CN104753726A - Serial data stream auditing control method and serial data stream auditing control system - Google Patents
Serial data stream auditing control method and serial data stream auditing control system Download PDFInfo
- Publication number
- CN104753726A CN104753726A CN201310727363.0A CN201310727363A CN104753726A CN 104753726 A CN104753726 A CN 104753726A CN 201310727363 A CN201310727363 A CN 201310727363A CN 104753726 A CN104753726 A CN 104753726A
- Authority
- CN
- China
- Prior art keywords
- network packet
- tuple information
- described network
- action number
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a serial data stream auditing control method. The method comprises a first step of receiving a network data package and analyzing the network data package to obtain multi-element-array information of the network data package, and sending the network data package and the multi-element-array information thereof to a stream control table; a second step of judging whether the stream control table hits the multi-element-array information of the network data package, and returning an action number of the stream control table; a third step of allocating the network data package to a corresponding secondary bucket of a data bucket according to the action number of the stream control table; and a fourth step of performing corresponding operation on the network data package by the corresponding secondary bucket of the data bucket. Through adoption of the method, the network throughput of an auditing system can be improved; the forwarding efficiency and auditing flexibility of a serial auditing system are also guaranteed; and the auditing system can forward the data at a high speed. The invention also discloses a serial data stream auditing control system.
Description
Technical field
The present invention relates to network data audit field, more particularly, relate to a kind of Audit control method and system of serial data stream.
Background technology
Because the data volume on network is very large, inevitably there is some unreal or false information, therefore the data analysis to network is needed, namely network data is audited, and there is the contradiction between audit flexibility and forward efficiency in current serial data stream auditing system: complicated can be normally operated in client layer to various agreement packet parsing, the audit program processed that carry out classifying; The forwarding of data message is usually by hardware implementing or the core layer in system.In prior art, for ensureing the forward efficiency of data message, therefore in repeating process, only simple process being done to data message, being difficult to like this carry out complicated message audit to data message, thus often occur leaking interrogation topic.If but each data message forwards after being transferred to client layer inspection again, the forward efficiency of serial connection equipment can sharply decline, and just cannot use under the user environment that flow is larger.
Therefore in prior art, for serial connection 7 layer network agreement auditing systems in a network, there is the problem that forward efficiency restricts mutually with audit flexibility, cause the effect that cannot play auditing system under the user environment that flow is larger well.
Summary of the invention
The technical problem to be solved in the present invention is, for in prior art for serial connection 7 layer network agreement auditing systems in a network, there is the problem that forward efficiency restricts mutually with audit flexibility, cause the defect that cannot play the effect of auditing system under the user environment that flow is larger well, the Audit control method and system of the serial data stream providing a kind of high-speed data to forward.
The technical solution adopted for the present invention to solve the technical problems is: a kind of Audit control method constructing serial data stream, comprises the following steps:
S1, receiving network data bag the many tuple information obtaining described network packet are resolved to described network packet; And send to Flow Control to tabulate many tuple information of described network packet and described network packet;
S2, judge whether the tabulation of described Flow Control hits many tuple information of described network packet, and return the action number of described Flow Control tabulation;
Described network packet is assigned to sub-bucket corresponding in data bucket by S3, the action number of tabulating according to described Flow Control;
Sub-bucket corresponding in S4, described data bucket performs corresponding operation to described network packet.
In the Audit control method of serial data stream of the present invention, described many tuple information are five-tuple information.
In the Audit control method of serial data stream of the present invention, described five-tuple information comprises the source IP of described network packet, source port, object IP, destination interface and agreement.
In the Audit control method of serial data stream of the present invention, described Flow Control tabulation comprises accurately table and fuzzy table.
In the Audit control method of serial data stream of the present invention, described accurate table is hash table, and described hash table comprises the five-tuple information of each node and the action number of each node in described hash table.
In the Audit control method of serial data stream of the present invention, described fuzzy table comprises five-tuple information and the action number of band asterisk wildcard.
In the Audit control method of serial data stream of the present invention, described step S2 comprises following sub-step:
The tabulation of S21, described Flow Control receives the five-tuple information of described network packet and described network packet;
S22, accurately to show according to the five-tuple information searching of described network packet, and judge whether described accurate table hits described network packet; If the described network packet of described accurate table hit, then return the action number of the node of described accurate table;
If described network packet that the described accurate table of S23 is miss, then search described fuzzy table, and judge whether described fuzzy table hits described network packet, if the described network packet of described fuzzy table hit, then return the action number of the node of described fuzzy table and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
If described network packet that the described fuzzy table of S24 is miss, then the action number of retrieval system acquiescence, and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table.
In the Audit control method of serial data stream of the present invention,
In described step S22, by judging that the action number of the five-tuple information and each node that whether there is the described node identical with the five-tuple information of described network packet during described hash shows judges whether described accurate table hits described network packet, if there is the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine the described network packet of described accurate table hit; If there is not the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine the miss described network packet of described accurate table.
In the Audit control method of serial data stream of the present invention,
In described step S23, judge whether described fuzzy table hits described network packet by judging whether to exist in described fuzzy table with the five-tuple information of the described band asterisk wildcard of the five-tuple information adaptation of described network packet, if there is the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine the described network packet of described fuzzy table hit; If there is not the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine the miss described network packet of described fuzzy table.
In the Audit control method of serial data stream of the present invention,
In described step S3, described action number comprises: the action number being sent to auditing system, copies to the action number of auditing system, enters the action number of queue, the action number abandoned;
Sub-bucket corresponding in described data bucket comprises: perform the sub-bucket being sent to auditing system operation, performs the sub-bucket copying to auditing system operation, performs the sub-bucket into queue operation, performs the sub-bucket abandoning operation.
In the Audit control method of serial data stream of the present invention,
Corresponding operation described in described step S4 comprise described network packet is sent to auditing system, described network packet is copied to auditing system, described network packet is sent to data transmit queue, described network packet is abandoned in any one operation;
Described network packet is copied to auditing system comprise a for described network data packet replication network packet duplicate and described network packet duplicate is sent to described auditing system, then described network packet is sent to described data transmit queue.
In the Audit control method of serial data stream of the present invention, the Audit control method of described serial data stream is further comprising the steps of:
S5, after described step S4, described auditing system described network packet is audited and obtain through audit network packet;
S6, described auditing system generate the flow control policy containing new five-tuple information and new action number;
S7, receive described in contain the flow control policy of new five-tuple information and new action number;
S8, receive described through audit network packet and forward to perform described step S3;
S9, resolve described in contain new five-tuple information and new action number flow control policy obtain new five-tuple information and new action number;
S10, described new five-tuple information and new action number added to described Flow Control and tabulate and forward to and perform described step S2.
Implement the Audit control method of serial data stream of the present invention, there is following beneficial effect: the Audit control method of the serial data stream provided by the embodiment of the present invention, can effectively solve in prior art for serial connection 7 layer network agreement auditing systems in a network, there is the problem that forward efficiency restricts mutually with audit flexibility, cause the defect that cannot play the effect of auditing system under the user environment that flow is larger well, data to be carried out after parsings classify owing to adopting by the present invention, according to Flow Control tabulation selectively by data upload or copy to auditing system, forwarding speed is faster, forward efficiency is higher, reach the network throughput improving auditing system, serial auditing system forward efficiency and audit flexibility are taken into account, the high-speed data achieving auditing system forwards.
The present invention also provides a kind of Audit control system of serial data stream, comprises with lower module:
Packet parsing module, resolves to described network packet the many tuple information obtaining described network packet for receiving network data bag; And send to Flow Control to tabulate many tuple information of described network packet and described network packet;
Flow Control tabulation module, for judging whether the tabulation of described Flow Control hits many tuple information of described network packet, and returns the action number of described Flow Control tabulation;
Data categorization module, described network packet is assigned to sub-bucket corresponding in data bucket by the action number for tabulating according to described Flow Control;
Data bucket module, for performing corresponding operation by sub-bucket corresponding in described data bucket to described network packet.
In the Audit control system of serial data stream of the present invention, described many tuple information are five-tuple information.
In the Audit control system of serial data stream of the present invention, the five-tuple information of described network packet comprises the source IP of described network packet, source port, object IP, destination interface and agreement.
In the Audit control system of serial data stream of the present invention, described Flow Control tabulation comprises accurately table and fuzzy table.
In the Audit control system of serial data stream of the present invention, described accurate table is hash table, and described hash table comprises the five-tuple information of each node and the action number of each node in described hash table.
In the Audit control system of serial data stream of the present invention, described fuzzy table comprises five-tuple information and the action number of band asterisk wildcard.
In the Audit control system of serial data stream of the present invention, described Flow Control tabulation module comprises with lower unit:
Receiving element, for receiving the five-tuple information of described network packet and described network packet by described Flow Control tabulation;
First hit judging unit, for accurately showing according to the five-tuple information searching of described network packet, and judges whether described accurate table hits described network packet; If the described network packet of described accurate table hit, then return the action number of the node of described accurate table;
Second hit judging unit, for when the miss described network packet of described accurate table, search described fuzzy table, and judge whether described fuzzy table hits described network packet, when the described network packet of described fuzzy table hit, return the action number of the node of described fuzzy table and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
Action number returns unit, for when the miss described network packet of described fuzzy table, and the action number of retrieval system acquiescence, and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table.
In the Audit control system of serial data stream of the present invention,
In described first hit judging unit, by judging that the five-tuple information that whether there is the described node identical with the five-tuple information of described network packet during described hash shows judges whether described accurate table hits described network packet, when there is the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, determine the described network packet of described accurate table hit; When there is not the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, determine the miss described network packet of described accurate table.
In the Audit control system of serial data stream of the present invention,
In described second hit judging unit, judge whether described fuzzy table hits described network packet by judging whether to exist in described fuzzy table with the five-tuple information of the described band asterisk wildcard of the five-tuple information adaptation of described network packet, when there is the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, determine the described network packet of described fuzzy table hit; When there is not the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, determine the miss described network packet of described fuzzy table.
In the Audit control system of serial data stream of the present invention,
In described data categorization module, described action number comprises: the action number being sent to auditing system, copies to the action number of auditing system, enters the action number of queue, the action number abandoned;
Sub-bucket corresponding in described data bucket comprises: perform the sub-bucket being sent to auditing system operation, performs the sub-bucket copying to auditing system operation, performs the sub-bucket into queue operation, performs the sub-bucket abandoning operation.
In the Audit control system of serial data stream of the present invention,
Corresponding operation described in described data bucket module comprise described network packet is sent to auditing system, described network packet is copied to auditing system, described network packet is sent to data transmit queue, described network packet is abandoned in any one operation;
Described network packet is copied to auditing system comprise a for described network data packet replication network packet duplicate and described network packet duplicate is sent to described auditing system, then described network packet is sent to described data transmit queue.
In the Audit control system of serial data stream of the present invention, the Audit control system of described serial data stream also comprises with lower module:
Audit Module, for audit to described network packet by described auditing system and obtain the network packet through audit;
Policy distribution module, for generating the flow control policy containing new five-tuple information and new action number by described auditing system;
Policy receipt module, for containing the flow control policy of new five-tuple information and new action number described in receiving;
Packet-receiving module, for receiving the described network packet through audit and starting the function of described data categorization module;
Strategy analyzing module, obtains new five-tuple information and new action number for the flow control policy containing new five-tuple information and new action number described in resolving;
Strategy adds module, tabulates and the function starting described Flow Control tabulation module for described new five-tuple information and new action number being added to described Flow Control.
Implement the Audit control system of serial data stream of the present invention, there is following beneficial effect: the Audit control system of the serial data stream provided by the embodiment of the present invention, can effectively solve in prior art for serial connection 7 layer network agreement auditing systems in a network, there is the problem that forward efficiency restricts mutually with audit flexibility, cause the defect that cannot play the effect of auditing system under the user environment that flow is larger well, data to be carried out after parsings classify owing to adopting by the present invention, according to Flow Control tabulation selectively by data upload or copy to auditing system, forwarding speed is faster, forward efficiency is higher, reach the network throughput improving auditing system, serial auditing system forward efficiency and audit flexibility are taken into account, the high-speed data achieving auditing system forwards.
Accompanying drawing explanation
Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:
Fig. 1 is the Audit control method flow diagram of the serial data stream that the present invention first preferred embodiment provides;
Fig. 2 is the sub-process figure of the step S2 shown in Fig. 1;
Fig. 3 is the Audit control method flow diagram of the serial data stream that the present invention second preferred embodiment provides;
Fig. 4 is the structured flowchart of the Audit control system of the serial data stream that the present invention first preferred embodiment provides;
Fig. 5 is the structured flowchart of the Flow Control tabulation module shown in Fig. 4;
Fig. 6 is the structured flowchart of the Audit control system of the serial data stream that the present invention second preferred embodiment provides;
Fig. 7 is the Audit control method flow diagram of the serial data stream that the present invention the 3rd preferred embodiment provides.
embodiment
In order to the data retransmission speed solved existing for prior art is slow, or need the problem such as data omission of examination & verification, innovative point of the present invention is: carry out parsing shunting by needing the network packet forwarded, different pieces of information is carried out be classified to corresponding sub-bucket, according to the action number of network packet by except abandoning except the data that need abandon, select perform corresponding audit and/or send data.
In order to there be understanding clearly to technical characteristic of the present invention, object and effect, now contrast accompanying drawing and describe the specific embodiment of the present invention in detail, following embodiment and accompanying drawing, be only and understand the present invention better, do not do any restriction to the present invention.
As shown in Figure 1, in Audit control method first embodiment of a kind of serial data stream provided in the embodiment of the present invention, the hardware environment of this auditing method can be X86 system, said method comprising the steps of:
S1, receiving network data bag the many tuple information obtaining described network packet are resolved to described network packet; And send to Flow Control to tabulate many tuple information of described network packet and described network packet;
S2, judge whether the tabulation of described Flow Control hits many tuple information of described network packet, and return the action number of described Flow Control tabulation;
Described network packet is assigned to sub-bucket corresponding in data bucket by S3, the action number of tabulating according to described Flow Control;
Sub-bucket corresponding in S4, described data bucket performs corresponding operation to described network packet.
The embodiment of the present invention can be realized by the dpdk platform of intel, and dpdk platform is the storehouse of fast processing packet and the external member of driving on X86 platform, and can certainly be realized by other platforms, the present invention is not limited only to this.
Implement the Audit control method of serial data stream of the present invention, there is following beneficial effect: the Audit control method of the serial data stream provided by the embodiment of the present invention, can effectively solve in prior art for serial connection 7 layer network agreement auditing systems in a network, there is the problem that forward efficiency restricts mutually with audit flexibility, cause the defect that cannot play the effect of auditing system under the user environment that flow is larger well, data to be carried out after parsings classify owing to adopting by the present invention, according to Flow Control tabulation selectively by data upload or copy to auditing system, forwarding speed is faster, forward efficiency is higher, reach the network throughput improving auditing system, serial auditing system forward efficiency and audit flexibility are taken into account, the high-speed data achieving auditing system forwards.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention, described many tuple information are five-tuple information.Described five-tuple directly can determine a BlueDrama.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention, described five-tuple information comprises the source IP of described network packet, source port, object IP, destination interface and agreement.Such as: 192.168.1.110000TCP121.14.88.7680 just constitutes a five-tuple.Its meaning is, IP address be the terminal of 192.168.1.1 by port one 0000, utilize Transmission Control Protocol, and IP address is 121.14.88.76, port be 80 terminal connect.This agreement can comprise Transmission Control Protocol or udp protocol for the agreement of described network packet, and the present invention is not limited only to this two kinds of agreements.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention, described Flow Control tabulation comprises accurately table and fuzzy table.By distinguishing accurately table and fuzzy table, making the audit of serial data stream more flexible, if directly hit in accurately showing, just without the need to again through fuzzy table, contrast can be carried out judge whether hit to network packet point situation.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention, described accurate table is hash table, described hash table comprise described hash show in the five-tuple information of each node and the action number of each node.The five-tuple information of each node during this hash shows is used for judging whether accurate table hits network packet.Make the judgement of whether hitting more accurate.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention, described fuzzy table comprises five-tuple information and the action number of band asterisk wildcard.Five-tuple information with wildcard can make fuzzy table can hit the more and fuzzy network packet showing adaptation.
Preferably, as shown in Figure 2, in the Audit control method of the serial data stream provided in the embodiment of the present invention, described step S2 comprises following sub-step:
The tabulation of S21, described Flow Control receives the five-tuple information of described network packet and described network packet;
S22, accurately to show according to the five-tuple information searching of described network packet, and judge whether described accurate table hits described network packet; If the described network packet of described accurate table hit, then return the action number of the node of described accurate table;
If described network packet that the described accurate table of S23 is miss, then search described fuzzy table, and judge whether described fuzzy table hits described network packet, if the described network packet of described fuzzy table hit, then return the action number of the node of described fuzzy table and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
If described network packet that the described fuzzy table of S24 is miss, then the action number of retrieval system acquiescence, and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention,
In described step S22, by judging that the action number of the five-tuple information and each node that whether there is the described node identical with the five-tuple information of described network packet during described hash shows judges whether described accurate table hits described network packet, if there is the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine the described network packet of described accurate table hit; If there is not the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine the miss described network packet of described accurate table.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention,
In described step S23, judge whether described fuzzy table hits described network packet by judging whether to exist in described fuzzy table with the five-tuple information of the described band asterisk wildcard of the five-tuple information adaptation of described network packet, if there is the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine the described network packet of described fuzzy table hit; If there is not the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine the miss described network packet of described fuzzy table.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention,
In described step S3, described action number comprises: the action number being sent to auditing system, copies to the action number of auditing system, enters the action number of queue, the action number abandoned;
Sub-bucket corresponding in described data bucket comprises: perform the sub-bucket being sent to auditing system operation, performs the sub-bucket copying to auditing system operation, performs the sub-bucket into queue operation, performs the sub-bucket abandoning operation.
Preferably, in the Audit control method of the serial data stream provided in the embodiment of the present invention,
Corresponding operation described in described step S4 comprise described network packet is sent to auditing system, described network packet is copied to auditing system, described network packet is sent to data transmit queue, described network packet is abandoned in any one operation;
Described network packet is copied to auditing system comprise a for described network data packet replication network packet duplicate and described network packet duplicate is sent to described auditing system, then described network packet is sent to described data transmit queue.
The network packet being sent to described auditing system can be sent out by described auditing system, and this is determined by auditing system, and certain auditing system also can determine not sent.Described data transmit queue also can add traffic control queues, for the transmission speed of limiting network packet.
Preferably, as shown in Figure 3, in the Audit control method of the serial data stream provided in the embodiment of the present invention, the Audit control method of described serial data stream is further comprising the steps of:
S5, after described step S4, described auditing system described network packet is audited and obtain through audit network packet;
S6, described auditing system generate the flow control policy containing new five-tuple information and new action number;
S7, receive described in contain the flow control policy of new five-tuple information and new action number;
S8, receive described through audit network packet and forward to perform described step S3;
S9, resolve described in contain new five-tuple information and new action number flow control policy obtain new five-tuple information and new action number;
S10, described new five-tuple information and new action number added to described Flow Control and tabulate and forward to and perform described step S2.
As shown in Figure 4, the embodiment of the present invention also provides a kind of Audit control system of serial data stream, comprises with lower module:
Packet parsing module 1, resolves to described network packet the many tuple information obtaining described network packet for receiving network data bag; And send to Flow Control to tabulate many tuple information of described network packet and described network packet;
Flow Control tabulation module 2, for judging whether the tabulation of described Flow Control hits many tuple information of described network packet, and returns the action number of described Flow Control tabulation;
Data categorization module 3, described network packet is assigned to sub-bucket corresponding in data bucket by the action number for tabulating according to described Flow Control;
Data bucket module 4, for performing corresponding operation by sub-bucket corresponding in described data bucket to described network packet.
The embodiment of the present invention can be realized by the dpdk platform of intel, and dpdk platform is the storehouse of fast processing packet and the external member of driving on X86 platform, and can certainly be realized by other platforms, the present invention is not limited only to this.
Implement the Audit control system of serial data stream of the present invention, there is following beneficial effect: the Audit control system of the serial data stream provided by the embodiment of the present invention, can effectively solve in prior art for serial connection 7 layer network agreement auditing systems in a network, there is the problem that forward efficiency restricts mutually with audit flexibility, cause the defect that cannot play the effect of auditing system under the user environment that flow is larger well, data to be carried out after parsings classify owing to adopting by the present invention, according to Flow Control tabulation selectively by data upload or copy to auditing system, forwarding speed is faster, forward efficiency is higher, reach the network throughput improving auditing system, serial auditing system forward efficiency and audit flexibility are taken into account, the high-speed data achieving auditing system forwards.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention, described many tuple information are five-tuple information.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention, the five-tuple information of described network packet comprises the source IP of described network packet, source port, object IP, destination interface and agreement.Such as: 192.168.1.110000TCP121.14.88.7680 just constitutes a five-tuple.Its meaning is, IP address be the terminal of 192.168.1.1 by port one 0000, utilize Transmission Control Protocol, and IP address is 121.14.88.76, port be 80 terminal connect.This agreement can comprise Transmission Control Protocol or udp protocol for the agreement of described network packet, and the present invention is not limited only to this two kinds of agreements.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention, described Flow Control tabulation comprises accurately table and fuzzy table.By distinguishing accurately table and fuzzy table, making the audit of serial data stream more flexible, if directly hit in accurately showing, just without the need to again through fuzzy table, contrast can be carried out judge whether hit to network packet point situation.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention, described accurate table is hash table, described hash table comprise described hash show in the five-tuple information of each node and the action number of each node.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention, it is characterized in that, described fuzzy table comprises five-tuple information and the action number of band asterisk wildcard.Five-tuple information with wildcard can make fuzzy table can hit the more and fuzzy network packet showing adaptation.
Preferably, as shown in Figure 5, in the Audit control system of the serial data stream provided in the embodiment of the present invention, described Flow Control tabulation module 2 comprises with lower unit:
Receiving element 21, for receiving the five-tuple information of described network packet and described network packet by described Flow Control tabulation;
First hit judging unit 22, for accurately showing according to the five-tuple information searching of described network packet, and judges whether described accurate table hits described network packet; If the described network packet of described accurate table hit, then return the action number of the node of described accurate table;
Second hit judging unit 23, for when the miss described network packet of described accurate table, search described fuzzy table, and judge whether described fuzzy table hits described network packet, when the described network packet of described fuzzy table hit, return the action number of the node of described fuzzy table and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
Action number returns unit 24, for when the miss described network packet of described fuzzy table, and the action number of retrieval system acquiescence, and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention,
In described first hit judging unit 22, by judging that the five-tuple information that whether there is the described node identical with the five-tuple information of described network packet during described hash shows judges whether described accurate table hits described network packet, when there is the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, determine the described network packet of described accurate table hit; When there is not the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, determine the miss described network packet of described accurate table.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention,
In described second hit judging unit 23, judge whether described fuzzy table hits described network packet by judging whether to exist in described fuzzy table with the five-tuple information of the described band asterisk wildcard of the five-tuple information adaptation of described network packet, when there is the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, determine the described network packet of described fuzzy table hit; When there is not the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, determine the miss described network packet of described fuzzy table.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention,
In described data categorization module 3, described action number comprises: the action number being sent to auditing system, copies to the action number of auditing system, enters the action number of queue, the action number abandoned;
Sub-bucket corresponding in described data bucket comprises: perform the sub-bucket being sent to auditing system operation, performs the sub-bucket copying to auditing system operation, performs the sub-bucket into queue operation, performs the sub-bucket abandoning operation.
Preferably, in the Audit control system of the serial data stream provided in the embodiment of the present invention,
Corresponding operation described in described data bucket module 4 comprise described network packet is sent to auditing system, described network packet is copied to auditing system, described network packet is sent to data transmit queue, described network packet is abandoned in any one operation;
Described network packet is copied to auditing system comprise a for described network data packet replication network packet duplicate and described network packet duplicate is sent to described auditing system, then described network packet is sent to described data transmit queue.
The network packet being sent to described auditing system can be sent out by described auditing system, and this is determined by auditing system, and certain auditing system also can determine not sent.Described data transmit queue also can add traffic control queues, for the transmission speed of limiting network packet.
Preferably, as shown in Figure 6, in the Audit control system of the serial data stream provided in the embodiment of the present invention, the Audit control system of described serial data stream also comprises with lower module:
Audit Module 5, for audit to described network packet by described auditing system and obtain the network packet through audit;
Policy distribution module 6, for generating the flow control policy containing new five-tuple information and new action number by described auditing system;
Policy receipt module 7, for containing the flow control policy of new five-tuple information and new action number described in receiving;
Packet-receiving module 8, for receiving the described network packet through audit and starting the function of described data categorization module 3;
Strategy analyzing module 9, obtains new five-tuple information and new action number for the flow control policy containing new five-tuple information and new action number described in resolving;
Strategy adds module 10, tabulates and the function starting described Flow Control tabulation module 2 for described new five-tuple information and new action number being added to described Flow Control.
Below by way of one more specifically embodiment explain principle of the present invention:
Step a, receiving network data bag the five-tuple information obtaining described network packet is resolved to described network packet; And send to Flow Control to tabulate the five-tuple information of described network packet and described network packet;
The tabulation of Step b, described Flow Control receives the five-tuple information of described network packet and described network packet;
Step c, search described accurate table, by judging that the five-tuple information that whether there is the described node identical with the five-tuple information of described network packet during described hash shows judges whether described accurate table hits described network packet, if there is the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine the described network packet of described accurate table hit; If there is not the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine that described accurate table does not hit described network packet; If the described network packet of described accurate table hit, then return the action number of the node of described accurate table; Described action number comprises: the action number being sent to auditing system, copies to the action number of auditing system, enters the action number of queue, the action number abandoned;
If the described accurate table of Step d does not hit described network packet, then search described fuzzy table, and judge whether described fuzzy table hits described network packet by judging whether to exist in described fuzzy table with the five-tuple information of the described band asterisk wildcard of the five-tuple information adaptation of described network packet, if there is the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine the described network packet of described fuzzy table hit; If there is not the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine that described fuzzy table does not hit described network packet, if the described network packet of described fuzzy table hit, return the action number of the node of described fuzzy table and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
If described network packet that the described fuzzy table of Step e is miss, then the action number of retrieval system acquiescence, and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
Step f, described network packet to be assigned in data bucket corresponding sub-bucket according to described action number; Be sent to the action number of auditing system, copy to the action number of auditing system, enter the action number of queue, the action number abandoned; Sub-bucket corresponding in described data bucket comprises: perform the sub-bucket being sent to auditing system operation, performs the sub-bucket copying to auditing system operation, performs the sub-bucket into queue operation, performs the sub-bucket abandoning operation
Sub-bucket corresponding in Step g, described data bucket performs corresponding operation; Corresponding operation comprise described network packet is sent to auditing system, described network packet is copied to auditing system, described network packet is sent to data transmit queue, described network packet is abandoned in any one operation; The described auditing system that described network packet copied to comprises a for described network data packet replication network packet duplicate and described network packet duplicate is sent to described auditing system, then described network packet is sent to described data transmit queue; The network packet being sent to described auditing system can be sent out by described auditing system, and this is determined by auditing system, and certain auditing system also can determine not sent.Described data transmit queue also can add traffic control queues, for the transmission speed of limiting network packet.
Step h, described auditing system are audited to described network packet and are obtained the network packet through audit;
Step i, described auditing system generate the flow control policy containing new five-tuple information and new action number;
Step j, receive described in contain the flow control policy of new five-tuple information and new action number;
Step k, receive described through audit network packet and forward to perform described step Step f;
Step l, resolve described flow control policy and obtain new five-tuple information and new action number;
Step m, described new five-tuple information and new action number added to described Flow Control and tabulate and forward to and perform Step c.
As can be seen from above step, network packet can be divided into the network packet received first and the network packet of passing through audit, for the network packet received first, need through step a to step m, and for the network packet through audit, only need through step c to step m.
Below in conjunction with Fig. 7, explain the present invention by an instantiation:
The RX of network packet in Fig. 7,1., parse the five-tuple information (source IP, source port, object IP, destination interface, agreement (TCP/UDP)) of packet;
Then, then perform in Fig. 7 2., 3., 2. in Fig. 7 is accurately in table and Fig. 7 be 3. fuzzy table.First search accurate table, if hit in accurately showing, then return action number, this part is complete.If not hit in accurate table, then search fuzzy table, return action number after hit, then add and accurate for this network packet five-tuple and action number to be added to accurately in table, return action number, this part is complete.If fuzzy table is miss, then the action of acquiescence number is returned.The result 2., 3. performed in Fig. 7 is action number.
Then, then to network packet classify () in Fig. 7 4..The network data entered 4. is surrounded by two kinds of situations, a kind of be through Flow Control tabulation network packet (in Fig. 7 1. → 2./3. → 4.), a kind of is by the network packet (in Fig. 7 9. → 4.) through audit.Data classification is the different types of sub-bucket according to the action number of packet, packet being assigned to data bucket.
Finally, then perform data bucket module (in Fig. 7 5., 6., 7., 8.).Data bucket comprises: perform be sent to auditing system operation sub-bucket () in Fig. 7 5., perform the sub-bucket () copying to auditing system operation, the sub-bucket () performing queue operation and execution in Fig. 7 6. in Fig. 7 7. and abandon the sub-bucket () of operation in Fig. 7 8..Be sent to the network packet of auditing system, auditing system can be sent again (certainly, determined by auditing system, also can not send out).Copy to auditing system, namely copy a network packet to auditing system, then to enter queue etc. to be sent for network packet.Enter queue, namely enter into data transmit queue (, also can add traffic control queues here and carry out speed limit etc.).Abandon, lose by this network packet.
Reception auditing system packet () is that the packet in order to upload to auditing system is sent in Fig. 7 9., namely enters queue.
Policy resolution in Fig. 7 is the strategy in order to resolve auditing system or the transmission of other clients, adds the strategy after parsing and adds in Flow Control tabulation.
In conjunction with real network situation, the flow direction of network packet is as follows:
Network packet arrive first native system handling process as: in Fig. 7 1. → 2. → 3. → 2. → 4. → 5./6./7./8. → 10. (10. 6./network packet is 7. gone to) (centre does not have labelled step to omit).
Network packet is non-arrives native system first, according to network packet five-tuple information at accurate table.Handling process as: in Fig. 7 1. → 2. → 4. → 5./6./7./8. → 10. (10. 6./network packet is 7. gone to) (centre does not have labelled step to omit).
Network packet is sent to auditing system, handling process as: in Fig. 7 1. → 2. → 4. → 5. → 9. → 4. → 7. → 10., meeting Provisioning Policy after (centre does not have labelled step to omit) auditing system audit analysis, then adds to after reception, parses policy in Flow Control tabulation.
Network packet copies to auditing system, handling process as: in Fig. 7 1. → 2. → 4. → 6. → 10. (centre does not have labelled step to omit).Auditing system receives network packet simultaneously, and handling process such as network packet is sent to auditing system.
In sum, the Audit control method of the serial data stream provided by the embodiment of the present invention or system, can effectively solve in prior art for serial connection 7 layer network agreement auditing systems in a network, there is the problem that forward efficiency restricts mutually with audit flexibility, cause the defect that cannot play the effect of auditing system under the user environment that flow is larger well, data to be carried out after parsings classify owing to adopting by the present invention, according to Flow Control tabulation selectively by data upload or copy to auditing system, forwarding speed is faster, forward efficiency is higher, reach the network throughput improving auditing system, serial auditing system forward efficiency and audit flexibility are taken into account, the high-speed data achieving auditing system forwards.
By reference to the accompanying drawings embodiments of the invention are described above; but the present invention is not limited to above-mentioned embodiment; above-mentioned embodiment is only schematic; instead of it is restrictive; those of ordinary skill in the art is under enlightenment of the present invention; do not departing under the ambit that present inventive concept and claim protect, also can make a lot of form, these all belong within protection of the present invention.
Claims (24)
1. an Audit control method for serial data stream, is characterized in that, comprise the following steps:
S1, receiving network data bag the many tuple information obtaining described network packet are resolved to described network packet; And send to Flow Control to tabulate many tuple information of described network packet and described network packet;
S2, judge whether the tabulation of described Flow Control hits many tuple information of described network packet, and return the action number of described Flow Control tabulation;
Described network packet is assigned to sub-bucket corresponding in data bucket by S3, the action number of tabulating according to described Flow Control;
Sub-bucket corresponding in S4, described data bucket performs corresponding operation to described network packet.
2. the Audit control method of serial data stream according to claim 1, is characterized in that, described many tuple information are five-tuple information.
3. the Audit control method of serial data stream according to claim 2, is characterized in that, described five-tuple information comprises the source IP of described network packet, source port, object IP, destination interface and agreement.
4. the Audit control method of serial data stream according to claim 3, is characterized in that, described Flow Control tabulation comprises accurately table and fuzzy table.
5. the Audit control method of serial data stream according to claim 4, is characterized in that, described accurate table is hash table, and described hash table comprises the five-tuple information of each node and the action number of each node in described hash table.
6. the Audit control method of serial data stream according to claim 5, is characterized in that, described fuzzy table comprises five-tuple information and the action number of band asterisk wildcard.
7. the Audit control method of serial data stream according to claim 6, is characterized in that, described step S2 comprises following sub-step:
The tabulation of S21, described Flow Control receives the five-tuple information of described network packet and described network packet;
S22, accurately to show according to the five-tuple information searching of described network packet, and judge whether described accurate table hits described network packet; If the described network packet of described accurate table hit, then return the action number of the node of described accurate table;
If described network packet that the described accurate table of S23 is miss, then search described fuzzy table, and judge whether described fuzzy table hits described network packet, if the described network packet of described fuzzy table hit, then return the action number of the node of described fuzzy table and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
If described network packet that the described fuzzy table of S24 is miss, then the action number of retrieval system acquiescence, and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table.
8. the Audit control method of serial data stream according to claim 7, is characterized in that,
In described step S22, by judging that the action number of the five-tuple information and each node that whether there is the described node identical with the five-tuple information of described network packet during described hash shows judges whether described accurate table hits described network packet, if there is the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine the described network packet of described accurate table hit; If there is not the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, then determine the miss described network packet of described accurate table.
9. the Audit control method of serial data stream according to claim 7, is characterized in that,
In described step S23, judge whether described fuzzy table hits described network packet by judging whether to exist in described fuzzy table with the five-tuple information of the described band asterisk wildcard of the five-tuple information adaptation of described network packet, if there is the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine the described network packet of described fuzzy table hit; If there is not the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, then determine the miss described network packet of described fuzzy table.
10. the Audit control method of serial data stream according to claim 7, is characterized in that,
In described step S3, described action number comprises: the action number being sent to auditing system, copies to the action number of auditing system, enters the action number of queue, the action number abandoned;
Sub-bucket corresponding in described data bucket comprises: perform the sub-bucket being sent to auditing system operation, performs the sub-bucket copying to auditing system operation, performs the sub-bucket into queue operation, performs the sub-bucket abandoning operation.
The Audit control method of 11. serial data streams according to claim 10, is characterized in that,
Corresponding operation described in described step S4 comprise described network packet is sent to auditing system, described network packet is copied to auditing system, described network packet is sent to data transmit queue, described network packet is abandoned in any one operation;
Described network packet is copied to auditing system comprise a for described network data packet replication network packet duplicate and described network packet duplicate is sent to described auditing system, then described network packet is sent to described data transmit queue.
The Audit control method of 12. serial data streams according to claim 10, is characterized in that, the Audit control method of described serial data stream is further comprising the steps of:
S5, after described step S4, described auditing system described network packet is audited and obtain through audit network packet;
S6, described auditing system generate the flow control policy containing new five-tuple information and new action number;
S7, receive described in contain the flow control policy of new five-tuple information and new action number;
S8, receive described through audit network packet and forward to perform described step S3;
S9, resolve described in contain new five-tuple information and new action number flow control policy obtain new five-tuple information and new action number;
S10, described new five-tuple information and new action number added to described Flow Control and tabulate and forward to and perform described step S2.
The Audit control system of 13. 1 kinds of serial data streams, is characterized in that, comprises with lower module:
Packet parsing module, resolves to described network packet the many tuple information obtaining described network packet for receiving network data bag; And send to Flow Control to tabulate many tuple information of described network packet and described network packet;
Flow Control tabulation module, for judging whether the tabulation of described Flow Control hits many tuple information of described network packet, and returns the action number of described Flow Control tabulation;
Data categorization module, described network packet is assigned to sub-bucket corresponding in data bucket by the action number for tabulating according to described Flow Control;
Data bucket module, for performing corresponding operation by sub-bucket corresponding in described data bucket to described network packet.
The Audit control system of 14. serial data streams according to claim 13, is characterized in that, described many tuple information are five-tuple information.
The Audit control system of 15. serial data streams according to claim 14, is characterized in that, the five-tuple information of described network packet comprises the source IP of described network packet, source port, object IP, destination interface and agreement.
The Audit control system of 16. serial data streams according to claim 15, is characterized in that, described Flow Control tabulation comprises accurately table and fuzzy table.
The Audit control system of 17. serial data streams according to claim 16, is characterized in that, described accurate table is hash table, and described hash table comprises the five-tuple information of each node and the action number of each node in described hash table.
The Audit control system of 18. serial data streams according to claim 17, is characterized in that, described fuzzy table comprises five-tuple information and the action number of band asterisk wildcard.
The Audit control system of 19. serial data streams according to claim 18, is characterized in that, described Flow Control tabulation module comprises with lower unit:
Receiving element, for receiving the five-tuple information of described network packet and described network packet by described Flow Control tabulation;
First hit judging unit, for accurately showing according to the five-tuple information searching of described network packet, and judges whether described accurate table hits described network packet; If the described network packet of described accurate table hit, then return the action number of the node of described accurate table;
Second hit judging unit, for when the miss described network packet of described accurate table, search described fuzzy table, and judge whether described fuzzy table hits described network packet, when the described network packet of described fuzzy table hit, return the action number of the node of described fuzzy table and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table;
Action number returns unit, for when the miss described network packet of described fuzzy table, and the action number of retrieval system acquiescence, and the action number of the node of the five-tuple information of described network packet and described fuzzy table is added in described accurate table.
The Audit control system of 20. serial data streams according to claim 19, is characterized in that,
In described first hit judging unit, by judging that the five-tuple information that whether there is the described node identical with the five-tuple information of described network packet during described hash shows judges whether described accurate table hits described network packet, when there is the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, determine the described network packet of described accurate table hit; When there is not the five-tuple information of the described node identical with the five-tuple information of described network packet in described hash table, determine the miss described network packet of described accurate table.
The Audit control system of 21. serial data streams according to claim 19, is characterized in that,
In described second hit judging unit, judge whether described fuzzy table hits described network packet by judging whether to exist in described fuzzy table with the five-tuple information of the described band asterisk wildcard of the five-tuple information adaptation of described network packet, when there is the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, determine the described network packet of described fuzzy table hit; When there is not the five-tuple information with the described band asterisk wildcard of the five-tuple information adaptation of described network packet in described fuzzy table, determine the miss described network packet of described fuzzy table.
The Audit control system of 22. serial data streams according to claim 19, is characterized in that,
In described data categorization module, described action number comprises: the action number being sent to auditing system, copies to the action number of auditing system, enters the action number of queue, the action number abandoned;
Sub-bucket corresponding in described data bucket comprises: perform the sub-bucket being sent to auditing system operation, performs the sub-bucket copying to auditing system operation, performs the sub-bucket into queue operation, performs the sub-bucket abandoning operation.
The Audit control system of 23. serial data streams according to claim 22, is characterized in that,
Corresponding operation described in described data bucket module comprise described network packet is sent to auditing system, described network packet is copied to auditing system, described network packet is sent to data transmit queue, described network packet is abandoned in any one operation;
Described network packet is copied to auditing system comprise a for described network data packet replication network packet duplicate and described network packet duplicate is sent to described auditing system, then described network packet is sent to described data transmit queue.
The Audit control system of 24. serial data streams according to claim 22, is characterized in that, the Audit control system of described serial data stream also comprises with lower module:
Audit Module, for audit to described network packet by described auditing system and obtain the network packet through audit;
Policy distribution module, for generating the flow control policy containing new five-tuple information and new action number by described auditing system;
Policy receipt module, for containing the flow control policy of new five-tuple information and new action number described in receiving;
Packet-receiving module, for receiving the described network packet through audit and starting the function of described data categorization module;
Strategy analyzing module, obtains new five-tuple information and new action number for the flow control policy containing new five-tuple information and new action number described in resolving;
Strategy adds module, tabulates and the function starting described Flow Control tabulation module for described new five-tuple information and new action number being added to described Flow Control.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310727363.0A CN104753726B (en) | 2013-12-25 | 2013-12-25 | A kind of Audit control method and system of serial data stream |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310727363.0A CN104753726B (en) | 2013-12-25 | 2013-12-25 | A kind of Audit control method and system of serial data stream |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104753726A true CN104753726A (en) | 2015-07-01 |
| CN104753726B CN104753726B (en) | 2018-04-20 |
Family
ID=53592874
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310727363.0A Active CN104753726B (en) | 2013-12-25 | 2013-12-25 | A kind of Audit control method and system of serial data stream |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104753726B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110943985A (en) * | 2019-11-26 | 2020-03-31 | 武汉虹信通信技术有限责任公司 | Security audit system and method based on 5G mobile communication network |
| CN111092785A (en) * | 2019-12-05 | 2020-05-01 | 深圳市任子行科技开发有限公司 | Data monitoring method and device |
| WO2021208403A1 (en) * | 2020-04-17 | 2021-10-21 | 网络通信与安全紫金山实验室 | Data flow table and processing method and apparatus therefor, and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309216A (en) * | 2008-07-03 | 2008-11-19 | 中国科学院计算技术研究所 | IP packet classification method and apparatus |
| CN101594303A (en) * | 2009-07-10 | 2009-12-02 | 清华大学 | The quick net packet classifying method of traffic statistics information Network Based |
| CN101702726A (en) * | 2009-11-13 | 2010-05-05 | 曙光信息产业(北京)有限公司 | Method and device for updating quintuple rules for IP packet sorting device |
| CN102255909A (en) * | 2011-07-11 | 2011-11-23 | 北京星网锐捷网络技术有限公司 | Session stream monitoring method and device |
| CN103188231A (en) * | 2011-12-30 | 2013-07-03 | 北京锐安科技有限公司 | Multi-core printed circuit board access control list (ACL) rule matching method |
-
2013
- 2013-12-25 CN CN201310727363.0A patent/CN104753726B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309216A (en) * | 2008-07-03 | 2008-11-19 | 中国科学院计算技术研究所 | IP packet classification method and apparatus |
| CN101594303A (en) * | 2009-07-10 | 2009-12-02 | 清华大学 | The quick net packet classifying method of traffic statistics information Network Based |
| CN101702726A (en) * | 2009-11-13 | 2010-05-05 | 曙光信息产业(北京)有限公司 | Method and device for updating quintuple rules for IP packet sorting device |
| CN102255909A (en) * | 2011-07-11 | 2011-11-23 | 北京星网锐捷网络技术有限公司 | Session stream monitoring method and device |
| CN103188231A (en) * | 2011-12-30 | 2013-07-03 | 北京锐安科技有限公司 | Multi-core printed circuit board access control list (ACL) rule matching method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110943985A (en) * | 2019-11-26 | 2020-03-31 | 武汉虹信通信技术有限责任公司 | Security audit system and method based on 5G mobile communication network |
| CN110943985B (en) * | 2019-11-26 | 2022-03-22 | 武汉虹旭信息技术有限责任公司 | Security audit system and method based on 5G mobile communication network |
| CN111092785A (en) * | 2019-12-05 | 2020-05-01 | 深圳市任子行科技开发有限公司 | Data monitoring method and device |
| WO2021208403A1 (en) * | 2020-04-17 | 2021-10-21 | 网络通信与安全紫金山实验室 | Data flow table and processing method and apparatus therefor, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104753726B (en) | 2018-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11005729B2 (en) | Satisfying service level agreement metrics for unknown applications | |
| CN104348716B (en) | A kind of message processing method and equipment | |
| CN105578488B (en) | Network data acquisition system and method | |
| US20180219779A1 (en) | System and Method for Processing and Forwarding Transmitted Information | |
| US9356844B2 (en) | Efficient application recognition in network traffic | |
| CN101176306B (en) | Traffic analysis system and method for checking network communication service flow | |
| CN108353022B (en) | Data message processing method, device and system | |
| CN105939297B (en) | A kind of TCP message recombination method and device | |
| CN105556916B (en) | The information statistical method and device of network flow | |
| CN109314664B (en) | Zombie main control machine discovery equipment and method | |
| KR102019104B1 (en) | Method for processing traffic using multi network interface card and network device thereof | |
| US9288159B2 (en) | Systems and methods for deep packet inspection with a virtual machine | |
| CN105191235A (en) | Cut-through processing for slow and fast ports | |
| CN101606357B (en) | Automatic discovery of blocking access-list ID and match statements in a network | |
| CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
| Ricart‐Sanchez et al. | Toward hardware‐accelerated QoS‐aware 5G network slicing based on data plane programmability | |
| CN107786437A (en) | Message forwarding method and device | |
| CN104753726A (en) | Serial data stream auditing control method and serial data stream auditing control system | |
| US20140105005A1 (en) | Performing value and context aware communications networking | |
| KR101437008B1 (en) | Apparatus and Method for Traffic Analysis | |
| US9356876B1 (en) | System and method for classifying and managing applications over compressed or encrypted traffic | |
| Hayes et al. | Online identification of groups of flows sharing a network bottleneck | |
| JP2007228217A (en) | Traffic decision device, traffic decision method, and program therefor | |
| CN112019393B (en) | Method and device for determining time delay | |
| KR100965621B1 (en) | Method and computer system for triggering an action on digital communication data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |