CN101309261B - Network datagram processing method, system and device - Google Patents
Network datagram processing method, system and device Download PDFInfo
- Publication number
- CN101309261B CN101309261B CN200810045536XA CN200810045536A CN101309261B CN 101309261 B CN101309261 B CN 101309261B CN 200810045536X A CN200810045536X A CN 200810045536XA CN 200810045536 A CN200810045536 A CN 200810045536A CN 101309261 B CN101309261 B CN 101309261B
- Authority
- CN
- China
- Prior art keywords
- pointer
- data message
- coprocessor
- network
- formation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention is applicable to the data communication field and provides a network data message processing method, a system and a device; the processing method includes that a ring buffer queue is constructed; the queue is configured with three pointers, including a generator pointer, an intermediate pointer and a sender pointer; the data message received by a network processor and unprocessed by a coprocessor is stored in the ring buffer queue through the generator pointer; the coprocessor acquires the data message from the ring buffer queue through the intermediate pointer for processing the data message; the processed data message is stored in the ring buffer queue through the intermediate pointer; the network processor acquires the data message processed by the coprocessor from the ring buffer queue and sends the processed data message through the sender pointer. Compared with the prior art, the network data message processing method can greatly reduce the cost brought by the data transmission and synchronism sustaining and improve the processing rate of the data message and the utilization rate of the coprocessor greatly.
Description
Technical field
The invention belongs to data communication field, relate in particular to a kind of network datagram processing method and system, equipment.
Background technology
At present, what the Network Security Device on the market adopted usually is the framework of general industry control platform combined with hardware coprocessor, in this framework, the processing method of network data message then normally is respectively coprocessor and network processing unit and keeps independent data queue, and adopt the producer, consumer's model to realize the processing of data message, its transaction module as shown in Figure 1:
In network processing unit, data message of handling without coprocessor that receives that formation, the clamping of network interface card transmit queue managerial grid receive with network interface card and the data message that after coprocessor is handled, can send by network interface card immediately respectively, in coprocessor, then use pending data messages such as coprocessor queue management, two queue pointers of producers and consumers are all disposed in these three formations respectively.
Under the scheduling of central processing unit, the data message that network interface card receives deposits network interface card according to the order of sequence in through the pointer producer 1 indication and receives formation, receive the formation reading of data message according to the order of sequence through pointer consumer 1 indication from network interface card again, synchronous transmission is to coprocessor, under the pointer producer 2 indication, deposit the coprocessor formation according to the order of sequence in, coprocessor is handled through pointer consumer 2 reading of data message from the coprocessor formation, the message synchronous transmission of handling is given network interface card, under the pointer producer 3 indication, deposit the network interface card transmit queue according to the order of sequence in, network interface card again under pointer consumer 3 indication from the network interface card transmit queue according to the order of sequence the reading of data message send.
The processing method of existing this network data message, because its data message that not only will keep in the individual queue is handled, also to keep the real-time Data Transmission of the synchronous and internal system between formation constantly, cause the utilization ratio of the treatment effeciency of data message and coprocessor all very low, but also need take the expense of a lot of memory source and central processing unit.Table 1 promptly shows a VPN (virtual private network) (Virtual Private Network who adopts 100,000,000 encryption chips (coprocessor), VPN) the partial properties index of equipment when this method of employing, wherein the treatment effeciency of visual data message (being throughput) is the highest is less than 30%.
Table 1
Summary of the invention
The objective of the invention is to: a kind of network datagram processing method is provided, be intended to solve in the prior art with a plurality of independent data queues and manage data message in coprocessor and the network processing unit respectively, thereby for the data message of keeping in the individual queue is handled, and the real-time Data Transmission of keeping the synchronous and internal system between formation, make that the utilization ratio of the treatment effeciency of data message and coprocessor is very low, and the excessive problem of the expense of memory source and central processing unit.
The object of the present invention is achieved like this:
A kind of network datagram processing method, described method comprises the steps:
A, the formation of structure buffer circle, and, be made as the producer, intermediate, sender respectively for three pointers of this formation configuration;
B, can not surmount under the prerequisite of sender's pointer in producer pointer, the data message of handling without coprocessor that network processing unit receives deposits described buffer circle formation in according to the order of sequence through producer pointer;
C, coprocessor obtain data message through the intermediate pointer and handle from described buffer circle formation, the data message of handling can not surmount under the prerequisite of producer pointer at the intermediate pointer, deposits described buffer circle formation in through the intermediate pointer again;
D, can not surmount under the prerequisite of intermediate pointer at sender's pointer, network processing unit sends through sender's pointer obtains coprocessor processing from described buffer circle formation data message, simultaneously, data message corresponding memory space in described buffer circle formation that the coprocessor that sends to network processing unit is handled empties.
Described step C is triggered by described step B and starts, and described step D is triggered by described step C and starts; After described step B, step C and step D all started, for different data messages, described step B, step C and step D carried out synchronously.
Described producer pointer, intermediate pointer and sender's pointer are the pointer variable of mutual exclusion.
Described coprocessor is the enciphering/deciphering processor.
Another object of the present invention is to: a kind of network data message handling system is provided, and described system comprises:
The formation initial module is used to make up the buffer circle formation, and is this formation setting and the initialization producer, intermediate and sender's pointer;
Data deposit module in, are used to receive the data message without the coprocessor processing that network processing unit transmits, and deposit this data message in described buffer circle formation according to the order of sequence by producer pointer, and the control producer pointer does not surmount sender's pointer;
Data processing module, being used for by the intermediate pointer data message of described buffer circle formation being sent to coprocessor handles, the data message that coprocessor is handled is deposited back described buffer circle formation by the intermediate pointer, and control intermediate pointer does not surmount producer pointer;
Data transmission blocks, by sender's pointer with in the described buffer circle formation the data message handled of coprocessor send to network processing unit, and control sender pointer do not surmount the intermediate pointer, and data message corresponding memory space in described buffer circle formation that the coprocessor that sends to network processing unit is handled empties.
Described producer pointer, intermediate pointer and sender's pointer are the pointer variable of mutual exclusion.
Described coprocessor is the enciphering/deciphering processor.
Another object of the present invention is to: a kind of network data message processor that comprises described network data message handling system is provided.
Outstanding advantage of the present invention is: the present invention is by adopting buffer circle formation unified management network data message, and by three mutual exclusion pointers of the producer, intermediate, sender of operation queue realize synchronously data message in the formation turnover and with the communicating by letter of coprocessor, thereby can greatly reduce transfer of data and keep the expense of bringing synchronously, the significantly raising of the handling rate of realization data message and the utilization ratio of coprocessor.
Description of drawings
Fig. 1 is existing network data message transaction module;
Fig. 2 is the realization flow figure of the network datagram processing method that provides of the embodiment of the invention;
Fig. 3 is the network data message transaction module that the embodiment of the invention provides;
Fig. 4 is the structure chart of the network data message processor that provides of the embodiment of the invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Network datagram processing method that the embodiment of the invention provides and system, equipment are by adopting buffer circle formation unified management network data message, and creatively with the producer, intermediate, sender's ternary model realize synchronously data message in the formation turnover and with the communicating by letter of coprocessor, thereby can greatly reduce transfer of data and keep the expense of bringing synchronously, the significantly raising of the handling rate of realization data message and the utilization ratio of coprocessor.
Fig. 2 shows the realization flow of the network datagram processing method that the embodiment of the invention provides, and details are as follows:
In step S201, make up the buffer circle formation, and, be made as the producer, intermediate, sender respectively for three pointers of this formation configuration.
During coprocessor/network processing unit initialization, a preassignment n buffering area, by bidirectional pointer this n buffering area is connected into circle queue, and be the pointer of three mutual exclusions of this formation configuration, be made as the producer, intermediate, sender respectively, simultaneously, with the producer, intermediate, the set of sender's pointer, point to the circle queue first term.
In step S202, when network interface card interrupted taking place, the data message that network interface card receives deposited formation in through producer pointer.
The data message without the coprocessor processing that receives from device interior is arranged when network interface card, or when coming the Frame of automatic network, network interface card interrupt to take place, the local data message that network interface card receives or the data message behind the data frame analyzing deposited in above-mentioned buffer circle formation according to the order of sequence under the indication of producer pointer.
In step S203, coprocessor obtains data message through the intermediate pointer and handles from formation, and the message of handling deposits formation in through the intermediate pointer again.
Data message is deposited back the former buffering area in the formation under the indication of intermediate pointer after coprocessor carries out relevant treatment (for example, when coprocessor is the enciphering/deciphering processor, then the data message is carried out corresponding enciphering/deciphering and handle).
In step S204, network interface card obtains the data message of handling through sender's pointer and sends from formation.
Is example with the coprocessor for the enciphering/deciphering processor, under the indication of sender's pointer, after being read out, data message in the formation after the coprocessor enciphering/deciphering is handled is transferred to network interface card, send by network after converting the data encrypted message to Frame by network interface card, the data message after perhaps will deciphering sends to other modules of device interior and carries out next step processing.
Based on the network data message transaction module of said method as shown in Figure 3:
In embodiments of the present invention, buffering area 1, buffering area 2, buffering area 3 ..., buffering area n3 ..., buffering area n2 ..., buffering area n1 ..., buffering area n, buffering area 1 be connected to circle queue successively, the first address of buffering area 1 is the formation first term, during initialization, the pointer producer, intermediate, sender all point to the formation first term.
When network interface card interrupt to take place, data message under the indication of producer pointer, deposit in successively buffering area 1, buffering area 2 ...; Finish when depositing formation in as one or more data message, can trigger next process by modes such as asynchronous soft interruptions, be that coprocessor is under the indication of intermediate pointer, first memory address from buffering area 1, the data message that obtains one by one in the formation carries out respective handling, finishes the data message of processing and then deposits back formation through the intermediate pointer in real time; When having one or more data message to finish processing in the formation, can trigger next process, be that network interface card is under the indication of sender's pointer, first memory address from buffering area 1, obtain one by one that treated data message sends in the formation, simultaneously, this data message corresponding memory space in formation is emptied.
In said process, the producer, intermediate and sender's pointer move along circle queue, and the intermediate pointer can not surmount producer pointer, and sender's pointer can not surmount the intermediate pointer, and producer pointer can not surmount sender's pointer.These three processes can concurrently be carried out in that the prerequisite that satisfies above condition is next and network interface card receiving data packets, coprocessor deal with data message and network interface card send datagram, thereby form the treatment mechanism of streamline, need not between each process to wait for and keep synchronously, also do not need transfer of data.
Fig. 4 then shows the structure of the network data message processor that the embodiment of the invention provides, wherein, treatment system 42 promptly shows the structure of the network data message handling system that the embodiment of the invention provides, for convenience of explanation, only show the part relevant with the embodiment of the invention, these parts can be the modules of software, hardware or software and hardware combining:
Treatment system 42 comprises that formation initial module 421, data deposit module 422, data transmission blocks 423 and data processing module 424 in.
Wherein, formation initial module 421 is used to make up the buffer circle formation, is provided with and the initialization producer, intermediate and sender's pointer.
Data deposit module 422 under the signal enabling of central processing unit 44, receive the data message of the need of network interface card 41 transmission through coprocessor 43 processing, deposit data message in the buffer circle formation according to the order of sequence by producer pointer, and the control producer pointer does not surmount sender's pointer, and to central processing unit 44 transmission interrupt signals, to start next process.
44 of central processing units send enabling signal to data processing module 424 according to above-mentioned interrupt signal, by the intermediate pointer data message in the buffer circle formation being sent to coprocessor 43 by data processing module 424 handles, and the data message of handling deposited the formation of winding shape buffering area by the intermediate pointer again, and control intermediate pointer do not surmount producer pointer, and sends interrupt signal to central processing unit 44.
Data transmission blocks 423 is under the signal enabling of central processing unit 44, by sender's pointer with in the buffer circle formation the data message handled of coprocessor 43 send to network interface card 41, and control sender pointer do not surmount the intermediate pointer, and empties the memory space of finishing transmission in the formation.
In embodiments of the present invention, above-mentioned data deposit module 422, data processing module 424, data transmission blocks 423 in case after starting, each module can concurrently be carried out the processing of data message.
The embodiment of the invention by with of the prior art three independently the unification of data message processing queue be a circle queue, and three pointer (producers that pass through operation queue, intermediate, the sender) realization and network interface card, synchronous data communication between coprocessor, data message is only kept a copy in circle queue, not only can save a large amount of memory sources, but also can eliminate in the prior art because frequent the distribution and the release time that memory source brought and the consumption of central processing unit, and can be reduced to minimum with the time delay of bringing synchronously and the resource consumption of central processing unit with waiting for, simultaneously, utilize the pointer producer, intermediate, mutual exclusion between the sender can realize the control to flow, it is best that the throughput that data message is handled reaches, thereby realize that the network data message is carried out safe handling fast to be handled with transmitting.
Detect through practice, 100,000,000 VPN equipment after network datagram processing method that the employing embodiment of the invention provides and system are optimized, its partial properties index is as shown in table 2, and wherein as seen, the throughput of the data message after the optimization reaches more than 90%.
Table 2
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a network datagram processing method is characterized in that, described method comprises the steps:
A, the formation of structure buffer circle, and, be made as the producer, intermediate, sender respectively for three pointers of this formation configuration;
B, can not surmount under the prerequisite of sender's pointer in producer pointer, the data message of handling without coprocessor that network processing unit receives deposits described buffer circle formation in according to the order of sequence through producer pointer;
C, coprocessor obtain data message through the intermediate pointer and handle from described buffer circle formation, the data message of handling can not surmount under the prerequisite of producer pointer at the intermediate pointer, deposits described buffer circle formation in through the intermediate pointer again;
D, can not surmount under the prerequisite of intermediate pointer at sender's pointer, network processing unit sends through sender's pointer obtains coprocessor processing from described buffer circle formation data message, simultaneously, data message corresponding memory space in described buffer circle formation that the coprocessor that sends to network processing unit is handled empties.
2. network datagram processing method as claimed in claim 1 is characterized in that, described step C is triggered by described step B and starts, and described step D is triggered by described step C and starts; After described step B, step C and step D all started, for different data messages, described step B, step C and step D carried out synchronously.
3. network datagram processing method as claimed in claim 1 is characterized in that, described producer pointer, intermediate pointer and sender's pointer are the pointer variable of mutual exclusion.
4. network datagram processing method as claimed in claim 1 is characterized in that, described coprocessor is the enciphering/deciphering processor.
5. a network data message handling system is characterized in that, described system comprises:
The formation initial module is used to make up the buffer circle formation, and is this formation setting and the initialization producer, intermediate and sender's pointer;
Data deposit module in, are used to receive the data message without the coprocessor processing that network processing unit transmits, and deposit this data message in described buffer circle formation according to the order of sequence by producer pointer, and the control producer pointer does not surmount sender's pointer;
Data processing module, being used for by the intermediate pointer data message of described buffer circle formation being sent to coprocessor handles, the data message that coprocessor is handled is deposited back described buffer circle formation by the intermediate pointer, and control intermediate pointer does not surmount producer pointer;
Data transmission blocks, by sender's pointer with in the described buffer circle formation the data message handled of coprocessor send to network processing unit, and control sender pointer do not surmount the intermediate pointer, and data message corresponding memory space in described buffer circle formation that the coprocessor that sends to network processing unit is handled empties.
6. network data message handling system as claimed in claim 5 is characterized in that, described producer pointer, intermediate pointer and sender's pointer are the pointer variable of mutual exclusion.
7. network data message handling system as claimed in claim 5 is characterized in that, described coprocessor is the enciphering/deciphering processor.
8. network data message processor that comprises network data message handling system as claimed in claim 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810045536XA CN101309261B (en) | 2008-07-14 | 2008-07-14 | Network datagram processing method, system and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810045536XA CN101309261B (en) | 2008-07-14 | 2008-07-14 | Network datagram processing method, system and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101309261A CN101309261A (en) | 2008-11-19 |
| CN101309261B true CN101309261B (en) | 2011-04-06 |
Family
ID=40125482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810045536XA Expired - Fee Related CN101309261B (en) | 2008-07-14 | 2008-07-14 | Network datagram processing method, system and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101309261B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893279A (en) * | 2016-03-30 | 2016-08-24 | 北京经纬恒润科技有限公司 | Data transmission method and system based on cycle queue |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101853149A (en) * | 2009-03-31 | 2010-10-06 | 张力 | Method and device for processing single-producer/single-consumer queue in multi-core system |
| CN101820422B (en) * | 2010-03-30 | 2012-08-29 | 南京恩瑞特实业有限公司 | Safe computer message buffer implementation method |
| CN105119843A (en) * | 2015-08-13 | 2015-12-02 | 中国航天科工集团第三研究院第八三五七研究所 | A method for setting a message buffer queue length |
| CN108462679B (en) * | 2017-02-21 | 2021-06-04 | 杭州海康威视数字技术股份有限公司 | Data transmission method and device |
| CN112633953B (en) * | 2021-03-08 | 2021-07-06 | 支付宝(杭州)信息技术有限公司 | Service processing method and system based on block chain |
| CN113542374B (en) * | 2021-06-30 | 2022-04-12 | 北京宇信科技集团股份有限公司 | Message processing method and system |
| CN114866343A (en) * | 2022-07-04 | 2022-08-05 | 支付宝(杭州)信息技术有限公司 | Data processing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0773689A1 (en) * | 1995-11-09 | 1997-05-14 | THOMSON multimedia | Video data processing device comprising a buffer memory |
| CN1529256A (en) * | 2003-10-17 | 2004-09-15 | 中兴通讯股份有限公司 | Dual-ring quene-based, non-interrupt PCI communication method |
| CN1780254A (en) * | 2004-11-17 | 2006-05-31 | 华为技术有限公司 | Method for using buffer area in network processor |
-
2008
- 2008-07-14 CN CN200810045536XA patent/CN101309261B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0773689A1 (en) * | 1995-11-09 | 1997-05-14 | THOMSON multimedia | Video data processing device comprising a buffer memory |
| CN1529256A (en) * | 2003-10-17 | 2004-09-15 | 中兴通讯股份有限公司 | Dual-ring quene-based, non-interrupt PCI communication method |
| CN1780254A (en) * | 2004-11-17 | 2006-05-31 | 华为技术有限公司 | Method for using buffer area in network processor |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893279A (en) * | 2016-03-30 | 2016-08-24 | 北京经纬恒润科技有限公司 | Data transmission method and system based on cycle queue |
| CN105893279B (en) * | 2016-03-30 | 2019-04-26 | 北京经纬恒润科技有限公司 | A kind of data transmission method and system based on round-robin queue |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101309261A (en) | 2008-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101309261B (en) | Network datagram processing method, system and device | |
| CN102780625A (en) | Method and device for realizing internet protocol security (IPSEC) virtual private network (VPN) encryption and decryption processing | |
| US20220244999A1 (en) | Technologies for hybrid field-programmable gate array application-specific integrated circuit code acceleration | |
| CN109902053A (en) | A kind of SPI communication method, terminal device and storage medium based on dual controller | |
| CN102724035B (en) | Encryption and decryption method for encrypt card | |
| CN104216761B (en) | It is a kind of that the method for sharing equipment is used in the device that can run two kinds of operating system | |
| TW200629819A (en) | System and method for processing RX packets in high speed network applications using an RX FIFO buffer | |
| IN2013MU03527A (en) | ||
| CN103686345A (en) | Video content comparing method based on digital signal processor | |
| CN108351838B (en) | Memory management functions are provided using polymerization memory management unit (MMU) | |
| CN103685291A (en) | Data authorization certification system and method among enterprises based on cloud service | |
| CN102609307A (en) | Multi-core multi-thread dual-operating system network equipment and control method thereof | |
| CN104461966B (en) | A kind of data buffer storage transmission method and its controller based on Nand Flash chips | |
| CN103283193A (en) | An apparatus and method for receiving and forwarding data | |
| CN102984235A (en) | Method and system for sharing screen data | |
| CN102299861B (en) | A kind of message flux control method | |
| CN205385561U (en) | Tiled display systems of shielding more | |
| CN103942106B (en) | Distributed encryption method | |
| CN107395338A (en) | Video chaotic secret communication device and method based on non-linear nominal matrix | |
| CN102013973A (en) | Encryption and decryption commutator | |
| US7577157B2 (en) | Facilitating transmission of a packet in accordance with a number of transmit buffers to be associated with the packet | |
| CN102023893A (en) | An inside-encryption-card parallel processing realization method | |
| CN106209370A (en) | Elliptic curve cipher device, system and data cache control method | |
| CN203251310U (en) | Quantum key sending-receiving integration controller | |
| CN105809802A (en) | Site number-getting method based on personal mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110406 Termination date: 20170714 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |