CN103368858A - Method and device for cleaning flow capable of providing loading of combination of multiple strategies - Google Patents
Method and device for cleaning flow capable of providing loading of combination of multiple strategies Download PDFInfo
- Publication number
- CN103368858A CN103368858A CN2012100965284A CN201210096528A CN103368858A CN 103368858 A CN103368858 A CN 103368858A CN 2012100965284 A CN2012100965284 A CN 2012100965284A CN 201210096528 A CN201210096528 A CN 201210096528A CN 103368858 A CN103368858 A CN 103368858A
- Authority
- CN
- China
- Prior art keywords
- strategy
- empty
- entity
- combination
- data packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method for cleaning flow capable of providing loading of a combination of multiple strategies. The method comprises the following steps that: a strategy combination is established by a user mode agent client, wherein the strategy combination comprises at least one virtual strategy, the virtual strategy comprises one or more entity strategies, and each of the entity strategies comprises one or more data characteristics; the user mode agent client transmits the strategy combination to a kernel mode; at least one virtual strategy in the strategy combination is registered to a data packet processing framework; the data packet processing framework carries out function callback on each of the entity strategies in the virtual strategy, compares a communication data packet with at least one virtual strategy, and discards the communication data packet when the communication data packet conforms to all entity strategies in the at least one virtual strategy. The invention further provides a device for cleaning flow capable of providing loading of the combination of multiple strategies. According to the invention, the flow is cleaned by using the strategy combination, thereby meeting requirements of application scenarios where the flow is cleaned by applying the complex combination of multiple strategies, and being wider in application range.
Description
Technical field
The present invention relates to Internet technical field, particularly a kind of flow cleaning method and device of many strategy combination loadings.
Background technology
The flow cleaning service provides to renting IDC (Internet Data Center, Internet data center) client of government and enterprises of service, DOS (Denial of Service for its initiation, denial of service)/a kind of Network Security Service of monitoring, alarm and protection that DDOS (Distributed Denial of service, distributed denial of service attack) attacks.This service is carried out Real Time Monitoring to the data traffic that enters Customer ID C, in time finds to comprise the abnormal flow of dos attack.Under the prerequisite that does not affect regular traffic, wash abnormal flow.The to satisfy effectively client operates successional requirement to IDC.Should service promote the observability of customer network flow and the clarity of safe condition by service content such as time announcement, analytical statements simultaneously.
The cleaning framework that daily traffic filtering system often takes filtering policy to judge one by one, thus cause flow only can pass through certain policy filtering, between the filtering policy be or relation, can not filter implement flow cleaning by satisfying simultaneously several.It is more that but business may require, and need to satisfy the application scenarios that a plurality of tactful complex combination are just cleaned flow.Traditional traffic filtering method is invalid for such application scenarios.
Traditional flow cleaning system only provides the loading of single strategy, the user can load each strategy successively, flow cleans one by one according to each strategy in the flow cleaning system, thereby only support to judge whether to carry out flow cleaning according to single strategy, do not support to judge whether to carry out flow cleaning by a plurality of strategy combinations.
Summary of the invention
Purpose of the present invention is intended to solve at least one of above-mentioned technological deficiency.
For this reason, first purpose of the present invention is to provide a kind of flow cleaning method of many strategy combination loadings, and the method can realize the arbitrarily combination of strategy, implements flow cleaning thereby satisfy a plurality of filtrations.Second purpose of the present invention is to provide the flow cleaning device of many strategy combinations loadings.
For achieving the above object, the embodiment of first aspect present invention proposes the flow cleaning method that a kind of many strategy combinations load, and comprises the steps:
The combination of user's attitude agent client Establishment strategy, wherein, described strategy combination comprises at least one empty strategy, described empty strategy comprises one or more entity strategies, and each described entity strategy comprises one or more data characteristicses;
Described user's attitude agent client is passed to kernel state with described strategy combination;
At least one empty strategy described in the described strategy combination is registered to the processing data packets framework; And
Described processing data packets framework carries out the function readjustment to each the entity strategy in the described empty strategy, and communication data packet and described at least one empty strategy compared, when described communication data packet meets whole entity strategy in described at least one empty strategy, abandon described communication data packet.
The flow cleaning method that loads according to the many strategy combinations of the embodiment of the invention, the user can select to have the strategy combination of a plurality of strategies, utilize this strategy combination that flow is cleaned, thereby satisfy the application scenarios that a plurality of tactful complex combination are cleaned flow, range of application is wider.
The flow cleaning device that the embodiment of second aspect present invention provides a kind of many strategy combinations to load, comprise user's attitude agent client, kernel state module and processing data packets framework, wherein, described user's attitude agent client is used for the Establishment strategy combination, wherein, described strategy combination comprises at least one empty strategy, and described empty strategy comprises one or more entity strategies, and each described entity strategy comprises one or more data characteristicses; Described kernel state module is used for receiving described strategy combination, and at least one empty strategy described in the described strategy combination is registered to described processing data packets framework; Described processing data packets framework is used for each entity strategy of described empty strategy is carried out the function readjustment, and communication data packet and described at least one empty strategy compared, when described communication data packet meets whole entity strategy in described at least one empty strategy, abandon described communication data packet.
The flow cleaning device that loads according to the many strategy combinations of the embodiment of the invention, the user can select to have the strategy combination of a plurality of strategies, utilize this strategy combination that flow is cleaned, thereby satisfy the application scenarios that a plurality of tactful complex combination are cleaned flow, range of application is wider.
The aspect that the present invention adds and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or the additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment below in conjunction with accompanying drawing, wherein:
Fig. 1 is the flow chart according to the flow cleaning method of many strategy combinations loadings of the embodiment of the invention;
Fig. 2 is the frame diagram according to the flow cleaning method of many strategy combinations loadings of the embodiment of the invention;
Fig. 3 is the flow chart of data processing figure according to the empty strategy of the embodiment of the invention; And
Fig. 4 is the schematic diagram according to the flow cleaning device of many strategy combinations loadings of the embodiment of the invention.
Embodiment
The below describes embodiments of the invention in detail, and the example of described embodiment is shown in the drawings, and wherein same or similar label represents same or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment that is described with reference to the drawings, only be used for explaining the present invention, and can not be interpreted as limitation of the present invention.
Disclosing hereinafter provides many different embodiment or example to be used for realizing different structure of the present invention.Of the present invention open in order to simplify, hereinafter parts and the setting of specific examples are described.Certainly, they only are example, and purpose does not lie in restriction the present invention.In addition, the present invention can be in different examples repeat reference numerals and/or letter.This repetition is in order to simplify and purpose clearly, itself not indicate the relation between the various embodiment that discuss of institute and/or the setting.In addition, the various specific technique that the invention provides and the example of material, but those of ordinary skills can recognize the property of can be applicable to of other techniques and/or the use of other materials.In addition, First Characteristic described below Second Characteristic it " on " structure can comprise that the first and second Characteristics creations are the direct embodiment of contact, also can comprise the embodiment of other Characteristics creation between the first and second features, such the first and second features may not be direct contacts.
With reference to following description and accompanying drawing, these and other aspects of embodiments of the invention will be known.These describe and accompanying drawing in, specifically disclose some specific implementations in the embodiments of the invention, represent to implement some modes of the principle of embodiments of the invention, still should be appreciated that the scope of embodiments of the invention is not limited.On the contrary, embodiments of the invention comprise spirit and interior all changes, modification and the equivalent of intension scope that falls into additional claims.
The flow cleaning method of many strategy combinations loadings of the embodiment of the invention is described below with reference to Fig. 1 to Fig. 3.
As shown in Figure 1, the flow cleaning method that many strategy combinations of the embodiment of the invention load comprises the steps:
Step S101: user's attitude agent client Establishment strategy combination.
Strategy combination comprises at least one empty strategy, and wherein, empty strategy comprises one or more entity strategies, and each entity strategy comprises one or more data characteristicses.
In one embodiment of the invention, also comprise the entity strategy in the strategy combination, and the entity strategy does not belong to empty strategy.
In yet another embodiment of the present invention, comprise a plurality of empty strategies in the strategy combination, wherein, a plurality of empty strategies share at least one entity strategy.
Step S102: user's attitude agent client is passed to kernel state with strategy combination.
In one embodiment of the invention, user's attitude agent client is passed to kernel state by the netlink sockets interface with empty strategy.
Particularly, loading empty strategy is that communication interface mode netlink by kernel state and user's attitude realizes.The policy data packet format of the embodiment of the invention is based on the definition of netlink socket data-interface.Wherein, message format adopts the individual-layer data message format of similar protocol stack, and is as shown in table 1.
Table 1
The policy data bag comprises following three relatively independent levels:
Netlink link layer (nlmsghdr): be responsible for the transmitting-receiving work of netlink data message.
Service layer (Service_hdr): functions such as being responsible for the establishment relevant with service, deleting and enabling.
Strategic layer (Strategy info): the establishment of the corresponding strategies of repetition measurement server entity, deletion, revise and enable etc. function.
In the message structure of service layer and strategic layer, defined respectively relevant order ID and set up, inquire about, revise and deletion service entities and policy entity to instruct.Wherein, service layer's data of message and strategic layer data are resolved and are processed by service layer and strategic layer working function respectively.Table 2 and table 3 show respectively the command type of part service layer and strategic layer.
| CMD_ID | Macrodefinition | Describe |
| 0x01 | BCS_SVC_CMD_CREATE | Create new service entities |
| 0x02 | BCS_SVC_CMD_MOD | Revise service entities information |
| 0x03 | BCS_SVC_CMD_DEL | The deletion service entities |
| … | … | … |
Table 2
| CMD_ID | Macrodefinition | Describe |
| 0x01 | BCS_STG_CMD_CREATE | Create new policy entity |
| 0x02 | BCS_STG_CMD_MOD | Revise policy entity information |
| 0x03 | BCS_STG_CMD_DEL | The deletion strategy entity |
| … | … | … |
Table 3
The below is described the process of setting up of strategy combination.
At first, the user can select arbitrarily by the if conditional statement, and (with), or (or) strategy combination that consists of.
For example:
Table 4
Then, utilize user's attitude client that the strategy combination of user's appointment is carried out conversion processing, remove if condition judgment statement, consist of between the outer strategy group be or relation, strategy group inner strategy between be with the form of relation.
Since arbitrarily by the if conditional statement, and, and the condition judgment structure that or consists of can equivalence convert following form to:
(A and B)||(C and D)
Strategy combination in the table 4 can be expressed as (A﹠amp; B﹠amp; C) || (A﹠amp; B﹠amp; D) || form (E).Wherein, this strategy combination comprises three empty strategies, is respectively (A﹠amp; B﹠amp; C), (A﹠amp; B﹠amp; D) and (E).A, B, C, D and E are respectively the entity strategy.
Can find out, entity strategy E is separately as a strategy, so entity strategy E can not be as the part of other empty strategies.Empty strategy (A﹠amp; B﹠amp; C) comprise entity strategy A, B and C, empty strategy (A﹠amp; B﹠amp; D) comprise entity strategy A, B and D.Wherein, entity strategy A and B are the shared entity strategy of above-mentioned two empty strategies.
User's attitude agent client passes to kernel state with each empty strategy by the netlink sockets interface, and kernel state receives each empty strategy successively, resolves according to custom protocol, loads each empty strategy, thereby loads strategy combination.After all empty strategies all are transferred to kernel state and set up complete empty policy entity, then realize the flow cleaning system to user-defined how tactful combination in any.
Step S103: at least one empty strategy in the strategy combination is registered to the processing data packets framework.
As shown in Figure 2, at least one the empty strategy in the strategy combination is registered to the processing data packets framework.Wherein, the processing data packets framework can be processed framework for the soft interruption bag of Soft IRQ.
In one embodiment of the invention, because the entity strategy can be separately as a strategy, and then the entity strategy can directly be registered in the processing data packets framework.
As from the foregoing, entity strategy and empty strategy all can be registered in the processing data packets framework.
Step S104: the processing data packets framework carries out the function readjustment to each the entity strategy in the empty strategy, and communication data packet and at least one empty strategy compared, when communication data packet meets whole entity strategy at least one empty strategy, abandon communication data packet.
Come temporarily when communication data packet, the processing data packets framework carries out the function readjustment to strategy.As shown in Figure 2, the processing data packets framework can and be adjusted back as the entity strategy of strategy separately empty strategy.
The processing data packets framework abandons judgement according to the strategy that readjustment obtains to communication data packet.If communication data packet meets the whole entity strategies at least one empty strategy, then abandon logical packet.For example, strategy combination is (A﹠amp; B﹠amp; C) || (A﹠amp; B﹠amp; D) || (E), if communication data packet meets empty strategy (A﹠amp; B﹠amp; C) whole entity strategy A, B and C in then will abandon this communication data packet.
When communication data packet does not meet any entity strategy at least one empty strategy, then this communication data packet is sent to protocol stack and process.
In one embodiment of the invention, when an empty strategy of deletion, the entity strategy that this void strategy comprises will no longer work, thereby meet user's use habit.
The flow chart of data processing of empty strategy is described below with reference to Fig. 3.
Step S301: by the tactful processing function entrance of void, judge whether empty strategy activates, if so, execution in step S302 then, otherwise execution in step S305.
Step S302: judge whether in addition entity strategy, if having, execution in step S303 then, otherwise execution in step S305.
Step S303: call entity strategy bag and process function.
Step S304: judging whether the entity strategy returns abandons communication data packet, if so, then returns execution in step S302, otherwise execution in step S305.
Step S305: communication data packet filtering statistics.
Step S306: judge whether to abandon communication data packet according to empty strategy, if so, execution in step S307 then, otherwise execution in step S308.
If communication data packet meets the whole entity strategies in the empty strategy, execution in step S307 then, otherwise execution in step S308.
Step S307: return and abandon communication data packet.
Step S308: return the received communication packet.
Communication data is comprised that transferring to protocol stack processes.
The flow cleaning method that loads according to the many strategy combinations of the embodiment of the invention, the user can select to have the strategy combination of a plurality of strategies, utilize this strategy combination that flow is cleaned, thereby satisfy the application scenarios that a plurality of tactful complex combination are cleaned flow, range of application is wider.
Below with reference to the flow cleaning device 400 of Fig. 4 description according to many strategy combinations loadings of the embodiment of the invention.
As shown in Figure 4, the flow cleaning device 400 of many strategy combinations loadings of the embodiment of the invention comprises user's attitude agent client 410, kernel state module 420 and processing data packets framework 430.
User's attitude agent client 410 is used for the Establishment strategy combination, and wherein strategy combination comprises at least one empty strategy.Empty strategy comprises one or more entity strategies, and each entity strategy comprises one or more data characteristicses.Wherein, user's attitude agent client 410 is passed to kernel state module 420 by the netlink sockets interface with empty strategy.
In one embodiment of the invention, also comprise the entity strategy in the strategy combination, and the entity strategy does not belong to empty strategy.
In yet another embodiment of the present invention, comprise a plurality of empty strategies in the strategy combination, wherein a plurality of virtual strategies share at least one entity strategy.
Kernel state module 420 is used for receiving strategy combination, and at least one empty strategy in the strategy combination is registered to processing data packets framework 430.
Particularly, loading empty strategy is that communication interface mode netlink by kernel state and user's attitude realizes.The policy data packet format of the embodiment of the invention is based on the definition of netlink socket data-interface.Wherein, message format adopts the individual-layer data message format of similar protocol stack.
The policy data bag comprises following three relatively independent levels:
Netlink link layer (nlmsghdr): be responsible for the transmitting-receiving work of netlink data message.
Service layer (Service_hdr): functions such as being responsible for the establishment relevant with service, deleting and enabling.
Strategic layer (Strategy info): the establishment of the corresponding strategies of repetition measurement server entity, deletion, revise and enable etc. function.
In the message structure of service layer and strategic layer, defined respectively relevant order ID and set up, inquire about, revise and deletion service entities and policy entity to instruct.Wherein, service layer's data of message and strategic layer data are resolved and are processed by service layer and strategic layer working function respectively.
The below is described the process of setting up of strategy combination.
At first, the user can select arbitrarily by the if conditional statement, and (with), or (or) strategy combination that consists of.Then, utilize user's attitude agent client 410 that the strategy combination of user's appointment is carried out conversion processing, remove if condition judgment statement, consist of between the outer strategy group be or relation, strategy group inner strategy between be with the form of relation.
Since arbitrarily by the if conditional statement, and, and the condition judgment structure that or consists of can equivalence convert following form to:
(A and B)||(C and D)
For example: strategy combination is (A﹠amp; B﹠amp; C) || (A﹠amp; B﹠amp; D) || form (E).Wherein, this strategy combination comprises three empty strategies, is respectively (A﹠amp; B﹠amp; C), (A﹠amp; B﹠amp; D) and (E).A, B, C, D and E are respectively the entity strategy.
Can find out, entity strategy E is separately as a strategy, so entity strategy E can not be as the part of other empty strategies.Empty strategy (A﹠amp; B﹠amp; C) comprise entity strategy A, B and C, empty strategy (A﹠amp; B﹠amp; D) comprise entity strategy A, B and D.Wherein, entity strategy A and B are the shared entity strategy of above-mentioned two empty strategies.
User's attitude agent client 410 passes to kernel state module 420 with each empty strategy by the netlink sockets interface, kernel state module 420 receives each empty strategy successively, resolve according to custom protocol, load each empty strategy, thereby the loading strategy combination is set up complete empty policy entity until all empty strategies all are transferred to kernel state module 420.
As shown in Figure 2, kernel state module 420 is registered to processing data packets framework 430 with at least one the empty strategy in the strategy combination.Wherein, processing data packets framework 430 can be processed framework for the soft interruption bag of Soft IRQ.
In one embodiment of the invention, because the entity strategy can be separately as a strategy, and then the entity strategy can directly be registered in the processing data packets framework 430.
As from the foregoing, entity strategy and empty strategy all can be registered in the processing data packets framework 430.
Processing data packets framework 430 is used for each entity strategy of empty strategy is carried out the function readjustment, and communication data packet and at least one empty strategy compared, the whole entity strategies that meet at least one empty strategy when communication data packet are to abandon communication data packet.
Come temporarily when communication data packet, 430 pairs of strategies of processing data packets framework carry out the function readjustment.Processing data packets framework 430 can and be adjusted back as the entity strategy of strategy separately empty strategy.
Processing data packets framework 430 abandons judgement according to the strategy that readjustment obtains to communication data packet.If communication data packet meets the whole entity strategies at least one empty strategy, then abandon logical packet.For example, strategy combination is (A﹠amp; B﹠amp; C) || (A﹠amp; B﹠amp; D) || (E), if communication data packet meets empty strategy (A﹠amp; B﹠amp; C) whole entity strategy A, B and C in then will abandon this communication data packet.
When communication data packet did not meet any entity strategy at least one empty strategy, then processing data packets framework 430 sent to protocol stack with this communication data packet and processes.
In one embodiment of the invention, when an empty strategy of deletion, the entity strategy that this void strategy comprises will no longer work, thereby meet user's use habit.
The flow cleaning device that loads according to the many strategy combinations of the embodiment of the invention, the user can select to have the strategy combination of a plurality of strategies, utilize this strategy combination that flow is cleaned, thereby satisfy the application scenarios that a plurality of tactful complex combination are cleaned flow, range of application is wider.
Describe and to be understood in the flow chart or in this any process of otherwise describing or method, expression comprises module, fragment or the part of code of the executable instruction of the step that one or more is used to realize specific logical function or process, and the scope of preferred implementation of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by opposite order, carry out function, this should be understood by the embodiments of the invention person of ordinary skill in the field.
In flow chart the expression or in this logic of otherwise describing and/or step, for example, can be considered to the sequencing tabulation for the executable instruction that realizes logic function, may be embodied in any computer-readable medium, use for instruction execution system, device or equipment (such as the computer based system, comprise that the system of processor or other can and carry out the system of instruction from instruction execution system, device or equipment instruction fetch), or use in conjunction with these instruction execution systems, device or equipment.With regard to this specification, " computer-readable medium " can be anyly can comprise, storage, communication, propagation or transmission procedure be for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.The more specifically example of computer-readable medium (non-exhaustive list) comprises following: the electrical connection section (electronic installation) with one or more wirings, portable computer diskette box (magnetic device), random access memory (RAM), read-only memory (ROM), the erasable read-only memory (EPROM or flash memory) of editing, fiber device, and portable optic disk read-only memory (CDROM).In addition, computer-readable medium even can be paper or other the suitable media that to print described program thereon, because can be for example by paper or other media be carried out optical scanner, then edit, decipher or process to obtain described program in the electronics mode with other suitable methods in case of necessity, then it is stored in the computer storage.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in the memory and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, can realize with the combination of each or they in the following technology well known in the art: have for the discrete logic of data-signal being realized the logic gates of logic function, application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that and realize that all or part of step that above-described embodiment method is carried is to come the relevant hardware of instruction to finish by program, described program can be stored in a kind of computer-readable recording medium, this program comprises step of embodiment of the method one or a combination set of when carrying out.
In addition, each functional unit in each embodiment of the present invention can be integrated in the processing module, also can be that the independent physics of unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If described integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.
The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or the example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification to these embodiment, scope of the present invention is by claims and be equal to and limit.
Claims (10)
1. the flow cleaning method of the loading of strategy combination more than a kind is characterized in that, comprises the steps:
The combination of user's attitude agent client Establishment strategy, wherein, described strategy combination comprises at least one empty strategy, described empty strategy comprises one or more entity strategies, and each described entity strategy comprises one or more data characteristicses;
Described user's attitude agent client is passed to kernel state with described strategy combination;
At least one empty strategy described in the described strategy combination is registered to the processing data packets framework; And
Described processing data packets framework carries out the function readjustment to each the entity strategy in the described empty strategy, and communication data packet and described at least one empty strategy compared, when described communication data packet meets whole entity strategy in described at least one empty strategy, abandon described communication data packet.
2. flow cleaning method as claimed in claim 1 is characterized in that, also comprise the steps: also to comprise the entity strategy in the described strategy combination, and described entity strategy does not belong to described empty strategy.
3. flow cleaning method as claimed in claim 1 is characterized in that, comprises a plurality of empty strategies in the described strategy combination, and wherein, described a plurality of virtual strategies share at least one entity strategy.
4. such as each described flow cleaning method among the claim 1-3, it is characterized in that, further comprising the steps of:
When described communication data packet does not meet any entity strategy in described at least one empty strategy, then described communication data packet is sent to protocol stack and process.
5. such as each described flow cleaning method among the claim 1-4, it is characterized in that, described user's attitude agent client is passed to described kernel state by the netlink sockets interface with described empty strategy.
6. the flow cleaning device of the loading of strategy combination more than a kind is characterized in that, comprising: user's attitude agent client, kernel state module and processing data packets framework, wherein,
Described user's attitude agent client is used for the Establishment strategy combination, and wherein, described strategy combination comprises at least one empty strategy, and described empty strategy comprises one or more entity strategies, and each described entity strategy comprises one or more data characteristicses;
Described kernel state module is used for receiving described strategy combination, and at least one empty strategy described in the described strategy combination is registered to described processing data packets framework;
Described processing data packets framework is used for each entity strategy of described empty strategy is carried out the function readjustment, and communication data packet and described at least one empty strategy compared, when described communication data packet meets whole entity strategy in described at least one empty strategy, abandon described communication data packet.
7. flow cleaning device as claimed in claim 6 is characterized in that, also comprises the entity strategy in the described strategy combination, and described entity strategy does not belong to described empty strategy.
8. flow cleaning device as claimed in claim 6 is characterized in that, comprises a plurality of empty strategies in the described strategy combination, and wherein, described a plurality of virtual strategies share at least one entity strategy.
9. such as each described flow cleaning device among the claim 6-8, it is characterized in that, when described communication data packet did not meet any entity strategy in described at least one empty strategy, then described processing data packets framework sent to protocol stack with described communication data packet and processes.
10. such as each described flow cleaning device among the claim 6-9, it is characterized in that, described user's attitude agent client is passed to described kernel state module by the netlink sockets interface with described empty strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210096528.4A CN103368858B (en) | 2012-04-01 | 2012-04-01 | The flow cleaning method that many strategy combinations load and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210096528.4A CN103368858B (en) | 2012-04-01 | 2012-04-01 | The flow cleaning method that many strategy combinations load and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103368858A true CN103368858A (en) | 2013-10-23 |
| CN103368858B CN103368858B (en) | 2016-01-20 |
Family
ID=49369422
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210096528.4A Active CN103368858B (en) | 2012-04-01 | 2012-04-01 | The flow cleaning method that many strategy combinations load and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103368858B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018059186A1 (en) * | 2016-09-27 | 2018-04-05 | 上海红阵信息科技有限公司 | Apparatus, method and device for encapsulating heterogeneous function equivalent bodies |
| WO2018059187A1 (en) * | 2016-09-27 | 2018-04-05 | 上海红阵信息科技有限公司 | A device and method for generating heterogeneous function equivalents |
| CN111181910A (en) * | 2019-08-12 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Protection method and related device for distributed denial of service attack |
| CN114584391A (en) * | 2022-03-22 | 2022-06-03 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for generating abnormal flow processing strategy |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040148520A1 (en) * | 2003-01-29 | 2004-07-29 | Rajesh Talpade | Mitigating denial of service attacks |
| CN101404658A (en) * | 2008-10-31 | 2009-04-08 | 北京锐安科技有限公司 | Method and system for detecting bot network |
| CN101431449A (en) * | 2008-11-04 | 2009-05-13 | 中国科学院计算技术研究所 | Network flux cleaning system |
| CN101447996A (en) * | 2008-12-31 | 2009-06-03 | 成都市华为赛门铁克科技有限公司 | Defending method for distributed service-refusing attack and system and device thereof |
| CN102195843A (en) * | 2010-03-02 | 2011-09-21 | 中国移动通信集团公司 | Flow control system and method |
-
2012
- 2012-04-01 CN CN201210096528.4A patent/CN103368858B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040148520A1 (en) * | 2003-01-29 | 2004-07-29 | Rajesh Talpade | Mitigating denial of service attacks |
| CN101404658A (en) * | 2008-10-31 | 2009-04-08 | 北京锐安科技有限公司 | Method and system for detecting bot network |
| CN101431449A (en) * | 2008-11-04 | 2009-05-13 | 中国科学院计算技术研究所 | Network flux cleaning system |
| CN101447996A (en) * | 2008-12-31 | 2009-06-03 | 成都市华为赛门铁克科技有限公司 | Defending method for distributed service-refusing attack and system and device thereof |
| CN102195843A (en) * | 2010-03-02 | 2011-09-21 | 中国移动通信集团公司 | Flow control system and method |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018059186A1 (en) * | 2016-09-27 | 2018-04-05 | 上海红阵信息科技有限公司 | Apparatus, method and device for encapsulating heterogeneous function equivalent bodies |
| WO2018059187A1 (en) * | 2016-09-27 | 2018-04-05 | 上海红阵信息科技有限公司 | A device and method for generating heterogeneous function equivalents |
| US11159571B2 (en) | 2016-09-27 | 2021-10-26 | Shanghai Hongzhen Information Science & Technology Co. Ltd. | Apparatus, method and device for encapsulating heterogeneous functional equivalents |
| US11201895B2 (en) | 2016-09-27 | 2021-12-14 | Shanhai Hongzhen Information Science & Technology Co. Ltd. | Apparatus for generating heterogeneous functional equivalent and method thereof |
| CN111181910A (en) * | 2019-08-12 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Protection method and related device for distributed denial of service attack |
| CN111181910B (en) * | 2019-08-12 | 2021-10-08 | 腾讯科技(深圳)有限公司 | Protection method and related device for distributed denial of service attack |
| CN114584391A (en) * | 2022-03-22 | 2022-06-03 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for generating abnormal flow processing strategy |
| CN114584391B (en) * | 2022-03-22 | 2024-02-09 | 恒安嘉新(北京)科技股份公司 | Method, device, equipment and storage medium for generating abnormal flow processing strategy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103368858B (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100477620C (en) | On-line intrusion detection using a single physical port | |
| CN103959712B (en) | Time control in large-scale firewall cluster | |
| CN102546640B (en) | Information flow method when the many equipment of single account logs in and server | |
| US20090228557A1 (en) | Multiple-layer chat filter system and method | |
| CN104601597B (en) | Device and method for Firewall Group collected state data sharing | |
| CN105721461A (en) | System and method using dedicated computer security services | |
| CN100574249C (en) | virtual router redundancy protocol message transmission method and device | |
| CN101325554B (en) | Method for establishing route, forwarding chip and three-layer switchboard | |
| CN204350029U (en) | Data interaction system | |
| EP3053046A1 (en) | Network intrusion detection | |
| CN101351781B (en) | Method and system for processing incoming packets in a communication network | |
| CN103368858A (en) | Method and device for cleaning flow capable of providing loading of combination of multiple strategies | |
| CN102377697A (en) | Data processing method under condition of network physical isolation | |
| CN108932182B (en) | Message bus performance test method and system | |
| CN104427012B (en) | Port negotiation method and apparatus | |
| CN109800094B (en) | Method for realizing communication between single application and multiple public applications | |
| CN103490964B (en) | A kind of method and device for realizing that flexible configuration terminal accesses quantity | |
| US20160197766A1 (en) | Soft redundancy protocol | |
| CN102244695A (en) | Contact person grouping system and method | |
| CN101924700A (en) | Method, device and network equipment for processing messages | |
| CN104601578A (en) | Recognition method and device for attack message and core device | |
| CN102984739A (en) | Breakdown information processing method and processing device | |
| WO2016201843A1 (en) | Control method and apparatus for mac address learning | |
| CN201821376U (en) | Global network access control device and network equipment | |
| US20210328887A1 (en) | Method for performing task processing on common service entity, common service entity, apparatus and medium for task processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |