CN114124680A - File access control alarm log management method and device - Google Patents
File access control alarm log management method and device Download PDFInfo
- Publication number
- CN114124680A CN114124680A CN202111121916.9A CN202111121916A CN114124680A CN 114124680 A CN114124680 A CN 114124680A CN 202111121916 A CN202111121916 A CN 202111121916A CN 114124680 A CN114124680 A CN 114124680A
- Authority
- CN
- China
- Prior art keywords
- access control
- file access
- log
- alarm log
- control alarm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title claims abstract description 38
- 238000012545 processing Methods 0.000 claims abstract description 96
- 238000000034 method Methods 0.000 claims abstract description 51
- 230000005540 biological transmission Effects 0.000 claims abstract description 30
- 230000008569 process Effects 0.000 claims abstract description 24
- 230000006870 function Effects 0.000 claims description 32
- 230000015654 memory Effects 0.000 claims description 31
- 238000004590 computer program Methods 0.000 claims description 13
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 230000002547 anomalous effect Effects 0.000 claims description 5
- 230000003993 interaction Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 17
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000011217 control strategy Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 208000033748 Device issues Diseases 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001364 causal effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a file access control alarm log management method and a device, which are applied to a kernel space, and the method comprises the following steps: receiving a read-write operation request of file system input or output initiated by an application program of a user space; determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table; determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment; and sending the file access control alarm log to a remote log processing server based on a system calling mode sent by a Transmission Control Protocol (TCP) reliable connection. The method can process the alarm log data in the shortest time with the lowest software and hardware resource consumption only by one-time interaction of the user space and the kernel space, and reduces the loss of transmission performance.
Description
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a file access control alarm log management method and device.
Background
At present, in a file access control system under a Linux operating system environment, a mode of using a kernel driver level file system I/O operation related system to call HOOK is mostly adopted to control a file access request initiated by a user space application program, and alarm log information is generated when the file access request initiated by the application program is rejected. Moreover, since access control uses a system call function as a control granularity, when a large number of application programs continuously initiate file illegal access operation requests, a kernel space will generate a large amount of file access control alarm log data in a short time, and since the file access control system is mostly deployed in a client server environment, it becomes very important how to process the alarm log data in the shortest time with the lowest software and hardware resource consumption, ensure that a large amount of file access control alarm log data is not lost, and ensure that the client server environment is not affected to the greatest extent.
In order to solve the problem, the following solutions are provided in the related art:
scheme 1: the method comprises the steps of caching a file access control alarm log generated by a kernel space, sending the file access control alarm log to a user space through a kernel space and user space message communication technology, processing the file access control alarm log by an alarm log processing service process of the user space, and storing the file access control alarm log to a local file system or a database server in a persistent mode. However, since the log processing is placed in the file access control system node in the scheme 1, this way consumes a part of the CPU (central processing unit) resources and extra memory resources of the client server environment, and may affect the performance of the client server to some extent.
Scheme 2: the file access control alarm log is moved to a log processing server for centralized processing, so that the consumption of software and hardware resources of a user server environment by a file access control system is reduced, but in the scheme 2, the file access control alarm log is transmitted to a user space from a kernel space, then to the kernel space from the user space, and finally to the log server from the kernel space, so that the loss of transmission performance is brought, and even the loss of the file access control alarm log can be caused.
Disclosure of Invention
The embodiment of the invention provides a file access control alarm log management method and device, which are used for reducing the loss of transmission performance of a file access control alarm log.
In a first aspect, an embodiment of the present invention provides a file access control alarm log management method, which is applied to a kernel space, and the method includes:
receiving a read-write operation request of file system input or output initiated by an application program of a user space;
determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment;
and sending the file access control alarm log to a remote log processing server based on a system calling mode sent by a Transmission Control Protocol (TCP) reliable connection.
In a possible implementation manner, sending the file access control alarm log to a remote log processing server based on a system call mode sent by a TCP reliable connection, the method includes:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and sending the file access control alarm log to a remote log processing server through a protocol stack.
In a possible implementation manner, after writing the file access control alarm log into the associated preset pseudo device, the method further includes:
determining whether anomalous data is received;
when the abnormal data is determined to be received, switching the system calling mode based on the reliable connection sending of the Transmission Control Protocol (TCP) into a NETPOLL mode based on the unreliable connection sending of a User Datagram Protocol (UDP);
and sending the file access control alarm log to a remote log processing server based on a NETPOLL mode sent by unreliable connection of a User Datagram Protocol (UDP).
In a possible embodiment, sending the file access control alarm log to a log processing server at a remote end based on a NETPOLL mode sent by a user datagram protocol UDP unreliable connection includes:
awakening a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function and a network card drive to interact with the file access control alarm log based on the log sending kernel thread so as to send the file access control alarm log to the remote log processing server.
In a possible implementation manner, the exception data includes one or more of data corresponding to a sending process exception exit, data corresponding to a network protocol stack exception, or data corresponding to a system interrupt control exception.
In a second aspect, an apparatus for managing a file access control alarm log is provided, which is applied to a kernel space, and includes:
the receiving unit is used for receiving a read-write operation request of file system input or output initiated by an application program of a user space;
the processing unit is used for determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
the processing unit is further configured to: determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment;
and the control unit is used for sending the file access control alarm log to a remote log processing server based on a system call mode sent by a Transmission Control Protocol (TCP) reliable connection.
In a possible implementation, the control unit is specifically configured to:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and sending the file access control alarm log to a remote log processing server through a protocol stack.
In a possible implementation manner, after writing the file access control alarm log into the associated preset pseudo device, the processing unit is further configured to:
determining whether anomalous data is received;
when the abnormal data is determined to be received, switching the system calling mode based on the reliable connection sending of the Transmission Control Protocol (TCP) into a NETPOLL mode based on the unreliable connection sending of a User Datagram Protocol (UDP);
and sending the file access control alarm log to a remote log processing server based on a NETPOLL mode sent by unreliable connection of a User Datagram Protocol (UDP).
In a possible embodiment, the control unit is further configured to:
awakening a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function and a network card drive to interact with the file access control alarm log based on the log sending kernel thread so as to send the file access control alarm log to the remote log processing server.
In a possible implementation manner, the exception data includes one or more of data corresponding to a sending process exception exit, data corresponding to a network protocol stack exception, or data corresponding to a system interrupt control exception.
In a third aspect, an embodiment of the present invention provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the file access control alarm log management method according to the present invention when executing the computer program.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which includes a program or instructions, and when the program or instructions are executed, the steps in the file access control alarm log management method according to the present invention are implemented.
The beneficial effects of the embodiment of the application are as follows:
the application provides a file access control alarm log management method and device, and because the file system access control log of a kernel space is directly transmitted to a protocol stack or a network card driver from the kernel space, performance loss caused by redundant operation that log data is transmitted to a user space from the kernel space and then transmitted to the kernel space from the user space is avoided. In addition, the consumption of CPU resources and extra memory resources in the client server environment can be reduced by sending the file access control alarm log to the remote log processing server, and the use experience of the client is improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram of a file access control alarm log management method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a network topology of a system according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating an implementation flow of a file access control alarm log management method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a file access control alarm log management apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to better understand the technical solutions, the technical solutions will be described in detail below with reference to the drawings and the specific embodiments of the specification, and it should be understood that the embodiments and specific features of the embodiments of the present invention are detailed descriptions of the technical solutions of the present invention, and are not limitations of the technical solutions of the present invention, and the technical features of the embodiments and examples of the present invention may be combined with each other without conflict.
It is noted that the terms first, second and the like in the description and in the claims of the present invention are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the images so used are interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
The following briefly introduces the design concept of the embodiment of the present invention:
currently, in the related art, when processing a file access control alarm log, two schemes are mainly adopted, wherein in the scheme 1, an alarm log processing service process of a user space is used for processing and then persistently storing the processed alarm log to a local file system or a database server. Although the scheme can process the alarm log data, because the log processing is placed in the file access control system node, a part of CPU resources and extra memory resources of the client server environment are consumed, and the performance of the client server is influenced to a certain extent.
In view of this, a scheme 2 is provided in the related art, specifically, in the scheme 2, the file access control alarm log is moved to the log processing server for centralized processing, so that the consumption of software and hardware resources of the user server environment by the file access control system is reduced, but the processing of the file access control alarm log in the scheme 2 is performed through multiple processes from the "kernel space" and the "user space", that is, there is a problem of transmission path redundancy for transmitting the file access control alarm log.
In view of the problem existing in the foregoing solution 2 in the related art, an embodiment of the present invention provides a file access control alarm log management method, by which consumption on transmission context resources and corresponding system performance of a file access control alarm log can be reduced.
After the design concept of the embodiment of the present invention is introduced, some simple descriptions are made below on application scenarios to which the technical scheme of the file access control alarm log management in the embodiment of the present invention is applicable, and it should be noted that the application scenarios described in the embodiment of the present invention are for more clearly describing the technical scheme of the embodiment of the present invention, and do not form limitations on the technical scheme provided in the embodiment of the present invention.
Fig. 1 is a schematic diagram of a file access control alarm log management method according to an embodiment of the present application. The file system access control node comprises a user space and a kernel space, the user space and the kernel space can interact with each other, the user space can send the file access control alarm log to the log processing server, and the log processing server can perform centralized processing on the file access control alarm log. Specifically, the file system access control node is deployed on a computer device.
In the embodiment of the application, the user space comprises a configuration process, a file access control log event monitoring module and a file access control log sending submodule, and the kernel space comprises a file system access control module, a stored file system access control strategy sent by the configuration process of the user space, an access control log memory file system module and a file system access control log sending module.
Fig. 2 is a schematic diagram of a network structure topology of an alternative system according to an embodiment of the present invention. Specifically, the system comprises a file system access control node, a log processing server, a database server, a centralized management platform and the like. It should be noted that fig. 2 illustrates a network topology diagram in the case where the system has only one file access control node, and in an actual implementation, a plurality of file access control nodes may interact with the log processing server.
The centralized management platform may provide an operation interface, such as a visual user management interface, for a user, and the user may perform group management on all file system access control nodes included in the system through the visual user management interface corresponding to the centralized management platform.
Specifically, a user can divide a plurality of file access control nodes into different groups according to file access control requirements through a centralized management platform, and perform configuration management on a file access control policy by taking the groups as units. Therefore, the configuration of the control strategy does not need to be carried out on each file access control node, the operation steps in the process of configuring the strategy are reduced, and the configuration efficiency of the control strategy is improved.
In addition, the user can also inquire various file access control log information generated by the file access control node through the centralized management platform, or use various file access control logs generated by the file access control node for secondary development.
In the embodiment of the application, the log server is responsible for receiving and processing the alarm log data reported by all the file system access control nodes and persistently storing the processed log into the database server, so that the consumption of software and hardware resources in the environment of the client server can be reduced.
In the embodiment of the application, the file system access control node is composed of a configuration process running in a user space, a file system access control log sending module running in a kernel space, a file system access control module and an access control log memory file system module.
Specifically, the user issues one or more file access control configuration rules, such as a configuration rule for controlling whether a file access request is allowed or not, a configuration rule for a sending mode of a log, and the like, to the file system access control node through the centralized management platform based on different usage requirements. And then the one or more file access control configuration rules are transmitted to the kernel space through a configuration process of the user space and are stored in the kernel space, namely the kernel space stores an access control policy table comprising one or more file access control configuration rules, so that when an application program of the user space initiates a file system access request, the kernel space can match the configuration rules for controlling whether the file access request in the file access control policy table is allowed or not based on the file system access request, thereby giving a file access control decision, generating a corresponding file access control log, and then transmitting the log to a remote log processing server based on a corresponding transmission mode.
In this embodiment of the present application, the computer device may further perform initialization, specifically, may load a driver of a kernel space, create a memory file system file/proc/nfocus/hds/event _ notify, and bind a custom memory file system file operation callback function set to the event _ notify file. And the computer device also creates a related pseudo device in the kernel space and defines a pseudo device operation function, wherein the pseudo device is used for caching the file access control alarm log. In addition, a send task wait queue may also be initialized.
In the embodiment of the invention, after initialization, a user can issue the file access control configuration rule to the file access control node through the centralized management platform and transmit the file access control configuration rule to the kernel space through the configuration process of the user space.
Optionally, when the file access control log sending mode is a NETPOLL mode, the specific information that the computer device may control the configuration process of the user space to issue to the kernel space includes, but is not limited to: IP addresses and log processing service ports of the file access control node and the remote log processing server, network card names sent by file access control node file access logs, and network card addresses of the remote log processing server.
Further, the computer device may create a NETPOLL instance in the driver and register the NETPOLL instance in the kernel space, and then create a file access control alarm log kernel sending thread, and the file access control alarm log kernel sending thread will be added to the sending task waiting queue, so that when the file system access control module generates a file access control log, the file access control alarm log kernel sending thread is waken to send the log. In addition, the computer equipment issues a file system access control configuration rule to the kernel space through a configuration process of the user space, and opens a file access control switch.
Optionally, when it is determined that the sending mode of the file access control alarm log is the system call mode, the computer device may control a sending process corresponding to the user space to create a socket, connect to the remote log processing server, and add the socket to the poll event monitoring queue; and opening the memory file system file/proc/nsfocus/hds/event _ notify and adding the same to the poll event snoop queue. In addition, the computer device issues a file system access control configuration rule to the kernel space through a configuration process of the user space, and a file access control switch of the user space can be opened.
In the embodiment of the application, the file system access control module in the kernel space can realize the interfaces of file opening, closing, reading, offset calculation, poll interface, shared memory mapping and the like of the pseudo device, thereby supporting the zero-copy transmission of the file access control log in two transmission modes (i.e. NETPOLL mode and system call module).
To further explain the scheme of the file access control alarm log management method provided by the embodiment of the present invention, details are described below with reference to the accompanying drawings and the specific embodiments. Although embodiments of the present invention provide method steps as shown in the following embodiments or figures, more or fewer steps may be included in a method based on conventional or non-inventive efforts. In steps where no necessary causal relationship exists logically, the order of execution of the steps is not limited to that provided by embodiments of the present invention. The method can be executed in sequence or in parallel according to the method shown in the embodiment or the figures when the method is executed in an actual processing procedure or a device (for example, a parallel processor or an application environment of multi-thread processing).
The following describes a file access control alarm log management method in an embodiment of the present invention with reference to a method flowchart shown in fig. 3, and a method flow in the embodiment of the present invention is described below.
Step 301: and receiving a read-write operation request initiated by an application program of the user space and input or output by the file system.
In this embodiment of the present application, before the kernel space receives a read-write operation request initiated by an application program in the user space and input or output by the file system, the file system access control module in the kernel space may receive a file system access control configuration rule issued by the user space, and then store the file system access control configuration rule in the file system access control policy table.
In this embodiment, the file system access control policy table may include a configuration rule for rejecting or passing a file system input or output read/write operation request.
Step 302: and determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table.
In this embodiment of the present application, a file system access control module in a kernel space queries a preset file system access control policy table based on a received read-write operation request, where the preset file system access control policy table may include: and the configuration rule is sent by the user space based on the configuration process and used for refusing or passing the input or output read-write operation request of the file system.
Specifically, a file system access control policy table may be preset, the read-write operation request may be matched to obtain a matching result, and a "release" or "reject" decision may be made on the I/O read-write operation request initiated by the application according to the matching result, that is, a processing result of the read-write operation request is determined.
Step 303: and determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo device.
In the embodiment of the application, after the processing result is obtained, the file system access control module in the kernel space may determine the file access control alarm log based on the processing result, and write the file access control alarm log into the associated preset pseudo device.
Step 304: and sending a file access control alarm log to a remote log processing server based on a system calling mode sent by a Transmission Control Protocol (TCP) reliable connection.
In this embodiment of the present application, the configuration rule of the sending mode of the log may be a rule including two sending modes for sending the file access control alarm log, specifically:
(1) a system call mode based on TCP (Transmission Control Protocol) reliable connection Transmission;
(2) the NETPOLL mode for transmission is based on an unreliable UDP (User Datagram Protocol) connection.
In the embodiment of the application, the system adopts a system calling mode based on TCP reliable connection sending under the default condition, when the system calling mode based on TCP reliable connection sending cannot be used, the system calling mode is automatically switched to a NETPOLL mode, and when the system calling mode is recovered, the system calling mode is automatically switched back, so that the log is sent to the log processing server as timely and reliably as possible.
In the embodiment of the application, a corresponding preset read operation callback function in a system call mode can be determined, a file access control alarm log stored in a related preset pseudo device is read based on the preset read operation callback function, and the file access control alarm log is copied to a socket buffer area; and sending the file access control alarm log to a remote log processing server through a protocol stack.
Specifically, in the system call mode, when the file system access control module writes a file access control alarm log into the associated pseudo device, the system will generate a poll event notification on the/proc/nsfocus/hds/event _ notify file handle, so that the sending task will be woken up.
Further, a user space sending task calls a system calling function sys _ sendfile to execute zero copy sending of the file access control log, the calling function directly performs data interaction with associated pseudo equipment in a kernel space, specifically, the content of the file access control log data stored in the pseudo equipment is read through a read operation callback function and copied to a socket buffer area, and then the log data is sent to a remote log processing server through a protocol stack; and meanwhile, updating the file offset pointer through a file offset callback function. In addition, after the log data is successfully sent to the remote log processing server, the log data storage space cached in the pseudo device is recycled for subsequent log storage use.
In the embodiment of the present application, after step 304 is executed, it may be further determined whether the kernel space receives exception data; the abnormal data comprises one or more of data corresponding to the abnormal exit of the sending process, data corresponding to the abnormal exit of the network protocol stack or data corresponding to the abnormal control of the system interrupt.
It can be seen that when the system call mode is adopted, if an exception occurs in the process, exception data can be received. Further, when it is determined that abnormal data is received, a system call mode based on reliable connection transmission of a Transmission Control Protocol (TCP) is switched to a NETPOLL mode based on unreliable connection transmission of a User Datagram Protocol (UDP), and then a file access control alarm log can be sent to a remote log processing server based on the NETPOLL mode based on unreliable connection transmission of the User Datagram Protocol (UDP).
In the embodiment of the application, the kernel space can wake up a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log, and then call the first preset function and the network card drive to interact the file access control alarm log based on the log sending kernel thread so as to send the file access control alarm log to a remote log processing server. The first preset function can be a function derived by calling NETPOLL _ send _ udp, the function directly interacts log data with a network card driver, and data can be sent to a remote log processing server under the condition of not depending on interrupt and a protocol stack, so that zero-copy sending of a file access control alarm log can be realized under a NETPOLL mode.
In the embodiment of the application, adaptive mode switching is adopted, that is, in a system calling mode, when a file system control module detects that a user space log sending task is abnormal, the file system control module switches from the system calling mode to a NETPOLL mode, and when the user space log sending task is detected to be recovered to be normal, the file system control module switches from the NETPOLL mode back to the system calling mode. Therefore, as long as the network card is still in a working state, the file system access control alarm log can be ensured to the greatest extent, and the file system access control alarm log can not be lost even if the kernel space protocol stack or the interrupt control is abnormal.
In the embodiment of the application, the sending thread blocks the waiting poll signal, when the file system access control module writes a file access control alarm log, the sending thread blocked on the poll signal is awakened, and the sending thread and the pseudo device perform data transmission in the kernel space, so that log data are prevented from being transmitted from the kernel space to the user space and then from the user space to the kernel space, and zero copy sending of the log data is realized.
In the embodiment of the application, after the log data is successfully sent to the remote log processing server, the log data storage space cached in the pseudo device is recycled so as to be used by subsequent log storage. Therefore, the storage space in the pseudo device can be repeatedly used all the time, the resource can be repeatedly used, and unnecessary resource consumption is reduced.
Based on the same inventive concept, the embodiment of the invention also provides a file access control alarm log management device, and as the principle of solving the problems of the file access control alarm log management device is similar to the file access control alarm log management method, the implementation of the device can refer to the implementation of the method, and repeated parts are not repeated.
As shown in fig. 4, which is a schematic structural diagram of a file access control alarm log management apparatus 400 according to an embodiment of the present invention, the apparatus may include:
a receiving unit 401, configured to receive a read/write operation request initiated by an application program in a user space and input or output by a file system;
a processing unit 402, configured to determine a processing result of the read/write operation request based on the read/write operation request and a preset file system access control policy table;
the processing unit 402 is further configured to: determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment;
a control unit 403, configured to send the file access control alarm log to a remote log processing server based on a system call mode sent by a TCP reliable connection.
In a possible implementation manner, the control unit 403 is specifically configured to:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and sending the file access control alarm log to a remote log processing server through a protocol stack.
In a possible implementation manner, after writing the file access control alarm log to the associated preset pseudo device, the processing unit 402 is further configured to:
determining whether anomalous data is received;
when the abnormal data is determined to be received, switching the system calling mode based on the reliable connection sending of the Transmission Control Protocol (TCP) into a NETPOLL mode based on the unreliable connection sending of a User Datagram Protocol (UDP);
and sending the file access control alarm log to a remote log processing server based on a NETPOLL mode sent by unreliable connection of a User Datagram Protocol (UDP).
In a possible implementation, the control unit 403 is further configured to:
awakening a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function and a network card drive to interact with the file access control alarm log based on the log sending kernel thread so as to send the file access control alarm log to the remote log processing server.
In a possible implementation manner, the exception data includes one or more of data corresponding to a sending process exception exit, data corresponding to a network protocol stack exception, or data corresponding to a system interrupt control exception.
Based on the same technical concept, an embodiment of the present invention further provides an electronic device 500, and referring to fig. 5, the electronic device 500 is configured to implement the file access control alarm log management method described in the foregoing method embodiment, where the electronic device 500 of this embodiment may include: a memory 501, a processor 502, and a computer program, such as a file access control alarm log management program, stored in the memory and executable on the processor. The processor implements the steps in the above embodiments of the file access control alarm log management method, such as the steps shown in fig. 3, when executing the computer program. Alternatively, the processor, when executing the computer program, implements the functions of each module/unit in the above-described device embodiments, for example, 400.
The embodiment of the present invention does not limit the specific connection medium between the memory 501 and the processor 502. In the embodiment of the present application, the memory 501 and the processor 502 are connected by the bus 503 in fig. 5, the bus 503 is represented by a thick line in fig. 5, and the connection manner between other components is merely illustrative and is not limited thereto. The bus 503 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
The memory 501 may be a volatile memory (volatile memory), such as a random-access memory (RAM); the memory 501 may also be a non-volatile memory (non-volatile memory) such as, but not limited to, a read-only memory (rom), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD), or any other medium which can be used to carry or store desired program code in the form of instructions or data structures and which can be accessed by a computer. The memory 501 may be a combination of the above memories.
The processor 502 is configured to implement a file access control alarm log management method shown in fig. 3, and includes:
receiving a read-write operation request of file system input or output initiated by an application program of a user space; determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table; determining a file access control alarm log based on the processing result, and writing the file access control alarm log into a preset pseudo device associated with the kernel space; and sending a file access control alarm log to a remote log processing server based on a system calling mode sent by a Transmission Control Protocol (TCP) reliable connection.
The embodiment of the application also provides a computer-readable storage medium, which comprises a program or an instruction, and when the program or the instruction is executed, the method for managing the file access control alarm log provided by the embodiment of the invention is realized.
In some possible embodiments, the various aspects of the file access control alarm log management method provided by the present invention may also be implemented in the form of a program product, which includes program code for causing an electronic device to execute the steps in the file access control alarm log management method according to various exemplary embodiments of the present invention described above in this specification when the program product runs on the electronic device, for example, receiving a read-write operation request initiated by an application program in a user space and input or output by a file system; determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table; determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo device; and sending a file access control alarm log to a remote log processing server based on a system calling mode sent by a Transmission Control Protocol (TCP) reliable connection.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A file access control alarm log management method is applied to a kernel space, and comprises the following steps:
receiving a read-write operation request of file system input or output initiated by an application program of a user space;
determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment;
and sending the file access control alarm log to a remote log processing server based on a system calling mode sent by a Transmission Control Protocol (TCP) reliable connection.
2. The method of claim 1, wherein sending the file access control alarm log to a remote log processing server based on a system call pattern sent by a Transmission Control Protocol (TCP) reliable connection comprises:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and sending the file access control alarm log to a remote log processing server through a protocol stack.
3. The method of claim 1 or 2, wherein after writing the file access control alarm log to an associated preset pseudo device, the method further comprises:
determining whether anomalous data is received;
when the abnormal data is determined to be received, switching the system calling mode based on the reliable connection sending of the Transmission Control Protocol (TCP) into a NETPOLL mode based on the unreliable connection sending of a User Datagram Protocol (UDP);
and sending the file access control alarm log to a remote log processing server based on a NETPOLL mode sent by unreliable connection of a User Datagram Protocol (UDP).
4. The method as claimed in claim 3, wherein sending the file access control alarm log to a remote log processing server based on a NETPOLL mode sent by a UDP unreliable connection comprises:
awakening a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function and a network card drive to interact with the file access control alarm log based on the log sending kernel thread so as to send the file access control alarm log to the remote log processing server.
5. The method of claim 3, wherein the exception data includes one or more of data corresponding to a send process exception exit, data corresponding to a network protocol stack exception, or data corresponding to a system interrupt control exception.
6. An apparatus for managing a file access control alarm log, applied to a kernel space, the apparatus comprising:
the receiving unit is used for receiving a read-write operation request of file system input or output initiated by an application program of a user space;
the processing unit is used for determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
the processing unit is further configured to: determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment;
and the control unit is used for sending the file access control alarm log to a remote log processing server based on a system call mode sent by a Transmission Control Protocol (TCP) reliable connection.
7. The apparatus of claim 6, wherein the control unit is specifically configured to:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and sending the file access control alarm log to a remote log processing server through a protocol stack.
8. The apparatus of claim 6 or 7, wherein after writing the file access control alarm log to the associated preset pseudo device, the processing unit is further to:
determining whether anomalous data is received;
when the abnormal data is determined to be received, switching the system calling mode based on the reliable connection sending of the Transmission Control Protocol (TCP) into a NETPOLL mode based on the unreliable connection sending of a User Datagram Protocol (UDP);
and sending the file access control alarm log to a remote log processing server based on a NETPOLL mode sent by unreliable connection of a User Datagram Protocol (UDP).
9. Computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 5 when executing the program.
10. A computer-readable storage medium comprising a program or instructions which, when executed, perform the method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111121916.9A CN114124680B (en) | 2021-09-24 | 2021-09-24 | File access control alarm log management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111121916.9A CN114124680B (en) | 2021-09-24 | 2021-09-24 | File access control alarm log management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114124680A true CN114124680A (en) | 2022-03-01 |
| CN114124680B CN114124680B (en) | 2023-11-17 |
Family
ID=80441192
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111121916.9A Active CN114124680B (en) | 2021-09-24 | 2021-09-24 | File access control alarm log management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114124680B (en) |
Citations (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5832515A (en) * | 1996-09-12 | 1998-11-03 | Veritas Software | Log device layered transparently within a filesystem paradigm |
| US7330862B1 (en) * | 2003-04-25 | 2008-02-12 | Network Appliance, Inc. | Zero copy write datapath |
| US7461080B1 (en) * | 2003-05-09 | 2008-12-02 | Sun Microsystems, Inc. | System logging within operating system partitions using log device nodes that are access points to a log driver |
| US20100299759A1 (en) * | 2007-12-07 | 2010-11-25 | Markany Inc. | Digital information security system, kernal driver apparatus and digital information security method |
| CN102402487A (en) * | 2011-11-15 | 2012-04-04 | 北京天融信科技有限公司 | Zero copy message reception method and system |
| US20130219221A1 (en) * | 2012-02-09 | 2013-08-22 | Vmware, Inc. | Systems and methods to simulate storage |
| JP2013171542A (en) * | 2012-02-22 | 2013-09-02 | Nippon Telegr & Teleph Corp <Ntt> | Performance analysis device, method for analyzing performance, and performance analysis program |
| CN103632107A (en) * | 2012-08-23 | 2014-03-12 | 苏州慧盾信息安全科技有限公司 | Mobile terminal information safety protection system and method |
| CN103716354A (en) * | 2012-10-09 | 2014-04-09 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for information system |
| US20140130180A1 (en) * | 2012-11-07 | 2014-05-08 | International Business Machines Corporation | Control of access to files |
| US20150193464A1 (en) * | 2014-01-07 | 2015-07-09 | Oh-seong Kwon | Micro-journaling for file system based on non-volatile memory |
| US9092426B1 (en) * | 2011-01-03 | 2015-07-28 | Applied Micro Circuts Corporation | Zero-copy direct memory access (DMA) network-attached storage (NAS) file system block writing |
| CN104978543A (en) * | 2015-07-09 | 2015-10-14 | 黄凯锋 | Mobile terminal information safety protection system and method |
| US20150319050A1 (en) * | 2014-03-14 | 2015-11-05 | Avni Networks Inc. | Method and apparatus for a fully automated engine that ensures performance, service availability, system availability, health monitoring with intelligent dynamic resource scheduling and live migration capabilities |
| US20150341377A1 (en) * | 2014-03-14 | 2015-11-26 | Avni Networks Inc. | Method and apparatus to provide real-time cloud security |
| US20150347243A1 (en) * | 2014-05-27 | 2015-12-03 | International Business Machines Corporation | Multi-way, zero-copy, passive transaction log collection in distributed transaction systems |
| CN109561105A (en) * | 2018-12-29 | 2019-04-02 | 江苏博智软件科技股份有限公司 | A kind of high-performance message capturing transmission platform based on message Zero-copy mode |
| US10303663B1 (en) * | 2014-06-12 | 2019-05-28 | Amazon Technologies, Inc. | Remote durable logging for journaling file systems |
| CN110650038A (en) * | 2019-09-12 | 2020-01-03 | 国家电网有限公司 | Security event log collecting and processing method and system for multiple classes of supervision objects |
| CN110674530A (en) * | 2019-09-29 | 2020-01-10 | 北京神州绿盟信息安全科技股份有限公司 | File access control method, equipment and device based on user mode |
| CN110764962A (en) * | 2018-07-26 | 2020-02-07 | 武汉海康存储技术有限公司 | Log processing method and device |
| CN111078607A (en) * | 2019-12-24 | 2020-04-28 | 上海交通大学 | Method and system for deploying RDMA (remote direct memory Access) and non-volatile memory-oriented network access programming frame |
| CN112350850A (en) * | 2020-09-29 | 2021-02-09 | 宇龙计算机通信科技(深圳)有限公司 | Log file reporting method and device, storage medium and electronic equipment |
| US20210073198A1 (en) * | 2019-09-09 | 2021-03-11 | Oracle International Corporation | Using persistent memory and remote direct memory access to reduce write latency for database logging |
| US20210099391A1 (en) * | 2019-09-26 | 2021-04-01 | Apple Inc. | Methods and apparatus for low latency operation in user space networking |
| US20210097006A1 (en) * | 2019-09-26 | 2021-04-01 | Apple Inc. | Methods and apparatus for device driver operation in non-kernel space |
| US20210194930A1 (en) * | 2019-12-18 | 2021-06-24 | GreyHeller, LLC. (DBA Appsian) | Systems, methods, and devices for logging activity of a security platform |
-
2021
- 2021-09-24 CN CN202111121916.9A patent/CN114124680B/en active Active
Patent Citations (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5832515A (en) * | 1996-09-12 | 1998-11-03 | Veritas Software | Log device layered transparently within a filesystem paradigm |
| US7330862B1 (en) * | 2003-04-25 | 2008-02-12 | Network Appliance, Inc. | Zero copy write datapath |
| US7461080B1 (en) * | 2003-05-09 | 2008-12-02 | Sun Microsystems, Inc. | System logging within operating system partitions using log device nodes that are access points to a log driver |
| US20100299759A1 (en) * | 2007-12-07 | 2010-11-25 | Markany Inc. | Digital information security system, kernal driver apparatus and digital information security method |
| US9092426B1 (en) * | 2011-01-03 | 2015-07-28 | Applied Micro Circuts Corporation | Zero-copy direct memory access (DMA) network-attached storage (NAS) file system block writing |
| CN102402487A (en) * | 2011-11-15 | 2012-04-04 | 北京天融信科技有限公司 | Zero copy message reception method and system |
| US20130219221A1 (en) * | 2012-02-09 | 2013-08-22 | Vmware, Inc. | Systems and methods to simulate storage |
| JP2013171542A (en) * | 2012-02-22 | 2013-09-02 | Nippon Telegr & Teleph Corp <Ntt> | Performance analysis device, method for analyzing performance, and performance analysis program |
| CN103632107A (en) * | 2012-08-23 | 2014-03-12 | 苏州慧盾信息安全科技有限公司 | Mobile terminal information safety protection system and method |
| CN103716354A (en) * | 2012-10-09 | 2014-04-09 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for information system |
| US20140130180A1 (en) * | 2012-11-07 | 2014-05-08 | International Business Machines Corporation | Control of access to files |
| US20150193464A1 (en) * | 2014-01-07 | 2015-07-09 | Oh-seong Kwon | Micro-journaling for file system based on non-volatile memory |
| US20150319050A1 (en) * | 2014-03-14 | 2015-11-05 | Avni Networks Inc. | Method and apparatus for a fully automated engine that ensures performance, service availability, system availability, health monitoring with intelligent dynamic resource scheduling and live migration capabilities |
| US20150341377A1 (en) * | 2014-03-14 | 2015-11-26 | Avni Networks Inc. | Method and apparatus to provide real-time cloud security |
| US20150347243A1 (en) * | 2014-05-27 | 2015-12-03 | International Business Machines Corporation | Multi-way, zero-copy, passive transaction log collection in distributed transaction systems |
| US10303663B1 (en) * | 2014-06-12 | 2019-05-28 | Amazon Technologies, Inc. | Remote durable logging for journaling file systems |
| CN104978543A (en) * | 2015-07-09 | 2015-10-14 | 黄凯锋 | Mobile terminal information safety protection system and method |
| CN110764962A (en) * | 2018-07-26 | 2020-02-07 | 武汉海康存储技术有限公司 | Log processing method and device |
| CN109561105A (en) * | 2018-12-29 | 2019-04-02 | 江苏博智软件科技股份有限公司 | A kind of high-performance message capturing transmission platform based on message Zero-copy mode |
| US20210073198A1 (en) * | 2019-09-09 | 2021-03-11 | Oracle International Corporation | Using persistent memory and remote direct memory access to reduce write latency for database logging |
| CN110650038A (en) * | 2019-09-12 | 2020-01-03 | 国家电网有限公司 | Security event log collecting and processing method and system for multiple classes of supervision objects |
| US20210099391A1 (en) * | 2019-09-26 | 2021-04-01 | Apple Inc. | Methods and apparatus for low latency operation in user space networking |
| US20210097006A1 (en) * | 2019-09-26 | 2021-04-01 | Apple Inc. | Methods and apparatus for device driver operation in non-kernel space |
| CN110674530A (en) * | 2019-09-29 | 2020-01-10 | 北京神州绿盟信息安全科技股份有限公司 | File access control method, equipment and device based on user mode |
| US20210194930A1 (en) * | 2019-12-18 | 2021-06-24 | GreyHeller, LLC. (DBA Appsian) | Systems, methods, and devices for logging activity of a security platform |
| CN111078607A (en) * | 2019-12-24 | 2020-04-28 | 上海交通大学 | Method and system for deploying RDMA (remote direct memory Access) and non-volatile memory-oriented network access programming frame |
| CN112350850A (en) * | 2020-09-29 | 2021-02-09 | 宇龙计算机通信科技(深圳)有限公司 | Log file reporting method and device, storage medium and electronic equipment |
Non-Patent Citations (3)
| Title |
|---|
| 窝里乐: "零拷贝(Zero-copy)", pages 1 - 6, Retrieved from the Internet <URL:https://juejin.cn/post/6984996542717362206> * |
| 赵斯琴;付勇;陈康;郑纬民;: "基于虚拟机的多个安全级别的日志生成方法", 清华大学学报(自然科学版), no. 02 * |
| 韩文炳;陈小刚;李顺芬;李大刚;陈诗雁;段有康;宋志棠;: "基于新型非易失内存的远程零拷贝文件系统", 国防科技大学学报, no. 03 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114124680B (en) | 2023-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11687555B2 (en) | Conditional master election in distributed databases | |
| CN108351834B (en) | Low-overhead hardware predictor for optimizing instruction reduction performance reversal for core-to-core data transfers | |
| US7233984B2 (en) | Light weight file I/O over system area networks | |
| KR100934533B1 (en) | Computer-readable recording medium recording arithmetic processing system, task control method on computer system, and computer program | |
| US20080281959A1 (en) | Managing addition and removal of nodes in a network | |
| US8612973B2 (en) | Method and system for handling interrupts within computer system during hardware resource migration | |
| CN110119304B (en) | Interrupt processing method and device and server | |
| CN112306669A (en) | Task processing method and device based on multi-core system | |
| CN114461593B (en) | Log writing method and device, electronic device and storage medium | |
| US10397103B2 (en) | Data processing system with routing tables | |
| CN115878301A (en) | Acceleration framework, acceleration method and equipment for database network load performance | |
| US8819481B2 (en) | Managing storage providers in a clustered appliance environment | |
| CN111221642B (en) | Data processing method, device, storage medium and terminal | |
| CN114124680B (en) | File access control alarm log management method and device | |
| US10348814B1 (en) | Efficient storage reclamation for system components managing storage | |
| US11687451B2 (en) | Memory allocation manager and method performed thereby for managing memory allocation | |
| CN112445737B (en) | System, method and apparatus for transmitting information through a non-transparent bridge device | |
| EP3479256A2 (en) | Fabric encapsulated resilient storage | |
| CN113032338B (en) | Cross-data-center data storage and query method and system | |
| CN116820430B (en) | Asynchronous read-write method, device, computer equipment and storage medium | |
| US10788987B2 (en) | Data storage system employing service infrastructure for functional modules | |
| JP2005515543A (en) | Interdomain data transfer | |
| CN117370046A (en) | Inter-process communication method, system, device and storage medium | |
| CN116185899A (en) | Maintenance method of address transfer bypass cache and related equipment | |
| CN117769702A (en) | In-core cache for distributed caches |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |