CN115242641B - Method and device for previewing strategy issuing result and computer equipment - Google Patents
Method and device for previewing strategy issuing result and computer equipment Download PDFInfo
- Publication number
- CN115242641B CN115242641B CN202110440457.4A CN202110440457A CN115242641B CN 115242641 B CN115242641 B CN 115242641B CN 202110440457 A CN202110440457 A CN 202110440457A CN 115242641 B CN115242641 B CN 115242641B
- Authority
- CN
- China
- Prior art keywords
- policy
- issued
- target
- strategy
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004590 computer program Methods 0.000 claims description 8
- 238000001514 detection method Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008094 contradictory effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0893—Assignment of logical groups to network elements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a strategy issuing result preview method, which comprises the following steps: acquiring a strategy to be issued, and determining a target packet network and nodes in the target packet network, which need to be issued by the strategy to be issued; judging whether the existing target strategy on the node in the target packet network conflicts with the strategy to be issued or not; if the strategy to be issued conflicts with the target strategy, identifying a target node corresponding to the target strategy, and outputting a preview result. The invention also provides a strategy issuing result preview device, computer equipment and a computer readable storage medium. The method and the device can quickly preview the strategy issuing result, and avoid the problems that the time consumption is too long and the efficiency is too low in the strategy issuing detection process.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method and apparatus for previewing a policy issuing result, a computer device, and a computer readable storage medium.
Background
With the development of network technology and the deep application of networks, the complexity of networks is continuously improved, and the requirements on network equipment management are also increasing. The complexity of the network makes the managed network devices exhibit the characteristic of decentralized management in the system, so that an administrator is mostly adopted to perform centralized management on all decentralized network devices. The centralized management means that a centralized control device in a network device management system issues a strategy to a plurality of network devices needing centralized management, so that unified supervision is realized; and a plurality of network devices mostly show a tree-like multi-layer structure according to the distance relation.
Generally, an administrator may directly issue a policy to each network packet network, and then the respective network packet network performs a corresponding service or function according to the issued policy and a preset policy enforcement rule. For example, in the field of computer security, an administrator may issue a policy for configuring security management for a terminal; the terminal may then perform corresponding security measures, such as preventing computer viruses, or constructing firewalls, etc., based on the issued policies.
However, policies issued by an administrator are issued to nodes of each level of the packet network layer by layer through the network, and an unsuccessful policy issuing often occurs. In the prior art, for the case of unsuccessful policy issuing in a packet network, policy issuing detection needs to be performed on each node in the packet network, so as to locate the node and the reason of unsuccessful policy issuing. Therefore, it is too long and inefficient.
Disclosure of Invention
In view of this, the present invention provides a method, apparatus, computer device and computer readable storage medium for previewing policy issuing results, which can rapidly preview policy issuing results, so as to avoid the problems of too long time and too low efficiency in the policy issuing detection process.
Firstly, in order to achieve the above objective, the present invention provides a method for previewing a policy issuing result, where the method includes:
acquiring a strategy to be issued, and determining a target packet network and nodes in the target packet network, which need to be issued by the strategy to be issued; judging whether the existing target strategy on the node in the target packet network conflicts with the strategy to be issued or not; if the strategy to be issued conflicts with the target strategy, identifying a target node corresponding to the target strategy, and outputting a preview result.
Preferably, the policy to be issued includes a policy type and a policy merging mode, the policy type includes a strong policy and a weak policy, and the policy merging mode includes a policy additional merging and a policy overlay merging.
Preferably, the determining whether the policy to be issued and the target policy have a conflict includes: if the policy type of the policy to be issued is a weak policy and the data format of the policy value of the target policy is a basic data type, judging that the policy to be issued has conflict with the target policy; or if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy coverage merging, and the data format of the policy value of the target policy is a list type or map type data type, then determining that the policy to be issued has conflict with the target policy.
Preferably, the determining whether the policy to be issued and the target policy have a conflict includes: if the policy type of the policy to be issued is a strong policy, judging that the policy to be issued does not conflict with the target policy; or if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy additional merging, and the data format of the policy value of the target policy is a list type or map type data type, judging that the policy to be issued and the target policy have no conflict.
Preferably, the identifying the target node corresponding to the target policy, and outputting the preview result, includes: outputting each node of the target packet network in a graph form, and marking the target node as policy undeliverable.
Preferably, the method further comprises: acquiring the service type of the strategy to be issued and the operating system type of the node; inquiring whether the service type of the strategy to be issued is matched with the operating system type of the node or not from a preset strategy constraint rule, wherein the strategy constraint rule comprises a matching relation between the strategy of each service type and the applicable operating system type; if the policies are not matched, the policies to be issued are directly returned to be unable to be issued.
In addition, in order to achieve the above object, the present invention further provides a device for previewing a policy issuing result, where the device includes:
the acquisition module is used for acquiring a strategy to be issued and determining a target packet network to be issued by the strategy to be issued and nodes in the target packet network; the judging module is used for judging whether the conflict exists between the existing target strategy and the strategy to be issued on the node in the target packet network; and the preview module is used for identifying a target node corresponding to the target policy and outputting a preview result if the strategy to be issued collides with the target policy.
Preferably, the policy to be issued includes a policy type and a policy merging mode, the policy type includes a strong policy and a weak policy, and the policy merging mode includes a policy additional merging and a policy overlay merging.
Preferably, the determining module is further configured to determine that a conflict exists between the policy to be issued and the target policy if the policy type of the policy to be issued is a weak policy and the data format of the policy value of the target policy is a basic data type.
Preferably, the determining module is further configured to determine that a conflict exists between the policy to be issued and the target policy if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy coverage merging, and the data format of the policy value of the target policy is a list type or a map type data type.
Furthermore, the invention also provides a computer device, which comprises a memory and a processor, wherein the memory stores a computer program which can be run on the processor, and the computer program realizes the steps of the strategy issuing result preview method when being executed by the processor.
Further, to achieve the above object, the present invention also provides a computer-readable storage medium storing a computer program executable by at least one processor to cause the at least one processor to perform the steps of the policy issuing result preview method as described above.
Compared with the prior art, the method, the device, the computer equipment and the computer readable storage medium for previewing the strategy issuing result can acquire the strategy to be issued and determine the target packet network and the nodes in the target packet network which need to be issued by the strategy to be issued; judging whether the existing target strategy on the node in the target packet network conflicts with the strategy to be issued or not; if the strategy to be issued conflicts with the target strategy, the target node corresponding to the target strategy is identified, and a preview result is output, so that the strategy issuing result can be quickly previewed, and the problems that the time consumption of the strategy issuing detection process is too long and the efficiency is too low are avoided.
Drawings
FIG. 1 is a schematic view of an application environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for previewing policy issuing results according to an embodiment of the present invention;
FIG. 3 is a diagram of the hierarchical topology of various nodes in a packet network according to an exemplary embodiment of the present invention;
FIG. 4 is a flowchart illustrating an exemplary policy issuing results preview in accordance with the present invention;
FIG. 5 is a schematic diagram illustrating a program module of an embodiment of a policy issuing result previewing apparatus according to the present invention;
FIG. 6 is a schematic diagram of an alternative hardware architecture of the computer device of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
It should be noted that the description herein of "first," "second," etc. is for descriptive purposes only and is not to be construed as indicating or implying a relative importance or implying an indication of the number of technical features being indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary to base that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be regarded as not exist and not within the protection scope of the present application.
FIG. 1 is a schematic view of an application environment according to an embodiment of the present application. Referring to fig. 1, the computer device 1 is connected to a plurality of packet networks, each including a plurality of nodes. The computer device 1 may issue policies to any packet network, and then the issued policies may be transferred layer by layer among the nodes in the packet network, so that the nodes of the entire packet network receive the policies issued by the computer device 1. The computer device 1 may further execute a policy issuing result preview on the packet network, specifically including: acquiring a strategy to be issued, and determining a target packet network and nodes in the target packet network, which need to be issued by the strategy to be issued; judging whether the existing target strategy on the node in the target packet network conflicts with the strategy to be issued or not; if the strategy to be issued conflicts with the target strategy, identifying a target node corresponding to the target strategy, and outputting a preview result.
In this embodiment, the computer device 1 may be a mobile phone, a tablet, a portable device, a PC, or a server; of course, the computer device 1 is usually present as a server. The packet network is generally a packet network formed by connecting together through wires or wirelessly, and comprises a plurality of nodes, wherein each node can correspond to one terminal device, and can be a mobile phone, a tablet, a portable device, a PC or a server; each node may also correspond to a user, or an account of the user, so that access rights, operation rights, and the like of the user are configured through policy issuing. Of course, each node may also be regarded as a sub-packet network comprising a plurality of terminal devices, and then, after receiving the policy issued by the computer device 1, the node may synchronize to all the terminal devices within the range of the node.
Example 1
Fig. 2 is a flowchart of an embodiment of a method for previewing a policy issuing result. It will be appreciated that the flow charts in the method embodiments are not intended to limit the order in which the steps are performed. An exemplary description will be made below with the computer apparatus 1 as an execution subject.
As shown in fig. 2, the policy issuing result preview method may include steps S200 to S204.
Step S200, obtaining a strategy to be issued, and determining a target packet network and nodes in the target packet network, wherein the strategy to be issued needs to be issued.
Specifically, the computer device 1 may provide an interactive interface for the user to input the policy to be issued, or provide a data interface, and then receive, through the data interface, the policy to be issued sent by the user from other devices. Next, the computer device 1 obtains a policy identifier of the policy to be issued. In this embodiment, the policy to be issued further includes a policy type and a policy merging manner, where the policy type includes a strong policy and a weak policy, and the policy merging manner includes policy additional merging and policy overlay merging. In the packet network, for a strong policy, the policy configured by an upper node is higher in priority than the policy configured by a lower node; for weak strategies, the strategy configured by the upper node is lower in priority than the strategy configured by the lower node; the policy merging mode refers to whether the same policy needs to cover a new policy value to an old policy value or add the new policy value to coexist with the old policy value in the updating process, and the new policy value and the old policy value are mutually complemented.
When the policy to be issued is input or sent to the computer device 1, the policy attribute generally has the above policy attribute, so as to indicate how the policy to be issued realizes configuration update; therefore, the computer device 1 can simultaneously obtain the policy type and the policy merging mode corresponding to the policy to be issued after receiving the policy to be issued.
Next, the computer device 1 further obtains target packet network information to be issued the policy to be issued, including each node information in the target packet network. In this embodiment, the computer device 1 obtains the target packet network and each node in the target packet network, specifically, the target packet network is a network packet network configured by a plurality of nodes preset by a user, and each node is identified by information such as an IP address, a node name, and the like. After the computer device 1 acquires the target packet network and each node in the target packet network, it may further perform data interaction with each node.
Referring to fig. 3, a hierarchical topology effect diagram of each node in a packet network according to an exemplary embodiment of the present invention is shown. The computer equipment 1 acquires the information of the target packet network, and a tree packet network specifically comprises a root node R, primary nodes G1 and G2, secondary nodes G1-1, G1-2 and G1-3, two terminal equipment are arranged under G2, and three terminal equipment are arranged under G1-3. In this embodiment, the root nodes R, G1, G2, G1-1, G1-2, and G1-3 are all independent nodes in the target packet network, and may be issued the policy to be issued. And the G2 comprises two terminal devices and the G1-3 comprises three terminal devices, which can be regarded as two sub-packet networks, and the policy to be issued can be issued to each terminal device, however, in the policy issuing process, the computer device 1 is only responsible for issuing the policy to be issued to G2 and G1-3, and then the G2 and G1-3 synchronize the policy to be issued to the respective corresponding terminal devices.
Step S202, judging whether the conflict exists between the existing target strategy and the strategy to be issued on the node in the target packet network.
After the computer device 1 obtains the target packet network and each node in the target packet network, policy information on each node in the target packet network may be further obtained, including a policy identifier and a policy value.
In a specific embodiment, the computer device 1 searches for a target policy with the same policy identifier as the policy identifier of the policy to be issued from a target node in the target packet network, and specifically includes: acquiring an existing policy group of each node on the target packet network, the existing policy group comprising one or more policies; and searching out the strategy with the same strategy identifier as the strategy identifier of the strategy to be issued from the existing strategy group of the target node, and recording the strategy as the target strategy. The policy identifier may be a policy name, a policy number or code of a policy, or other attribute that may represent a feature of the policy. For a node, a plurality of strong and weak policy configuration items may be configured at the same time, so that the computer device 1 needs to search out a target policy with a policy identifier consistent with the policy identifier of the policy to be issued from a target node, and then acquire all policies on the target node, that is, existing policy groups, and then compare the policy identifiers, so as to search out a target policy identical to the policy identifier of the policy to be issued, that is, a policy of an old version corresponding to the policy to be issued.
Then, the computer device 1 determines whether there is a conflict between the existing target policy and the policy to be issued in the node in the target packet network, where the conflict refers to that the policy to be issued is contradicted to be issued normally, for example, when the priority of executing the policy is higher than that of the policy on the upper node, the policy on the upper node cannot be issued to the lower node successfully.
In an exemplary example, the computer device 1 determines whether there is a conflict between a target policy existing on a node in the target packet network and the policy to be issued, including: if the policy type of the policy to be issued is a weak policy and the data format of the policy value of the target policy is a basic data type, judging that the policy to be issued has conflict with the target policy; or if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy coverage merging, and the data format of the policy value of the target policy is a list type or map type data type, then determining that the policy to be issued has conflict with the target policy.
In another exemplary example, the computer device 1 determining whether there is a conflict between a target policy existing on a node in the target packet network and the policy to be issued includes: if the policy type of the policy to be issued is a strong policy, judging that the policy to be issued does not conflict with the target policy; or if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy additional merging, and the data format of the policy value of the target policy is a list type or map type data type, judging that the policy to be issued and the target policy have no conflict.
Specifically, for each policy, the policy generally exists in the form of a < key, value > key value pair, where key represents a policy identifier, value represents a policy value, and the data type of value also determines whether the new policy value and the old policy value can take effect together. For example, for weak policies, the policy configured by the upper node is lower in priority than the policy configured by the lower node, and when the policy to be issued (also referred to as a target policy on the node) is a weak policy and the policy value is of a basic data type, such as int, float, string or a pool data type, then the policy value of the target policy can only be covered in the updating process, and there is no coexistence of the new policy value and the old policy value, so that the target policy may collide with the policy to be issued. In addition, if the policy value of the target policy is list type or map type data, wherein list type data such as [1,2,3,4,5], map type data such as < name: pyy >, < age:23>, new policy values and old policy values can be written at the same time; then, the computer device 1 further determines whether the target policy has a conflict with the policy to be issued according to the policy merging manner of the policy to be issued. For example, the policy merging mode of the policy to be issued is policy coverage merging, and although the policy value of the target policy can be written with a new policy value and an old policy value at the same time, the new policy value and the old policy value exist in one, so that the new policy value and the old policy value still have conflict with the policy to be issued; when the policy merging mode of the policy to be issued is policy additional merging, the new policy value and the old policy value are indicated to be jointly effective, so that the policy to be issued cannot conflict with the policy to be issued. In addition, if the policy to be issued is a strong policy, since the strong policy is that the policy configured by the upper node is higher in priority than the policy configured by the lower node, no matter what data type the policy value of the target policy is, the policy value will not collide with the policy to be issued.
Step S204, if the strategy to be issued conflicts with the target strategy, the target node corresponding to the target strategy is identified, and a preview result is output.
After judging that the policy to be issued conflicts with the target policy, the computer device 1 further identifies a target node corresponding to the target policy, and then generates a policy issuing result preview. In a specific embodiment, the computer device 1 identifies a target node corresponding to the target policy, and outputs a preview result, including: outputting each node of the target packet network in a graph form, and marking the target node as policy undeliverable. For example, the computer device 1 provides a display interface, and then displays each node of the target packet network on the display interface to be listed in a chart form, and marks the target node, such as a color, a font or a comment, to indicate that the target node is policy-undeliverable.
Of course, in other embodiments, before executing step S202, the computer device 1 further obtains the service type to which the policy to be issued belongs and the operating system type of the node; inquiring whether the service type of the strategy to be issued is matched with the operating system type of the node or not from a preset strategy constraint rule, wherein the strategy constraint rule comprises a matching relation between the strategy of each service type and the applicable operating system type; if the policies are not matched, the policies to be issued are directly returned to be unable to be issued. For example, the policy constraint rule is a policy schema constraint specification, which specifies what kind of service type policy is applicable to what kind of operating system, so after obtaining the policy to be issued and obtaining each node in the target packet network and the target packet network, the computer device 1 may check whether the service type of the policy to be issued matches with the operating system of each node; if the service type of the policy to be issued is not matched with the operating system of the node, the computer device 1 directly determines that the node cannot issue the policy to be issued to the node for the policy to be issued. By checking the policy to be issued, illegal data can be effectively prevented from participating in the checking of other policies of the target packet network.
Referring to FIG. 4, a flowchart illustrating an exemplary policy issuing result preview according to the present invention is shown.
In this embodiment, the computer device 1 first obtains policies on all sub-packet networks, and records the policies as a policy set; filtering out a strong policy and a special type policy (namely, a weak policy, a policy value of a list type or a map type, and a policy merging mode of policy additional merging) in the policy combination according to a preset filtering rule to obtain a conflict policy, wherein the conflict policy refers to a policy which is in conflict with the storage of the policy to be issued and causes the policy to be issued to be unable to be issued normally; then screening out packet networks containing conflict strategies from all sub packet networks, and recording the packet networks as packet networks issued by the conflict strategies; the packet network issued by the contradicting strategy is the result of the result preview issued by the strategy. The invention previews the strategy issuing result of the strategy to be issued, so that an administrator can quickly sense and make corresponding adjustment when encountering unexpected strategy application conditions during strategy issuing operation.
In summary, the policy issuing result preview method provided in this embodiment may obtain a policy to be issued, and determine a target packet network and a node in the target packet network that need to be issued by the policy to be issued; judging whether the existing target strategy on the node in the target packet network conflicts with the strategy to be issued or not; if the strategy to be issued conflicts with the target strategy, the target node corresponding to the target strategy is identified, and a preview result is output, so that the strategy issuing result can be quickly previewed, and the problems that the time consumption of the strategy issuing detection process is too long and the efficiency is too low are avoided.
Example two
Fig. 5 schematically illustrates a block diagram of a policy issuing result preview device according to a second embodiment of the present application, which may be divided into one or more program modules, and one or more program modules are stored in a storage medium and executed by one or more processors to complete the embodiments of the present application. Program modules in the embodiments of the present application refer to a series of computer program instruction segments capable of implementing specific functions, and the following description specifically describes the functions of each program module in the embodiment.
As shown in fig. 5, the policy issuing result previewing apparatus 400 may include an obtaining module 410, a judging module 420, and a previewing module 430, wherein:
the obtaining module 410 is configured to obtain a policy to be issued, and determine a target packet network and a node in the target packet network that the policy to be issued needs to be issued.
A judging module 420, configured to judge whether a conflict exists between an existing target policy and the policy to be issued on a node in the target packet network.
And the preview module 430 is configured to identify a target node corresponding to the target policy if the policy to be issued collides with the target policy, and output a preview result.
In an exemplary embodiment, the policy to be issued includes a policy type and a policy merge mode, where the policy type includes a strong policy and a weak policy, and the policy merge mode includes a policy additional merge and a policy overlay merge.
Wherein, the judging module 420 is further configured to: if the policy type of the policy to be issued is a weak policy and the data format of the policy value of the target policy is a basic data type, judging that the policy to be issued has conflict with the target policy; or if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy coverage merging, and the data format of the policy value of the target policy is a list type or map type data type, then determining that the policy to be issued has conflict with the target policy. If the policy type of the policy to be issued is a strong policy, judging that the policy to be issued does not conflict with the target policy; or if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy additional merging, and the data format of the policy value of the target policy is a list type or map type data type, judging that the policy to be issued and the target policy have no conflict.
In an exemplary embodiment, the preview module 430 is further configured to: outputting each node of the target packet network in a graph form, and marking the target node as policy undeliverable.
In an exemplary embodiment, the determining module 420 is further configured to: acquiring the service type of the strategy to be issued and the operating system type of the node; inquiring whether the service type of the strategy to be issued is matched with the operating system type of the node or not from a preset strategy constraint rule, wherein the strategy constraint rule comprises a matching relation between the strategy of each service type and the applicable operating system type; if the policies are not matched, the policies to be issued are directly returned to be unable to be issued.
Example III
Fig. 6 schematically shows a hardware architecture diagram of a computer device 1 adapted to implement a policy issuing result preview method according to a third embodiment of the present application. In the present embodiment, the computer apparatus 1 is an apparatus capable of automatically performing numerical calculation and/or information processing in accordance with an instruction set or stored in advance. For example, the server may be a rack server, a blade server, a tower server, or a rack server (including a stand-alone server or a server cluster formed by a plurality of servers) with a gateway function, or the like. As shown in fig. 6, the computer device 1 includes at least, but is not limited to: the memory 510, processor 520, and network interface 530 may be communicatively linked to each other by a system bus. Wherein:
the memory 510 includes at least one type of computer-readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the memory 510 may be an internal storage module of the computer device 1, such as a hard disk or memory of the computer device 1. In other embodiments, the memory 510 may also be an external storage device of the computer device 1, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 1. Of course, the memory 510 may also include both internal memory modules of the computer device 1 and external memory devices. In this embodiment, the memory 510 is generally used to store an operating system and various application software installed on the computer device 1, such as program codes of a policy issuing result preview method. In addition, the memory 510 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 520 may be a central processing unit (Central Processing Unit, simply CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 520 is generally used to control the overall operation of the computer device 1, such as performing control and processing related to data interaction or communication with the computer device 1, and the like. In this embodiment, the processor 520 is configured to execute program codes or process data stored in the memory 510.
The network interface 530 may comprise a wireless network interface or a wired network interface, which network interface 530 is typically used to establish a communication link between the computer device 1 and other computer devices. For example, the network interface 530 is used to connect the computer device 1 to an external terminal through a network, establish a data transmission channel and a communication link between the computer device 1 and the external terminal, and the like. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a global system for mobile communications (Global System of Mobile communication, abbreviated as GSM), wideband code division multiple access (Wideband Code Division Multiple Access, abbreviated as WCDMA), a 4G network, a 5G network, bluetooth (Bluetooth), wi-Fi, etc.
It should be noted that fig. 6 only shows a computer device having components 510-530, but it should be understood that not all of the illustrated components are required to be implemented, and that more or fewer components may be implemented instead.
In this embodiment, the program code of the policy issuing result preview method stored in the memory 510, or the program code of the policy issuing result preview method may be further divided into one or more program modules and executed by one or more processors (the processor 520 in this embodiment) to complete the embodiments of the present application.
Example IV
The present embodiment also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
acquiring a strategy to be issued, and determining a target packet network and nodes in the target packet network, which need to be issued by the strategy to be issued; judging whether the existing target strategy on the node in the target packet network conflicts with the strategy to be issued or not; if the strategy to be issued conflicts with the target strategy, identifying a target node corresponding to the target strategy, and outputting a preview result.
In this embodiment, the computer-readable storage medium includes a flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the computer readable storage medium may be an internal storage unit of a computer device, such as a hard disk or a memory of the computer device. In other embodiments, the computer readable storage medium may also be an external storage device of a computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card), etc. that are provided on the computer device. Of course, the computer-readable storage medium may also include both internal storage units of a computer device and external storage devices. In this embodiment, the computer readable storage medium is typically used to store an operating system and various application software installed on a computer device, for example, program code for the policy issuing result preview method in the embodiment. Furthermore, the computer-readable storage medium may also be used to temporarily store various types of data that have been output or are to be output.
It will be apparent to those skilled in the art that the modules or steps of the embodiments of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than what is shown or described, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, embodiments of the present application are not limited to any specific combination of hardware and software.
The foregoing is only the preferred embodiments of the present application, and is not intended to limit the scope of the embodiments of the present application, and all equivalent structures or equivalent processes using the descriptions of the embodiments of the present application and the contents of the drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the embodiments of the present application.
Claims (9)
1. A method for previewing policy issuing results, the method comprising:
acquiring a strategy to be issued, and determining a target packet network and nodes in the target packet network, which need to be issued by the strategy to be issued;
judging whether the existing target strategy on the node in the target packet network conflicts with the strategy to be issued or not;
if the strategy to be issued conflicts with the target strategy, identifying a target node corresponding to the target strategy, and outputting a preview result;
wherein the method further comprises:
acquiring the service type of the strategy to be issued and the operating system type of the node;
inquiring whether the service type of the strategy to be issued is matched with the operating system type of the node or not from a preset strategy constraint rule, wherein the strategy constraint rule comprises a matching relation between the strategy of each service type and the applicable operating system type;
if the policies are not matched, the policies to be issued are directly returned to be unable to be issued.
2. The method for previewing the policy issuing result according to claim 1, wherein the policy to be issued includes a policy type and a policy merge mode, the policy type includes a strong policy and a weak policy, and the policy merge mode includes a policy additional merge and a policy overlay merge.
3. The method for previewing the policy issuing result according to claim 2, wherein said determining whether there is a conflict between the policy to be issued and the target policy comprises:
if the policy type of the policy to be issued is a weak policy and the data format of the policy value of the target policy is a basic data type, judging that the policy to be issued has conflict with the target policy; or (b)
If the policy type of the policy to be issued is a weak policy, the policy merging mode is policy coverage merging, and the data format of the policy value of the target policy is a list type or map type data type, then it is determined that the policy to be issued has a conflict with the target policy.
4. The method for previewing the policy issuing result according to claim 2, wherein said determining whether there is a conflict between the policy to be issued and the target policy comprises:
if the policy type of the policy to be issued is a strong policy, judging that the policy to be issued does not conflict with the target policy; or (b)
If the policy type of the policy to be issued is a weak policy, the policy merging mode is policy additional merging, and the data format of the policy value of the target policy is a list type or map type data type, judging that the policy to be issued and the target policy have no conflict.
5. The method for previewing the policy issuing result according to claim 2, wherein said identifying the target node corresponding to the target policy and outputting the preview result comprises:
outputting each node of the target packet network in a graph form, and marking the target node as policy undeliverable.
6. A policy issuing result previewing device, comprising:
the acquisition module is used for acquiring a strategy to be issued and determining a target packet network to be issued by the strategy to be issued and nodes in the target packet network;
the judging module is used for judging whether the conflict exists between the existing target strategy and the strategy to be issued on the node in the target packet network;
the preview module is used for identifying a target node corresponding to the target policy and outputting a preview result if the strategy to be issued collides with the target policy;
wherein, preview module is still used for:
acquiring the service type of the strategy to be issued and the operating system type of the node; inquiring whether the service type of the strategy to be issued is matched with the operating system type of the node or not from a preset strategy constraint rule, wherein the strategy constraint rule comprises a matching relation between the strategy of each service type and the applicable operating system type; if the policies are not matched, the policies to be issued are directly returned to be unable to be issued.
7. The policy issuing result preview device according to claim 6, wherein the policy to be issued includes a policy type and a policy merge mode, the policy type includes a strong policy and a weak policy, and the policy merge mode includes a policy additional merge and a policy overlay merge; and/or the number of the groups of groups,
the judging module is further configured to judge that a conflict exists between the policy to be issued and the target policy if the policy type of the policy to be issued is a weak policy and the data format of the policy value of the target policy is a basic data type; and/or the number of the groups of groups,
the judging module is further configured to judge that a conflict exists between the policy to be issued and the target policy if the policy type of the policy to be issued is a weak policy, the policy merging mode is policy coverage merging, and the data format of the policy value of the target policy is a list type or a map type data type.
8. A computer device comprising a memory, a processor, the memory having stored thereon a computer program executable on the processor, the computer program implementing the steps of the policy issuing result preview method according to any of claims 1-5 when executed by the processor.
9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program executable by at least one processor to cause the at least one processor to perform the steps of the policy issuing result preview method according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110440457.4A CN115242641B (en) | 2021-04-23 | 2021-04-23 | Method and device for previewing strategy issuing result and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110440457.4A CN115242641B (en) | 2021-04-23 | 2021-04-23 | Method and device for previewing strategy issuing result and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115242641A CN115242641A (en) | 2022-10-25 |
| CN115242641B true CN115242641B (en) | 2023-12-19 |
Family
ID=83666649
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110440457.4A Active CN115242641B (en) | 2021-04-23 | 2021-04-23 | Method and device for previewing strategy issuing result and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115242641B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104202303A (en) * | 2014-08-11 | 2014-12-10 | 华中科技大学 | Policy conflict detection method and system for SDN (Software Defined Network) application |
| CN108270577A (en) * | 2016-12-30 | 2018-07-10 | 中移(杭州)信息技术有限公司 | A kind of tactful method for running and system based on strategy with charging control architecture |
| CN109544240A (en) * | 2018-11-27 | 2019-03-29 | 深圳市酷开网络科技有限公司 | A kind of TV policy conflict processing method, system and storage medium |
| CN111092824A (en) * | 2019-10-08 | 2020-05-01 | 交通银行股份有限公司数据中心 | Traffic management system, traffic management method, electronic terminal, and storage medium |
| CN111628980A (en) * | 2020-05-20 | 2020-09-04 | 深信服科技股份有限公司 | Policy adjustment method, device, equipment and storage medium |
| CN112235396A (en) * | 2020-10-13 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Content processing link adjustment method, content processing link adjustment device, computer equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8423483B2 (en) * | 2008-05-16 | 2013-04-16 | Carnegie Mellon University | User-controllable learning of policies |
-
2021
- 2021-04-23 CN CN202110440457.4A patent/CN115242641B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104202303A (en) * | 2014-08-11 | 2014-12-10 | 华中科技大学 | Policy conflict detection method and system for SDN (Software Defined Network) application |
| CN108270577A (en) * | 2016-12-30 | 2018-07-10 | 中移(杭州)信息技术有限公司 | A kind of tactful method for running and system based on strategy with charging control architecture |
| CN109544240A (en) * | 2018-11-27 | 2019-03-29 | 深圳市酷开网络科技有限公司 | A kind of TV policy conflict processing method, system and storage medium |
| CN111092824A (en) * | 2019-10-08 | 2020-05-01 | 交通银行股份有限公司数据中心 | Traffic management system, traffic management method, electronic terminal, and storage medium |
| CN111628980A (en) * | 2020-05-20 | 2020-09-04 | 深信服科技股份有限公司 | Policy adjustment method, device, equipment and storage medium |
| CN112235396A (en) * | 2020-10-13 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Content processing link adjustment method, content processing link adjustment device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115242641A (en) | 2022-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109165136A (en) | Monitoring method, terminal device and the medium of terminal operating data | |
| EP3547634A1 (en) | Method and apparatus for determining access permission, and terminal | |
| CN110222535B (en) | Processing device, method and storage medium for block chain configuration file | |
| CN105631745A (en) | Asset view construction method and device | |
| CN111654399B (en) | Networking method, device, equipment and storage medium based on SD-WAN | |
| US10715628B2 (en) | Attribute operating method and device | |
| CN104429048A (en) | Object version management | |
| US10289384B2 (en) | Methods, systems, and computer readable media for processing data containing type-length-value (TLV) elements | |
| CN108809838B (en) | Service discovery processing method and device based on tree structure | |
| CN115242641B (en) | Method and device for previewing strategy issuing result and computer equipment | |
| CN113055213B (en) | Alarm information management method, alarm information management system and server | |
| CN117376092A (en) | Fault root cause positioning method, device, equipment and storage medium | |
| CN110611591B (en) | Network topology establishing method and device | |
| EP3186708A1 (en) | Workflow customization | |
| CN110011971B (en) | Manual configuration method of network security policy | |
| CN112418874A (en) | Data tracing method and device and computer equipment | |
| CN109299053B (en) | File operation method, device and computer storage medium | |
| CN112395339B (en) | Intersystem data admission verification method, device, computer equipment and storage medium | |
| CN110505186A (en) | A kind of recognition methods of safety regulation conflict, identification equipment and storage medium | |
| CN114911515A (en) | Configuration management method, device, equipment and medium | |
| CN114860806A (en) | Data query method and device of block chain, computer equipment and storage medium | |
| CN113793063A (en) | Method and device for detecting conflict of power distribution network planning project schemes | |
| CN113746950A (en) | Method, system, computer device and storage medium for pre-detecting IP address conflict | |
| CN114244555A (en) | Method for adjusting security policy | |
| CN115221360A (en) | Tree structure configuration method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant after: Qianxin Technology Group Co.,Ltd. Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088 Applicant before: Qianxin Technology Group Co.,Ltd. Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |