IP address matching method and device

An IP address and address technology, applied in the field of network security, can solve the problem of low efficiency of matching IP addresses

Active Publication Date: 2019-09-27
NEW H3C SECURITY TECH CO LTD
View PDF7 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Based on the above solution, the network device needs to match the IP address in the packet with each rule one by one to obtain the matching result of the IP address. However, the number of rules contained in the security policy is usually large, so the efficiency of matching the IP address is relatively high. Low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IP address matching method and device
  • IP address matching method and device
  • IP address matching method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0087] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0088] The embodiment of the present application provides a method for matching an Internet Protocol (English: Internet Protocol Address, IP for short) address, and the method can be applied to a network device. Wherein, the network device may be a firewall, an intrusion prevention system (English: Intrusion Prevention System, IPS for short) device, and the like. Currently, when a network device receives a packet, it can filter the packet based on a pre-configured security policy. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides an IP address matching method and device, and relates to the technical field of network security, and the method is applied to network equipment, and comprises the steps: obtaining a to-be-matched target IP address and a target basic prefix of each second network segment classification corresponding to the target IP address; in the first prefix tree, searching whether a first sub-node matched with the target IP address exists or not according to a longest matching principle, and obtaining a first matching result; searching whether a second sub-node matched with the target IP address exists in the red-black tree node of each second prefix tree or not, and if yes, searching whether a third sub-node matched with the target IP address exists or not in a second BinTree with the second sub-node as a root node so as to obtain a second matching result; and determining a final matching result of the target IP address according to the first matching result and the second matching result. By adopting the method and the device, the IP address matching efficiency can be improved.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for matching IP addresses. Background technique [0002] Currently, a security policy is usually stored in a network device, and the security policy includes multiple rules (rules). Rules usually contain IP address matching items, so as to perform matching detection on IP addresses. Wherein, the IP address matching item may be configured as an IP address, or may be configured as an IP address range (hereinafter referred to as a network segment of known addresses). In practical applications, when the IP address matching item is configured as a known address network segment, the IP address range corresponding to the known address network segment is usually expressed in the form of an IP prefix, and the IP prefix includes the IP address and the prefix length. For example, the known address network segment of rule1 is FFFF / 16, and the known ad...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0236H04L2101/35
Inventor 李文慧
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap