Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for matching ip addresses

An IP address and address technology, applied in the field of network security, can solve the problem of low efficiency in matching IP addresses, and achieve the effect of improving efficiency

Active Publication Date: 2021-11-05
NEW H3C SECURITY TECH CO LTD
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Based on the above solution, the network device needs to match the IP address in the packet with each rule one by one to obtain the matching result of the IP address. However, the number of rules contained in the security policy is usually large, so the efficiency of matching the IP address is relatively high. Low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for matching ip addresses
  • A method and device for matching ip addresses
  • A method and device for matching ip addresses

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0087] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

[0088] The embodiment of the present application provides a method for matching an Internet Protocol (English: Internet Protocol Address, IP for short) address, and the method can be applied to a network device. Wherein, the network device may be a firewall, an intrusion prevention system (English: Intrusion Prevention System, IPS for short) device, and the like. Currently, when a network device receives a packet, it can filter the packet based on a pre-configured security policy. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present application provides a method and device for matching IP addresses, which relate to the field of network security technology. The method is applied to network equipment, and the method includes: obtaining the target IP address to be matched and the target IP address corresponding to each second network The target basic prefix of segment classification; in the first prefix tree, with the longest match principle, find whether there is a first child node matching the target IP address, and obtain the first matching result; in the red-black tree of each second prefix tree In the node, find out whether there is a second child node matching the target IP address, and if it exists, in the second BinTree with the second child node as the root node, find out whether there is a third child node matching the target IP address, Obtaining a second matching result; determining a final matching result of the target IP address according to the first matching result and the second matching result. Using this application can improve the efficiency of IP address matching.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for matching IP addresses. Background technique [0002] Currently, a security policy is usually stored in a network device, and the security policy includes multiple rules (rules). Rules usually contain IP address matching items, so as to perform matching detection on IP addresses. Wherein, the IP address matching item may be configured as an IP address, or may be configured as an IP address range (hereinafter referred to as a network segment of known addresses). In practical applications, when the IP address matching item is configured as a known address network segment, the IP address range corresponding to the known address network segment is usually expressed in the form of an IP prefix, and the IP prefix includes the IP address and the prefix length. For example, the known address network segment of rule1 is FFFF / 16, and the known ad...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0236H04L2101/35
Inventor 李文慧
Owner NEW H3C SECURITY TECH CO LTD