[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN102427428A - Stream identifying method and device based on multi-domain longest match - Google Patents

Stream identifying method and device based on multi-domain longest match Download PDF

Info

Publication number
CN102427428A
CN102427428A CN2011104037919A CN201110403791A CN102427428A CN 102427428 A CN102427428 A CN 102427428A CN 2011104037919 A CN2011104037919 A CN 2011104037919A CN 201110403791 A CN201110403791 A CN 201110403791A CN 102427428 A CN102427428 A CN 102427428A
Authority
CN
China
Prior art keywords
rule
field
grouping
clause
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011104037919A
Other languages
Chinese (zh)
Inventor
张冰
邱智亮
赵哲
龚晨亮
潘伟涛
张奭
姚明旿
鲍民权
刘焕峰
张雷鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN2011104037919A priority Critical patent/CN102427428A/en
Publication of CN102427428A publication Critical patent/CN102427428A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a stream identifying method and device based on a multi-domain longest match. The stream identifying device comprises a field list, a rule list, a packet pre-processor, a packet field register, a comparator and a decision-making device, wherein fields and rules which are defined by users are stored in the field list and the rule list; the packet pre-processor extracts values of the fields in packets according to the fields in the field list and the definition of a network protocol, and stores the values of the fields to the packet field register; the comparator reads rule clauses from the rule list, reads values of the fields in the packets from the packet field register, compares whether the values of the fields in the packets satisfy the clauses, and outputs the compared result to the decision-making device; the decision-making device selects a rule with the most matched domains as a final packet stream identification result according to the judged result of all rules, and outputs actions corresponding to the rules in a mode of instruction codes. The device has a little occupied stored resource and high processing speed, is simple to realize, and can be applicable to a packet network access end device.

Description

Based on the longest stream recognition method and the equipment that matees of multiple domain
Technical field
The present invention relates to the packet communication techniques field, relate in particular to a kind of stream recognition method and equipment, can be applicable to packet network incoming end equipment, as in the local network net bridge etc. based on the longest coupling of multiple domain.
Background technology
The stream recognition technology is meant the method for the grouping of different business function in the network being carried out discriminator according to the definition of procotol.It is very important technology in the packet communication network equipment, is used to realize packet filtering, service quality QoS, virtual LAN VLAN, virtual private network VPN, business such as IGMP Snooping.
The stream recognition function can realize by software, also can realize by hardware.Software flow identification is based on generally that access control list ACL realizes; This method is mated a plurality of territories in the data packets headers through disposing a series of acl rules; Confirm whether it satisfies acl rule, and according to satisfying or do not satisfy a certain rule-like, the processing that decision is divided into groups to data.Based on the stream identification of software, can support the rule of number of complex, easily list of rules to be added, deletion or change are for network manager provides management method flexibly.But when the acl rule number of needs support became big, the generation of list item and tissue can become and become increasingly complex, and employable rule matching algorithm is also had higher requirement.
Hardware realizes having several different methods; Roughly can be divided into two types; One type is to adopt the special-purpose content adressable memory CAM device implementation method of additional static random access memory SRAM again, the another kind of implementation method that is based on normal memory such as synchronous dynamic random access memory SDRAM.
Adopt in the stream identification equipment of CAM device, generally store the keyword that is used to search various tables in the CAM device, store the subsidiary content of keyword among the SRAM.Flowing identification when searching, provide the address by CAM, again the appropriate address unit sense data from SRAM; This mode can realize the height parallel pipeline table look-up; It is very high that performance can reach, but because this technical scheme need increase extra SRAM, not only increased cost; And increased implementation complexity, be not suitable in the network insertion end equipment.
Based on the stream recognition method of normal memory the keyword of tabling look-up and the corresponding content of keyword are organized into stream recognition rule table and are stored in the normal memory, the process need of tabling look-up judges whether to satisfy rule to list item one by one.This method cost is lower, is adapted at the not high application scenario of rate request, as using in the packet network incoming end equipment.But this method is big to the demand of memory, and performance is lower, and the matching domain that this stream recognition method relates generally to is less, and is mostly accurate coupling, and more for a long time, the complexity of realization is also than higher in the identification and matching territory.If realize the identification of multiple domain stream, just need search a plurality of stream Identification Lists, in this case, do not search module if do not increase to walk abreast, packet transaction speed will reduce at double.
Summary of the invention
The present invention seeks to problem to above-mentioned prior art existence; A kind of the longest coupling stream recognition method and equipment based on multiple domain is proposed; To save the memory space of stream recognition rule list item, improve the processing speed of multiple domain stream identification, reduce the complexity of multiple domain stream identification equipment.
One. the term explanation
Field: be used for a continuous bit string of the specific region that designated packet need mate or operate, it is made up of address offset and two kinds of information of length.
List of fields: be used to deposit the tabulation of field, field wherein is by the storage order numbering.
Clause: be made up of field Field, operation and value, wherein field is represented through field number, operation comprise equal, greater than, less than, be not equal to, more than or equal to smaller or equal to, be worth 16 bit data that are provided with for the user.
Rule: comprise a series of clauses, between the clause be and the arithmetic logic relation that rule has also defined the action that needs are done when rule satisfies.
Action: being meant need be to the processing of grouping enforcement, and the action of support of the present invention comprises the formation of entering assigned priority, discarded packets, insertion/deletion/modification field, copies to CPU and be redirected to CPU, the only corresponding action of rule.
Rule list: be the tabulation that is used to deposit rule.
Two. what the present invention proposed is a kind of based on the longest stream recognition method that matees, and comprises the steps:
(1) user generates field and rule according to networking and managerial demand; And field configuration in list of fields; Be configured to rule in the rule list; This field is meant that a continuous bit string that is used in reference to the specific region that in dividing into groups, need mate or operate is made up of address offset and two kinds of information of length, and this rule comprises the action of needs execution when a series of clauses and clause satisfy;
(2), extract the value of the grouping field that need flow the identification processing according to user configured list of fields;
(3) rule of the article one from rule list beginning, relatively whether the value of grouping field satisfies rule, if satisfy, the number of the effective clause in the record rule and the corresponding action of rule if do not satisfy, judge whether to satisfy the second rule, and the like;
(4) confirm operation based on judged result to dividing into groups to strictly all rules:
Do not satisfy any when regular in the rule list when dividing into groups, this grouping is not processed;
When dividing into groups only to satisfy a regular R 1, then by regular R 1Specified action is handled and is divided into groups;
When dividing into groups to satisfy many regular R 1, R 2... R m, R n, n>m>1, the number of the effective clause that then comprises according to rule decides finally handles grouping according to that rule: remember regular R 1The effective clause numerical digit that comprises is C 1, regular R 2The effective clause that comprises is C 2..., regular R mThe effective clause that comprises is C m, regular R nThe effective clause that comprises is C n, if C n=max{C 1, C 2... C m, C n, and C n≠ C 1, C i≠ C 2..., C n≠ C m, then by regular R nThe action of definition is handled and is divided into groups; If C m=C n=max{C 1, C 2... C m, C n, and regular R mThe position be in regular R nBefore, then according to regular R mThe action of definition is handled and is divided into groups;
(5) after the rule match end, the mode that the processing of dividing into groups is operated with command code provides, and accomplishes the stream identification of mating based on the longest.
Three. what the present invention proposed is a kind of based on the longest stream identification equipment that matees, and comprising:
List of fields: be provided with two interfaces, an interface is used for the configuration of field, and another interface links to each other with the grouping preprocessor, is used for reading of field;
Grouping preprocessor: be used for extracting the value that field is divided into groups in stream identification; In the time of will flowing the identification processing as dividing into groups; Scan the packet header data at first from front to back,, obtain the divide into groups type of each layer protocol and the original position in grouping according to the definition of procotol; From list of fields, read field information then; In conjunction with offset address in the field and length information, obtain the value of this field in grouping, store field number and the value of this field in grouping in the grouping field register at last;
Grouping field register: be used for the value and the field number of the field that the stores packets preprocessor extracts, as judging the parameter of dividing into groups whether to satisfy the particular conditions in the rule, be delivered in the comparator with this value and field number;
Rule list: be used to deposit user-defined rule, and be provided with configuration interface and read interface, configuration interface is used for rule is configured to rule list, reads interface and is used for reading rule from rule list;
Comparator: be used for reading the clause of rule, from the grouping field register, read the value of field in grouping, and relatively whether the value of field in grouping satisfies regular clause, and comparative result is exported to decision-making device from rule list;
Decision-making device: be used for comparative result according to comparator; Judge whether grouping mates a certain rule; The record the match is successful the rule action; And from all rules that the match is successful, select a final result as stream of packets identification, convert the action of final result the output of to packet transaction command code.
Description of drawings
Fig. 1 is a stream recognition method flow chart of the present invention;
Fig. 2 is a list of fields structure chart of the present invention;
Fig. 3 is a rule list structure chart of the present invention;
Fig. 4 is a clause format chart of the present invention;
Fig. 5 is operational format figure of the present invention;
Fig. 6 is a command code format chart of the present invention;
Fig. 7 is a stream identification equipment structure chart of the present invention.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, the present invention is carried out the detailed description in a nearly step.
With reference to Fig. 1, the present invention is based on the longest stream recognition method that matees, implementation step is following:
Step 1: the user generates field and rule according to networking and managerial demand; And field configuration in list of fields; Be configured to rule in the rule list; This field is meant that a continuous bit string that is used in reference to the specific region that in dividing into groups, need mate or operate is made up of address offset and two kinds of information of length, and this rule comprises the action of needs execution when a series of clauses and clause satisfy.
With reference to Fig. 2, all order of the fields of the present invention are stored in the list of fields, and give field number by storage order, and field numbers index through it.
Each fields account is used 4 bytes in the list of fields, wherein:
1~0: the protocol layer at expression field place, 0 expression MAC layer, 1 expression IP layer, 2 expression IP upper stratas, 3 expression special field;
7~2: as keeping the position;
8: be used for during indication field is among high 16 of the double word confirmed by level number and skew still low 16,1 expression is high 16, low 16 of 0 expression;
13~9: the double word skew of expression field in the layer of place, maximum double word offset 31;
15~14: as keeping the position;
31~16: 16 bitmasks, refer to the number of significant digit in high or low 16 bits in the double word of field place, 1 expression bit is effective, and 0 expression is invalid.
With reference to Fig. 3, rule list of the present invention is one section continuous memory space, comprises 128 rules; Every rule takies 64 bytes; Rule ordering is stored in the rule list, and a rule is made up of 12 clauses, 1 action message, 1 incidental information, and every rule accounts for 4 bytes; Action accounts for 12 bytes, and incidental information is 4 bytes.The action of rule comprises instruction, double word skew, level number, mask and value, wherein instruction comprise abandon, priority mapping, interpolation, deletion or modification field, be redirected to CPU, copy to CPU.
With reference to Fig. 4; Clause of the present invention is made up of field, operation and value, and field representes that through field number field number takies 8 bits; High 3 reservations need not; Low 5 fields that are used for the corresponding sequence number of corresponding field tabulation are because the field of only storing in the list of fields is no more than 32, so can represent the arbitrary fields in the list of fields with 5 Bit datas.Clause operation of the present invention takies 8 bits, and value takies 16 bits.
With reference to Fig. 5; The highest two of the present invention's operation is always 0; Remaining 6 according to priority order from high to low represent successively to equal, be not equal to, greater than, less than, more than or equal to smaller or equal to 6 matching operations, be 1 this efficient in operation of expression, a plurality of operations are simultaneously effectively the time; Only carry out the operation of high priority, complete 0 expression does not have operation.
Step 2:, extract the value of the grouping field that need flow the identification processing according to user configured list of fields.
Because field is by level number, with respect to the side-play amount of certain one deck initial address, and mask forms, thus extract divide into groups in effectively the key of the value of field be to confirm the starting position of a certain layer protocol; First byte of dividing into groups is the beginning of MAC layer, can judge that according to MAC layer header type territory the 3rd layer protocol is IPv4 or IPv6; Utilize the Next header territory of IPv4 length field IHL and IPv6 agreement can locate the start address of the 4th layer protocol then; After the initial address of each layer protocol is confirmed, in conjunction with the side-play amount of field, just can find the position of field in grouping through byte count, just can know the value of grouping field again through mask.
Step 3: article one rule beginning from rule list, relatively whether the value of grouping field satisfies rule, if satisfy, the number of the effective clause in the record rule and the corresponding action of rule if do not satisfy, judge whether to satisfy the second rule, and the like; The foundation that the value of judging grouping field satisfies a rule is that the value of grouping field has satisfied clauses all in the rule.
Step 4: the judged result based on to strictly all rules is confirmed the operation to dividing into groups:
This operation divides three kinds of situation:
Do not satisfy any when regular in the rule list when dividing into groups, this grouping is not processed;
When dividing into groups only to satisfy a regular R 1, then by regular R 1Specified action is handled and is divided into groups;
When dividing into groups to satisfy many regular R 1, R 2... R m, R n, n>m>1, the number of the effective clause that then comprises according to rule decides finally handles grouping according to that rule: remember regular R 1The effective clause numerical digit that comprises is C 1, regular R 2The effective clause that comprises is C 2..., regular R mThe effective clause that comprises is C m, regular R nThe effective clause that comprises is C n, if C n=max{C 1, C 2... C m, C n, and C n≠ C 1, C i≠ C 2..., C n≠ C m, then by regular R nThe action of definition is handled and is divided into groups; If C m=C n=max{C 1, C 2... C m, C n, and regular R mThe position be in regular R nBefore, then according to regular R mThe action of definition is handled and is divided into groups;
Step 5: after the rule match end, the mode that the processing of dividing into groups is operated with command code provides, and accomplishes the stream identification of mating based on the longest.
With reference to Fig. 6; The command code bit wide is 80 bits, the corresponding command code of stream identification grouping, and command code comprises instruction area and parameter region; There are 7 kinds of instructions the instruction area; Be respectively copy package, be redirected to CPU, copy to CPU, assigned priority formation, insertion, modification and deletion, the instruction area corresponding positions be 1 expression this instruction effectively, be 0 represent invalid; Parameter region comprises the priority number of appointment, and the address and the value of operation are inserted in the address of deletion action, the address of retouching operation, value and mask; , the priority that an insertion in the command code, modification, delete instruction are carried out is the highest for inserting, and modification is taken second place, and deletes minimum; Work as insertion, it is 1 o'clock that there is the multidigit bit in modification and delete instruction district, and it is effective having only the highest instruction of priority.
With reference to Fig. 7, the present invention is based on the longest stream identification equipment that matees, comprise list of fields 10, grouping preprocessor 20, grouping field register 30, rule list 40, comparator 50 and decision-making device 60.Wherein:
List of fields 10: be provided with two interfaces, an interface is used for the configuration of field, and another interface and 20 unidirectional linking to each other of grouping preprocessor are used for reading of grouping field.Content in the list of fields is write through configuration interface by the user in advance, and supports the real-time update to wall scroll or many fields.
Rule list 40: be used to deposit user-defined rule; And be provided with configuration interface and read interface; Configuration interface is configured to rule in the rule list, reads interface and from rule list, reads rule, in order to improve the speed of processing; The bit wide of reading interface is identical with the width of rule, reads a rule and only needs once-through operation; Rule in the rule list is write through configuration interface by the user in advance, and supports the real-time update to wall scroll or many rules.
Grouping preprocessor 20: the output of link field tabulation 10 and grouping field register 30 is used for extracting from mac-layer protocol to the four layer protocol grouping field values; The MAC layer is supported standard ethernet frame format and 802.3 agreements, according to the definition of type field in the MAC agreement, and the original position of location IP layer protocol in grouping; The IP layer is supported IPv4 agreement and IPv6 agreement simultaneously, according to the Next header territory of IPv4 protocol of I P head length degree IHL territory and IPv6 agreement, locatees the original position of the 4th layer protocol in grouping.
When the identification processing is flowed in grouping; At first according to said method; Obtain the original position of each layer protocol in grouping; From list of fields, read field information then; In conjunction with offset address in the field and length information; Can from grouping, obtain the value of this field in grouping, at last value and the corresponding control information of this field in grouping exported to grouping field register 30, to accomplish the storage operation of grouping field value.
Grouping field register 30: form by 64 registers; Be divided into 2 groups; Every group of 32 registers are connected between grouping preprocessor and the comparator, and grouping preprocessor 20 adopts the mode of ping-pong operation in two groups of registers, alternately to store the value and the field number of field; Then with the value of this field and field number as judging the parameter of dividing into groups whether to satisfy regular particular conditions, be delivered in the comparator 50.
Comparator 50: be made as a plurality of, the clause that its number and a rule comprise total identical; The output of reading interface and grouping field register 30 of concatenate rule table 40; From rule list, read the clause of rule; From the grouping field register, read the value of grouping field, and relatively whether the value of grouping field satisfies regular clause, and comparative result is exported to decision-making device 60; Each comparator is responsible for judging a clause, all clause parallel processings of a rule, if the clause in the rule is invalid, then this clause is ignored by comparator 50, does not make a decision.
Decision-making device 60: be used to judge whether grouping satisfies certain bar rule and according to the judged result to strictly all rules, the processing that decision convection current identification is divided into groups is operated; It is input as the action of rule in comparative result and the rule list 40 of all comparators 50, and its output is to dividing into groups to carry out the processed instruction sign indicating number, and this command code also is the final result of stream of packets identification; Decision-making device 60 reads comparative result from comparator 50, judge to divide into groups whether to satisfy certain bar rule according to comparative result then, and the condition of dividing into groups to satisfy certain bar rule is that all clauses of this rule all are satisfied; Satisfy certain bar rule if divide into groups, then from rule list 40, read and deposit the corresponding action of this rule; After strictly all rules is handled; As dividing into groups not satisfy any rule; Then complete zero command code of decision-making device 60 outputs does not process dividing into groups, if divide into groups to have satisfied one or more rule; Then from the rule that satisfies, select a final result, convert the action of finally selecting rule the output of to packet transaction command code as stream of packets identification.
The above; Be merely embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with these those skilled in the art in the technical scope that the present invention discloses; The change that can expect easily or replacement all are encompassed in protection scope of the present invention.

Claims (9)

1. the method based on the longest stream identification of mating comprises the steps:
(1) user generates field and rule according to networking and managerial demand; And field configuration in list of fields; Be configured to rule in the rule list; This field is meant that a continuous bit string that is used in reference to the specific region that in dividing into groups, need mate or operate is made up of address offset and two kinds of information of length, and this rule comprises the action of needs execution when a series of clauses and clause satisfy;
(2), extract the value of the grouping field that need flow the identification processing according to user configured list of fields;
(3) rule of the article one from rule list beginning, relatively whether the value of grouping field satisfies rule, if satisfy, the number of the effective clause in the record rule and the corresponding action of rule if do not satisfy, judge whether to satisfy the second rule, and the like;
(4) confirm operation based on judged result to dividing into groups to strictly all rules:
Do not satisfy any when regular in the rule list when dividing into groups, this grouping is not processed;
When dividing into groups only to satisfy a regular R 1, then by regular R 1Specified action is handled and is divided into groups;
When dividing into groups to satisfy many regular R 1, R 2... R m, R n, n>m>1, the number of the effective clause that then comprises according to rule decides finally handles grouping according to that rule: remember regular R 1The effective clause numerical digit that comprises is C 1, regular R 2The effective clause that comprises is C 2..., regular R mThe effective clause that comprises is C m, regular R nThe effective clause that comprises is C n, if C n=max{C 1, C 2... C m, C n, and C n≠ C 1, C i≠ C 2..., C n≠ C m, then by regular R nThe action of definition is handled and is divided into groups; If C m=C n=max{C 1, C 2... C m, C n, and regular R mThe position be in regular R nBefore, then according to regular R mThe action of definition is handled and is divided into groups;
(5) after the rule match end, the mode that the processing of dividing into groups is operated with command code provides, and accomplishes the stream identification of mating based on the longest.
2. the method based on the longest stream identification of mating according to claim 1, field address related in its step (1) squints, and comprises that the agreement level number reaches the side-play amount with respect to this layer protocol first byte.
3. the method for the stream identification based on the longest coupling according to claim 1, related field length information in its step (1) is to represent through mask, 1 length is exactly the effective length of field in the mask.
4. the method based on the longest stream identification of mating according to claim 1; Related clause in its step (1); Form by field, operation and value; Field in the clause represented by field number, the respective field in the corresponding field tabulation, the operation of clause comprises: equal, greater than, less than, be not equal to, more than or equal to, smaller or equal to.
5. the method for the stream identification based on the longest coupling according to claim 1, related action in its step (1), comprise abandon, priority mapping, interpolation, deletion or revise field, be redirected to CPU, copy to CPU.
6. based on the described method of claim 1 based on the longest stream identification of mating; Related instruction code in its step (5); Comprise instruction area and parameter region two parts, this instruction area has indicated the operation that need carry out dividing into groups, and it comprises and abandons grouping; Copy to CPU; Be redirected to CPU, the assigned priority formation is inserted; Revise deletion; This parameter region comprises the priority number of appointment, and the address and the value of operation are inserted in the address of deletion action, the address of retouching operation, value and mask.
7. stream identification equipment based on the longest coupling comprises:
List of fields (10): be provided with two interfaces, an interface is used for the configuration of field, and another interface links to each other with the grouping preprocessor, is used for reading of field;
Grouping preprocessor (20): be used for extracting the value of field in stream identification grouping; When grouping will be flowed the identification processing; Scan the packet header data at first from front to back; Definition according to procotol; Obtain the type of each layer protocol of grouping and the original position in grouping; From list of fields (10), read field information then; In conjunction with offset address in the field and length information; Obtain the value of this field in grouping, at last field number and the value of this field in grouping are stored in the grouping field register (30);
Grouping field register (30): be used for the value and the field number of the field that stores packets preprocessor (20) extracts, as judging the parameter of dividing into groups whether to satisfy the particular conditions in the rule, be delivered in the comparator (50) with this value and field number;
Rule list (40): be used to deposit user-defined rule, and be provided with configuration interface and read interface, configuration interface is used for rule is configured to rule list, reads interface and is used for reading rule from rule list;
Comparator (50): be used for reading the clause of rule, from grouping field register (30), read the value of field in grouping, and relatively whether the value of field in grouping satisfies regular clause, and comparative result is exported to decision-making device (60) from rule list (40);
Decision-making device (60): be used for comparative result according to comparator; Judge whether grouping mates a certain rule; The record the match is successful the rule action; And from all rules that the match is successful, select a final result as stream of packets identification, convert the action of final result the output of to packet transaction command code.
8. the equipment based on the longest stream identification of mating according to claim 7; Wherein comparator (50) add up to N, each comparator is responsible for judging a clause, all clause parallel processings; If the clause in the rule is invalid; Then this clause is ignored by comparator, does not make a decision, and the value of N is the number of all clauses of comprising of a rule.
9. the equipment based on the longest stream identification of mating according to claim 7, wherein the data bit width of reading interface of rule list (40) is identical with the bit wide of rule, and reading a rule only needs once-through operation.
CN2011104037919A 2011-12-07 2011-12-07 Stream identifying method and device based on multi-domain longest match Pending CN102427428A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011104037919A CN102427428A (en) 2011-12-07 2011-12-07 Stream identifying method and device based on multi-domain longest match

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011104037919A CN102427428A (en) 2011-12-07 2011-12-07 Stream identifying method and device based on multi-domain longest match

Publications (1)

Publication Number Publication Date
CN102427428A true CN102427428A (en) 2012-04-25

Family

ID=45961374

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011104037919A Pending CN102427428A (en) 2011-12-07 2011-12-07 Stream identifying method and device based on multi-domain longest match

Country Status (1)

Country Link
CN (1) CN102427428A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685008A (en) * 2012-05-07 2012-09-19 西安电子科技大学 Pipeline-based rapid stream identification method and equipment
CN104468381A (en) * 2014-12-01 2015-03-25 国家计算机网络与信息安全管理中心 Implementation method for multi-field rule matching
CN104967575A (en) * 2015-06-03 2015-10-07 清华大学 Virtual software-defined network switch
CN105704028A (en) * 2016-03-25 2016-06-22 北京华为数字技术有限公司 Message processing method and message processing device
CN106850442A (en) * 2013-01-29 2017-06-13 华为技术有限公司 Message processing method and forwarding unit
CN107070906A (en) * 2017-03-31 2017-08-18 中国人民解放军信息工程大学 A kind of packet parsing device and method for supporting e-learning quality
CN108574679A (en) * 2017-03-13 2018-09-25 华为技术有限公司 Handle the method and the network equipment of grouping
CN109150584A (en) * 2018-07-04 2019-01-04 北京中创腾锐技术有限公司 A method of being instructed based on SMID is that network packet classification provides acceleration support
CN112905597A (en) * 2021-03-11 2021-06-04 芯启源(南京)半导体科技有限公司 Hash method for calculating LPM rule index
CN113835712A (en) * 2021-09-23 2021-12-24 中国人民解放军63620部队 Fast data packet routing method for judging according to given field value
CN113949664A (en) * 2020-07-15 2022-01-18 瑞昱半导体股份有限公司 Circuit for network device and packet processing method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494278A (en) * 2002-11-02 2004-05-05 华为技术有限公司 Data stream classifying method
CN1905523A (en) * 2006-08-02 2007-01-31 华为技术有限公司 Method for implementing multi-area stream classifying
US7227842B1 (en) * 2001-04-24 2007-06-05 Tensilica, Inc. Fast IP packet classification with configurable processor
US7535906B2 (en) * 2003-05-28 2009-05-19 International Business Machines Corporation Packet classification

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7227842B1 (en) * 2001-04-24 2007-06-05 Tensilica, Inc. Fast IP packet classification with configurable processor
CN1494278A (en) * 2002-11-02 2004-05-05 华为技术有限公司 Data stream classifying method
US7535906B2 (en) * 2003-05-28 2009-05-19 International Business Machines Corporation Packet classification
CN1905523A (en) * 2006-08-02 2007-01-31 华为技术有限公司 Method for implementing multi-area stream classifying

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JAN VAN LUNTEREN,TON ENGBERSEN: "Fast and Scalable Packet Classification", 《IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS》 *
王卫江: "HINOC系统测试与管理应用系统设计与实现", 《西安电子科技大学硕士论文》 *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685008A (en) * 2012-05-07 2012-09-19 西安电子科技大学 Pipeline-based rapid stream identification method and equipment
CN106850442B (en) * 2013-01-29 2019-01-08 华为技术有限公司 Message processing method and forwarding device
CN106850442A (en) * 2013-01-29 2017-06-13 华为技术有限公司 Message processing method and forwarding unit
CN104468381A (en) * 2014-12-01 2015-03-25 国家计算机网络与信息安全管理中心 Implementation method for multi-field rule matching
CN104468381B (en) * 2014-12-01 2017-05-10 国家计算机网络与信息安全管理中心 Implementation method for multi-field rule matching
CN104967575A (en) * 2015-06-03 2015-10-07 清华大学 Virtual software-defined network switch
CN104967575B (en) * 2015-06-03 2018-10-02 清华大学 Virtual software defines the network switch
CN105704028A (en) * 2016-03-25 2016-06-22 北京华为数字技术有限公司 Message processing method and message processing device
CN105704028B (en) * 2016-03-25 2019-02-19 北京华为数字技术有限公司 Message processing method and device
US11310153B2 (en) 2017-03-13 2022-04-19 Huawei Technologies Co., Ltd. Packet processing method and network device
CN108574679A (en) * 2017-03-13 2018-09-25 华为技术有限公司 Handle the method and the network equipment of grouping
US11799766B2 (en) 2017-03-13 2023-10-24 Huawei Technologies Co., Ltd. Packet processing method and network device
CN108574679B (en) * 2017-03-13 2021-03-30 华为技术有限公司 Method and network device for processing packet
CN107070906A (en) * 2017-03-31 2017-08-18 中国人民解放军信息工程大学 A kind of packet parsing device and method for supporting e-learning quality
CN109150584A (en) * 2018-07-04 2019-01-04 北京中创腾锐技术有限公司 A method of being instructed based on SMID is that network packet classification provides acceleration support
CN113949664A (en) * 2020-07-15 2022-01-18 瑞昱半导体股份有限公司 Circuit for network device and packet processing method
CN113949664B (en) * 2020-07-15 2023-04-07 瑞昱半导体股份有限公司 Circuit for network device and packet processing method
CN112905597A (en) * 2021-03-11 2021-06-04 芯启源(南京)半导体科技有限公司 Hash method for calculating LPM rule index
CN113835712A (en) * 2021-09-23 2021-12-24 中国人民解放军63620部队 Fast data packet routing method for judging according to given field value
CN113835712B (en) * 2021-09-23 2023-09-26 中国人民解放军63620部队 Fast data packet routing method for judging according to given field value

Similar Documents

Publication Publication Date Title
CN102427428A (en) Stream identifying method and device based on multi-domain longest match
CN108370352B (en) High speed flexible packet classification using network processors
US9984144B2 (en) Efficient lookup of TCAM-like rules in RAM
US10496680B2 (en) High-performance bloom filter array
CN104823416B (en) The device and method for realizing the message sequence in the software defined network of OpenFlow
CN102238083B (en) For the system and method for adapted packet process streamline
CN107800631B (en) Method and apparatus for efficient matching of TCAM rules using hash tables in RAM
CN104580027B (en) A kind of OpenFlow message forwarding methods and equipment
CN101510855B (en) Method and apparatus for processing QinQ message
US7706375B2 (en) System and method of fast adaptive TCAM sorting for IP longest prefix matching
EP2437173A1 (en) Regular expression matching method and system, and searching device
US7257590B2 (en) Method and system for classifying binary strings
CN101345707A (en) Method and apparatus for implementing IPv6 packet classification
CN105515997B (en) The higher efficiency range matching process of zero scope expansion is realized based on BF_TCAM
CN111277612B (en) Network message processing strategy generation method, system and medium
US9485179B2 (en) Apparatus and method for scalable and flexible table search in a network switch
CN107276916B (en) Switch flow table management method based on protocol non-perception forwarding technology
CN106453091B (en) The equivalent route management method and device of router Forwarding plane
CN102685008A (en) Pipeline-based rapid stream identification method and equipment
CN112131356B (en) Message keyword matching method and device based on TCAM
CN106487769B (en) Method and device for realizing Access Control List (ACL)
Liu et al. An overlay automata approach to regular expression matching
Chang Efficient multidimensional packet classification with fast updates
CN103532758B (en) Be applicable to the configuration processing method of transmission of future generation, data equipment fusion
CN109815263A (en) A kind of data stream recognition method and system of fuzzy search

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120425