CN101895467A - Method and device for filtering message - Google Patents
Method and device for filtering message Download PDFInfo
- Publication number
- CN101895467A CN101895467A CN2010102281478A CN201010228147A CN101895467A CN 101895467 A CN101895467 A CN 101895467A CN 2010102281478 A CN2010102281478 A CN 2010102281478A CN 201010228147 A CN201010228147 A CN 201010228147A CN 101895467 A CN101895467 A CN 101895467A
- Authority
- CN
- China
- Prior art keywords
- message
- matched
- acl
- masterplate
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for filtering a message. The method comprises the following steps of: generating a custom access control list (ACL) template according to the type and the content of a message to be matched; determining the matching rule of the custom ACL template, wherein the matching rule comprises the value range of the content of the message to be matched; and filtering the received message by using the matching rule. The invention solves the problems of more complication and longer time of message filter in the prior art, does not need to check all previous configurations while filtering the message by using the custom ACL and can cover all message types, thereby reducing the processing complexity and time.
Description
Technical field
The present invention relates to network communications technology field, in particular to a kind of message filtering method and device.
Background technology
ACL (Access Control List (ACL)) comes technology that the data message is classified by a series of matching condition.ACL can be divided into standard ACL, extended acl, two layers of ACL, mixing ACL etc. according to different match-on criterions.These fixedly ACL can match data message head commonly used field and combination, as source MAC, purpose MAC, source IP, purpose IP, EtherType type etc.; But at this moment some more special field (as: two bytes of EtherType type back) or combination can only use self-defining ACL could realize coupling to these special field or combination not among common coupling.
User-defined ACL is meant that preceding 128 bytes of a header are divided into from the fritter of 32 4 bytes of 4*N+2 (value of N is 0~31) beginning, and the data that the user can therefrom select 4 fritters (totally 16 bytes) that coupling is set are arbitrarily classified to message.
In existing technology, the configuration of user-defined ACL is not provided with functions such as type of message, matched rule and hardware based on masterplate, and like this, configuration all will be checked with all configurations before at every turn, and can't realize the covering to all type of message couplings.Thereby, when using ACL that message is filtered, increased the complexity and the time of handling.
Summary of the invention
Main purpose of the present invention is to provide a kind of message filtering method and device, to solve packet filtering in the prior art comparatively complexity and long problem of time at least.
According to an aspect of the present invention, provide a kind of message filtering method, it comprises: type and above-mentioned content of message to be matched according to message to be matched generate self-defined access control list ACL masterplate; Determine the matched rule of above-mentioned user-defined ACL masterplate, wherein, above-mentioned matched rule comprises the span of above-mentioned content of message to be matched; Use above-mentioned matched rule that the message that receives is filtered.
Further, generating self-defined access control list ACL masterplate according to the type of message to be matched and above-mentioned content of message to be matched comprises: type and the above-mentioned content of message to be matched of obtaining above-mentioned message to be matched; Obtain the deviation post of above-mentioned content of message to be matched in header according to the type of above-mentioned message to be matched; The above-mentioned type and above-mentioned deviation post are combined into above-mentioned user-defined ACL masterplate.
Further, after the above-mentioned type and above-mentioned deviation post were combined into above-mentioned user-defined ACL masterplate, also comprise: whether the type of judging message to be matched changed; If change, then obtain the deviation post of above-mentioned content of message to be matched in header again according to the type after changing; Type after the above-mentioned variation and the deviation post that obtains again are combined into user-defined ACL masterplate after the variation.
Further, the matched rule of determining above-mentioned user-defined ACL masterplate comprises: the matching condition that receives user's input; Determine the span of above-mentioned content of message to be matched according to the matching condition of above-mentioned user's input.
Further, after determining the span of above-mentioned content of message to be matched according to the matching condition of above-mentioned user's input, also comprise: whether the matching condition of judging above-mentioned user's input changes; If change, the span of the above-mentioned content of message to be matched after then determining to change according to the matching condition after changing.
Further, using above-mentioned matched rule that the message that receives is filtered comprises: whether the port of judging switching equipment has disposed old matched rule; If dispose, judge then whether the above-mentioned old matched rule that has disposed is identical with current definite above-mentioned matched rule; If different, then above-mentioned old matched rule is updated to above-mentioned current definite above-mentioned matched rule; The port of above-mentioned switching equipment uses above-mentioned current definite above-mentioned matched rule that the message that receives is filtered.
According to a further aspect in the invention, provide a kind of packet filtering device, it comprises: generation unit is used for generating self-defined access control list ACL masterplate according to the type and the above-mentioned content of message to be matched of message to be matched; Determining unit is used for determining the matched rule of above-mentioned user-defined ACL masterplate, and wherein, above-mentioned matched rule comprises the span of above-mentioned content of message to be matched; Filter element is used to use above-mentioned matched rule that the message that receives is filtered.
Further, above-mentioned generation unit comprises: first acquisition module is used to obtain the type and the above-mentioned content of message to be matched of above-mentioned message to be matched; Second acquisition module is used for obtaining the deviation post of above-mentioned content of message to be matched at header according to the type of above-mentioned message to be matched; Processing module is used for the above-mentioned type and above-mentioned deviation post are combined into above-mentioned user-defined ACL masterplate.
Further, above-mentioned determining unit comprises: receiver module is used to receive the matching condition that the user imports; Processing module is used for determining according to the matching condition of above-mentioned user input the span of above-mentioned content of message to be matched.
Further, above-mentioned filter element comprises: first judge module is used to judge whether the port of switching equipment has disposed old matched rule; Second judge module is used for judging whether the above-mentioned old matched rule that has disposed is identical with current definite above-mentioned matched rule when disposing old matched rule; Update module is used at old matched rule and current definite above-mentioned matched rule not simultaneously above-mentioned old matched rule not being updated to above-mentioned current definite above-mentioned matched rule; Filtering module is used to use above-mentioned current definite above-mentioned matched rule that the message that receives is filtered.
The present invention adopts the notion of user-defined ACL masterplate, make it corresponding with type of message and matched rule, like this when using user-defined ACL that message is filtered, do not need to check with all configurations before, and can cover whole type of messages, reduce the complexity and the time of handling.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to the message filtering method of the embodiment of the invention;
Fig. 2 is the preferred flow charts according to the masterplate of the configuration user-defined ACL of the embodiment of the invention;
Fig. 3 is according to the configuration of the embodiment of the invention preferred flow charts based on the matched rule of user-defined ACL masterplate;
Fig. 4 is the preferred flow charts that is applied to the port of switching equipment according to the matched rule with user-defined ACL of the embodiment of the invention;
Fig. 5 is according to the renewal of the embodiment of the invention or the deletion schematic diagram based on the matched rule of user-defined ACL masterplate;
Fig. 6 removes the schematic diagram of the matched rule of user-defined ACL according to the embodiment of the invention from the port of switching equipment;
Fig. 7 is the schematic diagram according to the masterplate of the deletion user-defined ACL of the embodiment of the invention;
Fig. 8 is the structural representation according to the packet filtering device of the embodiment of the invention.
Embodiment
Hereinafter will describe the present invention with reference to the accompanying drawings and in conjunction with the embodiments in detail.Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Fig. 1 is that it comprises the steps: according to the flow chart of the message filtering method of the embodiment of the invention
S102 is according to the type and the above-mentioned content of message generation user-defined ACL masterplate to be matched of message to be matched;
S104 determines the matched rule of above-mentioned user-defined ACL masterplate, and wherein, above-mentioned matched rule comprises the span of above-mentioned content of message to be matched;
S106 uses above-mentioned matched rule that the message that receives is filtered.
In existing technology, the configuration of user-defined ACL not is not provided with type of message, matched rule based on masterplate and function such as hardware is set, like this, configuration all will be checked with all configurations before at every turn, and can't realize the covering to all type of message couplings.Thereby, when using user-defined ACL that message is filtered, increased the complexity and the time of handling.Review the embodiment of the invention, adopt the notion of user-defined ACL masterplate, make it corresponding with type of message and matching content, like this when using user-defined ACL that message is filtered, do not need to check with all configurations before, and can cover whole type of messages, reduce the complexity and the time of handling.
Preferably, generating self-defined access control list ACL masterplate according to the type of message to be matched and described content of message to be matched comprises: type and the described content of message to be matched of obtaining described message to be matched; Obtain the deviation post of described content of message to be matched in header according to the type of described message to be matched; Described type and described deviation post are combined into described user-defined ACL masterplate.
By the content to be matched and the deviation post of all type of messages are set, increased the suitable life of handling.
Preferably, after described type and described deviation post were combined into described user-defined ACL masterplate, said method also comprises: whether the type of judging message to be matched changed; If change, then obtain the deviation post of described content of message to be matched in header again according to the type after changing; Type after the described variation and the deviation post that obtains again are combined into user-defined ACL masterplate after the variation.
Can dispose the user-defined ACL masterplate flexibly by above-mentioned deviation post and type of message, when the user-defined ACL masterplate upgrades, only need to upgrade deviation post and type of message, and do not need to reconfigure fully, thereby increased the flexibility of handling like this.
Preferably, the matched rule of determining described user-defined ACL masterplate comprises: the matching condition that receives user's input; Determine the span of described content of message to be matched according to the matching condition of described user's input.
Mode by user's input is obtained matching condition, has improved configuration flexibility and real-time.
Preferably, after determining the span of described content of message to be matched according to the matching condition of described user's input, said method also comprises: whether the matching condition of judging above-mentioned user's input changes; If change, the span of the described content of message to be matched after then determining to change according to the matching condition after changing.
By above-mentioned detection update method, can come configurations match rule in real time according to user's input.
Preferably, using above-mentioned matched rule that the message that receives is filtered comprises: whether the port of judging switching equipment has disposed old matched rule; If dispose, judge then whether the above-mentioned old matched rule that has disposed is identical with current definite above-mentioned matched rule; If different, then above-mentioned old matched rule is updated to above-mentioned current definite above-mentioned matched rule; The port of above-mentioned switching equipment uses above-mentioned current definite above-mentioned matched rule that the message that receives is filtered.
By above-mentioned mode, only under the old matched rule situation different, just upgrade the employed matched rule of port of switching equipment, thereby reduced the expense of system with new matched rule.
Below the foregoing description is further described.
In above-mentioned steps S102, the masterplate of configuration user-defined ACL, need to determine the field of coupling, promptly from 32 fritters that preceding 128 bytes of header are divided into, select 4 required fritters (if the field of user's coupling does not need can select the 1-3 piece with full 4 fritters yet).The user can dispose a masterplate to dissimilar messages in same masterplate, and dissimilar messages refers to the number of three layers of type+vlan-label of two layers of type+message of message.
For instance: what the user need be mated is the message of the IPV4 of Ethernet, mate unTag, oneTag and twoTag all types, can confirm that so the type of message that mates is combined as (EtherNetII+IPV4+unTag, EtherNetII+IPV4+oneTag, EtherNetII+IPV4+twoTag).If what the user need be mated is purpose Mac+IPV4 type+four layers of port numbers, in unTag, the skew of four fritters is 0,1,6,9 so; The skew of four fritters is 0,1,7,10 in the time of oneTag; The skew of four fritters is 0,1,8,11 in the time of twoTag.Can following configuration mode be:
Acl?udf?profile?1offset?10offset2?1?offset3?6?offset4?9?EtherNetIIIPV4?unTag;
Acl?udf?profile?1offset1?0?offset2?1?offset3?7?offset4?10?EtherNetIIIPV4?oneTag;
Acl?udf?profile?1?offset?10offset2?1?offset38offset4?11?EtherNetIIIPV4?twoTag。
If except that above-mentioned configuration, also need to continue in Acl udfprofile 1, to add,, just can mate all types of messages like this based on same masterplate to the restriction of IPV6 message; Certainly, if only need mate the message of one deck Vlan label, then that of an above-mentioned centre of needs configuration gets final product.
If the type of message that has been configured is also had other demand, the Cos value such as among option field+outer Vlan of the purpose Mac+IPV4 of needs couplings Ethernet message can dispose new masterplate so as required, can following configuration mode be:
Acl?udf?profile?2offset?10?offset21offset3?4?offset411EtherNetIIIPV4oneTag;
Acl?udf?profile?2?offset1?0?offset21offset3?4?offset4?12?EtherNetIIIPV4?twoTag。
Do not need to do the inspection that conflicts between masterplate and the masterplate, do not represent and to be applied to switching equipment, defining the detection that need conflict when concrete matched rule is applied to port because disposed masterplate.
In above-mentioned step S104, configuration is meant in the data area that specifically needs coupling based on the configuration of the masterplate among the step S102 based on a series of matched rules of user-defined ACL masterplate.For instance: based on masterplate 1 configuration, coupling purpose Mac is that four layers of source port number of 17+ are 67 message for the 1000.2001.3002+IPV4 type, and coupling purpose Mac is that 1000.2002.3010~001f+IPV4 type is that four layers of source port number of 17+ are 68 message, can carry out following configuration like this:
Acl?udfprofile?1acl_no?100
Rule?1permit?offset1?0x1000?0xffff?offset2?0x20013002?0xffffffffoffset3?0x110000?0xff0000?offset4?0x430000?0xffff0000;
Rule?2permit?offset1?0x10000xffff?offset2?0x20023010?0xfffffff0offset3?0x110000?0xff0000?offset4?0x440000?0xffff0000;
In above-mentioned steps S106, the matched rule of user-defined ACL is applied to the port of switching equipment, detect when bundling port whether existing ACL based on other self-defined masterplate has been bound to other port, promptly check whether also have available UDF resource.For instance, disposed acl 100 and 101 based on Acl udf profile 1, acl 200 and 201 based on Acl udf profile 2, because can only realize a kind of user-defined ACL of pattern on the hardware requirement equipment, if promptly bound acl 100 at arbitrary port, just can only bind acl 100 or 101 so on other port, and cannot bind 200 and 201 again, binding just must all be separated the acl of other masterplate and be removed from port if desired.If bind the ACL of certain masterplate for the first time, need the at first group of initialization UDF; The last ACL binding of removing certain masterplate, the setting that needs to remove the UDF group.
This shows, in scheme provided by the invention, can simply realize the configuration of user-defined ACL, improved the efficient of user-defined ACL configuration, the method for the configuration ACL that the user enriches is provided.
Describe each step in the foregoing description in detail below in conjunction with accompanying drawing.
Fig. 2 is that it may further comprise the steps according to the preferred flow charts of the masterplate of the configuration user-defined ACL of the embodiment of the invention:
S201. the user determines the type of the message of needs coupling.For example, shown in above-mentioned embodiment, determine type of message be (EtherNetII+IPV4+unTag, EtherNetII+IPV4+oneTag, EtherNetII+IPV4+twoTag);
S202. the user determines the offset blocks of all kinds message of needs coupling; In the last example, because coupling is purpose Mac+IPV4 type+four layers of port numbers, so determine that offset blocks is unTag:0,1,6,9, oneTag:0,1,7,10, twoTag:0,1,8,11.
S203. judge whether the same-type message disposed in the masterplate that disposes, and did not turn to S206, turned to S204;
S204. same type configuration mistake in the same masterplate judges further then whether it is identical with new configuration, identically turns to 210, does not turn to S205;
S205. delete the configuration of this type message in the masterplate;
S206. preserve in the masterplate configuration to this type message;
S207. judge whether this masterplate has the configuration acl rule, does not turn to S210, turns to S208;
Whether the acl rule of S208. judging the configuration of this masterplate bundling port, does not turn to S210, turns to S209;
S209. upgrade the UDF pattern;
S210. finish.
Fig. 3 is that it may further comprise the steps according to the configuration of the embodiment of the invention preferred flow charts based on the matched rule of user-defined ACL masterplate:
S301. whether this acl rule disposed, and did not turn to S307, turned to S302;
S302. whether this Rule in this acl rule disposed, and did not turn to S305, turned to S303;
S303. whether this Rule is identical with original configuration, the identical S304 that turns to, and difference turns to S305;
The Rule rule configuration of S304. writing down this ACL is identical; The matching content of four fritters that as above write down in the example is exactly (Rule1:0x1000 0xffff, 0x20013002 0xffffffff, 0x110000 0xff0000,0x430000 0xffff0000; Rule2:0x1000 0xffff, 0x20023010 0xfffffff0,0x110000 0xff0000,0x440000 0xffff0000), go to S306;
The Rule rule configuration of S305. writing down this ACL is different, and the configuration of preserving Rule goes to S306;
S306. judge whether the acl rule configuration finishes, and is to turn to S308, does not turn to S302;
S307. preserve all configurations of acl rule, go to S308;
S308. judge whether bundling port of ACL, do not turn to S310, turn to S309;
S309. upgrade the acl rule of port binding;
S310. finish.
Fig. 4 is the preferred flow charts that is applied to the port of switching equipment according to the matched rule with user-defined ACL of the embodiment of the invention, and it may further comprise the steps:
S401. judge whether this port has bound ACL, does not turn to S409, turns to S402;
S402. judge ACL that this port bound with newly to bind whether identical, be to turn to S413, do not turn to S403;
Whether the ACL that S403. judges new ACL that binds and original binding is to turn to S404 based on same user-defined ACL masterplate, does not turn to S406;
S404. delete the binding of port and original ACL;
S405. bind new ACL again, turn to S413;
S406. judging whether the ACL of port binding in addition and the original identical masterplate of ACL, is to turn to S413, does not turn to S407;
S407. delete the binding of port and original ACL;
S408. delete the original pattern of UDF, turn to S411;
Whether the ACL that S409. judges this masterplate has other ports of binding, is to turn to S412, does not turn to S410;
S410. judging whether the ACL bundling port of other masterplates, is to turn to S413, does not turn to S411;
S411. the new pattern of initialization UDF;
S412. binding ACL configuration on port;
S413. finish.
Fig. 5 is that it may further comprise the steps according to the renewal of the embodiment of the invention or the deletion schematic diagram based on the matched rule of user-defined ACL masterplate:
S501. judge whether this ACL has bundling port, does not turn to S505, turns to S502;
S502. delete the binding of this ACL to all of the port;
S503. judge whether the masterplate under this ACL also has other ACL bundling port, does not turn to S504, turns to S505;
S504. delete the UDF pattern;
S505. delete acl rule;
S506. finish.
Fig. 6 be according to the embodiment of the invention remove the schematic diagram of the matched rule of user-defined ACL from the port of switching equipment, it may further comprise the steps:
S601. judge whether this ACL binds given port, does not turn to S606, turns to S602;
S602. judge whether this ACL of port binding in addition, do not turn to S604, turn to S603;
S603. remove the ACL binding of this port, turn to S606;
S604. judge whether other ports bind the rule of the identical masterplate of ACL therewith in addition, do not turn to S605, turn to S606;
S605. delete the UDF pattern;
S606. finish.
Fig. 7 is that it may further comprise the steps according to the schematic diagram of the masterplate of the deletion user-defined ACL of the embodiment of the invention:
S701. judge based on this user-defined ACL pattern whether the configuration acl rule is arranged, do not turn to S707, turn to S702;
S702. judge whether the acl rule based on this masterplate has bundling port, does not turn to S705, turns to S703;
S703. delete the binding of acl rule to port;
S704. delete the UDF pattern;
S705. delete acl rule based on this masterplate;
S706. delete the user-defined ACL masterplate;
S707. finish.
The present invention also provides a kind of packet filtering device, the message filtering method that it can use the various embodiments described above to describe.
Fig. 8 is that it comprises according to the structural representation of the packet filtering device of the embodiment of the invention: generation unit 802 is used for generating self-defined access control list ACL masterplate according to the type and the described content of message to be matched of message to be matched; Determining unit 804 is connected with generation unit 802, is used for determining the matched rule of described user-defined ACL masterplate, and wherein, described matched rule comprises the span of described content of message to be matched; Filter element 806 is connected with determining unit 804, is used to use above-mentioned matched rule that the message that receives is filtered.
In an embodiment, adopt the notion of user-defined ACL masterplate, make it corresponding with type of message and matched rule, like this when using user-defined ACL that message is filtered, do not need to check with all configurations before, and can cover whole type of messages, reduce the complexity and the time of handling.
Preferably, above-mentioned generation unit 802 comprises: first acquisition module is used to obtain the type and the described content of message to be matched of described message to be matched; Second acquisition module is connected with first acquisition module, is used for obtaining the deviation post of described content of message to be matched at header according to the type of described message to be matched; Processing module is connected with second acquisition module with first acquisition module, is used for described type and described deviation post are combined into described user-defined ACL masterplate.
Preferably, above-mentioned determining unit 804 comprises: receiver module is used to receive the matching condition that the user imports; Processing module is connected with receiver module, is used for determining according to the matching condition of described user's input the span of described content of message to be matched.
Preferably, above-mentioned filter element 806 comprises: first judge module is used to judge whether the port of switching equipment has disposed old matched rule; Second judge module is connected with first judge module, is used for judging when disposing old matched rule whether the above-mentioned old matched rule that has disposed is identical with current definite above-mentioned matched rule; Update module is connected with second judge module, is used at old matched rule and current definite above-mentioned matched rule not simultaneously above-mentioned old matched rule not being updated to above-mentioned current definite above-mentioned matched rule; Filtering module is connected with update module, is used to use above-mentioned current definite above-mentioned matched rule that the message that receives is filtered.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, and in some cases, can carry out step shown or that describe with the order that is different from herein, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a message filtering method is characterized in that, comprising:
Type and described content of message to be matched according to message to be matched generate self-defined access control list ACL masterplate;
Determine the matched rule of described user-defined ACL masterplate, wherein, described matched rule comprises the span of described content of message to be matched;
Use described matched rule that the message that receives is filtered.
2. method according to claim 1 is characterized in that, generates self-defined access control list ACL masterplate according to the type of message to be matched and described content of message to be matched and comprises:
Obtain the type and the described content of message to be matched of described message to be matched;
Obtain the deviation post of described content of message to be matched in header according to the type of described message to be matched;
Described type and described deviation post are combined into described user-defined ACL masterplate.
3. method according to claim 2 is characterized in that, after described type and described deviation post are combined into described user-defined ACL masterplate, also comprises:
Whether the type of judging message to be matched changes;
If change, then obtain the deviation post of described content of message to be matched in header again according to the type after changing;
Type after the described variation and the deviation post that obtains again are combined into user-defined ACL masterplate after the variation.
4. method according to claim 1 is characterized in that, determines that the matched rule of described user-defined ACL masterplate comprises:
Receive the matching condition of user's input;
Determine the span of described content of message to be matched according to the matching condition of described user's input.
5. method according to claim 4 is characterized in that, after determining the span of described content of message to be matched according to the matching condition of described user's input, also comprises:
Whether the matching condition of judging described user's input changes;
If change, the span of the described content of message to be matched after then determining to change according to the matching condition after changing.
6. method according to claim 1 is characterized in that, uses described matched rule that the message that receives is filtered and comprises:
Whether the port of judging switching equipment has disposed old matched rule;
If dispose, judge then whether the described old matched rule that has disposed is identical with current definite described matched rule;
If different, then described old matched rule is updated to described current definite described matched rule;
The port of described switching equipment uses described current definite described matched rule that the message that receives is filtered.
7. a packet filtering device is characterized in that, comprising:
Generation unit is used for generating self-defined access control list ACL masterplate according to the type and the described content of message to be matched of message to be matched;
Determining unit is used for determining the matched rule of described user-defined ACL masterplate, and wherein, described matched rule comprises the span of described content of message to be matched;
Filter element is used to use described matched rule that the message that receives is filtered.
8. device according to claim 7 is characterized in that, described generation unit comprises:
First acquisition module is used to obtain the type and the described content of message to be matched of described message to be matched;
Second acquisition module is used for obtaining the deviation post of described content of message to be matched at header according to the type of described message to be matched;
Processing module is used for described type and described deviation post are combined into described user-defined ACL masterplate.
9. device according to claim 7 is characterized in that, described determining unit comprises:
Receiver module is used to receive the matching condition that the user imports;
Processing module is used for determining according to the matching condition of described user input the span of described content of message to be matched.
10. device according to claim 7 is characterized in that, described filter element comprises:
First judge module is used to judge whether the port of switching equipment has disposed old matched rule;
Second judge module is used for judging whether the described old matched rule that has disposed is identical with current definite described matched rule when disposing old matched rule;
Update module is used at old matched rule and current definite described matched rule not simultaneously described old matched rule not being updated to described current definite described matched rule;
Filtering module is used to use described current definite described matched rule that the message that receives is filtered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102281478A CN101895467A (en) | 2010-07-08 | 2010-07-08 | Method and device for filtering message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102281478A CN101895467A (en) | 2010-07-08 | 2010-07-08 | Method and device for filtering message |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101895467A true CN101895467A (en) | 2010-11-24 |
Family
ID=43104540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102281478A Pending CN101895467A (en) | 2010-07-08 | 2010-07-08 | Method and device for filtering message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101895467A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480424A (en) * | 2010-11-30 | 2012-05-30 | 瑞昱半导体股份有限公司 | Device and method for processing network packet |
| CN105024985A (en) * | 2014-04-30 | 2015-11-04 | 深圳市中兴微电子技术有限公司 | Message processing method and apparatus |
| CN113132241A (en) * | 2021-05-07 | 2021-07-16 | 杭州迪普信息技术有限公司 | ACL template dynamic configuration method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1863142A (en) * | 2005-08-19 | 2006-11-15 | 华为技术有限公司 | Method for providing different service quality tactics to data stream |
| CN101146026A (en) * | 2006-09-13 | 2008-03-19 | 中兴通讯股份有限公司 | Packet filtering method, system and device |
| CN101399747A (en) * | 2007-09-27 | 2009-04-01 | 中兴通讯股份有限公司 | ACL configuration implementation method |
| US20100132031A1 (en) * | 2007-09-27 | 2010-05-27 | Huawei Technologies Co., Ltd. | Method, system, and device for filtering packets |
-
2010
- 2010-07-08 CN CN2010102281478A patent/CN101895467A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1863142A (en) * | 2005-08-19 | 2006-11-15 | 华为技术有限公司 | Method for providing different service quality tactics to data stream |
| CN101146026A (en) * | 2006-09-13 | 2008-03-19 | 中兴通讯股份有限公司 | Packet filtering method, system and device |
| CN101399747A (en) * | 2007-09-27 | 2009-04-01 | 中兴通讯股份有限公司 | ACL configuration implementation method |
| US20100132031A1 (en) * | 2007-09-27 | 2010-05-27 | Huawei Technologies Co., Ltd. | Method, system, and device for filtering packets |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480424A (en) * | 2010-11-30 | 2012-05-30 | 瑞昱半导体股份有限公司 | Device and method for processing network packet |
| CN105024985A (en) * | 2014-04-30 | 2015-11-04 | 深圳市中兴微电子技术有限公司 | Message processing method and apparatus |
| CN105024985B (en) * | 2014-04-30 | 2019-04-02 | 深圳市中兴微电子技术有限公司 | A kind of message processing method and device |
| CN113132241A (en) * | 2021-05-07 | 2021-07-16 | 杭州迪普信息技术有限公司 | ACL template dynamic configuration method and device |
| CN113132241B (en) * | 2021-05-07 | 2022-05-24 | 杭州迪普信息技术有限公司 | ACL template dynamic configuration method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106878459B (en) | Self-adaptive Internet of things intelligent gateway implementation method and equipment thereof | |
| CN109981613B (en) | Flow detection method for cloud environment and resource pool system | |
| CN108173691B (en) | Cross-device aggregation method and device | |
| JP2011528193A (en) | Method and filter arrangement for filtering messages arriving at a subscriber of a network via a serial data bus of a communication network | |
| US20200076925A1 (en) | Software-defined Interconnection Method and Apparatus for Heterogeneous Protocol Data | |
| WO2012159553A1 (en) | Providing a layer-3 interface | |
| EP3534577B1 (en) | Forwarding multicast packets through an extended bridge | |
| JP2021528906A (en) | Control methods and equipment based on Industrial Ethernet | |
| CN101895467A (en) | Method and device for filtering message | |
| CN101197775B (en) | Method, device and system for implementing port mirror-image | |
| CN104660511A (en) | Transmission method and equipment for multicast message in SDN network | |
| CN103780630B (en) | Virtual LAN port separation method and system | |
| CN105812221B (en) | The device and method of data transmission in virtual expansible Local Area Network | |
| CN108683615A (en) | Message diversion method, device and shunting interchanger | |
| CN114024886A (en) | Cross-resource-pool network intercommunication method, electronic equipment and readable storage medium | |
| CN113328973B (en) | Method and device for detecting invalid Access Control List (ACL) rule | |
| CN109951353B (en) | Cloud platform flow detection method and resource pool system | |
| CN104980526A (en) | Control method of media access control (MAC) address drift, control device of MAC address drift and network device | |
| TW201803314A (en) | Server, switch, communication system, communication method, and recording medium | |
| CN101043329B (en) | Method and system for protecting network attack | |
| JP4029768B2 (en) | Layer 2 network control apparatus and control method | |
| CN101075903B (en) | Method and apparatus for allocating network resource | |
| CN102763376A (en) | Method and system for common group action filtering in telecom network environments | |
| CN109039956A (en) | Port Mirroring method, apparatus, host and storage medium | |
| CN103888370A (en) | Selected port selecting method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20101124 |