CN104363115B - A kind of DPI is without lock stream mode management method and system - Google Patents
A kind of DPI is without lock stream mode management method and system Download PDFInfo
- Publication number
- CN104363115B CN104363115B CN201410598932.0A CN201410598932A CN104363115B CN 104363115 B CN104363115 B CN 104363115B CN 201410598932 A CN201410598932 A CN 201410598932A CN 104363115 B CN104363115 B CN 104363115B
- Authority
- CN
- China
- Prior art keywords
- stream
- process thread
- information
- flow
- data flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiments of the invention provide a kind of DPI without lock stream mode management method and system, when stream process thread has data flow to need processing, the stream process thread searches the corresponding stream information of the data flow from flow state information table;When searching, if during stream information of the stream information not correspond to the data flow, stream process thread carries out timeout treatment to the stream information.When no flow data needs processing, stream process thread can also trigger an extremely short timeout treatment process, carry out timeout treatment.So allow for so that DPI systems without using extra data stream management thread come Convection states information table carry out timeout treatment, without frequently lock and unlock, greatly improve the performance of system.
Description
Technical field
The present invention relates to network management technology, more particularly to a kind of DPI is without lock stream mode management method and system.
Background technology
DPI technologies, i.e. DPI (Deep Packet Inspection) deep packet inspection technical is a kind of based on application layer
Flow detection and control technology, when IP packets, TCP or UDP message stream are by bandwidth management system based on DPI technologies,
The system is recombinated by the content of deep reading IP payload packages to the application layer message in the layer protocols of OSI seven, so that
To the content of whole application program, the management strategy then defined according to system carries out shaping operation to flow.
Possess the identification of Network data flow, Network data flow control ability, work using the DPI systems of DPI technologies
Make in transport network layer to application layer, with high data-handling capacity, the business that can be carried to network is identified and flowed
Buret is managed, and can be deployed in the network system of network backbone layer, Metropolitan Area Network (MAN) and enterprises.DPI systems are typically used as big flow net
Data flow regression analysis and traffic statistics under network environment, generally by the way of multithreading, parallel processing mass data flow.
Each thread is needed to safeguard the flow state information table of each gravity flow in the design of DPI systems(Flow state information table is typically to be used for depositing
Store up the stream information of data flow, i.e. data flow and be in some of business state and statistics and the relevant information set), need simultaneously
The state of the data flow preserved in extra thread Convection states information table carries out state processing, i.e., when data flow time-out terminates
When, it should its corresponding stream information is deleted from flow state information table.
The present inventor has found in the research and practice to existing DPI system operation methods, in existing method
The state for needing extra data stream management thread to carry out data flow specially to being preserved in the flow state information table of each stream is entered
Row timeout treatment, such data stream management thread and Data Stream Processing cross-thread need to lock data flow state information table
Protection, it is this frequently to lock and unlock in the case of massive dataflow, very big performance loss will be brought.
The content of the invention
The embodiment of the present invention provides a kind of DPI without lock stream mode management method and system so that DPI systems are without using volume
Outer data stream management thread carrys out Convection states information table and carries out timeout treatment, without frequently locking and unlocking, greatly
The performance of raising system.
In view of this, the embodiment of the present invention is provided:
A kind of DPI stream modes management method, including:
When stream process thread has data flow to need processing, the stream process thread is searched described from flow state information table
The corresponding stream information of data flow;
When searching, if during stream information of the stream information not correspond to the data flow, stream process thread is believed the stream
Breath carries out timeout treatment.
A kind of DPI systems, including:
Stream process thread, the stream process thread includes searching modul, flow state information table module and timeout treatment module;Institute
Stream process thread is stated when there is data flow to need processing, the searching modul can search the number from flow state information table module
According to the corresponding stream information of stream;
When searching, if during stream information of the stream information not correspond to the data flow, timeout treatment module is to the stream
Information carries out timeout treatment.
The embodiments of the invention provide a kind of DPI without lock stream mode management method and system, this method is by data flow state
Time-out check be distributed in the lookup of data stream list each time, execution is responsible for by stream process thread, therefore this method eliminates
Extra data stream management thread so that DPI systems carry out Convection states information table without using extra data stream management thread
Timeout treatment is carried out, without frequently locking and unlocking, the performance of system is greatly improved.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be attached to what is used required in embodiment
Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this area
For those of ordinary skill, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the method flow diagram of the embodiment of the present invention one;
Fig. 2 is the method flow diagram of the embodiment of the present invention two;
Fig. 3 is the DPI system construction drawings of the embodiment of the present invention two.
Embodiment
The embodiment of the present invention provides a kind of DPI without lock stream mode management method and system so that DPI systems are without using volume
Outer data stream management thread carrys out Convection states information table and carries out timeout treatment, without frequently locking and unlocking, greatly
The performance of raising system.
To enable goal of the invention, feature, the advantage of the present invention more obvious and understandable, below in conjunction with the present invention
Accompanying drawing in embodiment, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that disclosed below
Embodiment be only a part of embodiment of the invention, and not all embodiments.Based on the embodiment in the present invention, this area
The every other embodiment that technical staff is obtained, belongs to the scope of protection of the invention.
As shown in figure 1, being the method flow diagram of the embodiment of the present invention one, illustrated with reference to this figure.This method
Including two steps:
101st, when stream process thread has data flow to need processing, the stream process thread is searched from flow state information table
The corresponding stream information of the data flow;
102nd, when searching, if during stream information of the stream information not correspond to the data flow, stream process thread is to described
Stream information carries out timeout treatment.
It should be noted that can search in order when stream process thread searches the stream information of the data flow, can also
Make random lookup, specific lookup mode is simultaneously not understood to limitation of the present invention.
It should be noted that the flow state information table is that the stream process thread is proprietary, for recording the stream process
The stream information of the flow data of thread process.Each stream process thread possesses the flow state information table of oneself, it is impossible to handle its elsewhere
The flow state information table of thread is managed, the flow state information table of the processing thread can not be by other stream process thread process.
When there is a plurality of stream process thread, every stream process thread has respective flow state information table.
In embodiments of the present invention there is provided a kind of DPI without lock stream mode management method, this method is by data flow state
Time-out check is distributed in the lookup of the stream information of data flow each time, and execution is responsible for by stream process thread, therefore this method disappears
Data stream management thread except for an additional so that DPI systems carry out Convection states letter without using extra data stream management thread
Cease table and carry out timeout treatment, without frequently locking and unlocking, greatly improve the performance of system.
With reference to the flow chart shown in Fig. 2, the embodiment of the present invention two is illustrated.Including these following steps:
201st, when stream process thread has data flow to need processing, the stream process thread is from the proprietary stream mode of the thread
In order of numbers searches the corresponding stream information of the data flow in information table 202.In preferred embodiment, flow as shown in Figure 2 2.
The stream information to be searched, when searching through excessively stream 1., due to stream 1. for not to should data flow stream information, then stream process thread
1. convection current carries out stream mode processing 203(Time-out is detected whether, if time-out is deleted).The meeting when 2. stream process thread finds stream
2. convection current carries out next step operation(Perform step 204).In preferred embodiment, the corresponding stream information stream of data flow is being found 2.
Afterwards, stream process thread will not convection current be 3. again and other stream informations carry out stream mode processing, to save performance.
204th, due to stream stream information 2. be to should data flow stream information, then stream process thread terminate to search and update
The stream information of the stream 2., then stream process thread carries out data flow regression analysis according to the stream information of stream 2. and/or flow is united
Meter.
It should be noted that the stream information in flow state information table 202 can be number in order arrangement or by
Certain is regularly arranged, and is not understood to the limitation to the embodiment of the present invention.And wherein, stream process thread searches the stream of the data flow
Can search in order or make random lookup or by certain rule searching, specifically look into during information
Look for mode and be not understood to limitation of the present invention.
Wherein, may be used also in step 204 in addition to carrying out data flow regression analysis and/or traffic statistics the two operations
To be other operations, it is not construed as limiting herein.
Operation more than, the time-out check of data flow state is distributed in the lookup of data stream list each time, by
Stream process thread is responsible for execution, therefore this method eliminates extra data stream management thread so that DPI systems are without using volume
Outer data stream management thread carrys out Convection states information table and carries out timeout treatment, without frequently locking and unlocking, greatly
The performance of raising system.
Further, when not having Data Stream Processing, stream process thread thread performs step 205, i.e. stream process thread pair
Stream in flow state information table 202 4., stream 5., stream stream information 6. carry out stream mode processing 203.
In step 205, if stream process thread does not have the data flow to reach, the thread can trigger an extremely short data flow
The process of state processing 203(Time-out detection and timeout treatment etc.), the process only handles the flow state information table 202 of the thread
Sub-fraction stream.When the stream process thread does not have packet to reach next time, the flow state information table of the thread can be handled
Next sub-fraction stream, so circulation, finally can also reach and carry out Convection states without using extra data stream management thread
Information table carries out timeout treatment, without frequently locking and unlocking, greatly improves the performance of system.
With reference to the flow chart shown in Fig. 3, the DPI systems to the embodiment of the present invention two are illustrated.
In the DPI systems, comprising stream process thread 304, the stream process thread 304 includes searching modul 301, stream shape
State information table module 302 and timeout treatment module 303.
When there is data flow to need processing, searching modul 301 can search the data from flow state information table module 302
Flow corresponding stream information;
When searching, if during stream information of the stream information not correspond to the data flow, described in 303 pairs of timeout treatment module
Stream information carries out timeout treatment.
So the time-out check of data flow state is distributed in the lookup of data stream list each time, born by stream process thread
Duty is performed, therefore the stream mode management method of the DPI systems eliminates extra data stream management thread so that DPI systems without
Extra data stream management thread need to be used to carry out Convection states information table and carry out timeout treatment, conciliate without frequently locking
Lock, greatly improves the performance of system.
Wherein, stream process thread 304 also includes performing module 307.When searching, if stream information is the correspondence data flow
Stream information when, then performing module 307 carries out data flow regression analysis and/or traffic statistics according to the stream information.
Wherein, stream process thread 304 is not when stream process thread has data flow to need processing, 303 pairs of timeout treatment module
The part or all of stream information of flow state information table module 302 carries out timeout treatment.
It should be noted that searching modul 301 is in the stream information of searching data stream, and can look into order, can also
Make random lookup, specific lookup mode is simultaneously not understood to limitation to the embodiment of the present invention.
DPI systems shown in Fig. 3 also include 305 two parallel threads of stream process thread 305 and stream process thread, also may be used
With comprising more identical parallel threads, and it is not understood to limitation of the present invention.
A kind of DPI provided above the embodiment of the present invention has carried out detailed Jie without lock stream mode management method and system
Continue, specific case used herein is set forth to the principle and embodiment of the present invention, the explanation of above example is only
It is the method and its core concept for being used to help understand the present invention;Simultaneously for those of ordinary skill in the art, according to this hair
Bright thought, be will change in specific embodiments and applications, in summary, and this specification content should not be managed
Solve as limitation of the present invention.
Claims (7)
1. a kind of DPI stream modes management method, it is characterised in that including:
When stream process thread has data flow to need processing, the stream process thread searches the data from flow state information table
Flow corresponding stream information;
When searching, if during stream information of the stream information not correspond to the data flow, stream process thread enters to the stream information
Row timeout treatment;
When stream process thread does not have data flow to need processing, the part or complete in the stream process thread Convection states information table
Portion's stream information carries out timeout treatment.
2. DPI stream modes management method according to claim 1, it is characterised in that the DPI stream modes management method is also
Including:
When searching, if stream information is the stream information of the correspondence data flow, stream process thread terminates to search and updates institute
Stream information is stated, data flow regression analysis and/or traffic statistics are then carried out according to the stream information.
3. the DPI stream mode management methods according to any one of claim 1 to 2, it is characterised in that the stream process thread
The corresponding stream information of the data flow is searched from flow state information table to be included:
The stream information that the stream process thread is included in order or in the random lookup flow state information table.
4. DPI stream modes management method according to claim 1, the flow state information table is that the stream process thread is special
Have, the stream information of the flow data for recording the stream process thread process.
5. a kind of DPI systems, it is characterised in that including:
Stream process thread, the stream process thread includes searching modul, flow state information table module and timeout treatment module;It is described
Stream process thread is when there is data flow to need processing, and the searching modul can search the data from flow state information table module
Flow corresponding stream information;
When searching, if during stream information of the stream information not correspond to the data flow, timeout treatment module is to the stream information
Carry out timeout treatment;
The stream process thread is not when stream process thread has data flow to need processing, the timeout treatment module Convection states letter
The part or all of stream information ceased in table carries out timeout treatment.
6. DPI systems according to claim 5, it is characterised in that the stream process thread further comprises performing module,
During lookup, if stream information is the stream information of the correspondence data flow, performing module carries out data flow according to the stream information
Regression analysis and/or traffic statistics.
7. the DPI systems according to claim 5 or 6, it is characterised in that the searching modul can be from flow state information table mould
The corresponding stream information of the data flow is searched in block to be included:
The stream information that the searching modul is included in order or in the random lookup flow state information table module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410598932.0A CN104363115B (en) | 2014-10-30 | 2014-10-30 | A kind of DPI is without lock stream mode management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410598932.0A CN104363115B (en) | 2014-10-30 | 2014-10-30 | A kind of DPI is without lock stream mode management method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104363115A CN104363115A (en) | 2015-02-18 |
CN104363115B true CN104363115B (en) | 2017-11-03 |
Family
ID=52530342
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410598932.0A Active CN104363115B (en) | 2014-10-30 | 2014-10-30 | A kind of DPI is without lock stream mode management method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104363115B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109120550B (en) * | 2018-07-18 | 2019-10-08 | 武汉绿色网络信息服务有限责任公司 | It is a kind of without lockization treating method and apparatus |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102355422A (en) * | 2011-10-17 | 2012-02-15 | 苏州迈科网络安全技术股份有限公司 | Multicore, parallel and lock-free quality of service (QOS) flow control method |
CN102938000A (en) * | 2012-12-06 | 2013-02-20 | 武汉烽火网络有限责任公司 | Unlocked flow table routing lookup algorithm adopting high-speed parallel execution manner |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5614302B2 (en) * | 2011-01-20 | 2014-10-29 | 富士通株式会社 | Communication system and communication method |
US10033644B2 (en) * | 2013-02-12 | 2018-07-24 | Adara Networks, Inc. | Controlling congestion controlled flows |
-
2014
- 2014-10-30 CN CN201410598932.0A patent/CN104363115B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102355422A (en) * | 2011-10-17 | 2012-02-15 | 苏州迈科网络安全技术股份有限公司 | Multicore, parallel and lock-free quality of service (QOS) flow control method |
CN102938000A (en) * | 2012-12-06 | 2013-02-20 | 武汉烽火网络有限责任公司 | Unlocked flow table routing lookup algorithm adopting high-speed parallel execution manner |
Also Published As
Publication number | Publication date |
---|---|
CN104363115A (en) | 2015-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Han et al. | OverWatch: a cross‐plane DDoS attack defense framework with collaborative intelligence in SDN | |
KR100834570B1 (en) | Realtime stateful packet inspection method and apparatus for thereof | |
Katta et al. | Incremental consistent updates | |
US8495725B2 (en) | Methods, systems, and computer readable media for adaptive packet filtering | |
CN107122221A (en) | Compiler for regular expression | |
Bahi et al. | An optimized in-network aggregation scheme for data collection in periodic sensor networks | |
Garg et al. | Detecting anomalies efficiently in SDN using adaptive mechanism | |
Harb et al. | A suffix-based enhanced technique for data aggregation in periodic sensor networks | |
CN105635170A (en) | Method and device for identifying network data packet based on rules | |
Mai et al. | A comparison of clustering algorithms for botnet detection based on network flow | |
CN104283736B (en) | A kind of network communication five-tuple Fast Match Algorithm based on improvement automatic state machine | |
CN104363115B (en) | A kind of DPI is without lock stream mode management method and system | |
Hoang et al. | A novel distributed machine learning model to detect attacks on edge computing network | |
Weng et al. | Deep packet pre-filtering and finite state encoding for adaptive intrusion detection system | |
Hande et al. | Intrusion detection system using deep learning for software defined networks (SDN) | |
Latif et al. | Analyzing feasibility for deploying very fast decision tree for DDoS attack detection in cloud-assisted WBAN | |
KR20120008478A (en) | 10 gbps scalable flow generation and control, using dynamic classification with 3-level aggregation | |
Dey et al. | A context-adaptive security framework for mobile cloud computing | |
CN106375351A (en) | Abnormal domain name detection method and device | |
Cesario et al. | A multi-domain architecture for mining frequent items and itemsets from distributed data streams | |
CN109361658A (en) | Abnormal flow information storage means, device and electronic equipment based on industry control industry | |
Satam | Cross layer Anomaly based intrusion detection system | |
Liu et al. | An efficient security system for mobile data monitoring | |
Raja et al. | Two-level packet inspection using sequential differentiate method | |
CN103198065A (en) | Optimization method for regular expression matching circuit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |