摘要 |
Embodiments of the present invention provide a policy processing method and a network device, comprising: performing mixed arranging on all service rules corresponding to multiple services so as to construct multiple condition data sets; according to the multiple condition data sets that are constructed, performing unified condition matching on packet characteristic information of network data packets that are received and outputting a condition matching result set; and according to the condition matching result set, invoking a service application to execute policy actions corresponding to each condition identifier in the condition matching result set. By performing mixed arranging on multiple service rules, a scheme in the embodiments of the present invention organizes all service rules in a unified manner, extracts information required by all services in one packet data scanning process, and needs to perform matching and rule verification only once, reducing redundant operations between multiple services, promoting convergence of the multiple services on a single device, and improving a device integration degree and performance. |