CN114189572B - Packet detection rule matching method, device, network element and storage medium - Google Patents
Packet detection rule matching method, device, network element and storage medium Download PDFInfo
- Publication number
- CN114189572B CN114189572B CN202111542929.3A CN202111542929A CN114189572B CN 114189572 B CN114189572 B CN 114189572B CN 202111542929 A CN202111542929 A CN 202111542929A CN 114189572 B CN114189572 B CN 114189572B
- Authority
- CN
- China
- Prior art keywords
- pdr
- packet
- rule
- matching
- pdrs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90344—Query processing by using string matching techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90348—Query processing by searching ordered data, e.g. alpha-numerically ordered data
Abstract
The embodiment of the invention discloses a method, a device, a network element and a storage medium for matching packet detection rules. The method comprises the steps of extracting characteristic values of a data packet, wherein the characteristic values comprise quintuple and a data flow direction; generating an ordered table of a packet detection rule PDR according to a packet filtering control protocol PFCP signaling; and comparing the packet detection rule field set corresponding to each PDR with the characteristic values in sequence according to the arrangement sequence of the PDRs in the ordered list until the PDR matched with the data packet is determined. The technical scheme of the invention solves the technical problem of insufficient performance of sequencing and matching of multiple PDRs, and realizes efficient matching of the characteristic value of the data packet and the PDR rule with the highest priority.
Description
Technical Field
Embodiments of the present invention relate to the field of communications technologies, and in particular, to a method, an apparatus, a network element, and a storage medium for matching packet detection rules.
Background
With the rapid development of the 5th Generation Mobile Communication Technology (5G), the requirements of fine policy application, including filtering, directing, charging, and current limiting, need to be performed on user traffic, and the requirement needs to configure Packet Flow Description (PFD) as a traffic matching condition in the user plane function to fulfill the requirements. User Plane Function (UPF) evolved from a Serving GateWay (SGW-U) and a Public Data Network GateWay (PGW-U) of a User plane in a fourth Generation Mobile Communication Technology (4G) core Network, and became a basic Network element in a 5G core Network system architecture defined by the third Generation Partnership Project (3rd Generation Partnership Project, 3 GPP). The current 5G specification requires that the UPF start with the Packet Detection Rule (PDR) with the highest priority and then continue in the PDR in descending order of priority, and once a matching PDR is found, the UPF stops the PDR lookup.
The existing packet rule matching method needs to find the highest priority PDR matched with the packet, i.e. the UPF needs to provide a packet filtering rule lookup function. However, the requirement of the 5G core network for high bandwidth gradually increases, the number of packets and the types of PDRs are more, and the UPF is required to provide higher performance processing capability, and at present, no method capable of realizing efficient rule matching of packets exists.
Disclosure of Invention
The embodiment of the invention provides a packet detection rule matching method, which aims to realize the efficient matching of a data packet characteristic value and a highest priority PDR rule.
In a first aspect, an embodiment of the present invention provides a method for matching packet detection rules, including:
extracting characteristic values of the data packets, wherein the characteristic values comprise quintuple and data flow direction;
generating an ordered list of PDRs (Packet Forwarding Control Protocol, PFCP) according to a Packet Forwarding Control Protocol (PFCP) signaling;
and comparing the packet detection rule field set corresponding to each PDR with the characteristic values in sequence according to the arrangement sequence of the PDRs in the ordered list until the PDR matched with the data packet is determined.
In a second aspect, an embodiment of the present invention further provides a packet detection rule matching apparatus, including:
the extraction module is used for extracting the characteristic value of the data packet, wherein the characteristic value comprises a quintuple and a data flow direction;
the generating module is used for generating the ordered list of the PDR according to the PFCP signaling;
and the matching module is used for sequentially comparing the fields corresponding to each PDR with the characteristic values according to the arrangement sequence of the PDRs in the ordered list until the PDR matched with the data packet is determined.
In a third aspect, an embodiment of the present invention further provides a network element, including:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, cause the one or more processors to implement the packet detection rule matching method according to the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the packet detection rule matching method according to the first aspect.
The embodiment of the invention extracts the characteristic value of the data packet, wherein the characteristic value comprises a quintuple and a data flow direction; generating an ordered list of PDRs according to the PFCP signaling; and comparing the packet detection rule field sets corresponding to the PDRs with the characteristic values in sequence according to the arrangement sequence of the PDRs in the ordered list until the PDRs matched with the data packet are determined, so that the technical problem of insufficient performance of multi-PDR sequencing and matching is solved, and the efficient matching of the characteristic values of the data packet and the PDR rule with the highest priority is realized.
Drawings
Fig. 1 is a flowchart of a method for matching packet inspection rules according to an embodiment of the present invention;
fig. 2 is a flowchart of a packet inspection rule matching method according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a packet inspection rule matching apparatus according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer-readable storage medium according to a fourth embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of this invention are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a packet detection rule matching method according to an embodiment of the present invention, where the method is applicable to PDR matching for a data packet, and the method may be executed by a packet detection rule matching apparatus, and the apparatus may be implemented in a software and/or hardware manner. The apparatus can be configured in a network element, where the network element mainly refers to a network element having a user plane function, such as a UPF in a core network. As shown in fig. 1, the method specifically includes:
s110, extracting a characteristic value of the data packet, wherein the characteristic value comprises a quintuple and a data flow direction;
the data packet may be a data unit in Transmission Control Protocol/internet Protocol (TCP/IP) communication Transmission. In particular, in a packet-switched network, a single message may be divided into a plurality of packets containing address information for both the sender and the recipient. These packets may be transmitted along different paths in one or more networks and recombined at the destination. The characteristic value may be used to identify or distinguish the data packet and to describe the transmission characteristics of the data packet, in this embodiment, the characteristic value is used as a basis for matching the PDR with the data packet, that is, a field in the PDR and the characteristic value of the data packet can correspond to each other, and thus the data packet can be successfully matched.
Wherein the characteristic value comprises a quintuple and a data flow direction. The quintuple can include: source IP, destination IP, source port, destination port, and protocol type. The quintuple can distinguish different sessions and the corresponding session is unique. Illustratively, the characteristic value (IpPacketSrcFields) of a packet may be defined by the following Golang language syntax:
type IpPacketSrcFields struct{Source IP,Source Port,Destination IP,DestinationPort,Protocol,Direction}。
s120, generating an ordered list of Packet Detection Rules (PDRs) according to Packet Filtering Control Protocol (PFCP) signaling;
the PFCP signaling may be issued to the UPF by a Session Management Function (SMF) in the core network, and the PFCP signaling indicates a Service Data Flow (SDF) bound to each PDR, which may be used as a basis for sorting the PDRs. On this basis, in this embodiment, the generation of the ordered table of the PDR can be realized according to the PFCP signaling, which protects the security of the entire network, and is efficient, fast, and transparent.
Further, the PDRs in the ordered list are arranged according to a certain arrangement order, and the ordered elements include at least one of a matching field set, a priority, a field number of a matching rule, and a PDR corresponding to the matching field set. Specifically, the set of matching fields may indicate which fields are included in one PDR, and the fields included in one PDR do not necessarily correspond exactly to the six fields of the packet characteristic value. For example, a PDR may only contain two fields, the destination IP and the rule direction, and only compare if the two fields are consistent with the packet characteristic value. The priority may be set to 1-255, where 1 represents the highest priority and 255 represents the lowest priority. The number of fields of the matching rule may represent the number of fields of one PDR. The number of fields of the matching rule in this embodiment should be less than or equal to 6. The matched PDR may be a specific Rule corresponding to the matched field set, and the specific Rule may include at least one of a Packet Detection Rule (PDR), a forwarding operation Rule (FAR), a quality of service Enforcement Rule (QER), and a Usage Reporting Rule (URR).
Illustratively, the sorted elements (pdRFields) can be described by the following Golang language syntax:
type PDRFields struct{
fields [ ] MatchField// matching field set
Precedence agent 32// priority
Number of Count int// match fields for sorting
The target result of the Pdr PacketDetectionRule// query, namely the PDR corresponding to the matching field set
}
S130, comparing the packet detection rule field sets corresponding to the PDRs with the characteristic values in sequence according to the arrangement sequence of the PDRs in the ordered list until the PDRs matched with the data packets are determined.
Specifically, a plurality of PDRs are arranged in sequence in the ordered list, each PDR is sequentially compared with the characteristic value of the data packet, and if all the fields are consistent, the matching is successful; if at least one field is inconsistent, the matching is unsuccessful, and whether the next PDR is matched or not is continuously judged until the matched PDR with the highest priority is found.
For example, for a PDR, the process of determining whether it matches a packet can be described by the following Golang language syntax:
type MatchPDR struct{
FieldSet [ ] MatchField// the PDR match field set
SrcField IppacktSrcFields// packet eigenvalue
Result pool// whether the matching field set of the PDR matches the packet characteristic value
The target result of the Pdr PacketDetectionRule// query, i.e. the PDR
}
Wherein packet detetectionrule may be understood as a reference to packet detetectionrule.
According to the technical scheme of the embodiment, the characteristic value of the data packet is extracted, and the ordered list of the PDR is generated according to the PFCP signaling, so that the data structure of the PDR is consistent with the characteristic value, and the comparison is convenient; on the basis, according to the arrangement sequence of the PDRs in the ordered list, the packet detection rule field sets corresponding to the PDRs are sequentially compared with the characteristic values until the PDRs matched with the data packets are determined, the technical problem that the multi-PDR sorting and matching performance is insufficient is solved, and efficient matching of the characteristic values of the data packets and the PDR rule with the highest priority is achieved.
Example two
Fig. 2 is a flowchart of a method provided in the second embodiment of the present invention, and this embodiment further optimizes based on the foregoing embodiments, and adds "generating an ordered list of PDRs according to a PFCP signaling" and "comparing packet detection rule field sets corresponding to PDRs with feature values in sequence according to an arrangement order of PDRs in the ordered list until determining a PDR feature matched with a data packet", which specifically includes the following steps:
and S210, extracting the characteristic value of the data packet.
The characteristic value of the data packet comprises a quintuple and a data flow direction.
S220, determining the SDF of each PDR according to the PFCP signaling, and converting each SDF into a regular character string.
The PFCP signaling indicates the SDF bound by each PDR, and the SDF can be used as a basis for generating an ordered table, so that the ordering performance of multiple SDFs in multiple PDRs is improved. Each SDF can be converted into a regular string for ease of parsing and validation.
And S230, analyzing each rule character string to a set data structure to obtain a corresponding packet filter set.
The set data structure is consistent with the characteristic value structure of the data packet, and the regular character strings of the PDRs are analyzed into the data structure corresponding to the characteristic value of the data packet, so that comparison in the matching process is facilitated, and the matching efficiency is improved.
Illustratively, parsing each rule string into a set data structure (ippacketfilteset) may be described by the following Golang language:
on this basis, the set data structure is a packet filter set corresponding to the PDR, and the fields in the packet filter set are consistent with the elements of the data packet characteristic values, that is, the packet filter set also includes six fields, so that the PDRs can be sorted according to the packet filter set to generate an ordered table.
Optionally, before parsing the rule character string into the setting data structure, the method further includes: and checking the validity of each rule character string based on a regular checking algorithm.
Where a canonical verification algorithm can be used to verify whether a string conforms to a specified characteristic. The effectiveness of each regular character string is checked through the regular checking algorithm, the checking efficiency is high, the regular algorithm can realize the checking, searching and replacing of the character strings through a dynamic expression supported by most languages and databases, and the method has better flexibility. The present embodiment may use a specific regular expression to check the rule string for validity of the input rule.
For example, the regular expression employed in the present embodiment can be expressed as:
regexp.MustCompile(`^[]*(permit|deny)[]+(out|in)[]+(.+)[]from[]+(.+)[]to[]+(.*)$`)。
optionally, S230, parsing each rule character string into a setting data structure, including:
s231, converting the character strings in the IP/mask format in each rule character string into net of Golang; s232, converting the character string in the port-port format in each rule character string into a port range format;
and S233, determining the direction of the corresponding PDR according to the source interface field in each rule character string.
In this embodiment, a net.parseicidr function in Golang may be used to convert a string in IP/MASK (MASK) format to net.ipnet.
In addition, a port-port (port-port) format string portStr in each rule string may be parsed into a port range (PortRange) format. Illustratively, the port portStr: "5000", port range: 6000-; if the port resolution is 5000, the port resolution is as follows: 5000-; if the result is' 6000-; if the size port needs to be exchanged after the analysis of 8000- & ltSUB & gt 6000- & ltSUB & gt, the final small port is 6000, and the final large port is 8000.
Further, the direction of the corresponding PDR may be determined according to a source interface field (SourceInterface). Specifically, the source interface is a source interface derived from a PFCP signaling, and may be used to indicate a source of a received data packet and may reflect a direction of the data packet. The direction of the data packet includes: uplink and downlink. The uplink indicates that the terminal user sends a data packet to the network side, and the downlink indicates that the network side sends the data packet to the terminal user. In this embodiment, the direction of the packet in the UPF is determined not by the regular string out/in, but by the SourceInterface in the regular string.
S240, sorting the PDRs according to the packet filter sets of the PDRs to generate an ordered table.
The PDRs in the ordered list are arranged according to a certain arrangement sequence, and the ordered elements may include a matching field set, a priority, the number of fields of a matching rule, and PDRs corresponding to the matching field set.
Optionally, S240, sorting the PDRs according to their packet filter sets to generate an ordered table, including:
s241, sorting the packet filter sets from high to low according to the priority, wherein the packet filter sets with the same priority are arranged from high to low according to the number of fields;
s242, mapping each packet filter set to a rule matching domain to obtain a packet detection rule field set of each PDR;
and S243, generating an ordered table according to the packet detection rule field set of each PDR.
The priorities may be set to 1-255, where 1 represents the highest priority, 255 represents the lowest priority, and the PDRs are sorted from high to low according to the priorities in the packet filter set, and if there are PDRs with the same priority, the PDRs may be further sorted from many to few according to the number of fields, for example, the priorities of PDR1 and PDR2 are both 1, but PDR1 includes three matching fields, and PDR2 includes two matching fields, and PDR1 is arranged before PDR 2.
By mapping the packet filter set to the rule matching domain, it is possible to find out which matching field or fields each PDR rule specifically contains, thereby obtaining the packet detection rule field set of each PDR. Only the matching fields existing in each PDR can be recorded in the ordered list, the fields existing in the PDRs can be directly compared in the matching process, and the fields which do not exist can be directly skipped, so that the efficiency of data packet matching is improved.
Optionally, in S242, mapping each packet filter set to the rule matching domain to obtain a packet detection rule field set of each PDR, including:
s2421, traversing each packet filter set, and adding fields appearing in each packet filter set to a matching field set corresponding to the packet filter set;
s2422, recording the priority and the field number of the matching field set corresponding to each packet filter set;
s2423, determining the packet detection rule field set of each PDR according to the matching field set, the priority and the field number corresponding to each packet filter set.
Specifically, for a PDR, each matching field has an ID value (e.g., NameIndex), and for a packet filter set of a PDR, whether each matching field appears in the packet filter set may be represented by whether countField is true; if the field matching field exists, the field matching field is added to an array (i.e., a packet detection rule field set, pdrsfieldlist), where the field matching field is included in the PDR. An ordered table may be generated from the set of packet detection rule fields.
Wherein, mapping each packet filter set (ippacketfiltterset) to a rule matching field (MatchField) can be described by the following gold language:
the IpPacketFilterSet is mapped into PDRFields;
the matchField variable is set, and the field repeated appearance flag countField [ NameIndex _ max ] boy
And traversing the IppackFilterSet to generate a matching field set:
and recording the priority of the field set and the number of fields in the field set, and accordingly obtaining the packet detection rule field set of each PDR.
And S250, comparing the packet detection rule field set corresponding to each PDR with the characteristic values in sequence according to the arrangement sequence of the PDRs in the ordered list until the PDR matched with the data packet is determined.
Optionally, S250, includes:
s2501, traversing each PDR according to the arrangement sequence of the PDRs in the ordered list;
s2502, comparing the field corresponding to the current PDR with the characteristic value;
s2503, each field corresponding to the current PDR matches with a corresponding one of the feature values? If so, executing S2504, otherwise, returning to S2501 and continuing to traverse the next PDR.
S2505, taking the current PDR as the PDR matched with the data packet, and stopping traversing.
The process of sequentially comparing the fields corresponding to each PDR with the characteristic values according to the arrangement sequence of the PDRs in the ordered list until determining the PDR' matched with the data packet can be described by the following Golang language:
inputting parameters: ordered tables (OrderlyFielddNumPDRs), packet characteristic values (IPacketSrcfields);
and returning: MatchPDR, i.e., matched PDR;
traversing the ordered list of OrderlyFielddNumpDs, finding the first PDR that completely matches the packet's characteristic value (i.e., each matching field present in the PDR can match a corresponding entry in the packet's characteristic value), i.e., a successful match, exiting traversal:
it can be understood that, in the embodiment of the present invention, a plurality of PDRs are arranged in an ordered table in sequence, and each PDR is sequentially compared with a feature value of a data packet, and if all the fields are consistent, the matching is successful; if at least one field is inconsistent, the matching is unsuccessful, and whether the next PDR is matched or not is continuously judged until the matched PDR with the highest priority is found. By comparing the packet detection rule field sets corresponding to the PDRs with the characteristic values until the PDR with the highest priority matched with the data packet is determined, the efficient and reliable data packet filtering rule is provided for the UPF.
The following illustrates the entire matching process of the PDR by way of an example:
a data packet, the quintuple of which is;
source IP: src: 10.88.130.128
Destination IP: DST: 10.88.130.2
③ protocol type: protocol: UDP (17)
Fourthly, source port: src Port: 2125
A destination port: DstPort: 2125
The PFCF signaling indicates that there are three PDRs, PDR1, PDR2, PDR3, whose priorities and field lengths are as follows:
PDR1:
the direction is as follows: source Interface: access, being uplink
Priority: precedence: 255
SDF:permit out ip from 10.88.130.2/245000to 10.88.130.128/246000-8000
Wherein, the number of the fields is 6: (upstream) + (protocol type IP) + (source IP 10.88.130.128) + (destination IP 10.88.130.2) + (source port 5000) + (destination port 6000-;
PDR2:
the direction is as follows: source Interface: access, being uplink
Priority: precedence: 1
SDF:permit out ip from 10.88.130.2/245000to 10.88.130.128/246000-8000
Wherein, the number of the fields is 6: (upstream) + (protocol type IP) + (source IP 10.88.130.128) + (destination IP 10.88.130.2) + (source port 5000) + (destination port 6000-;
PDR3:
the direction is as follows: source Interface: access, being uplink
Priority: precedence: 255
SDF:permit out ip from 10.88.130.2/24to 10.88.130.128/24
Wherein, the number of the fields is 4: (directional upstream) + (protocol type IP) + (source IP 10.88.130.128) + (destination IP 10.88.130.2).
The ordering of these three PDRs results in PDR2> PDR1> PDR 3.
Judging whether the elements in the quintuple are matched with each PDR, specifically:
if the direction of the PDR is upstream,
executing the uplink PDR query;
the current highest priority PDR is found (1 above 255),
finding the PDR with the most fields under the highest priority
Comparing whether the matching field existing in the PDR is matched with the characteristic value of the data packet or not;
if not, the PDR direction is downlink,
then a downlink PDR query (refer to the uplink PDR query described above) is performed.
According to the technical scheme of the embodiment, the SDF of each PDR is determined according to the PFCP signaling and converted into the regular character string as a basis for generating the ordered list, so that the ordering performance of multiple SDFs in multiple PDRs is improved; the rule character strings are analyzed to the set data structure, the set data structure is consistent with the characteristic value structure of the data packet, comparison is convenient in the matching process, and matching efficiency is improved; by carrying out regular inspection on each regular character string, the effectiveness of the regular character strings can be ensured, and the reliability of the matching process is improved; by recording the matching fields in each PDR in the ordered list, the fields in the PDR can be directly compared in the matching process, and the fields which do not exist can be directly skipped, so that the efficiency of data packet matching can be further improved.
EXAMPLE III
Fig. 4 is a schematic structural diagram of a packet inspection rule matching device according to a fourth embodiment of the present invention, which is capable of executing a packet inspection rule matching method according to any embodiment of the present invention, and has functional modules and beneficial effects corresponding to the execution method. The embodiment can be applied to the environment of PDR matching of the data packet. The device includes: an extraction module 310, a generation module 320, and a matching module 330.
An extracting module 310, configured to extract a feature value of a packet, where the feature value includes a quintuple and a data flow direction;
a generating module 320, configured to generate an ordered table of PDRs according to the PFCP signaling;
and the matching module 330 is configured to compare fields corresponding to each PDR with the characteristic values in sequence according to the arrangement order of the PDRs in the ordered table until the PDR matched with the data packet is determined.
Further, the generating module 320 further includes:
a PDR sorting unit, configured to determine a service data flow SDF of each PDR according to the PFCP signaling, and convert each SDF into a rule string; analyzing each rule character string to a set data structure to obtain a corresponding packet filter set; sorting the PDRs according to their packet filter sets to generate the ordered table.
Further, the PDR sorting unit further includes:
a string check component for, before parsing the rule string into a set data structure, further comprising: and checking the validity of each rule character string based on a regular checking algorithm.
Further, the PDR sorting unit further includes:
a character string conversion component for converting the character string in the IP/mask format in each regular character string into a net of Golang, IPNet type; converting the character string of the port-port format in each rule character string into a port range format; and determining the direction of the corresponding PDR according to the source interface field in each rule character string.
Further, the PDR sorting unit further includes:
the ordered table generation component is used for sequencing each packet filter set from high to low according to the priority, wherein the packet filter sets with the same priority are arranged from high to low according to the number of fields; mapping each packet filter set to a rule matching domain to obtain a packet detection rule field set of each PDR; and generating the ordered table according to the packet detection rule field set of each PDR.
Further, the ordered table generating component further includes:
the ordered table generation sub-component is used for traversing each packet filter set and adding fields appearing in each packet filter set to a matching field set corresponding to the packet filter set; recording the priority and the number of fields of a matching field set corresponding to each packet filter set; and determining the packet detection rule field set of each PDR according to the matching field set, the priority and the field number corresponding to each packet filter set.
Further, the matching module further includes:
the characteristic value comparison unit is used for traversing each PDR according to the arrangement sequence of the PDRs in the ordered list and comparing the field corresponding to the current PDR with the characteristic value; if each field corresponding to the current PDR is matched with the corresponding value in the characteristic values, taking the current PDR as the PDR matched with the data packet, and stopping traversing; otherwise, the next PDR is traversed.
According to the technical scheme of the embodiment, the characteristic value of the data packet is extracted, and the ordered list of the PDR is generated according to the PFCP signaling, so that the data structure of the PDR is consistent with the characteristic value, and the comparison is convenient; on the basis, according to the arrangement sequence of the PDRs in the ordered list, the packet detection rule field sets corresponding to the PDRs are sequentially compared with the characteristic values until the PDRs matched with the data packets are determined, the technical problem that the multi-PDR sorting and matching performance is insufficient is solved, and efficient matching of the characteristic values of the data packets and the PDR rule with the highest priority is achieved.
Example four
Fig. 4 is a schematic structural diagram of a computer-readable storage medium according to a fifth embodiment of the present invention. Fig. 4 illustrates a block diagram of a terminal 412 suitable for use in implementing embodiments of the present invention. The terminal 412 shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 4, the terminal 412 is represented in the form of a general purpose computing device and has functions of saving pictures by taking pictures, screenshots, and the like, and translating. The components of the terminal 412 may include, but are not limited to: one or more processors 416, a storage device 428, and a bus 418 that couples the various system components including the storage device 428 and the processors 416.
Storage 428 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)430 and/or cache memory 432. The terminal 412 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 434 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 4, commonly referred to as a "hard drive"). Although not shown in FIG. 4, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 418 by one or more data media interfaces. Storage 428 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program 440 having a set (at least one) of program modules 442 may be stored, for instance, in storage 428, such program modules 442 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination may include an implementation of a network environment. The program modules 442 generally perform the functions and/or methodologies of the described embodiments of the invention.
The terminal 412 may also communicate with one or more external devices 414 (e.g., keyboard, pointing device, camera, display 424, etc.), one or more devices that enable a user to interact with the terminal 412, and/or any device (e.g., network card, modem, etc.) that enables the terminal 412 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interfaces 422. Also, the terminal 412 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) through the network adapter 420. As shown, the network adapter 420 communicates with the other modules of the terminal 412 over a bus 418. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the terminal 412, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processor 416 executes various functional applications and data processing by executing programs stored in the storage device 428, for example, implementing the packet detection rule matching method provided by the above-described embodiment of the present invention.
EXAMPLE six
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a method for matching packet detection rules, the method including:
extracting characteristic values of the data packets, wherein the characteristic values comprise quintuple and data flow direction;
generating an ordered table of Packet Detection Rules (PDRs) according to Packet Filtering Control Protocol (PFCP) signaling;
and comparing the packet detection rule field set corresponding to each PDR with the characteristic values in sequence according to the arrangement sequence of the PDRs in the ordered list until the PDR matched with the data packet is determined.
Of course, the storage medium containing the computer-executable instructions provided by the embodiments of the present invention is not limited to the method operations described above, and may also perform related operations in the packet detection rule matching method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the above search apparatus, each included unit and module are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (8)
1. A method for matching packet inspection rules, comprising:
extracting characteristic values of the data packets, wherein the characteristic values comprise quintuple and data flow direction;
generating an ordered table of Packet Detection Rules (PDRs) according to Packet Filtering Control Protocol (PFCP) signaling;
comparing the packet detection rule field set corresponding to each PDR with the characteristic values in sequence according to the arrangement sequence of the PDRs in the ordered list until the PDR matched with the data packet is determined;
the generating of the ordered table of packet detection rules PDRs according to PFCP signaling comprises:
determining a service data flow SDF of each PDR according to the PFCP signaling, and converting each SDF into a regular character string;
analyzing each rule character string to a set data structure to obtain a corresponding packet filter set;
sorting the PDRs according to their packet filter sets to generate the ordered table;
sorting each PDR according to its packet filter set to generate the ordered table, comprising:
sorting the packet filter sets according to the priorities from high to low, wherein the packet filter sets with the same priority are arranged according to the number of fields from high to low;
mapping each packet filter set to a rule matching domain to obtain a packet detection rule field set of each PDR;
and generating the ordered table according to the packet detection rule field set of each PDR.
2. The method of claim 1, further comprising, prior to parsing the rule string into a set data structure:
and checking the validity of each rule character string based on a regular checking algorithm.
3. The method of claim 1, wherein parsing the rule string into a set data structure comprises:
converting the character string in the IP/mask format in each regular character string into net of Golang, IPNet type;
converting the character string of the port-port format in each rule character string into a port range format;
and determining the direction of the corresponding PDR according to the source interface field in each rule character string.
4. The method of claim 1, wherein mapping each packet filter set to a rule matching field to obtain a packet detection rule field set for each PDR comprises:
traversing each packet filter set, and adding fields appearing in each packet filter set to a matching field set corresponding to the packet filter set;
recording the priority and the field number of the matched field set corresponding to each packet filter set;
and determining the packet detection rule field set of each PDR according to the matching field set, the priority and the field number corresponding to each packet filter set.
5. The method of claim 1, wherein comparing the fields corresponding to each PDR with the feature values in sequence according to the arrangement order of the PDRs in the ordered table until the PDR matching the data packet is determined, comprises:
traversing each PDR according to the arrangement sequence of the PDRs in the ordered list, and comparing the field corresponding to the current PDR with the characteristic value;
if each field corresponding to the current PDR is matched with a corresponding value in the characteristic values, taking the current PDR as the PDR matched with the data packet, and stopping traversing; otherwise, the next PDR is traversed.
6. A packet inspection rule matching apparatus, comprising:
the extraction module is used for extracting the characteristic value of the data packet, wherein the characteristic value comprises a quintuple and a data flow direction;
the generating module is used for generating an ordered table of packet detection rules PDR according to the packet filtering control protocol PFCP signaling;
the matching module is used for sequentially comparing the fields corresponding to each PDR with the characteristic values according to the arrangement sequence of the PDRs in the ordered list until the PDR matched with the data packet is determined;
the generation module further comprises:
the PDR sequencing unit is used for determining the SDF of the service data flow of each PDR according to the PFCP signaling and converting each SDF into a regular character string; analyzing each rule character string to a set data structure to obtain a corresponding packet filter set; sorting each PDR according to its packet filter set to generate the ordered table;
the PDR sorting unit further includes:
the ordered table generation component is used for sequencing each packet filter set from high to low according to the priority, wherein the packet filter sets with the same priority are arranged from high to low according to the number of fields; mapping each packet filter set to a rule matching domain to obtain a packet detection rule field set of each PDR; and generating the ordered table according to the packet detection rule field set of each PDR.
7. A network element, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the packet detection rule matching method of any one of claims 1-5.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the packet detection rule matching method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111542929.3A CN114189572B (en) | 2021-12-16 | 2021-12-16 | Packet detection rule matching method, device, network element and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111542929.3A CN114189572B (en) | 2021-12-16 | 2021-12-16 | Packet detection rule matching method, device, network element and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114189572A CN114189572A (en) | 2022-03-15 |
| CN114189572B true CN114189572B (en) | 2022-09-06 |
Family
ID=80605310
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111542929.3A Active CN114189572B (en) | 2021-12-16 | 2021-12-16 | Packet detection rule matching method, device, network element and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114189572B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018090253A1 (en) * | 2016-11-16 | 2018-05-24 | 深圳达闼科技控股有限公司 | Message matching method, message matching apparatus, computer program product, and electronic device |
| CN113302979A (en) * | 2021-04-12 | 2021-08-24 | 香港应用科技研究院有限公司 | Method for accelerating Packet Detection Rule (PDR) matching and packet processing in User Plane Function (UPF) module in communication network |
| CN113688289A (en) * | 2020-05-19 | 2021-11-23 | 中移(成都)信息通信科技有限公司 | Data packet key field matching method, device, equipment and storage medium |
| CN113794690A (en) * | 2021-08-20 | 2021-12-14 | 山石网科通信技术股份有限公司 | Data processing method, data processing device, nonvolatile storage medium and processor |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9324039B2 (en) * | 2013-11-27 | 2016-04-26 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Incremental updates for ordered multi-field classification rules when represented by a tree of longest prefix matching tables |
| CN106790170B (en) * | 2016-12-29 | 2020-05-12 | 杭州迪普科技股份有限公司 | Data packet filtering method and device |
| CN109639694A (en) * | 2018-12-20 | 2019-04-16 | 国云科技股份有限公司 | A kind of data packet matched algorithm of firewall of rule-based tree retrieval |
| CN109729082B (en) * | 2018-12-25 | 2021-11-19 | 国云科技股份有限公司 | Firewall rule matching method based on characteristic value generation and retrieval |
| CN112105088B (en) * | 2019-06-17 | 2023-04-07 | 华为技术有限公司 | Multicast communication method, device and system |
| EP3869851B1 (en) * | 2020-02-18 | 2023-09-27 | Nokia Technologies Oy | User plane function (upf) control with coexistence of policy control and packet filters dynamically generated at the session management function (smf) |
| CN112566185B (en) * | 2020-12-18 | 2023-11-21 | 京信网络系统股份有限公司 | Base station service data distribution method, device, storage medium and base station |
-
2021
- 2021-12-16 CN CN202111542929.3A patent/CN114189572B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018090253A1 (en) * | 2016-11-16 | 2018-05-24 | 深圳达闼科技控股有限公司 | Message matching method, message matching apparatus, computer program product, and electronic device |
| CN113688289A (en) * | 2020-05-19 | 2021-11-23 | 中移(成都)信息通信科技有限公司 | Data packet key field matching method, device, equipment and storage medium |
| CN113302979A (en) * | 2021-04-12 | 2021-08-24 | 香港应用科技研究院有限公司 | Method for accelerating Packet Detection Rule (PDR) matching and packet processing in User Plane Function (UPF) module in communication network |
| CN113794690A (en) * | 2021-08-20 | 2021-12-14 | 山石网科通信技术股份有限公司 | Data processing method, data processing device, nonvolatile storage medium and processor |
Non-Patent Citations (1)
| Title |
|---|
| 基于规则优化与排序的恶意代码匹配检测;叶清等;《海军工程大学学报》;20100815(第04期);106-111 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114189572A (en) | 2022-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112491901B (en) | Network flow fine screening device and method | |
| US9356844B2 (en) | Efficient application recognition in network traffic | |
| US9806974B2 (en) | Efficient acquisition of sensor data in an automated manner | |
| US20110016154A1 (en) | Profile-based and dictionary based graph caching | |
| CN109450900B (en) | Mimicry judgment method, device and system | |
| WO2022088779A1 (en) | Deep packet processing method and apparatus, electronic device, and storage medium | |
| CN114157502B (en) | Terminal identification method and device, electronic equipment and storage medium | |
| WO2014000485A1 (en) | Content filtration method and device | |
| CN113438252B (en) | Message access control method, device, equipment and storage medium | |
| WO2021047402A1 (en) | Application identification method and apparatus, and storage medium | |
| US9444828B2 (en) | Network intrusion detection apparatus and method using Perl compatible regular expressions-based pattern matching technique | |
| CN113114707B (en) | Rule filtering method for power chip Ethernet controller | |
| US20160028631A1 (en) | System and method for range matching | |
| CN104333461A (en) | Identification method, system and identification device for internet application flow | |
| CN114189572B (en) | Packet detection rule matching method, device, network element and storage medium | |
| CN108989301A (en) | A kind of network flow data index method, equipment and storage medium indexed more | |
| WO2023082605A1 (en) | Http message extraction method and apparatus, and medium and device | |
| WO2020019524A1 (en) | Data processing method and device | |
| Hsiao et al. | High-throughput intrusion detection system with parallel pattern matching | |
| WO2021128936A1 (en) | Message processing method and apparatus | |
| WO2016101552A1 (en) | Message detection method and device, and storage medium | |
| CN112583832A (en) | DPI-based application layer protocol identification method and system | |
| CN116633865B (en) | Network flow control method and device, electronic equipment and storage medium | |
| CN114826775B (en) | Method, device, system, equipment and medium for generating filtering rule of data packet | |
| WO2024045460A1 (en) | Node determination method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |