A kind of IP messages strategy matching methodTechnical field
The present invention discloses a kind of IP messages strategy matching method, is related to network data processing field.
Background technology
In network exchange or routing device, one or more Policy Table is often maintain, to Match IP message strategy,The IP messages of access arrangement are forwarded, are abandoned, a series for the treatment of such as encryption and decryption.Because contents in table may be thousands of tens of thousands ofEven more many, message strategy matching speed is with efficiency just into the key point of influence network service speed.When need set certainWhen a certain parameter meets the matching strategy of all messages of ad hoc rules under the conditions of individual, generally require to add many rules, abilityAll may cover, therefore tactful bar number can increase in Policy Table, and matching efficiency can equally decrease.The present invention is disclosedA kind of IP messages strategy matching method, host computer distributing policy to policy store module, by the transformation calculations of certain wayGo out every specific storage address of strategy, the policy store address of matching can be quickly found out by same procedure when message is reached,Efficiently complete strategy matching.Tactful each parameter can be set to " all " simultaneously, the bit value whole zero setting of correspondence parameter, Ran HouzaiCarry out Transformation Matching so that all legal IP messages can be rapidly completed matching, can rule of simplification setting procedure, it is completeRule setting function, while rate matched is ensured, saves storage resource.
IP message structures IP agreement is network layer protocol, and the data structure of Internet is commonly referred to as IP messages.
The content of the invention
The present invention provides a kind of IP messages strategy matching method, with highly versatile, be easy to implement the features such as, with wideApplication prospect.
Concrete scheme proposed by the present invention is:
A kind of IP messages strategy matching method:
Host computer sets the parameters of IP message strategies, and distributing policy is to slave computer memory module, by parametersThe storage address that transformation calculations obtain strategy is stored, and parameters are parsed when IP messages are reached, and is counted according to identical conversionCalculation obtains policy store address to be matched, is compared with the strategy in slave computer memory module and matched, and obtains IP message plansSlightly.
If the parameters of the parsing IP messages, obtain in policy store address to be matched according to identical transformation calculationsIt is sky to hold, then IP messages are processed according to default processing method, address contents reading is otherwise stored the policies into, with slave computerStrategy in memory module is compared matching, obtains IP message strategies.
The parameters of the IP messages strategy are set to meet the particular value of network message general rule or by itemsParameter is respectively set to be owned, and represents that corresponding strategy is all suitable for all network messages for meeting parameter current.
The parameter that host computer sets IP message strategies is all, and by parameter whole bit value zero setting, distributing policy is arrived downPosition machine memory module, the new storage address of strategy is obtained by the transformation calculations of parameter, and IP messages parse parameters when reaching,Policy store address to be matched is obtained according to identical transformation calculations, is compared with the new storage address of strategy in memory moduleMatching, obtains IP message strategies.
If IP messages do not have to the policy store address to be matched reached with the new storage address of strategy in memory moduleThere is matching, then checked whether that parameter setting is all, if in the presence of, by the corresponding parameter whole bit value zero setting of IP messages,Matched again.
The parameters of the IP messages strategy include:Source IP address, source subnet mask, purpose IP address, purpose subnetMask, protocol type, source port number, destination slogan.
Usefulness of the present invention is:
The present invention provides a kind of IP messages strategy matching method, and host computer sets the parameters of IP message strategies, and issues planSlave computer memory module is slightly arrived, the storage address for obtaining strategy by the transformation calculations of parameters is stored, when IP messagesParameters are parsed during arrival, policy store address to be matched is obtained according to identical transformation calculations, with slave computer memory moduleIn strategy be compared matching, obtain IP message strategies;
Compared with prior art, the present invention can obtain every specific storage address of strategy by transformation calculations mode, work as messageThe policy store address of matching can be quickly found out during arrival by same procedure, strategy matching is efficiently completed.While can be tactful eachParameter is set to " all ", the bit value whole zero setting of correspondence parameter, Transformation Matching is then carried out again so that all legalIP messages can be rapidly completed matching, can rule of simplification setting procedure, complete rule setting function, in the same of guarantee rate matchedWhen, save storage resource.
Brief description of the drawings
Fig. 1 is the inventive method schematic flow sheet;
Fig. 2 is that parameter is set to all rear the inventive method schematic flow sheets.
Specific embodiment
A kind of IP messages strategy matching method of present invention offer, the parameters of host computer setting IP message strategies, and underHair strategy obtains tactful storage address and is stored to slave computer memory module, by the transformation calculations of parameters, works as IPMessage parses parameters when reaching, and policy store address to be matched is obtained according to identical transformation calculations, is stored with slave computerStrategy in module is compared matching, obtains IP message strategies.
With reference to accompanying drawing, specific explanations explanation is carried out to the present invention.And specific embodiment described herein is only used to solveThe present invention is released, is not intended to limit the present invention.
With reference to Fig. 1, the technology specifically comprises the steps of:
(1)Every parameters of IP message strategies are set by upper computer software, slave computer strategy is issued to after being provided withMemory module is stored, and storage address is made ad hoc fashion conversion and obtained by each parameter;
(2)When network IP messages are reached, outgoing packet parameters are parsed, obtain possible by identical particular transform modePolicy store address;
(3)If this address content is sky, illustrate without corresponding strategy, IP messages are processed according to default processing method;It is noThen, this address content is read, is compared and matches with parameter and strategy in policy store module, obtain IP message strategies;
Above-mentioned particular transform mode can be realized using hash conversion;
The parameters of above-mentioned IP messages, can also be by parameter in addition to it may be configured as meeting the particular value of network message general rule" all " are respectively set to, represent that this strategy is all suitable for all network messages for meeting parameter current;Such as can be by source port" 21 " are set to, be may be alternatively provided as " all ", represented from " 1 " to any value " 65535 ";
As shown in Fig. 2 when a certain parameter is set to " all ", by parameter whole bit value zero setting, such as by source port 16Data whole zero setting(16’b0), then carry out step(1)Particular transform, obtain new policy store address;
When IP messages are reached, first by the step(2)And(3)Particular transform is carried out to each parameter to obtain storage address and openBeginning is matched, if not matching, parameter setting has been checked whether for " all ", if in the presence of the ginseng for being set as " all "Number, then by the corresponding parameter whole bit value zero setting of IP messages, then by the step(2)And(3)Matched, completed current IPThe matching process of message.
The parameters of above-mentioned IP messages strategy can include:Source IP address, source subnet mask, purpose IP address, purposeSubnet mask, protocol type, source port number, destination slogan etc..
Can rule of simplification setting procedure, complete rule setting function, in the same of guarantee rate matched using the inventive methodWhen, save storage resource.