CN106487797A - A kind of network data processing method and system - Google Patents

A kind of network data processing method and system Download PDF

Info

Publication number
CN106487797A
CN106487797A CN201610940404.8A CN201610940404A CN106487797A CN 106487797 A CN106487797 A CN 106487797A CN 201610940404 A CN201610940404 A CN 201610940404A CN 106487797 A CN106487797 A CN 106487797A
Authority
CN
China
Prior art keywords
black
network data
layer
white lists
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610940404.8A
Other languages
Chinese (zh)
Other versions
CN106487797B (en
Inventor
韩健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201610940404.8A priority Critical patent/CN106487797B/en
Publication of CN106487797A publication Critical patent/CN106487797A/en
Application granted granted Critical
Publication of CN106487797B publication Critical patent/CN106487797B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/06Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Abstract

The embodiment of the invention discloses network data processing method and system, are applied to technical field of information processing.In the method for the present embodiment, the system kernel layer of network data processing system can be after network data be converted electrical signals to, call black and white lists strategy program, when determine need not close network data corresponding connection when, system kernel layer just can obtain transport layer information according to network data, and transport layer information is sent to application layer execution service logic.In the present embodiment, black and white lists strategy program is advanceed to the execution of system kernel layer, the connection that need close is closed as early as possible can, compare with needing black and white lists strategy program to be executed by application layer in prior art, can save the resource for needing the corresponding data of connection that closes to be consumed from system kernel layer to application layer.

Description

A kind of network data processing method and system
Technical field
The present invention relates to technical field of information processing, more particularly to a kind of network data processing method and system.
Background technology
The reasons such as the safety and stability of increasing income due to Linux, linux are more suitable for doing the operating system of server than windows, Typically the server that the operating system of server is linux is just linux server.Existing linux server is being processed During one network packet, after the physical network card of linux server receives electric signal, network data is converted electrical signals to Bao Hou, after necessarily being processed to network packet by the system kernel layer of linux server, gives answering for linux server Processed with layer again, the process of wherein application layer includes the filtration treatment based on black and white lists strategy.
Content of the invention
The embodiment of the present invention provides a kind of network data processing method and system, it is achieved that call black and white in system kernel layer List strategy program is to determine whether to close the corresponding connection of the network data.
The embodiment of the present invention provides a kind of network data processing method, is applied in network data processing system, the net Network data handling system includes system kernel layer and application layer, and methods described includes:
The electric signal of reception is converted into network data by the system kernel layer;
The system kernel layer calls black and white lists strategy program, to determine whether to close the corresponding company of the network data Connect, it is corresponding that the black and white lists strategy program is used for the closing network data consistent with address information in non-white list or blacklist Connection;
If it is determined that not closing the corresponding connection of the network data, the system kernel layer is obtained according to the network data To transport layer information, and the transport layer information is sent to application layer execution service logic;If it is determined that closing described The corresponding connection of the network data is closed in the corresponding connection of network data, the system kernel layer.
The embodiment of the present invention also provides a kind of network data processing system, including system kernel layer and application layer, the system System inner nuclear layer includes:
Modular converter, for being converted into network data by the electric signal of reception;
Calling module, for calling black and white lists strategy program, to determine whether to close the corresponding company of the network data Connect, if it is determined that the corresponding connection of the network data is closed, close the corresponding connection of the network data;The black and white lists Strategy program is used for closing the corresponding connection of the network data consistent with address information in non-white list or blacklist;
Transport module, for if it is determined that do not close the corresponding connection of the network data, obtaining according to the network data To transport layer information, and the transport layer information is sent to application layer execution service logic.
It can be seen that, in the method for the present embodiment, electric signal can changed by the system kernel layer of network data processing system After network data, call black and white lists strategy program, when determine need not close network data corresponding connection when, in system Stratum nucleare just can obtain transport layer information according to network data, and transport layer information is sent to application layer execution service logic.This In embodiment, black and white lists strategy program is advanceed to the execution of system kernel layer, the connection for needing to close can be closed as early as possible, and Need to be compared by application layer execution black and white lists strategy program in prior art, can save needs the connection that closes to count accordingly According to the resource consumed from system kernel layer to application layer.
Description of the drawings
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing Accompanying drawing to be used needed for technology description is had to be briefly described, it should be apparent that, drawings in the following description are only this Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also To obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is a kind of flow chart of network data processing method provided in an embodiment of the present invention;
Fig. 2 is the structural representation of the server that Application Example of the present invention is provided;
Fig. 3 is a kind of flow chart of the network data processing method provided in Application Example of the present invention;
Fig. 4 is a kind of structural representation of network data processing system provided in an embodiment of the present invention;
Fig. 5 is the structural representation of another kind network data processing system provided in an embodiment of the present invention;
Fig. 6 is a kind of structural representation of server provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Term " first ", " second ", " the 3rd " " in description and claims of this specification and above-mentioned accompanying drawing Four " etc. (if present) be for distinguishing similar object, without for describing specific order or precedence.Should manage The data that solution is so used can be exchanged in the appropriate case, for example can be to remove so as to embodiments of the invention described herein Illustrate here or description those beyond order implement.Additionally, term " comprising " and " having " and theirs is any Deformation, it is intended that cover including not exclusively, for example, contains the process of series of steps or unit, method, system, product Product or equipment are not necessarily limited to those steps that clearly lists or unit, but may include clearly not list or for this A little other intrinsic steps of process, method, product or equipment or unit.
The embodiment of the present invention provides a kind of network data processing method, mainly can apply to network data processing system System, the equipment such as such as server or terminal device, include system kernel layer and application layer in the network data processing system.This The method flow diagram of embodiment as shown in figure 1, including:
The electric signal of reception is converted into network data by step 101, system kernel layer.
Step 102, system kernel layer call black and white lists strategy program, corresponding to determine whether to close the network data Connection, if it is determined that do not close the corresponding connection of network data, then execution step 103;If it is determined that be, then execution step 104. Wherein, black and white lists strategy program is corresponding for closing the network data consistent with address information in non-white list or blacklist Connection.
It is appreciated that generally, what the system kernel layer of network processing system was received by network connection is telecommunications Number, needing to convert the electrical signal to network data, this process is mainly decoded obtaining network data to electric signal.When To after network data, system kernel layer will call black and white lists strategy program, and execute black and white lists strategy program.
Specifically, if black and white lists strategy program is provided that white list, system kernel layer be by network data The network address is mated with the address information in non-white list, if there are consistent, it is determined that close network data corresponding Connection.If black and white lists strategy program is provided that blacklist, system kernel layer be by the network address of network data with Address information in blacklist is mated, if there are consistent, it is determined that close the corresponding connection of network data.
Step 103, system kernel layer obtain transport layer information according to network data, and transport layer information is sent to application Layer executes service logic.Here transport layer information may refer to transmission control protocol (Transmission Control Protocol, TCP) information, or refer to UDP (UserDatagram Protocol, UDP) information.
Step 104, system kernel layer close the corresponding connection of network data.
It can be seen that, in the method for the present embodiment, electric signal can changed by the system kernel layer of network data processing system After network data, call black and white lists strategy program, when determine need not close network data corresponding connection when, in system Stratum nucleare just can obtain transport layer information according to network data, and transport layer information is sent to application layer execution service logic.This In embodiment, black and white lists strategy program is advanceed to the execution of system kernel layer, the connection for needing to close can be closed as early as possible, and Need to be compared by application layer execution black and white lists strategy program in prior art, can save needs the connection that closes to count accordingly According to the resource consumed from system kernel layer to application layer.
Hereinafter the method for the present invention is illustrated with a specific application example, in the network data processing system of the present embodiment Unite the system carried for server, the structure of the server can as shown in Fig. 2 including:Physical network card, link module, network Address module, transport module, socket (Socket) interface module and transmission service module, wherein, physical network card, link mould Block, network address module and transport module are belonging to system kernel layer, and network address module includes network filter (netfilter);And sockets interface module and transmission service module belong to application layer.
In order to realize calling black and white lists strategy program in system kernel layer in the present embodiment, user can be in advance by clothes In the code of system kernel layer of server, then preset black and white lists information in server be injected into by the application layer of business device Black and white lists strategy program is embedded in the network filter of network address module.
Wherein and the code of system kernel layer refers to that network data processing system that server is carried normally can run Code information.Black and white lists information includes multiple network address information, and application layer can be continuously updated in black and white lists information Network address information updated after black and white lists information, such as add a new network address information, or modification one Individual existing network address information etc., then the black and white lists information after renewal be re-introduced into the code of system kernel layer again In, with existing black and white lists information in the code of replacement system inner nuclear layer.
It is appreciated that as procfs is the abbreviation of process filesystem (file system), comprising a pseudo-file system System (file system that dynamic is generated during startup), procfs can provide an interface so that system kernel layer or User space journey Sequence can enter the transmission of line parameter by procfs.And lattice chain (net link) socket (socket) is to realize application The most frequently used interface that layer is communicated with system kernel layer.Therefore, application layer specifically will black and white lists information or update after black When white list information is injected in the code of system kernel layer, can be by application layer and the lattice chain socket of system kernel layer Interface, by black and white lists information or update after black and white lists information be injected in the code of system kernel layer, or pass through into Journey file system (i.e. procfs) interface is injected into black and white lists information in kernel layer identification code, realizes one and can load kernel mould Block (Loadable Kernel Modules, KLM).
In embedded black and white lists strategy program, server can be in the network filter included by network address module Add, in pre- route (PREROUTING) chain, hook (hook) function for executing black and white lists strategy.Wherein in network filter Pre- route chain can be included, and route chain in advance and be made up of multiple Hook Functions, different Hook Functions execute different work( Can, these functions include to determine that network data is that the machine is executed or is transmitted to the functions such as miscellaneous equipment execution by the machine.
It can be seen that, used in the present embodiment, netfilter technology easily can be realized carrying black and white lists strategy program Front to system kernel layer, that is, only need to add Hook Function, it is not necessary to modification or recompilate system kernel code.
The server can be executed, flow chart such as Fig. 3 institute in accordance with the following steps when network data processing method is executed Show, including:
Step 201, physical network card receive electric signal by the network connection with miscellaneous equipment, and the electric signal is converted into net Network data, and network data is put in caching.
Step 202, link module read network data from caching, and network data is sent to network address module.
Step 203, network address module execute each hook in pre- route (PREROUTING) chain of network filter Function, calls the Hook Function for executing black and white lists strategy first, if that is, in network data and non-white list or blacklist Location information is consistent, then close the corresponding connection of the network data.The corresponding connection of network data if not turned off, then be directed to network Data execute other Hook Functions again, operate, and network data is sent to transport module including route querying etc..
Step 204, transport module can be carried out process to network data and obtain transport layer information according to TCP or udp protocol I.e. TCP or UDP content, then sends TCP or UDP content to sockets interface module.
Step 205, sockets interface module connection transport layer and transmission service module, TCP or UDP content is sent to biography Defeated service module.
Step 206, transmits service module and executes certain service logic according to TCP or UDP content.
The embodiment of the present invention also provides a kind of network data processing system, such as server or terminal device etc., its structure Schematic diagram is as shown in figure 4, specifically include system kernel layer 10 and application layer 11, wherein, system kernel layer 10 includes:
Modular converter 110, for being converted into network data by the electric signal of reception;
Calling module 120, for calling black and white lists strategy program, to determine whether to close 110 turns of the modular converter The corresponding connection of the network data changed, if it is determined that close the corresponding connection of the network data, close the network data pair The connection that answers;The black and white lists strategy program is used for closing the network number consistent with address information in non-white list or blacklist According to corresponding connection;
Transport module 130, closes the corresponding connection of the network data if determined not for the calling module 120, Transport layer information is obtained according to the network data, and the transport layer information is sent to application layer execution business patrolling Volume.
It can be seen that, in the system of the present embodiment, the calling module 120 of system kernel layer can be in modular converter 110 by telecommunications After number being converted to network data, call black and white lists strategy program, when determine need not close network data corresponding connection when, Transport module 130 just can obtain transport layer information according to network data, and transport layer information is sent to application layer execution business Logic.In the present embodiment, black and white lists strategy program is advanceed to the execution of system kernel layer, can close as early as possible needs closing Connection, with need in prior art by application layer execute black and white lists strategy program compare, can save need close connection The resource consumed from system kernel layer to application layer by corresponding data.
With reference to shown in Fig. 5, in a specific embodiment, the application layer 11 in network data processing system can include Injection module 111, is embedded in module 121 and update module 131, and above-mentioned calling module 120 can include network filter, its In:
Injection module 111, described for preset black and white lists information in the network data processing system to be injected into In the code of system kernel layer;The black and white lists information includes multiple network address information;Injection module 111, specifically for By the lattice chain sockets interface with the system kernel layer, or pass through process filesystem interface by the black and white lists Information is injected in the code of the system kernel layer.
Embedded module 121, for being embedded in the black and white lists strategy program in the network filter of the calling module, The black and white lists strategy program, the black and white lists strategy program include the black and white name information that injection module 111 injects.Described Embedded module 121, specifically for adding the hook for executing the black and white lists strategy in the pre- route chain of the network filter Subfunction, such calling module 120 directly invoke the embedded Hook Function of embedded module 121 when calling.
Update module 131, for updating the black and white after the network address information in the black and white lists information is updated List information;Then above-mentioned injection module 111, the black and white lists information injection after being additionally operable to update the update module 131 To in the code of the system kernel layer, to replace existing black and white lists information in the code of the system kernel layer.
It is embedded in module 121 easily to realize black and white lists strategy using netfilter technology in the present embodiment Program advances to system kernel layer, that is, only need to add Hook Function, it is not necessary to which system kernel code is recompilated in modification.
The embodiment of the present invention also provides a kind of server, its structural representation as shown in fig. 6, the server can because configuration or Performance is different and the larger difference of producing ratio, can include one or more central processing units (central Processing units, CPU) 20 (for example, one or more processors) and memory 21, one or more are deposited Storage application program 221 or the storage medium 22 (such as one or more mass memory units) of data 222.Wherein, store Device 21 and storage medium 22 can be of short duration storage or persistently store.Be stored in storage medium 22 program can include one or More than one module (diagram is not marked), each module can include to operate the series of instructions in server.Further Ground, central processing unit 20 could be arranged to communicate with storage medium 22, execute on the server a series of in storage medium 22 Command operating.
Specifically, the application program 221 for storing in storage medium 22 includes the application program of network data processing, and should Program can include the modular converter 110 of system kernel layer 10 in above-mentioned network data processing system, calling module 120, transmission Included injection module 111 in module 130, and application layer 11, is embedded in module 121 and update module 131, and here is not gone to live in the household of one's in-laws on getting married State.Further, central processing unit 20 could be arranged to communicate with storage medium 22, execute storage medium 22 on the server The corresponding sequence of operations of the application program of the network data processing of middle storage.
Server can also include one or more power supplys 23, one or more wired or wireless network interfaces 24, one or more input/output interfaces 25, and/or, one or more operating systems 223, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc..
The step performed by network data processing system described in said method embodiment can be based on shown in the Fig. 6 Server structure.
One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can Completed with instructing the hardware of correlation by program, the program can be stored in a computer-readable recording medium, storage Medium can include:Read-only storage (ROM), random access memory ram), disk or CD etc..
The network data processing method provided by the embodiment of the present invention and system are described in detail above, herein Apply specific case to be set forth the principle of the present invention and embodiment, the explanation of above example is only intended to help Understand the method for the present invention and its core concept;Simultaneously for one of ordinary skill in the art, according to the thought of the present invention, All will change in specific embodiments and applications, in sum, this specification content is should not be construed as to this The restriction of invention.

Claims (11)

1. a kind of network data processing method, it is characterised in that be applied in network data processing system, at the network data Reason system includes system kernel layer and application layer, and methods described includes:
The electric signal of reception is converted into network data by the system kernel layer;
The system kernel layer calls black and white lists strategy program, to determine whether to close the corresponding connection of the network data, It is corresponding that the black and white lists strategy program is used for the closing network data consistent with address information in non-white list or blacklist Connection;
If it is determined that not closing the corresponding connection of the network data, the system kernel layer is passed according to the network data Defeated layer information, and the transport layer information is sent to application layer execution service logic;If it is determined that closing the network The corresponding connection of the network data is closed in the corresponding connection of data, the system kernel layer.
2. the method for claim 1, it is characterised in that the system kernel layer includes physical network card, network address mould Block and transport module, wherein:
The electric signal of reception is converted into network data and specifically includes by the system kernel layer:The electricity that the physical network card will be received Signal is converted into network data;
The system kernel layer calls black and white lists strategy program to specifically include:The network address module calls black and white lists plan The program of omiting;
The system kernel layer obtains transport layer information according to the network data, and the transport layer information is sent to described Application layer executes service logic, specifically includes:The transport module obtains transport layer information according to the network data, and by institute State transport layer information and send application layer execution service logic to.
3. method as claimed in claim 2, it is characterised in that the network address module includes network filter, the system Before system inner nuclear layer calls black and white lists strategy program, methods described also includes:
Preset black and white lists information in the network data processing system is injected into the system kernel layer by the application layer Code in;The black and white lists information includes multiple network address information;
The application layer is embedded in the black and white lists strategy program in the network filter of the network address module.
4. method as claimed in claim 3, it is characterised in that
Described preset black and white lists information in the network data processing system is injected into the network data processing system Kernel layer identification code in, specifically include:The application layer is by the lattice chain sockets interface with the system kernel layer or logical Cross process filesystem interface the black and white lists information is injected in the code of the system kernel layer.
5. method as claimed in claim 3, it is characterised in that
The black and white lists strategy program is embedded in the network filter of the network address module, specifically includes:Described Add the Hook Function for executing the black and white lists strategy in the pre- route chain of network filter.
6. the method as described in any one of claim 3 to 5, it is characterised in that methods described also includes:
The application layer updates the black and white lists information after the network address information in the black and white lists information is updated, will Black and white lists information after the renewal is injected in the code of the system kernel layer, to replace the generation of the system kernel layer Existing black and white lists information in code.
7. a kind of network data processing system, it is characterised in that including system kernel layer and application layer, the system kernel layer bag Include:
Modular converter, for being converted into network data by the electric signal of reception;
Calling module, for calling black and white lists strategy program, to determine whether to close the corresponding connection of the network data, such as Fruit determines closes the corresponding connection of the network data, closes the corresponding connection of the network data;The black and white lists strategy Program is used for closing the corresponding connection of the network data consistent with address information in non-white list or blacklist;
Transport module, for if it is determined that do not close the corresponding connection of the network data, being passed according to the network data Defeated layer information, and the transport layer information is sent to application layer execution service logic.
8. system as claimed in claim 7, it is characterised in that the calling module includes network filter, the application layer Including:
Injection module, for being injected into the system kernel by preset black and white lists information in the network data processing system In the code of layer;The black and white lists information includes multiple network address information;
Embedded module, for being embedded in the black and white lists strategy program in the network filter of the calling module.
9. system as claimed in claim 8, it is characterised in that
The injection module, specifically for by the lattice chain sockets interface with the system kernel layer or literary by process The black and white lists information is injected in the code of the system kernel layer by part system interface.
10. system as claimed in claim 8, it is characterised in that
The embedded module, executes the black and white lists strategy specifically for adding in the pre- route chain of the network filter Hook Function.
11. systems as described in any one of claim 8 to 10, it is characterised in that the application layer also includes:
Update module, for updating the letter of the black and white lists after the network address information in the black and white lists information is updated Breath;
The injection module, is additionally operable to the black and white lists information after described renewal is injected into the code of the system kernel layer In, to replace existing black and white lists information in the code of the system kernel layer.
CN201610940404.8A 2016-10-25 2016-10-25 Network data processing method and system Active CN106487797B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610940404.8A CN106487797B (en) 2016-10-25 2016-10-25 Network data processing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610940404.8A CN106487797B (en) 2016-10-25 2016-10-25 Network data processing method and system

Publications (2)

Publication Number Publication Date
CN106487797A true CN106487797A (en) 2017-03-08
CN106487797B CN106487797B (en) 2020-07-07

Family

ID=58272877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610940404.8A Active CN106487797B (en) 2016-10-25 2016-10-25 Network data processing method and system

Country Status (1)

Country Link
CN (1) CN106487797B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068229A (en) * 2007-06-08 2007-11-07 北京工业大学 Content filtering gateway realizing method based on network filter
CN101436958A (en) * 2007-11-16 2009-05-20 太极计算机股份有限公司 Method for resisting abnegation service aggression
CN102638453A (en) * 2012-03-13 2012-08-15 广州华多网络科技有限公司 Voice data kernel forwarding method based on Linux system server
US20150026463A1 (en) * 2004-12-03 2015-01-22 Fortinet, Inc. Secure system for allowing the execution of authorized computer program code
CN104852833A (en) * 2015-06-04 2015-08-19 上海斐讯数据通信技术有限公司 Network protocol stack management method and system in Linux system
CN105187446A (en) * 2015-09-29 2015-12-23 烽火通信科技股份有限公司 System and method for home gateway to detect and shield user Internet surfing services

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150026463A1 (en) * 2004-12-03 2015-01-22 Fortinet, Inc. Secure system for allowing the execution of authorized computer program code
US20160253491A1 (en) * 2004-12-03 2016-09-01 Fortinet, Inc. Secure system for allowing the execution of authorized computer program code
CN101068229A (en) * 2007-06-08 2007-11-07 北京工业大学 Content filtering gateway realizing method based on network filter
CN101436958A (en) * 2007-11-16 2009-05-20 太极计算机股份有限公司 Method for resisting abnegation service aggression
CN102638453A (en) * 2012-03-13 2012-08-15 广州华多网络科技有限公司 Voice data kernel forwarding method based on Linux system server
CN104852833A (en) * 2015-06-04 2015-08-19 上海斐讯数据通信技术有限公司 Network protocol stack management method and system in Linux system
CN105187446A (en) * 2015-09-29 2015-12-23 烽火通信科技股份有限公司 System and method for home gateway to detect and shield user Internet surfing services

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王少伟: "基于Netfilter机制的应用层协议过滤", 《中国优秀博硕士学位论文全文数据库》 *

Also Published As

Publication number Publication date
CN106487797B (en) 2020-07-07

Similar Documents

Publication Publication Date Title
CN108989164A (en) Intelligent home furnishing control method, intelligent home control system and mobile terminal
CN105282047A (en) Access request processing method and device
CN106774786A (en) A kind of power consumption control method and device
CN105429811B (en) network management system and method
CN103202049A (en) Conflict handling in self-organizing networks
CN109041140A (en) It is switched fast wireless network methods, Intelligent hardware and terminal device
CN104426927B (en) A kind of intercommunication terminal parameter setting method and system
CN106469282A (en) data access authority control method and device
CN105915250A (en) Method, device and system for wearable device to synchronize with information in mobile terminal
US10097646B2 (en) Method and device for enabling or disabling server in wireless communication system
CN111797173B (en) Alliance chain sharing system, method and device, electronic equipment and storage medium
CN105282829B (en) A kind of method and wireless sound box connecting network
CN109828793A (en) USB management-control method and system based on domestic operating system
CN109714757A (en) A kind of shared method and device for preparing eSIM card
CN104793998B (en) Terminal system resource management method and device
CN104468547A (en) Long connection establishing method, device and system
EP3197207A1 (en) Method for managing application resources and registered node in m2m
CN108390795A (en) Household appliance and its monitoring method, intelligent domestic system and readable storage medium storing program for executing
CN106487797A (en) A kind of network data processing method and system
CN110875945B (en) Method, apparatus and medium for task processing on a generic service entity
CN105075189A (en) Receiving a communication event
CN106604309A (en) Method and system for hiding SSID of wireless access device
CN113992721B (en) Intelligent terminal control method, system, equipment and storage medium
CN114221829B (en) Edge side intelligent home management method and system
CN105187244B (en) A kind of digital communication equipment access information management and its working method for supporting a variety of management modes

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant