Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the present invention
Accompanying drawing in embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that
Described embodiment is a part of embodiment of the present invention rather than whole embodiments.Based in the present invention
Embodiment, those of ordinary skill in the art obtained under not making creative work premise all its
His embodiment, broadly falls into the scope of protection of the invention.
Fig. 1 is a kind of based on virtual switch the virtual platform security protection side that the embodiment of the present invention provides
The flow chart of method, as it is shown in figure 1, the method specifically includes:
Step 101, receives the packet that the first interface in virtual switch sends, and described first interface is used
In on the communication link in described virtual switch, the first equipment is sent to the packet of the second equipment and carries out
Intercept;
At least one physical machine is included on virtual platform, can be by virtual for a physical machine by Intel Virtualization Technology
Become multiple stage virtual machine, and on virtual platform, fictionalize at least one virtual switch.Wherein, often
Individual virtual machine can run different operating system and application, between different virtual machines, and virtual machine and thing
Can be communicated alternately by virtual switch between reason machine.
More owing to carrying out the type of the communicating pair of communication interaction on virtual platform, including: virtual machine leads to
Cross virtual switch and send packet to virtual machine, or, physical machine is sent out to virtual machine by virtual switch
Packet, virtual machine is sent to send packet by virtual switch to physical machine.Therefore, in order to clearer
The virtual platform safety protecting method based on virtual switch that the present embodiment provides is described, flat with virtualization
The first equipment and the second equipment on platform are to carry out as a example by executive agent is communicated alternately by virtual switch
Illustrate.Wherein, the first equipment includes: physical machine or virtual machine;Second equipment includes: physical machine
Or virtual machine.
The first interface arranged in virtual switch in advance, first interface is for leading in virtual switch
On letter link, the first equipment is sent to the packet of the second equipment and intercepts.It should be noted that first
The position of interface can need to select on the communication link, such as according to reality application: communication link
Entrance, or centre position, i.e. position before packet flows out virtual switch by communication link are equal
Position can be set as first interface.
It should be noted that the generating mode of first interface has a lot, can select according to application needs,
The present embodiment is without limitation, is illustrated below: can be by hook Hook program at virtual switch
In generate, it is also possible to control centre from virtual platform obtains the interface being cured and installs.
The communication link pre-build by virtual switch when the first equipment is to the second equipment sending data bag
Time, first interface is for intercepting the packet on communication link, and is sent to data characteristics storehouse and carries out
Safety detection.
Step 102, uses data characteristics storehouse to detect whether described packet meets default network security policy,
Described data characteristics storehouse includes: with described network security policy characteristic of correspondence information;
Virtual switch is previously provided with data characteristics storehouse, data characteristics storehouse includes and network security plan
Slightly characteristic of correspondence information.Wherein, network security policy includes: network legal power audit, network attack detection,
And at least one in flow invasion, can be according to network application environment and virtual machine and the business of physical machine
Type is configured, and the present embodiment is without limitation.Owing to network security policy is different, therefore, corresponding
The particular content of characteristic information and the form of expression also differ.
When data characteristics storehouse receives, by first interface, the packet that the first equipment is sent to the second equipment,
Use and whether data characteristics storehouse meets default with network security policy this packet of characteristic of correspondence infomation detection
Network security policy.Owing to the characteristic information of network security policy is different, therefore, concrete detection process
The most different with criterion, can be specifically introduced in subsequent embodiment.
Step 103, if judging to know that described packet meets described network security policy, then by described virtual
Packet through safety detection is sent to described second equipment by the second interface in switch.
If data characteristics storehouse according to network security policy characteristic of correspondence information, it is judged that know that this packet accords with
Close the network security policy preset, then illustrate that this packet does not has network attack to the equipment on virtual platform
Threat, virtual switch can be passed through, therefore, the packet through safety detection is sent to second and connects
Mouthful, in order to by the second interface, the packet through safety detection is sent to the second equipment.
It should be noted that the second interface is used for carrying out the packet through data characteristics storehouse safety detection turning
Send out.It should be noted that the position of the second interface can need to carry out on the communication link according to reality application
Select, such as: the outlet of communication link, or first interface to export between position.
It should be noted that the generating mode of the second interface has a lot, can select according to application needs,
The present embodiment is without limitation, is illustrated below: can be by hook Hook program at virtual switch
In generate, it is also possible to control centre from virtual platform obtains the interface being cured and installs.
The virtual platform safety protecting method based on virtual switch that the present embodiment provides, by virtual friendship
The first interface changed planes on the communication link in virtual switch, the first equipment be sent to the second equipment
Packet intercepts, with network security policy characteristic of correspondence infomation detection data in employing data characteristics storehouse
Wrap whether safety, be the most then sent to the second equipment by the second interface in virtual switch.Thus keep away
Exempt from that the communication flows in virtual switch is imported to external system and carried out safety detection, improve safe inspection
The treatment effeciency surveyed, and reduce the time delay of communication interaction.
Fig. 2 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The flow chart of method, the present embodiment describes in detail and generates first in virtual switch by hook Hook program
Interface;And/or second process of interface, and detection knows that security protection when packet is dangerous processes,
As in figure 2 it is shown, the method specifically includes:
Step 201, application hooks subprogram is provided for intercepting the first of described packet on described communication link
Registration point, and be packaged setting up described first interface to described first registration point;And/or, apply hook journey
Sequence is provided for forwarding the second registration point of described packet on described communication link, and to described second note
Volume point is packaged setting up described second interface;
Application hook Hook program is provided for the first of data interception bag on the communication link of virtual switch
Registration point, and be packaged setting up first interface to the first registration point.First registration point is on the communication link
Directly it is provided for the anchor point that the packet on communication link is intercepted, this first registration point is carried out
The purpose of encapsulation is to realize the first interface corresponding with intercepting function, the most in other words, it is simply that to the first registration
Point stamps interception labelling so that when packet arrives this first registration point, intercept this packet.
And/or,
Application hooks subprogram is provided for forwarding the second registration point of packet on the communication link, and to second
Registration point is packaged setting up described second interface.Second registration point is the most directly to be provided for
The anchor point forwarded the packet on communication link after safety detection, clicks on this second registration
The purpose of row encapsulation is to realize second interface corresponding with forwarding capability, the most in other words, it is simply that to the second note
Volume point stamps forwarding labelling so that when packet arrives this second registration point, forward this packet.
Step 202, receives the packet that the first interface in virtual switch sends, and described first interface is used for
To on the communication link in described virtual switch, the first equipment is sent to the packet of the second equipment and blocks
Cut;
The communication link pre-build by virtual switch when the first equipment is to the second equipment sending data bag
Time, first interface is for intercepting the packet on communication link, and is sent to data characteristics storehouse and carries out
Safety detection.
Step 203, uses data characteristics storehouse to detect whether described packet meets default network security policy,
Described data characteristics storehouse includes: with described network security policy characteristic of correspondence information;
When data characteristics storehouse receives, by first interface, the packet that the first equipment is sent to the second equipment,
Use and whether data characteristics storehouse meets default with network security policy this packet of characteristic of correspondence infomation detection
Network security policy.Owing to the characteristic information of network security policy is different, therefore, concrete detection process
The most different with criterion, can be specifically introduced in subsequent embodiment.
Step 204, if judging to know that described packet meets described network security policy, then by described virtual
Packet through safety detection is sent to described second equipment by the second interface in switch;If judging to obtain
Know that described packet does not meets described network security policy, then according to the network prestige in described network security policy
Side of body type, carries out security protection process to described packet.
If data characteristics storehouse according to network security policy characteristic of correspondence information, it is judged that know that this packet accords with
Close the network security policy preset, then illustrate that this packet does not has network attack to the equipment on virtual platform
Threat, virtual switch can be passed through, therefore, the packet through safety detection is sent to second and connects
Mouthful, in order to by the second interface, the packet through safety detection is sent to the second equipment.
If data characteristics storehouse according to network security policy characteristic of correspondence information, it is judged that know this packet not
Meet network security policy, then according to the Cyberthreat type in network security policy, packet is pacified
Full protection processes, to ensure that this packet with Cyberthreat will not flow out virtual switch arrival second and sets
Standby.
The virtual platform safety protecting method based on virtual switch that the present embodiment provides, by virtual friendship
Employing hook program of changing planes arrange first interface on the communication link in virtual switch, the first equipment
The packet being sent to the second equipment intercepts, and uses in data characteristics storehouse corresponding with network security policy
Characteristic information detection packet whether safety, the most then by using hook program to arrange in virtual switch
The second interface be sent to the second equipment, if it is not, then packet is carried out security protection process.Thus avoid
Communication flows in virtual switch is imported to external system carries out safety detection, improves safety detection
Treatment effeciency, and reduce the time delay of communication interaction, and further increasing virtual platform
Safety.
For embodiment described in Fig. 2, owing to network security policy is different, therefore, the spy of network security policy
Reference cease, and concrete detection process and criterion the most different, in order to above-mentioned adopting more clearly is described
With data characteristics storehouse, packet is carried out the process of safety detection, and when judgement knows that described packet is not inconsistent
When closing described network security policy, according to the Cyberthreat type in described network security policy, to packet
Carry out the process of security protection process, be specifically described by embodiment described in Fig. 3-Fig. 5.
Fig. 3 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The flow chart of method, the present embodiment be for network security policy be network legal power audit time safety detection mistake
Journey, and when the Cyberthreat type that packet is network legal power audit, packet is carried out security protection
The process processed, as it is shown on figure 3, the method specifically includes:
Step 301, obtains corresponding for the source IP network access authority information with described packet;
Specifically, when network security policy is network legal power audit, with network security policy characteristic of correspondence
Information includes: IP address information, and the network access authority information corresponding with IP address information.
When data characteristics storehouse receives the packet that first interface sends, resolve packet and obtain this packet
Source IP address and purpose IP address.Then IP address information, Yi Jiyu in the characteristic information prestored are inquired about
The network access authority information that IP address information is corresponding, obtains the network corresponding for source IP with this packet and accesses
Authority information.
Step 302, audits to the legitimacy of purpose IP according to described network access authority infomation detection;
The legitimacy of purpose IP is audited by the network access authority infomation detection according to obtaining, i.e. according to being somebody's turn to do
Network access authority information judges whether this source IP has permission and accesses the Internet resources that purpose IP is corresponding.If sentencing
Break and know that source IP has permission the Internet resources that access purpose IP is corresponding, then purpose IP is legal, and this packet leads to
Cross safety detection, send the packet to the second equipment by the second interface.If judging to know that source IP does not has
Authority accesses the Internet resources that purpose IP is corresponding, then purpose IP is illegal, and this packet is not over safety
Detection, needs packet is carried out security protection process.
Step 303, if judging to know that described purpose IP is illegal, then according to described by described network access right
Described purpose IP is revised as lawful authority IP by limit information, and amended packet is sent to described second
Interface.
If judging to know that source IP does not has authority to access the Internet resources that purpose IP is corresponding, then purpose IP is illegal,
This packet is not over safety detection, and therefore, purpose IP is repaiied by the network access authority information according to obtaining
Change lawful authority IP into, and amended packet is sent to the second interface, by the second interface by this number
It is sent to the second equipment according to bag.
The virtual platform safety protecting method based on virtual switch that the present embodiment provides, special by data
Levy in storehouse with network legal power audit characteristic of correspondence infomation detection packet whether safety, the most then by void
The second interface intended in switch is sent to the second equipment, changes Lawful access power into if it is not, then guarantee the repair free of charge data
The packet of limit forwards.Thus improve the safety of virtual platform.
Fig. 4 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The flow chart of method, the present embodiment is to be safety detection mistake during network attack detection for network security policy
Journey, and when the Cyberthreat type that packet is network attack detection, packet is carried out security protection
The process processed, as shown in Figure 4, the method specifically includes:
Step 401, determines the communication protocol that described packet is applied;
Specifically, when network security policy is network attack detection, with network security policy characteristic of correspondence
Information includes: the critical field corresponding with the communication protocol of packet, and attacks the description information of character string.
When data characteristics storehouse receives the packet that first interface sends, resolve packet and determine that packet should
Communication protocol.The communication protocol of this packet application is obtained from the header file information of this packet.Logical
Letter agreement specifically includes: HTML (Hypertext Markup Language), the standard agreement of Internet Tele Sign-On services, Yi Jijian
Single Mail Transfer protocol.
Step 402, obtains the data message in the critical field corresponding with described communication protocol, it is judged that described pass
Whether the data message in key field includes the description information of described attack character string;
Critical field corresponding with the communication protocol of packet in the characteristic information that inquiry prestores, and attack word
The description information of symbol string.Data message is obtained, it is judged that crucial from the critical field corresponding with this communication protocol
Whether the data message in field includes the description of attack character string corresponding with communication protocol in characteristic information
Information.If judging to know the description information that the data message in critical field does not include attacking character string, this number
According to bag by safety detection, send the packet to the second equipment by the second interface.If judging to know pass
Data message in key field include attack character string description information, this packet not over safety detection,
Need packet is carried out security protection process.
Step 403, if judging to know the description letter that the data message in described critical field includes attacking character string
Breath, then abandon described packet;Or, obtain after described packet is carried out filtration treatment and meet described net
The packet of network security strategy, and it is sent to described second interface.
If judging to know the description information that the data message in critical field includes attacking character string, this packet
Not over safety detection, therefore, then this packet is abandoned;Or, this packet is carried out filtration treatment
Rear acquisition meets the packet of network security policy, and is sent to described second interface, will by the second interface
This packet is sent to the second equipment.
The virtual platform safety protecting method based on virtual switch that the present embodiment provides, special by data
Levy in storehouse with network attack detection characteristic of correspondence infomation detection packet whether safety, the most then by void
The second interface intended in switch is sent to the second equipment, if it is not, then abandon packet or filter
Process.Thus improve the safety of virtual platform.
Fig. 5 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The flow chart of method, the present embodiment be for network security policy be flow invasion time safety detection process,
And when the Cyberthreat type that packet is flow invasion, packet is carried out the mistake of security protection process
Journey, as it is shown in figure 5, the method specifically includes:
Step 501, by the header file information of described packet, the form of intermediate file and ends file
Form mates with the format information in described characteristic information;
Specifically, when network security policy is flow invasion, with network security policy characteristic of correspondence information
Including: flow threshold corresponding with described format information in the format information of packet, and Preset Time,
Wherein, described format information includes: header file information, the form of intermediate file and the lattice of ends file
At least one in formula.
When data characteristics storehouse receives the packet that first interface sends, resolve packet, by packet
The form of header file information, the form of intermediate file and ends file and the format information in characteristic information
Mate.The data form of such as DDOS attack, if having DDOS attack in Preset Time end
The flow of the packet of data form exceedes default flow threshold, then illustrate its purpose to seek in a large number and consume
The process resource of counterpart device so that it is system crash.
Step 502, it is judged that whether the flow of the packet that in Preset Time, the match is successful exceedes default flow threshold
Value;
In the characteristic information that inquiry prestores, it is judged that whether the flow of the packet that the match is successful in Preset Time
Exceed default flow threshold.If judging to know that the flow in Preset Time is less than or equal to default flow threshold,
This packet passes through safety detection, sends the packet to the second equipment by the second interface.If judging to obtain
Know flow in Preset Time more than or equal to the flow threshold preset, this packet not over safety detection,
Need packet is carried out security protection process.
Step 503, if judging to know, in Preset Time, the flow of the packet that the match is successful exceedes described flow threshold
Value, then abandon described packet.
If judging to know, in Preset Time, the flow of the packet that the match is successful exceedes flow threshold, this packet
Not over safety detection, therefore, then this packet is abandoned.
The virtual platform safety protecting method based on virtual switch that the present embodiment provides, special by data
Levy in storehouse with flow invasion characteristic of correspondence infomation detection packet whether safety, the most then by virtual friendship
The second interface in changing planes is sent to the second equipment, if it is not, then abandon packet.Thus improve
The safety of virtual platform.
Fig. 6 is a kind of based on virtual switch the virtual platform security protection dress that the embodiment of the present invention provides
The structural representation put, as shown in Figure 6, this device includes: receiver module 11, detection module 12 and transmission
Module 13, wherein,
Receiver module 11, for receiving the packet that the first interface in virtual switch sends, described first
Interface for being sent to the data of the second equipment to the communication link in described virtual switch, the first equipment
Bag intercepts;
Detection module 12, for using data characteristics storehouse to detect whether described packet meets default network peace
Full strategy, described data characteristics storehouse includes: with described network security policy characteristic of correspondence information;
Sending module 13, if knowing that described packet meets described network security policy for judgement, then passes through
Packet through safety detection is sent to described second equipment by the second interface in described virtual switch.
The merit of each module in the virtual platform safety device based on virtual switch that the present embodiment provides
Energy and handling process, may refer to the embodiment of the method shown in above-mentioned Fig. 1, and it realizes principle and is similar to, herein
Repeat no more.
The virtual platform safety device based on virtual switch that the present embodiment provides, by virtual friendship
The first interface changed planes on the communication link in virtual switch, the first equipment be sent to the second equipment
Packet intercepts, with network security policy characteristic of correspondence infomation detection data in employing data characteristics storehouse
Wrap whether safety, be the most then sent to the second equipment by the second interface in virtual switch.Thus keep away
Exempt from that the communication flows in virtual switch is imported to external system and carried out safety detection, improve safe inspection
The treatment effeciency surveyed, and reduce the time delay of communication interaction.
Fig. 7 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The structural representation of device, as it is shown in fig. 7, based on embodiment illustrated in fig. 6, this device also includes: arrange
Module 14 and processing module 15, wherein,
Module 14 is set, is provided for intercepting described data on described communication link for application hooks subprogram
First registration point of bag, and be packaged setting up described first interface to described first registration point;And/or, should
On described communication link, it is provided for forwarding the second registration point of described packet by hook program, and to institute
State the second registration point to be packaged setting up described second interface.
For judgement, processing module 15, if knowing that described packet does not meets described network security policy, then root
According to the Cyberthreat type in described network security policy, described packet is carried out security protection process.
The merit of each module in the virtual platform safety device based on virtual switch that the present embodiment provides
Energy and handling process, may refer to the embodiment of the method shown in above-mentioned Fig. 2, and it realizes principle and is similar to, herein
Repeat no more.
The virtual platform safety device based on virtual switch that the present embodiment provides, by virtual friendship
Employing hook program of changing planes arrange first interface on the communication link in virtual switch, the first equipment
The packet being sent to the second equipment intercepts, and uses in data characteristics storehouse corresponding with network security policy
Characteristic information detection packet whether safety, the most then by using hook program to arrange in virtual switch
The second interface be sent to the second equipment, if it is not, then packet is carried out security protection process.Thus avoid
Communication flows in virtual switch is imported to external system carries out safety detection, improves safety detection
Treatment effeciency, and reduce the time delay of communication interaction, and further increasing virtual platform
Safety.
Fig. 8 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The structural representation of device, described network security policy is network legal power audit, described and described network security
Strategy characteristic of correspondence information includes: IP address information, and the network access right corresponding with IP address information
Limit information;As shown in Figure 8, based on embodiment illustrated in fig. 7, this detection module 12 includes: acquiring unit 121
With auditable unit 122, wherein,
Acquiring unit 121, for obtaining corresponding for the source IP network access authority information with described packet;
Auditable unit 122, for entering the legitimacy of purpose IP according to described network access authority infomation detection
Row audit;
Processing module 15, specifically for:
If judge know that described purpose IP is illegal, then according to described by described network access authority information to institute
State purpose IP and be revised as lawful authority IP, and amended packet is sent to described second interface.
The merit of each module in the virtual platform safety device based on virtual switch that the present embodiment provides
Energy and handling process, may refer to the embodiment of the method shown in above-mentioned Fig. 3, and it realizes principle and is similar to, herein
Repeat no more.
The virtual platform safety device based on virtual switch that the present embodiment provides, special by data
Levy in storehouse with network legal power audit characteristic of correspondence infomation detection packet whether safety, the most then by void
The second interface intended in switch is sent to the second equipment, changes Lawful access power into if it is not, then guarantee the repair free of charge data
The packet of limit forwards.Thus improve the safety of virtual platform.
Fig. 9 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The structural representation of device, described network security policy is network attack detection, described and described network security
Strategy characteristic of correspondence information includes: the critical field corresponding with the communication protocol of packet, and attacks word
The description information of symbol string;As it is shown in figure 9, based on embodiment illustrated in fig. 7, this detection module 12 includes: really
Cell 123 and the first judging unit 124, wherein,
Determine unit 123, for determining the communication protocol that described packet is applied;
First judging unit 124, for obtaining the data letter in the critical field corresponding with described communication protocol
Breath, it is judged that whether include the description information of described attack character string in the data message in described critical field;
Processing module 15, specifically for:
If judging to know the description information that the data message in described critical field includes attacking character string, then lose
Abandon described packet;Or, obtain after described packet is carried out filtration treatment and meet described network security plan
Packet slightly, and it is sent to described second interface.
The merit of each module in the virtual platform safety device based on virtual switch that the present embodiment provides
Energy and handling process, may refer to the embodiment of the method shown in above-mentioned Fig. 3, and it realizes principle and is similar to, herein
Repeat no more.
The virtual platform safety device based on virtual switch that the present embodiment provides, special by data
Levy in storehouse with network attack detection characteristic of correspondence infomation detection packet whether safety, the most then by void
The second interface intended in switch is sent to the second equipment, if it is not, then abandon packet or filter
Process.Thus improve the safety of virtual platform.
Figure 10 is another kind virtual platform based on the virtual switch security protection that the embodiment of the present invention provides
The structural representation of device, described network security policy is flow invasion, described and described network security policy
Characteristic of correspondence information includes: the format information of packet, and Preset Time is interior and described format information pair
The flow threshold answered, wherein, described format information includes: header file information, the form of intermediate file, with
And at least one in the form of ends file;As shown in Figure 10, based on embodiment illustrated in fig. 7, this detection
Module 12 includes: matching unit 125 and the second judging unit 126, wherein,
Matching unit 125, for by the header file information of described packet, the form of intermediate file, Yi Jijie
The form of bundle file mates with the format information in described characteristic information;
Second judging unit 126, for judging in Preset Time, whether the flow of the packet that the match is successful exceedes
The flow threshold preset;
Processing module 15, specifically for:
If judging to know, in Preset Time, the flow of the packet that the match is successful exceedes described flow threshold, then lose
Abandon described packet.
The merit of each module in the virtual platform safety device based on virtual switch that the present embodiment provides
Energy and handling process, may refer to the embodiment of the method shown in above-mentioned Fig. 3, and it realizes principle and is similar to, herein
Repeat no more.
The virtual platform safety device based on virtual switch that the present embodiment provides, special by data
Levy in storehouse with flow invasion characteristic of correspondence infomation detection packet whether safety, the most then by virtual friendship
The second interface in changing planes is sent to the second equipment, if it is not, then abandon packet.Thus improve
The safety of virtual platform.
Figure 11 is a kind of based on virtual switch the virtual platform security protection system that the embodiment of the present invention provides
The structural representation of system, as shown in figure 11, this system includes: the first equipment 1 of being positioned on virtual platform,
Second equipment 2, and the virtual switch 3 being deployed in physical machine, wherein, described first equipment 1 and
Two equipment 2 all include: the physical machine 4 on virtual platform, or, the virtual machine 5 being deployed in physical machine,
Described virtual switch 3 includes virtual platform safety device 6, Tu11Suo based on virtual switch
Show that embodiment is the first virtual machine with the first equipment 1, and the second equipment 2 is that the second virtual machine is by virtual
Switch 3 carries out example as a example by communicating alternately.
The merit of each module in the virtual platform security protection system based on virtual switch that the present embodiment provides
Energy and handling process, may refer to above-mentioned shown embodiment of the method, and it realizes principle and is similar to, the most no longer
Repeat.
The virtual platform security protection system based on virtual switch that the present embodiment provides, by virtual friendship
The first interface changed planes on the communication link in virtual switch, the first equipment be sent to the second equipment
Packet intercepts, with network security policy characteristic of correspondence infomation detection data in employing data characteristics storehouse
Wrap whether safety, be the most then sent to the second equipment by the second interface in virtual switch.Thus keep away
Exempt from that the communication flows in virtual switch is imported to external system and carried out safety detection, improve safe inspection
The treatment effeciency surveyed, and reduce the time delay of communication interaction.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can
Completing with the hardware relevant by programmed instruction, aforesaid program can be stored in an embodied on computer readable and deposit
In storage media, this program upon execution, performs to include the step of said method embodiment;And aforesaid storage
Medium includes: the various media that can store program code such as ROM, RAM, magnetic disc or CD.
Last it is noted that various embodiments above is only in order to illustrate technical scheme, rather than to it
Limit;Although the present invention being described in detail with reference to foregoing embodiments, the ordinary skill of this area
Personnel it is understood that the technical scheme described in foregoing embodiments still can be modified by it, or
The most some or all of technical characteristic is carried out equivalent;And these amendments or replacement, do not make phase
The essence answering technical scheme departs from the scope of various embodiments of the present invention technical scheme.