US 9,811,777 B2
Rule matching method and apparatus for deep packet inspection
Zhi Guo, Shenzhen (CN); Fuqiang Wu, Shenzhen (CN); Jia Zeng, Shenzhen (CN); Deepak Mansharamani, Santa Clara, CA (US); John Cortes, Shenzhen (CN); Lingyan Sun, Shenzhen (CN); and Dan Tian, Shenzhen (CN)
Assigned to Huawei Technologies Co., Ltd., Shenzhen (CN)
Filed by Huawei Technologies Co., Ltd., Shenzhen, Guangdong (CN)
Filed on Nov. 24, 2014, as Appl. No. 14/552,052.
Application 14/552,052 is a continuation of application No. PCT/CN2013/070434, filed on Jan. 14, 2013.
Claims priority of application No. 2012 1 0278778 (CN), filed on Aug. 7, 2012.
Prior Publication US 2015/0081612 A1, Mar. 19, 2015
Int. Cl. G06F 15/18 (2006.01); G06N 5/02 (2006.01); H04L 12/26 (2006.01); H04L 29/06 (2006.01)
CPC G06N 5/027 (2013.01) [H04L 43/028 (2013.01); H04L 69/12 (2013.01); G06F 2221/2101 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A rule matching method performed by a network device for performing deep packet inspection, the method comprising:
receiving a packet;
detecting feature information in content of the packet;
determining whether the detected feature information in the packet conforms to a classification characteristic of one rule group among a plurality of preset rule groups,
wherein each rule group in the plurality of rule groups is obtained by grouping one or more rules according to a predetermined classification characteristic, and each rule group after compiling corresponds to a respective state machine compiled from the corresponding rule group,
wherein at least one of the respective state machines matches the packet,
wherein a state machine of the respective state machines that commonly matches a packet is stored in an on-chip memory with a relatively high read/write speed, and other state machines of the respective state machines are stored in an off-chip memory with a relatively low read/write speed; and
when the detected feature information conforms to a classification characteristic of one rule group among the plurality of preset rule groups, then:
determining a state machine of the respective state machines corresponding to the one rule group as a first state machine;
determining whether the first state machine is stored in the on-chip memory;
when the first state machine is stored in the off-chip memory, loading the first state machine from the off-chip memory into the on-chip memory; and
using the first state machine to match the packet to obtain a matching result.