network device and storage medium | |
| CN110298031B (en) | Dictionary service system and model version consistency distribution method | |
| CN112667259A (en) | SDN controller version upgrading method, device and medium | |
| CN112559565A (en) | Abnormity detection method, system and device | |
| CN116108498A (en) | Program execution method, program execution device, storage medium and electronic equipment | |
| CN113347285A (en) | Automatic allocation method, device and equipment for managing IP address | |
| CN108874560B (en) | Method and communication device for communication | |
| CN111131051A (en) | Route issuing method and device | |
| CN116743550B (en) | Processing method of fault storage nodes of distributed storage cluster | |
| CN111435320A (en) | Data processing method and device | |
| CN114546270B (en) | Data storage method and device and electronic equipment | |
| US11544116B2 (en) | Method and system for facilitating dynamic hardware resource allocation in an active switch | |
| CN108173689A (en) | The output system of load balancing data | |
| CN115202899A (en) | Method and device for collecting log data based on ELK | |
| CN117650982A (en) | Method, equipment and medium for implementing complex gateway based on BPMN | |
| CN116303122A (en) | Chip data reading and writing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |