Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for realizing rapid matching of strategies

A strategy and fast technology, applied in the field of computer security, can solve problems such as network packet policy matching, and achieve the effect of easy hit matching

Pending Publication Date: 2021-06-04
武汉思普崚技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, it is necessary to provide a method for quickly matching policies to solve the problem of how to quickly match policies on network packets

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for realizing rapid matching of strategies
  • Method for realizing rapid matching of strategies
  • Method for realizing rapid matching of strategies

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0050] The embodiment of the present invention provides a method for quickly matching policies, combining figure 1 look, figure 1 It is a schematic flow chart of the method for implementing quick matching of policies provided by the present invention. The above-mentioned method for implementing quick matching of policies includes steps S1 to S6, wherein:

[0051] In step S1, acquire policy information of network equipment;

[0052] In step S2, divide the policy information into at least one dimension information, and obtain the root node of at least one dimension information;

[0053]In step S3, it is judged whether at least one dimension information satisfies the first preset condition, and if so, the mask format corresponding to at least one dimension information is read;

[0054] In step S4, according to the mask format and the root node corresponding to at least one dimension information, a mask binary tree corresponding to at least one dimension information is establish...

Embodiment 2

[0126] The embodiment of the present invention provides a device for realizing rapid policy matching, combining Figure 8 look, Figure 8 The device for realizing quick policy matching provided by the present invention, the above-mentioned device 800 for realizing quick policy matching includes:

[0127] An acquiring unit 801, configured to acquire policy information of a network device;

[0128] The processing unit 802 is configured to divide the policy information into at least one dimensional information, and obtain the root node of at least one dimensional information; it is also used to judge whether at least one dimensional information satisfies a first preset condition, and if so, read at least one The mask format corresponding to the dimension information; it is also used to establish a mask binary tree corresponding to at least one dimension information according to the mask format and root node corresponding to at least one dimension information; it is also used to ...

Embodiment 3

[0131] An embodiment of the present invention provides a device for implementing fast matching of policies, including a processor and a memory, and a computer program is stored in the memory. When the computer program is executed by the processor, the method for realizing fast matching of policies as described above is implemented.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for realizing rapid matching of strategies. The method comprises the following steps: acquiring strategy information of network equipment; dividing the strategy information into at least one piece of dimension information, and obtaining a corresponding root node; reading a mask format corresponding to the at least one piece of dimension information; establishing a corresponding mask binary tree according to a mask format corresponding to at least one piece of dimension information and the root node; placing a strategy identifier on the data structure on the last node; and traversing the corresponding father nodes in sequence from the last node, judging whether bitmap memory information exists in the corresponding father nodes or not, and if yes, updating the storage content of the last node according to the bitmap memory information. According to the invention, when one network packet arrives at the gateway equipment, the strategy can be quickly matched, the CPU utilization rate is greatly reduced, and the matching time consumption is reduced.

Description

technical field [0001] The invention relates to the technical field of computer security, in particular to a method for quickly matching policies. Background technique [0002] In modern network applications, gateway devices (such as firewalls) play the role of isolation control. In order to achieve control isolation, administrators need to establish thousands of policies to achieve this requirement (for some large-scale network environments, the number of policies may even Each policy determines whether a network packet matches it by judging the source IP, destination IP, source port, destination port, protocol type, etc. In order to facilitate management, each policy can support multiple configurations for each dimension (For example, the source IP is configured without the network segment 192.168.1.1 / 24, or configured as a combination of multiple source IPs or network segments). [0003] However, when the number of policies is huge, if you traverse each policy in turn fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/205
Inventor 刘小伟
Owner 武汉思普崚技术有限公司