CN102821100B - Method for realizing streaming file system based on security gateway of network application layer - Google Patents
Method for realizing streaming file system based on security gateway of network application layer Download PDFInfo
- Publication number
- CN102821100B CN102821100B CN201210259257.XA CN201210259257A CN102821100B CN 102821100 B CN102821100 B CN 102821100B CN 201210259257 A CN201210259257 A CN 201210259257A CN 102821100 B CN102821100 B CN 102821100B
- Authority
- CN
- China
- Prior art keywords
- data
- file system
- message
- security gateway
- decollator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for realizing a streaming file system based on a security gateway of a network application layer. With the adoption of the method, the streaming file system can be virtualized, number of messages in buffer is reduced, and system processing speed and efficiency are improved. The method disclosed by the invention is mainly characterized in that the streaming file system which is similar to a file is virtualized in a kernel; a small quantity of data in the messages are stored by the streaming file system only through the buffer, and uniform operation interfaces are provided externally; the small quantity of data in the buffer and complete field data of a mapping area are delivered to a detecting module of the security gateway in a pointer mapping way so as to be detected, so that the system processing speed and efficiency are increased; and synchronously, the detecting module of the security gateway can be adapted to both MUBFFER structure and SKBUFFER structure of messages, so that transportability and reusability of software can be enhanced.
Description
Technical field
The present invention relates to a kind of streamed file system implementation method of application layer security gateway Network Based.
Background technology
Constantly universal along with the extensive use of computer and network, also increasing from network internal and outside Virus.At present, people are setting up an application layer security gateway conventionally between in-house network and extranets or between private network and public network, thereby protection in-house network or private network are avoided disabled user's invasion and the destruction of Virus.Application layer security gateway plays important effect at aspects such as anti-hacking, anti-virus, anti-rubbish mail and network application flow management, and application layer security gateway generally includes the equipment such as IPS equipment, AV equipment, anti-rubbish mail equipment, Application control gateway, ALG, application bandwidth management equipment and UTM.
Osi protocol is formulated by IS0 (International Standards Organization), and it has three basic functions: offer necessary, general concept of developer to develop perfect, can be used for explaining connection different system framework.OSI is divided into following seven layers from top to bottom by computer network architectures (architecture): 7 application layers, 6 presentation layers, 5 session layers, 4 transport layers, 3 network layers, 2 data link layers, 1 physical layer.
The fire compartment wall that at present people generally use mainly works three layers of the second layers to the, and fire compartment wall act on the 4th layer very faint to layer 7.Viral software mainly works to layer 7 at layer 5.Existing application layer security gateway is mainly by reading corresponding interface socket, relevant message all being read out and puts into buffer memory; After having read, then according to the mode of similar file, carry out string matching and matching regular expressions, carry out the subsequent treatment such as anti-hacking, anti-virus, anti-rubbish mail and network application flow management.In processing procedure, there is the mutual of a large amount of message copies and user's space and kernel, so time delay and performance all lower.
Summary of the invention
The streamed file system implementation method that the object of this invention is to provide a kind of application layer security gateway Network Based, can a virtual streamed file system, reduces the message amount in buffer memory, speed and efficiency that raising system is processed.
The present invention adopts following technical proposals:
A streamed file system implementation method for application layer security gateway Network Based, comprises the following steps:
A: when streamed file system detects a newly-built application layer and connects, create a stream file, and application of electronic report layer data is write to stream file by streamed file system;
B: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected;
C: after current detection completes, the detection module of security gateway continues the message data in next stream file to detect.
Described B step is further comprising the steps of
Whether B1: streamed file system detects and judges in first message receiving whether comprise complete field, comprise in first message after decollator and decollator without message data, if so, enters step B2; If not, enter step B3;
B2: streamed file system directly shines upon the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B3: streamed file system by the data storing in first message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, when streamed file system traverses last decollator in subsequent packet data, if without message data, enter step B4 after decollator; If there is message data after decollator, enter step B5;
B4: streamed file system directly shines upon the data in first message in buffer memory and the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B5: streamed file system directly shines upon the whole field data before last decollator in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, empty buffer memory, and by file synchronization, operate the message data that the security gateway detection module after decollator is not detected and be stored in buffer memory, then enter step B6;
B6: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected, step C then entered.
The present invention is the streamed file system of a virtual similar file in kernel mainly, by streamed file system only by the low volume data in buffer memory message and unified operation-interface is externally provided, the detection module that the mode that a small amount of message data in buffer memory and the complete field data of map section are shone upon by pointer is given security gateway detects, speed and efficiency that raising system is processed; Meanwhile, can make MBUFFER and the SKBUFFER structure of the detection module simultaneous adaptation message of security gateway, improve portability and the durability of software.
Accompanying drawing explanation
Fig. 1 is flow chart of the present invention;
Fig. 2, Fig. 3 and Fig. 4 are respectively the application of electronic report layer data processing method schematic diagram based on resolving the lower three kinds of different structures of mode of SMTP.
Embodiment
Stream of the present invention refers to a series of data messages by equipment; Stream file refers to the corresponding data structure of these messages of storage; Streamed file system refers to the class storage mode being comprised of character string or binary system.
As shown in Figure 1, the present invention includes following steps:
A: when streamed file system detects a newly-built application layer and connects, create a stream file, and application of electronic report layer data is write to stream file by streamed file system;
Whether B1: streamed file system detects and judges in first message receiving whether comprise complete field, comprise in first message after decollator and decollator without message data, if so, enters step B2; If not, enter step B3;
B2: streamed file system directly shines upon the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B3: streamed file system by the data storing in first message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, when streamed file system traverses last decollator in subsequent packet data, if without message data, enter step B4 after decollator; If there is message data after decollator, enter step B5;
B4: streamed file system directly shines upon the complete field data in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B5: streamed file system directly shines upon the complete field data before last decollator in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, then empty buffer memory, and by file synchronization, operate the message data that the security gateway detection module after decollator is not detected and be stored in buffer memory, then enter step B6;
B6: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected, step C then entered;
C: after current detection completes, the detection module of security gateway continues the message data in next stream file to detect.
In the present invention, when new message writes stream file, direct copying not, but the map section in stream file is pointed to the application layer data of message, can process respectively by a plurality of map sections the message of network layer burst and application layer segmentation.Owing to there is no copy function, and do not need to process the restructuring of network layer burst and application layer segmentation, greatly improving performance and reduce time delay.
In the mode based on resolving SMTP, be illustrated below:
As shown in Figure 2, when application layer message comprises whole field, be in first message, whether to comprise after decollator and decollator without message data, in first message, include decollator " n ", and after decollator " n " without message data, therefore, in first message, comprise whole field: " abcd ", streamed file system directly shines upon the whole field data of map section " abcd " mode by pointer is given the detection module of security gateway, by detection module, carries out string matching and matching regular expressions detects.
As shown in Figure 3, when first application layer message abcd does not comprise decollator " n ", streamed file system is stored in the data " abcd " in first application layer message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, streamed file system traverses last decollator of comprising in second application layer message data " n ", and after decollator " n " without message data, now, streamed file system directly shines upon the data " abcd " in first application layer message in buffer memory and the whole field data of map section " efgh " mode by pointer is given the detection module of security gateway, by detection module, carry out string matching and matching regular expressions detects.
As shown in Figure 4, when first application layer message " abcd " does not comprise decollator " n ", streamed file system is stored in the data " abcd " in first application layer message in buffer memory, and a plurality of map sections in stream file are pointed to respectively to the application layer data " ef " of subsequent packet, " gh " and " st ", then detect and judge and in the subsequent packet receiving, whether comprise decollator " n ", streamed file system traverses last decollator of comprising in second application layer message data of application layer " n ", and after decollator " n ", also has message data " st ", now, streamed file system is directly given the detection module of security gateway by " ef " and " gh " whole field data in the data " abcd " in first application layer message in buffer memory and two map sections (be last decollator before whole field data) mode of shining upon by pointer, by detection module, carry out string matching and matching regular expressions detects.Subsequently, streamed file system empties the data " abcd " in first message in buffer memory, and by file synchronization, operate the message data " st " that the security gateway detection module after decollator " n " is not detected and be stored in buffer memory, process with the application of electronic report layer data that the next one writes stream file by streamed file system.
Claims (1)
1. a streamed file system implementation method for application layer security gateway Network Based, is characterized in that: comprise the following steps:
A: when streamed file system detects a newly-built application layer and connects, create a stream file, and application of electronic report layer data is write to stream file by streamed file system;
B: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected; Wherein, B step comprises following concrete steps:
Whether B1: streamed file system detects and judges in first message receiving whether comprise complete field, comprise in first message after decollator and decollator without message data, if so, enters step B2; If not, enter step B3;
B2: streamed file system directly shines upon the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B3: streamed file system by the data storing in first message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, when streamed file system traverses last decollator in subsequent packet data, if without message data, enter step B4 after decollator; If there is message data after decollator, enter step B5;
B4: streamed file system directly shines upon the data in first message in buffer memory and the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B5: streamed file system directly shines upon the whole field data before last decollator in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, empty buffer memory, and by file synchronization, operate the message data that the security gateway detection module after decollator is not detected and be stored in buffer memory, then enter step B6;
B6: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected, step C then entered;
C: after current detection completes, the detection module of security gateway continues the message data in next stream file to detect.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210259257.XA CN102821100B (en) | 2012-07-25 | 2012-07-25 | Method for realizing streaming file system based on security gateway of network application layer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210259257.XA CN102821100B (en) | 2012-07-25 | 2012-07-25 | Method for realizing streaming file system based on security gateway of network application layer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102821100A CN102821100A (en) | 2012-12-12 |
| CN102821100B true CN102821100B (en) | 2014-10-29 |
Family
ID=47304957
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210259257.XA Expired - Fee Related CN102821100B (en) | 2012-07-25 | 2012-07-25 | Method for realizing streaming file system based on security gateway of network application layer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102821100B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161479B (en) * | 2016-09-21 | 2019-06-07 | 杭州迪普科技股份有限公司 | A kind of coding attack detection method and device of the supported feature across packet |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349351A (en) * | 2000-10-13 | 2002-05-15 | 北京算通数字技术研究中心有限公司 | Method of generating data stream index file and using said file accessing frame and shearing lens |
| CN1852245A (en) * | 2005-12-15 | 2006-10-25 | 华为技术有限公司 | Method for detecting superlong signaling message based text code |
| CN101039225A (en) * | 2007-04-04 | 2007-09-19 | 北京佳讯飞鸿电气有限责任公司 | Method for realizing data safe transmission of distribution cooperating intrusion detection system |
| CN101068229A (en) * | 2007-06-08 | 2007-11-07 | 北京工业大学 | Content filtering gateway realizing method based on network filter |
| CN101252444A (en) * | 2008-04-03 | 2008-08-27 | 华为技术有限公司 | Method and apparatus for checking message characteristic |
| CN101262491A (en) * | 2008-04-02 | 2008-09-10 | 王京 | Application layer network analysis method and system |
| CN102123076A (en) * | 2010-01-08 | 2011-07-13 | 丛林网络公司 | High availability for network security devices |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9455892B2 (en) * | 2010-10-29 | 2016-09-27 | Symantec Corporation | Data loss monitoring of partial data streams |
-
2012
- 2012-07-25 CN CN201210259257.XA patent/CN102821100B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349351A (en) * | 2000-10-13 | 2002-05-15 | 北京算通数字技术研究中心有限公司 | Method of generating data stream index file and using said file accessing frame and shearing lens |
| CN1852245A (en) * | 2005-12-15 | 2006-10-25 | 华为技术有限公司 | Method for detecting superlong signaling message based text code |
| CN101039225A (en) * | 2007-04-04 | 2007-09-19 | 北京佳讯飞鸿电气有限责任公司 | Method for realizing data safe transmission of distribution cooperating intrusion detection system |
| CN101068229A (en) * | 2007-06-08 | 2007-11-07 | 北京工业大学 | Content filtering gateway realizing method based on network filter |
| CN101262491A (en) * | 2008-04-02 | 2008-09-10 | 王京 | Application layer network analysis method and system |
| CN101252444A (en) * | 2008-04-03 | 2008-08-27 | 华为技术有限公司 | Method and apparatus for checking message characteristic |
| CN102123076A (en) * | 2010-01-08 | 2011-07-13 | 丛林网络公司 | High availability for network security devices |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102821100A (en) | 2012-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI596478B (en) | Speculative reads in buffered memory | |
| US20180088660A1 (en) | Methods and apparatus for recovering errors with an inter-processor communication link between independently operable processors | |
| US9152593B2 (en) | Universal PCI express port | |
| US7653754B2 (en) | Method, system and protocol that enable unrestricted user-level access to a network interface adapter | |
| CN103843302A (en) | Network adapter hardware state migration discovery in a stateful environment | |
| CN104205050A (en) | Accessing a device on a remote machine | |
| US10846163B1 (en) | Hybrid hardware and software reporting management | |
| CN103270497A (en) | Method and system of live error recovery | |
| CN108363637A (en) | Error handle in affairs buffer storage | |
| CN106021147A (en) | Storage device for presenting direct access under logical drive model | |
| CN104205755A (en) | Method, device, and system for delaying packets during a network-triggered wake of a computing device | |
| WO2020157594A1 (en) | Handling an input/output store instruction | |
| CN107181769A (en) | A kind of network intrusion prevention system and method | |
| CN108090003A (en) | A kind of method, the system of the promotion WEB server performance based on zero-copy | |
| US9641616B2 (en) | Self-steering point-to-point storage protocol | |
| CN109240809A (en) | Process maintenance management method, container maintaining method, device and operating system | |
| TW200931246A (en) | Apparatus and method for system logging | |
| CN102629235B (en) | It is a kind of to improve the method that DDR memory reads and writes speed | |
| CN102821100B (en) | Method for realizing streaming file system based on security gateway of network application layer | |
| US10908987B1 (en) | Handling memory errors in computing systems | |
| JP5889218B2 (en) | Data transfer apparatus and data transfer method | |
| CN104796652A (en) | Data transmission method and device for transmitting video frame based on SRIO | |
| US20140172994A1 (en) | Preemptive data recovery and retransmission | |
| CN108762983A (en) | Multi-medium data restoration methods and device | |
| CN104424435B (en) | A kind of method and device obtaining virus signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Chen Guobin Inventor after: Yu Ying Inventor after: Wang Zhihui Inventor after: Song Suyu Inventor after: Guan Yong Inventor after: Zhao Manman Inventor after: Shi Xinghua Inventor after: Wang Lijuan Inventor after: Su Yunling Inventor before: Chen Guobin Inventor before: Song Suyu Inventor before: Yu Ying Inventor before: Wang Zhihui Inventor before: Guan Yong Inventor before: Zhao Manman Inventor before: Shi Xinghua Inventor before: Wang Lijuan |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: CHEN GUOBIN SONG SUYU YU YING WANG ZHIHUI GUAN YONG ZHAO MANMAN SHI XINGHUA WANG LIJUAN TO: CHEN GUOBIN YU YING WANG ZHIHUI SONG SUYU GUAN YONG ZHAO MANMAN SHI XINGHUA WANG LIJUAN SU YUNLING |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141029 Termination date: 20200725 |