公开(公告)号：US07203744B1

公开(公告)日：2007-04-10

申请号：US10264889

申请日：2002-10-07

申请人： Pankaj Parekh ,  Sandeep Gupta ,  Vijay Mamtani ,  Puneet Tutliani ,  Proneet Biswas

发明人： Pankaj Parekh ,  Sandeep Gupta ,  Vijay Mamtani ,  Puneet Tutliani ,  Proneet Biswas

IPC分类号： G06F15/173

CPC分类号： H04L41/0893 ,  H04L45/00 ,  H04L63/0263

摘要： An integrated policy enforcement system for a computer network implements several policies on the network traffic. A rule compiler compiles these policies and converts them into a rule tree-graph, which is then used to provide desired behavior to the network traffic comprising data packets. The rule compiler comprises three sub-modules namely—a rule input module, a rule tree generator module and a rule output module. The rule input module receives the input for the rule compiler and prepares the input for the rule tree generator module. The rule tree generator module generates the rule tree-graph. The rule tree-graph is a data structure comprising tree data structure and graph data structure. Such a data structure combines the properties of tree data structure and graph data structure, and enhances the performance of the policy enforcement systems by striking a balance between the memory requirement for storing the data structure and the processing capabilities of the system required to process the network traffic. The Output module converts the rule tree-graph to policy files, which can be downloaded to various modules of the policy enforcement systems.

摘要翻译： 用于计算机网络的综合策略执行系统对网络流量实施若干策略。 规则编译器编译这些策略并将其转换为规则树图，然后将其用于为包含数据包的网络流量提供所需的行为。 规则编译器包括三个子模块，即规则输入模块，规则树生成器模块和规则输出模块。 规则输入模块接收规则编译器的输入，并准备规则树生成器模块的输入。 规则树生成器模块生成规则树形图。 规则树图是包括树数据结构和图形数据结构的数据结构。 这样的数据结构结合了树形数据结构和图形数据结构的特性，通过在存储数据结构的存储器需求和处理网络所需的系统的处理能力之间取得平衡来增强策略执行系统的性能 交通。 输出模块将规则树图转换为策略文件，可将其下载到策略执行系统的各个模块。