CN109388499A - Message forwarding method and device, computer readable storage medium, electronic equipment - Google Patents
Message forwarding method and device, computer readable storage medium, electronic equipment Download PDFInfo
- Publication number
- CN109388499A CN109388499A CN201710662612.0A CN201710662612A CN109388499A CN 109388499 A CN109388499 A CN 109388499A CN 201710662612 A CN201710662612 A CN 201710662612A CN 109388499 A CN109388499 A CN 109388499A
- Authority
- CN
- China
- Prior art keywords
- message
- application
- application type
- dpi module
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2475—Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
Abstract
This disclosure relates to a kind of message forwarding method and device, computer readable storage medium, electronic equipment.The method is applied to message forwarding equipment, and the message forwarding equipment includes User space deep message detection DPI module, which comprises the User space DPI module receives message, judges whether the application type for having identified the message;If the application type of the unidentified message out, the User space DPI module polls application identification table judges the application type that the message whether is preserved in the application identification table;If preserving the application type of the message in the application identification table, the User space DPI module is forwarded processing according to the corresponding forwarding strategy of the application type, to the message.Such scheme helps to improve recognition efficiency, and then improves message forward efficiency.
Description
Technical field
This disclosure relates to technical field of data processing, and in particular, to a kind of message forwarding method and device, computer can
Read storage medium, electronic equipment.
Background technique
With increasing, it in the weight that the type identification of application layer is paid close attention to as each security firm of network application classification
Weight, then, the type identification efficiency of application layer message connection becomes a very important test index.By identifying network
The application type of message not only can accurately see clearly network operation state, moreover it is possible to which better prison is made in the behavior for user
Control system, prevention virus attack etc..
For the message that one needs to forward, it can first judge whether the message needs to carry out deep message detection
(English: Deep Packet Inspection, referred to as: DPI), that is, judge whether the application type for having identified outgoing packet, such as
Fruit needs to carry out DPI, then message can be sent to kernel state (Kernel Mode) from User space (User Mode), by kernel state
In DPI module identification message application type, then the strategy matching module being forwarded in kernel state determines the application type
Message forwarding strategy after, and then according to forwarding strategy carry out message forwarding.For example, forwarding strategy, which can be, allows to report
Text forwarding forbids message to forward.
Summary of the invention
Purpose of this disclosure is to provide a kind of message forwarding method and device, computer readable storage medium, electronic equipment,
Recognition efficiency is helped to improve, and then improves message forward efficiency.
To achieve the goals above, in a first aspect, the disclosure provides a kind of message forwarding method, the method is applied to report
Literary forwarding device, the message forwarding equipment include User space deep message detection DPI module, which comprises
The User space DPI module receives message, judges whether the application type for having identified the message;
If the application type of the unidentified message out, the User space DPI module polls application identification table judges institute
It states using the application type for whether preserving the message in identification table;
If preserving the application type of the message in the application identification table, the User space DPI module is according to this
The corresponding forwarding strategy of application type is forwarded processing to the message.
Optionally, the message forwarding equipment further includes kernel state DPI module, the method also includes:
If not saving the application type of the message in the application identification table, the User space DPI module will be described
Message is sent to kernel state DPI module;
The kernel state DPI module parses the message, matches the application type of the message, and by the message and institute
The application identification table is written in the corresponding relationship for stating the application type of message.
Optionally, if the kernel state DPI module needs to go out by least two message matchings the application of the message
Type, then
The message is sent to kernel state DPI module by the User space DPI module, comprising: the User space DPI module
Message copy is carried out at least two message, and the message that copy obtains is sent to kernel state DPI module;
The method also includes: the User space DPI modules according to preconfigured message blocking strategy, to it is described at least
Two messages are forwarded processing, until after the kernel state DPI module is matched to the application type of the message, further according to institute
It states application type corresponding forwarding strategy and processing is forwarded to subsequent packet.
Optionally, preserve the corresponding forwarding strategy of application type in the application identification table, it is described by the message with
The application type of the message is written the application and identifies table, comprising:
The corresponding forwarding strategy of application type that the kernel state DPI module obtains the message, by the message, described
The application identification table is written in the application type of message and the corresponding relationship of forwarding strategy.
Optionally, at more nonuniform memory access framework NUMA,
The User space DPI module receives message, comprising: the User space DPI module is received from the network interface card inside NUMA
The message;
It handles the CPU of the User space DPI module logic and handles the CPU of the kernel state DPI module logic, be hyperline
Two Logic Cores of journey.
Optionally, the application identification table is set as shared drive, and application identification table uses memory in kernel state
The identification item of fixed size is established in pond.
Second aspect, the disclosure provide a kind of apparatus for forwarding message, and described device includes User space deep message detection DPI
Module, the User space DPI module include:
Message receiving module, for receiving message;
First judgment module, for judging whether to have identified the application type of the message;
Second judgment module, in the unidentified application type of the message out, inquiry application identification table to judge institute
It states using the application type for whether preserving the message in identification table;
Forward process module is answered when for preserving the application type of the message in the application identification table according to this
With the corresponding forwarding strategy of type, processing is forwarded to the message.
Optionally, described device further includes kernel state DPI module, then
The User space DPI module further include: message sending module, for not saving the report in the application identification table
When the application type of text, the message is sent to the kernel state DPI module;
The kernel state DPI module includes: application type matching module, for parsing the message, matches the message
Application type;Corresponding relationship writing module, for the corresponding relationship of the message and the application type of the message to be written
The application identifies table.
Optionally, if the application type matching module needs to go out answering for the message by least two message matchings
With type, then
The message sending module, for carrying out message copy, and the report that copy is obtained at least two message
Text is sent to the kernel state DPI module;
The forward process module, for according to preconfigured message blocking strategy, at least two message into
Row forward process, until after the application type matching module is matched to the application type of the message, further according to the application
The corresponding forwarding strategy of type is forwarded processing to subsequent packet.
Optionally, the corresponding forwarding strategy of application type is preserved in the application identification table,
The corresponding relationship writing module, the corresponding forwarding strategy of application type for obtaining the message will be described
The application identification table is written in the corresponding relationship of message, the application type of the message and forwarding strategy.
Optionally, at more nonuniform memory access framework NUMA, handle the CPU of the User space DPI module logic with
The CPU of the kernel state DPI module logic is handled, is two Logic Cores of hyperthread;
The message receiving module, for receiving the message from the network interface card inside NUMA.
Optionally, the application identification table is set as shared drive, and application identification table uses memory in kernel state
The identification item of fixed size is established in pond.
The third aspect, the disclosure provide a kind of computer readable storage medium, are stored thereon with computer program, the program
The step of above-mentioned message forwarding method is realized when being executed by processor.
Fourth aspect, the disclosure provide a kind of electronic equipment, comprising:
Above-mentioned computer readable storage medium;And
One or more processor, for executing the program in the computer readable storage medium.
User space DPI module can be arranged in User space in disclosure scheme, for segment message, can complete to answer in User space
With type identification, the fast-forwarding of message is realized.The message of all unidentified application types out compared with the existing technology, requires
Into kernel state processing, disclosure scheme, which not only reduces message, falls core between User space and kernel state and joins the team out the opening of team
Processing delay is greatly reduced in pin, helps to improve whole recognition efficiency, and then improve message forward efficiency.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is the flow diagram of disclosure message forwarding method embodiment 1;
Fig. 2 is the flow diagram of disclosure message forwarding method embodiment 2;
Fig. 3 is the configuration diagram of 2 NUMA in the disclosure;
Fig. 4 is the schematic diagram that identification table is applied in access in the prior art;
Fig. 5 is the schematic diagram that identification table is applied in access in the disclosure;
Fig. 6 is the structural schematic diagram of disclosure apparatus for forwarding message;
Fig. 7 is structural block diagram of the disclosure for the electronic equipment of message forwarding.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched
The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
Referring to Fig. 1, the flow diagram of embodiment of the present disclosure message forwarding method embodiment 1 is shown.Disclosure scheme
It can be applied to message forwarding equipment, realize the fast-forwarding of message, wherein message forwarding equipment may include User space depth
Packet check DPI module, this method may comprise steps of:
Step 101, User space deep message detection DPI module receives message, judges whether to have identified the message
Application type.
Step 102, if the application type of the unidentified message out, the User space DPI module polls application identification
Table judges the application type that the message whether is preserved in the application identification table.
Step 103, if preserving the application type of the message in the application identification table, the User space DPI mould
Root tuber is forwarded processing according to the corresponding forwarding strategy of the application type, to the message.
In order to improve the recognition efficiency of application type, and then message forward efficiency is improved, disclosure scheme can be in user
User space DPI module is arranged in state, and based on application identification table, the fast-forwarding of message is realized by User space DPI module.
Specifically, after User space DPI module receives message, it can first judge whether the application for having identified the message
Type, as an example, User space DPI module can inquire conversational list, if preserving the application of the message in conversational list
Type and forwarding strategy then can determine that the application type for having identified outgoing packet, can be based on corresponding turn of the application type
Hair strategy, is forwarded processing to message, realizes the fast-forwarding of message.If the application type of unidentified outgoing packet, can
It is handled as follows:
The preset application of User space DPI module polls identifies table, judges apply in identification table whether preserve the message
Application type.If being matched to the application type of message in application identification table, the corresponding forwarding of the application type can be based on
Strategy is forwarded processing to message.
As an example, following information: the address purpose ip, ip association can be saved using identification table in disclosure scheme
Discuss type, port numbers, the protocol type identified, the application type identified.In view of this, User space DPI module can
To match the application type of outgoing packet based on the application type identified saved in table.Alternatively, can be based on saving in table
The protocol type identified, match the protocol type of outgoing packet, first turned according to the corresponding forwarding strategy of protocol type
Hair processing, it is if desired finer, according still further to hereafter introducing by the application type of kernel state DPI module matching message, this
Place wouldn't be described in detail.Alternatively, can based on saved in table the address purpose ip, ip protocol type, port numbers, match the one of outgoing packet
Grade application type.Disclosure scheme can be specific in combination with depending on practical situations without limitation to this.
As an example, it is referred to the prior art, after the application type of User space DPI module identification outgoing packet,
Trigger policy matching module further determines that the corresponding forwarding strategy of application type, and then is forwarded place according to forwarding strategy
Reason.
Alternatively, disclosure scheme also provides a kind of scheme of new determination forwarding strategy, it specifically can be in application identification table
Save message, the application type of message and the corresponding relationship of forwarding strategy.That is, when carrying out strategy addition, for
The corresponding forwarding strategy of the application type can directly be written to and answer by the corresponding forwarding strategy of the application type identified
With identifying in table, in this way, User space DPI module can be directly by applying identification table to find the application type of message and turn
Hair strategy, then lookup result is written in conversational list.Strategy matching module reduction is fallen, the knowledge of disclosure scheme is helped to improve
Other efficiency.
As an example, the message forwarding equipment in disclosure scheme can embody are as follows: X86-based platform, DPDK (English
Text: Data Plane Development Kit, Chinese: data plane development kit) platform etc., disclosure scheme can not to this
It is specifically limited.
As an example, the application type of message can embody in disclosure scheme are as follows: QQ, wechat, MSN, live streaming,
DNS (English: Domain Name System, Chinese: domain name system), mail, FTP (English: File Transfer
Protocol, Chinese: File Transfer Protocol), TFTP (English: Trivial File Transfer Protocol, Chinese: letter
Monofile transport protocol) etc., disclosure scheme can be not specifically limited this.
In conclusion in the prior art, the message of all unidentified application types out requires to enter kernel state processing,
One side message, which enters kernel state processing, itself will affect recognition efficiency, another aspect message the channel UK (User- >
Kernel it) is forwarded between the channel KU (Kernel- > user), channel falls core and also will affect recognition efficiency.Corresponding to this,
Certain applications type identification in disclosure scheme can be completed in User space, only the unrecognized report of User space DPI module
Text is just sent to kernel state DPI resume module, not only reduces down core and joins the team out the expense of team, also makes processing delay substantially
It reduces, improves whole recognition efficiency.In addition, the most of server of user's access is all similar in many cases
, for having identified the message of application type, can be written into using in identification table, when similar application arrives again
When, it can be added with the application type of lookup table mode matching outgoing packet without matching a large amount of characteristic informations by User space DPI module
Fast recognition speed, similarly helps to the promotion of whole recognition efficiency.
Referring to fig. 2, the flow diagram of embodiment of the present disclosure message forwarding method embodiment 2 is shown.Disclosure scheme
It can be applied to message forwarding equipment, realize the fast-forwarding of message, wherein message forwarding equipment may include User space DPI
Module and kernel state DPI module, this method may comprise steps of:
Step 201, User space deep message detection DPI module receives message, judges whether to have identified the message
Application type.
Step 202, if the application type of the unidentified message out, the User space DPI module polls application identification
Table judges the application type that the message whether is preserved in the application identification table.
Step 203, if not saving the application type of the message in the application identification table, the User space DPI mould
The message is sent to kernel state DPI module by block.
Step 204, the kernel state DPI module parses the message, matches the application type of the message, and will be described
The corresponding relationship of the application type of message and the message is written the application and identifies table.
In actual application, if User space DPI module does not find the application class of message in application identification table
Message can be then sent to kernel state DPI module by type, carry out application type identification.
Specifically, after kernel state DPI module receives message, it can parse message content, and each application type is combined to have
Some features match the application type of current message, and specific matching process can refer to the relevant technologies realization, and the disclosure can to this
Without limitation.
It, can be with after kernel state DPI module matches the application type of outgoing packet in order to improve the recognition efficiency of disclosure scheme
The corresponding relationship of message and application type is written in application identification table.In this way, receiving the connection in User space DPI module
After subsequent packet, the application type of outgoing packet can be determined based on using identification table, and then by application type and corresponding forwarding
Strategy is added in conversational list, and dialogue-based table completes the forwarding of subsequent packet, helps to improve the recognition efficiency of subsequent packet.
It is to be appreciated that kernel state DPI module matches the application class of outgoing packet for the scheme of simplified strategy matching module
After type, the corresponding forwarding strategy of the application type can also be obtained, and then by message, the application type and forwarding strategy of message
Corresponding relationship, write-in application identification table in.
By being described above it is found that User space DPI module, which is mainly based upon conversational list, carries out the fast-forwarding of message, therefore may be used also
Referred to as quick DPI module;Correspondingly, kernel state DPI module needs just carry out message by processing such as application type matchings
Forwarding, therefore it is also referred to as DPI module at a slow speed.
As an example, disclosure scheme can be according to the address purpose ip of message, destination slogan, protocol number, really
Determine the application type of message;And/or the application class of message can be determined according to the load payload of message, i.e. data content
Type.
By taking the load according to message determines application type as an example, usually require that the data field of message is not empty, but in reality
In the application process of border, it is understood that there may be data field is empty situation.With TCP (English: Transmission Control
Protocol, Chinese: transmission control protocol) for message, the data field of message is generally sky in three-way handshake process, to know
Not Chu application type at least to need to wait a data field be not empty message.
In addition, if the data field of a message is not enough to match specific application type, but a part of message
Information has met the case where certain application types, and needing more detailed subsequent packet just can determine really to apply class
Type, that is, needing multiple data fields is not that application type can be just recognized accurately in empty message.
For the case where needing to cache at least two messages just and can recognize that application type, message blocking can be pre-configured with
Strategy is used to indicate message forwarding strategy in this case.For example, message blocking strategy is configurable in identification outgoing packet
Application type before, allow message forward;Alternatively, forbidding message to forward, this public affairs before the application type of identification outgoing packet
Evolution case can be not specifically limited this.Specifically, message repeating process can embody as follows:
The User space DPI module carries out message copy at least two message, and the message that copy is obtained is sent out
It send to kernel state DPI module;The User space DPI module is according to preconfigured message blocking strategy, to described at least two
Message is forwarded processing, until answering after the kernel state DPI module is matched to the application type of the message further according to described
Processing is forwarded to subsequent packet with type corresponding forwarding strategy.
Be to allow message to forward, for the forwarding strategy that identifies is to forbid forwarding by message blocking strategy, can including
It before core state DPI module identifies the application type of outgoing packet, E-Packets according to already-existing session rule, and in identification outgoing packet
After application type, the subsequent packet of the connection is stopped forwarding.
As an example, in the case of message data field is empty, mesh first can also be utilized by User space DPI module
The address ip, destination slogan, protocol number determine the application type and forwarding strategy of message, processing is forwarded to message.
Meanwhile after receiving data field not and being empty message, message can also be determined using message content by kernel state DPI module
Application type and forwarding strategy, with this verify User space DPI module determine application type and forwarding strategy it is accurate
Property.Depending on specific combinable practical application request, disclosure scheme can be without limitation to this.
As an example, disclosure scheme can be applied to more NUMA (English: Non Uniform Memory
Access Architecture, Chinese: nonuniform memory access framework), in order to guarantee the optimization of multicore performance, network interface card,
The relationship of CPU can embody as follows: the User space DPI module receives the message from the network interface card inside NUMA;Handle the use
The CPU of the family state DPI module logic and CPU for handling the kernel state DPI module logic is two Logic Cores of hyperthread.
Referring to Fig. 3, the configuration diagram of 2 NUMA is shown.By taking NUMA0 as an example, process kernel state DPI module logic
CPU0 and CPU1 can receive message from network 1, network interface card 2, and CPU0 and CPU4 are two simulated by Hyper-Threading
Logic Core, CPU1 and CPU5 are two Logic Cores simulated by Hyper-Threading.So-called Hyper-Threading it is to be understood that
Using hardware instruction by a physics core analog be two logic cores, each logic core can parallel computation, help
In the runnability for promoting CPU.
In general, two logic cores can share the resource of physics kernel, for example, L2 cache L2Cache, register, whole
The resources such as number arithmetic unit ALU, FPU Float Point Unit FPU also facilitate the recognition efficiency for promoting disclosure scheme based on this.Tool
Body, by taking shared L2Cache as an example, runs the CPU0 of User space DPI module logic, runs kernel state DPI module logic
CPU4 is two logic cores for belonging to a physical cpu, after CPU0 receives a message, if the message needs to send
To kernel state processing, message can be sent to CPU4 by CPU0.When in view of carrying out application type identification, need to message content
It is parsed namely CPU0 reads in message in L2Cache, it, equally can be in this way, after CPU4 receives this message
The message is read in L2Cache namely CPU4 does not need message reading in L2Cache from memory again, causes disclosure side
The recognition efficiency of case is increased dramatically.Further, since CPU0, CPU4 belong to a physical cpu, the two shares same
L2Cache resource can also reduce more cache miss.
To sum up, disclosure scheme ensures that each NUMA only handles respective internal message, and what can be optimized utilizes memory
Management.Meanwhile for same message, the CPU of User space DPI module logic and the CPU of process kernel state DPI module logic are handled
For two Logic Cores of a hyperthread, it may also be ensured that the caching of same message optimizes, so that recognition efficiency be made to be promoted
40% or so.
It compares the prior art again below, is further explained explanation using identification table in disclosure scheme.
When application identification table in the prior art is applied to multiple nucleus system framework, there is a problem of concurrency performance difference, this master
If because application identification table in the prior art is set as global table, and the CPU of only kernel state can identify application
Table executes the operation such as inquiry, increase, deletion, and for details, reference can be made to schematic diagrames shown in Fig. 4.In addition, in order to guarantee safety, existing skill
Application identification table in art uses locking operation, i.e. only one CPU of synchronization is able to access that, using identification table, this is resulted in
It is excessively poor that concurrency performance is handled between multicore, can not accomplish that performance increases linear growth with CPU number.
Corresponding to this, shared drive can be set to using identification table in disclosure scheme, on the one hand, User space DPI
Module and kernel state DPI module may have access to application identification table, realize search operation;On the other hand, from a security point of view,
Only kernel state DPI module can execute write operation to application identification table, for example, the operation such as deletion, increase, for details, reference can be made to figures
Schematic diagram shown in 5.
It is to be appreciated that can notify kernel state by way of sending out message when User space DPI module needs write operation
DPI module realizes write operation indirectly by kernel state DPI module.For example, User space DPI module is assisted according to the address purpose ip, ip
Type, port numbers are discussed, after the application type for matching outgoing packet, application type can be written and applied by kernel state DPI module
It identifies in table.
As an example, the application identification table in disclosure scheme can be fixed big using memory pool foundation in kernel state
Small identification item.That is, can the pre- some fixed sizes of first to file memory block, as identification item, in disclosure scheme
Corresponding relationship can be stored in identification item in.The good memory of pre- first to file, can not only save in each operating process in real time into
Memory consumed by the application of row memory, release;It can also realize under multiple nucleus system framework and be inquired without lock, i.e., synchronization allows more
A CPU access application identification table, for performance, as CPU number increases, linear increase provides technical foundation.
It is to be appreciated that, even if other CPU are carrying out delete operation, will not go out when a CPU executes inquiry operation
What incumbent exception, this is because be the good memory of pre- first to file using identification table, even if the content in identification item is deleted, but
The address of identification item is effective always, is not in access memory after searching deleted item address exception occur, program is straight
Meet the problem of extension.
In addition, as an example, can determine the amount of capacity of L2Cache according to the size of application identification table.Specifically
Ground, the capacity of L2Cache are not less than the size of application identification table, make to encase completely in L2Cache and entirely apply identification table,
In this manner it is ensured that the whole access to application identification table carries out all within L2Cache.It is by performance test it is found that so square
Case can make whole recognition efficiency promote 30% or so.
Referring to Fig. 6, the structural schematic diagram of embodiment of the present disclosure apparatus for forwarding message is shown.The apparatus may include with
Family state deep message detects DPI module, and the User space DPI module includes:
Message receiving module 301, for receiving message;
First judgment module 302, for judging whether to have identified the application type of the message;
Second judgment module 303, in the unidentified application type of the message out, inquiry application identification table to be sentenced
Break and whether preserves the application type of the message in the application identification table;
Forward process module 304, when for preserving the application type of the message in the application identification table, according to this
The corresponding forwarding strategy of application type is forwarded processing to the message.
Optionally, described device further includes kernel state DPI module, then
The User space DPI module further include: message sending module, for not saving the report in the application identification table
When the application type of text, the message is sent to the kernel state DPI module;
The kernel state DPI module includes: application type matching module, for parsing the message, matches the message
Application type;Corresponding relationship writing module, for the corresponding relationship of the message and the application type of the message to be written
The application identifies table.
Optionally, if the application type matching module needs to go out answering for the message by least two message matchings
With type, then
The message sending module, for carrying out message copy, and the report that copy is obtained at least two message
Text is sent to the kernel state DPI module;
The forward process module, for according to preconfigured message blocking strategy, at least two message into
Row forward process, until after the application type matching module is matched to the application type of the message, further according to the application
The corresponding forwarding strategy of type is forwarded processing to subsequent packet.
Optionally, the corresponding forwarding strategy of application type is preserved in the application identification table,
The corresponding relationship writing module, the corresponding forwarding strategy of application type for obtaining the message will be described
The application identification table is written in the corresponding relationship of message, the application type of the message and forwarding strategy.
Optionally, at more nonuniform memory access framework NUMA, handle the CPU of the User space DPI module logic with
The CPU of the kernel state DPI module logic is handled, is two Logic Cores of hyperthread;
The message receiving module, for receiving the message from the network interface card inside NUMA.
Optionally, the application identification table is set as shared drive, and application identification table uses memory in kernel state
The identification item of fixed size is established in pond.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
Fig. 7 is the block diagram of a kind of electronic equipment 400 shown according to an exemplary embodiment, which is used for
Carry out message forwarding.As shown in fig. 7, the electronic equipment 400 may include: processor 401, memory 402, multimedia component
403, input/output (I/O) interface 404 and communication component 405.
Wherein, processor 401 is used to control the integrated operation of the electronic equipment 400, to complete above-mentioned message forwarding side
All or part of the steps in method.Memory 402 is for storing various types of data to support the behaviour in the electronic equipment 400
To make, these data for example may include the instruction of any application or method for operating on the electronic equipment 400, with
And the relevant data of application program, such as contact data, the message of transmitting-receiving, picture, audio, video etc..The memory 402
It can be realized by any kind of volatibility or non-volatile memory device or their combination, such as static random-access is deposited
Reservoir (Static Random Access Memory, abbreviation SRAM), electrically erasable programmable read-only memory
(Electrically Erasable Programmable Read-Only Memory, abbreviation EEPROM), erasable programmable
Read-only memory (Erasable Programmable Read-Only Memory, abbreviation EPROM), programmable read only memory
(Programmable Read-Only Memory, abbreviation PROM), and read-only memory (Read-Only Memory, referred to as
ROM), magnetic memory, flash memory, disk or CD.Multimedia component 403 may include screen and audio component.Wherein
Screen for example can be touch screen, and audio component is used for output and/or input audio signal.For example, audio component may include
One microphone, microphone is for receiving external audio signal.The received audio signal can be further stored in storage
Device 402 is sent by communication component 405.Audio component further includes at least one loudspeaker, is used for output audio signal.I/O
Interface 404 provides interface between processor 401 and other interface modules, other above-mentioned interface modules can be keyboard, mouse,
Button etc..These buttons can be virtual push button or entity button.Communication component 405 is for the electronic equipment 400 and other
Wired or wireless communication is carried out between equipment.Wireless communication, such as Wi-Fi, bluetooth, near-field communication (Near Field
Communication, abbreviation NFC), 2G, 3G or 4G or they one or more of combination, therefore corresponding communication
Component 405 may include: Wi-Fi module, bluetooth module, NFC module.
In one exemplary embodiment, electronic equipment 400 can be by one or more application specific integrated circuit
(Application Specific Integrated Circuit, abbreviation ASIC), digital signal processor (Digital
Signal Processor, abbreviation DSP), digital signal processing appts (Digital Signal Processing Device,
Abbreviation DSPD), programmable logic device (Programmable Logic Device, abbreviation PLD), field programmable gate array
(Field Programmable Gate Array, abbreviation FPGA), controller, microcontroller, microprocessor or other electronics member
Part is realized, for executing above-mentioned message forwarding method.
In a further exemplary embodiment, a kind of computer readable storage medium including program instruction, example are additionally provided
It such as include the memory 402 of program instruction, above procedure instruction can be executed by the processor 401 of electronic equipment 400 on to complete
The message forwarding method stated.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality
The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure
Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the disclosure to it is various can
No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally
Disclosed thought equally should be considered as disclosure disclosure of that.
Claims (10)
1. a kind of message forwarding method, which is characterized in that the method is applied to message forwarding equipment, the message forwarding equipment
DPI module is detected including User space deep message, which comprises
The User space DPI module receives message, judges whether the application type for having identified the message;
If the application type of the unidentified message out, the User space DPI module polls application identifies table, answers described in judgement
With the application type for whether preserving the message in identification table;
If preserving the application type of the message in the application identification table, the User space DPI module is according to the application
The corresponding forwarding strategy of type is forwarded processing to the message.
2. the method according to claim 1, wherein the message forwarding equipment further includes kernel state DPI module,
The method also includes:
If not saving the application type of the message in the application identification table, the User space DPI module is by the message
It is sent to kernel state DPI module;
The kernel state DPI module parses the message, matches the application type of the message, and by the message and the report
The corresponding relationship of the application type of text is written the application and identifies table.
3. according to the method described in claim 2, it is characterized in that, if the kernel state DPI module needs to pass through at least two
A message matching goes out the application type of the message, then
The message is sent to kernel state DPI module by the User space DPI module, comprising: the User space DPI module is to institute
It states at least two messages and carries out message copy, and the message that copy obtains is sent to kernel state DPI module;
The method also includes: the User space DPI module is according to preconfigured message blocking strategy, to described at least two
Message is forwarded processing, until answering after the kernel state DPI module is matched to the application type of the message further according to described
Processing is forwarded to subsequent packet with type corresponding forwarding strategy.
4. according to the method described in claim 2, it is characterized in that, to preserve application type in the application identification table corresponding
Forwarding strategy, it is described that the application identification table is written into the application type of the message and the message, comprising:
The corresponding forwarding strategy of application type that the kernel state DPI module obtains the message, by the message, the message
Application type and forwarding strategy corresponding relationship, the application identification table is written.
5. according to the method described in claim 2, it is characterized in that, at more nonuniform memory access framework NUMA,
The User space DPI module receives message, comprising: the User space DPI module is from described in the network interface card reception inside NUMA
Message;
It handles the CPU of the User space DPI module logic and handles the CPU of the kernel state DPI module logic, be hyperthread
Two Logic Cores.
6. method according to any one of claims 1 to 5, which is characterized in that in the application identification table is set as shared
It deposits, and the application identification table establishes the identification item of fixed size in kernel state using memory pool.
7. a kind of apparatus for forwarding message, which is characterized in that described device includes User space deep message detection DPI module, described
User space DPI module includes:
Message receiving module, for receiving message;
First judgment module, for judging whether to have identified the application type of the message;
Second judgment module, in the unidentified application type of the message out, inquiry to be answered described in judgement using table is identified
With the application type for whether preserving the message in identification table;
Forward process module when for preserving the application type of the message in the application identification table, applies class according to this
The corresponding forwarding strategy of type is forwarded processing to the message.
8. device according to claim 7, which is characterized in that described device further includes kernel state DPI module, then
The User space DPI module further include: message sending module, for not saving the message in the application identification table
When application type, the message is sent to the kernel state DPI module;
The kernel state DPI module includes: application type matching module, for parsing the message, matches answering for the message
Use type;Corresponding relationship writing module, for described in the corresponding relationship write-in by the message and the application type of the message
Using identification table.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor
The step of any one of claim 1 to 6 the method is realized when row.
10. a kind of electronic equipment characterized by comprising
Computer readable storage medium described in claim 9;And
One or more processor, for executing the program in the computer readable storage medium.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710662612.0A CN109388499A (en) | 2017-08-04 | 2017-08-04 | Message forwarding method and device, computer readable storage medium, electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710662612.0A CN109388499A (en) | 2017-08-04 | 2017-08-04 | Message forwarding method and device, computer readable storage medium, electronic equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109388499A true CN109388499A (en) | 2019-02-26 |
Family
ID=65412917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710662612.0A Pending CN109388499A (en) | 2017-08-04 | 2017-08-04 | Message forwarding method and device, computer readable storage medium, electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109388499A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110768865A (en) * | 2019-10-23 | 2020-02-07 | 新华三信息安全技术有限公司 | Deep packet inspection engine activation method and device and electronic equipment |
CN111224878A (en) * | 2019-12-31 | 2020-06-02 | 中移(杭州)信息技术有限公司 | Route forwarding method and device, electronic equipment and storage medium |
CN111475264A (en) * | 2020-02-28 | 2020-07-31 | 新华三技术有限公司合肥分公司 | Method and device for realizing lock-free forwarding of user mode |
CN113726689A (en) * | 2021-07-27 | 2021-11-30 | 新华三信息安全技术有限公司 | Security service processing method and device |
CN113839889A (en) * | 2021-09-18 | 2021-12-24 | 深圳震有科技股份有限公司 | Message processing method, terminal and computer readable storage medium |
CN114296646A (en) * | 2021-12-24 | 2022-04-08 | 天翼云科技有限公司 | Caching method, device, server and storage medium based on IO service |
CN114978734A (en) * | 2022-05-30 | 2022-08-30 | 新华三信息安全技术有限公司 | Message processing method and device, storage medium and electronic equipment |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070087756A1 (en) * | 2005-10-04 | 2007-04-19 | Hoffberg Steven M | Multifactorial optimization system and method |
CN101984598A (en) * | 2010-11-04 | 2011-03-09 | 成都市华为赛门铁克科技有限公司 | Message forwarding method and deep packet inspection (DPI) device |
CN102195882A (en) * | 2011-05-18 | 2011-09-21 | 深信服网络科技(深圳)有限公司 | Method and device for selecting route according to data stream application type |
CN103023670A (en) * | 2011-09-20 | 2013-04-03 | 中兴通讯股份有限公司 | Message service type identifying method and message service type identifying device based on data processing installation (DPI) |
EP2587776A1 (en) * | 2011-10-28 | 2013-05-01 | France Telecom | Methods of storing a message for a particular user of a shared terminal and associated method of restoring said message |
WO2014029098A1 (en) * | 2012-08-23 | 2014-02-27 | 华为技术有限公司 | Packet control method and apparatus |
CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
CN104995891A (en) * | 2013-12-31 | 2015-10-21 | 华为技术有限公司 | Method and apparatus for processing service packet, and gateway device |
KR20160026219A (en) * | 2014-08-29 | 2016-03-09 | 주식회사 케이티 | Apparatus for deep packet inspection based on software |
CN106789617A (en) * | 2016-12-22 | 2017-05-31 | 东软集团股份有限公司 | A kind of message forwarding method and device |
-
2017
- 2017-08-04 CN CN201710662612.0A patent/CN109388499A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070087756A1 (en) * | 2005-10-04 | 2007-04-19 | Hoffberg Steven M | Multifactorial optimization system and method |
CN101984598A (en) * | 2010-11-04 | 2011-03-09 | 成都市华为赛门铁克科技有限公司 | Message forwarding method and deep packet inspection (DPI) device |
CN102195882A (en) * | 2011-05-18 | 2011-09-21 | 深信服网络科技(深圳)有限公司 | Method and device for selecting route according to data stream application type |
CN103023670A (en) * | 2011-09-20 | 2013-04-03 | 中兴通讯股份有限公司 | Message service type identifying method and message service type identifying device based on data processing installation (DPI) |
EP2587776A1 (en) * | 2011-10-28 | 2013-05-01 | France Telecom | Methods of storing a message for a particular user of a shared terminal and associated method of restoring said message |
WO2014029098A1 (en) * | 2012-08-23 | 2014-02-27 | 华为技术有限公司 | Packet control method and apparatus |
CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
CN104995891A (en) * | 2013-12-31 | 2015-10-21 | 华为技术有限公司 | Method and apparatus for processing service packet, and gateway device |
KR20160026219A (en) * | 2014-08-29 | 2016-03-09 | 주식회사 케이티 | Apparatus for deep packet inspection based on software |
CN106789617A (en) * | 2016-12-22 | 2017-05-31 | 东软集团股份有限公司 | A kind of message forwarding method and device |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110768865A (en) * | 2019-10-23 | 2020-02-07 | 新华三信息安全技术有限公司 | Deep packet inspection engine activation method and device and electronic equipment |
CN110768865B (en) * | 2019-10-23 | 2021-08-27 | 新华三信息安全技术有限公司 | Deep packet inspection engine activation method and device and electronic equipment |
CN111224878A (en) * | 2019-12-31 | 2020-06-02 | 中移(杭州)信息技术有限公司 | Route forwarding method and device, electronic equipment and storage medium |
CN111475264A (en) * | 2020-02-28 | 2020-07-31 | 新华三技术有限公司合肥分公司 | Method and device for realizing lock-free forwarding of user mode |
CN111475264B (en) * | 2020-02-28 | 2023-05-12 | 新华三技术有限公司合肥分公司 | Method and device for realizing user mode lock-free forwarding |
CN113726689A (en) * | 2021-07-27 | 2021-11-30 | 新华三信息安全技术有限公司 | Security service processing method and device |
CN113839889A (en) * | 2021-09-18 | 2021-12-24 | 深圳震有科技股份有限公司 | Message processing method, terminal and computer readable storage medium |
CN113839889B (en) * | 2021-09-18 | 2024-04-05 | 深圳震有科技股份有限公司 | Message processing method, terminal and computer readable storage medium |
CN114296646A (en) * | 2021-12-24 | 2022-04-08 | 天翼云科技有限公司 | Caching method, device, server and storage medium based on IO service |
CN114296646B (en) * | 2021-12-24 | 2023-06-23 | 天翼云科技有限公司 | Caching method and device based on IO service, server and storage medium |
CN114978734A (en) * | 2022-05-30 | 2022-08-30 | 新华三信息安全技术有限公司 | Message processing method and device, storage medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109388499A (en) | Message forwarding method and device, computer readable storage medium, electronic equipment | |
US10505956B1 (en) | System and method for detecting malicious links in electronic messages | |
US10063582B1 (en) | Securing compromised network devices in a network | |
US20110238772A1 (en) | System and method for facilitating mobile traffic in a mobile network | |
US20160004686A1 (en) | Personal assistant context building | |
US10200327B1 (en) | Storage management for ephemeral messages | |
US8990882B1 (en) | Pre-calculating and updating data loss prevention (DLP) policies prior to distribution of sensitive information | |
CN108197852A (en) | Part method and intelligent terminal are sent based on intelligent terminal remote lock express delivery cabinet bin | |
Al‐hisnawi et al. | QCF for deep packet inspection | |
US9912454B2 (en) | Systems and methods for efficient file transfer in a boot mode of a basic input/output system | |
US9226099B2 (en) | Communicating with an owner of an object without the owner's contact information | |
US9760414B2 (en) | Preserving event data for lazily-loaded macro components in a publish/subscribe system | |
Wolfovitz | Triangle‐free subgraphs in the triangle‐free process | |
CN109871685B (en) | RTF file analysis method and device | |
US20180322412A1 (en) | Ticket Routing | |
CN105991789A (en) | Method for realizing virtual machine port mapping, servers and system | |
CN108322418A (en) | The detection method and device of unauthorized access | |
CN108173716B (en) | Method for identifying network equipment manufacturer and computing equipment | |
CN110138723B (en) | Method and system for determining malicious community in mail network | |
US20200125775A1 (en) | Data loss prevention using machine learning | |
CN110392059A (en) | A kind of conversation managing method, device and storage medium | |
CN103546881A (en) | Method and device for identifying uplink short message | |
CN109117058A (en) | A kind of screenshot processing method, device, terminal and storage medium | |
US20230171213A1 (en) | Detecting and mitigating multi-stage email threats | |
US9135090B2 (en) | Messaging bus residing on a mobile device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190226 |