CN110417791A - A kind of encryption device and network data method, apparatus - Google Patents
A kind of encryption device and network data method, apparatus Download PDFInfo
- Publication number
- CN110417791A CN110417791A CN201910711982.8A CN201910711982A CN110417791A CN 110417791 A CN110417791 A CN 110417791A CN 201910711982 A CN201910711982 A CN 201910711982A CN 110417791 A CN110417791 A CN 110417791A
- Authority
- CN
- China
- Prior art keywords
- network data
- network
- encryption device
- application layer
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/02—Protocol performance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This disclosure relates to a kind of encryption device and network data method, apparatus, this method is applied to when the network bypass module of encryption device include: the network data for receiving the network interface card of encryption device and sending;Transmitting network data to encryption device application layer Transmission Control Protocol processing module so that application layer Transmission Control Protocol processing module network data.This disclosure relates to encryption device network data method, network data can be handled by network bypass module and application layer Transmission Control Protocol processing module, without the protocol stack for carrying network data transmission to (SuSE) Linux OS, the cpu resource consumed when to saving the protocol stack receiving network data that (SuSE) Linux OS carries, improves the efficiency of encryption device network data.This disclosure relates to encryption device and network data device also solve the problems, such as relevant art.
Description
Technical field
This disclosure relates to information security art of cryptography, more specifically to a kind of encryption device and processing network
Data method, device.
Background technique
As information-based industry high speed and comprehensive development is letter always as the encryption device of information security basal core
While breath industry and Developing Track for Modern Service Industry provide the cryptographic technique of safety, higher and higher network bandwidth requirement is also faced.
The protocol stack that TCP/IP network data is handled in encryption device is the included protocol stack of (SuSE) Linux OS, because
Cumbersome for the various realization of itself function, which handles TCP/IP network data than relatively time-consuming, often just will appear network
When data traffic is larger, only TCP/IP network data transmitting-receiving process just occupies many cpu resources, in network interface
Hardware bandwidth it is fixed in the case where, the bottleneck of encryption device is just embodied in the communication of network data above, same network number
Powerful hardware is needed to support according to processing capacity.
In conclusion the efficiency for how improving encryption device network data is that current those skilled in the art urgently solve
Certainly the problem of.
Summary of the invention
Purpose of this disclosure is to provide a kind of encryption device network data methods, can solve to a certain extent such as
What improves the technical issues of efficiency of encryption device network data.The disclosure additionally provides a kind of encryption device and processing net
Network data set, electronic equipment, computer readable storage medium.
On the one hand, present disclose provides a kind of encryption device network data methods, applied to the encryption device
Network bypass module, comprising:
Receive the network data that the network interface card of the encryption device is sent;
The application layer Transmission Control Protocol processing module for transmitting the network data to the encryption device, so that the application layer
The Transmission Control Protocol processing module processing network data.
Preferably, application layer Transmission Control Protocol processing module of the transmission network data to the encryption device, packet
It includes:
Mapping relations between memory based on the network interface card and the stack address of application layer TCP protocol stack, in the application layer
In the stack address of TCP protocol stack, the corresponding target stack address of the memory that the network data is saved in the network interface card is determined;
The network data is mapped in the target stack address;
Wherein, the application layer TCP protocol stack belongs to the application layer Transmission Control Protocol processing module.
Preferably, application layer Transmission Control Protocol processing module of the transmission network data to the encryption device, packet
It includes:
Network interface card queue based on the network interface card and the corresponding relationship between the stack address of application layer TCP protocol stack, are answered described
In stack address with layer TCP protocol stack, the corresponding target stack address of the network interface card queue for sending the network data is determined;
The network data is transmitted to the target stack address;
Wherein, the application layer TCP protocol stack belongs to the application layer Transmission Control Protocol processing module.
Second aspect, the disclosure provides a kind of encryption device network data method, applied to the encryption device
Application layer Transmission Control Protocol processing module, comprising:
Receive the network data of the network bypass module transfer of the encryption device;
Corresponding processing thread is called to handle the network data.
Preferably, the network data of the network bypass module transfer for receiving the encryption device, comprising:
Stack address based on the application layer TCP protocol stack of itself receives the network data of the network bypass module mapping;
The corresponding processing thread of calling handles the network data, comprising:
The corresponding relationship of stack address and processing cross-thread based on the application layer TCP protocol stack, is determined described in reception
Target corresponding to the stack address of the application layer TCP protocol stack of network data handles thread;
The target processing thread is called to handle the network data.
It is preferably, described that the target processing thread is called to handle the network data, comprising:
Based on the corresponding relationship between the processing thread and CPU core, the corresponding target of the target processing thread is determined
CPU core;
The network data is sent to the target CPU core, and the target CPU core is called to handle the network data.
Preferably, the corresponding processing thread of the calling handles the network data, comprising:
Call corresponding processing thread in the network data TCP/IP data and ICMP data handle.
The third aspect, the disclosure provides a kind of encryption device network data device, applied to the encryption device
Network bypass module, comprising:
First receiving module, the network data that the network interface card for receiving the encryption device is sent;
First transmission module, the application layer Transmission Control Protocol for being used for transmission the network data to the encryption device handle mould
Block, so that the application layer Transmission Control Protocol processing module handles the network data.
Fourth aspect, the disclosure provide a kind of computer readable storage medium, are stored thereon with computer program, be applied to
The network bypass module of the encryption device realizes any the method as above when the computer program is executed by processor
Step.
5th aspect, the disclosure provide a kind of electronic equipment, applied to the network bypass module of the encryption device, packet
It includes:
Memory is stored thereon with computer program;
Processor, for executing the computer program in the memory, to realize any the method as above
Step.
6th aspect, the application provide a kind of encryption device, comprising: by the network connecting with the network interface card of the encryption device
Road module, the application layer Transmission Control Protocol processing module being connect with the network bypass module;
The network bypass module, the network data that the network interface card for receiving the encryption device is sent;Transmit the net
Network data are to the application layer Transmission Control Protocol processing module;
The application layer Transmission Control Protocol processing module, for receiving the network data of the network bypass module transfer,
Corresponding processing thread is called to handle the network data.
A kind of encryption device network data method that the disclosure provides, the network bypass mould applied to encryption device
Block receives the network data that the network interface card of encryption device is sent;The application layer Transmission Control Protocol of transmitting network data to encryption device is handled
Module, so that application layer Transmission Control Protocol processing module network data.The encryption device network data side that the disclosure provides
Method, network bypass module receives the network data that network interface card is sent, and transmitting network data is to the application layer Transmission Control Protocol of encryption device
Processing module, so that the encryption device that application layer Transmission Control Protocol processing module network data namely the disclosure provide handles net
Network data method can handle network data by network bypass module and application layer Transmission Control Protocol processing module, be not necessarily to
The protocol stack that network data transmission to (SuSE) Linux OS is carried, to save the included protocol stack of (SuSE) Linux OS
The cpu resource consumed when receiving network data, avoiding reduces encryption device network data because of the consumption of cpu resource
Efficiency improves the efficiency of encryption device network data.The encryption device and network data device of disclosure offer,
Electronic equipment and computer readable storage medium also solve the problems, such as relevant art.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited
It is open.
Detailed description of the invention
In order to illustrate more clearly of the embodiment of the present disclosure or technical solution in the prior art, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Disclosed embodiment for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is a kind of first pass of the encryption device network data method provided according to an exemplary embodiment
Figure;
Fig. 2 is a kind of second procedure of the encryption device network data method provided according to an exemplary embodiment
Figure;
Fig. 3 is that a kind of first structure of encryption device network data device shown according to an exemplary embodiment is shown
It is intended to;
Fig. 4 is that a kind of the second structure of encryption device network data device shown according to an exemplary embodiment is shown
It is intended to;
Fig. 5 is the structural schematic diagram according to the encryption device shown in an exemplary embodiment;
Fig. 6 is the block diagram according to a kind of electronic equipment 600 shown in an exemplary embodiment.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present disclosure, the technical solution in the embodiment of the present disclosure is carried out clear, complete
Site preparation description, it is clear that described embodiment is only disclosure a part of the embodiment, instead of all the embodiments.It is based on
Embodiment in the disclosure, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment belongs to the range of disclosure protection.
Referring to Fig. 1, Fig. 1 is a kind of encryption device network data method provided according to an exemplary embodiment
First pass figure.
This disclosure relates to a kind of encryption device network data method, the network bypass mould applied to encryption device
Block may comprise steps of:
Step S101: the network data that the network interface card of encryption device is sent is received.
It is understood that network bypass module can first receive the network data that the network interface card of encryption device is sent, network
The type of data can be determine according to actual needs.
Step S102: the application layer Transmission Control Protocol processing module of transmitting network data to encryption device, so that application layer TCP
Protocol process module network data.
It is understood that can be passed after the network data that the network interface card that network bypass module receives encryption device is sent
It is provided in the encryption device that the application layer Transmission Control Protocol processing module namely the disclosure of defeated network data to encryption device provide
Application layer Transmission Control Protocol processing module, in addition, by so that application layer Transmission Control Protocol processing module network data description it is found that
Application layer Transmission Control Protocol processing module can be handled network data after receiving network data.
A kind of encryption device network data method that the disclosure provides, the network bypass mould applied to encryption device
Block receives the network data that the network interface card of encryption device is sent;The application layer Transmission Control Protocol of transmitting network data to encryption device is handled
Module, so that application layer Transmission Control Protocol processing module network data.The encryption device network data side that the disclosure provides
Method, network bypass module receives the network data that network interface card is sent, and transmitting network data is to the application layer Transmission Control Protocol of encryption device
Processing module, so that the encryption device that application layer Transmission Control Protocol processing module network data namely the disclosure provide handles net
Network data method can handle network data by network bypass module and application layer Transmission Control Protocol processing module, be not necessarily to
The protocol stack that network data transmission to (SuSE) Linux OS is carried, to save the included protocol stack of (SuSE) Linux OS
The cpu resource consumed when receiving network data, avoiding reduces encryption device network data because of the consumption of cpu resource
Efficiency improves the efficiency of encryption device network data.
In the above-described embodiments, during transmitting network data to application layer Transmission Control Protocol processing module, in order to avoid
Network bypass module carries out network data the operation such as to replicate, and directly can reflect the network data in network interface card by mapping techniques
It is incident upon application layer Transmission Control Protocol processing module, so that application layer Transmission Control Protocol processing module is directly to the network data saved in network interface card
It is handled, treatment effeciency is improved with this, then the application layer TCP association of network bypass module transfer network data to encryption device
The process for discussing processing module can be with are as follows: the mapping relations between the memory based on network interface card and the stack address of application layer TCP protocol stack, In
In the stack address of application layer TCP protocol stack, the corresponding target stack address of memory that network data is saved in network interface card is determined;By net
Network data map in target stack address;Wherein, application layer TCP protocol stack belongs to application layer Transmission Control Protocol processing module.It is not difficult to manage
Solution is provided with application layer TCP protocol stack in application layer Transmission Control Protocol processing module, and application layer TCP protocol stack is for receiving network interface card
The network data of mapping.
In the above-described embodiments, when there is multiple network datas to be handled, in order to avoid multiple network datas
Treatment progress influences each other, and when transmitting to multiple network datas, either network interface card will be by network data transmission to network
Network data transmission to application layer Transmission Control Protocol processing module is both needed to using locking, solution by road module or network bypass module
Lock technology carrys out transmitting network data, thus the efficiency of transmission of network data can be made slower, so that encryption device handles net
The efficiency of network data is slower, in order to solve such case, can avoid by preset transmission corresponding relationship to network data
It locked, unlock operation, then the process of the application layer Transmission Control Protocol processing module of transmitting network data to encryption device can be with
Are as follows: the corresponding relationship between the network interface card queue based on network interface card and the stack address of application layer TCP protocol stack, in application layer TCP protocol stack
Stack address in, determine send network data the corresponding target stack address of network interface card queue;Transmitting network data is to goal stack
Address;Wherein, application layer TCP protocol stack belongs to application layer Transmission Control Protocol processing module.Namely network interface card queue is used for transmission network number
According to, and the network interface card queue of network interface card is corresponding with the stack address of application layer TCP protocol stack, so network bypass module can be by net
Corresponding relationship between card queue and the stack address of application layer TCP protocol stack, directly extremely by the network data transmission in network interface card queue
Corresponding stack address.Correspondingly, when application layer Transmission Control Protocol processing module is by processing thread process network data, in order to keep away
Exempt from network data to the contention of processing thread, stack of the application layer Transmission Control Protocol processing module based on the application layer TCP protocol stack of itself
It, can stack address and processing line based on application layer TCP protocol stack after address receives the network data of network bypass module mapping
Corresponding relationship between journey determines that target corresponding to the stack address of the application layer TCP protocol stack of receiving network data handles line
Journey;Invocation target processing thread handles network data, due to stack address and the processing thread phase of application layer TCP protocol stack
It is corresponding, it is possible to the corresponding network data of processing thread process stack address is directly called according to the corresponding relationship.
Referring to Fig. 2, Fig. 2 is a kind of encryption device network data method provided according to an exemplary embodiment
Second flow chart.
This disclosure relates to a kind of encryption device network data method, applied to encryption device application layer TCP assist
Processing module is discussed, may comprise steps of:
Step S201: the network data of the network bypass module transfer of encryption device is received.
Step S202: corresponding processing thread is called to handle network data.
It is understood that application layer Transmission Control Protocol processing module calls thread to handle network data.
In the above-described embodiments, when application layer Transmission Control Protocol processing module calls multiple processing threads, in order to avoid multiple
Processing thread is tried to be the first network data, network bypass module by the stack of network data transmission to application layer TCP protocol stack
When in location, the process that application layer Transmission Control Protocol processing module receives the network data of the network bypass module transfer of encryption device can
With are as follows: the stack address based on the application layer TCP protocol stack of itself receives the network data of network bypass module mapping;Correspondingly,
The process for calling corresponding processing thread to handle network data can be with are as follows: the stack address based on application layer TCP protocol stack
With the corresponding relationship of processing cross-thread, mesh corresponding to the stack address of the application layer TCP protocol stack of receiving network data is determined
Mark processing thread;Invocation target processing thread handles network data.Namely application layer Transmission Control Protocol processing module is according to answering
With the stack address of layer TCP protocol stack and the corresponding relationship of processing cross-thread, calls directly processing thread and corresponding stack address is received
Network data handled, avoid in multiple processing threads choose processing thread the problem of, treatment effeciency can be improved.
It in the above-described embodiments, is to pass through when application layer Transmission Control Protocol processing module calls processing thread process network data
Network data is sent to the corresponding CPU core of processing thread by processing thread, at this point, if there is multiple CPU cores, application layer TCP association
View processing module need to choose the corresponding CPU core of processing thread in multiple CPU cores and carry out network data, be easy to appear because of selection
CPU core and the situation for causing network data processing efficiency slack-off, in order to improve network data processing efficiency, application layer Transmission Control Protocol
Processing module invocation target handles process that thread handles network data can be with are as follows: based between processing thread and CPU core
Corresponding relationship, determine the corresponding target CPU core of target processing thread;Network data is sent to target CPU core, and calls mesh
Mark CPU core network data.Namely it is avoided according to the corresponding relationship between processing thread and CPU core because in multiple CPU cores
The situation chosen CPU core and cause network data processing efficiency slack-off.
In the above-described embodiments, in order to further increase the treatment effeciency of network data, application layer Transmission Control Protocol can be set
Processing module only in network data TCP/IP data and ICMP data handle, then application layer Transmission Control Protocol processing module
The process for calling corresponding processing thread to handle network data can be with are as follows: calls corresponding processing thread to network data
In TCP/IP data and ICMP data handled.
Referring to Fig. 3, Fig. 3 is a kind of encryption device network data device shown according to an exemplary embodiment
First structure diagram.
This disclosure relates to the network bypass module applied to encryption device encryption device network data device
300, may include:
First receiving module 310, the network data that the network interface card for receiving encryption device is sent;
First transmission module 320 is used for transmission the application layer Transmission Control Protocol processing module of network data to encryption device, with
Make application layer Transmission Control Protocol processing module network data.
This disclosure relates to the network bypass module applied to encryption device encryption device network data device
300, the first transmission module may include:
First determination unit, for the mapping relations between the memory based on network interface card and the stack address of application layer TCP protocol stack,
In the stack address of application layer TCP protocol stack, the corresponding target stack address of memory that network data is saved in network interface card is determined;
First map unit, for mapping to network data in target stack address;
Wherein, application layer TCP protocol stack belongs to application layer Transmission Control Protocol processing module.
This disclosure relates to the network bypass module applied to encryption device encryption device network data device
300, the first transmission module may include:
Second determination unit, for based on network interface card network interface card queue with it is corresponding between the stack address of application layer TCP protocol stack
Relationship, in the stack address of application layer TCP protocol stack, with determining the corresponding goal stack of network interface card queue for sending network data
Location;
First transmission unit is used for transmission network data to target stack address;
Wherein, application layer TCP protocol stack belongs to application layer Transmission Control Protocol processing module.
Referring to Fig. 4, Fig. 4 is a kind of encryption device network data device shown according to an exemplary embodiment
Second structural schematic diagram.
This disclosure relates to the application layer Transmission Control Protocol processing module applied to encryption device encryption device handle network number
According to device 400, may include:
Second receiving module 410, the network data of the network bypass module transfer for receiving encryption device;
First calling module 420, for calling corresponding processing thread to handle network data.
This disclosure relates to the application layer Transmission Control Protocol processing module applied to encryption device encryption device handle network number
According to device 400, the second receiving module may include:
First receiving unit, the stack address for the application layer TCP protocol stack based on itself receive network bypass module and reflect
The network data penetrated;
First calling module may include:
Third determination unit, for the corresponding relationship of stack address and processing cross-thread based on application layer TCP protocol stack, really
Make the processing thread of target corresponding to the stack address of the application layer TCP protocol stack of receiving network data;
First call unit is handled network data for invocation target processing thread.
This disclosure relates to the application layer Transmission Control Protocol processing module applied to encryption device encryption device handle network number
According to device 400, the first call unit may include:
First determines subelement, for determining that target handles thread based on the corresponding relationship between processing thread and CPU core
Corresponding target CPU core;
First calls subelement, and for sending network data to target CPU core, and invocation target CPU core handles network number
According to.
This disclosure relates to the application layer Transmission Control Protocol processing module applied to encryption device encryption device handle network number
According to device 400, the first calling module may include:
Second call unit, for calling corresponding processing thread to the TCP/IP data and ICMP data in network data
It is handled.
Referring to Fig. 5, Fig. 5 is the structural schematic diagram according to the encryption device shown in an exemplary embodiment.
This disclosure relates to a kind of encryption device 500, comprising: the network bypass mould being connect with the network interface card 530 of encryption device
Block 510, the application layer Transmission Control Protocol processing module 520 being connect with network bypass module 510;
Network bypass module 510, the network data that the network interface card for receiving encryption device is sent;Transmitting network data is to answering
With layer Transmission Control Protocol processing module 520;
Application layer Transmission Control Protocol processing module 520 calls phase for receiving the network data of the transmission of network bypass module 510
The processing thread answered handles network data.
About this disclosure relates to encryption device in the associated descriptions of modules please refer to above-described embodiment, the disclosure exists
This is repeated no more.
Fig. 6 is the block diagram according to a kind of electronic equipment 600 shown in an exemplary embodiment.As shown in fig. 6, the electronics is set
Standby 600 may include: processor 601, memory 602.The electronic equipment 600 can also include multimedia component 603, input/
Export one or more of (I/O) interface 604 and communication component 605.
Wherein, processor 601 is used to control the integrated operation of the electronic equipment 600, to complete at above-mentioned encryption device
Manage all or part of the steps in network data method.Memory 602 is for storing various types of data to support in the electricity
The operation of sub- equipment 600, these data for example may include any application program for being operated on the electronic equipment 600 or
The instruction of method and the relevant data of application program, such as contact data, the message of transmitting-receiving, picture, audio, video etc.
Deng.The memory 602 can realize by any kind of volatibility or non-volatile memory device or their combination, such as
Static random access memory (Static Random Access Memory, abbreviation SRAM), electrically erasable is read-only to be deposited
Reservoir (Electrically Erasable Programmable Read-Only Memory, abbreviation EEPROM), it is erasable can
Program read-only memory (Erasable Programmable Read-Only Memory, abbreviation EPROM), may be programmed read-only deposit
Reservoir (Programmable Read-Only Memory, abbreviation PROM), and read-only memory (Read-Only Memory, referred to as
ROM), magnetic memory, flash memory, disk or CD.Multimedia component 603 may include screen and audio component.Wherein
Screen for example can be touch screen, and audio component is used for output and/or input audio signal.For example, audio component may include
One microphone, microphone is for receiving external audio signal.The received audio signal can be further stored in storage
Device 602 is sent by communication component 605.Audio component further includes at least one loudspeaker, is used for output audio signal.I/O
Interface 604 provides interface between processor 601 and other interface modules, other above-mentioned interface modules can be keyboard, mouse,
Button etc..These buttons can be virtual push button or entity button.Communication component 605 is for the electronic equipment 600 and other
Wired or wireless communication is carried out between equipment.Wireless communication, such as Wi-Fi, bluetooth, near-field communication (Near Field
Communication, abbreviation NFC), 2G, 3G or 4G or they one or more of combination, therefore corresponding communication
Component 605 may include: Wi-Fi module, bluetooth module, NFC module.
In one exemplary embodiment, electronic equipment 600 can be by one or more application specific integrated circuit
(Application Specific Integrated Circuit, abbreviation ASIC), digital signal processor (Digital
Signal Processor, abbreviation DSP), digital signal processing appts (Digital Signal Processing Device,
Abbreviation DSPD), programmable logic device (Programmable Logic Device, abbreviation PLD), field programmable gate array
(Field Programmable Gate Array, abbreviation FPGA), controller, microcontroller, microprocessor or other electronics member
Part is realized, for executing above-mentioned encryption device network data method.
In a further exemplary embodiment, a kind of computer readable storage medium including program instruction is additionally provided, it should
The step of above-mentioned encryption device network data method is realized when program instruction is executed by processor.For example, the computer
Readable storage medium storing program for executing can be the above-mentioned memory 602 including program instruction, and above procedure instruction can be by electronic equipment 600
Device 601 is managed to execute to complete above-mentioned encryption device network data method.
A kind of encryption device and network data device that the embodiment of the present disclosure provides, electronic equipment and computer-readable
The explanation of relevant portion refers to a kind of encryption device network data method of embodiment of the present disclosure offer in storage medium
The detailed description of middle corresponding part, details are not described herein.In addition, the embodiment of the present disclosure provide above-mentioned technical proposal in it is existing
The consistent part of technical solution realization principle and unspecified is corresponded in technology, in order to avoid excessively repeat.
It should also be noted that, herein, relational terms such as first and second and the like are used merely to one
Entity or operation are distinguished with another entity or operation, without necessarily requiring or implying between these entities or operation
There are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant are intended to contain
Lid non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
The foregoing description of the disclosed embodiments makes those skilled in the art can be realized or use the disclosure.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and the general principles defined herein can
Realized in other embodiments without departing from the spirit or the scope of the present disclosure.Therefore, the disclosure will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with the principles and novel features disclosed in this article widest
Range.
Claims (10)
1. a kind of encryption device network data method, which is characterized in that the network bypass mould applied to the encryption device
Block, comprising:
Receive the network data that the network interface card of the encryption device is sent;
The application layer Transmission Control Protocol processing module of the network data to the encryption device is transmitted, so that the application layer TCP is assisted
It discusses processing module and handles the network data.
2. the method according to claim 1, wherein described transmit the network data to the encryption device
Application layer Transmission Control Protocol processing module, comprising:
Mapping relations between memory based on the network interface card and the stack address of application layer TCP protocol stack are assisted in the application layer TCP
In the stack address for discussing stack, the corresponding target stack address of the memory that the network data is saved in the network interface card is determined;
The network data is mapped in the target stack address;
Wherein, the application layer TCP protocol stack belongs to the application layer Transmission Control Protocol processing module.
3. the method according to claim 1, wherein described transmit the network data to the encryption device
Application layer Transmission Control Protocol processing module, comprising:
Network interface card queue based on the network interface card and the corresponding relationship between the stack address of application layer TCP protocol stack, in the application layer
In the stack address of TCP protocol stack, the corresponding target stack address of the network interface card queue for sending the network data is determined;
The network data is transmitted to the target stack address;
Wherein, the application layer TCP protocol stack belongs to the application layer Transmission Control Protocol processing module.
4. a kind of encryption device network data method, which is characterized in that the application layer TCP applied to the encryption device is assisted
Discuss processing module, comprising:
Receive the network data of the network bypass module transfer of the encryption device;
Corresponding processing thread is called to handle the network data.
5. according to the method described in claim 4, it is characterized in that, the network bypass module for receiving the encryption device passes
Defeated network data, comprising:
Stack address based on the application layer TCP protocol stack of itself receives the network data of the network bypass module mapping;
The corresponding processing thread of calling handles the network data, comprising:
The corresponding relationship of stack address and processing cross-thread based on the application layer TCP protocol stack, determines to receive the network
Target corresponding to the stack address of the application layer TCP protocol stack of data handles thread;
The target processing thread is called to handle the network data.
6. according to the method described in claim 5, it is characterized in that, described call the target processing thread to the network number
According to being handled, comprising:
Based on the corresponding relationship between the processing thread and CPU core, the corresponding target CPU of the target processing thread is determined
Core;
The network data is sent to the target CPU core, and the target CPU core is called to handle the network data.
7. according to the described in any item methods of claim 4 to 6, which is characterized in that the corresponding processing thread of calling is to institute
Network data is stated to be handled, comprising:
Call corresponding processing thread in the network data TCP/IP data and ICMP data handle.
8. a kind of encryption device network data device, which is characterized in that the network bypass mould applied to the encryption device
Block, comprising:
First receiving module, the network data that the network interface card for receiving the encryption device is sent;
First transmission module is used for transmission the application layer Transmission Control Protocol processing module of the network data to the encryption device, with
The application layer Transmission Control Protocol processing module is set to handle the network data.
9. a kind of encryption device network data device, which is characterized in that the application layer TCP applied to the encryption device is assisted
Discuss processing module, comprising:
Second receiving module, the network data of the network bypass module transfer for receiving the encryption device;
First calling module, for calling corresponding processing thread to handle the network data.
10. a kind of encryption device characterized by comprising the network bypass module being connect with the network interface card of the encryption device, with
The application layer Transmission Control Protocol processing module of the network bypass module connection;
The network bypass module, the network data that the network interface card for receiving the encryption device is sent;Transmit the network number
According to the extremely application layer Transmission Control Protocol processing module;
The application layer Transmission Control Protocol processing module is called for receiving the network data of the network bypass module transfer
Corresponding processing thread handles the network data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910711982.8A CN110417791A (en) | 2019-08-02 | 2019-08-02 | A kind of encryption device and network data method, apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910711982.8A CN110417791A (en) | 2019-08-02 | 2019-08-02 | A kind of encryption device and network data method, apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110417791A true CN110417791A (en) | 2019-11-05 |
Family
ID=68365469
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910711982.8A Pending CN110417791A (en) | 2019-08-02 | 2019-08-02 | A kind of encryption device and network data method, apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110417791A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114401218A (en) * | 2021-12-28 | 2022-04-26 | 绿盟科技集团股份有限公司 | Bypass forwarding method and device for data message |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512705A (en) * | 2002-12-26 | 2004-07-14 | 成都卫士通信息产业股份有限公司 | Binding method for hardware enciphering card and network protocol stack |
| US20060188098A1 (en) * | 2005-02-21 | 2006-08-24 | Seiko Epson Corporation | Encryption/decryption device, communication controller, and electronic instrument |
| CN103607417A (en) * | 2012-12-03 | 2014-02-26 | 深圳市证通电子股份有限公司 | Network server supporting SSL protocol |
| CN104468519A (en) * | 2014-11-12 | 2015-03-25 | 成都卫士通信息产业股份有限公司 | Embedded electric power safety protection terminal encryption device |
| US20160248790A1 (en) * | 2012-03-21 | 2016-08-25 | Radware, Ltd. | Method and system for detecting and mitigating attacks performed using cryptographic protocols |
| CN108268328A (en) * | 2013-05-09 | 2018-07-10 | 华为技术有限公司 | Data processing equipment and data processing method |
| CN108366018A (en) * | 2017-01-26 | 2018-08-03 | 普天信息技术有限公司 | A kind of processing method of network data packets based on DPDK |
| CN109344639A (en) * | 2018-10-30 | 2019-02-15 | 南方电网科学研究院有限责任公司 | A kind of distribution automation double protection safety chip, data transmission method and equipment |
-
2019
- 2019-08-02 CN CN201910711982.8A patent/CN110417791A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1512705A (en) * | 2002-12-26 | 2004-07-14 | 成都卫士通信息产业股份有限公司 | Binding method for hardware enciphering card and network protocol stack |
| US20060188098A1 (en) * | 2005-02-21 | 2006-08-24 | Seiko Epson Corporation | Encryption/decryption device, communication controller, and electronic instrument |
| US20160248790A1 (en) * | 2012-03-21 | 2016-08-25 | Radware, Ltd. | Method and system for detecting and mitigating attacks performed using cryptographic protocols |
| CN103607417A (en) * | 2012-12-03 | 2014-02-26 | 深圳市证通电子股份有限公司 | Network server supporting SSL protocol |
| CN108268328A (en) * | 2013-05-09 | 2018-07-10 | 华为技术有限公司 | Data processing equipment and data processing method |
| CN104468519A (en) * | 2014-11-12 | 2015-03-25 | 成都卫士通信息产业股份有限公司 | Embedded electric power safety protection terminal encryption device |
| CN108366018A (en) * | 2017-01-26 | 2018-08-03 | 普天信息技术有限公司 | A kind of processing method of network data packets based on DPDK |
| CN109344639A (en) * | 2018-10-30 | 2019-02-15 | 南方电网科学研究院有限责任公司 | A kind of distribution automation double protection safety chip, data transmission method and equipment |
Non-Patent Citations (1)
| Title |
|---|
| 王静: ""协议栈并行化技术的研究与实现"", 《万方》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114401218A (en) * | 2021-12-28 | 2022-04-26 | 绿盟科技集团股份有限公司 | Bypass forwarding method and device for data message |
| CN114401218B (en) * | 2021-12-28 | 2023-07-21 | 绿盟科技集团股份有限公司 | Bypass forwarding method and device for data message |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104081736B (en) | The system and method for schedule packet transmissions on client device | |
| JP5301533B2 (en) | How to optimize near-field links | |
| CN103210619B (en) | For nothing lock and the zero-copy messaging plan of communication network application | |
| EP2645674B1 (en) | Interrupt management | |
| CN101883436B (en) | Concurrent processing method and system for resources and mobile terminal | |
| CN106506393A (en) | A kind of data flow processing method, device and system | |
| CN105519071A (en) | Electronic device using logical channels for communication | |
| CN109981403A (en) | Virtual machine network data traffic monitoring method and device | |
| CN108270813A (en) | A kind of isomery multi-protocol stack method, apparatus and system | |
| CN103154897A (en) | Core abstraction layer for telecommunication network applications | |
| CN107294869A (en) | A kind of method and system of Microsoft Loopback Adapter message crawl | |
| CN110287036A (en) | A kind of collaborative share methods, devices and systems | |
| CN107800546A (en) | The management method and device of a kind of broadcast message | |
| CN106688277A (en) | Efficient centralized resource and schedule management in time slotted channel hopping networks | |
| CN107528976A (en) | Resource allocation method and Related product | |
| CN103888441A (en) | Information transmitting method between application and protocol stack and processing device | |
| CN102387190A (en) | Terminal device, information processing system, request target selection method and program | |
| CN106023642A (en) | Parking stall reservation method, corresponding terminal, server and device | |
| KR101103964B1 (en) | Optimizing throughput of data in a communications network | |
| CN110324193A (en) | A kind of terminal upgrade management method and device | |
| WO2017175070A1 (en) | Method, apparatuses, and system for background data transfer | |
| CN110430142A (en) | Method and apparatus for controlling flow | |
| CN108605292A (en) | Electric power knows formula network communication | |
| CN110417791A (en) | A kind of encryption device and network data method, apparatus | |
| CN108541058A (en) | A kind of control method of mobile terminal, mobile terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191105 |
|
| RJ01 | Rejection of invention patent application after publication |