CN101340387A - Method and apparatus for control forwarding data packets - Google Patents
Method and apparatus for control forwarding data packets Download PDFInfo
- Publication number
- CN101340387A CN101340387A CNA2008101473666A CN200810147366A CN101340387A CN 101340387 A CN101340387 A CN 101340387A CN A2008101473666 A CNA2008101473666 A CN A2008101473666A CN 200810147366 A CN200810147366 A CN 200810147366A CN 101340387 A CN101340387 A CN 101340387A
- Authority
- CN
- China
- Prior art keywords
- transmit leg
- data message
- information
- gray list
- blacklist
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000001914 filtration Methods 0.000 claims abstract description 48
- 238000011217 control strategy Methods 0.000 claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 8
- 230000004044 response Effects 0.000 claims description 10
- 238000012217 deletion Methods 0.000 claims description 8
- 230000037430 deletion Effects 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 abstract description 9
- 238000004891 communication Methods 0.000 abstract description 4
- 230000008569 process Effects 0.000 description 12
- 230000002354 daily effect Effects 0.000 description 6
- 241000700605 Viruses Species 0.000 description 4
- 230000032683 aging Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 206010033799 Paralysis Diseases 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000011100 viral filtration Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method for controlling data message forwarding and a device and pertains to the technical field of communication. The method comprises: the data message from a sender is received; the information of the sender is extracted from the data message; whether the information of the sender is in the control scope of the preset control requirement is judged, if yes, the data message is forwarded according to the control strategy. The device comprises a receiving module, a judging module and a processing module. In the invention, by filtering the data message according to the preset control scope and the control strategy, data message forwarding is controlled effectively. Compared with the existing filtration technology based on IP address, the accuracy of filtration is improved; compared with the existing filtration technology based on content, resource of equipment is saved greatly, and the service performance of equipment is improved.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of method and apparatus of transmitting data message of controlling.
Background technology
Fast development along with the Internet technology, Email has become a kind of quick, economic modern communication technology means, yet, communication also becomes the important carrier that spam, virus, rogue program or sensitive content are propagated simultaneously to Email provide extremely easily for people, and system safety has been caused serious threat.
Face the serious day by day present situation of spam, need filter spam.Existing Spam filtering technology mainly contains two kinds: the filtration of a kind of IP of being based on address; Another kind is based on the filtration of content.Wherein, IP address-based filtering technique is used comparatively extensive, it mainly comprises: the IP address filtering technology of Network Based or main frame, based on the access control chained list of router, utilize the filtration of third party's honor tissue, the typical case uses as RBL (Realtime Blackhole List, RBL) filtering technique.For example, by collecting a blacklist list, white list tabulation or the tabulation of third party's honor tissue, when getting the mail connection request, source IP address is carried out real-time inspection, if in blacklist, then this mail is considered to spam and is blocked, if in white list, then this mail is considered to legitimate mail and is normally delivered.
Content-based filtration is primarily aimed at theme, text, annex of mail etc. and carries out Context resolution, adopt advanced algorithm and module matching engine to the keyword that the parses judgement that impends, calculate current mail total points by the predefined score value of system, if surpassed the safe threshold values of setting, then this mail is identified as spam and is dropped.Its typical case uses as filters based on signature analysis, the rule match of spam; Perhaps filtrating mail that carries out based on data mining technology or the like.
Summary of the invention
For control data message forwarding effectively, the embodiment of the invention provides a kind of method and apparatus of transmitting data message of controlling.Described technical scheme is as follows:
On the one hand, the embodiment of the invention provides a kind of method of transmitting data message of controlling, and described method comprises:
Reception is from the data message of transmit leg;
From described data message, extract the information of described transmit leg;
Whether the information of judging described transmit leg is in the default control range that needs control, if then transmit described data message according to control strategy.
On the other hand, the embodiment of the invention also provides a kind of device of transmitting data message of controlling, and described device comprises:
Receiver module is used to receive the data message from transmit leg;
Judge module, the data message that is used for receiving from described receiver module extracts the information of described transmit leg, and whether the information of judging described transmit leg is in default control range;
Processing module, the information that is used for judging described transmit leg when described judge module are transmitted the data message that described receiver module is received according to control strategy in described default control range the time.
The embodiment of the invention has been controlled the forwarding of data message effectively by the forwarding according to default control range and control strategy realization data message.Comparing with existing IP address-based filtering technique, is not to filter according to black and white lists simply, but filters according to default control range and control strategy, has improved the accuracy of filtering; Compare with existing content-based filtering technique, need not content of message is analyzed, only need to extract the information of transmit leg, the resource of greatly having saved equipment has improved the serviceability of equipment.
Description of drawings
Fig. 1 is the method flow diagram that data message is transmitted in the control that provides of the embodiment of the invention;
Fig. 2 is a kind of flow chart of the generation gray list that provides of the embodiment of the invention;
Fig. 3 is the another kind of flow chart of the generation gray list that provides of the embodiment of the invention;
Fig. 4 is the structure drawing of device that data message is transmitted in the control that provides of the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
The embodiment of the invention provides a kind of method of transmitting data message of controlling, and specifically comprises: receive the data message from transmit leg; From data message, extract the information of transmit leg; Whether the information of judging transmit leg is in default control range, if then transmit this data message according to control strategy.This method can be applied to fields such as filtrating mail, web browse filtration, virus scan.
Control range default in the embodiment of the invention is specially gray list, the information of putting down in writing in the gray list is the information of transmit leg, as the IP address of transmit leg, mail sender address or the like, this transmit leg is meant the transmit leg that need control the data message of forwarding by control strategy.
Referring to Fig. 1, the method for data message is transmitted in the control that the embodiment of the invention provides, and can specifically comprise:
101: obtain the filtration log information that the data message to transmit leg filters, wherein, this filtration log information includes but not limited to: the filtration daily record of the daily record of annex virus filtration, theme, text keyword, based on the filtration daily record of letter head and filtration daily record of third party's honor tissue or the like; Filter in the log information and put down in writing the historical record that the data message is filtered, as in 5 minutes in 10 data messages from some transmit legs, have 8 refusals to transmit 2 subnormal forwardings or the like.In the present embodiment, can obtain above-mentioned various filtration daily record termly, once filter log information, also can obtain above-mentioned various filtration daily record aperiodically as collecting every day.
102: according to filtering log information,, judge that number of times that the data message of this transmit leg is filtered is whether between default controlled threshold value and refusal threshold value, if then the information of this transmit leg is added in the gray list to the transmit leg of record wherein.
Further, can also generate blacklist:, when the number of times that is filtered when the data message of judging this transmit leg is higher than default refusal threshold value, the information of this transmit leg is added in the blacklist filtering the transmit leg of putting down in writing in the log information.Blacklist in the embodiment of the invention is meant the scope that need to stop, and wherein Ji Zai information is the information of transmit leg, and as the IP address of transmit leg, mail sender address or the like, this transmit leg is meant the transmit leg of the data message that need be filtered.
Above-mentioned controlled threshold value and refusal threshold value can be provided with according to actual conditions, as scope [5 is set, 10], wherein, controlled threshold value is 5, and the refusal threshold value is 10, when the number of times that the data message of some transmit legs is filtered in filtering log information is 8 times, then the information of this transmit leg is added in the gray list,, then the information of this transmit leg is added in the blacklist if the number of times that has the data message of another transmit leg to be filtered is 15 times.
The gray list that generates in the present embodiment and the information of the transmit leg in the blacklist can be for the IP address of transmit leg, as 1.1.1.1; Also can be for sender's email address, as abc@163.com.
103: receive data message from transmit leg.
104: the information of from this data message, extracting transmit leg.
105: whether the information of judging transmit leg is in default control range, and whether the information of promptly judging transmit leg in the present embodiment is in gray list, if then carry out 106; Otherwise, carry out 107.
106: transmit the data message of receiving according to control strategy, this flow process finishes.
Wherein, the forwarding of controlling the data message of receiving by control strategy includes but not limited to following several mode:
1) forges the recipient and reply ACK
At local (promptly carrying out the device that the data message method is transmitted in above-mentioned control) advanced row cache, and the recipient who forges this data message replys the ACK response message and gives transmit leg with the data message received, and then transmits this data message and give the recipient; By forging the ACK message, can make transmit leg think that the recipient has received this data message, thereby continue to send follow-up data message.
2) revise advertised window size
Revise advertised window size and be meant that transmitting this data message earlier gives the recipient, revise in the response message that the recipient replys field then, and amended response message is transmitted to transmit leg about window size, thus the transmission rate of control data message.After transmit leg is received this response message, can send follow-up data message according to advertised window size wherein.
3) revise qos field
In the agreement of using, comprise QoS (Quality of Service, service quality) during field, this field shows the grade of service of this message, is transmitted to the recipient again after the qos field in the data message of receiving by modification, can reach the purpose that reduces transmit leg priority.
Transmit the data message that receives by above-mentioned control strategy; can reduce the service priority of transmit leg; thereby reach the purpose that the control data message is transmitted; but also can protect control to transmit the equipment of data message; for example, the equipment that data message is transmitted in control is mail server, then reduce the service priority of transmit leg after; can protect mail server, prevent the mail server paralysis.
107: whether the information of judging transmit leg is in default blacklist, if then carry out 108; Otherwise, carry out 109.
108: at this moment, this data message is considered to insincere, and then refusal is transmitted this data message, if this data message is a mail, then refusal is transmitted this mail and given the addressee, and this flow process finishes.
109: at this moment, this data message is considered to believable, then transmits this data message, if this data message is a mail, then this mail is transmitted to the addressee, and this flow process finishes.
Further, said method can also comprise gray list is carried out updating steps:
Information to the arbitrary transmit leg in the gray list, when life span in gray list of the information of this transmit leg (promptly being recorded to the time that continues to current time of beginning in the gray list) when reaching the effective time (being life cycle) of appointment from this information, the information of this transmit leg of deletion from gray list, this update mode is called the mode that initiatively wears out; When the memory capacity of gray list reaches the value of appointment, from gray list, delete the information of miss at most transmit leg, this update mode is called passive aging mode; Wherein, miss be meant receive data message after, but the information of in gray list, inquiring about the transmit leg that does not inquire this data message.
In said method,, then further, can also upgrade blacklist if generated blacklist:
To the information of the arbitrary transmit leg in the blacklist, when the life span of information in gray list of this transmit leg reaches the effective time of appointment, the information of this transmit leg of deletion from blacklist, blacklist promptly initiatively wears out; When the memory capacity of blacklist reaches the value of appointment, from blacklist, delete the information of miss at most transmit leg, promptly passive aging blacklist.
Wherein, the mode that initiatively wears out and passive aging mode can adopt wherein any, also dual mode can be combined application, thereby improve the real-time and the validity of blacklist or gray list.
The IP address of gray list in the present embodiment or record transmit leg, perhaps put down in writing sender's email address, be in the said method or according to the IP address of transmit leg the data message to be filtered, perhaps the email address according to the sender filters the data message, can be called one deck and filter.Further, in actual applications, can also carry out two-layer filtration according to the information of transmit leg, two gray lists promptly are set simultaneously, first gray list of record transmit leg IP address and second gray list of record sender email address, as according to first gray list IP address of transmit leg being filtered earlier, filter according to the email address of second gray list then the sender; Perhaps filter according to the email address of second gray list earlier, according to first gray list IP address of transmit leg is filtered or the like then the sender.Wherein, no matter the second layer is that the IP address of transmit leg is filtered if filtering, and still the email address to the sender filters, and concrete filter process is all identical with filter process in the said method, repeats no more herein.
The method that present embodiment provides has been controlled the forwarding of data message effectively by the forwarding or the filtration of default control range and control strategy realization data message.Comparing with existing IP address-based filtering technique, is not to filter according to black and white lists simply, but filters according to default control range and control strategy, has improved the accuracy of filtering; Compare with existing content-based filtering technique, need not content of message is analyzed, only need to extract the information of transmit leg, the resource of greatly having saved equipment has improved the serviceability of equipment.And, generate gray list and blacklist by obtaining the filtration log information, and upgrade dynamically, reduced the maintenance difficulties of gray list and blacklist, improved validity.According to control strategy the forwarding of the data message received is controlled; with only use black and white lists in the prior art and compare; can respond to the attack that occurs in the network in advance, protect equipment, the equipment of preventing to be subjected to the attack of spam and virus etc. effectively.
In addition, the embodiment of the invention also provides another kind of control to transmit the method for data message, be with the difference of method shown in Figure 1, generate the mode difference of gray list, and behind the generation gray list data message is filtered, generates blacklist, gray list is upgraded with blacklist and all the embodiment with shown in Figure 1 is identical by step such as control strategy control data message forwarding, repeat no more herein.The mode that generates gray list in the present embodiment is mainly used in the gray list of the IP address that generates the record transmit leg, referring to Fig. 2, generates gray list in the present embodiment and further generate the process of blacklist specific as follows:
201: obtain the number of the transmit leg of the current data message correspondence of receiving, promptly current total concurrent session number also is the current linking number of setting up.
202: judge that this number is whether at default controlled total concurrent session number with refuse between total concurrent session number, if then carry out 203; If this number is lower than controlled total concurrent session number, then flow process finishes; If this number is higher than the total concurrent session number of refusal, think that then the treatable connection of equipment has reached the upper limit, carry out 204.
203: generate gray list, record all need be controlled according to control strategy the data message of the transmit leg of any IP address, and flow process finishes.
204: generate blacklist, record all needs to stop to the data message of the transmit leg of any IP address, and the then follow-up data message of receiving all can be filtered, thereby prevents that flow process finishes owing to too much connection causes the equipment paralysis.
In addition, referring to Fig. 3, can also generate gray list as follows and further generate blacklist:
301:, judge whether number that this transmit leg sends datagram or the frequency that sends datagram refuse between the threshold value, if then carry out 302 in default controlled threshold value in single transmit side and single transmit side to arbitrary transmit leg of the current data message of receiving; If number that this transmit leg sends datagram or the frequency that sends datagram are lower than the controlled threshold value in single transmit side, then flow process finishes; If number that this transmit leg sends datagram or the frequency that sends datagram are higher than single transmit side's refusal threshold value, then carry out 303.
302: the information of this transmit leg is added in the gray list, and flow process finishes.
303: the information of this transmit leg is added in the blacklist, and flow process finishes.
Above-mentioned controlled total concurrent session number and the total concurrent session number of refusal can be provided with according to actual conditions, as scope [100 is set, 200], wherein, controlled total concurrent session number is 100, refusing total concurrent session number is 200, if the current data message of receiving is from 150 transmit legs, the linking number of promptly having set up is 150, then generate the gray list of the data message of the transmit leg of controlling any IP address, if the current data message of receiving from 210 transmit legs, has promptly connected 210, then generate the blacklist of the data message of the transmit leg that stops any IP address.
In addition, be that example describes with number that single transmit leg is sent datagram or the frequency that sends datagram in the present embodiment, in actual applications, the two can also be combined and filter, promptly carry out two-layer filtration, as judging the number that single transmit leg sends datagram earlier, judge the frequency that single transmit leg sends datagram then; Perhaps judge the frequency that single transmit leg sends datagram earlier, judge number that single transmit leg sends datagram or the like then.The default controlled threshold value in single transmit side and single transmit side's refusal threshold value can be according to the actual conditions settings, and can divide the number that sends datagram and frequency and to be arranged, the scope of the number correspondence that sends datagram as setting is [50,80], wherein, 50 is the controlled threshold value in single transmit side, and 80 are single transmit side's refusal threshold value; The frequency correspondence that setting sends datagram scope be [10 times/minute, 20 times/minute], wherein, 10 times/minute is the controlled threshold value in single transmit side, is single transmit side's refusal threshold value 20 times/minute.Further, the information of single transmit leg and total concurrent session number can also be combined and judge, generate gray list and blacklist, whether the number of transmit leg of promptly judging earlier the current data message correspondence of receiving is at controlled total concurrent session number of presetting with refuse between total concurrent session number, if this number is lower than controlled total concurrent session number, the disposal ability that is system does not also reach the upper limit, then to arbitrary transmit leg of the current data message of receiving, judge number that this transmit leg sends datagram or the frequency that sends datagram whether between the default controlled threshold value in single transmit side and single transmit side's refusal threshold value, and generate corresponding gray list and blacklist according to the result who judges.
Above-mentioned according to single transmit leg information or the method that generates gray list and filter according to total concurrent session number, by default control range and control strategy the data message is filtered, controlled the forwarding of data message effectively.Comparing with existing IP address-based filtering technique, is not to filter according to black and white lists simply, but filters according to default control range and control strategy, has improved the accuracy of filtering; Compare with existing content-based filtering technique, need not content of message is analyzed, only need to extract the information of transmit leg, the resource of greatly having saved equipment has improved the serviceability of equipment.Be with the difference of embodiment shown in Figure 1, also provide another to generate the mode of gray list and blacklist, promptly generate gray list and blacklist by the switching performance information of obtaining equipment, simple and convenient, realize easily, use more flexible.And, by dynamic renewal, reduced the maintenance difficulties of gray list and blacklist, improved validity.
Referring to Fig. 4, the embodiment of the invention also provides a kind of device of transmitting data message of controlling, and specifically comprises:
Control range default in the present embodiment is a gray list.
Wherein, said apparatus can also comprise:
The first gray list generation module, be used to obtain the filtration log information that the data message to transmit leg filters, to filtering the transmit leg of putting down in writing in the log information, judge that number of times that the data message of transmit leg is filtered is whether between default controlled threshold value and refusal threshold value, if then the information of transmit leg is added in the gray list.
Further, said apparatus can also comprise:
The first blacklist generation module, be used for when the first gray list generation module is judged number of times that the data message of transmit leg is filtered and is higher than the refusal threshold value, the information of transmit leg is added in the blacklist, and blacklist is used to put down in writing the information of the transmit leg of the data message that need be filtered.
In addition, said apparatus can also comprise:
The second gray list generation module, be used to obtain the number of the transmit leg of the current data message correspondence of receiving of receiver module, judge that number is whether at default controlled total concurrent session number with refuse between total concurrent session number, if, then generate gray list, and the data message of putting down in writing any transmit leg needs all to control forwarding according to control strategy in gray list.
Further, said apparatus can also comprise:
The second blacklist generation module, be used for when number that the second gray list generation module is judged the transmit leg of the current data message correspondence of receiving is higher than the total concurrent session number of refusal, generate blacklist, and the data message of putting down in writing any transmit leg needs all to filter out in blacklist.
In addition, said apparatus can also comprise:
The 3rd gray list generation module, be used for arbitrary transmit leg to the current data message of receiving, judge whether number that transmit leg sends datagram or the frequency that sends datagram refuse between the threshold value in default controlled threshold value in single transmit side and single transmit side, if then the information of transmit leg is added in the gray list.
Further, said apparatus can also comprise:
The 3rd blacklist generation module, be used for when the 3rd gray list generation module is judged the number that transmit leg sends datagram or the frequency that sends datagram and is higher than single transmit side's refusal threshold value, the information of transmit leg is added in the blacklist, and blacklist is used to put down in writing the information of the transmit leg of the data message that need be filtered.
Device in the present embodiment can also comprise:
The gray list update module is used for the information to arbitrary transmit leg of gray list, when the life span of information in gray list of this transmit leg reaches the effective time of appointment, and the information of deletion transmit leg from gray list; When the memory capacity of gray list reaches the value of appointment, from gray list, delete the information of miss at most transmit leg.
When generating blacklist, the device in the present embodiment can also comprise:
The blacklist update module is used for the information to arbitrary transmit leg of blacklist, when the life span of information in gray list of this transmit leg reaches the effective time of appointment, and the information of deletion transmit leg from blacklist; When the memory capacity of blacklist reaches the value of appointment, from blacklist, delete the information of miss at most transmit leg.
In the present embodiment, above-mentioned processing module can specifically comprise:
Processing unit, be used for when information that judge module is judged transmit leg is in default control range, the forgery recipient replys and is transmitted to the recipient after response message is given transmit leg and data cached message, perhaps transmit data message and give the recipient and revise window size field in the response message that the recipient replys, be transmitted to the recipient after perhaps revising the quality of service field in the data message.
Said apparatus has been controlled the forwarding of data message effectively by the forwarding or the filtration of default control range and control strategy realization data message.Comparing with existing IP address-based filtering technique, is not to filter according to black and white lists simply, but filters according to default control range and control strategy, has improved the accuracy of filtering; Compare with existing content-based filtering technique, need not content of message is analyzed, only need to extract the information of transmit leg, the resource of greatly having saved equipment has improved the serviceability of equipment.Generate gray list and blacklist by obtaining the switching performance information of filtering log information or obtaining equipment, and upgrade dynamically, reduced the maintenance difficulties of gray list and blacklist, improved validity, and simple and convenient, realize easily, use more flexible.According to control strategy the forwarding of the data message received is controlled; with only use black and white lists in the prior art and compare; can respond to the attack that occurs in the network in advance, protect equipment, the equipment of preventing to be subjected to the attack of spam and virus etc. effectively.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to background technology in essence in other words can embody with the form of software product, this computer software product can be stored in the storage medium that can read, as ROM/RAM, magnetic disc, CD etc., comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (20)
1. control the method for transmitting data message for one kind, it is characterized in that described method comprises:
Reception is from the data message of transmit leg;
From described data message, extract the information of described transmit leg;
Whether the information of judging described transmit leg is in default control range, if then transmit described data message according to control strategy.
2. the method for data message is transmitted in control according to claim 1, it is characterized in that described default control range is a gray list, and generates as follows:
Obtain the filtration log information that the data message to transmit leg filters;
To the transmit leg of putting down in writing in the described filtration log information, judge that number of times that the data message of described transmit leg is filtered is whether between default controlled threshold value and refusal threshold value, if then the information of described transmit leg is added in the described gray list.
3. the method for data message is transmitted in control according to claim 2, it is characterized in that described method also comprises:
When the number of times that is filtered when the data message of described transmit leg is higher than described refusal threshold value, the information of described transmit leg is added in the blacklist, described blacklist is used to put down in writing the information of the transmit leg of the data message that need be filtered.
4. the method for data message is transmitted in control according to claim 1, it is characterized in that described default control range is a gray list, and generates as follows:
Obtain the number of the transmit leg of the current data message correspondence of receiving;
Judge that described number is whether at default controlled total concurrent session number with refuse between total concurrent session number;
If then generate described gray list, and the data message of putting down in writing any transmit leg needs all to control forwarding according to control strategy in described gray list.
5. the method for data message is transmitted in control according to claim 4, it is characterized in that described method also comprises:
If the number of the transmit leg of the described current data message correspondence of receiving is higher than the total concurrent session number of described refusal, then generate blacklist, and the data message of putting down in writing any transmit leg needs all to filter out in described blacklist.
6. the method for data message is transmitted in control according to claim 1, it is characterized in that described default control range is a gray list, and generates as follows:
Arbitrary transmit leg to the current data message of receiving, judge whether number that described transmit leg sends datagram or the frequency that sends datagram refuse between the threshold value in default controlled threshold value in single transmit side and single transmit side, if then the information of described transmit leg is added in the described gray list.
7. the method for data message is transmitted in control according to claim 6, it is characterized in that described method also comprises:
Arbitrary transmit leg to the described current data message of receiving, if number that described transmit leg sends datagram or the frequency that sends datagram are higher than described single transmit side refusal threshold value, then the information of described transmit leg is added in the blacklist, described blacklist is used to put down in writing the information of the transmit leg of the data message that need be filtered.
8. according to the method for the described control forwarding of arbitrary claim in the claim 2 to 7 data message, it is characterized in that described method also comprises:
To the information of the arbitrary transmit leg in the described gray list, when the life span of information in described gray list of this transmit leg reaches the effective time of appointment, the information of the described transmit leg of deletion from described gray list;
When the memory capacity of described gray list reaches the value of appointment, from described gray list, delete the information of miss at most transmit leg.
9. transmit the method for data message according to claim 3,5 or 7 described controls, it is characterized in that described method also comprises:
To the information of the arbitrary transmit leg in the described blacklist, when the life span of information in described gray list of this transmit leg reaches the effective time of appointment, the information of the described transmit leg of deletion from described blacklist;
When the memory capacity of described blacklist reaches the value of appointment, from described blacklist, delete the information of miss at most transmit leg.
10. the method for data message is transmitted in control according to claim 1, it is characterized in that, describedly controls the forwarding of described data message by control strategy, is specially:
Forge the recipient and reply response message, and be transmitted to described recipient behind the described data message of buffer memory to described transmit leg;
Perhaps transmit described data message and give the recipient, and revise window size field in the response message that described recipient replys;
Be transmitted to the recipient after perhaps revising the quality of service field in the described data message.
11. control the device of transmitting data message, it is characterized in that described device comprises for one kind:
Receiver module is used to receive the data message from transmit leg;
Judge module, the data message that is used for receiving from described receiver module extracts the information of described transmit leg, and whether the information of judging described transmit leg is in default control range;
Processing module, the information that is used for judging described transmit leg when described judge module are transmitted the data message that described receiver module is received according to control strategy in described default control range the time.
12. the device of data message is transmitted in control according to claim 11, it is characterized in that described default control range is a gray list, described device also comprises:
The first gray list generation module, be used to obtain the filtration log information that the data message to transmit leg filters, to the transmit leg of putting down in writing in the described filtration log information, judge that number of times that the data message of described transmit leg is filtered is whether between default controlled threshold value and refusal threshold value, if then the information of described transmit leg is added in the described gray list.
13. the device of data message is transmitted in control according to claim 12, it is characterized in that described device also comprises:
The first blacklist generation module, be used for when number of times that data message that the described first gray list generation module is judged described transmit leg is filtered is higher than described refusal threshold value, the information of described transmit leg is added in the blacklist, and described blacklist is used to put down in writing the information of the transmit leg of the data message that need be filtered.
14. the device of data message is transmitted in control according to claim 11, it is characterized in that described default control range is a gray list, described device also comprises:
The second gray list generation module, be used to obtain the number of the transmit leg of the current data message correspondence of receiving of described receiver module, judge that described number is whether at default controlled total concurrent session number with refuse between total concurrent session number, if, then generate described gray list, and the data message of putting down in writing any transmit leg needs all to control forwarding according to control strategy in described gray list.
15. the device of data message is transmitted in control according to claim 14, it is characterized in that described default control range is a gray list, described device also comprises:
The second blacklist generation module, be used for when number that the described second gray list generation module is judged the transmit leg of the described current data message correspondence of receiving is higher than the total concurrent session number of described refusal, generate blacklist, and the data message of putting down in writing any transmit leg needs all to filter out in described blacklist.
16. the device of data message is transmitted in control according to claim 11, it is characterized in that described default control range is a gray list, described device also comprises:
The 3rd gray list generation module, be used for arbitrary transmit leg to the current data message of receiving, judge whether number that described transmit leg sends datagram or the frequency that sends datagram refuse between the threshold value in default controlled threshold value in single transmit side and single transmit side, if then the information of described transmit leg is added in the described gray list.
17. the device of data message is transmitted in control according to claim 16, it is characterized in that described device also comprises:
The 3rd blacklist generation module, be used for when described the 3rd gray list generation module is judged the number that described transmit leg sends datagram or the frequency that sends datagram and is higher than described single transmit side refusal threshold value, the information of described transmit leg is added in the blacklist, and described blacklist is used to put down in writing the information of the transmit leg of the data message that need be filtered.
18. the device of data message is transmitted in described control according to arbitrary claim in the claim 12 to 17, it is characterized in that described device also comprises:
The gray list update module is used for the information to arbitrary transmit leg of described gray list, when the life span of information in described gray list of this transmit leg reaches the effective time of appointment, and the information of the described transmit leg of deletion from described gray list; When the memory capacity of described gray list reaches the value of appointment, from described gray list, delete the information of miss at most transmit leg.
19. the device according to claim 13,15 or 17 described controls forwarding data messages is characterized in that described device also comprises:
The blacklist update module is used for the information to arbitrary transmit leg of described blacklist, when the life span of information in described gray list of this transmit leg reaches the effective time of appointment, and the information of the described transmit leg of deletion from described blacklist; When the memory capacity of described blacklist reaches the value of appointment, from described blacklist, delete the information of miss at most transmit leg.
20. the device of data message is transmitted in control according to claim 11, it is characterized in that described processing module specifically comprises:
Processing unit, the information that is used for judging described transmit leg when described judge module is in described default control range the time, the forgery recipient replys and is transmitted to described recipient after response message is given described transmit leg and the described data message of buffer memory, perhaps transmit described data message and give the recipient and revise window size field in the response message that described recipient replys, be transmitted to the recipient after perhaps revising the quality of service field in the described data message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101473666A CN101340387B (en) | 2008-08-12 | 2008-08-12 | Method and apparatus for control forwarding data packets |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101473666A CN101340387B (en) | 2008-08-12 | 2008-08-12 | Method and apparatus for control forwarding data packets |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101340387A true CN101340387A (en) | 2009-01-07 |
| CN101340387B CN101340387B (en) | 2012-07-04 |
Family
ID=40214341
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101473666A Expired - Fee Related CN101340387B (en) | 2008-08-12 | 2008-08-12 | Method and apparatus for control forwarding data packets |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101340387B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143137A (en) * | 2010-09-10 | 2011-08-03 | 华为技术有限公司 | Method, device and system for transmitting and receiving media streams |
| CN103647753A (en) * | 2013-11-19 | 2014-03-19 | 北京奇虎科技有限公司 | LAN file security management method, server and system |
| CN104348712A (en) * | 2014-10-15 | 2015-02-11 | 新浪网技术(中国)有限公司 | Junk-mail filtering method and device |
| CN105208026A (en) * | 2015-09-29 | 2015-12-30 | 努比亚技术有限公司 | Hostile attack preventing method and network system |
| CN106686590A (en) * | 2015-11-10 | 2017-05-17 | 中兴通讯股份有限公司 | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment |
| CN106911733A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | The network address access method and device of cloud agency |
| CN107483508A (en) * | 2017-09-30 | 2017-12-15 | 北京东土军悦科技有限公司 | Message filtering method, device, equipment and storage medium |
| CN109600455A (en) * | 2018-10-25 | 2019-04-09 | 上海腾道信息技术有限公司 | A kind of invalid mail address recognition methods and identifying system |
| CN110417643A (en) * | 2019-07-29 | 2019-11-05 | 世纪龙信息网络有限责任公司 | Email processing method and device |
| CN110944004A (en) * | 2019-09-12 | 2020-03-31 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment in block chain network |
| CN111212113A (en) * | 2019-12-19 | 2020-05-29 | 国家电网有限公司 | Virus sample distribution method, transmitting end, receiving end and system |
| WO2022166286A1 (en) * | 2021-02-07 | 2022-08-11 | 中国银联股份有限公司 | Data transmission method and apparatus |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100476852C (en) * | 2004-06-05 | 2009-04-08 | 腾讯科技(深圳)有限公司 | Method against refuse E-mail |
| CN1863170A (en) * | 2005-05-10 | 2006-11-15 | 光宝科技股份有限公司 | Method for processing junk E-mail and computer readable memory medium |
| CN1719812A (en) * | 2005-08-08 | 2006-01-11 | 北京中星微电子有限公司 | Method and system for filtering refuse E-mail |
| CN100556039C (en) * | 2006-01-13 | 2009-10-28 | 腾讯科技(深圳)有限公司 | Eliminate the method and system of spam erroneous judgement |
| CN101035098A (en) * | 2007-04-24 | 2007-09-12 | 北京网秦天下科技有限公司 | Method for the mobile terminal to reject the spam via the query |
-
2008
- 2008-08-12 CN CN2008101473666A patent/CN101340387B/en not_active Expired - Fee Related
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9094200B2 (en) | 2010-09-10 | 2015-07-28 | Huawei Technologies Co., Ltd. | Method, apparatus and system for sending and receiving a media stream |
| WO2011144146A1 (en) * | 2010-09-10 | 2011-11-24 | 华为技术有限公司 | Method, device and system for transmitting and receiving media streams |
| CN102143137A (en) * | 2010-09-10 | 2011-08-03 | 华为技术有限公司 | Method, device and system for transmitting and receiving media streams |
| CN103647753A (en) * | 2013-11-19 | 2014-03-19 | 北京奇虎科技有限公司 | LAN file security management method, server and system |
| CN104348712B (en) * | 2014-10-15 | 2017-10-27 | 新浪网技术(中国)有限公司 | A kind of rubbish mail filtering method and device |
| CN104348712A (en) * | 2014-10-15 | 2015-02-11 | 新浪网技术(中国)有限公司 | Junk-mail filtering method and device |
| CN105208026A (en) * | 2015-09-29 | 2015-12-30 | 努比亚技术有限公司 | Hostile attack preventing method and network system |
| CN106686590A (en) * | 2015-11-10 | 2017-05-17 | 中兴通讯股份有限公司 | Controlled terminal identification method, controlled terminal management method, controlled terminal identification device, controlled terminal management device and wireless access point equipment |
| CN106911733A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | The network address access method and device of cloud agency |
| CN107483508A (en) * | 2017-09-30 | 2017-12-15 | 北京东土军悦科技有限公司 | Message filtering method, device, equipment and storage medium |
| CN109600455A (en) * | 2018-10-25 | 2019-04-09 | 上海腾道信息技术有限公司 | A kind of invalid mail address recognition methods and identifying system |
| CN110417643A (en) * | 2019-07-29 | 2019-11-05 | 世纪龙信息网络有限责任公司 | Email processing method and device |
| CN110417643B (en) * | 2019-07-29 | 2021-10-08 | 世纪龙信息网络有限责任公司 | Mail processing method and device |
| CN110944004A (en) * | 2019-09-12 | 2020-03-31 | 腾讯科技(深圳)有限公司 | Data processing method, device, storage medium and equipment in block chain network |
| CN111212113A (en) * | 2019-12-19 | 2020-05-29 | 国家电网有限公司 | Virus sample distribution method, transmitting end, receiving end and system |
| CN111212113B (en) * | 2019-12-19 | 2024-05-14 | 国家电网有限公司 | Virus sample distribution method, sending end, receiving end and system |
| WO2022166286A1 (en) * | 2021-02-07 | 2022-08-11 | 中国银联股份有限公司 | Data transmission method and apparatus |
| US11968125B2 (en) | 2021-02-07 | 2024-04-23 | China Unionpay Co., Ltd. | Data transmission method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101340387B (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101340387B (en) | Method and apparatus for control forwarding data packets | |
| US8849921B2 (en) | Method and apparatus for creating predictive filters for messages | |
| US8010609B2 (en) | Method and apparatus for maintaining reputation lists of IP addresses to detect email spam | |
| EP2115688B1 (en) | Correlation and analysis of entity attributes | |
| JP4960222B2 (en) | System and method for filtering electronic messages using business heuristics | |
| US10050917B2 (en) | Multi-dimensional reputation scoring | |
| US8145710B2 (en) | System and method for filtering spam messages utilizing URL filtering module | |
| CN101841489B (en) | System and method for controlling access to an electronic message recipient | |
| US7546349B1 (en) | Automatic generation of disposable e-mail addresses | |
| US7197539B1 (en) | Automated disablement of disposable e-mail addresses based on user actions | |
| US20060251068A1 (en) | Systems and Methods for Identifying Potentially Malicious Messages | |
| US9077739B2 (en) | Messaging security device | |
| US20070130351A1 (en) | Aggregation of Reputation Data | |
| US20070130350A1 (en) | Web Reputation Scoring | |
| US20100306846A1 (en) | Reputation based load balancing | |
| WO2008091984A1 (en) | Detecting image spam | |
| WO2009011807A1 (en) | Sender authentication for difficult to classify email | |
| US8271588B1 (en) | System and method for filtering fraudulent email messages | |
| WO2008091980A1 (en) | Web reputation scoring | |
| US20060184634A1 (en) | Electronic mail system using email tickler | |
| JP2005210455A (en) | Electronic mail relaying device | |
| KR100525758B1 (en) | Method for preventing spam mail through packet-monitoring and system therefor | |
| KR20130109700A (en) | Prevention method of mobile spam mail | |
| Swimmer et al. | Breaking Anti-Spam Systems with Parasitic Spam. | |
| JP4403108B2 (en) | Mail server, mail delivery control method, mail delivery control program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU CITY HUAWEI SAIMENTEKE SCIENCE CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20090424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090424 Address after: Qingshui River District, Chengdu high tech Zone, Sichuan Province, China: 611731 Applicant after: Chengdu Huawei Symantec Technologies Co., Ltd. Address before: Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Province, China: 518129 Applicant before: Huawei Technologies Co., Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: Huawei Symantec Technologies Co., Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: Chengdu Huawei Symantec Technologies Co., Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120704 Termination date: 20190812 |