Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Data packet matched processing method based on IP (Internet Protocol) address set and port set

An IP address and processing method technology, applied in the field of network security, can solve the problems of large number, large address or port range, slow data packet processing speed, etc., to improve system processing performance, reduce the total number of rules and the number of data packet matching Effect

Inactive Publication Date: 2012-08-08
北京鼎信高科信息技术有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to propose a method based on IP address collection for the above-mentioned problems that the address or port range that the user needs to match is large and scattered, there is no single matching rule and the number of current matching rules is large, and the processing speed of the data packet is too slow. Packet matching processing method with port set

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data packet matched processing method based on IP (Internet Protocol) address set and port set
  • Data packet matched processing method based on IP (Internet Protocol) address set and port set
  • Data packet matched processing method based on IP (Internet Protocol) address set and port set

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The preferred embodiments will be described in detail below in conjunction with the accompanying drawings. It should be emphasized that the following description is only exemplary and not intended to limit the scope of the invention and its application.

[0021] figure 1 It is a schematic diagram of the relationship between each module of the present invention realized by software. figure 1 Among them, the resource object generation module is responsible for generating resource objects such as IP address sets and port sets in user space according to user-defined IP address sets and port sets.

[0022] The data structure generation module is responsible for the data structure required for the interaction between the user space and the kernel space through the dynamic link library.

[0023] The data packet parsing module is responsible for parsing the data packet rules, and depends on the dynamic link library in the data structure generating module.

[0024] The search...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a data packet matched processing method based on an IP (Internet Protocol) address set and a port set in the technical field of network safety. The technical scheme of the method comprises the following steps of: establishing an IP address set and a port set in the system kernel space; establishing two bidirectional linked lists for respectively storing the IP address set and the port set in the system kernel space, wherein each set is one node in the bidirectional linked list and the name of each set is used as a node mark; respectively establishing a red-black interval tree for each node and storing the elements of the IP address set or the port set corresponding to the node in the red-black interval tree; and in the kernel space, searching the elements matched with the IP address and the port of the data packet in the IP address set and the port set established in the system kernel space. The invention generates less rules to meet the same requirement of users and greatly reduces the gross of the rules and the data packet matching times in the firewall, so that the processing performance of the system is improved.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a data packet matching processing method based on an IP address set and a port set. Background technique [0002] Currently, many network security systems provide specialized client tools to handle packet matching issues. Users can meet different levels of security requirements by setting specific packet rule sets. Usually the system provides different rule options to specify the characteristics that the data packet should have when matching the rule. Among them, there is a rule option for matching the source IP address of the data packet, but it can only match a single IP address or address segment; there is a rule option for matching the destination address of the data packet, and it can only match a single IP address or address segment; useful There are rule options for matching the source and destination ports of packets, but only single ports or port r...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 张洁
Owner 北京鼎信高科信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com