Unlock instant, AI-driven research and patent intelligence for your innovation.

A Classification Matching Method of Access Control List

A technology of access control list and matching method, which is applied in the field of network access control, can solve the problems of large time consumption and achieve the effect of improving forwarding performance

Active Publication Date: 2016-08-24
SHANGHAI BAUD DATA COMM
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the time-consuming problem of existing message filtering, the present invention provides a method for classifying and matching access lists, which speeds up the query speed of large-scale access lists and makes the query time not affected by the number of rules

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Classification Matching Method of Access Control List
  • A Classification Matching Method of Access Control List
  • A Classification Matching Method of Access Control List

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific illustrations.

[0019] In order to speed up the query speed of large-scale access control lists, and make it not affected by the number of rules, the present invention adopts a classification matching method of access control lists, and the realization mechanism of the method is as follows:

[0020] (1) For an access rule, do not specifically classify the meaning of its domain, that is, regardless of whether the domain type is an IP address or a protocol number, it is only used as an expected value at a certain position in the data stream. Since the number of fields that can be set by all access rules is the same, the present invention sets a bitmap for all possible different values ​​or ranges of each field in the access control list, where each bit represents ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a classification matching method of an access list, which comprises the following steps: (1) setting a bitmap corresponding to the rule list for each value or range of each domain of the access rule in the access control list , where each bit represents the position of the bit in the bitmap as an index, corresponding to whether the value set in the domain by the corresponding access rule in the access control list is within the range represented by the bitmap; (2) according to The passing message needs to be controlled information, obtain the bitmap corresponding to the message-related information in each field of the access rule, and perform an AND operation on all the obtained bitmaps, and obtain the match between the message and all access control lists The bitmap of the relation. The invention can accelerate the query speed of a large-scale access list, and makes the query time not affected by the number of rules.

Description

technical field [0001] The invention relates to a network access control technology, in particular to a classification matching method of an access control list. Background technique [0002] Since the advent of the Internet (Internet), its rapid growth momentum has never stopped. At present, it has become an important super-large computer network with the largest scale and the most users and resources in the world. The commercialization of the Internet has led to more and more network-based applications, especially due to the increasing popularity of broadband multimedia services, users' requirements for the Internet are no longer satisfied with simple file transfers, but to provide more secure, fast and Diverse services. [0003] In modern network equipment, packet filtering has become one of the most commonly used functions. For example, the security control policy of the firewall and the access list of the router are the most basic means of guaranteeing network security...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/70H04L45/74
Inventor 汪革彭双庭方昊傅鑫泉
Owner SHANGHAI BAUD DATA COMM