CN104753726B - A kind of Audit control method and system of serial data stream - Google Patents
A kind of Audit control method and system of serial data stream Download PDFInfo
- Publication number
- CN104753726B CN104753726B CN201310727363.0A CN201310727363A CN104753726B CN 104753726 B CN104753726 B CN 104753726B CN 201310727363 A CN201310727363 A CN 201310727363A CN 104753726 B CN104753726 B CN 104753726B
- Authority
- CN
- China
- Prior art keywords
- network packet
- tuple information
- network
- action number
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of Audit control method of serial data stream, comprise the following steps:S1, receiving network data bag simultaneously parse the network packet to obtain the polynary group information of the network packet;And the polynary group information of the network packet and the network packet is sent to flow control tabulation;S2, judge whether the flow control tabulation hits the polynary group information of the network packet, and returns to the action number of the flow control tabulation;The network packet is assigned to corresponding sub- bucket in data bucket by S3, the action number tabulated according to the flow control;Corresponding sub- bucket performs the network packet corresponding operation in S4, the data bucket, implement this method, the network throughput of auditing system is improved, has taken into account serial auditing system forward efficiency and audit flexibility, realizes the high-speed data forwarding of auditing system;The invention also discloses a kind of Audit control system of serial data stream.
Description
Technical field
The present invention relates to network data audit field, more specifically to a kind of Audit control side of serial data stream
Method and system.
Background technology
Since the data volume on network is very big, inevitably there are some unreal or false information, it is therefore desirable to
The data of network are analyzed, i.e., are audited to network data, and there is audit in current serial data stream auditing system
Contradiction between flexibility and forward efficiency:The packet parsing of the complicated processing that can carry out classifying to various agreements, check program
It is normally operated in client layer;The forwarding of data message usually uses hardware realization or the core layer in system.In the prior art, it is guarantor
The forward efficiency of data message is demonstrate,proved, therefore only does simple processing to data message in repeating process, is so difficult to data
Message carries out complicated message audit, so as to leakage interrogation topic often occur.But if each data message is transferred to client layer
Forwarded again after inspection, concatenating the forward efficiency of equipment can drastically decline, and can not just be used under the larger user environment of flow.
Therefore in the prior art, for concatenating 7 layer network agreement auditing systems in a network, there is forward efficiency and
The problem of audit flexibility mutually restricts, causes the work that can not play auditing system well under the larger user environment of flow
With.
The content of the invention
The technical problem to be solved in the present invention is, in the prior art for concatenating 7 layer networks association in a network
The problem of discussing auditing system, mutually being restricted there is forward efficiency and audit flexibility, causes in the larger user environment of flow
A kind of the defects of effect of auditing system can not be played well down, there is provided audit control of the serial data stream of high-speed data forwarding
Method and system processed.
The technical solution adopted by the present invention to solve the technical problems is:Construct a kind of Audit control side of serial data stream
Method, comprises the following steps:
S1, receiving network data bag simultaneously parse the network packet to obtain the polynary of the network packet
Group information;And the polynary group information of the network packet and the network packet is sent to flow control tabulation;
S2, judge whether the flow control tabulation hits the polynary group information of the network packet, and returns to the flow control
The action number of tabulation;
The network packet is assigned to corresponding sub- bucket in data bucket by S3, the action number tabulated according to the flow control;
Corresponding sub- bucket performs the network packet corresponding operation in S4, the data bucket.
In the Audit control method of serial data stream of the present invention, the polynary group information is five-tuple information.
In the Audit control method of serial data stream of the present invention, the five-tuple information includes the network number
According to the source IP of bag, source port, destination IP, destination interface and agreement.
In the Audit control method of serial data stream of the present invention, the flow control tabulation includes accurate table and obscures
Table.
In the Audit control method of serial data stream of the present invention, the accurate table is hash tables, the hash
Table includes each five-tuple information of node and the action number of each node in the hash tables.
In the Audit control method of serial data stream of the present invention, the fuzzy table includes five yuan with asterisk wildcard
Group information and action number.
In the Audit control method of serial data stream of the present invention, the step S2 includes following sub-step:
S21, flow control tabulation receive the five-tuple information of the network packet and the network packet;
S22, the accurate table according to the five-tuple information searching of the network packet, and whether judge the accurate table
Hit the network packet;If the accurate table hits the network packet, the node of the accurate table is returned
Action number;
If S23, the miss network packet of the accurate table, search the fuzzy table, and judge the mould
Whether paste table hits the network packet, if the fuzzy table hits the network packet, returns to the fuzzy table
Node action number and the action number of the five-tuple information of the network packet and the node of the fuzzy table is added to
In the accurate table;
If S24, the fuzzy miss network packet of table, the action number of return system acquiescence, and by institute
The action number for stating the five-tuple information of network packet and the node of the fuzzy table is added in the accurate table.
In the Audit control method of serial data stream of the present invention,
In the step S22, believed by judging to whether there is in the hash tables with the five-tuple of the network packet
Manner of breathing with the five-tuple information of the node and the action number of each node judge whether the accurate table hits the net
Network data packet, if there are five yuan of the node identical with the five-tuple information of the network packet in the hash tables
Group information, it is determined that the accurate table hits the network packet;If it is not present and the network number in the hash tables
According to the five-tuple information of the identical node of the five-tuple information of bag, it is determined that the miss network data of the accurate table
Bag.
In the Audit control method of serial data stream of the present invention,
In the step S23, believed by judging to whether there is in the fuzzy table with the five-tuple of the network packet
The five-tuple information with asterisk wildcard of breath adaptation judges whether the fuzzy table hits the network packet, if described
There is the five-tuple information with asterisk wildcard being adapted to the five-tuple information of the network packet in fuzzy table, it is determined that
The fuzzy table hits the network packet;Believe if be not present in the fuzzy table with the five-tuple of the network packet
Cease the five-tuple information with asterisk wildcard of adaptation, it is determined that the fuzzy miss network packet of table.
In the Audit control method of serial data stream of the present invention,
In the step S3, the action number includes:The action number of auditing system is sent to, copies to the dynamic of auditing system
Work number, the action number of enqueue, the action number of discarding;
Corresponding sub- bucket includes in the data bucket:The sub- bucket for being sent to auditing system operation is performed, execution copies to careful
The sub- bucket of meter systems operation, performs the sub- bucket of enqueue operation, performs the sub- bucket for abandoning operation.
In the Audit control method of serial data stream of the present invention,
Corresponding operation described in the step S4 includes the network packet being sent to auditing system, by the net
Network data packet copies to auditing system, the network packet is sent to data sending queue, loses the network packet
Any one operation in abandoning;
The network packet is copied to auditing system is included the network data packet replication portion network packet
The network packet duplicate is simultaneously sent to the auditing system by duplicate, and the network packet then is sent to institute
State data sending queue.
In the Audit control method of serial data stream of the present invention, the Audit control method of the serial data stream
It is further comprising the steps of:
S5, after the step S4, the auditing system audited to the network packet and obtain through examining
The network packet of meter;
S6, auditing system generation contain new five-tuple information and the flow control policy of new action number;
New five-tuple information and the flow control policy of new action number are contained described in S7, reception;
S8, receive the network packet by audit and go to the execution step S3;
The flow control policy that new five-tuple information and new action number are contained described in S9, parsing obtains new five-tuple
Information and new action number;
S10, be added to the flow control by the new five-tuple information and new action number and tabulate and go to described in execution
Step S2.
Implement the Audit control method of the serial data stream of the present invention, have the advantages that:Implemented by the present invention
The Audit control method for the serial data stream that example provides, can effectively solve in the prior art for concatenating in a network
7 layer network agreement auditing systems, the problem of mutually restriction there is forward efficiency and audit flexibility, cause larger in flow
The defects of effect of auditing system can not be played under user environment well, the present invention using by data due to carrying out parsing classification
Afterwards, selectively data are uploaded or copy to auditing system according to flow control tabulation, forwarding speed faster, forward efficiency higher,
The network throughput for improving auditing system is reached, has taken into account serial auditing system forward efficiency and audit flexibility, realized
The high-speed data forwarding of auditing system.
The present invention also provides a kind of Audit control system of serial data stream, including with lower module:
Resolve packet module, is parsed with described in acquisition for receiving network data bag and to the network packet
The polynary group information of network packet;And the polynary group information of the network packet and the network packet is sent to
Flow control is tabulated;
Flow control tabulation module, for judging whether the flow control tabulation hits the polynary group information of the network packet,
And return to the action number of the flow control tabulation;
The network packet is assigned to data bucket by data categorization module, the action number for being tabulated according to the flow control
In corresponding sub- bucket;
Data bucket module, for performing corresponding behaviour to the network packet by corresponding sub- bucket in the data bucket
Make.
In the Audit control system of serial data stream of the present invention, the polynary group information is five-tuple information.
In the Audit control system of serial data stream of the present invention, the five-tuple packet of the network packet
Include source IP, source port, destination IP, destination interface and the agreement of the network packet.
In the Audit control system of serial data stream of the present invention, the flow control tabulation includes accurate table and obscures
Table.
In the Audit control system of serial data stream of the present invention, the accurate table is hash tables, the hash
Table includes each five-tuple information of node and the action number of each node in the hash tables.
In the Audit control system of serial data stream of the present invention, the fuzzy table includes five yuan with asterisk wildcard
Group information and action number.
In the Audit control system of serial data stream of the present invention, the flow control tabulation module is included to place an order
Member:
Receiving unit, the five of the network packet and the network packet is received for tabulating by the flow control
Tuple information;
First hit judging unit, for accurate table described in the five-tuple information searching according to the network packet, and
Judge whether the accurate table hits the network packet;If the accurate table hits the network packet, return
The action number of the node of the accurate table;
Second hit judging unit, in the miss network packet of the accurately table, searching described fuzzy
Table, and judge whether the fuzzy table hits the network packet, when the fuzzy table hits the network packet, return
Return the action number of the node of the fuzzy table and by the node of the five-tuple information of the network packet and the fuzzy table
Action number is added in the accurate table;
Action returning unit, in the miss network packet of the fuzzy table, return system acquiescence
Action number, and the action number of the five-tuple information of the network packet and the node of the fuzzy table is added to described accurate
In table.
In the Audit control system of serial data stream of the present invention,
In the first hit judging unit, by judging to whether there is and the network packet in the hash tables
The five-tuple information of the identical node of five-tuple information judges whether the accurate table hits the network packet,
When there is the five-tuple information of the node identical with the five-tuple information of the network packet in the hash tables, determine
The accurate table hits the network packet;There is no the five-tuple information with the network packet in the hash tables
During the five-tuple information of the identical node, the miss network packet of the accurate table is determined.
In the Audit control system of serial data stream of the present invention,
In the second hit judging unit, by judging to whether there is and the network packet in the fuzzy table
The five-tuple information with asterisk wildcard of five-tuple information adaptation judges whether the fuzzy table hits the network data
, there is the five-tuple letter with asterisk wildcard being adapted to the five-tuple information of the network packet in the fuzzy table in bag
During breath, determine that the fuzzy table hits the network packet;It is not present and the network packet in the fuzzy table
During the five-tuple information with asterisk wildcard of five-tuple information adaptation, the miss network data of the fuzzy table is determined
Bag.
In the Audit control system of serial data stream of the present invention,
In the data categorization module, the action number includes:The action number of auditing system is sent to, copies to audit system
The action number of system, the action number of enqueue, the action number of discarding;
Corresponding sub- bucket includes in the data bucket:The sub- bucket for being sent to auditing system operation is performed, execution copies to careful
The sub- bucket of meter systems operation, performs the sub- bucket of enqueue operation, performs the sub- bucket for abandoning operation.
In the Audit control system of serial data stream of the present invention,
Corresponding operation described in the data bucket module includes the network packet being sent to auditing system, by institute
Network packet is stated to copy to auditing system, the network packet is sent to data sending queue, by the network data
Any one during bag abandons operates;
The network packet is copied to auditing system is included the network data packet replication portion network packet
The network packet duplicate is simultaneously sent to the auditing system by duplicate, and the network packet then is sent to institute
State data sending queue.
In the Audit control system of serial data stream of the present invention, the Audit control system of the serial data stream
Further include with lower module:
Audit Module, for being audited and being obtained by audit to the network packet by the auditing system
Network packet;
Policy distribution module, for containing new five-tuple information and new action number by auditing system generation
Flow control policy;
Policy receipt module, for receiving the flow control plan for containing new five-tuple information and new action number
Slightly;
Packet-receiving module, for receiving the network packet by audit and starting the data categorization module
Function;
Strategy analyzing module, for parsing the flow control policy for containing new five-tuple information and new action number
Obtain new five-tuple information and new action number;
Tactful add module, for the new five-tuple information and new action number to be added to the flow control tabulation simultaneously
Start the function of the flow control tabulation module.
Implement the Audit control system of the serial data stream of the present invention, have the advantages that:Implemented by the present invention
The Audit control system for the serial data stream that example provides, can effectively solve in the prior art for concatenating in a network
7 layer network agreement auditing systems, the problem of mutually restriction there is forward efficiency and audit flexibility, cause larger in flow
The defects of effect of auditing system can not be played under user environment well, the present invention using by data due to carrying out parsing classification
Afterwards, selectively data are uploaded or copy to auditing system according to flow control tabulation, forwarding speed faster, forward efficiency higher,
The network throughput for improving auditing system is reached, has taken into account serial auditing system forward efficiency and audit flexibility, realized
The high-speed data forwarding of auditing system.
Brief description of the drawings
Below in conjunction with accompanying drawings and embodiments, the invention will be further described, in attached drawing:
Fig. 1 is the Audit control method flow diagram for the serial data stream that the first preferred embodiment of the invention provides;
Fig. 2 is the sub-process figure of the step S2 shown in Fig. 1;
Fig. 3 is the Audit control method flow diagram for the serial data stream that the second preferred embodiment of the invention provides;
Fig. 4 is the structure diagram of the Audit control system for the serial data stream that the first preferred embodiment of the invention provides;
Fig. 5 is the structure diagram of the flow control tabulation module shown in Fig. 4;
Fig. 6 is the structure diagram of the Audit control system for the serial data stream that the second preferred embodiment of the invention provides;
Fig. 7 is the Audit control method flow diagram for the serial data stream that the 3rd preferred embodiment of the invention provides.
Embodiment
The problems such as slow in order to solve data forwarding speed present in the prior art, or the data for needing to audit are omitted, this
The innovative point of invention is:The network packet for needing to forward is subjected to parsing shunting, different pieces of information be classified to opposite
The sub- bucket answered, according to the action number of network packet will except the data that need to abandon abandon it is outer, selection perform audit accordingly and/or
Send data.
In order to which the technical features, objects and effects of the present invention are more clearly understood, now compare attached drawing and describe in detail
The embodiment of the present invention, following embodiments and attached drawing, only more fully understand the present invention, not to this hair
It is bright to do any restrictions.
As shown in Figure 1, in a kind of Audit control method first embodiment of serial data stream provided in an embodiment of the present invention
In, the hardware environment of the auditing method can be X86 systems, the described method comprises the following steps:
S1, receiving network data bag simultaneously parse the network packet to obtain the polynary of the network packet
Group information;And the polynary group information of the network packet and the network packet is sent to flow control tabulation;
S2, judge whether the flow control tabulation hits the polynary group information of the network packet, and returns to the flow control
The action number of tabulation;
The network packet is assigned to corresponding sub- bucket in data bucket by S3, the action number tabulated according to the flow control;
Corresponding sub- bucket performs the network packet corresponding operation in S4, the data bucket.
The embodiment of the present invention can realize that dpdk platforms are quickly located on X86 platforms by the dpdk platforms of intel
Manage the storehouse of data packet and the external member of driving, naturally it is also possible to realized by other platforms, the present invention is not limited only to this.
Implement the Audit control method of the serial data stream of the present invention, have the advantages that:Implemented by the present invention
The Audit control method for the serial data stream that example provides, can effectively solve in the prior art for concatenating in a network
7 layer network agreement auditing systems, the problem of mutually restriction there is forward efficiency and audit flexibility, cause larger in flow
The defects of effect of auditing system can not be played under user environment well, the present invention using by data due to carrying out parsing classification
Afterwards, selectively data are uploaded or copy to auditing system according to flow control tabulation, forwarding speed faster, forward efficiency higher,
The network throughput for improving auditing system is reached, has taken into account serial auditing system forward efficiency and audit flexibility, realized
The high-speed data forwarding of auditing system.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention, the polynary group information
For five-tuple information.The five-tuple can directly determine a BlueDrama.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention, the five-tuple information
Source IP, source port, destination IP, destination interface and agreement including the network packet.Such as:
192.168.1.110000TCP121.14.88.7680 just constitute a five-tuple.Its meaning is that an IP address is
192.168.1.1 terminal is by port 10000, and using Transmission Control Protocol, and IP address is 121.14.88.76, and port is 80
Terminal is attached.The agreement can be that the agreement of the network packet includes Transmission Control Protocol or udp protocol, and the present invention is not only
It is limited to two kinds of agreements.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention, the flow control tabulation bag
Include accurate table and fuzzy table.By distinguishing accurate table and fuzzy table so that the audit to serial data stream is more flexible, if directly
Be connected in accurate table and hit, just without by fuzzy table, being contrasted again to network packet point situation to determine whether
Hit.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention, the accurate table is
Hash tables, the hash tables include each five-tuple information of node and the action number of each node in the hash tables.Should
The five-tuple information of each node in hash tables is used for judging whether accurate table hits network packet.So that whether hit
Judge more accurate.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention, the fuzzy table includes
Five-tuple information with asterisk wildcard and action number.Five-tuple information with wildcard enable to fuzzy table can hit more with
The network packet of fuzzy table adaptation.
Preferably, it is described as shown in Fig. 2, in the Audit control method of serial data stream provided in an embodiment of the present invention
Step S2 includes following sub-step:
S21, flow control tabulation receive the five-tuple information of the network packet and the network packet;
S22, the accurate table according to the five-tuple information searching of the network packet, and whether judge the accurate table
Hit the network packet;If the accurate table hits the network packet, the node of the accurate table is returned
Action number;
If S23, the miss network packet of the accurate table, search the fuzzy table, and judge the mould
Whether paste table hits the network packet, if the fuzzy table hits the network packet, returns to the fuzzy table
Node action number and the action number of the five-tuple information of the network packet and the node of the fuzzy table is added to
In the accurate table;
If S24, the fuzzy miss network packet of table, the action number of return system acquiescence, and by institute
The action number for stating the five-tuple information of network packet and the node of the fuzzy table is added in the accurate table.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention,
In the step S22, believed by judging to whether there is in the hash tables with the five-tuple of the network packet
Manner of breathing with the five-tuple information of the node and the action number of each node judge whether the accurate table hits the net
Network data packet, if there are five yuan of the node identical with the five-tuple information of the network packet in the hash tables
Group information, it is determined that the accurate table hits the network packet;If it is not present and the network number in the hash tables
According to the five-tuple information of the identical node of the five-tuple information of bag, it is determined that the miss network data of the accurate table
Bag.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention,
In the step S23, believed by judging to whether there is in the fuzzy table with the five-tuple of the network packet
The five-tuple information with asterisk wildcard of breath adaptation judges whether the fuzzy table hits the network packet, if described
There is the five-tuple information with asterisk wildcard being adapted to the five-tuple information of the network packet in fuzzy table, it is determined that
The fuzzy table hits the network packet;Believe if be not present in the fuzzy table with the five-tuple of the network packet
Cease the five-tuple information with asterisk wildcard of adaptation, it is determined that the fuzzy miss network packet of table.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention,
In the step S3, the action number includes:The action number of auditing system is sent to, copies to the dynamic of auditing system
Work number, the action number of enqueue, the action number of discarding;
Corresponding sub- bucket includes in the data bucket:The sub- bucket for being sent to auditing system operation is performed, execution copies to careful
The sub- bucket of meter systems operation, performs the sub- bucket of enqueue operation, performs the sub- bucket for abandoning operation.
Preferably, in the Audit control method of serial data stream provided in an embodiment of the present invention,
Corresponding operation described in the step S4 includes the network packet being sent to auditing system, by the net
Network data packet copies to auditing system, the network packet is sent to data sending queue, loses the network packet
Any one operation in abandoning;
The network packet is copied to auditing system is included the network data packet replication portion network packet
The network packet duplicate is simultaneously sent to the auditing system by duplicate, and the network packet then is sent to institute
State data sending queue.
Being sent to the network packet of the auditing system can be sent to out by the auditing system, this by
Auditing system determines that certain auditing system can also determine not to be sent to.The data sending queue can also add flow
Queue is controlled, for limiting the transmission speed of network packet.
Preferably, it is described as shown in figure 3, in the Audit control method of serial data stream provided in an embodiment of the present invention
The Audit control method of serial data stream is further comprising the steps of:
S5, after the step S4, the auditing system audited to the network packet and obtain through examining
The network packet of meter;
S6, auditing system generation contain new five-tuple information and the flow control policy of new action number;
New five-tuple information and the flow control policy of new action number are contained described in S7, reception;
S8, receive the network packet by audit and go to the execution step S3;
The flow control policy that new five-tuple information and new action number are contained described in S9, parsing obtains new five-tuple
Information and new action number;
S10, be added to the flow control by the new five-tuple information and new action number and tabulate and go to described in execution
Step S2.
As shown in figure 4, the embodiment of the present invention also provides a kind of Audit control system of serial data stream, including with lower die
Block:
Resolve packet module 1, is parsed to obtain for receiving network data bag and to the network packet
State the polynary group information of network packet;And the polynary group information of the network packet and the network packet is sent
Tabulate to flow control;
Flow control tabulation module 2, for judging whether the flow control tabulation hits the polynary group information of the network packet,
And return to the action number of the flow control tabulation;
The network packet is assigned to data by data categorization module 3, the action number for being tabulated according to the flow control
Corresponding sub- bucket in bucket;
Data bucket module 4, it is corresponding for being performed by corresponding sub- bucket in the data bucket to the network packet
Operation.
The embodiment of the present invention can realize that dpdk platforms are quickly located on X86 platforms by the dpdk platforms of intel
Manage the storehouse of data packet and the external member of driving, naturally it is also possible to realized by other platforms, the present invention is not limited only to this.
Implement the Audit control system of the serial data stream of the present invention, have the advantages that:Implemented by the present invention
The Audit control system for the serial data stream that example provides, can effectively solve in the prior art for concatenating in a network
7 layer network agreement auditing systems, the problem of mutually restriction there is forward efficiency and audit flexibility, cause larger in flow
The defects of effect of auditing system can not be played under user environment well, the present invention using by data due to carrying out parsing classification
Afterwards, selectively data are uploaded or copy to auditing system according to flow control tabulation, forwarding speed faster, forward efficiency higher,
The network throughput for improving auditing system is reached, has taken into account serial auditing system forward efficiency and audit flexibility, realized
The high-speed data forwarding of auditing system.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention, the polynary group information
For five-tuple information.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention, the network packet
Five-tuple information include source IP, source port, destination IP, destination interface and the agreement of the network packet.Such as:
192.168.1.1 10000TCP121.14.88.7680 just constitutes a five-tuple.Its meaning is that an IP address is
192.168.1.1 terminal is by port 10000, and using Transmission Control Protocol, and IP address is 121.14.88.76, and port is 80
Terminal is attached.The agreement can be that the agreement of the network packet includes Transmission Control Protocol or udp protocol, and the present invention is not only
It is limited to two kinds of agreements.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention, the flow control tabulation bag
Include accurate table and fuzzy table.By distinguishing accurate table and fuzzy table so that the audit to serial data stream is more flexible, if directly
Be connected in accurate table and hit, just without by fuzzy table, being contrasted again to network packet point situation to determine whether
Hit.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention, the accurate table is
Hash tables, the hash tables include each five-tuple information of node and the action number of each node in the hash tables.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention, it is characterised in that described
Fuzzy table includes the five-tuple information with asterisk wildcard and action number.Five-tuple information with wildcard enables to fuzzy table to order
In the network packet that is more adapted to fuzzy table.
Preferably, it is described as shown in figure 5, in the Audit control system of serial data stream provided in an embodiment of the present invention
Flow control tabulation module 2 is included with lower unit:
Receiving unit 21, the network packet and the network packet are received for tabulating by the flow control
Five-tuple information;
First hit judging unit 22, for accurate table described in the five-tuple information searching according to the network packet,
And judge whether the accurate table hits the network packet;If the accurate table hits the network packet, return
Return the action number of the node of the accurate table;
Second hit judging unit 23, in the miss network packet of the accurately table, searching the mould
Table is pasted, and judges whether the fuzzy table hits the network packet, when the fuzzy table hits the network packet,
Return to the action number of the node of the fuzzy table and by the five-tuple information of the network packet and the node of the fuzzy table
Action number be added in the accurate table;
Action returning unit 24, in the miss network packet of the fuzzy table, return system acquiescence
Action number, and the action number of the five-tuple information of the network packet and the node of the fuzzy table is added to the essence
In true table.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention,
In the first hit judging unit 22, by judging to whether there is and the network packet in the hash tables
The five-tuple information of the identical node of five-tuple information judge whether the accurate table hits the network packet,
When there is the five-tuple information of the node identical with the five-tuple information of the network packet in the hash tables, really
The fixed accurate table hits the network packet;It is not present in the hash tables and believes with the five-tuple of the network packet
During the five-tuple information of the same node of manner of breathing, the miss network packet of the accurate table is determined.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention,
In the second hit judging unit 23, by judging to whether there is and the network packet in the fuzzy table
The five-tuple information with asterisk wildcard of five-tuple information adaptation judge whether the fuzzy table hits the network number
According to bag, there is the five-tuple with asterisk wildcard being adapted to the five-tuple information of the network packet in the fuzzy table
During information, determine that the fuzzy table hits the network packet;It is not present and the network packet in the fuzzy table
Five-tuple information adaptation the five-tuple information with asterisk wildcard when, determine the miss network data of the fuzzy table
Bag.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention,
In the data categorization module 3, the action number includes:The action number of auditing system is sent to, copies to audit
The action number of system, the action number of enqueue, the action number of discarding;
Corresponding sub- bucket includes in the data bucket:The sub- bucket for being sent to auditing system operation is performed, execution copies to careful
The sub- bucket of meter systems operation, performs the sub- bucket of enqueue operation, performs the sub- bucket for abandoning operation.
Preferably, in the Audit control system of serial data stream provided in an embodiment of the present invention,
Corresponding operation described in the data bucket module 4 includes the network packet being sent to auditing system, incites somebody to action
The network packet copies to auditing system, the network packet is sent to data sending queue, by the network number
Any one operation in being abandoned according to bag;
The network packet is copied to auditing system is included the network data packet replication portion network packet
The network packet duplicate is simultaneously sent to the auditing system by duplicate, and the network packet then is sent to institute
State data sending queue.
Being sent to the network packet of the auditing system can be sent to out by the auditing system, this by
Auditing system determines that certain auditing system can also determine not to be sent to.The data sending queue can also add flow
Queue is controlled, for limiting the transmission speed of network packet.
Preferably, it is described as shown in fig. 6, in the Audit control system of serial data stream provided in an embodiment of the present invention
The Audit control system of serial data stream is further included with lower module:
Audit Module 5, for being audited and being obtained to the network packet by the auditing system by audit
Network packet;
Policy distribution module 6, for containing new five-tuple information and new action by auditing system generation
Number flow control policy;
Policy receipt module 7, for receiving the flow control plan for containing new five-tuple information and new action number
Slightly;
Packet-receiving module 8, for receiving the network packet Jing Guo Shen Ji and starting the data classification mould
The function of block 3;
Strategy analyzing module 9, for parsing the flow control plan for containing new five-tuple information and new action number
Slightly obtain new five-tuple information and new action number;
Tactful add module 10, tabulates for the new five-tuple information and new action number to be added to the flow control
And start the function of the flow control tabulation module 2.
Below by way of one more specifically embodiment explain the principle of the present invention:
Step a, receiving network data bag simultaneously parse the network packet to obtain the network packet
Five-tuple information;And the five-tuple information of the network packet and the network packet is sent to flow control tabulation;
Step b, flow control tabulation receive the five-tuple information of the network packet and the network packet;
Step c, search the accurate table, by judging to whether there is and the network packet in the hash tables
The five-tuple information of the identical node of five-tuple information judges whether the accurate table hits the network packet, such as
There is the five-tuple information of the node identical with the five-tuple information of the network packet in hash tables described in fruit, then really
The fixed accurate table hits the network packet;If there is no the five-tuple with the network packet in the hash tables
The five-tuple information of the identical node of information, it is determined that the accurate table does not hit the network packet;If institute
State accurate table and hit the network packet, then return to the action number of the node of the accurate table;The action number includes:Send
To the action number of auditing system, the action number of auditing system, the action number of enqueue, the action number of discarding are copied to;
If Step d, the accurate table do not hit the network packet, the fuzzy table is searched, and by sentencing
With the presence or absence of the five-tuple with asterisk wildcard being adapted to the five-tuple information of the network packet in the disconnected fuzzy table
Information judges whether the fuzzy table hits the network packet, if existed in the fuzzy table and the network data
The five-tuple information with asterisk wildcard of the five-tuple information adaptation of bag, it is determined that the fuzzy table hits the network data
Bag;If there is no five yuan with asterisk wildcard being adapted to the five-tuple information of the network packet in the fuzzy table
Group information, it is determined that the fuzzy table does not hit the network packet, if the fuzzy table hits the network data
Bag then returns to the action number of the node of the fuzzy table and by the five-tuple information of the network packet and the fuzzy table
The action number of node is added in the accurate table;
If Step e, the fuzzy miss network packet of table, the action number of return system acquiescence, and will
The action number of the node of the five-tuple information of the network packet and the fuzzy table is added in the accurate table;
Step f, according to the action number be assigned to corresponding sub- bucket in data bucket by the network packet;It is sent to
The action number of auditing system, copies to the action number of auditing system, the action number of enqueue, the action number of discarding;The data
Corresponding sub- bucket includes in bucket:The sub- bucket for being sent to auditing system operation is performed, performs the sub- bucket for copying to auditing system operation,
The sub- bucket of enqueue operation is performed, performs the sub- bucket for abandoning operation
Corresponding sub- bucket performs corresponding operation in Step g, the data bucket;Corresponding operation is included by described in
Network packet is sent to auditing system, the network packet is copied to auditing system, sends the network packet
Operated to data sending queue, by any one in network packet discarding;It is described by the network data packet replication
Include to auditing system by the network data packet replication portion network packet duplicate and by the network data packet replication
Part is sent to the auditing system, and the network packet then is sent to the data sending queue;It is sent to described examine
The network packet of meter systems can be sent to out by the auditing system, this is determined by auditing system, examine certainly
Meter systems can also determine not to be sent to.The data sending queue can also add traffic control queues, for limiting net
The transmission speed of network data packet.
Step h, the auditing system audit the network packet and obtain the network data by audit
Bag;
Step i, auditing system generation contain new five-tuple information and the flow control policy of new action number;
New five-tuple information and the flow control policy of new action number are contained described in Step j, reception;
Step k, receive the network packet by audit and go to the execution step Step f;
Step l, the parsing flow control policy obtain new five-tuple information and new action number;
The new five-tuple information and new action number, is added to the flow control and tabulates and go to execution by Step m
Step c。
From above step as can be seen that network packet can be divided into the network packet received first and pass through audit
Network packet, for the network packet that receives first, it is necessary to by step a to stepm, and for by auditing
Network packet, it is only necessary to by step c to step m.
With reference to Fig. 7, the present invention is explained by an instantiation:
Network packet passes through the RX, 1. in Fig. 7, parses the five-tuple information of data packet(Source IP, source port, purpose
IP, destination interface, agreement(TCP/UDP));
Then, then perform in Fig. 7 2., 3., 3. 2. it in accurate table and Fig. 7 is fuzzy table that in Fig. 7 is.First search essence
True table, if being hit in accurate table, return action number, which performs completion.If not hit in accurate table, search
Fuzzy table, return action number after hit, then add and the accurate five-tuple of the network packet and action number are added to accurate table
In, return action number, the part performs completion.If fuzzy table is miss, the action number of acquiescence is returned.In Fig. 7 2., 3.
The result of execution is action number.
Then, then to network packet classify(In Fig. 7 4.).Two kinds of situations are surrounded by into network data 4.,
A kind of is the network packet tabulated by flow control(In Fig. 7 1. → 2./3. → 4.), a kind of is by the network number by audit
According to bag (in Fig. 7 9. → 4.).Data classification is that data packet is assigned to the not of the same race of data bucket according to the action number of data packet
The sub- bucket of class.
Finally, then data bucket module (in Fig. 7 5., 6., 7., 8.) is performed.Data bucket includes:Execution is sent to audit system
The sub- bucket of system operation(In Fig. 7 5.), perform copy to auditing system operation sub- bucket(In Fig. 7 6.), perform enqueue behaviour
The sub- bucket of work(In Fig. 7 7.)With the sub- bucket for performing discarding operation(In Fig. 7 8.).It is sent to the network data of auditing system
Bag, auditing system can be sent to again(Certainly, determined, can not also sent out by auditing system).Copy to auditing system,
I.e. a network packet of duplication is waited into enqueue and sent to auditing system, then network packet.Enqueue, that is, enter
Data sending queue(Here, traffic control queues can also be added and carry out speed limit etc.).Abandon, will the network packet lose
Fall.
Receive auditing system data packet(In Fig. 7 9.)It is to be sent out to upload to the data packet of auditing system
Go, i.e., into enqueue.
Policy resolution in Fig. 7 is to parse the strategy of auditing system or the transmission of other clients, add the plan after parsing
Slightly it is added in flow control tabulation.
With reference to real network situation, the flow direction of network packet is as follows:
Network packet reaches the system process flow such as first:In Fig. 7 1. → 2. → 3. → 2. → 4. → 5./6./
7./8. → 10. (10. 6./network packet 7. is gone to)(The step of middle no label, has omitted).
Network packet is non-to reach the system first, according to network packet five-tuple information in accurate table.Process flow
Such as:In Fig. 7 1. → 2. → 4. → 5./6./7./8. → 10. (10. 6./network packet 7. is gone to)(Centre does not have labelled
Step has been omitted).
Network packet is sent to auditing system, and process flow is such as:In Fig. 7 1. → 2. → 4. → 5. → 9. → 4. → 7.
→ 10.,(The step of middle no label, has omitted)Meeting Provisioning Policy after auditing system audit analysis, then receives, parses strategy
After be added to flow control tabulation in.
Network packet copies to auditing system, and process flow is such as:In Fig. 7 1. → 2. → 4. → 6. → 10.(Centre does not have
Labelled step has been omitted).Auditing system receives network packet at the same time, and process flow such as network packet is sent to careful
Meter systems.
In conclusion pass through the Audit control method or system of serial data stream provided in an embodiment of the present invention, Ke Yiyou
Effect solves, in the prior art for concatenating 7 layer network agreement auditing systems in a network, there is forward efficiency and to examine
The problem of meter flexibility mutually restricts, causes the effect that can not play auditing system well under the larger user environment of flow
The defects of, the present invention according to flow control due to using after data are carried out parsing classification, tabulating data upload or multiple selectively
Auditing system is made, faster, forward efficiency higher, has reached the network throughput for improving auditing system, taken into account forwarding speed
Serial auditing system forward efficiency and audit flexibility, realize the high-speed data forwarding of auditing system.
The embodiment of the present invention is described above in conjunction with attached drawing, but the invention is not limited in above-mentioned specific
Embodiment, above-mentioned embodiment is only schematical, rather than restricted, those of ordinary skill in the art
Under the enlightenment of the present invention, in the case of present inventive concept and scope of the claimed protection is not departed from, it can also make very much
Form, these are belonged within the protection of the present invention.
Claims (22)
1. a kind of Audit control method of serial data stream, it is characterised in that comprise the following steps:
S1, receiving network data bag simultaneously parse the network packet to obtain the multi-component system letter of the network packet
Breath;And the polynary group information of the network packet and the network packet is sent to flow control tabulation;
S2, judge whether the flow control tabulation hits the polynary group information of the network packet, and returns to the flow control tabulation
Action number;
The network packet is assigned to corresponding sub- bucket in data bucket by S3, the action number tabulated according to the flow control, wherein,
The action number includes:The action number of auditing system is sent to, copies to the action number of auditing system, the action number of enqueue,
The action number of discarding, corresponding sub- bucket includes in the data bucket:The sub- bucket for being sent to auditing system operation is performed, performs duplication
To the sub- bucket of auditing system operation, the sub- bucket of enqueue operation is performed, performs the sub- bucket for abandoning operation;
Corresponding sub- bucket performs the network packet corresponding operation in S4, the data bucket.
2. the Audit control method of serial data stream according to claim 1, it is characterised in that the polynary group information is
Five-tuple information.
3. the Audit control method of serial data stream according to claim 2, it is characterised in that the five-tuple packet
Include source IP, source port, destination IP, destination interface and the agreement of the network packet.
4. the Audit control method of serial data stream according to claim 3, it is characterised in that the flow control tabulation includes
Accurate table and fuzzy table.
5. the Audit control method of serial data stream according to claim 4, it is characterised in that the accurate table is hash
Table, the hash tables include each five-tuple information of node and the action number of each node in the hash tables.
6. the Audit control method of serial data stream according to claim 5, it is characterised in that the fuzzy table includes band
The five-tuple information of asterisk wildcard and action number.
7. the Audit control method of serial data stream according to claim 6, it is characterised in that the step S2 include with
Lower sub-step:
S21, flow control tabulation receive the five-tuple information of the network packet and the network packet;
S22, the accurate table according to the five-tuple information searching of the network packet, and judge whether the accurate table hits
The network packet;If the accurate table hits the network packet, the action of the node of the accurate table is returned
Number;
If S23, the miss network packet of the accurate table, search the fuzzy table, and judge the fuzzy table
The network packet whether is hit, if the fuzzy table hits the network packet, returns to the section of the fuzzy table
The action number of the five-tuple information of the network packet and the node of the fuzzy table is simultaneously added to described by the action number of point
In accurate table;
If S24, the fuzzy miss network packet of table, the action number of return system acquiescence, and by the net
The action number of the node of the five-tuple information of network data packet and the fuzzy table is added in the accurate table.
8. the Audit control method of serial data stream according to claim 7, it is characterised in that
In the step S22, by judging in the hash tables with the presence or absence of the five-tuple information phase with the network packet
With the five-tuple information of the node and the action number of each node judge whether the accurate table hits the network number
According to bag, if the five-tuple in the hash tables in the presence of the node identical with the five-tuple information of the network packet is believed
Breath, it is determined that the accurate table hits the network packet;If it is not present and the network packet in the hash tables
The identical node of five-tuple information five-tuple information, it is determined that the miss network packet of the accurate table.
9. the Audit control method of serial data stream according to claim 7, it is characterised in that
In the step S23, fitted by judging to whether there is in the fuzzy table with the five-tuple information of the network packet
The five-tuple information with asterisk wildcard matched somebody with somebody judges whether the fuzzy table hits the network packet, if described fuzzy
There is the five-tuple information with asterisk wildcard being adapted to the five-tuple information of the network packet in table, it is determined that described
Fuzzy table hits the network packet;Fitted if be not present in the fuzzy table with the five-tuple information of the network packet
The five-tuple information with asterisk wildcard matched somebody with somebody, it is determined that the fuzzy miss network packet of table.
10. the Audit control method of serial data stream according to claim 7, it is characterised in that
Corresponding operation described in the step S4 includes the network packet being sent to auditing system, by the network number
Data sending queue is sent to according to packet replication to auditing system, by the network packet, by network packet discarding
Any one operation;
The network packet is copied to auditing system is included the network data packet replication portion network data packet replication
The network packet duplicate is simultaneously sent to the auditing system by part, and the network packet then is sent to the number
According to transmit queue.
11. the Audit control method of serial data stream according to claim 7, it is characterised in that the serial data stream
Audit control method it is further comprising the steps of:
S5, after the step S4, the auditing system is audited the network packet and is obtained by audit
Network packet;
S6, auditing system generation contain new five-tuple information and the flow control policy of new action number;
New five-tuple information and the flow control policy of new action number are contained described in S7, reception;
S8, receive the network packet by audit and go to the execution step S3;
The flow control policy that new five-tuple information and new action number are contained described in S9, parsing obtains new five-tuple information
With new action number;
The new five-tuple information and new action number, is added to the flow control and tabulates and go to and perform the step by S10
S2。
12. the Audit control system of a kind of serial data stream, it is characterised in that including with lower module:
Resolve packet module, is parsed for receiving network data bag and to the network packet to obtain the network
The polynary group information of data packet;And the polynary group information of the network packet and the network packet is sent to flow control
Tabulation;
Flow control tabulation module, for judging whether the flow control tabulation hits the polynary group information of the network packet, and is returned
Return the action number of the flow control tabulation;
Data categorization module, it is right in data bucket for being assigned to the network packet according to the action number that the flow control is tabulated
The sub- bucket answered;
Data bucket module, for performing corresponding operation to the network packet by corresponding sub- bucket in the data bucket;
Wherein, in the data categorization module, the action number includes:The action number of auditing system is sent to, copies to audit
The action number of system, the action number of enqueue, the action number of discarding;
Wherein, corresponding sub- bucket includes in the data bucket:The sub- bucket for being sent to auditing system operation is performed, execution copies to careful
The sub- bucket of meter systems operation, performs the sub- bucket of enqueue operation, performs the sub- bucket for abandoning operation.
13. the Audit control system of serial data stream according to claim 12, it is characterised in that the polynary group information
For five-tuple information.
14. the Audit control system of serial data stream according to claim 13, it is characterised in that the network packet
Five-tuple information include source IP, source port, destination IP, destination interface and the agreement of the network packet.
15. the Audit control system of serial data stream according to claim 14, it is characterised in that the flow control tabulation bag
Include accurate table and fuzzy table.
16. the Audit control system of serial data stream according to claim 15, it is characterised in that the accurate table is
Hash tables, the hash tables include each five-tuple information of node and the action number of each node in the hash tables.
17. the Audit control system of serial data stream according to claim 16, it is characterised in that the fuzzy table includes
Five-tuple information with asterisk wildcard and action number.
18. the Audit control system of serial data stream according to claim 17, it is characterised in that the flow control tabulation mould
Block is included with lower unit:
Receiving unit, the five-tuple of the network packet and the network packet is received for tabulating by the flow control
Information;
First hit judging unit, for accurate table described in the five-tuple information searching according to the network packet, and judges
Whether the accurate table hits the network packet;If the accurate table hit network packet, described in return
The action number of the node of accurate table;
Second hit judging unit, in the miss network packet of the accurately table, searching the fuzzy table, and
Judge whether the fuzzy table hits the network packet, when the fuzzy table hits the network packet, return to institute
State the action number of the node of fuzzy table and by the action of the five-tuple information of the network packet and the node of the fuzzy table
Number it is added in the accurate table;
Action returning unit, in the miss network packet of the fuzzy table, the action of return system acquiescence
Number, and the action number of the five-tuple information of the network packet and the node of the fuzzy table is added to the accurate table
In.
19. the Audit control system of serial data stream according to claim 18, it is characterised in that
In the first hit judging unit, by judging in the hash tables with the presence or absence of five yuan with the network packet
The five-tuple information of the identical node of group information judges whether the accurate table hits the network packet, described
When there is the five-tuple information of the node identical with the five-tuple information of the network packet in hash tables, determine described
Accurate table hits the network packet;There is no identical with the five-tuple information of the network packet in the hash tables
The node five-tuple information when, determine the accurate miss network packet of table.
20. the Audit control system of serial data stream according to claim 18, it is characterised in that
In the second hit judging unit, by judging in the fuzzy table with the presence or absence of five yuan with the network packet
The five-tuple information with asterisk wildcard of group information adaptation judges whether the fuzzy table hits the network packet,
When there is the five-tuple information with asterisk wildcard being adapted to the five-tuple information of the network packet in the fuzzy table,
Determine that the fuzzy table hits the network packet;There is no the five-tuple with the network packet in the fuzzy table
During the five-tuple information with asterisk wildcard of information adaptation, the miss network packet of the fuzzy table is determined.
21. the Audit control system of serial data stream according to claim 18, it is characterised in that
Corresponding operation described in the data bucket module includes the network packet being sent to auditing system, by the net
Network data packet copies to auditing system, the network packet is sent to data sending queue, loses the network packet
Any one operation in abandoning;
The network packet is copied to auditing system is included the network data packet replication portion network data packet replication
The network packet duplicate is simultaneously sent to the auditing system by part, and the network packet then is sent to the number
According to transmit queue.
22. the Audit control system of serial data stream according to claim 18, it is characterised in that the serial data stream
Audit control system further include with lower module:
Audit Module, for being audited and being obtained the network by audit to the network packet by the auditing system
Data packet;
Policy distribution module, for containing the stream of new five-tuple information and new action number by auditing system generation
Control strategy;
Policy receipt module, for receiving the flow control policy for containing new five-tuple information and new action number;
Packet-receiving module, for receiving the network packet by audit and starting the work(of the data categorization module
Energy;
Strategy analyzing module, obtains for parsing the flow control policy for containing new five-tuple information and new action number
New five-tuple information and new action number;
Tactful add module, tabulates and starts for the new five-tuple information and new action number to be added to the flow control
The function of the flow control tabulation module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310727363.0A CN104753726B (en) | 2013-12-25 | 2013-12-25 | A kind of Audit control method and system of serial data stream |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310727363.0A CN104753726B (en) | 2013-12-25 | 2013-12-25 | A kind of Audit control method and system of serial data stream |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104753726A CN104753726A (en) | 2015-07-01 |
CN104753726B true CN104753726B (en) | 2018-04-20 |
Family
ID=53592874
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310727363.0A Active CN104753726B (en) | 2013-12-25 | 2013-12-25 | A kind of Audit control method and system of serial data stream |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104753726B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110943985B (en) * | 2019-11-26 | 2022-03-22 | 武汉虹旭信息技术有限责任公司 | Security audit system and method based on 5G mobile communication network |
CN111092785A (en) * | 2019-12-05 | 2020-05-01 | 深圳市任子行科技开发有限公司 | Data monitoring method and device |
CN111541617B (en) * | 2020-04-17 | 2021-11-02 | 网络通信与安全紫金山实验室 | Data flow table processing method and device for high-speed large-scale concurrent data flow |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101309216B (en) * | 2008-07-03 | 2011-05-04 | 中国科学院计算技术研究所 | IP packet classification method and apparatus |
CN101594303B (en) * | 2009-07-10 | 2011-06-01 | 清华大学 | Rapid network packet classification method based on network traffic statistic information |
CN101702726B (en) * | 2009-11-13 | 2012-06-27 | 曙光信息产业(北京)有限公司 | Method and device for updating quintuple rules for IP packet sorting device |
CN102255909B (en) * | 2011-07-11 | 2014-07-02 | 北京星网锐捷网络技术有限公司 | Session stream monitoring method and device |
CN103188231A (en) * | 2011-12-30 | 2013-07-03 | 北京锐安科技有限公司 | Multi-core printed circuit board access control list (ACL) rule matching method |
-
2013
- 2013-12-25 CN CN201310727363.0A patent/CN104753726B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN104753726A (en) | 2015-07-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104348716B (en) | A kind of message processing method and equipment | |
CN109063777B (en) | Net flow assorted method, apparatus and realization device | |
CN101176306B (en) | Traffic analysis system and method for checking network communication service flow | |
CN104022953B (en) | Message forwarding method and device based on open flows Openflow | |
CN104717101B (en) | Deep packet inspection method and system | |
CN104410541B (en) | The method and device that VXLAN internal layer virtual machine traffics are counted in intermediary switch | |
US9001688B2 (en) | Dynamic balancing of a traffic mix for data center device testing | |
US8229705B1 (en) | Performance monitoring in computer networks | |
CN102075421B (en) | Service quality processing method and device | |
CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
CN104753726B (en) | A kind of Audit control method and system of serial data stream | |
US7522530B2 (en) | Method for protocol recognition and analysis in data networks | |
US7516364B2 (en) | Method for testing network devices using breakpointing | |
CN108353022A (en) | A kind of processing method of data message, apparatus and system | |
CN100571218C (en) | A kind of method and apparatus of realizing stream translation | |
TWI323108B (en) | Powerful and expandable pipeline architecture for a network device | |
CN107846341A (en) | Method, relevant apparatus and the system of schedules message | |
CN105847179A (en) | Method and device for concurrently reporting data in DPI system | |
CN107508828A (en) | A kind of very-long-range data interaction system and method | |
US20040148417A1 (en) | Method and system for distinguishing higher layer protocols of the internet traffic | |
CN102739537B (en) | The retransmission method and device of Ethernet data bag | |
CN107147585A (en) | A kind of flow control methods and device | |
KR100965621B1 (en) | Method and computer system for triggering an action on digital communication data | |
CN101924705A (en) | Multipath by-pass shunt forwarding method and system based on programmable router | |
Chokkanathan et al. | A study on flow based classification models using machine learning techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |