CN111131079B - Policy query method and device - Google Patents

Policy query method and device Download PDF

Info

Publication number
CN111131079B
CN111131079B CN201911363429.6A CN201911363429A CN111131079B CN 111131079 B CN111131079 B CN 111131079B CN 201911363429 A CN201911363429 A CN 201911363429A CN 111131079 B CN111131079 B CN 111131079B
Authority
CN
China
Prior art keywords
message
message processing
dictionary tree
updated
processing strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911363429.6A
Other languages
Chinese (zh)
Other versions
CN111131079A (en
Inventor
方海名
钱雪彪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201911363429.6A priority Critical patent/CN111131079B/en
Publication of CN111131079A publication Critical patent/CN111131079A/en
Application granted granted Critical
Publication of CN111131079B publication Critical patent/CN111131079B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/90Buffering arrangements
    • H04L49/9063Intermediate storage in different physical parts of a node or terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9027Trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The specification discloses a policy query method and device, the method is applied to a service board card in frame equipment, and the method comprises the following steps: constructing a dictionary tree by any service board card according to a local message processing strategy, and taking the dictionary tree as an effective dictionary tree, wherein each path of the dictionary tree from a root node to any leaf node corresponds to one message processing strategy; after receiving the message, inquiring a corresponding path in a current effective dictionary tree according to the message information, and executing message processing operation corresponding to leaf nodes of the inquired path aiming at the message; after the stored message processing strategy is updated by the management board card, an updated dictionary tree is constructed according to the updated message processing strategy, and if the updated dictionary tree is determined to be successfully constructed, the updated dictionary tree is utilized to replace the current effective dictionary tree. The method can improve the query efficiency of the message processing strategy in the service board card.

Description

Policy query method and device
Technical Field
The embodiment of the specification relates to the field of network communication, in particular to a policy query method and device.
Background
The frame type equipment comprises a service board card and a management board card, wherein the management board card is used for updating the same message processing strategies on any service board card at regular time, the service board card is used for processing received messages according to the local message processing strategies, and each message processing strategy at least comprises two parts of contents of a message matching condition and a message processing operation. The message processing strategies configured by the management board card are stored on the service board card in a linked list structure, the service board card inquires the message processing strategies in the local linked list, and the corresponding message processing operation is utilized to process the message meeting a certain strategy matching condition.
Specifically, after the frame device receives the message through the port, the service board card to be processed is determined and the message is forwarded to the service board card. And the service board card queries the linked list nodes stored by the service board card one by one according to the five-tuple of the message and the port for receiving the message, determines the strategy matching condition which is met by the message, and executes the corresponding message processing operation.
The linked list is generated according to the sequence issued by the strategy and can only be queried one by one, and the query efficiency is lower by utilizing the method.
Disclosure of Invention
In order to improve query efficiency, the specification provides a policy query method and device. The technical proposal is as follows:
the method for inquiring the strategy is applied to a service board card in frame type equipment, the frame type equipment further comprises a management board card, the service board card stores at least one message processing strategy issued by the management board card, and any message processing strategy comprises the following steps: message matching conditions and message processing operations; the method comprises the following steps:
constructing a dictionary tree by any service board card according to a local message processing strategy, taking the dictionary tree as an effective dictionary tree, wherein each path from a root node to any leaf node of the dictionary tree corresponds to one message processing strategy, the leaf node of the path corresponds to the message processing operation of the message processing strategy, and the non-leaf node of the path corresponds to the message matching condition of the message processing strategy;
after receiving the message, inquiring a corresponding path in a current effective dictionary tree according to the message information, and executing message processing operation corresponding to leaf nodes of the inquired path aiming at the message;
after the stored message processing strategy is updated by the management board card, an updated dictionary tree is constructed according to the updated message processing strategy, and if the updated dictionary tree is determined to be successfully constructed, the updated dictionary tree is utilized to replace the current effective dictionary tree.
The utility model provides a policy inquiry device, disposes the business integrated circuit board in frame equipment, frame equipment still includes the management integrated circuit board, the business integrated circuit board has stored at least one message processing policy that management integrated circuit board issued, and arbitrary message processing policy includes: message matching conditions and message processing operations; the device comprises:
the initial construction unit is used for constructing a dictionary tree according to a local message processing strategy, taking the dictionary tree as an effective dictionary tree, wherein each path from a root node to any leaf node of the dictionary tree corresponds to one message processing strategy, the leaf node of the path corresponds to the message processing operation of the message processing strategy, and the non-leaf node of the path corresponds to the message matching condition of the message processing strategy;
the query unit is used for querying a corresponding path in the current effective dictionary tree according to the message information after receiving the message, and executing message processing operation corresponding to the leaf node of the queried path for the message;
and the updating unit is used for constructing an updated dictionary tree according to the updated message processing strategy after the stored message processing strategy is updated by the management board card, and if the updated dictionary tree is determined to be successfully constructed, replacing the current effective dictionary tree by using the updated dictionary tree.
According to the technical scheme, the dictionary tree structure is utilized to replace the linked list structure, so that the matching times are reduced, meanwhile, the time that the query cannot be performed is reduced by adopting a main and standby method, and the query efficiency of the strategy is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present description, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
Fig. 1 is a schematic structural view of a frame type apparatus provided in an embodiment of the present specification;
FIG. 2 is a schematic diagram of a policy store architecture provided by an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of another policy store architecture provided by embodiments of the present description;
FIG. 4 is a flowchart of a policy query method according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a gateway board card policy storage according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an access board policy store according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a policy query device according to an embodiment of the present disclosure;
fig. 8 is a schematic structural view of an apparatus for configuring the method of the embodiment of the present specification.
Detailed Description
As shown in fig. 1, a schematic structural diagram of a frame device according to an embodiment of the present disclosure is provided. In a frame device, there are a plurality of interfaces, a management board, and at least one service board. The frame device may be used to send and receive messages over multiple interfaces. The management board card can be used for issuing and updating message processing strategies to the service board card at regular intervals. The service board card can be used for locally inquiring a message processing strategy and processing the received message.
Each message processing strategy at least comprises two parts of contents of 'message matching condition' and 'message processing operation'. The message matching condition may include a message five-tuple (destination IP, destination port, source IP, source port, and protocol number) and/or message interface information (interface number for receiving the message on the frame device, i.e. a message access port number) and/or a security domain identifier, and the message processing operation may include operations such as discarding, forwarding, and receiving.
More specifically, the message handling policies issued and updated by the management board may be formulated by the administrator and issued to the management board at intervals.
The service board card is characterized in that:
(1) Different service cards have different functions, such as gateway cards and access cards. The gateway board card can be used for forwarding or discarding the received message, and the access board card can be used for receiving the received message into the board card for processing or discarding. The frame device may implement different functions by distributing different messages to different service cards. For example, messages received from interfaces connected to the network are distributed to the gateway board card so that the gateway board card realizes gateway functions; and distributing the messages received from the interfaces connected with other devices to the access board card so that the access board card realizes the receiving function.
(2) The message processing strategies stored in the local area by different service boards are the same, namely the management board issues the same message processing strategy to each service board.
(3) The strategy query methods of different service boards for messages are different. When the message is forwarded to the service board, the message access number can be carried. The gateway board card can convert the message input interface number into the identifier of the security domain for inquiring the message processing strategy; the access board card can directly use the message access interface number for inquiring the message processing strategy.
Wherein the identification of the security domain represents a set of interface numbers, e.g. security domain 1 represents interface numbers 1, 2, 3, 4, 5, security domain 2 represents interface numbers 6, 7, 8, 9, 10. After the gateway board card receives the message with the message access interface number of 1, the message access interface number is replaced by the security domain 1 for matching the message processing strategy.
The service board card queries a message processing strategy locally and processes the received message. The method comprises the following steps: the service board card can process the message information (including five-tuple and/or message access port number) of the received message, and then compare the message information with the message matching conditions in the local message processing strategy one by one, and if the message information is matched (i.e. the message information is the same as the message matching conditions), execute the corresponding message processing operation on the message.
For example, the access board compares the message information of the received message with the message matching condition in the local message processing policy, and if the message processing policy with the same message information as the message matching condition is found, the access board executes the message processing operation in the message processing policy for the message.
The gateway board card processes the message information of the received message, can convert the message input interface number therein into a security domain identifier, compares the security domain identifier with the message matching condition in the local message processing policy, and executes the message processing operation in the message processing policy for the message if the message processing policy with the same message information and message matching condition is found.
The message matching strategies are stored in a linked list structure and are arranged according to the order of strategy sending, and the message matching strategy corresponding to the previous node in the linked list is sent to the service board card before the message matching strategy corresponding to the next node.
Fig. 2 is a schematic diagram of a policy storage structure according to an embodiment of the present disclosure. The message processing strategy issued by the management board to the service board is shown in table 1:
TABLE 1 message processing policy examples
However, when the service board card queries according to the message information, the service board card can only compare from front to back one by utilizing the linked list structure, nodes of the linked list have no relation, the comparison with the message matching condition corresponding to the node can only determine whether the message processing strategy corresponding to the node is correct, and the position of the correct message processing strategy can be determined only by traversing all the nodes in the linked list, so that the query efficiency is quite low.
For example, if the node corresponding to the correct message processing policy is at the end of the linked list, the service board card must compare the message information with the message matching condition corresponding to the previous node, and then can query the correct message processing policy.
In order for those skilled in the art to better understand the technical solutions in the embodiments of the present specification, the technical solutions in the embodiments of the present specification will be described in detail below with reference to the drawings in the embodiments of the present specification, and it is apparent that the described embodiments are only some embodiments of the present specification, not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification shall fall within the scope of protection.
Aiming at the technical problems, the service board card can adopt a dictionary tree structure to store a message processing strategy. As shown in fig. 3, a schematic diagram of another policy storage structure provided in this embodiment of the present disclosure is shown in table 1, where a message processing policy issued by a management board to a service board is stored by the service board in a dictionary tree structure, and the service board includes, from top to bottom, a root node, a node corresponding to a message access port number or a security domain identifier, a node corresponding to a destination IP, a node corresponding to a destination port, a node corresponding to a source IP, a node corresponding to a source port, a node corresponding to a protocol number, and a node corresponding to a message processing operation.
After the structure storage strategy of the dictionary tree is utilized, the query of the message can be limited to the correct message processing strategy in a few limited times, the query range can be reduced after each branch determination, and the query efficiency is effectively improved without traversing all the locally stored message processing strategies.
For example, according to the message information of the message, the message processing policy is queried in the dictionary tree shown in fig. 3. The message information comprises a message input interface 1, a destination IP1, a destination port 1, a source IP1, a source port 1 and a protocol number 1.
According to the message information, the child node corresponding to the message input interface 1 can be determined from the root node, so that the node corresponding to the security domain 1 and its descendant nodes do not need to be queried, the query scope is greatly reduced, the child node corresponding to the destination IP1 is determined by the node corresponding to the message input interface 1, then the determination is sequentially queried, finally the message processing operation corresponding to the leaf node is determined as the forwarding operation, and the path from the root node to the leaf node is the queried message processing strategy. According to the message information of the message, the correct message processing strategy can be determined in seven queries.
Because the nodes of the dictionary tree have a relation, the child node is a branch condition of the father node, and the child node can be uniquely determined according to the message information from the father node, so that a unique path from the root node to the leaf node is determined, therefore, the leaf node can be queried in a limited number of times by utilizing the dictionary tree, namely, a correct message processing strategy can be queried in the limited number of times, wherein the limited number of times is not larger than the height of the root node of the dictionary tree.
The path corresponds to the queried message processing policy and the leaf node corresponds to the message processing operation.
Of course, the dictionary tree may be constructed in other manners, for example, a node corresponding to the five-tuple information is collected as a child node of a node corresponding to the packet input interface or the security domain identifier, or a node corresponding to the protocol number is taken as a parent node of a node corresponding to the destination IP, and so on.
It should be noted that, in the process of constructing the dictionary tree, there is a special case that there are multiple message processing strategies with identical message matching conditions but different message processing operations, and in this case, when constructing the dictionary tree, leaf nodes may have sibling nodes. When the dictionary tree query strategy is utilized, priorities can be divided for different leaf nodes of the same father node, and a certain leaf node can be determined according to the type of the service board card. The priority among them can be appointed by the management board.
As long as the path from the root node to the leaf node of the dictionary tree can correspond to a message processing policy, and the leaf node corresponds to a message processing operation, no matter what way the dictionary tree is constructed, the path can be used for querying the message processing policy, so the specific way of constructing the dictionary tree is not to be understood as limiting the scheme of the present specification.
In practical application, when the dictionary tree structure is adopted to store the message processing strategy, in order to further improve the query efficiency, the service board card can also continue to use the dictionary tree to query during the updating of the strategy. Therefore, the method can adopt a main and standby mode, after the service board card uses a dictionary tree as an effective dictionary tree for inquiring the message processing strategy, if the management board card receives the update of the message processing strategy, the updated message processing strategy is utilized to construct a standby updated dictionary tree, and the effective dictionary tree is not influenced and can be continuously used for inquiring the strategy. When the backup updated dictionary tree is successfully constructed, the constructed updated dictionary tree is used as an effective dictionary tree for policy query, so that the time of incapability of query is reduced, and the query efficiency is improved.
As shown in fig. 4, a flow chart of a policy query method provided in an embodiment of the present disclosure is shown, where the method is applied to a service board card in a frame device, the frame device further includes a management board card, the service board card stores at least one message processing policy issued by the management board card, and any one of the message processing policies includes: message matching conditions and message processing operations;
the method may comprise the steps of:
for any service board, the following steps are performed.
S101: the service board card builds a dictionary tree according to a local message processing strategy, and takes the dictionary tree as an effective dictionary tree.
Each path from the root node to any leaf node of the dictionary tree corresponds to a message processing strategy, the leaf node of the path corresponds to a message processing operation of the message processing strategy, and the non-leaf node of the path corresponds to a message matching condition of the message processing strategy. The message matching condition can be a message quintuple and a message access port number, can be a message quintuple, can also be a message quintuple and a security domain identifier, and the like.
And, for different types of service boards, the locally stored message processing strategies may be different, i.e., the management board may issue different message processing strategies for different types of service boards. The detailed description is described later.
The local message processing strategy of the service board card is issued by the management board card, can be stored in a linked list structure, and can be used for constructing a dictionary tree according to the message processing strategy of the linked list structure.
S102: after receiving the message, inquiring the corresponding path in the current effective dictionary tree according to the message information, and executing the message processing operation corresponding to the leaf node of the inquired path for the message.
The message information may be a message five-tuple and a message access port number, or may be a message five-tuple and a security domain identifier, or may be a message five-tuple, a message access port number, a security domain identifier, or the like, but is necessarily the same as the message matching condition.
The message processing operation may be forwarding to other devices, receiving the inside of the service board card for processing or discarding, etc.
If the message information and the message matching condition are compared to inquire a plurality of leaf nodes, the leaf node with the highest priority can be determined as the inquired leaf node, and the message processing operation corresponding to the leaf node is executed; it may also be determined that a certain leaf node is a queried leaf node according to the service board type, for example, if the gateway board does not perform the receiving operation, then the leaf node corresponding to the receiving operation is not necessarily queried. Where the priority is specified by the management board.
S103: after the stored message processing strategy is updated by the management board card, an updated dictionary tree is constructed according to the updated message processing strategy, and if the updated dictionary tree is determined to be successfully constructed, the updated dictionary tree is utilized to replace the current effective dictionary tree.
After the updated dictionary tree replaces the current validation dictionary tree, the current validation dictionary tree may continue to be used in S102 for querying the message processing policy.
After replacing the current effective dictionary tree with the updated dictionary tree, if the service board card detects that there is a message which is being queried by using the replaced dictionary tree, the service board card can continue to query in the replaced dictionary tree according to the message information. When the message query is successful, the replaced dictionary tree can be deleted or stored in other positions.
Through delayed inquiry, some message inquiry failures can be prevented.
And some messages which do not start to be queried can be queried by using the current effective dictionary tree, and are not queried in the replaced dictionary tree.
In the process of constructing the updated dictionary tree according to the updated message processing strategy, after the stored message processing strategy is monitored to be updated again by the management board card, the process of constructing the updated dictionary tree is stopped, and the updated dictionary tree is reconstructed according to the updated message processing strategy.
By reconstruction, the frequency of constructing the dictionary tree can be reduced, the dictionary tree corresponding to the latest issued message processing strategy can be constructed as soon as possible, and the query efficiency of the strategy is improved.
In addition to the above steps, in order to reduce the number of queries of the dictionary tree, and facilitate quick query of the message, the service board card may further store a record for quick query of the message processing policy, where the record includes message information and message processing operations, and the message information corresponds to the message processing operations one by one.
The service board card can inquire whether the message information exists in the non-failure record aiming at any received message.
If so, directly executing the message processing operation corresponding to the queried message information; if not, inquiring a corresponding path in the current effective dictionary tree, executing message processing operation corresponding to the leaf node of the inquired path aiming at the message, and adding the message information and the message processing operation in the non-failure record.
And after the dictionary tree is successfully constructed according to the updated message processing strategy, the original record without invalidation is invalidated.
Specifically, the invalidation method can be to delete all original non-invalidation records, or distinguish different versions of the dictionary tree by using the version number, add the version number into the records, or mark all original non-invalidation records as invalidation states.
For example, the version number corresponding to the current effective dictionary tree may be n+1 after the updated dictionary tree is subsequently used to replace the current effective dictionary tree.
If the message information of the message to be queried does not exist in the non-failure record, querying a corresponding path in the current effective dictionary tree, executing the message processing operation corresponding to the leaf node of the queried path for the message, and adding the message information, the message processing operation and the version number of the current effective dictionary tree into the record.
Wherein the record may be a table or a session.
The steps are executed for one service board card, and different types of service board cards can store different message processing strategies issued by the management board card.
For example, the gateway board card converts the message input interface number in the message information into the security domain identifier, and then compares the message information with the message matching condition, so that the message processing policy corresponding to the message matching condition only containing the message input interface number is not necessarily matched with the message information, the gateway board card cannot query the message processing policy, and the management board card can only issue the message processing policy with the message matching condition including the security domain identifier to the gateway board card.
For the access board card, the access board card does not convert the message input interface number into the security domain identifier, and when the comparison of the message information and the message matching condition is carried out, the message processing strategy corresponding to the message matching condition only containing the security domain identifier is not necessarily matched with the message information, and the access board card cannot inquire the message processing strategy, so that the management board card can only send the message processing strategy of the message matching condition including the message input interface number to the gateway board card.
For example, the gateway board only performs forwarding and discarding operations, so the management board can only send the message processing policy for forwarding or discarding to the gateway board. The access board card only performs receiving and discarding operations, so that the management board card can only issue message processing policies for receiving or discarding to the access board card.
As shown in fig. 5, a schematic structural diagram of a gateway board policy store provided in this embodiment is shown in fig. 6, and a schematic structural diagram of an access board policy store provided in this embodiment is shown, where policies issued to a service board are all issued by a management board selected from table 1.
By issuing different message processing strategies aiming at different types of service boards, the message processing strategies which can be successfully matched are issued according to the characteristics and the executable operation of the service boards when the conditions are matched, and the message processing strategies which cannot be matched with the conditions or the executable operation are not issued, so that the strategies which cannot be successfully matched with the service boards can be removed, the utilization rate of storage space is improved, the invalid branching condition during inquiry is reduced, and the inquiry efficiency is improved.
The method embodiment comprises the following steps:
(1) The dictionary tree storage structure can find out the correct message processing strategies in a few limited times without traversing all the message processing strategies, so that the number of times of matching the message information with the message processing conditions is reduced, and the query efficiency is improved.
(2) The dictionary tree is updated in a main and standby mode, so that the dictionary tree can be continuously used for strategy query in the construction process of updating the dictionary tree, the time of incapability of querying is reduced, and the query efficiency is improved.
(3) The management board card issues different message processing strategies according to different types of service boards, so that the number of invalid matching times is reduced, invalid branches in query are also reduced, and query efficiency is improved.
(4) By delaying query when the new dictionary tree and the old dictionary tree are replaced, the message which is being queried by using the replaced dictionary tree can be queried successfully, the number of messages which are queried in a failure mode is reduced, and the query efficiency is improved.
(5) By monitoring whether a new updating strategy exists in the process of constructing and updating the dictionary tree, the construction process of the dictionary tree is interrupted in time, the dictionary tree is constructed again according to the latest message processing strategy, the construction times of the dictionary tree can be reduced, and the latest message processing strategy is used for message query as soon as possible, so that the query efficiency is improved.
Besides the above effects, the dictionary tree is updated in a main and standby mode, so that the message query and the strategy update can be synchronously executed without collision.
For example, when a linked list structure is adopted for storage, if the message inquiry and the policy update are synchronously executed, when the service board card inquires the correct message processing policy according to nodes in one-to-one comparison of the linked list, the policy update deletes the correct message processing policy, the service board card cannot inquire the correct message processing policy, and the illegal memory is accessed because the stored data content is changed. Therefore, when adopting the linked list structure, a synchronous lock is needed, and when the service board card is inquiring the strategy, the strategy update of the management board card is not accepted, and the inquiring efficiency is low.
And after the main and standby modes are adopted, the dictionary tree where the message query is located and the dictionary tree updated by the strategy are not the same dictionary tree, so that the message query can be synchronously carried out without collision.
In addition to the method embodiments described above, the present specification also discloses apparatus embodiments.
Fig. 7 is a schematic structural diagram of a policy query device according to an embodiment of the present disclosure. The device is configured on a service board card in frame equipment, the frame equipment further comprises a management board card, the service board card stores at least one message processing strategy issued by the management board card, wherein different types of service board cards can store different message processing strategies issued by the management board card; any message processing strategy comprises the following steps: message matching conditions and message processing operations; the device comprises:
an initial construction unit 201, configured to construct a dictionary tree according to a local message processing policy, and take the dictionary tree as an effective dictionary tree.
Each path of the dictionary tree from the root node to any leaf node corresponds to a message processing strategy, the leaf node of the path corresponds to the message processing operation of the message processing strategy, and the non-leaf node of the path corresponds to the message matching condition of the message processing strategy.
And the query unit 202 is configured to query, after receiving the message, a corresponding path in the current effective dictionary tree according to the message information, and execute, for the message, a message processing operation corresponding to a leaf node of the queried path.
And the updating unit 203 is configured to build an updated dictionary tree according to the updated message processing policy after the stored message processing policy is updated by the management board, and if it is determined that the updated dictionary tree is successfully built, replace the current effective dictionary tree with the updated dictionary tree.
The updating unit may be specifically configured to:
and in the process of constructing the updated dictionary tree according to the updated message processing strategy, after the stored message processing strategy is monitored to be updated again by the management board card, stopping the process of constructing the updated dictionary tree, and reconstructing the updated dictionary tree according to the updated message processing strategy.
The updating unit may further be adapted to: after replacing the current effective dictionary tree with the updated dictionary tree, after detecting that a message which is being queried by using the replaced dictionary tree exists, continuing to query in the replaced dictionary tree according to the message information.
The query unit may be specifically configured to:
inquiring whether the message information exists in a non-failure record aiming at any received message, wherein the non-failure record comprises the message information and a message processing operation;
if yes, directly executing corresponding message processing operation;
if not, inquiring a corresponding path in the current effective dictionary tree, executing message processing operation corresponding to a leaf node of the inquired path aiming at the message, and adding the message information and the message processing operation into the non-failure record;
at this time, the updating unit may further be configured to:
and invalidating the non-invalidating record.
The embodiment of the present disclosure also provides a computer device, which at least includes a memory, a processor, and a computer program stored on the memory and capable of running on the processor, wherein the processor implements a policy query method as described above when executing the program.
FIG. 8 illustrates a more specific hardware architecture diagram of a computing device provided by embodiments of the present description, which may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage device, dynamic storage device, or the like. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The embodiments of the present specification also provide a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a policy query method as described above.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
From the foregoing description of embodiments, it will be apparent to those skilled in the art that the present embodiments may be implemented in software plus a necessary general purpose hardware platform. Based on such understanding, the technical solutions of the embodiments of the present specification may be embodied in essence or what contributes to the prior art in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the embodiments or some parts of the embodiments of the present specification.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. The apparatus embodiments described above are merely illustrative, in which the modules illustrated as separate components may or may not be physically separate, and the functions of the modules may be implemented in the same piece or pieces of software and/or hardware when implementing the embodiments of the present disclosure. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The foregoing is merely a specific implementation of the embodiments of this disclosure, and it should be noted that, for a person skilled in the art, several improvements and modifications may be made without departing from the principles of the embodiments of this disclosure, and these improvements and modifications should also be considered as protective scope of the embodiments of this disclosure.

Claims (8)

1. The method for inquiring the strategy is applied to a service board card in frame type equipment, the frame type equipment further comprises a management board card, the service board card stores at least one message processing strategy issued by the management board card, and any message processing strategy comprises the following steps: message matching conditions and message processing operations; the method comprises the following steps:
constructing a dictionary tree by any service board card according to a local message processing strategy, taking the dictionary tree as an effective dictionary tree, wherein each path from a root node to any leaf node of the dictionary tree corresponds to one message processing strategy, the leaf node of the path corresponds to the message processing operation of the message processing strategy, and the non-leaf node of the path corresponds to the message matching condition of the message processing strategy;
after receiving the message, inquiring a corresponding path in a current effective dictionary tree according to the message information, and executing message processing operation corresponding to leaf nodes of the inquired path aiming at the message;
after the stored message processing strategies are monitored to be updated by the management board, an updated dictionary tree is constructed according to the updated message processing strategies, if the updated dictionary tree is determined to be successfully constructed, the updated dictionary tree is utilized to replace the current effective dictionary tree, and the current effective dictionary tree is continuously used for inquiring the message processing strategies in the process of constructing the updated dictionary tree;
the method for constructing the updated dictionary tree according to the updated message processing strategy specifically comprises the following steps:
and in the process of constructing the updated dictionary tree according to the updated message processing strategy, after the stored message processing strategy is monitored to be updated again by the management board card, stopping the process of constructing the updated dictionary tree, and reconstructing the updated dictionary tree according to the updated message processing strategy.
2. The method of claim 1, wherein different types of service cards store different message processing policies issued by the management card.
3. The method of claim 1, further comprising, after replacing the current validation dictionary tree with the updated dictionary tree:
after detecting that there is a message being queried using the replaced dictionary tree, continuing to query in the replaced dictionary tree according to the message information.
4. The method according to claim 1, wherein the querying, according to the message information, the corresponding path in the current effective dictionary tree, and for the message, executing the message processing operation corresponding to the leaf node of the queried path, specifically includes:
for any received message, inquiring whether the message information exists in the current non-failure record, wherein the non-failure record comprises the message information and a message processing operation;
if yes, directly executing corresponding message processing operation;
if not, inquiring a corresponding path in the current effective dictionary tree, executing message processing operation corresponding to a leaf node of the inquired path aiming at the message, and adding the message information and the message processing operation into the non-failure record;
after the dictionary tree is successfully constructed according to the updated message processing strategy, the method further comprises the following steps:
and invalidating the non-invalidating record.
5. The utility model provides a policy inquiry device, disposes the business integrated circuit board in frame equipment, frame equipment still includes the management integrated circuit board, the business integrated circuit board has stored at least one message processing policy that management integrated circuit board issued, and arbitrary message processing policy includes: message matching conditions and message processing operations; the device comprises:
the initial construction unit is used for constructing a dictionary tree according to a local message processing strategy, taking the dictionary tree as an effective dictionary tree, wherein each path from a root node to any leaf node of the dictionary tree corresponds to one message processing strategy, the leaf node of the path corresponds to the message processing operation of the message processing strategy, and the non-leaf node of the path corresponds to the message matching condition of the message processing strategy;
the query unit is used for querying a corresponding path in the current effective dictionary tree according to the message information after receiving the message, and executing message processing operation corresponding to the leaf node of the queried path for the message;
the updating unit is used for building an updated dictionary tree according to the updated message processing strategy after the stored message processing strategy is updated by the management board card, and if the updated dictionary tree is determined to be successfully built, the updated dictionary tree is used for replacing the current effective dictionary tree, and the current effective dictionary tree is continuously used for inquiring the message processing strategy in the process of building the updated dictionary tree;
the updating unit is specifically configured to:
and in the process of constructing the updated dictionary tree according to the updated message processing strategy, after the stored message processing strategy is monitored to be updated again by the management board card, stopping the process of constructing the updated dictionary tree, and reconstructing the updated dictionary tree according to the updated message processing strategy.
6. The apparatus of claim 5, wherein different types of service cards store different message processing policies issued by the management card.
7. The apparatus of claim 5, the updating unit further to:
after replacing the current effective dictionary tree with the updated dictionary tree, after detecting that a message which is being queried by using the replaced dictionary tree exists, continuing to query in the replaced dictionary tree according to the message information.
8. The apparatus of claim 5, wherein the query unit is specifically configured to:
for any received message, inquiring whether the message information exists in the current non-failure record, wherein the non-failure record comprises the message information and a message processing operation;
if yes, directly executing corresponding message processing operation;
if not, inquiring a corresponding path in the current effective dictionary tree, executing message processing operation corresponding to a leaf node of the inquired path aiming at the message, and adding the message information and the message processing operation into the non-failure record;
the updating unit is also used for:
and invalidating the non-invalidating record.
CN201911363429.6A 2019-12-26 2019-12-26 Policy query method and device Active CN111131079B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911363429.6A CN111131079B (en) 2019-12-26 2019-12-26 Policy query method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911363429.6A CN111131079B (en) 2019-12-26 2019-12-26 Policy query method and device

Publications (2)

Publication Number Publication Date
CN111131079A CN111131079A (en) 2020-05-08
CN111131079B true CN111131079B (en) 2023-11-24

Family

ID=70502816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911363429.6A Active CN111131079B (en) 2019-12-26 2019-12-26 Policy query method and device

Country Status (1)

Country Link
CN (1) CN111131079B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112350947B (en) * 2020-10-23 2022-07-29 杭州迪普信息技术有限公司 Message matching decision tree updating method and device
CN112333098B (en) * 2020-10-29 2022-11-25 杭州迪普科技股份有限公司 Message forwarding method and device between service board cards
CN112491873A (en) * 2020-11-26 2021-03-12 杭州安恒信息技术股份有限公司 Network threat detection method, device, equipment and storage medium based on dictionary tree
CN112437096B (en) * 2020-12-09 2023-06-30 深圳万物安全科技有限公司 Acceleration policy searching method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811400A (en) * 2014-01-26 2015-07-29 杭州迪普科技有限公司 Distributed network apparatus
CN106330473A (en) * 2015-06-15 2017-01-11 中兴通讯股份有限公司 Gateway management method and device
CN109617927A (en) * 2019-01-30 2019-04-12 新华三信息安全技术有限公司 A kind of method and device matching security strategy

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8181258B2 (en) * 2003-11-26 2012-05-15 Agere Systems Inc. Access control list constructed as a tree of matching tables

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104811400A (en) * 2014-01-26 2015-07-29 杭州迪普科技有限公司 Distributed network apparatus
CN106330473A (en) * 2015-06-15 2017-01-11 中兴通讯股份有限公司 Gateway management method and device
CN109617927A (en) * 2019-01-30 2019-04-12 新华三信息安全技术有限公司 A kind of method and device matching security strategy

Also Published As

Publication number Publication date
CN111131079A (en) 2020-05-08

Similar Documents

Publication Publication Date Title
CN111131079B (en) Policy query method and device
KR101871383B1 (en) Method and system for using a recursive event listener on a node in hierarchical data structure
US11290367B2 (en) Hierarchical network configuration
JP6262229B2 (en) Tag latency monitoring and control system for improved web page performance
US8972577B2 (en) Masterless slot allocation
US9400607B1 (en) Stateless processing of replicated state for distributed storage systems
CN109614404B (en) Data caching system and method
CN111600746A (en) Network fault positioning method, device and equipment
US11500851B2 (en) System and method for state object data store
US20210157513A1 (en) Data reading method, apparatus, and system, and distributed system
KR101419275B1 (en) Data synchronizing and servicing apparatus and method based on cloud storage
EP2424173A1 (en) Method and system for providing advanced address book functionality in a universal plug and play home network environment
CN104580512B (en) Data processing method and device and distributed file system
CN109656902A (en) A kind of data load method and system
CN109918213A (en) A kind of message treatment method, device and server
CN115460214B (en) Distributed network communication log storage and retrieval method and device
CN117057799B (en) Asset data processing method, device, equipment and storage medium
CN111132121B (en) Information processing method and network warehouse function NRF network element
CN110740198B (en) Neighbor table item management method and device, electronic equipment and machine-readable storage medium
CN113609130B (en) Method, device, electronic equipment and storage medium for acquiring gateway access data
CN117009983A (en) Node cluster and data backup method
CN117827854A (en) Data processing method, device, electronic equipment and storage medium
CN104424292B (en) Data processing method and electronic equipment
CN110879774A (en) Network element performance data warning method and device
CN117675795A (en) Operation method of application-level same-city double-activity asynchronous downloading system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant