CN105391688A - Data connection identification method and data connection identification device - Google Patents
Data connection identification method and data connection identification device Download PDFInfo
- Publication number
- CN105391688A CN105391688A CN201510669942.3A CN201510669942A CN105391688A CN 105391688 A CN105391688 A CN 105391688A CN 201510669942 A CN201510669942 A CN 201510669942A CN 105391688 A CN105391688 A CN 105391688A
- Authority
- CN
- China
- Prior art keywords
- pattern matching
- connection
- cube computation
- packet
- thread
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/18—Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An embodiment of the invention discloses a data connection identification method and a data connection identification device. The data connection identification method comprises the steps of acquiring data packets which are transmitted in a network and belong to different data connections; starting a plurality of mode matching processes for performing parallel mode matching on the data packets; and identifying the protocol type of the data connection which corresponds with the data packet according to a mode matching result. The data connection identification method and the data connection identification device provided by the embodiment of the invention have an advantage of improving processing capacity of an L7-filter.
Description
Technical field
The embodiment of the present invention relates to network communication technology field, particularly relates to a kind of recognition methods and device of data cube computation.
Background technology
L7-filter is the protocol classification device of a linux kernel Netfilter subsystem, and it can identify the packet of application layer (OSIlayer7).L7-filter is as the identification of data packets grader on Linux, different with other most of graders, it has more than is the simple attributes such as port numbers, IP address of checking packet, but use regular expression to mate application layer protocol (as HTTP, FTP etc.), thus learn which kind of agreement of current data packet term and mark.Therefore, L7-filter can by different application layer protocol to packet classification, particularly can to P2P agreement efficient identification.Current L7-filter not only gives tacit consent to the up to a hundred middle agreement that can identify in real network, can also expand easily by adding match pattern file.
L7-filter is mainly used in which can not carry out pack processing information situation based on port: analysis port is unfixing, unforeseen agreement (as P2P); The packet (as HTTP uses 8080,442 ports) of non-standard ports; Various protocols shares a port (as P2P shares 80 ports).
L7-filter is the character match mode data discrimination bag using regular expression.Table 1 gives the example of the regular expression for distinguishing several agreement.See table 1, if beginning has " ftp " printed words after " 220 " in packet, and comprise " 331 " and " password " printed words in packet afterwards, then can judge that this link is that FTP serves.If comprise in packet " http ", " connection: ", " content-type: ", " content-length " content time, then can judge this link be HTTP service.
Table 1
Data packet delivery, to after L7-filter process, can wait for L7-filter feedback analysis result at kernel.L7-filter creates two threads, and one connects track thread, and as shown in dotted portion in Fig. 1, one is queue tracks thread, as shown in bold portion in Fig. 1.
Realization is followed the tracks of in the connection that described connection track thread depends on kernel, if channel data bag, kernel creates to connect to follow the tracks of and also sends newly-built connection tracking time to L7-filter, and L7-filter creates connection at user's space and follows the tracks of.The packet that the main buffer memory of described queue tracks thread receives connects in the queue followed the tracks of to corresponding, analyzes the content in buffer memory, then gives kernel feedback analysis result.Concrete detailed process is as follows:
Obtain the skew of application layer data in packet, because nf_queue is based on Netfilter, and Netfilter works in network layer, and the packet in network layer includes transport layer header, must be removed.
Also have to connect at user's space and follow the tracks of, a correspondence buffer memory is followed the tracks of in each connection, can deposit front 10 packets of a link.
If application is identified, then can directly return.If application is not identified, then continue to identify.Need before identification to judge, connect the data packet number followed the tracks of in corresponding buffer memory and whether reach 10, if there have been 10 packets, then marking connection cannot be identified, and does not also need to identify, so directly discharge buffer memory later.If packet number is less than 10, then can continue identification data bag.
Packet is copied in corresponding Connection Cache, calls matching regular expressions.If with all regular expressions, all it fails to match, then directly to kernel feedback analysis result, if the match is successful, obtain corresponding mark value, then discharge buffer memory, the data of all no longer this connection of Water demand later.
Existing L7-filter employing is single-threaded carries out pattern matching to packet.Due to the resource that the pattern matching meeting consumption rate based on regular expression mode is more, especially cpu resource, so the bottleneck that will become L7-filter here, causes the process capacity of L7-filter smaller.
Summary of the invention
For above-mentioned technical problem, embodiments provide a kind of recognition methods and device of data cube computation, to improve the process capacity of L7-filter.
First aspect, embodiments provides a kind of recognition methods of data cube computation, and described method comprises:
Acquisition transmission over networks, belong to the packet that different pieces of information connects;
Start at least two pattern matching threads, to the pattern matching that described packet walks abreast;
The protocol class of data cube computation according to the result identification of described pattern matching.
Second aspect, the embodiment of the present invention additionally provides a kind of recognition device of data cube computation, and described device comprises:
Packet acquisition module, for obtaining transmission over networks, belongs to the packet that different pieces of information connects;
PARALLEL MATCHING module, for starting at least two pattern matching threads, to the pattern matching that described packet walks abreast;
Identification module, for the protocol class of data cube computation according to the result identification of described pattern matching.
The recognition methods of the data cube computation that the embodiment of the present invention provides and device, by obtaining transmission over networks, belong to the packet that different pieces of information connects, start at least two pattern matching threads, to the pattern matching that described packet walks abreast, the protocol class of data cube computation according to the result identification of described pattern matching, thus the process capacity improving L7-filter.
Accompanying drawing explanation
By reading the detailed description done non-limiting example done with reference to the following drawings, other features, objects and advantages of the present invention will become more obvious:
Fig. 1 is the flow chart that existing L7-filter carries out data cube computation identification;
Fig. 2 is the flow chart of the recognition methods of the data cube computation that first embodiment of the invention provides;
Fig. 3 is the flow chart that in the recognition methods of the data cube computation that second embodiment of the invention provides, packet obtains;
Fig. 4 is the flow chart of PARALLEL MATCHING in the recognition methods of the data cube computation that third embodiment of the invention provides;
Fig. 5 is the UML sequence chart of the recognition methods of the data cube computation that fourth embodiment of the invention provides;
Fig. 6 is the structure chart of the recognition device of the data cube computation that fifth embodiment of the invention provides.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.Be understandable that, specific embodiment described herein is only for explaining the present invention, but not limitation of the invention.It also should be noted that, for convenience of description, illustrate only part related to the present invention in accompanying drawing but not entire infrastructure.
First embodiment
Present embodiments provide a kind of technical scheme of the recognition methods of data cube computation.The recognition methods of described data cube computation is performed by the recognition device of data cube computation.Further, the recognition device of described data cube computation is integrated in the middle of fire compartment wall or router usually.Certainly, the recognition device also not getting rid of described data cube computation is integrated in the situation in the network equipment of other filtrations for data cube computation, identification.
See Fig. 2, the recognition methods of described data cube computation comprises:
S21, acquisition transmission over networks, belong to the packet that different pieces of information connects.
In a packet switched network, data are transmitted with the form of packet and exchange.Different data cube computation is belonged at the packet of transmission over networks.In general, utilize and comprise mark data cube computation that these five characteristics of source IP address, object IP address, source port number, destination slogan and protocol label can be unique.For convenience's sake, above-mentioned five characteristics are called the five-tuple information of packet.
In general, above-mentioned five-tuple information is recorded in the header of the packet got.
S22, starts at least two pattern matching threads, to the pattern matching that described packet walks abreast.
Be understandable that, due to the raising of the network bandwidth, the quantity of the packet that can get from network in same time section is also corresponding to be improved.And existing L7-filter adopts a pattern matching thread to carry out pattern matching to the data content of the packet of the magnanimity got.Because pattern matching process itself needs to take certain resource, consume the regular hour, so the mode of operation adopting single thread to carry out pattern matching seems obviously not enough on process capacity.
The present embodiment, for the problems referred to above, starts multiple parallel pattern matching thread simultaneously, and each pattern matching thread independent pattern matching is carried out to the packet got.Like this, originally the working method of single thread just becomes parallel working method, greatly improves the efficiency of pattern matching process.
Identical with the pattern matching process in existing L7-filter, the pattern matching in the recognition methods of described data cube computation is also the pattern matching of carrying out based on regular expression.More specifically, install L7-filter linux system etc under protocols catalogue, house the regular expression for execution pattern coupling.Under normal circumstances, for a kind of data characteristics of specific procotol, a regular expression can be set specially, to complete the pattern matching to this procotol.
Further, when a new discovery data cube computation, the mark value of this data cube computation is set to unmarked.Then, the pattern matching based on regular expression is carried out to several packets belonging to this data cube computation.
S23, the protocol class of data cube computation according to the result identification of described pattern matching.
Concrete, executing the pattern matching to packet, after getting the result of described pattern matching, resetting according to the mark value of described result to described data cube computation.Table 1 shows the value of mark value corresponding to different agreement.
Table 1
| Agreement | Mark value |
| gnutella | 3 |
| imap | 4 |
| aim | 5 |
| smtp | 6 |
| dns | 7 |
| validcertssl | 8 |
| tor | 9 |
| ipp | 10 |
| ssdp | 11 |
| telnet | 12 |
| zmaap | 13 |
| yahoo | 14 |
| msnmessenger | 15 |
| ssl | 16 |
| ssh | 17 |
| http | 18 |
The present embodiment passes through acquisition transmission over networks, belong to the packet that different pieces of information connects, start multiple pattern matching thread, to the pattern matching that described packet walks abreast, and according to the result identification of described pattern matching the protocol class of data cube computation, thus by parallel mode, packet is carried out to the identification of protocol class, substantially increase the process capacity of L7-filter.
Second embodiment
The present embodiment, based on the above embodiment of the present invention, further provides a kind of technical scheme that in the recognition methods of data cube computation, packet obtains.In this technical scheme, acquisition transmission over networks, the packet belonging to different pieces of information connection comprises: by the analysis to packet, find new data cube computation; When finding new data cube computation, trigger new connection event; Described new connection event is distributed to match management thread.
See Fig. 3, acquisition transmission over networks, the packet belonging to different pieces of information connection comprises:
S31, by the analysis to packet, finds new data cube computation.
Concrete, first by the parsing to the packet got, obtain the five-tuple information comprised in the header of described packet.Then by by the comparison of described five-tuple with the existing five-tuple information be connected stored in connection pool, judge whether described packet belongs to a new data cube computation.
Described connection pool be L7-filter after improving in a data structure of local maintenance, be used for the information of the existing data cube computation of buffer memory.Preferably, described connection pool can be a linear linked list being used for storing the existing five-tuple information connected specially.
S32, when finding new data cube computation, triggers new connection event.
If by the information comparison to the data cube computation in connection pool, the packet that discovery gets belongs to a new data cube computation, then trigger new connection event.The event that described new connection event is found for characterizing new data cube computation.
S33, is distributed to match management thread by described new connection event.
Owing to employing multiple pattern matching thread in the present invention, conveniently to the management of above-mentioned multiple pattern matching thread, separately create a match management thread, be used for carrying out the scheduling of task between different pattern matching threads.
When there being new connection event to be triggered, the new connection event triggered being distributed to match management thread, being determined carry out pattern matching by that pattern matching thread to the packet of newfound data cube computation by described match management thread.
The present embodiment, by the analysis to packet, finds new data cube computation, and when finding new data cube computation, triggering new connection event, and described new connection event is distributed to match management thread, achieving the discovery to new data cube computation.
3rd embodiment
The present embodiment, based on the above embodiment of the present invention, further provides a kind of technical scheme of PARALLEL MATCHING in the recognition methods of data cube computation.In this technical scheme, start at least two pattern matching threads, the pattern matching that described packet walks abreast is comprised: after getting described new connection event, add up the number of connection in connection pool corresponding to each pattern matching thread by described match management thread; To the critical data of the data cube computation of described new connection event be triggered stored in the minimum connection pool of number of connection; Pattern matching thread corresponding to the connection pool minimum by number of connection checks the mark value of data cube computation described in described connection pool; If described mark value is unmarked, the pattern matching thread corresponding to the connection pool minimum by described number of connection carries out pattern matching to described critical data.
See Fig. 4, start multiple pattern matching thread, the pattern matching that described packet walks abreast comprised:
S41, after getting described new connection event, adds up the number of connection in connection pool corresponding to each pattern matching thread by described match management thread.
Concrete, can the number of connection in connection pool corresponding to each pattern matching thread be counted.More specifically, to the counting of number of connection be the counting of the number to the five-tuple stored in described connection pool.
S42, will trigger the critical data of the data cube computation of described new connection event stored in the minimum connection pool of number of connection.
Herein, the five-tuple information of described critical data i.e. data cube computation.By to the linking number quantitative statistics belonged in the connection pool of different pieces of information connection, the connection pool that number of connection is minimum can be found.Afterwards, by the five-tuple information of data cube computation corresponding for described new connection event stored in the minimum connection pool of described number of connection.
S43, the pattern matching thread corresponding to the connection pool minimum by number of connection checks the mark value of data cube computation described in described connection pool.
The each data cube computation stored in described connection pool has corresponding mark value.By after identifying the minimum connection pool of number of connection to linking number quantitative statistics, check the mark value that this connection pool is corresponding.
S44, if described mark value is unmarked, the pattern matching thread corresponding to connection pool having described number of connection minimum carries out pattern matching to described critical data.
The some packets belonging to this data cube computation can be selected, and pattern matching is carried out to the above-mentioned packet selected.Further, described pattern matching is the pattern matching based on the regular expression prestored.
Further, select receive at first 10 packets belonging to the data cube computation triggering new connection event, and the pattern matching based on the regular expression prestored is carried out to these 10 packets.
The present embodiment is by after getting described new connection event, the number of connection in connection pool corresponding to each pattern matching thread is added up by described match management thread, to the critical data of the data cube computation of described new connection event be triggered stored in the minimum connection pool of number of connection, pattern matching thread corresponding to the connection pool minimum by number of connection checks the mark value of data cube computation described in described connection pool, if described mark value is unmarked, the pattern matching thread corresponding to connection pool having described number of connection minimum carries out pattern matching to described critical data, the parallel pattern matching to packet is achieved with less computational resource.
4th embodiment
Present embodiments provide the another kind of technical scheme of the recognition methods of data cube computation.In the implementation of this technical scheme, relate to filter thread, connected track thread, queue thread, match management thread, pattern matching thread and grader thread.Wherein, filter thread, connect track thread, queue thread, match management thread and grader thread and be all created in the mode of single example and use, and pattern matching thread in internal memory, have Multi-instance resident.
See Fig. 5, the recognition methods of described data cube computation comprises:
S51, filter thread creation match management thread.
Described filter thread is the primary thread in the present embodiment.Management life cycle of its other thread of primary responsibility, namely creates and reclaims other each threads.
Described match management thread for creating each pattern matching thread, and carries out scheduling and the equilibrium of load between each pattern matching thread.
S51.1, the multiple pattern matching thread of match management thread creation.
The regular expression that described pattern matching thread is used for according to prestoring carries out pattern matching to the packet got.
S52, filter thread creation connects track thread.
Described connection track thread for finding new data cube computation, and after finding new data cube computation, processes there is the new case distribution connected to other threads.
S53, filter thread creation queue thread.
Described queue thread is used for capturing packet from network interface card, and carries out Data Analysis to packet.
S54, filter thread creation grader thread.
Described grader thread is used for, according to the regular expression prestored, classifying to described packet.
S55, connects the generation of track thread monitor event.
S56, connects track thread by case distribution to match management thread.
S56.1, the type of match management thread identification event.
Described event comprises deletes connection event and newly-increased connection event.
S56.2, when the type of described event is when deleting connection event, the data cube computation that match management thread pool event is corresponding.
S56.3, when the type of described event is when deleting connection event, the data cube computation that deletion event is corresponding.
S56.4, when the type of described event is newly-increased connection event, the pattern matching thread that inquiry is the most idle.
S56.5, when the type of described event is newly-increased connection event, connects to described pattern matching thread distribute data.
S56.6, when the type of described event is newly-increased connection event, stores described data cube computation.
S57, queue thread receives packet.
S58, queue thread distributes the packet received to match management thread.
S58.1, match management thread obtains data cube computation.
S58.2, match management thread obtains the mark mark of described data cube computation.
S58.3, match management thread obtains the mark mark value of described data cube computation.
S58.4, match management thread obtains the pattern matching thread of described packet.
S58.5, match management thread distributes described packet to described pattern matching thread.
S58.5.1, packet described in pattern matching threads store.
S59, pattern matching thread obtains described packet.
S510, pattern matching thread notice grader thread carries out protocol classification.
S511, pattern matching thread marks packet and data cube computation.
S512, the mark mark that pattern matching thread setting data connects.
S513, filter thread reclaims and connects track thread.
S514, filter thread recovery force alignment journey.
S515, filter thread notice reclaims match management thread.
S516, match management reclaims all pattern matching threads.
The present embodiment is by utilizing the multiple different pattern matching thread of match management thread creation, and utilize described multiple pattern matching thread execution based on the pattern matching of regular expression, achieve the parallel pattern matching to packet, substantially increase the process capacity of L7-filter.
5th embodiment
Present embodiments provide a kind of technical scheme of the recognition device of data cube computation.See Fig. 6, in this technical scheme, the recognition device of described data cube computation comprises: packet acquisition module 61, PARALLEL MATCHING module 62 and identification module 63.
Described packet acquisition module 61, for obtaining transmission over networks, belongs to the packet that different pieces of information connects.
Described PARALLEL MATCHING module 62 for start at least two pattern matching threads, to the pattern matching that described packet walks abreast.
Described identification module 63 is for the protocol class of data cube computation according to the result identification of described pattern matching.
Optionally, described packet acquisition module 61 comprises: connect and find unit, event trigger element and case distribution unit.
Described connection finds that unit is used for by the analysis to packet, finds new data cube computation.
When described event trigger element is for finding new data cube computation, trigger new connection event.
Described case distribution unit is used for described new connection event to be distributed to match management thread.
Optionally, described PARALLEL MATCHING module 62 comprises: statistic unit, data storage cell, mark value check unit and matching unit.
Described statistic unit adds up the number of connection in connection pool corresponding to each pattern matching thread by described match management thread after being used for getting described new connection event.
Described data storage cell is used for the critical data of the data cube computation by triggering described new connection event stored in the minimum connection pool of number of connection.
Described mark value checks that unit checks the mark value of data cube computation described in described connection pool for the pattern matching thread corresponding to the minimum connection pool of number of connection.
Described matching unit is used for when described mark value is unmarked, and the pattern matching thread corresponding to the connection pool minimum by described number of connection carries out pattern matching to described critical data.
Optionally, described matching unit, specifically for pattern matching thread corresponding to the connection pool minimum by described number of connection, carries out pattern matching according to the regular expression prestored to described critical data.
Those of ordinary skill in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of computer installation, thus they storages can be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to the combination of any specific hardware and software.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, the same or analogous part between each embodiment mutually see.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, to those skilled in the art, the present invention can have various change and change.All do within spirit of the present invention and principle any amendment, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a recognition methods for data cube computation, is characterized in that, comprising:
Acquisition transmission over networks, belong to the packet that different pieces of information connects;
Start at least two pattern matching threads, to the pattern matching that described packet walks abreast;
The protocol class of data cube computation according to the result identification of described pattern matching.
2. method according to claim 1, is characterized in that, acquisition transmission over networks, and the packet belonging to different pieces of information connection comprises:
By the analysis to packet, find new data cube computation;
When finding new data cube computation, trigger new connection event;
Described new connection event is distributed to match management thread.
3. method according to claim 2, is characterized in that, starts at least two pattern matching threads, comprises the pattern matching that described packet walks abreast:
After getting described new connection event, add up the number of connection in connection pool corresponding to each pattern matching thread by described match management thread;
To the critical data of the data cube computation of described new connection event be triggered stored in the minimum connection pool of number of connection;
Pattern matching thread corresponding to the connection pool minimum by number of connection checks the mark value of data cube computation described in described connection pool;
If described mark value is unmarked, the pattern matching thread corresponding to the connection pool minimum by described number of connection carries out pattern matching to described critical data.
4. method according to claim 3, is characterized in that, the pattern matching thread corresponding to the connection pool minimum by described number of connection carries out pattern matching to described critical data and comprises:
Pattern matching thread corresponding to the connection pool minimum by described number of connection, carries out pattern matching according to the regular expression prestored to described critical data.
5. a recognition device for data cube computation, is characterized in that, comprising:
Packet acquisition module, for obtaining transmission over networks, belongs to the packet that different pieces of information connects;
PARALLEL MATCHING module, for starting at least two pattern matching threads, to the pattern matching that described packet walks abreast;
Identification module, for the protocol class of data cube computation according to the result identification of described pattern matching.
6. device according to claim 5, is characterized in that, described packet acquisition module comprises:
Connect and find unit, for by the analysis to packet, find new data cube computation;
Event trigger element, during for finding new data cube computation, triggers new connection event;
Case distribution unit, for being distributed to match management thread by described new connection event.
7. device according to claim 6, is characterized in that, described PARALLEL MATCHING module comprises:
Statistic unit, after getting described new connection event, adds up the number of connection in connection pool corresponding to each pattern matching thread by described match management thread;
Data storage cell, for the critical data of the data cube computation by triggering described new connection event stored in the minimum connection pool of number of connection;
Mark value checks unit, checks the mark value of data cube computation described in described connection pool for the pattern matching thread corresponding to the minimum connection pool of number of connection;
Matching unit, for when described mark value be unmarked when, the pattern matching thread corresponding to the connection pool minimum by described number of connection carries out pattern matching to described critical data.
8. device according to claim 7, is characterized in that, described matching unit specifically for:
Pattern matching thread corresponding to the connection pool minimum by described number of connection, carries out pattern matching according to the regular expression prestored to described critical data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510669942.3A CN105391688A (en) | 2015-10-13 | 2015-10-13 | Data connection identification method and data connection identification device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510669942.3A CN105391688A (en) | 2015-10-13 | 2015-10-13 | Data connection identification method and data connection identification device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105391688A true CN105391688A (en) | 2016-03-09 |
Family
ID=55423525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510669942.3A Pending CN105391688A (en) | 2015-10-13 | 2015-10-13 | Data connection identification method and data connection identification device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105391688A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956000A (en) * | 2016-04-20 | 2016-09-21 | 广州华多网络科技有限公司 | Data exchange method and client |
| CN107066410A (en) * | 2017-03-31 | 2017-08-18 | 深圳市金印达科技有限公司 | Communication speed correction and the selecting device and method of communication protocol |
| CN111510476A (en) * | 2020-04-03 | 2020-08-07 | 金蝶软件(中国)有限公司 | Communication method, communication apparatus, computer device, and computer-readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101707513A (en) * | 2009-11-30 | 2010-05-12 | 曙光信息产业(北京)有限公司 | Regular expression based deep packet inspection method and equipment |
| CN103036803A (en) * | 2012-12-21 | 2013-04-10 | 南京邮电大学 | Flow control method based on application layer detection |
| CN103854056A (en) * | 2014-03-17 | 2014-06-11 | 清华大学 | Regular expression grouping method and device |
-
2015
- 2015-10-13 CN CN201510669942.3A patent/CN105391688A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101707513A (en) * | 2009-11-30 | 2010-05-12 | 曙光信息产业(北京)有限公司 | Regular expression based deep packet inspection method and equipment |
| CN103036803A (en) * | 2012-12-21 | 2013-04-10 | 南京邮电大学 | Flow control method based on application layer detection |
| CN103854056A (en) * | 2014-03-17 | 2014-06-11 | 清华大学 | Regular expression grouping method and device |
Non-Patent Citations (1)
| Title |
|---|
| DANHUA GUO: "A Scalable Mutithreaded L7-fliter Design for Multi-Core Servers", 《ACM/IEEE ANCS》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956000A (en) * | 2016-04-20 | 2016-09-21 | 广州华多网络科技有限公司 | Data exchange method and client |
| CN107066410A (en) * | 2017-03-31 | 2017-08-18 | 深圳市金印达科技有限公司 | Communication speed correction and the selecting device and method of communication protocol |
| CN107066410B (en) * | 2017-03-31 | 2020-04-28 | 深圳市金印达科技有限公司 | Communication speed correction and communication protocol selection device and method |
| CN111510476A (en) * | 2020-04-03 | 2020-08-07 | 金蝶软件(中国)有限公司 | Communication method, communication apparatus, computer device, and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1826776B (en) | Method and apparatus for processing duplicate packets | |
| US9871781B2 (en) | Systems and methods for path maximum transmission unit discovery | |
| CN102959910B (en) | The notice of change controller for being configured the packets forwarding of network element by communication channel | |
| US8391289B1 (en) | Managing a forwarding table in a switch | |
| CN101854391B (en) | Realization method of ares protocol analysis system based on peer-to-peer network | |
| CN103907321A (en) | System and method for using dynamic allocation of virtual lanes to alleviate congestion in a fat-tree topology | |
| US11044184B2 (en) | Data packet loss detection | |
| CN102801738A (en) | Distributed DoS (Denial of Service) detection method and system on basis of summary matrices | |
| US11153420B2 (en) | Neighbor equivalence groups | |
| US9807009B2 (en) | System and method for providing congestion notification in layer 3 networks | |
| Al-Naday et al. | Information resilience: source recovery in an information-centric network | |
| CN105391688A (en) | Data connection identification method and data connection identification device | |
| CN105827629A (en) | Software definition safety guiding device under cloud computing environment and implementation method thereof | |
| CN105207950A (en) | Communication data protection method based on SDN technology | |
| CN101741745B (en) | Method and system for identifying application traffic of peer-to-peer network | |
| CN105099916A (en) | Open flow routing and switching equipment and data message processing method thereof | |
| CN103634166A (en) | Equipment survival detection method and equipment survival detection device | |
| Tang et al. | Elephant Flow Detection Mechanism in SDN‐Based Data Center Networks | |
| CN105553809A (en) | STUN tunnel management method and device | |
| KR101191251B1 (en) | 10 Gbps scalable flow generation and control, using dynamic classification with 3-level aggregation | |
| CN101753456B (en) | Method and system for detecting flow of peer-to-peer network | |
| WO2020187295A1 (en) | Monitoring of abnormal host | |
| CN117240734A (en) | Cloud edge cooperation method, cloud edge cooperation system, computer equipment and storage medium | |
| Sethi et al. | Synaptogenesis based bio-inspired NoC fault tolerant interconnects | |
| CN105025028A (en) | IP black hole discovering method based on flow analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160309 |