Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for matching IP addresses

A technology of IP address and matching method, applied in the field of network security, can solve problems such as low matching efficiency

Active Publication Date: 2021-10-22
NEW H3C SECURITY TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, when matching IP addresses through the prefix tree, a maximum of 128 matches are required to determine whether the rule is hit, and the matching efficiency is low.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for matching IP addresses
  • A method and device for matching IP addresses
  • A method and device for matching IP addresses

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0073] The technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0074] The embodiment of the present application provides an IP address matching method, which can be applied to network devices. Wherein, the network device may be a firewall, an intrusion prevention system (English: Intrusion Prevention System, IPS for short) device, and the like. Currently, when a network device receives a communication packet, it can filter the communication packet based on a pre-configured security policy. The security policy ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present application provides an IP address matching method and device, which relate to the technical field of network security. The method includes: obtaining a target IP address to be matched; selecting at least one separation bit to be matched in the positioning table, and each of the The first separation network segment corresponding to the separation bit to be matched is calculated, and the network bit number in the target IP address is the first eigenvalue of the address network segment corresponding to the separation bit to be matched, and by comparing the first eigenvalue and For each characteristic value of the first separated network segment, look up in the positioning table whether there is the longest separated network segment matching the target IP address; if there is the longest separated network segment, then in the prefix In the tree, starting from the target separation child node storing the longest separation network segment, by comparing the bit sequence of the target IP address, according to the longest match principle, searching in the prefix tree whether there is a The target child node whose address matches. The application can improve the matching efficiency of IP addresses.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to an IP address matching method and device. Background technique [0002] Currently, a security policy is usually stored in a network device, and the security policy includes multiple security rules (rules). Internet protocol IP address matching items are usually included in security rules to match IP addresses. In practical applications, the IP address range corresponding to the IP address matching item is usually expressed in the form of an IP prefix, and the IP prefix includes an IP address and a prefix length. For example, the IP address match of rule1 is FFFF / 16, and the IP address match of rule2 is FE / 8. Among them, the character before " / " is the IP address expressed in hexadecimal notation, and the number after " / " is the prefix length (that is, the number of digits contained in the IP prefix in the IP address expressed in binary, which can be recorded ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 文强
Owner NEW H3C SECURITY TECH CO LTD