CN104104557B - Deep packet detection device orienting IPv6 security gateway - Google Patents
Deep packet detection device orienting IPv6 security gateway Download PDFInfo
- Publication number
- CN104104557B CN104104557B CN201410286319.5A CN201410286319A CN104104557B CN 104104557 B CN104104557 B CN 104104557B CN 201410286319 A CN201410286319 A CN 201410286319A CN 104104557 B CN104104557 B CN 104104557B
- Authority
- CN
- China
- Prior art keywords
- classification
- reduction
- unit
- piecemeal
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 35
- 230000009467 reduction Effects 0.000 claims abstract description 251
- 230000007246 mechanism Effects 0.000 claims abstract description 65
- 238000007781 pre-processing Methods 0.000 claims abstract description 16
- 238000000034 method Methods 0.000 claims description 29
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 claims description 23
- 238000005192 partition Methods 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 15
- 230000014509 gene expression Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 9
- 230000006399 behavior Effects 0.000 claims description 6
- 230000011218 segmentation Effects 0.000 claims description 6
- 230000027455 binding Effects 0.000 claims description 5
- 238000009739 binding Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 230000004048 modification Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 238000001914 filtration Methods 0.000 description 3
- 239000000203 mixture Substances 0.000 description 3
- 230000002829 reductive effect Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 238000004513 sizing Methods 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000004913 activation Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000000306 component Substances 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000013138 pruning Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a deep packet detection device orienting an IPv6 security gateway. The device comprises a double-matching core unit 102, a multistage assembly line preprocessing parallel mechanism 112 which is connected with the double-matching core unit 102 and is invoked via a basic operation interface, and a multipath search matching parallel mechanism 114. The double-matching core unit 102 comprises a main matching core 1 and a shadow matching core 2. The main matching core 1 and the shadow matching core 2 respectively comprise an engine configuration parameter unit 104, a preprocessing primitive operation unit 106, a class search high-speed classification unit 108 and a class reduction high-speed classification unit 110. The basic operation interface comprises a rule parsing interface 116, a rule matching preprocessing interface 118, a rule matching classification interface 120 and a rule matching engine configuration interface 122. With the help of the technical scheme, deep packet detection orienting an IPv6 network can be realized.
Description
Technical field
The present invention relates to traffic classification and technology of identification field, more particularly to a kind of depth towards IPv6 security gateways
Package detection device.
Background technology
In the prior art, application or the identification of agreement are information filtering, flow analysis, Bandwidth Management, safety with classification
Communication and the basis of the Internet supervision and O&M, and the rule match matched based on protocol characteristic is then the pass of network message classification
Key technology.Correspondingly, rule match engine is traffic management gateway, information filtering fire wall, intrusion detection and defence system
The core component of the disparate networks security gateway such as system, anti-viruss gateway, Spam filtering gateway, UTM, VPN,
To carry out classifying to message, business identification and application are perceived, and are packets forwarding, QoS queue scheduling, load balancing, content mistake
The premise and basis of filter and network measure, which is located in the critical path of every Message processing, its matching under high speed network environment
To be one of bottleneck of whole system performance with classification capacity.
Protocol characteristic (or fingerprint, signature, keyword) refers to that the flow of certain network application is different from the one of other flows
A little AD HOC strings, can uniquely determine the type of network traffics;Protocol characteristic is described generally in the form of safety regulation
Concrete network application.Safety regulation is by some dimensions such as a stack features pattern string, mark/type, action or field according to certain
Grammer is defined, the context and semantic information of accurate description complexity;Many rules are constituted according to certain priority orders
Regular collection.Characteristic matching refers mainly to accurate String matching and matching regular expressions, and wherein, accurate String matching can be divided into single mode again
Formula is matched and multi-mode matching;And rule match then refers to the multi-mode characteristic matching carried out based on whole regular collection.
Deep-packet detection (Deep Packet Inspection, referred to as DPI) is seven layers of important rule match of a class
Technology.With three to four layers of multidimensional for carrying out message classification based on five-tuple (i.e. source-mesh IP address, source-eye end mouth, protocol type)
Bag classifying ruless matching technique is different, deep-packet detection be primarily not by the use of heading information as search key, but
The application layer payload segment for being deep into message carries out content analysis, to detect whether to there are the multiple feature modes specified in rule
String matches specific regular expression, it usually needs carry out byte-by-byte scanning;Additionally, the pattern string quantity of each rule, length
Degree and deviation post may and be differed, and the same position of same rule has been likely to multiple pattern strings.And on the other hand, in order to
Identification has well-known server ip address, the network application of well-known serve port or agreement, generally also by the IP ground of heading
The five-tuple such as location, port, agreement field is about set to the optional part of deep-packet detection rule.
IPv4 networks to the evolution of IPv6 networks, the ever-increasing network bandwidth, the new business new opplication for emerging in an endless stream with
And huge network traffics so that the design of high-performance deep-packet detection rule match engine is faced with huge choosing with realization
War.First, existing deep-packet detection rule is described and is used finite automata DFA using standard regular expression grammer
To realize, but the complicated syntactic property of regular expression is far beyond the demand of network security rule, when regular collection it is larger
When finite automaton chance generating state memory headroom explosivity expansion issues.And for a big class application/protocol identification class application
For, the usual standard of comparison of its protocol format and fixation, the length of traffic characteristic keyword and deviation post can be predefined,
Therefore simplified rule syntax can be defined.Secondly, as IPv4 is to the transition of IPv6, the length of IP address is by original 32
128 are risen to, message load is caused from ESP ciphertexts are changed in plain text based on the mandatory use of the security mechanism of IPSec standards, it is existing
Some rule match technologies have not adapted to the new change completely.Again, the performance scalability one of existing rule match engine
As it is weaker, with regular collection renewal and scale constantly expand, regular pretreatment and rule match speed are all in rapid decrease
Trend, it is difficult to realize real-time response and line-speed processing.Finally, existing rule match engine cannot realize configurable rule set
Close pretreatment and match core texture upgrading, as preprocessing process and rule match core are all hard coded, work as demand for security
When changing or changing using situation, for example rule schemata changes, and all can only start anew to realize again.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome the problems referred to above or at least in part solve on
State the deep packet detection device towards IPv6 security gateways of problem.
The present invention provides a kind of deep packet detection device towards IPv6 security gateways, including:Double matching core cells
102nd, and with double matching core cells 102 the multi-stage pipeline pretreatment for being connected and being called by basic operation interface is simultaneously
Row mechanism 112, and multichannel search matching parallel mechanism structure 114, wherein, double matching core cells 102 include main matching core 1 and shadow
Son matching core 2, main matching core 1 and shadow matching core 2 include engine configuration parameter unit 104, pretreatment primitive respectively
Operating unit 106, classification search high speed taxon 108, classification reduction high speed taxon 110, basic operation interface
Including:Rule parsing interface 116, rule match pretreatment interface 118, rule match sort interface 120 and rule match engine
Configuration interface 122;
Engine configuration parameter unit 104, is carried out to engine configuration parameter for configuring interface 122 by rule match engine
Configuration;
Pretreatment primitive operation unit 106, for carrying out pretreatment primitive operation to regular collection, wherein, pretreatment is former
Language operation includes:Regular piecemeal longitudinal projection, subpoint and interval clustering and category set reduction cluster;
Classification searches high speed taxon 108 includes classification search tree unit 402 and classification look-up table unit 404, classification
The classification look-up table in classification search tree and classification look-up table unit 404 in search tree unit 402 is respectively by pretreatment primitive
The subpoint of operating unit 106 and interval clustering operate the projection end points sequence to larger regular piecemeal and standard rule piecemeal and
Basic interval carries out pretreatment and is generated;
Classification reduction high speed taxon 110 includes classification binary reduction unit 406 and classification ternary reduction unit 408,
The category set reduction of classification binary reduction unit 406 and classification ternary reduction unit 408 by pretreatment primitive operation unit 106
Cluster operation carries out reduction and gathers to two or three category sets in classification search tree, classification look-up table and reduction category set
Class pretreatment is generated;
Multi-stage pipeline pretreatment parallel mechanism structure 112, is called by rule match pretreatment interface 118, for basis
Pipeline configuration parameter creates preprocessing tasks thread pool, and the thread in preprocessing tasks thread pool is sequentially allocated corresponding
Core cpu bound, select the shadows matching cores 2 of double matching core cells 102, by rule parsing interface 116 plus
The regular collection that shadow matches core 2 is carried, piecemeal is carried out to regular collection, according to engine configuration parameter to the rule set after piecemeal
Conjunction calls the operation of regular piecemeal longitudinal projection, subpoint and the interval clustering of pretreatment primitive operation unit 106 to operate successively, with
And category set reduction cluster operation, the matched rule collection that shadow matches core 2 is upgraded or updated, shadow is activated
Core 1 is matched with core 2 and based on switching it to, new matched rule collection is enabled, and former main matching core is then switched to shadow
Matching core is simultaneously transferred to armed state;
Multichannel is searched matching parallel mechanism structure 114 and is called by rule match sort interface 120, and multichannel searches matching simultaneously
Row mechanism 114 is by classification search tree unit 402, classification look-up table unit 404, classification binary reduction unit 406, and classification ternary
Reduction unit 408 is combined cascade according to the engine configuration parameter that engine configuration parameter unit 104 is arranged and is constituted, including two
Classification search tree and the search tree reduction unit of unit or ternary, classification look-up table and look-up table reduction unit, classification search tree and
The combination reduction unit of look-up table reduction unit and reduction unit and reduction unit, wherein, multichannel searches matching parallel mechanism structure
114 constitute multiclass classification streamline by classification searching unit and classification reduction unit, and classification searching unit belongs to multiclass classification stream
The first order node of waterline, classification reduction unit belong to the second level node of multiclass classification streamline to penult, and multichannel is looked into
Matching parallel mechanism structure 114 is looked for for the message to be sorted of input is carried out piecemeal, classification lookup, class are carried out successively to message partition
Other reduction operation simultaneously exports the classification logotype and the rules subset for associating of hit.
Preferably, multichannel search matching parallel mechanism structure 114 specifically for:The head of the message load of the message to be sorted of input
The region of the region of portion's regular length and afterbody regular length is defined as characteristic signature and extracts and Matching band, and refers to according to regular domain
Fixed fixed size is divided into some standard piecemeals;IPv6 addresses and transport layer port number are about set to into deep-packet detection rule
Piecemeal, and using IPv6 addresses as single larger piecemeal.
Preferably, multi-stage pipeline pretreatment parallel mechanism structure 112 specifically for:According to the accurate mould of one or more specified
Formula string, interval value, prefix or regular expression carry out piecemeal to regular collection.
Preferably, pretreatment primitive operation unit 106 specifically for:
Regular piecemeal longitudinal projection operation:By regular piecemeal on transverse axis longitudinal projection, to piecemeal projection end points arrange
Sequence and union operation, the end points sequence of create-rule piecemeal;The projection of the same piecemeal of Different Rule is interval, if adjacent region before and after which
Between proparea between right endpoint and back zone left end point belong to neighbours' end points, then the two end points are merged into into an end points;Wall scroll
Multiple projections of the same piecemeal of rule are interval, according to the position relationship between interval, carry out interval horizontal meaders to which, eliminate
Merged empty projection end points;Piecemeal Value space full segmentation is nonoverlapping by the regular piecemeal end points sequence according to acquisition
Some basic intervals;
Subpoint is operated with interval clustering:For each end points in regular piecemeal end points sequence or interval, travel through successively
Regular collection, generates the rules subset comprising the end points or interval, and rule that itself and above end points or interval have been generated
Collection is clustered, and gives its unique type identification according to the result of cluster;By the subpoint of standard piecemeal, type identification and phase
Answer rules subset to be associated, generate classification look-up table;By the projection end points and basic interval, type identification of larger piecemeal and phase
Answer rules subset to be associated, generate classification search tree;
Category set reduction cluster operation:Two or three category sets are carried out reduction with cartesian product mode to gather
Generic operation, generates a reduction category set;To associated by the type identification of two or three category sets being under the jurisdiction of respectively
Regular collection seek common ground create-rule subset, and the rules subset generated by itself and above reduction operation is carried out into cluster behaviour
Make, and then its unique type identification is given according to the result of cluster;And the type mark with participation epicycle reduction cluster operation
Know tuple to correspond;Type identification tuple, reduction cluster operation coding, new type mark are carried out with corresponding rules subset
Association, generates classification reduction look-up table.
Preferably, the built-in classification search tree of classification search tree unit 402 is that the AVL y-bends with rigorous equilibrium constraint are put down
Heng Qujianchazhaoshu;Larger piecemeal projection end points correspondence range lookup tree internal node, basic interval corresponds to range lookup
The leaf node of tree, node mark corresponding type identification;
Classification search tree unit 402 specifically for:A searching value is received as input, and exports a classification logotype,
Category mark implies rules subset associated there.
Preferably, the built-in classification look-up table of classification look-up table unit 404 is direct index table or hash table;Direct index
Table is made up of the relationship maps of original index value and type identification;Hashed value and type identification of the hash table by original index value
Relationship maps are constituted, and wherein hashed value is obtained to certain fixed value modulus by original index value, and the conflict of hashed value adopts chained list
Method is solved;
Classification look-up table unit 404 specifically for:An index value is received as input, and exports a classification logotype,
Wherein classification logotype implies rules subset associated there.
Preferably, classification binary reduction unit 406 or classification ternary reduction unit 408 include that a type identification tuple is compiled
Code unit and a classification reduction look-up table;Type identification tuple coding unit perform from binary or three-way type identify tuple to
Reduction operation coding mapping, and using exports coding as classification reduction look-up table index value;Classification reduction look-up table be
Direct index table or hash table;
Classification binary reduction unit 406 or classification ternary reduction unit 408 specifically for:Receive two or three type marks
Know as input, and export a classification logotype, wherein classification logotype implies rules subset associated there.
Preferably, multi-stage pipeline pretreatment parallel mechanism structure 112 includes the pretreatment thread pool of multi-core CPU binding, object
Memory pool and some line task nodes;Each CPU core is bound with some threads in thread pool, independent scheduling, parallel
The phased mission of executing rule pretreated stream waterline;Object memory pool refers to the internal memory of some fixed sizes that pre- first to file retains
Object, memory object are frequently applied and are reclaimed;Line task node according to engine configuration parameter and precedence successively
Call the operation of executing rule piecemeal longitudinal projection, subpoint and interval clustering operate, and category set reduction cluster operation;
Line task node carry out multithreading to each block phase pretreatment primitive operation performed by this node, parallel locate
Reason;
Multi-stage pipeline pretreatment parallel mechanism structure 112 specifically for:Regular collection is received as input, regular collection is passed through
After the process of streamline whole node, rule match accelerating engine matching core is generated and exports.
Preferably, multichannel searches the classification streamline node of matching parallel mechanism structure 114 to each piecemeal performed by this node
Interim sort operation carries out multichannel and searches matching and parallel processing;
Multichannel search matching parallel mechanism structure 114 specifically for:Message partition is received as input, message partition through point
After the process of class streamline whole node, the rules subset of final hit is generated and exports.
Preferably, wherein, engine configuration parameter includes:Pipeline configuration parameter and reduction operations table, pipeline configuration
Parameter includes:Pipeline series, flowing water node piecemeal quantity at different levels, flowing water node piecemeal type and classification search mode, wherein,
Reduction operations table describes the classification searching unit of each piecemeal of flowing water nodes at different levels, between classification binary or ternary reduction unit
Reduction combination and cascade system;Reduction combination adopt strategy include:Logical semantics similar or related piecemeal is carried out
Reduction is combined;Larger piecemeal is logically divided into two big class with standard piecemeal, and preferentially carries out reduction group with the piecemeal of same type
Closing operation;Under the constraints for meeting space complexity, ternary reduction unit is preferentially selected.
The present invention has the beneficial effect that:
By means of the technical scheme of the embodiment of the present invention, the deep-packet detection to IPv6 networks can be realized.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By reading the detailed description of hereafter preferred implementation, various other advantages and benefit are common for this area
Technical staff will be clear from understanding.Accompanying drawing is only used for illustrating the purpose of preferred implementation, and is not considered as to the present invention
Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
Fig. 1 is the structural representation of the deep packet detection device towards IPv6 security gateways of the embodiment of the present invention;
Fig. 2 is the schematic diagram of the method for partition of the deep-packet detection rule of the embodiment of the present invention;
Fig. 3 a are the throwings of the single codomain of the same piecemeal of many rules of the regular piecemeal longitudinal projection of the embodiment of the present invention
Shadow schematic diagram;
Fig. 3 b are the throwings of multiple codomains of the same piecemeal of wall scroll rule of the regular piecemeal longitudinal projection of the embodiment of the present invention
Shadow schematic diagram;
Fig. 4 a are the classification search tree cell schematics of the high speed taxon of the rule match engine of the embodiment of the present invention;
Fig. 4 b are the classification look-up table unit schematic diagrams of the high speed taxon of the rule match engine of the embodiment of the present invention;
Fig. 4 c are the binary reduction cell schematics of the high speed taxon of the rule match engine of the embodiment of the present invention;
Fig. 4 d are the ternary reduction cell schematics of the high speed taxon of the rule match engine of the embodiment of the present invention;
Fig. 5 is the signal of the built-in interval classification balanced binary search tree of classification search tree unit of the embodiment of the present invention
Figure;
Fig. 6 is the flow process that the multi-stage pipeline pretreatment parallel mechanism structure of the embodiment of the present invention carries out pretreatment to regular collection
Figure;
Fig. 7 a are the classification search tree of the embodiment of the present invention and classification search tree binary reduction cell schematics;
Fig. 7 b are the combination reduction unit of the classification binary reduction unit with classification binary reduction unit of the embodiment of the present invention
Schematic diagram;
Fig. 8 is the rule match accelerating engine schematic diagram of the embodiment of the present invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here
Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
A kind of embodiments in accordance with the present invention, there is provided deep packet detection device towards IPv6 security gateways, Fig. 1 are these
The structural representation of the deep packet detection device towards IPv6 security gateways of inventive embodiments, as shown in figure 1, according to the present invention
The deep packet detection device towards IPv6 security gateways of embodiment includes:Double matching core cells 102, and core is matched with double
Multi-stage pipeline pretreatment parallel mechanism structure 112 that heart unit 102 is connected and is called by basic operation interface, and multichannel look into
Matching parallel mechanism structure 114 is looked for, wherein, double matching core cells 102 include main matching core 1 and shadow matching core 2, main matching
Core 1 and shadow matching core 2 respectively include engine configuration parameter unit 104, pretreatment primitive operation unit 106, classification
Search high speed taxon 108, classification reduction high speed taxon 110, basic operation interface includes:Rule parsing interface
116th, rule match pretreatment interface 118, rule match sort interface 120 and rule match engine configuration interface 122;
Engine configuration parameter unit 104, is carried out to engine configuration parameter for configuring interface 122 by rule match engine
Configuration;Engine configuration parameter includes:Pipeline configuration parameter and reduction operations table, pipeline configuration parameter include:Streamline
Series, flowing water node piecemeal quantity at different levels, flowing water node piecemeal type and classification search mode, wherein, the description of reduction operations table
The classification searching unit of each piecemeal of flowing water nodes at different levels, the reduction combination between classification binary or ternary reduction unit and level
Connection mode;Reduction combination adopt strategy include:Logical semantics similar or related piecemeal is carried out into reduction combination;Larger point
Block is logically divided into two big class with standard piecemeal, and preferentially carries out reduction combination operation with the piecemeal of same type;It is empty meeting
Between complexity constraints under, preferentially select ternary reduction unit.
Pretreatment primitive operation unit 106, for carrying out pretreatment primitive operation to regular collection, wherein, pretreatment is former
Language operation includes:Regular piecemeal longitudinal projection, subpoint and interval clustering and category set reduction cluster;
Pretreatment primitive operation unit 106 specifically for:
Regular piecemeal longitudinal projection operation:By regular piecemeal on transverse axis longitudinal projection, to piecemeal projection end points arrange
Sequence and union operation, the end points sequence of create-rule piecemeal;The projection of the same piecemeal of Different Rule is interval, if adjacent region before and after which
Between proparea between right endpoint and back zone left end point belong to neighbours' end points, then the two end points are merged into into an end points;Wall scroll
Multiple projections of the same piecemeal of rule are interval, according to the position relationship between interval, carry out interval horizontal meaders to which, eliminate quilt
The empty projection end points of merging;If piecemeal Value space full segmentation is nonoverlapping by the regular piecemeal end points sequence according to acquisition
Dry basic interval;
Subpoint is operated with interval clustering:For each end points in regular piecemeal end points sequence or interval, travel through successively
Regular collection, generates the rules subset comprising the end points or interval, and rule that itself and above end points or interval have been generated
Collection is clustered, and gives its unique type identification according to the result of cluster;By the subpoint of standard piecemeal, type identification and phase
Answer rules subset to be associated, generate classification look-up table;By the projection end points and basic interval, type identification of larger piecemeal and phase
Answer rules subset to be associated, generate classification search tree;
Category set reduction cluster operation:Two or three category sets are carried out reduction with cartesian product mode to gather
Generic operation, generates a reduction category set;To associated by the type identification of two or three category sets being under the jurisdiction of respectively
Regular collection seek common ground create-rule subset, and the rules subset generated by itself and above reduction operation is carried out into cluster behaviour
Make, and then its unique type identification is given according to the result of cluster;And the type mark with participation epicycle reduction cluster operation
Know tuple to correspond;Type identification tuple, reduction cluster operation coding, new type mark are carried out with corresponding rules subset
Association, generates classification reduction look-up table.
Classification searches high speed taxon 108 includes classification search tree unit 402 and classification look-up table unit 404, classification
The classification look-up table in classification search tree and classification look-up table unit 404 in search tree unit 402 is respectively by pretreatment primitive
The subpoint of operating unit 106 and interval clustering operate the projection end points sequence to larger regular piecemeal and standard rule piecemeal and
Basic interval carries out pretreatment and is generated;
The built-in classification search tree of classification search tree unit 402 is that the AVL y-bends balance with rigorous equilibrium constraint is interval
Search tree;Larger piecemeal projection end points correspondence range lookup tree internal node, basic interval corresponds to the leaf of range lookup tree
Child node, node mark corresponding type identification;
Classification search tree unit 402 specifically for:A searching value is received as input, and exports a classification logotype,
Category mark implies rules subset associated there.
The built-in classification look-up table of classification look-up table unit 404 is direct index table or hash table;Direct index table is by original
The relationship maps of beginning index value and type identification are constituted;Hash table is reflected by the hashed value of original index value and the association of type identification
Composition is penetrated, wherein hashed value is obtained to certain fixed value modulus by original index value, the conflict of hashed value is solved using chain technique;
Classification look-up table unit 404 specifically for:An index value is received as input, and exports a classification logotype,
Wherein classification logotype implies rules subset associated there.
Classification reduction high speed taxon 110 includes classification binary reduction unit 406 and classification ternary reduction unit 408,
The category set reduction of classification binary reduction unit 406 and classification ternary reduction unit 408 by pretreatment primitive operation unit 106
Cluster operation carries out reduction and gathers to two or three category sets in classification search tree, classification look-up table and reduction category set
Class pretreatment is generated;
Classification binary reduction unit 406 or classification ternary reduction unit 408 include a type identification tuple coding unit
With a classification reduction look-up table;Type identification tuple coding unit is performed from binary or three-way type and identifies tuple to reduction
Operation coding mapping, and using exports coding as classification reduction look-up table index value;Classification reduction look-up table be direct
Concordance list or hash table;
Classification binary reduction unit 406 or classification ternary reduction unit 408 specifically for:Receive two or three type marks
Know as input, and export a classification logotype, wherein classification logotype implies rules subset associated there.
Multi-stage pipeline pretreatment parallel mechanism structure 112, is called by rule match pretreatment interface 118, for basis
Pipeline configuration parameter creates preprocessing tasks thread pool, and the thread in preprocessing tasks thread pool is sequentially allocated corresponding
Core cpu bound, select the shadows matching cores 2 of double matching core cells 102, by rule parsing interface 116 plus
The regular collection that shadow matches core 2 is carried, piecemeal is carried out to regular collection, according to engine configuration parameter to the rule set after piecemeal
Conjunction calls the operation of regular piecemeal longitudinal projection, subpoint and the interval clustering of pretreatment primitive operation unit 106 to operate successively, with
And category set reduction cluster operation, the matched rule collection that shadow matches core 2 is upgraded or updated, activation shadow matching
Core 2 simultaneously matches core 1 based on switching it to, and enables new matched rule collection, and former main matching core then switches to shadow
With core and it is transferred to armed state;
Multi-stage pipeline pretreatment parallel mechanism structure 112 specifically for:According to one or more specified accurate model string, area
Between value, prefix or regular expression piecemeal is carried out to regular collection.
Multi-stage pipeline pretreatment parallel mechanism structure 112 include multi-core CPU binding pretreatment thread pool, object memory pool and
Some line task nodes;Each CPU core is bound with some threads in thread pool, independent scheduling, executed in parallel rule
The phased mission of pretreated stream waterline;Object memory pool refers to the memory object of some fixed sizes that pre- first to file retains, interior
Deposit object frequently to be applied and reclaimed;Line task node call execution successively according to engine configuration parameter and precedence
The operation of regular piecemeal longitudinal projection, subpoint and interval clustering operate, and category set reduction cluster operation;Streamline
Task node carries out multithreading, parallel processing to each block phase pretreatment primitive operation performed by this node;
Multi-stage pipeline pretreatment parallel mechanism structure 112 specifically for:Regular collection is received as input, regular collection is passed through
After the process of streamline whole node, rule match accelerating engine matching core is generated and exports.
Multichannel is searched matching parallel mechanism structure 114 and is called by rule match sort interface 120, and multichannel searches matching
Parallel mechanism structure 114 is by classification search tree unit 402, classification look-up table unit 404, classification binary reduction unit 406, and classification three
First reduction unit 408 is combined cascade according to the engine configuration parameter that engine configuration parameter unit 104 is arranged and is constituted, including
The classification search tree of binary or ternary and search tree reduction unit, classification look-up table and look-up table reduction unit, classification search tree
With look-up table reduction unit and the combination reduction unit of reduction unit and reduction unit, wherein, multichannel searches matching parallel machine
Structure 114 constitutes multiclass classification streamline by classification searching unit and classification reduction unit, and classification searching unit belongs to multiclass classification
The first order node of streamline, classification reduction unit belong to the second level node of multiclass classification streamline to penult, multichannel
Search matching parallel mechanism structure 114 for by input message to be sorted carry out piecemeal, message partition is carried out successively classification lookup,
Classification reduction operation simultaneously exports the classification logotype and the rules subset for associating of hit.
Multichannel search matching parallel mechanism structure 114 specifically for:The stem of the message load of the message to be sorted of input is fixed
The region of the region of length and afterbody regular length is defined as characteristic signature and extracts and Matching band, and according to consolidating that regular domain is specified
Sizing is divided into some standard piecemeals;IPv6 addresses and transport layer port number are about set to into the piecemeal of deep-packet detection rule,
And using IPv6 addresses as single larger piecemeal.
Multichannel searches the classification streamline node of matching parallel mechanism structure 114 to each block phase performed by this node point
Class computing carries out multichannel and searches matching and parallel processing;
Multichannel search matching parallel mechanism structure 114 specifically for:Message partition is received as input, message partition through point
After the process of class streamline whole node, the rules subset of final hit is generated and exports.
Hereinafter the above-mentioned technical proposal of the embodiment of the present invention is described in detail.
The embodiment of the present invention is in order to solve the problems referred to above that existing deep-packet detection rule match engine is present, there is provided a kind of
Towards the deep packet inspection method and configurable high-performance deep-packet detection rule match engine of IPv6 security gateways.
For achieving the above object, embodiments provide a kind of towards IPv6 and the depth of 64 bit platform security gateways
Package detection device, including:Configurable regular pretreatment and rule match accelerating engine and its basic framework;Deep-packet detection is advised
Method of partition then;The pretreatment primitive behaviour such as regular piecemeal longitudinal projection, subpoint and interval clustering, category set reduction cluster
Make;The high speed taxons such as classification search tree, classification look-up table, classification binary or ternary reduction;Multi-stage pipeline pretreatment,
Multichannel searches the parallel mechanism structures such as matching;Main matching core and shadow match double matching core architectures of core.
In one or more embodiments of the invention, described configurable regular pretreatment and rule match accelerate to draw
The double matching core architectures for matching core using described main matching core and shadow are held up, built-in described regular piecemeal is longitudinally thrown
Pretreatment primitive operation and described classification search tree, the classification such as shadow, subpoint and interval clustering, category set reduction cluster
The high speed taxons such as look-up table, classification binary or ternary reduction, and search with described multi-stage pipeline pretreatment, multichannel
The parallel mechanism structures such as matching realize Quick Pretreatment and the matching to rule set;And described basic framework then provides rule parsing and connects
Mouth, rule match pretreatment interface, rule match sort interface and rule match engine configure the basic operation interfaces such as interface.
In one or more embodiments of the invention, IPv6 is reported by the regular method of partition of described deep-packet detection
The region of the stem regular length (such as 50 bytes) of literary load (if IPSec ESP ciphertexts, should first decrypt and obtain in plain text) and
The region of afterbody regular length (such as 4 bytes) is defined as characteristic signature and extracts and Matching band, and according to consolidating that regular domain is specified
Sizing (such as 2 bytes) is divided into some standard piecemeals;Meanwhile, IPv6 addresses and transport layer port number are about set to into deep packet
The piecemeal of detected rule, and using IPv6 addresses as single larger piecemeal;The value of regular piecemeal can specify one or
Multiple accurate model strings, prefix, interval value or regular expression.
In one or more embodiments of the invention, the pretreatment primitive operation of described regular piecemeal longitudinal projection,
Including:Described regular piecemeal longitudinal projection on transverse axis, described piecemeal projection end points are ranked up and the operation such as merge, give birth to
Into the end points sequence of regular piecemeal;The projection of the same piecemeal of Different Rule is interval, if before and after which between the proparea of adjacent interval
Between right endpoint and back zone, left end point belongs to neighbours' end points, and the two end points are merged into an end points;The same piecemeal of wall scroll rule
Multiple described projection it is interval, according to including, intersecting between interval, adjacent or the position relationship such as separate, interval is carried out to which
Horizontal meaders, eliminate merged empty projection end points;Described regular piecemeal end points sequence is piecemeal Value space full segmentation
For nonoverlapping some basic intervals.
In one or more embodiments of the invention, the pretreatment primitive of the piecemeal subpoint and interval clustering is grasped
Make, including:Interval for each end points in the end points sequence of piecemeal projection or segmentation, traversal rule set successively is raw
Into the rules subset comprising the end points or interval, and its rules subset for having been generated with above end points or interval is clustered,
And then its unique type identification is given according to the result of cluster;By the subpoint of the standard piecemeal, the type identification with
Respective rule subset is associated, and generates classification look-up table;By the projection end points and basic interval of the larger piecemeal, the class
Type mark is associated with respective rule subset, generates classification search tree.
In one or more embodiments of the invention, described classification search tree high speed taxon is interior described in which
It is the AVL y-bends balance for constraining (i.e. the difference in height of the left and right subtree of node is up to 1) with rigorous equilibrium to put classification search tree
Range lookup tree;The internal node of the described larger piecemeal projection end points correspondence range lookup tree, basic interval correspondence institute
The leaf node of range lookup tree is stated, node marks corresponding type identification;Described classification search tree high speed taxon
Receive a searching value (such as message partition) as input, and export a classification logotype, category mark is implied and which
Associated rules subset.
In one or more embodiments of the invention, described classification look-up table high speed taxon is interior described in which
Classification look-up table is put for direct index table or hash table;Pass of the described direct index table by (original index value, type identification)
Connection mapping is constituted;Described hash table is made up of the relationship maps of (hashed value of original index value, type identification), is wherein hashed
Value is obtained to certain fixed value (such as 65536) modulus by original index value, and the conflict of the hashed value is solved using chain technique;
Described classification look-up table high speed taxon receives an index value (such as message partition) as input, and exports a class
Do not identify, wherein classification logotype implies rules subset associated there.
In one or more embodiments of the invention, the pretreatment primitive operation that described category set reduction is clustered,
Including:Two or three described category set carries out reduction cluster operation with cartesian product mode, generates a reduction
Category set;Seek common ground to being under the jurisdiction of the regular collection associated by the type identification of two or three described category sets respectively
Create-rule subset, and the rules subset generated by itself and above reduction operation is carried out into cluster operation, and then according to cluster
As a result give its unique type identification;Described reduction cluster operation Unified coding, initial value is 0, and often wheel operation increment is
1, and correspond with the type identification tuple for participating in epicycle reduction cluster operation;By described type identification tuple, described
Reduction cluster operation coding, described new type mark be associated with corresponding rules subset, generate classification reduction and search
Table.
In one or more embodiments of the invention, described classification binary or ternary reduction high speed taxon, bag
Include type identification tuple coding unit described in one and the classification reduction look-up table described in;Described type identification tuple
Coding unit is performed from described binary or three-way type and identifies the mapping that tuple is encoded to described reduction operation, and will be described
Exports coding as described classification reduction look-up table index value;Described classification reduction look-up table is described direct rope
Draw table or described hash table;Described classification binary or ternary reduction high speed taxon receive two or three type identifications
As input, and a classification logotype is exported, wherein classification logotype implies rules subset associated there.
In one or more embodiments of the invention, described multi-stage pipeline pretreatment parallel mechanism structure includes multinuclear
The pretreatment thread pool of CPU bindings, object memory pool and some line task nodes;Each CPU core and described thread pool
In some threads bound, independent scheduling, the phased mission of executed in parallel rule pretreated stream waterline;Described object internal memory
Pond refers to the memory object of some fixed sizes that pre- first to file retains, and the memory object is frequently applied and reclaimed, including
The data objects such as described regular piecemeal interval;Described line task node according to engine configuration parameter and precedence according to
Regular piecemeal longitudinal projection, described subpoint and interval clustering, described category set reduction cluster described in secondary execution etc.
Interim pretreatment primitive operation;Described line task node is located in advance to the described each block phase performed by this node
Reason primitive operation carries out multithreading, parallel processing;Described multi-stage pipeline pretreatment parallel mechanism structure receives regular collection conduct
Input, described regular collection after the process of streamline whole node generate and export described rule match and add
Fast engine matches core.
In one or more embodiments of the invention, described multichannel is searched matching parallel mechanism structure and is looked into by described classification
Look for tree unit, classification look-up table unit and binary or ternary classification search tree and search tree reduction unit, classification look-up table and look into
Look for the combination reduction unit constant pitch of table reduction unit, classification search tree and look-up table reduction unit, reduction unit and reduction unit
Various combination cascade between point is formed, and composition and classification streamline;Described multichannel is searched matching and is adopted and pretreatment flowing water
The similar flow process of line, described each node perform described classification lookup, institute successively according to engine configuration parameter and precedence
The binary stated or the stage sort operation such as ternary reduction and described combination reduction;Described classification streamline node is to this section
The performed described each block phase sort operation of point carries out multichannel and searches matching, parallel processing;Described multichannel lookup
Receive message partition as input with parallel mechanism structure, the process of described message partition through the classification streamline whole node
Afterwards, generate and export the rules subset of final hit.
In one or more embodiments of the invention, described configurable regular pretreatment and rule match accelerate to draw
Hold up using double matching cores, hot standby framework, including main matching core and shadow matching core;Described matching core includes described
Engine configuration parameter and described classification search tree unit, described classification look-up table unit and described classification binary or three
First reduction unit;When rule match is carried out, described multichannel is searched matching parallel mechanism structure and uses the main matching core, described
Main matching core be active, described shadow matching core is standby;When rule set upgrading is carried out, institute
State pretreatment of the rule set through described multi-stage pipeline pretreatment parallel mechanism structure, the shadow matching core is changed and more
Newly, it is activated immediately and seamless hot-swap is new described main matching core, and described former main matching core then becomes described
Shadow matches core, is converted to armed state.
In one or more embodiments of the invention, described rule parsing interface includes that the parsing of rule set relief area connects
Mouth, rule set files parsing interface, wall scroll rule parsing interface and regular piecemeal configuration interface;Wherein, described regular piecemeal
Configuration interface includes that regular piecemeal addition interface, regular piecemeal delete interface, regular piecemeal modification interface and redundant rule elimination interface.
Described rule parsing interface is called by described multi-stage pipeline pretreatment parallel mechanism structure.
In one or more embodiments of the invention, described rule match pretreatment interface includes that regular pretreatment connects
Mouth and rule upgrading pretreatment interface.Multi-stage pipeline pretreatment described in described rule match pretreatment interface interchange is parallel
Mechanism carries out pretreatment or upgrading to regular collection, generates and export described rule match accelerating engine matching core.
In one or more embodiments of the invention, described rule match sort interface drives described multichannel to search
Matching parallel mechanism structure carries out rule match classification, generates and export the rules subset of final hit.
In one or more embodiments of the invention, described rule match engine configuration interface includes engine configuration ginseng
Number interface and engine readjustment registration interface;Described engine configuration parameter includes pipeline series, flowing water node block count at different levels
Amount, flowing water node piecemeal type and classification search pipeline configuration parameter and the reduction operations such as mode (search tree or look-up table)
Table;Described reduction operations table describes classification searching unit described in each piecemeal of the flowing water node at different levels, classification binary
Or the reduction combination between ternary reduction unit and cascade system;The strategy that described reduction combination is adopted includes:1) by logic
The piecemeal of semantic similitude or correlation carries out reduction combination;2) the larger piecemeal described in is logically divided into described standard piecemeal
Two big class, and preferentially reduction combination operation is carried out with the piecemeal of same type;3) it is under the constraints for meeting space complexity, excellent
Described ternary reduction unit is selected first.Described engine configuration parameter interface is used for configuring described engine configuration parameter, and
Described engine readjustment registration interface is used for configuring described wall scroll rule parsing interface to support various different syntax formats
Deep-packet detection rule.
Below in conjunction with accompanying drawing, real-time above-mentioned technical proposal of the invention is illustrated.
Fig. 1 gives configurable regular pretreatment provided in an embodiment of the present invention and rule match accelerating engine and its base
The block diagram of this framework 100 (corresponding to the above-mentioned deep packet detection device towards IPv6 security gateways).As shown in figure 1,
The configurable regular pretreatment and rule match accelerating engine include that main matching core and shadow match double matchings of core
Core cell 102, engine configuration parameter unit 104, pretreatment primitive operation unit 106, classification search high speed taxon
108th, classification reduction high speed taxon 110, multi-stage pipeline pretreatment parallel mechanism structure 112, multichannel search matching parallel mechanism structure
114;The basic framework includes rule parsing interface 116, rule match pretreatment interface 118, rule match sort interface 120
122 grade basic operation interface of interface is configured with rule match engine.
Double matching core cells 102 include main matching core 1 and shadow matching core 2, and the matching core includes
Described engine configuration parameter unit 104, described classification search high speed taxon 108, described classification reduction at a high speed point
Class unit 110, and by described multi-stage pipeline pretreatment parallel mechanism structure 112 according to the engine configuration parameter unit 104
The engine such as pipeline configuration parameter and reduction operations table configuration parameter performs described pretreatment primitive behaviour successively to regular collection
Make the pretreatment primitive operations such as regular piecemeal longitudinal projection, subpoint and interval clustering, the category set reduction cluster of unit 106
And generate, and the engine configuration parameter of the engine configuration parameter unit 104 then configures interface by the rule match engine
122 are configured.When rule match is carried out, described multichannel is searched matching parallel mechanism structure 114 and is used in active state
The main matching core 1, described shadow matching core 2 are standby;When regular collection upgrading is carried out, the rule
Gather the pretreatment through the multi-stage pipeline pretreatment parallel mechanism structure 112, the shadow matching core 2 is by modification and more
Newly, it is activated immediately and seamless hot-swap is new described main matching core, and described former main matching core then becomes described
Shadow matches core, is transferred to armed state.
Fig. 2 is the schematic diagram of the method for partition of the deep-packet detection rule of the embodiment of the present invention.Described deep-packet detection
The method of partition of rule is by the region that the stem regular length of message load is 50 bytes and the area that afterbody regular length is 4 bytes
Domain is defined as feature extracting and matching area, and the form of 2 byte of fixed size specified according to regular domain is divided into some standards
Piecemeal.Meanwhile, the IPv6/IPv4 addresses of heading and transport layer port number are about set to into dividing for the deep-packet detection rule
Block, and using IPv6/IPv4 addresses as single larger piecemeal.The message load should be clear-text message, if IPSec is ESP
Ciphertext or other cryptographic protocol message, then should first pass through TSM Security Agent component and be decrypted.The value of regular piecemeal can be specified
One or more accurate model string, interval value, prefix or regular expressions, for prefix and regular expression, need with weight
Writing technology unification is converted into interval matching.For the fairly large deep-packet detection regular collection, regular collection can be split
For multiple subsets, the multiple rule match micro engines of instantiation, and reduce the space requirement of engine using memory compression technology.
The pretreatment primitive operation unit 106 includes regular piecemeal longitudinal projection, subpoint and interval clustering, classification collection
The pretreatment primitive operations such as reduction cluster are closed, and is driven by the multi-stage pipeline pretreatment parallel mechanism structure 112.
As shown in Figure 3 a, 3 b, regular piecemeal is projected on transverse axis by the operation, generates end points sequence and piecemeal codomain
Spatial integrity is divided into nonoverlapping some basic intervals.Wherein, Fig. 3 a give certain of four rule R0, R1, R2 and R3
The example that piecemeal is projected on transverse axis, wherein, right half side 304 are piecemeal projection under normal circumstances, and left half side 302 is neighbours end
Piecemeal projection under point combination situation.The right endpoint 159 of R0 piecemeals and left end point 160, the right endpoint 127 of R3 piecemeals of R1 piecemeals
Belong to neighbours' end points with the left end point 128 of R2 piecemeals, after neighbours' end points union operation, projection end points quantity reduces two.
Fig. 3 b give the projection example of multiple codomains of the wall scroll same piecemeal of rule, four codomains S0, S1 of the regular piecemeal, S2 and
S3 respectively according to including, intersect, it is adjacent or the position relationship such as be kept completely separate, empty projection end is eliminated by horizontal meaders operation
Point, reduces the real projection end points and basic interval quantity for ultimately generating.The regular piecemeal longitudinal projection operation is realized most
The classification for being generated eventually searches the beta pruning optimization of the interval classification balance search tree included by high speed taxon 108, from
And improve the efficiency of rule match search procedure.
As shown in figs. 4a-d, the classification searches high speed taxon 108 includes that classification search tree unit 402 and classification are looked into
Table unit 404 is looked for, respectively by the subpoint and interval clustering primitive operation of the pretreatment primitive operation unit 106 to institute
The projection end points sequence and basic interval for stating larger regular piecemeal and the standard rule piecemeal carries out pretreatment and is generated.
In one embodiment of the invention, the classification search tree unit 402 with length between 16 and 128
Integer searching value as input, export the integer class label that length is 16, the realization of unit internal searching logic adopts AVL
Interval classification balanced binary search tree mode.As shown in figure 5, the built-in AVL intervals class of the classification search tree unit 402
The projection end points sequence of the internal node rule of correspondence piecemeal R0~R7 of other balanced binary search tree, leaf node correspondence constitute rule
Then piecemeal Value space [0,2128- 1] basic interval, each node mark affiliated rule confidence classification logotype C0~C7, should
Classification logotype implies rules subset associated there.The classification look-up table unit 404 is with length between 16 and 24
Between integer searching value as input, export the integer class label that length is 16, unit is built-in by (index value, type mark
Know) the direct classification index that constituted of relationship maps table look-up or hash table.
As shown in figure 4, the classification reduction high speed taxon 110 includes classification binary reduction unit 406 and classification three
First reduction unit 408, clusters primitive operation to described by the category set reduction of the pretreatment primitive operation unit 106
It is pre- that two or three category sets such as classification search tree, the classification look-up table and the reduction category set carry out reduction cluster
Process is generated.The classification binary reduction unit 406 or classification ternary reduction unit 408 are with two or three length as 16
Integer classification searching value as input, export the integer class label that length is 16, the realization of unit internal logic adopts institute
The type identification tuple coding unit stated cascades the mode of the classification reduction look-up table.
As shown in fig. 6, the multi-stage pipeline pretreatment parallel mechanism structure 112 includes the pretreatment thread of multi-core CPU binding
Pond, object memory pool and streamline first order node 602, streamline intermediate node 604 and streamline penult 606, and
It is called by the rule match pretreatment interface 118.The multi-stage pipeline pretreatment parallel mechanism structure 112 is to regular collection
The main flow for carrying out pretreatment is as follows:
Step 1, reads the flowing water that system configuration parameter and the engine configuration parameter units 104 such as CPU core calculation are included
Line parameter, creates the preprocessing tasks thread pool, and thread is sequentially allocated corresponding core cpu and bound;
Step 2, into streamline first order node 602:
Step 21, selectes the shadow core of the rule match engine, and the preprocessing process of rule set will be to the matching
Core is updated or upgrades, to enable new matched rule collection;
Step 22, loading and resolution rules collection, call the rule parsing interface 116, from rule set relief area or file
Descriptor is successively read wall scroll rule, and according to the regular method of partition parsing and segmentation rule string, each piecemeal of decimation rule is simultaneously
The regular piecemeal is added to into pending regular piecemeal chained list;
Step 23, circulation read the pending piecemeal queue of this grade of flowing water node 602:If there is pending piecemeal, will
Partitioning pretreatment task puts into the thread pool, and execution step step 24-25;If without piecemeal, going to the streamline
Next stage node;
Step 24, if piecemeal is standard scores block type, performs following operation:
A) the described regular piecemeal that regular piecemeal is carried out on transverse axis the pretreatment primitive operation unit 106 is longitudinally thrown
Shadow operation, the projection end points sequence of create-rule set and basic interval;
B) for each end points or basic interval in projection end points sequence, perform the pretreatment primitive operation unit
106 subpoint is operated with interval clustering, generates rules subset and the class for associating comprising the end points or basic interval
Do not identify;
C) relationship maps of the subpoint, the type identification and respective rule subset of the standard piecemeal are set up, is generated
The classification look-up table unit 404;
Step 25, if piecemeal is larger piecemeal type, performs following operation:
A) the described regular piecemeal that regular piecemeal is carried out on transverse axis the pretreatment primitive operation unit 106 is longitudinally thrown
Shadow is operated, and by projecting the optimization methods such as interval neighbours' end points merging and horizontal meaders, generates minimum regular collection projection
End points sequence and basic interval;
B) based on projection end points sequence, generate the internal node comprising monodrome and the leaf comprising interval value in the search tree
Child node, and and then generate AVL intervals balanced binary search tree;
C) for the internal node and leaf node of search tree, perform the described of the pretreatment primitive operation unit 106
Subpoint is operated with interval clustering, generates the rules subset comprising the node and the classification logotype for associating;
D) node, the type identification and respective rule subset are associated, generate the classification search tree list
Unit 402;
Step 3, into streamline intermediate node 604 to penult 606, performs following walking to every grade of flowing water node circulation
Suddenly:
Step 31, circulation read the pending piecemeal queue of this grade of flowing water node:If there is pending piecemeal, by piecemeal
Preprocessing tasks put into the thread pool, and execution step 32-34;If without piecemeal, going to the streamline next stage section
Point;
Step 32, according to the reduction operations table parameter that the engine configuration parameter unit 104 is included, reads this grade of flowing water section
In point, this piecemeal carries out the corresponding sub-block cluster category set of flowing water node before needed for reduction operation;
Step 33, according to described reduction operations table, carries out the category set reduction operations to this piecemeal:
If a) this piecemeal should carry out binary reduction operations, successively to the whole belonging to two piecemeals of prime flowing water node
Category set carries out the category set reduction cluster primitive operation of the pretreatment primitive operation unit 106, and each two is special
The regular collection for determining classification generates described reductive rule subset, the type identification of association and described reduction cluster operation unification
Coding;
If b) this piecemeal should carry out ternary reduction operations, successively to the whole belonging to three piecemeals of prime flowing water node
Category set carries out the category set reduction cluster primitive operation of the pretreatment primitive operation unit 106, special per three
The regular collection for determining classification generates described reductive rule subset, the type identification of association and described reduction cluster operation unification
Coding;
Step 34, by described type identification tuple, described reduction cluster operation coding, described type identification and phase
The reductive rule subset answered is associated, and generates the classification binary reduction unit 406 and the classification ternary reduction list respectively
Unit 408;
Step 4, after the process of streamline whole node, regular collection has completed preprocessing process.
The multichannel searches matching parallel mechanism structure 114 by the classification search tree unit 402, the classification look-up table unit
404 with the classification binary reduction unit 406, the classification ternary reduction unit 408 according to the engine configuration parameter unit
The 104 engine configuration parameters for arranging are combined cascade and are constituted, and return including classification search tree and the search tree of binary or ternary
About unit, classification look-up table and look-up table reduction unit, classification search tree and look-up table reduction unit, reduction unit and reduction list
The combination reduction unit of unit.The multichannel searches matching 114 composition and classification streamline of parallel mechanism structure, and wherein, the classification is searched
Unit belongs to the first order node of the classification streamline, and the classification reduction unit belongs to the second level of the classification streamline
Node is to penult.
Shown in Fig. 7 a-b, the classification search tree described in Fig. 7 a is with classification search tree binary reduction unit by two classifications
Search tree unit 702,704 is formed with a cascade of classification binary reduction unit 706, realizes a kind of classification search tree list
Unit -- the binary reduction operations of search tree unit combined in parallel.The classification search tree unit 702 and 704 is with message to be sorted point
Block is used as input, and will search the classification logotype for obtaining as output feeding next stage node classification binary reduction unit 706, Jing
New classification logotype is exported after crossing binary reduction search operation.Classification binary reduction unit described in Fig. 7 b and classification binary reduction
The combination reduction unit of unit is by two classification binary reduction units, 708,710 and classification binary reduction unit
712 cascades are formed, and realize a kind of classification binary reduction unit -- the binary reduction operations of binary reduction unit combined in parallel.Institute
Classification binary reduction unit 708 and 710 is stated using the classification logotype output of even higher level of node as input, and binary reduction is searched
The classification logotype for obtaining sends into next stage node classification binary reduction unit 712 as output, through binary reduction search operation
New classification logotype is exported afterwards.
Fig. 8 is the schematic diagram of the rule match accelerating engine of the embodiment of the present invention, as shown in figure 8, the rule match adds
Fast engine 800 is searched the three-level classification streamline of matching parallel mechanism structure and is constituted by the multichannel, externally provides 7 message partitions defeated
Enter and 1 classification output.The pipeline parameter is set to:The streamline first order node includes 7 classification searching units,
Including 3 classification search tree units (811,812,813) and 4 classification look-up table units (814,815,816,817), point
Not Dui Ying 7 regular piecemeals, and receive corresponding message partition input;Streamline second level node is returned comprising 3 classifications
About unit, including 2 classifications binary reduction unit (821,823) and 1 classification ternary reduction unit 822;The flowing water
Line third level node is penult, including 1 classification ternary reduction unit 831.The reduction operations table parameter is set to:Institute
State classification searching unit 811,812 to be combined and cascade with the classification binary reduction unit 821, the classification searching unit
813rd, 814,815 it is combined and cascades with the classification ternary reduction unit 822, the classification searching unit 816,817 is entered
Row combination is simultaneously cascaded with the classification binary reduction unit 823, the classification reduction unit 821,822,823 be combined and with
The classification ternary reduction unit 831 is cascaded.The message partition of 800 pairs of inputs of the rule match accelerating engine carries out class successively
, classification reduction operation the classification logotype and the rules subset for associating of hit Cha Zhao not be exported.
The main flow that the rule match accelerating engine 800 carries out rule match is as follows:
Step 1, by input message to be sorted carry out piecemeal, be divided into successively 128 piecemeals, 801,128 piecemeals 802,
32 805,16 piecemeals 806 of the piecemeal of piecemeal 804,16 of piecemeal 803,16 and 16 piecemeals 807, call the rule match
Sort interface 120 carries out rule match classification, and and then drives the multichannel to search the three-level classification flowing water of matching parallel mechanism structure
Line;
Step 2, into classification streamline first order node:The input classification search tree of piecemeal 801 unit 811, lookup is obtained
And export classification logotype CID1;The input classification search tree of piecemeal 802 unit 812, lookup is obtained and exports classification logotype CID2;Point
The input classification search tree of block 803 unit 813, lookup is obtained and exports classification logotype CID3;The input classification of piecemeal 804 searches list
Unit 814, lookup obtain and export classification logotype CID4;The input classification of piecemeal 805 look-up table unit 815, lookup is obtained and is exported
Classification logotype CID5;The input classification of piecemeal 806 look-up table unit 816, lookup is obtained and exports classification logotype CID6;Piecemeal 807 is defeated
Enter classification look-up table unit 817, lookup is obtained and exports classification logotype CID7;
Step 3, into classification streamline second level node:The output CID of streamline first order node1And CID2Send into class
Other binary reduction unit 821, exports classification logotype CID after binary reduction search operation8;Streamline first order node it is defeated
Go out CID3、CID4And CID5Classification ternary reduction unit 822 is sent into, and classification logotype is exported after ternary reduction search operation
CID9;The output CID of streamline first order node6And CID7Classification binary reduction unit 823 is sent into, is searched through binary reduction
Classification logotype CID is exported after operation10;
Step 4, into classification streamline third level node:The output CID of streamline second level node8、CID9And CID10
Classification ternary reduction unit 831 is sent into, final classification logotype CID is exported after ternary reduction search operation.
In sum, by means of the technical scheme of the embodiment of the present invention, the deep-packet detection to IPv6 networks can be realized.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the present invention to the present invention
God and scope.So, if these modifications of the present invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of deep packet detection device towards IPv6 security gateways, it is characterised in that include:Double matching core cells
(102) multi-stage pipeline for, and with double matchings core cell (102) being connected and being called by basic operation interface
Pretreatment parallel mechanism structure (112), and multichannel search matching parallel mechanism structure (114), wherein, double matchings core cell (102)
Including main matching core (1) and shadow matching core (2), main matching core (1) and shadow matching core (2) difference
Including engine configuration parameter unit (104), pretreatment primitive operation unit (106), classification search high speed taxon (108),
Classification reduction high speed taxon (110), the basic operation interface include:Rule parsing interface (116), rule match are located in advance
Reason interface (118), rule match sort interface (120) and rule match engine configuration interface (122);
Engine configuration parameter unit (104), configure to engine for configuring interface (122) by the rule match engine
Parameter is configured;
Pretreatment primitive operation unit (106), it is for carrying out pretreatment primitive operation to regular collection, wherein, described pre-
Processing primitive operation includes:Regular piecemeal longitudinal projection, subpoint and interval clustering and category set reduction cluster;
The classification searches high speed taxon (108) includes classification search tree unit (402) and classification look-up table unit
(404), the classification in the classification search tree and the classification look-up table unit (404) in classification search tree unit (402)
Look-up table is operated to larger rule point by the subpoint and interval clustering of pretreatment primitive operation unit (106) respectively
The projection end points sequence of block and standard rule piecemeal and basic interval carry out pretreatment and are generated;
The classification reduction high speed taxon (110) includes classification binary reduction unit (406) and classification ternary reduction unit
(408), the classification binary reduction unit (406) and the classification ternary reduction unit (408) are grasped by the pretreatment primitive
Make the category set reduction cluster operation of unit (106) to the classification search tree, the classification look-up table and reduction class
Not Ji He in two or three category sets carry out reduction cluster preprocessing and generated;
Multi-stage pipeline pretreatment parallel mechanism structure (112), are called by rule match pretreatment interface (118),
For according to pipeline configuration parameter create preprocessing tasks thread pool, and by the thread in the preprocessing tasks thread pool according to
Sub-distribution is bound to corresponding core cpu, selectes shadow matching core (2) of double matchings core cell (102), leads to
The regular collection that described rule parsing interface (116) load shadow matching core (2) is crossed, the regular collection is carried out point
Block, calls pretreatment primitive operation unit (106) successively according to the engine configuration parameter to the regular collection after piecemeal
The operation of regular piecemeal longitudinal projection, subpoint and interval clustering operation, and category set reduction cluster operation, by the shadow
The matched rule collection of son matching core (2) is upgraded or is updated, and activates shadow matching core (2) and is switched to institute
Main matching core (1) is stated, new matched rule collection is enabled, and former main matching core is then switched to shadow matching core and is transferred to
Armed state;
The multichannel is searched matching parallel mechanism structure (114) and is called by rule match sort interface (120), described many
Matching parallel mechanism structure (114) is searched by classification search tree unit (402), the classification look-up table unit (404), described in road
Classification binary reduction unit (406), and the classification ternary reduction unit (408) according to the engine configuration parameter unit
(104) the engine configuration parameter for arranging is combined cascade and is constituted, including the classification search tree and search tree of binary or ternary
Reduction unit, classification look-up table and look-up table reduction unit, classification search tree and look-up table reduction unit and reduction unit with
The combination reduction unit of reduction unit, wherein, the multichannel searches matching parallel mechanism structure (114) by classification searching unit and classification
Reduction unit constitutes multiclass classification streamline, and the classification searching unit belongs to the first order section of the multiclass classification streamline
Point, the classification reduction unit belong to the second level node of the multiclass classification streamline to penult, and the multichannel is searched
Matching parallel mechanism structure (114) carries out classification lookup, class for the message to be sorted of input is carried out piecemeal successively to message partition
Other reduction operation simultaneously exports the classification logotype and the rules subset for associating of hit.
2. device as claimed in claim 1, it is characterised in that the multichannel search matching parallel mechanism structure (114) specifically for:
The region definition of the region of the stem regular length of the message load of the message to be sorted of input and afterbody regular length is characterized
Signature is extracted and Matching band, and the fixed size specified according to regular domain is divided into some standard rule piecemeals;By IPv6 addresses
About it is set to the piecemeal of deep-packet detection rule with transport layer port number, and using IPv6 addresses as individually larger rule point
Block.
3. device as claimed in claim 1, it is characterised in that multi-stage pipeline pretreatment parallel mechanism structure (112) are concrete
For:The regular collection is carried out according to one or more specified accurate model string, interval value, prefix or regular expression
Piecemeal.
4. device as claimed in claim 2, it is characterised in that pretreatment primitive operation unit (106) specifically for:
Regular piecemeal longitudinal projection operation:By regular piecemeal on transverse axis longitudinal projection, to piecemeal projection end points be ranked up with
Union operation, the end points sequence of create-rule piecemeal;The projection of the same piecemeal of Different Rule is interval, if adjacent interval before and after which
Between proparea, between right endpoint and back zone, left end point belongs to neighbours' end points, then the two end points are merged into an end points;Wall scroll rule
Multiple projections of same piecemeal are interval, according to the position relationship between interval, carry out interval horizontal meaders to which, eliminate merged
Empty projection end points;If piecemeal Value space full segmentation is nonoverlapping butt by the regular piecemeal end points sequence according to acquisition
This interval;
Subpoint is operated with interval clustering:For each end points in regular piecemeal end points sequence or interval, traversal rule successively
Set, generates the rules subset comprising the end points or interval, and its rules subset for having been generated with above end points or interval is entered
Row cluster, gives its unique type identification according to the result of cluster;By the subpoint of the standard rule piecemeal, the type
Mark is associated with respective rule subset, generates classification look-up table;By the projection end points of the larger regular piecemeal and substantially
Interval, described type identification and respective rule subset are associated, and generate classification search tree;
Category set reduction cluster operation:Two or three category sets are carried out into reduction cluster behaviour with cartesian product mode
Make, generate a reduction category set;To being under the jurisdiction of associated by the type identification of two or three described category sets respectively
Regular collection seek common ground create-rule subset, and the rules subset generated by itself and above reduction operation is carried out into cluster behaviour
Make, and then its unique type identification is given according to the result of cluster;And the type mark with participation epicycle reduction cluster operation
Know tuple to correspond;Type identification tuple, reduction cluster operation coding, new type mark are carried out with corresponding rules subset
Association, generates classification reduction look-up table.
5. device as claimed in claim 2, it is characterised in that classification search tree unit (402) built-in classification is searched
Tree is the interval search tree of AVL y-bends balance with rigorous equilibrium constraint;Described larger regular piecemeal projection end points correspondence institute
The internal node of range lookup tree is stated, the leaf node of the basic interval correspondence range lookup tree, node are marked accordingly
Type identification;
Classification search tree unit (402) specifically for:A searching value is received as input, and exports a classification mark
Know, category mark implies rules subset associated there.
6. device as claimed in claim 1, it is characterised in that classification look-up table unit (404) built-in classification is searched
Table is direct index table or hash table;The direct index table is made up of the relationship maps of original index value and type identification;Institute
State hash table to be made up of the hashed value of original index value and the relationship maps of type identification, wherein hashed value is by original index value pair
Certain fixed value modulus and obtain, the conflict of the hashed value is solved using chain technique;
Classification look-up table unit (404) specifically for:An index value is received as input, and exports a classification mark
Know, wherein classification logotype implies rules subset associated there.
7. device as claimed in claim 1, it is characterised in that the classification binary reduction unit (406) or the classification three
First reduction unit (408) include a type identification tuple coding unit and a classification reduction look-up table;The type identification
Tuple coding unit is performed from binary or the three-way type mark mapping that encodes to reduction operation of tuple, and using exports coding as
The index value of classification reduction look-up table;Described classification reduction look-up table is direct index table or hash table;
The classification binary reduction unit (406) or the classification ternary reduction unit (408) specifically for:Receive two or three
Individual type identification is used as input, and exports a classification logotype, and wherein classification logotype implies rules subset associated there.
8. device as claimed in claim 1, it is characterised in that multi-stage pipeline pretreatment parallel mechanism structure (112) include
The pretreatment thread pool of multi-core CPU binding, object memory pool and some line task nodes;Each CPU core and the thread
In pond, some threads are bound, independent scheduling, the phased mission of executed in parallel rule pretreated stream waterline;The object internal memory
Pond refers to the memory object of some fixed sizes that pre- first to file retains, and the memory object is frequently applied and reclaimed;It is described
Line task node according to engine configuration parameter and precedence call successively executing rule piecemeal longitudinal projection operation, institute
The subpoint stated and interval clustering operation, and category set reduction cluster operation;Described line task node is to this section
The performed each block phase pretreatment primitive operation of point carries out multithreading, parallel processing;
Multi-stage pipeline pretreatment parallel mechanism structure (112) specifically for:Regular collection is received as input, the rule set
Close after the process of streamline whole node, generate and export rule match accelerating engine matching core.
9. device as claimed in claim 1, it is characterised in that the multichannel searches described point of matching parallel mechanism structure (114)
Class streamline node carries out multichannel and searches matching and parallel processing to each block phase sort operation performed by this node;
The multichannel search matching parallel mechanism structure (114) specifically for:Message partition is received as input, described message partition
After the process of the classification streamline whole node, the rules subset of final hit is generated and exports.
10. device as claimed in claim 1, it is characterised in that the engine configuration parameter includes:Pipeline configuration parameter,
And reduction operations table, the pipeline configuration parameter includes:Pipeline series, flowing water node piecemeal quantity at different levels, flowing water section
Point piecemeal type and classification search mode, and wherein, the reduction operations table describes each piecemeal of the flowing water node at different levels
Reduction combination and cascade system between classification searching unit, classification binary or ternary reduction unit;Described reduction combination is adopted
Strategy includes:Logical semantics similar or related piecemeal is carried out into reduction combination;Larger regular piecemeal and standard rule point
Block is logically divided into two big class, and preferentially carries out reduction combination operation with the piecemeal of same type;Meeting space complexity
Under constraints, ternary reduction unit is preferentially selected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410286319.5A CN104104557B (en) | 2014-06-24 | 2014-06-24 | Deep packet detection device orienting IPv6 security gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410286319.5A CN104104557B (en) | 2014-06-24 | 2014-06-24 | Deep packet detection device orienting IPv6 security gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104104557A CN104104557A (en) | 2014-10-15 |
| CN104104557B true CN104104557B (en) | 2017-03-22 |
Family
ID=51672377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410286319.5A Active CN104104557B (en) | 2014-06-24 | 2014-06-24 | Deep packet detection device orienting IPv6 security gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104104557B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106470166A (en) * | 2015-08-19 | 2017-03-01 | 深圳中兴网信科技有限公司 | A kind for the treatment of method and apparatus of data communication message |
| CN110381034B (en) * | 2019-06-25 | 2022-02-22 | 苏州浪潮智能科技有限公司 | Message processing method, device, equipment and readable storage medium |
| CN112087532B (en) * | 2020-08-28 | 2023-04-07 | 中国移动通信集团黑龙江有限公司 | Information acquisition method, device, equipment and storage medium |
| CN112307279B (en) * | 2020-10-29 | 2024-09-20 | 广东宜通联云智能信息有限公司 | DPI service identification method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102075430A (en) * | 2011-01-25 | 2011-05-25 | 无锡网芯科技有限公司 | Compression and message matching method for deep message detection deterministic finite automation (DFA) state transfer tables |
| CN102497297A (en) * | 2011-12-13 | 2012-06-13 | 曙光信息产业(北京)有限公司 | System and method for realizing deep packet inspection technology based on multi-core and multi-thread |
| CN103281158A (en) * | 2013-05-13 | 2013-09-04 | 昊优明镝(天津)科技有限公司 | Method for detecting communication granularity of deep web and detection equipment thereof |
| US8601567B2 (en) * | 2009-05-08 | 2013-12-03 | At&T Intellectual Property I, L.P. | Firewall for tunneled IPv6 traffic |
-
2014
- 2014-06-24 CN CN201410286319.5A patent/CN104104557B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8601567B2 (en) * | 2009-05-08 | 2013-12-03 | At&T Intellectual Property I, L.P. | Firewall for tunneled IPv6 traffic |
| CN102075430A (en) * | 2011-01-25 | 2011-05-25 | 无锡网芯科技有限公司 | Compression and message matching method for deep message detection deterministic finite automation (DFA) state transfer tables |
| CN102497297A (en) * | 2011-12-13 | 2012-06-13 | 曙光信息产业(北京)有限公司 | System and method for realizing deep packet inspection technology based on multi-core and multi-thread |
| CN103281158A (en) * | 2013-05-13 | 2013-09-04 | 昊优明镝(天津)科技有限公司 | Method for detecting communication granularity of deep web and detection equipment thereof |
Non-Patent Citations (1)
| Title |
|---|
| 高速低功耗深度报文检测方法;朱国胜;《通信学报》;20110430;第32卷(第4期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104104557A (en) | 2014-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lerner et al. | The Case for Network Accelerated Query Processing. | |
| Kogan et al. | SAX-PAC (scalable and expressive packet classification) | |
| Tong et al. | Accelerating decision tree based traffic classification on FPGA and multicore platforms | |
| US8335780B2 (en) | Scalable high speed relational processor for databases and networks | |
| US10083200B2 (en) | Batch incremental update | |
| CN104104557B (en) | Deep packet detection device orienting IPv6 security gateway | |
| CN108259371A (en) | A kind of network flow data analysis method and device based on stream process | |
| CN106776456B (en) | High speed regular expression matching hybrid system and method based on FPGA+NPU | |
| Kogan et al. | Exploiting order independence for scalable and expressive packet classification | |
| US9595003B1 (en) | Compiler with mask nodes | |
| CN102523219B (en) | Regular expression matching system and regular expression matching method | |
| CN104361296B (en) | A kind of lookup method of parallel Large Copacity accesses control list | |
| CN102938000A (en) | Unlocked flow table routing lookup algorithm adopting high-speed parallel execution manner | |
| CN102932203A (en) | Method and device for inspecting deep packets among heterogeneous platforms | |
| Li et al. | TabTree: A TSS-assisted bit-selecting tree scheme for packet classification with balanced rule mapping | |
| CN102819569A (en) | Matching method for data in distributed interactive simulation system | |
| US20140114995A1 (en) | Scalable high speed relational processor for databases and networks | |
| CN106209614A (en) | A kind of net packet classifying method and device | |
| Hsieh et al. | Scalable many-field packet classification for traffic steering in SDN switches | |
| CN109672623A (en) | A kind of message processing method and device | |
| Chang et al. | TCAM-based multi-match packet classification using multidimensional rule layering | |
| CN103312627A (en) | Regular expression matching method based on two-level storage | |
| Xin et al. | FPGA-based updatable packet classification using TSS-combined bit-selecting tree | |
| Meiners et al. | Hardware based packet classification for high speed internet routers | |
| US9900409B2 (en) | Classification engine for data packet classification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100085 Beijing, East Road, No. 1, building on the north side of the building, Room 301, room 3 Applicant after: Beijing heaven melts letter Science Technologies Co., Ltd. Address before: 100085 Beijing, East Road, No. 1, building on the north side of the building, Room 301, room 3 Applicant before: BEIJING TOPSEC TECHNOLOGY CO., LTD. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: BEIJING TOPSEC TECHNOLOGY CO., LTD. TO: BEIJING HEAVEN MELTS LETTER SCIENCE TECHNOLOGIES CO., LTD. |
|
| CB02 | Change of applicant information |
Address after: 100085 Beijing, East Road, No. 1, building on the north side of the building, Room 301, room 3 Applicant after: BEIJING TOPSEC TECHNOLOGY CO., LTD. Address before: 100085 Beijing, East Road, No. 1, building on the north side of the building, Room 301, room 3 Applicant before: Beijing heaven melts letter Science Technologies Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| CB02 | Change of applicant information |
Address after: 100085 Beijing, East Road, No. 1, building on the north side of the building, Room 301, room 3 Applicant after: Beijing heaven melts letter Science Technologies Co., Ltd. Address before: 100085 Beijing, East Road, No. 1, building on the north side of the building, Room 301, room 3 Applicant before: BEIJING TOPSEC TECHNOLOGY CO., LTD. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |