CN106452856A - Traffic flow statistics method and device, and wireless access equipment with traffic flow statistics function - Google Patents
Traffic flow statistics method and device, and wireless access equipment with traffic flow statistics function Download PDFInfo
- Publication number
- CN106452856A CN106452856A CN201610859258.6A CN201610859258A CN106452856A CN 106452856 A CN106452856 A CN 106452856A CN 201610859258 A CN201610859258 A CN 201610859258A CN 106452856 A CN106452856 A CN 106452856A
- Authority
- CN
- China
- Prior art keywords
- data
- function
- flows
- flow
- hook
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- Environmental & Geological Engineering (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a traffic flow statistics method and device, and wireless access equipment with a traffic flow statistics function. The method comprises a step 101 of obtaining multiple data packets, wherein sources of the data packets may wired channels or wireless channels, and the data packets can be sent to electric equipment by a server or sent to the server by the electric equipment; a step 102 of obtaining multiple traffic flow data packets in the multiple data packets through a hook function mounted on a network protocol stack hook point, wherein a network protocol stack is arranged in a Netfilter frame of a linux kernel; a step 103 of classifying the multiple traffic flow data packets by a hash algorithm; and a step 104 of carrying out statistics of the traffic flow value of each type of traffic flow data packets. In the traffic flow filtering and counting processes, the system resource occupation of the product of the invention is smaller than the traditional wireless access equipment. The computing time and the storage space are saved, the computing accuracy is enhanced, the working efficiency is improved, and conditions that the system is blocked and the resource is wasted are effectively avoided.
Description
【Technical field】
The present invention relates to smart home field, more particularly to a kind of flow statistical method and device and with traffic statistics work(
The radio reception device of energy.
【Background technology】
With developing rapidly for the technology such as network new media, the explosive increase of network application, network security threats, network
In abnormal flow all bring very big impact to the normal operation of network.Simultaneously as network has isomerism and complexity
Property feature, by monitor network packet, network traffics are carried out with statistical analysiss, so as to realize the detection of network traffics, are
Research network performance, fault and performance diagnogtics and the effective ways of detection Network Abnormal, while it can ask to solving network
Topic provides foundation, and for ensureing that network QoS lays the foundation.
In current Linux platform, traditional network traffics acquisition technique has following several ways:
In the network using SNMP, the main thought of flow monitoring method is to deposit a pipe on each network node
Reason information bank, and the agent maintenance having on node, are then passed to network of relation application and access, simple flow collection pattern,
Simple and easy to use, but very big burden is brought to the network bandwidth and egress router.
The ability of Libpcap gather information is most strong, widest in area, but due to from kernel buffers to user buffering area
Data copy, can increase memory copying number of times, when network traffic is excessive, can seriously reduce the performance of system.
【Content of the invention】
For solving foregoing problems, the present invention proposes a kind of flow statistical method and device and the nothing with traffic statistic function
Line access device, to solve the problems, such as that in prior art, traffic statistics consuming performance is excessive.
For reaching object defined above, the method that the present invention is adopted is:Flow statistical method, comprises the steps:
Obtain multiple packets;
Hook Function by carry on network protocol stack hook point obtains the multiple datas on flows in multiple packets
Bag;
By hashing algorithm, the plurality of data on flows bag is classified;
Count the flow value of all kinds of data on flows bags.
For reaching object defined above, the device that the present invention is adopted is:Flow statistic device, including such as lower module:
Acquiring unit, obtains multiple packets;
Filter element, the Hook Function by carry on network protocol stack hook point obtains multiple in multiple packets
Data on flows bag;
Taxon, is classified to the plurality of data on flows bag by hashing algorithm;
Statistic unit, counts the flow value of all kinds of data on flows bags.
For reaching object defined above, the equipment that the present invention is adopted is:Radio reception device with traffic statistic function, including
Couple for obtaining the wireless communication module of packet and the processor of wireless communication module coupling and with the processor
Memory module and peripheral interface circuit,
Network protocol stack is set in the processor, and the hook point of the network protocol stack is provided with Hook Function, for obtaining
Take the multiple data on flows bags in the plurality of packet;
The processor 1 is classified to the plurality of data on flows bag by hashing algorithm and is counted all kinds of flows
The flow value of packet.
The present invention can reach following technique effect:Can be using residing for the product of the technology surrounding enviroment provide stable
Wire/wireless signal, while traffic filtering and traffic statistic function can be carried out for radio reception device end.Further, exist
During carrying out traffic filtering and traffic statistics, the system resource of the product is compared conventional wireless access device and takes resource
Few, saved calculating time and memory space, strengthened the accuracy for calculating, improved work efficiency, effectively reduce system congestion and
Wasting of resources situation.
These features of the present invention and advantage will be detailed in following specific embodiment, accompanying drawing exposure.This
Bright optimal embodiment or means will combine the detailed performance of accompanying drawing, but be not the restrictions to technical solution of the present invention.Separately
Outward, these features for occurring in text and accompanying drawing in each of the lower, key element and component are with multiple, and mark to represent convenient
Remember different symbols or numeral, but all represent the part of same or similar construction or function.
【Description of the drawings】
The present invention is described further below in conjunction with the accompanying drawings.
Fig. 1 is the method flow diagram of the embodiment of the present invention 1.
Fig. 2 is the apparatus module figure of the embodiment of the present invention 2.
Fig. 3 is the EM equipment module figure of the embodiment of the present invention 3.
【Specific embodiment】
With reference to the accompanying drawing of the embodiment of the present invention, the technical scheme of the embodiment of the present invention is explained and illustrated, but under
State embodiment and the preferred embodiments of the present invention are only, and not all.Based on the embodiment in embodiment, those skilled in the art
Obtained other embodiment on the premise of creative work is not made, belongs to protection scope of the present invention.
" one embodiment " or " example " or " example " that quotes in this manual means that itself describes in conjunction with the embodiments
Special characteristic, structure or characteristic can be included at least one embodiment disclosed in this patent.Phrase is " in one embodiment
In " appearance of each position in the description is not necessarily all referring to same embodiment.
Although it should be noted that represent the connected mode of each module in the present invention in the accompanying drawings, the connection side
Formula is only One function explanation, rather than specific connected mode, in specific application scenarios, based on present invention structure
Think, those skilled in the art are readily conceivable that
The process step for illustrating in the accompanying drawing appended by this specification be by include hardware (such as circuit, special logic list
Unit etc.), firmware (such as on general-purpose calculating appts or special purpose machinery run) or both combination processs logic execution.
Although each embodiment is described to process according to some order operations below, it is understood that, the step of some descriptions
Operation can be executed in different order.Additionally, some step operation can be executed in parallel rather than be sequentially performed.
Embodiment 1.
Referring to Fig. 1, a kind of flow statistical method, the enforcement of the method can be based on any computing device or device clusters reality
Existing, the example of these computing devices may include such as digital signal processor (DSP), CPU (CPU) or microprocessor
Device (MCU), such as portable digital telephone, portable computer or digital assistants, in the illustrative of the present invention, to " place
Referring to for reason device " etc. is appreciated that not only comprising with different frameworks (such as single/multiple logic control constructs and string
Row/parallel organization) computer, and include specific analog/digital integrated circuit, such as field programmable gate array
(FPGA), special circuit (ASIC), signal transmitting and receiving circuit and other process circuit equipment.To computer program, instruction, code
Deng reference be appreciated that include for programmable control circuit software or firmware.Comprise the steps:
Step 101:Obtain multiple packets;The source of the packet can be limited passage, or radio channel.
Electrical equipment can be sent to by server, or electrical equipment is sent to server.
Step 102:Hook Function by carry on network protocol stack hook point obtains multiple in multiple packets
Data on flows bag;Network protocol stack is arranged at the Netfilter framework in linux kernel.
Step 103:By hashing algorithm, the plurality of data on flows bag is classified;
Step 104:Count the flow value of all kinds of data on flows bags.
Abovementioned steps 103 include:Using hash algorithm, in the source network address and destination address according to multiple packets
Key value is classified to the plurality of data on flows bag.Key value is that in source network address and destination address, 25-32 position is right
The lowest numeric that answers.Multiple data on flows bags are categorized as N class data on flows bag (first kind data on flows bag, Equations of The Second Kind flow
Packet, to N class data on flows bag), after the completion of classification, count the flow value of each class data on flows bag.
Preceding method, also includes the flow value for sending all kinds of data on flows bags to User space program.User space program
In User space, User space is separated with linus kernel.
User space (user mode) refers to two similar concepts in computer configuation.In the design of CPU, User space refers to
Unprivileged.In this case, the code of execution is limited by hardware, it is impossible to carry out some operations, such as writes other processes
Memory space, to prevent from bringing potential safety hazard to operating system.In the design of operating system, User space is also similar to, and refers to non-
The execution state of privilege.Kernel forbids that the code under this state carries out the operation of potential danger, such as writing system configuration file,
Kill the process of other users, restart system etc..
Kernel state is kernel mode again, and kernel mode is the pattern run by operating system nucleus, operates in the code of the pattern,
Unrestrictedly system storage, external equipment can be conducted interviews.
Netfilter is the Linux fire prevention wall telephone of a new generation after the IPchains of IPfwadm, 2.2.x of 2.0.x
System.Netfilter adopts modularized design, with good expandability.Its important tool module I PTables is connected to
In the framework of Netfilter, and allow user to carry out datagram to filter, address conversion, the operation such as process.Netfilter
There is provided a framework, the direct interference of network code will be preferably minimized, and allow to process other bags with the interface of regulation
Code is added in kernel in modular form, with extremely strong motility.
The program segment of actually one process message of hook, is called by system, it is linked into system.Whenever specific
Message sends, and before purpose window is not reached, hook program just first captures the message, that is, Hook Function is first controlled
Power.At this moment Hook Function i.e. can be with processed (change) message, it is also possible to does not deal with and continues to transmit the message, may be used also
To force the transmission of end.A hook chain is safeguarded by system to each type of hook, the hook that installs recently is put
In the beginning of chain, and the hook that installs at first is placed on finally, that is, the first acquisition control for adding afterwards.Win32's to be realized
System hook, it is necessary to call api function SetWindowsHookEx in SDK to install this Hook Function, this function
Prototype is HHOOK SetWindowsHookEx (int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD
dwThreadId);, wherein, first parameter is the type of hook;Second parameter is the address of Hook Function;3rd ginseng
Number is the module handle comprising Hook Function;4th parameter specifies the thread of supervision.If specifying the thread for determining, as line
The special hook of journey;If being appointed as sky, as global hook.Wherein, global hook function must be included in DLL (dynamic link
Storehouse) in, and the special hook of thread is further included in executable file.The Hook Function for obtaining control is completed to message
Process after, if it is desired to the message continues transmission, then it must call the api function in another SDK
CallNextHookEx is transmitting it.Hook Function can also abandon the message by directly returning TRUE, and prevent this from disappearing
The transmission of breath.
Hashing algorithm is hash algorithm again, and the binary value of random length is mapped as shorter regular length by hash algorithm
Binary value, this little binary value is referred to as cryptographic Hash.Cryptographic Hash is the unique and extremely compact numerical tabular of one piece of data
Show form.If hashing one section of plaintext and even only changing a letter of the paragraph, subsequent Hash will all produce different
Value.Two different inputs of the hash for same value are found, is computationally impossible, so the cryptographic Hash of data
Can be with the integrity of inspection data.It is generally used for quick lookup and AES.Hash table is the hash function H according to setting
(key) with process collision method, one set of keyword is mapped on a limited address section, and with keyword in address area
Between in as used as storage location of the record in table, this table is referred to as Hash table or hash, and gained storage location is referred to as Hash
Address or hash address.As linear data structure compared with form and queue etc., it is very fast that Hash table is undoubtedly to look for speed ratio
One kind.By the fixation that unidirectional mathematical function (sometimes referred to as " hash algorithm ") is applied to obtained by any number of data
The result of size.If changed in input data, Hash can also change.Hash can be used for many operations, including body
Part checking and digital signature.Also referred to as " eap-message digest ".Simplicity of explanation:Hash (Hash) algorithm, i.e. hash function.It is a kind of
One-way cipher system, i.e., it is an irreversible mapping from plaintext to ciphertext, only ciphering process, without decrypting process.
Meanwhile, the input of random length can be fixed after change hash function the output of length.Hash function this
The feature for planting characteristic of unidirectional and the fixation of output data length allows it to generate message or data.
Embodiment 2.
Referring to Fig. 2, a kind of flow statistic device 20, the enforcement of the device can be based on any computing device or device clusters reality
Existing, the example of these computing devices may include such as digital signal processor (DSP), CPU (CPU) or microprocessor
Device (MCU), such as portable digital telephone, portable computer or digital assistants, in the illustrative of the present invention, to " place
Referring to for reason device " etc. is appreciated that not only comprising with different frameworks (such as single/multiple logic control constructs and string
Row/parallel organization) computer, and include specific analog/digital integrated circuit, such as field programmable gate array
(FPGA), special circuit (ASIC), signal transmitting and receiving circuit and other process circuit equipment.To computer program, instruction, code
Deng reference be appreciated that include for programmable control circuit software or firmware.Including such as lower module:
Acquiring unit 21:Obtain multiple packets;The source of the packet can be limited passage, or channel radio
Road.Electrical equipment can be sent to by server, or electrical equipment is sent to server.
Filter element 22:Hook Function by carry on network protocol stack hook point obtains many in multiple packets
Individual data on flows bag;Network protocol stack is arranged at the Netfilter framework in linux kernel.
Taxon 23:By hashing algorithm, the plurality of data on flows bag is classified;
Statistic unit 24:Count the flow value of all kinds of data on flows bags.
Aforesaid class unit adopts hash algorithm, according to the key in the source network address and destination address of multiple packets
Value is classified to the plurality of data on flows bag.Key value is that in source network address and destination address, 25-32 position is corresponding
Lowest numeric.Multiple data on flows bags are categorized as N class data on flows bag (first kind data on flows bag, Equations of The Second Kind data on flows
Bag, to N class data on flows bag), after the completion of classification, count the flow value of each class data on flows bag.
Aforementioned means, also include to send the transmitting element of the flow value to User space program of all kinds of data on flows bags.
User space program is in User space, and User space is separated with linus kernel.
User space (user mode) refers to two similar concepts in computer configuation.In the design of CPU, User space refers to
Unprivileged.In this case, the code of execution is limited by hardware, it is impossible to carry out some operations, such as writes other processes
Memory space, to prevent from bringing potential safety hazard to operating system.In the design of operating system, User space is also similar to, and refers to non-
The execution state of privilege.Kernel forbids that the code under this state carries out the operation of potential danger, such as writing system configuration file,
Kill the process of other users, restart system etc..
Kernel state is kernel mode again, and kernel mode is the pattern run by operating system nucleus, operates in the code of the pattern,
Unrestrictedly system storage, external equipment can be conducted interviews.
Netfilter is the Linux fire prevention wall telephone of a new generation after the IPchains of IPfwadm, 2.2.x of 2.0.x
System.Netfilter adopts modularized design, with good expandability.Its important tool module I PTables is connected to
In the framework of Netfilter, and allow user to carry out datagram to filter, address conversion, the operation such as process.Netfilter
There is provided a framework, the direct interference of network code will be preferably minimized, and allow to process other bags with the interface of regulation
Code is added in kernel in modular form, with extremely strong motility.
The program segment of actually one process message of hook, is called by system, it is linked into system.Whenever specific
Message sends, and before purpose window is not reached, hook program just first captures the message, that is, Hook Function is first controlled
Power.At this moment Hook Function i.e. can be with processed (change) message, it is also possible to does not deal with and continues to transmit the message, may be used also
To force the transmission of end.A hook chain is safeguarded by system to each type of hook, the hook that installs recently is put
In the beginning of chain, and the hook that installs at first is placed on finally, that is, the first acquisition control for adding afterwards.Win32's to be realized
System hook, it is necessary to call api function SetWindowsHookEx in SDK to install this Hook Function, this function
Prototype is HHOOK SetWindowsHookEx (int idHook, HOOKPROC lpfn, HINSTANCE hMod, DWORD
dwThreadId);, wherein, first parameter is the type of hook;Second parameter is the address of Hook Function;3rd ginseng
Number is the module handle comprising Hook Function;4th parameter specifies the thread of supervision.If specifying the thread for determining, as line
The special hook of journey;If being appointed as sky, as global hook.Wherein, global hook function must be included in DLL (dynamic link
Storehouse) in, and the special hook of thread is further included in executable file.The Hook Function for obtaining control is completed to message
Process after, if it is desired to the message continues transmission, then it must call the api function in another SDK
CallNextHookEx is transmitting it.Hook Function can also abandon the message by directly returning TRUE, and prevent this from disappearing
The transmission of breath.
Hashing algorithm is hash algorithm again, and the binary value of random length is mapped as shorter regular length by hash algorithm
Binary value, this little binary value is referred to as cryptographic Hash.Cryptographic Hash is the unique and extremely compact numerical tabular of one piece of data
Show form.If hashing one section of plaintext and even only changing a letter of the paragraph, subsequent Hash will all produce different
Value.Two different inputs of the hash for same value are found, is computationally impossible, so the cryptographic Hash of data
Can be with the integrity of inspection data.It is generally used for quick lookup and AES.Hash table is the hash function H according to setting
(key) with process collision method, one set of keyword is mapped on a limited address section, and with keyword in address area
Between in as used as storage location of the record in table, this table is referred to as Hash table or hash, and gained storage location is referred to as Hash
Address or hash address.As linear data structure compared with form and queue etc., it is very fast that Hash table is undoubtedly to look for speed ratio
One kind.By the fixation that unidirectional mathematical function (sometimes referred to as " hash algorithm ") is applied to obtained by any number of data
The result of size.If changed in input data, Hash can also change.Hash can be used for many operations, including body
Part checking and digital signature.Also referred to as " eap-message digest ".Simplicity of explanation:Hash (Hash) algorithm, i.e. hash function.It is a kind of
One-way cipher system, i.e., it is an irreversible mapping from plaintext to ciphertext, only ciphering process, without decrypting process.
Meanwhile, the input of random length can be fixed after change hash function the output of length.Hash function this
The feature for planting characteristic of unidirectional and the fixation of output data length allows it to generate message or data.
Embodiment 3.
Referring to Fig. 3, a kind of radio reception device with traffic statistic function, including the channel radio for obtaining packet
Processor 1 and the memory module 3 for coupling and periphery connect with the processor 1 that news module 2 is coupled with the wireless communication module
Mouth circuit 6.Radio reception device be based on openwrt Open Source Platform, can self-defined loading software module, realize access device pair
The support of vector network host-host protocol.OpenWRT is a high modularization, supermatic embedded Linux system, gathers around
Have powerful networking component and autgmentability, be typically used to industrial control equipment, phone, small scale robot, smart home, router with
And in VOIP equipment.Meanwhile, it additionally provides more than 100 a compiled good software, and quantity is also being continuously increased, and
OpenWrt SDK more simplifies the operation of exploitation software.OpenWRT is different from other many for the release of router, it
It is a router operating system that is writing, multiple functional, being easily modified of starting from scratch.
Network protocol stack is set in the processor 1, the hook point of the network protocol stack is provided with Hook Function, for obtaining
Take the multiple data on flows bags in the plurality of packet;The network protocol stack is arranged at the Netfilter in linux kernel
Framework, the linux kernel is in the processor.
The processor is classified to the plurality of data on flows bag by hashing algorithm and is counted all kinds of flows
The flow value of packet.
Processor adopts hash algorithm, according to the key value in the source network address and destination address of multiple packets to institute
State multiple data on flows bags to be classified.Key value is the corresponding minimum number in 25-32 position in source network address and destination address
Word.Multiple data on flows bags are categorized as N class data on flows bag, and (first kind data on flows bag, Equations of The Second Kind data on flows bag, to arriving
N class data on flows bag), after the completion of classification, count the flow value of each class data on flows bag.
The processor sends the flow value of all kinds of data on flows bags to User space program, and the User space program sets
In the processor 1.The linux kernel adopts NetLink communication mechanism with the User space program.
Also include the power module 4 that powers to the radio reception device.Power module 4 include DC-AC conversion device or
The conversion equipment of person's DC-to-dc.The peripheral interface circuit 5 includes Wi-Fi switch 501, SR 502, display lamp 503
Or RJ45 network interface 504.The RJ45 network interface at least includes a WAN mouth and at least one LAN mouth.
Power module 4 obtains+3.3V DC source to no by DC-AC conversion device or DC-to-dc conversion equipment
Line access device is powered.Wireless device can provide stable Wireless-wire letter for residing periphery in normal operating conditions
Number, while traffic filtering and traffic statistic function can be carried out for radio reception device end.The Wi-Fi switch of radio reception device
501 wireless switchings that can control access device, it is ensured that environmental protection of the user in sleeping at night is radiationless, display lamp 503
The working condition of access device can be shown, SR 502 can recover radio reception device and return to Default Value, in case frequently it
Need.
User space (user mode) refers to two similar concepts in computer configuation.In the design of CPU, User space refers to
Unprivileged.In this case, the code of execution is limited by hardware, it is impossible to carry out some operations, such as writes other processes
Memory space, to prevent from bringing potential safety hazard to operating system.In the design of operating system, User space is also similar to, and refers to non-
The execution state of privilege.Kernel forbids that the code under this state carries out the operation of potential danger, such as writing system configuration file,
Kill the process of other users, restart system etc..
Kernel state is kernel mode again, and kernel mode is the pattern run by operating system nucleus, operates in the code of the pattern,
Unrestrictedly system storage, external equipment can be conducted interviews.
Netfilter is the Linux fire prevention wall telephone of a new generation after the IPchains of IPfwadm, 2.2.x of 2.0.x
System.Netfilter adopts modularized design, with good expandability.Its important tool module I PTables is connected to
In the framework of Netfilter, and allow user to carry out datagram to filter, address conversion, the operation such as process.Netfilter
There is provided a framework, the direct interference of network code will be preferably minimized, and allow to process other bags with the interface of regulation
Code is added in kernel in modular form, with extremely strong motility.
The program segment of actually one process message of hook, is called by system, it is linked into system.Whenever specific
Message sends, and before purpose window is not reached, hook program just first captures the message, that is, Hook Function is first controlled
Power.At this moment Hook Function i.e. can be with processed (change) message, it is also possible to does not deal with and continues to transmit the message, may be used also
To force the transmission of end.A hook chain is safeguarded by system to each type of hook, the hook that installs recently is put
In the beginning of chain, and the hook that installs at first is placed on finally, that is, the first acquisition control for adding afterwards.Win32's to be realized
System hook, it is necessary to call api function SetWindowsHookEx in SDK to install this Hook Function, this function
Prototype is HHOOK SetWindowsHookEx (int idHook, HOOKPROC lpfn, HINSTANCE
hMod,DWORD dwThreadId);, wherein, first parameter is the type of hook;Second parameter is hook
The address of function;3rd parameter is the module handle comprising Hook Function;4th parameter specifies the thread of supervision.If referred to
The fixed thread for determining, the as special hook of thread;If being appointed as sky, as global hook.Wherein, global hook function is necessary
It is included in DLL (dynamic link library), and the special hook of thread is further included in executable file.Obtain the hook of control
Subfunction is after the process to message is completed, if it is desired to which the message continues transmission, then it must call in another SDK
Api function CallNextHookEx transmitting it.Hook Function can also abandon the message by directly returning TRUE, and
Prevent the transmission of the message.
Hashing algorithm is hash algorithm again, and the binary value of random length is mapped as shorter regular length by hash algorithm
Binary value, this little binary value is referred to as cryptographic Hash.Cryptographic Hash is the unique and extremely compact numerical tabular of one piece of data
Show form.If hashing one section of plaintext and even only changing a letter of the paragraph, subsequent Hash will all produce different
Value.Two different inputs of the hash for same value are found, is computationally impossible, so the cryptographic Hash of data
Can be with the integrity of inspection data.It is generally used for quick lookup and AES.Hash table is the hash function H according to setting
(key) with process collision method, one set of keyword is mapped on a limited address section, and with keyword in address area
Between in as used as storage location of the record in table, this table is referred to as Hash table or hash, and gained storage location is referred to as Hash
Address or hash address.As linear data structure compared with form and queue etc., it is very fast that Hash table is undoubtedly to look for speed ratio
One kind.By the fixation that unidirectional mathematical function (sometimes referred to as " hash algorithm ") is applied to obtained by any number of data
The result of size.If changed in input data, Hash can also change.Hash can be used for many operations, including body
Part checking and digital signature.Also referred to as " eap-message digest ".Simplicity of explanation:Hash (Hash) algorithm, i.e. hash function.It is a kind of
One-way cipher system, i.e., it is an irreversible mapping from plaintext to ciphertext, only ciphering process, without decrypting process.
Meanwhile, the input of random length can be fixed after change hash function the output of length.Hash function this
The feature for planting characteristic of unidirectional and the fixation of output data length allows it to generate message or data.
A kind of specific example, such as aforementioned radio reception device are that router, the router is wirelessly connected with household electrical appliance.
The router include for obtain the wireless communications chips of packet and wireless communications chips coupling main control chip and with
The memory module of the main control chip coupling and peripheral interface circuit,
Network protocol stack is set in the main control chip, and the hook point of the network protocol stack is provided with Hook Function, is used for
Obtain the multiple data on flows bags in the plurality of packet;The network protocol stack is arranged in linux kernel
Netfilter framework, the linux kernel is in the main control chip.
The main control chip is classified to the plurality of data on flows bag by hashing algorithm and is counted all kinds of streams
The flow value of amount packet.
Main control chip adopts hash algorithm, according to the key value pair in the source network address and destination address of multiple packets
The plurality of data on flows bag is classified.Key value is the corresponding minimum in 25-32 position in source network address and destination address
Numeral.Multiple data on flows bags be categorized as N class data on flows bag (first kind data on flows bag, Equations of The Second Kind data on flows bag, extremely
To N class data on flows bag), after the completion of classification, count the flow value of each class data on flows bag.
The main control chip sends the flow value of all kinds of data on flows bags to User space program, the User space program
In the main control chip.The linux kernel adopts NetLink communication mechanism with the User space program.
In addition, as used in this application, term " module ", " device " refer to the whole of following items:
(1) circuit implementation (such as with the embodiment of only analog and/or digital circuit arrangement) of only hardware;
(2) combination of circuit and software, such as:I the combination of () control circuit or (ii) control circuit/software are (including number
Word signal control circuit), the part of software and memorizer, its cooperation is to cause such as mobile phone or server etc
Equipment executes various functions;And
(3) circuit of such as micro-control circuit or micro-control circuit part etc, which needs the software for operating or solid
Part, even if software or firmware are not physically presented.
The definition of " unit " or " device " suitable for all (include any claim) in the embodiment above right
The use of the term.As another example, term " module " can also cover only one control circuit or control circuit part with
And the way of example of its attached software and/or firmware.Term " device " can also cover such as adhesive integrated circuit, Cellular Networks
Based band integrated circuit in network equipment or other network equipments or application control circuit integrated circuit.
The present invention is the flow process with reference to method according to embodiments of the present invention, equipment (system) and computer program
Figure and/or block diagram are describing.It should be understood that can be by computer program instructions flowchart and/or each stream in block diagram
Journey and/or the combination of square frame and flow chart and/or the flow process in block diagram and/or square frame.These computer programs can be provided
The processor of general purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing device
Present one flow process of flow chart or the device of multiple flow processs and/or one square frame of block diagram or the function in multiple square frames.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So, claims are intended to be construed to include excellent
Select embodiment and fall into being had altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out the essence of various changes and modification without deviating from the present invention to the present invention
God and scope.So, if these modifications of the present invention and modification belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising these changes and modification.
Claims (20)
1. flow statistical method, comprises the steps:
Obtain multiple packets;
Hook Function by carry on network protocol stack hook point obtains the multiple data on flows bags in multiple packets;
By hashing algorithm, the plurality of data on flows bag is classified;
Count the flow value of all kinds of data on flows bags.
2. flow statistical method according to claim 1, it is characterised in that:The network protocol stack is arranged at linux kernel
In Netfilter framework.
3. flow statistical method according to claim 1, it is characterised in that described to passing through the plurality of flow of hash function
Packet is classified, including:Using hash algorithm, according to the key in the source network address and destination address of multiple packets
Value is classified to the plurality of data on flows bag.
4. flow statistical method according to claim 3, it is characterised in that:The key value is source network address and destination
The corresponding lowest numeric in 25-32 position in location.
5. flow statistical method according to claim 1, it is characterised in that also include to send all kinds of data on flows bags
Flow value is to User space program.
6. flow statistic device, including such as lower module:
Acquiring unit, obtains multiple packets;
Filter element, the Hook Function by carry on network protocol stack hook point obtains the multiple flows in multiple packets
Packet;
Taxon, is classified to the plurality of data on flows bag by hashing algorithm;
Statistic unit, counts the flow value of all kinds of data on flows bags.
7. flow statistic device according to claim 6, it is characterised in that:The network protocol stack is arranged at linux kernel
In Netfilter framework.
8. flow statistic device according to claim 6, it is characterised in that the taxon adopts hash algorithm, according to
Key value in the source network address and destination address of multiple packets is classified to the plurality of data on flows bag.
9. flow statistic device according to claim 8, it is characterised in that:The key value is source network address and destination
The corresponding lowest numeric in 25-32 position in location.
10. flow statistic device according to claim 6, it is characterised in that also include transmitting element, send all kinds of streams
The flow value of amount packet is to User space program.
11. radio reception devices with traffic statistic function, including for obtain the wireless communication module of packet with described
The processor of wireless communication module coupling and the memory module with processor coupling and peripheral interface circuit, its feature exists
In:
Network protocol stack is set in the processor, and the hook point of the network protocol stack is provided with Hook Function, for obtaining
State the multiple data on flows bags in multiple packets;
The processor is classified to the plurality of data on flows bag by hashing algorithm and is counted all kinds of datas on flows
The flow value of bag.
12. radio reception devices according to claim 11 with traffic statistic function, it is characterised in that:The network association
View stack is arranged at the Netfilter framework in linux kernel, and the linux kernel is in the processor.
13. radio reception devices according to claim 11 with traffic statistic function, it is characterised in that described to passing through
The plurality of data on flows bag of hash function is classified, including:Using hash algorithm, according to the source network ground of multiple packets
Key value in location and destination address is classified to the plurality of data on flows bag.
14. radio reception devices according to claim 13 with traffic statistic function, it is characterised in that:The key value
For the corresponding lowest numeric in 25-32 position in source network address and destination address.
15. radio reception devices according to claim 12 with traffic statistic function, it is characterised in that the processor
The flow value of all kinds of data on flows bags is sent to User space program, the User space program is in the processor.
16. radio reception devices according to claim 11 with traffic statistic function, it is characterised in that also include to institute
State the power module that radio reception device is powered.
17. radio reception devices according to claim 11 with traffic statistic function, it is characterised in that the periphery connects
Mouth circuit includes Wi-Fi switch, SR, display lamp or RJ45 network interface.
18. radio reception devices according to claim 15 with traffic statistic function, it is characterised in that the linux
Kernel adopts NetLink communication mechanism with the User space program.
19. radio reception devices according to claim 16 with traffic statistic function, it is characterised in that the power supply mould
Block includes the conversion equipment of DC-AC conversion device or DC-to-dc.
20. radio reception devices according to claim 17 with traffic statistic function, it is characterised in that the RJ45 net
Network interface at least includes a WAN mouth and at least one LAN mouth.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610859258.6A CN106452856A (en) | 2016-09-28 | 2016-09-28 | Traffic flow statistics method and device, and wireless access equipment with traffic flow statistics function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610859258.6A CN106452856A (en) | 2016-09-28 | 2016-09-28 | Traffic flow statistics method and device, and wireless access equipment with traffic flow statistics function |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106452856A true CN106452856A (en) | 2017-02-22 |
Family
ID=58171234
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610859258.6A Pending CN106452856A (en) | 2016-09-28 | 2016-09-28 | Traffic flow statistics method and device, and wireless access equipment with traffic flow statistics function |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452856A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107241283A (en) * | 2017-05-23 | 2017-10-10 | 国家计算机网络与信息安全管理中心 | A kind of East and West direction network traffics mirror image acquisition method across main frame tenant |
CN108259478A (en) * | 2017-12-29 | 2018-07-06 | 中国电力科学研究院有限公司 | Safety protecting method based on industry control terminal device interface HOOK |
CN113132259A (en) * | 2019-12-31 | 2021-07-16 | 北京金山云网络技术有限公司 | Traffic data packet statistical method, device, equipment and storage medium |
CN113132261A (en) * | 2019-12-31 | 2021-07-16 | 北京金山云网络技术有限公司 | Traffic data packet classification method and device and electronic equipment |
CN113726917A (en) * | 2020-05-26 | 2021-11-30 | 网神信息技术(北京)股份有限公司 | Domain name determination method and device and electronic equipment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101389085A (en) * | 2008-10-14 | 2009-03-18 | 中国联合通信有限公司 | Rubbish short message recognition system and method based on sending behavior |
CN101873640A (en) * | 2010-05-27 | 2010-10-27 | 华为终端有限公司 | Flow processing method, device and mobile terminal |
CN102307136A (en) * | 2011-07-06 | 2012-01-04 | 杭州华三通信技术有限公司 | Method for processing message and device thereof |
CN102780591A (en) * | 2011-05-12 | 2012-11-14 | 弗兰克公司 | Method and apparatus for distinguishing and sampling bi-directional network traffic at a conversation level |
CN103139315A (en) * | 2013-03-26 | 2013-06-05 | 烽火通信科技股份有限公司 | Application layer protocol analysis method suitable for home gateway |
CN103763154A (en) * | 2014-01-11 | 2014-04-30 | 浪潮电子信息产业股份有限公司 | Network flow detection method |
-
2016
- 2016-09-28 CN CN201610859258.6A patent/CN106452856A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101389085A (en) * | 2008-10-14 | 2009-03-18 | 中国联合通信有限公司 | Rubbish short message recognition system and method based on sending behavior |
CN101873640A (en) * | 2010-05-27 | 2010-10-27 | 华为终端有限公司 | Flow processing method, device and mobile terminal |
CN102780591A (en) * | 2011-05-12 | 2012-11-14 | 弗兰克公司 | Method and apparatus for distinguishing and sampling bi-directional network traffic at a conversation level |
CN102307136A (en) * | 2011-07-06 | 2012-01-04 | 杭州华三通信技术有限公司 | Method for processing message and device thereof |
CN103139315A (en) * | 2013-03-26 | 2013-06-05 | 烽火通信科技股份有限公司 | Application layer protocol analysis method suitable for home gateway |
CN103763154A (en) * | 2014-01-11 | 2014-04-30 | 浪潮电子信息产业股份有限公司 | Network flow detection method |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107241283A (en) * | 2017-05-23 | 2017-10-10 | 国家计算机网络与信息安全管理中心 | A kind of East and West direction network traffics mirror image acquisition method across main frame tenant |
CN108259478A (en) * | 2017-12-29 | 2018-07-06 | 中国电力科学研究院有限公司 | Safety protecting method based on industry control terminal device interface HOOK |
CN108259478B (en) * | 2017-12-29 | 2021-10-01 | 中国电力科学研究院有限公司 | Safety protection method based on industrial control terminal equipment interface HOOK |
CN113132259A (en) * | 2019-12-31 | 2021-07-16 | 北京金山云网络技术有限公司 | Traffic data packet statistical method, device, equipment and storage medium |
CN113132261A (en) * | 2019-12-31 | 2021-07-16 | 北京金山云网络技术有限公司 | Traffic data packet classification method and device and electronic equipment |
CN113132259B (en) * | 2019-12-31 | 2022-07-05 | 北京金山云网络技术有限公司 | Traffic data packet statistical method, device, equipment and storage medium |
CN113726917A (en) * | 2020-05-26 | 2021-11-30 | 网神信息技术(北京)股份有限公司 | Domain name determination method and device and electronic equipment |
CN113726917B (en) * | 2020-05-26 | 2024-04-12 | 奇安信网神信息技术(北京)股份有限公司 | Domain name determination method and device and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106452856A (en) | Traffic flow statistics method and device, and wireless access equipment with traffic flow statistics function | |
CN101599963B (en) | Suspected network threat information screener and screening and processing method | |
CN105357137B (en) | Message filtering method and the FPGA being applicable in, intelligent substation | |
CN103428094A (en) | Method and device for packet transmitting in Open Flow system | |
CN106921637A (en) | The recognition methods of the application message in network traffics and device | |
CN103763695B (en) | Method for evaluating safety of internet of things | |
CN107659612A (en) | Data transfer control method and device based on device packets | |
CN109120524A (en) | Link aggregation method and relevant device | |
CN103200123A (en) | Safety control method of switchboard port | |
CN105141637A (en) | Transmission encryption method taking flows as granularity | |
TW201431320A (en) | Method and network device for loop detection | |
JP6671112B2 (en) | Method and apparatus for flexible and efficient analysis in network switch | |
CN102158422B (en) | Message forwarding method and equipment for layer 2 ring network | |
CN102790966A (en) | Method for multithreaded communication between network nodes of wireless sensor and gateway | |
CN103532908A (en) | P2P protocol identification method based on secondary decision tree | |
CN107306412A (en) | Method, user equipment and base station to realize message transmitting | |
CN104917703B (en) | Defence line head of line blocking method and system based on SDN | |
CN105450647B (en) | A kind of method and system preventing message aggression | |
CN103905184A (en) | Classical network and quantum secret communication network integration traffic control method | |
CN104734884B (en) | A kind of GOOSE communication means and device | |
CN105323234B (en) | Service node ability processing method, device, business classifier and service controller | |
Kaur et al. | Simulation and investigation of Zigbee sensor network with mobility support | |
Hamood et al. | Keywords Sensitivity Recognition of Military Applications in Secure CRNs Environments | |
Pagano et al. | RTNS: an NS-2 extension to simulate wireless real-time distributed systems for structured topologies | |
Jiang et al. | Performance bounds of distributed CSMA scheduling |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
RJ01 | Rejection of invention patent application after publication |