Multi-tuple filtering method, system and device for IP message and storage medium

A technology of IP message and filtering method, which is applied in the field of network security, can solve the problems of low utilization rate of SRAM/TCAM, and achieve the effects of resource saving, precise distribution, and improvement of resource utilization rate

Pending Publication Date: 2022-01-07
长沙星融元数据技术有限公司
View PDF19 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention proposes a multi-group filtering method, system, device and storage medium for IP messages, aiming to solve the problem of SRAM / TCAM filtering due to repeated filtering rules in the filter table when using SRAM / TCAM to filter IP messages in the prior art. / The problem of extremely low utilization of TCAM

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-tuple filtering method, system and device for IP message and storage medium
  • Multi-tuple filtering method, system and device for IP message and storage medium
  • Multi-tuple filtering method, system and device for IP message and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] figure 1 and figure 2 Fig. 1 shows a flow chart of steps of a method for filtering tuples of IP packets according to an embodiment of the present application.

[0064] Such as figure 1 , 2 As shown, the multigroup filtering method of the IP message of the present embodiment specifically includes the following steps:

[0065] S101: According to the source IP address of the packet flow, obtain the first diversion action and the source IP number mapped to the source IP address through the first filtering rule; obtain the second diversion action through the second filtering rule according to the destination IP address of the packet flow and the destination IP number mapped to the destination IP address.

[0066] S102: According to the source IP number and the destination IP number of the packet flow, obtain the third distribution action and the first combination number mapped to the combination of the source IP number and the destination IP number through the third fil...

other Embodiment approach

[0072] In other implementation manners, S1033 further includes: obtaining a seventh distribution action through a seventh filtering rule according to the second combination number and the source and destination port numbers of the packet flow.

[0073] Specifically, when the above diversion actions are obtained according to the above steps, the diversion actions with higher priority will cover the diversion actions with lower priority. Finally, the diversion action with the highest priority is determined to be executed. The text flow is filtered and split.

[0074] In this embodiment, the priorities of the diversion actions from high to low are: the sixth / seventh diversion action, the fifth diversion action, the fourth diversion action, the third diversion action, and the first / second diversion action.

[0075] Wherein, it may be specifically set that: the priority of the first diversion action is higher than that of the second diversion action, or the priority of the second d...

Embodiment 2

[0120] This embodiment provides a multigroup filtering system for IP messages. For details not disclosed in the multigroup filtering system for IP messages in this embodiment, please refer to the multigroup filtering methods for IP messages in other embodiments. specific implementation content.

[0121] Figure 5 A schematic structural diagram of a system for filtering tuples of IP packets according to an embodiment of the present application is shown in .

[0122] Such as Figure 5 As shown, the multigroup filtering system of IP packets specifically includes:

[0123] The first filtering module 10: provided with a first filtering rule and a first diversion action; used to obtain the first diversion action and the source IP number mapped to the source IP address through the first filtering rule according to the source IP address of the packet flow; The destination IP address of the message flow is obtained through the second filtering rule to obtain the second diversion act...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a multi-tuple filtering method, system and device for an IP message and a storage medium, and the method comprises the steps: obtaining a first shunting action and a source IP number mapped by a source IP address through a first filtering rule according to the source IP address of a message flow; according to the destination IP address of the message flow, obtaining a second shunting action and a destination IP number mapped by the destination IP address through a second filtering rule; according to the source IP number and the destination IP number of the message flow, obtaining a third shunting action and a first combination number mapped by the combination of the source IP number and the destination IP number through a third filtering rule; and according to different combinations of the first combination number, the protocol number and the source/destination port number of the message flow, obtaining a corresponding shunting action through a corresponding filtering rule. According to the method, the IP message is filtered through any tuple combination, so that accurate shunting is improved; meanwhile, the SRAM/TCAM resources occupied by the filtering rule or the filtering table are saved, and the resource utilization rate is increased.

Description

technical field [0001] The present application belongs to the technical field of network security, and in particular relates to a method, system, device and storage medium for multigroup filtering of IP messages. Background technique [0002] With the advent of the 5G era, the rapid development of the entire network along with the mobile Internet and the Internet of Things technology has led to a substantial increase in the number of mobile devices in the network, resulting in a substantial increase in the number of user terminals, traffic, and IP addresses. At the same time, it also poses a challenge to the switching equipment used for traffic distribution in the market. Many customers need to provide different services for different access traffic, and different security and access control requirements for different mobile devices during access also need to be produced. Define a strategy. [0003] When IP is distributed, it is necessary to look up the defined table, and d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40
CPCH04L63/0236H04L63/0263
Inventor 李天航齐航彭昕
Owner 长沙星融元数据技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap