CN104363115B - A kind of DPI is without lock stream mode management method and system - Google Patents

A kind of DPI is without lock stream mode management method and system Download PDF

Info

Publication number
CN104363115B
CN104363115B CN201410598932.0A CN201410598932A CN104363115B CN 104363115 B CN104363115 B CN 104363115B CN 201410598932 A CN201410598932 A CN 201410598932A CN 104363115 B CN104363115 B CN 104363115B
Authority
CN
China
Prior art keywords
stream
process thread
information
flow
data flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410598932.0A
Other languages
Chinese (zh)
Other versions
CN104363115A (en
Inventor
刘永强
吕恩泳
沈智杰
景晓军
唐新民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SURFILTER NETWORK TECHNOLOGY Co Ltd
Original Assignee
SURFILTER NETWORK TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SURFILTER NETWORK TECHNOLOGY Co Ltd filed Critical SURFILTER NETWORK TECHNOLOGY Co Ltd
Priority to CN201410598932.0A priority Critical patent/CN104363115B/en
Publication of CN104363115A publication Critical patent/CN104363115A/en
Application granted granted Critical
Publication of CN104363115B publication Critical patent/CN104363115B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiments of the invention provide a kind of DPI without lock stream mode management method and system, when stream process thread has data flow to need processing, the stream process thread searches the corresponding stream information of the data flow from flow state information table;When searching, if during stream information of the stream information not correspond to the data flow, stream process thread carries out timeout treatment to the stream information.When no flow data needs processing, stream process thread can also trigger an extremely short timeout treatment process, carry out timeout treatment.So allow for so that DPI systems without using extra data stream management thread come Convection states information table carry out timeout treatment, without frequently lock and unlock, greatly improve the performance of system.

Description

A kind of DPI is without lock stream mode management method and system
Technical field
The present invention relates to network management technology, more particularly to a kind of DPI is without lock stream mode management method and system.
Background technology
DPI technologies, i.e. DPI (Deep Packet Inspection) deep packet inspection technical is a kind of based on application layer Flow detection and control technology, when IP packets, TCP or UDP message stream are by bandwidth management system based on DPI technologies, The system is recombinated by the content of deep reading IP payload packages to the application layer message in the layer protocols of OSI seven, so that To the content of whole application program, the management strategy then defined according to system carries out shaping operation to flow.
Possess the identification of Network data flow, Network data flow control ability, work using the DPI systems of DPI technologies Make in transport network layer to application layer, with high data-handling capacity, the business that can be carried to network is identified and flowed Buret is managed, and can be deployed in the network system of network backbone layer, Metropolitan Area Network (MAN) and enterprises.DPI systems are typically used as big flow net Data flow regression analysis and traffic statistics under network environment, generally by the way of multithreading, parallel processing mass data flow. Each thread is needed to safeguard the flow state information table of each gravity flow in the design of DPI systems(Flow state information table is typically to be used for depositing Store up the stream information of data flow, i.e. data flow and be in some of business state and statistics and the relevant information set), need simultaneously The state of the data flow preserved in extra thread Convection states information table carries out state processing, i.e., when data flow time-out terminates When, it should its corresponding stream information is deleted from flow state information table.
The present inventor has found in the research and practice to existing DPI system operation methods, in existing method The state for needing extra data stream management thread to carry out data flow specially to being preserved in the flow state information table of each stream is entered Row timeout treatment, such data stream management thread and Data Stream Processing cross-thread need to lock data flow state information table Protection, it is this frequently to lock and unlock in the case of massive dataflow, very big performance loss will be brought.
The content of the invention
The embodiment of the present invention provides a kind of DPI without lock stream mode management method and system so that DPI systems are without using volume Outer data stream management thread carrys out Convection states information table and carries out timeout treatment, without frequently locking and unlocking, greatly The performance of raising system.
In view of this, the embodiment of the present invention is provided:
A kind of DPI stream modes management method, including:
When stream process thread has data flow to need processing, the stream process thread is searched described from flow state information table The corresponding stream information of data flow;
When searching, if during stream information of the stream information not correspond to the data flow, stream process thread is believed the stream Breath carries out timeout treatment.
A kind of DPI systems, including:
Stream process thread, the stream process thread includes searching modul, flow state information table module and timeout treatment module;Institute Stream process thread is stated when there is data flow to need processing, the searching modul can search the number from flow state information table module According to the corresponding stream information of stream;
When searching, if during stream information of the stream information not correspond to the data flow, timeout treatment module is to the stream Information carries out timeout treatment.
The embodiments of the invention provide a kind of DPI without lock stream mode management method and system, this method is by data flow state Time-out check be distributed in the lookup of data stream list each time, execution is responsible for by stream process thread, therefore this method eliminates Extra data stream management thread so that DPI systems carry out Convection states information table without using extra data stream management thread Timeout treatment is carried out, without frequently locking and unlocking, the performance of system is greatly improved.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be attached to what is used required in embodiment Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this area For those of ordinary skill, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the method flow diagram of the embodiment of the present invention one;
Fig. 2 is the method flow diagram of the embodiment of the present invention two;
Fig. 3 is the DPI system construction drawings of the embodiment of the present invention two.
Embodiment
The embodiment of the present invention provides a kind of DPI without lock stream mode management method and system so that DPI systems are without using volume Outer data stream management thread carrys out Convection states information table and carries out timeout treatment, without frequently locking and unlocking, greatly The performance of raising system.
To enable goal of the invention, feature, the advantage of the present invention more obvious and understandable, below in conjunction with the present invention Accompanying drawing in embodiment, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that disclosed below Embodiment be only a part of embodiment of the invention, and not all embodiments.Based on the embodiment in the present invention, this area The every other embodiment that technical staff is obtained, belongs to the scope of protection of the invention.
As shown in figure 1, being the method flow diagram of the embodiment of the present invention one, illustrated with reference to this figure.This method Including two steps:
101st, when stream process thread has data flow to need processing, the stream process thread is searched from flow state information table The corresponding stream information of the data flow;
102nd, when searching, if during stream information of the stream information not correspond to the data flow, stream process thread is to described Stream information carries out timeout treatment.
It should be noted that can search in order when stream process thread searches the stream information of the data flow, can also Make random lookup, specific lookup mode is simultaneously not understood to limitation of the present invention.
It should be noted that the flow state information table is that the stream process thread is proprietary, for recording the stream process The stream information of the flow data of thread process.Each stream process thread possesses the flow state information table of oneself, it is impossible to handle its elsewhere The flow state information table of thread is managed, the flow state information table of the processing thread can not be by other stream process thread process.
When there is a plurality of stream process thread, every stream process thread has respective flow state information table.
In embodiments of the present invention there is provided a kind of DPI without lock stream mode management method, this method is by data flow state Time-out check is distributed in the lookup of the stream information of data flow each time, and execution is responsible for by stream process thread, therefore this method disappears Data stream management thread except for an additional so that DPI systems carry out Convection states letter without using extra data stream management thread Cease table and carry out timeout treatment, without frequently locking and unlocking, greatly improve the performance of system.
With reference to the flow chart shown in Fig. 2, the embodiment of the present invention two is illustrated.Including these following steps:
201st, when stream process thread has data flow to need processing, the stream process thread is from the proprietary stream mode of the thread In order of numbers searches the corresponding stream information of the data flow in information table 202.In preferred embodiment, flow as shown in Figure 2 2. The stream information to be searched, when searching through excessively stream 1., due to stream 1. for not to should data flow stream information, then stream process thread 1. convection current carries out stream mode processing 203(Time-out is detected whether, if time-out is deleted).The meeting when 2. stream process thread finds stream 2. convection current carries out next step operation(Perform step 204).In preferred embodiment, the corresponding stream information stream of data flow is being found 2. Afterwards, stream process thread will not convection current be 3. again and other stream informations carry out stream mode processing, to save performance.
204th, due to stream stream information 2. be to should data flow stream information, then stream process thread terminate to search and update The stream information of the stream 2., then stream process thread carries out data flow regression analysis according to the stream information of stream 2. and/or flow is united Meter.
It should be noted that the stream information in flow state information table 202 can be number in order arrangement or by Certain is regularly arranged, and is not understood to the limitation to the embodiment of the present invention.And wherein, stream process thread searches the stream of the data flow Can search in order or make random lookup or by certain rule searching, specifically look into during information Look for mode and be not understood to limitation of the present invention.
Wherein, may be used also in step 204 in addition to carrying out data flow regression analysis and/or traffic statistics the two operations To be other operations, it is not construed as limiting herein.
Operation more than, the time-out check of data flow state is distributed in the lookup of data stream list each time, by Stream process thread is responsible for execution, therefore this method eliminates extra data stream management thread so that DPI systems are without using volume Outer data stream management thread carrys out Convection states information table and carries out timeout treatment, without frequently locking and unlocking, greatly The performance of raising system.
Further, when not having Data Stream Processing, stream process thread thread performs step 205, i.e. stream process thread pair Stream in flow state information table 202 4., stream 5., stream stream information 6. carry out stream mode processing 203.
In step 205, if stream process thread does not have the data flow to reach, the thread can trigger an extremely short data flow The process of state processing 203(Time-out detection and timeout treatment etc.), the process only handles the flow state information table 202 of the thread Sub-fraction stream.When the stream process thread does not have packet to reach next time, the flow state information table of the thread can be handled Next sub-fraction stream, so circulation, finally can also reach and carry out Convection states without using extra data stream management thread Information table carries out timeout treatment, without frequently locking and unlocking, greatly improves the performance of system.
With reference to the flow chart shown in Fig. 3, the DPI systems to the embodiment of the present invention two are illustrated.
In the DPI systems, comprising stream process thread 304, the stream process thread 304 includes searching modul 301, stream shape State information table module 302 and timeout treatment module 303.
When there is data flow to need processing, searching modul 301 can search the data from flow state information table module 302 Flow corresponding stream information;
When searching, if during stream information of the stream information not correspond to the data flow, described in 303 pairs of timeout treatment module Stream information carries out timeout treatment.
So the time-out check of data flow state is distributed in the lookup of data stream list each time, born by stream process thread Duty is performed, therefore the stream mode management method of the DPI systems eliminates extra data stream management thread so that DPI systems without Extra data stream management thread need to be used to carry out Convection states information table and carry out timeout treatment, conciliate without frequently locking Lock, greatly improves the performance of system.
Wherein, stream process thread 304 also includes performing module 307.When searching, if stream information is the correspondence data flow Stream information when, then performing module 307 carries out data flow regression analysis and/or traffic statistics according to the stream information.
Wherein, stream process thread 304 is not when stream process thread has data flow to need processing, 303 pairs of timeout treatment module The part or all of stream information of flow state information table module 302 carries out timeout treatment.
It should be noted that searching modul 301 is in the stream information of searching data stream, and can look into order, can also Make random lookup, specific lookup mode is simultaneously not understood to limitation to the embodiment of the present invention.
DPI systems shown in Fig. 3 also include 305 two parallel threads of stream process thread 305 and stream process thread, also may be used With comprising more identical parallel threads, and it is not understood to limitation of the present invention.
A kind of DPI provided above the embodiment of the present invention has carried out detailed Jie without lock stream mode management method and system Continue, specific case used herein is set forth to the principle and embodiment of the present invention, the explanation of above example is only It is the method and its core concept for being used to help understand the present invention;Simultaneously for those of ordinary skill in the art, according to this hair Bright thought, be will change in specific embodiments and applications, in summary, and this specification content should not be managed Solve as limitation of the present invention.

Claims (7)

1. a kind of DPI stream modes management method, it is characterised in that including:
When stream process thread has data flow to need processing, the stream process thread searches the data from flow state information table Flow corresponding stream information;
When searching, if during stream information of the stream information not correspond to the data flow, stream process thread enters to the stream information Row timeout treatment;
When stream process thread does not have data flow to need processing, the part or complete in the stream process thread Convection states information table Portion's stream information carries out timeout treatment.
2. DPI stream modes management method according to claim 1, it is characterised in that the DPI stream modes management method is also Including:
When searching, if stream information is the stream information of the correspondence data flow, stream process thread terminates to search and updates institute Stream information is stated, data flow regression analysis and/or traffic statistics are then carried out according to the stream information.
3. the DPI stream mode management methods according to any one of claim 1 to 2, it is characterised in that the stream process thread The corresponding stream information of the data flow is searched from flow state information table to be included:
The stream information that the stream process thread is included in order or in the random lookup flow state information table.
4. DPI stream modes management method according to claim 1, the flow state information table is that the stream process thread is special Have, the stream information of the flow data for recording the stream process thread process.
5. a kind of DPI systems, it is characterised in that including:
Stream process thread, the stream process thread includes searching modul, flow state information table module and timeout treatment module;It is described Stream process thread is when there is data flow to need processing, and the searching modul can search the data from flow state information table module Flow corresponding stream information;
When searching, if during stream information of the stream information not correspond to the data flow, timeout treatment module is to the stream information Carry out timeout treatment;
The stream process thread is not when stream process thread has data flow to need processing, the timeout treatment module Convection states letter The part or all of stream information ceased in table carries out timeout treatment.
6. DPI systems according to claim 5, it is characterised in that the stream process thread further comprises performing module, During lookup, if stream information is the stream information of the correspondence data flow, performing module carries out data flow according to the stream information Regression analysis and/or traffic statistics.
7. the DPI systems according to claim 5 or 6, it is characterised in that the searching modul can be from flow state information table mould The corresponding stream information of the data flow is searched in block to be included:
The stream information that the searching modul is included in order or in the random lookup flow state information table module.
CN201410598932.0A 2014-10-30 2014-10-30 A kind of DPI is without lock stream mode management method and system Active CN104363115B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410598932.0A CN104363115B (en) 2014-10-30 2014-10-30 A kind of DPI is without lock stream mode management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410598932.0A CN104363115B (en) 2014-10-30 2014-10-30 A kind of DPI is without lock stream mode management method and system

Publications (2)

Publication Number Publication Date
CN104363115A CN104363115A (en) 2015-02-18
CN104363115B true CN104363115B (en) 2017-11-03

Family

ID=52530342

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410598932.0A Active CN104363115B (en) 2014-10-30 2014-10-30 A kind of DPI is without lock stream mode management method and system

Country Status (1)

Country Link
CN (1) CN104363115B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120550B (en) * 2018-07-18 2019-10-08 武汉绿色网络信息服务有限责任公司 It is a kind of without lockization treating method and apparatus

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355422A (en) * 2011-10-17 2012-02-15 苏州迈科网络安全技术股份有限公司 Multicore, parallel and lock-free quality of service (QOS) flow control method
CN102938000A (en) * 2012-12-06 2013-02-20 武汉烽火网络有限责任公司 Unlocked flow table routing lookup algorithm adopting high-speed parallel execution manner

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5614302B2 (en) * 2011-01-20 2014-10-29 富士通株式会社 Communication system and communication method
US10033644B2 (en) * 2013-02-12 2018-07-24 Adara Networks, Inc. Controlling congestion controlled flows

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355422A (en) * 2011-10-17 2012-02-15 苏州迈科网络安全技术股份有限公司 Multicore, parallel and lock-free quality of service (QOS) flow control method
CN102938000A (en) * 2012-12-06 2013-02-20 武汉烽火网络有限责任公司 Unlocked flow table routing lookup algorithm adopting high-speed parallel execution manner

Also Published As

Publication number Publication date
CN104363115A (en) 2015-02-18

Similar Documents

Publication Publication Date Title
Han et al. OverWatch: a cross‐plane DDoS attack defense framework with collaborative intelligence in SDN
KR100834570B1 (en) Realtime stateful packet inspection method and apparatus for thereof
Katta et al. Incremental consistent updates
US8495725B2 (en) Methods, systems, and computer readable media for adaptive packet filtering
CN107122221A (en) Compiler for regular expression
Bahi et al. An optimized in-network aggregation scheme for data collection in periodic sensor networks
Garg et al. Detecting anomalies efficiently in SDN using adaptive mechanism
Harb et al. A suffix-based enhanced technique for data aggregation in periodic sensor networks
CN105635170A (en) Method and device for identifying network data packet based on rules
Mai et al. A comparison of clustering algorithms for botnet detection based on network flow
CN104283736B (en) A kind of network communication five-tuple Fast Match Algorithm based on improvement automatic state machine
CN104363115B (en) A kind of DPI is without lock stream mode management method and system
Hoang et al. A novel distributed machine learning model to detect attacks on edge computing network
Weng et al. Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system
Hande et al. Intrusion detection system using deep learning for software defined networks (SDN)
Latif et al. Analyzing feasibility for deploying very fast decision tree for DDoS attack detection in cloud-assisted WBAN
KR20120008478A (en) 10 gbps scalable flow generation and control, using dynamic classification with 3-level aggregation
Dey et al. A context-adaptive security framework for mobile cloud computing
CN106375351A (en) Abnormal domain name detection method and device
Cesario et al. A multi-domain architecture for mining frequent items and itemsets from distributed data streams
CN109361658A (en) Abnormal flow information storage means, device and electronic equipment based on industry control industry
Satam Cross layer Anomaly based intrusion detection system
Liu et al. An efficient security system for mobile data monitoring
Raja et al. Two-level packet inspection using sequential differentiate method
CN103198065A (en) Optimization method for regular expression matching circuit

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant