CN105553850A - URL blocking method based on FPGA and TCAM - Google Patents
URL blocking method based on FPGA and TCAM Download PDFInfo
- Publication number
- CN105553850A CN105553850A CN201510909527.0A CN201510909527A CN105553850A CN 105553850 A CN105553850 A CN 105553850A CN 201510909527 A CN201510909527 A CN 201510909527A CN 105553850 A CN105553850 A CN 105553850A
- Authority
- CN
- China
- Prior art keywords
- tcam
- url
- fpga
- shutoff
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/23—Bit dropping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/26—Flow control; Congestion control using explicit feedback to the source, e.g. choke packets
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a URL blocking method based on an FPGA and a TCAM, and relates to an information blocking method. The method employs a Hash algorithm to compress an URL keyword with combining with TCAM matching, and can meet the requirements for the URL blocking at a large-flow line speed.
Description
Technical field
The present invention relates to a kind of information method for blocking, particularly relate to a kind of URL method for blocking based on FPGA and TCAM.
Background technology
Namely URL (UniformResourceLocator, URL(uniform resource locator)) shutoff limits the access of some specific URL.URL storehouse is set up in traditional URL shutoff, directly compares coupling to specific url field, for subsequent treatment such as the message that the match is successful abandon, is mainly used in the Software Development Platforms such as CPU/GPU/ network processing unit.Prior art mates shutoff to URL can only reach the handling property of tens k to hundreds of kPPS on single CPU/GPU/ network processing unit, and backbone network 10G port just needs the handling property reaching 14.4Mpps, the URL that prior art cannot meet under large discharge linear speed mates shutoff requirement.
Summary of the invention
Because the above-mentioned defect of prior art, technical problem to be solved by this invention is to provide a kind of URL method for blocking met under large discharge linear speed.
For achieving the above object, the invention provides a kind of URL method for blocking based on FPGA and TCAM, carry out according to the following steps:
S1, while FPGA internal clocking process buffer memory message, the critical field of URL extracting message is compressed in parallel through hash algorithm;
S2, to compress according to same hash algorithm preparing the url field of shutoff in TCAM, and write in TCAM as shutoff strategy;
S3, the packed field obtained by step S1 do content matching at TCAM; The dropping packets when content matching; Otherwise normally forward.
The invention has the beneficial effects as follows: the present invention can abandon the message needing shutoff immediately when message does surface speed forwarding by buffer memory to subordinate's processing module, can meet 10G even 100G port to the requirement of Message processing speed, reach the line-speed processing to message at individual equipment/platform.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the present invention one specific embodiment.
Embodiment
Below in conjunction with drawings and Examples, the invention will be further described:
As shown in Figure 1, a kind of based on FPGA (Field-ProgrammableGateArray, field programmable gate array) and TCAM (ternarycontentaddressablememory, TCAM) URL method for blocking, it is characterized in that carrying out according to the following steps:
S1, while FPGA internal clocking process buffer memory message, extract that the url field of message is parallel carries out Hash compression algorithm to calculate PktUrlCalResult;
S2, in TCAM, calculate to preparing the url field of shutoff the URLResult needing shutoff according to same hash algorithm, and write in TCAM as shutoff strategy;
S3, PktUrlCalResult is done content matching at TCAM, judge that whether it is identical; The dropping packets when content matching; Otherwise normally forward.
More than describe preferred embodiment of the present invention in detail.Should be appreciated that those of ordinary skill in the art just design according to the present invention can make many modifications and variations without the need to creative work.Therefore, all technical staff in the art, all should by the determined protection range of claims under this invention's idea on the basis of existing technology by the available technical scheme of logical analysis, reasoning, or a limited experiment.
Claims (1)
1. based on a URL method for blocking of FPGA and TCAM, it is characterized in that, carry out according to the following steps:
S1, while FPGA internal clocking process buffer memory message, the critical field of URL extracting message is compressed in parallel through hash algorithm;
S2, to compress according to same hash algorithm preparing the url field of shutoff in TCAM, and write in TCAM as shutoff strategy;
S3, the packed field obtained by step S1 do content matching at TCAM; The dropping packets when content matching; Otherwise normally forward.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510909527.0A CN105553850A (en) | 2015-12-10 | 2015-12-10 | URL blocking method based on FPGA and TCAM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510909527.0A CN105553850A (en) | 2015-12-10 | 2015-12-10 | URL blocking method based on FPGA and TCAM |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105553850A true CN105553850A (en) | 2016-05-04 |
Family
ID=55832788
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510909527.0A Pending CN105553850A (en) | 2015-12-10 | 2015-12-10 | URL blocking method based on FPGA and TCAM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105553850A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114598616A (en) * | 2022-05-09 | 2022-06-07 | 上海飞旗网络技术股份有限公司 | Efficient mode matching method for solving real-time mass data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102546299A (en) * | 2012-01-09 | 2012-07-04 | 北京锐安科技有限公司 | Method for detecting deep packet under large flow |
CN102843271A (en) * | 2011-11-14 | 2012-12-26 | 哈尔滨安天科技股份有限公司 | Formalization detection method and system for malicious URL (uniform resource locator) |
CN103414603A (en) * | 2013-07-31 | 2013-11-27 | 清华大学 | Ipv6 deep packet inspection method based on Hash folding method |
US20140089498A1 (en) * | 2012-07-29 | 2014-03-27 | Verint Systems Ltd. | System and method of high volume rule engine |
-
2015
- 2015-12-10 CN CN201510909527.0A patent/CN105553850A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102843271A (en) * | 2011-11-14 | 2012-12-26 | 哈尔滨安天科技股份有限公司 | Formalization detection method and system for malicious URL (uniform resource locator) |
CN102546299A (en) * | 2012-01-09 | 2012-07-04 | 北京锐安科技有限公司 | Method for detecting deep packet under large flow |
US20140089498A1 (en) * | 2012-07-29 | 2014-03-27 | Verint Systems Ltd. | System and method of high volume rule engine |
CN103414603A (en) * | 2013-07-31 | 2013-11-27 | 清华大学 | Ipv6 deep packet inspection method based on Hash folding method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114598616A (en) * | 2022-05-09 | 2022-06-07 | 上海飞旗网络技术股份有限公司 | Efficient mode matching method for solving real-time mass data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102104544B (en) | Order preserving method for fragmented message flow in IP (Internet Protocol) tunnel of multi-nuclear processor with accelerated hardware | |
CN102202064B (en) | Method for extracting behavior characteristics of Trojan communication based on network data flow analysis | |
PH12019501563A1 (en) | Blockchain service acceptance and consensus method and devices | |
WO2018125518A3 (en) | Computer program product, system, and method to allow a host and a storage device to communicate using different fabric, transport, and direct memory access protocols | |
MY195245A (en) | Blockchain-Based Data Processing Method and Device | |
WO2009093226A3 (en) | A method and apparatus for fingerprinting systems and operating systems in a network | |
CN105653484A (en) | Data block-oriented compression multi-path transmission method | |
CN101777075B (en) | Method for searching parallel audio fingerprint | |
WO2016010319A3 (en) | Cloud streaming service system, data compressing method for preventing memory bottlenecking, and device for same | |
CN105119926A (en) | Multichannel duplex communication method based on Socket connection | |
CN103856370B (en) | Application flow recognition method and system | |
CN103957154B (en) | Network packet url filtering method | |
CN105553850A (en) | URL blocking method based on FPGA and TCAM | |
CN102012882A (en) | Method for high-speed data stream encryption transmission based on system-on-chip | |
CN106130903A (en) | SDN switch stream table encryption method based on FPGA | |
WO2007120789A3 (en) | Method and apparatus for processing data at physical layer | |
CN103106144B (en) | A kind of internal memory index compression method and apparatus | |
CN105049437A (en) | Method for filtering network application layer data | |
CN102256182A (en) | RTP (Real-time Transport Protocol)-based video stream fragment framing method | |
CN103220274A (en) | Operator network outlet network message pattern matching method and system | |
CN102799673B (en) | A kind of method of batch compression swf file | |
CN101789014B (en) | Parallel video fingerprint retrieval method | |
CN103986744B (en) | Throughput-based file parallel transmission method | |
TWI529544B (en) | Data flow method and device | |
CN103117882B (en) | The alert processing method of Access Network and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160504 |
|
RJ01 | Rejection of invention patent application after publication |