CN111130946A - Acceleration method and device for deep packet identification and storage medium - Google Patents
Acceleration method and device for deep packet identification and storage medium Download PDFInfo
- Publication number
- CN111130946A CN111130946A CN201911392409.1A CN201911392409A CN111130946A CN 111130946 A CN111130946 A CN 111130946A CN 201911392409 A CN201911392409 A CN 201911392409A CN 111130946 A CN111130946 A CN 111130946A
- Authority
- CN
- China
- Prior art keywords
- programmable hardware
- hardware accelerator
- accelerator card
- message
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an acceleration method, an acceleration device and a storage medium for deep packet identification. The embodiment of the invention uses a programmable hardware accelerator card to complete the Deep Packet Inspection (DPI) function, which comprises the following steps: firstly, receiving a network message by using a network port of a programmable hardware accelerator card; next, using a chip of the programmable hardware accelerator card to collect relevant information of the network message, and performing deep message identification on the information, such as message statistics, matching of regular expressions and the like; and then, the result obtained by the deep message identification is sent back to the host through a PCI bus connected with the host by the programmable hardware accelerator card. Because the methods are all completed on the programmable hardware accelerator card, the processing speed is very high, and the deep message identification performance and the accuracy of the statistical result can be improved. And because the resources of the host CPU are not occupied, the host CPU can save more resources to process more tasks, thereby greatly improving the processing capacity of the host.
Description
Technical Field
The present invention relates to the field of network communications, and in particular, to a method, an apparatus, and a storage medium for accelerating deep packet identification.
Background
Deep Packet Inspection (DPI) is a Packet-based Deep Inspection technology, which performs Deep Inspection on different network application layer loads (such as HTTP, DNS, etc.), and determines the validity of the Packet by inspecting the payload of the Packet.
Where payload detection of a message requires a series of data analysis, processing, detection, screening, statistics, and so on. At present, most of the operations are processed by a CPU of the server through a software method, which puts high requirements on the performance of the CPU of the server.
In the 5G application scene, the data flow is very large, the processing time limit requirement is very high, and if the above operation is still completed by adopting a software method, the application requirement is difficult to meet.
Disclosure of Invention
In view of the above problems, the present inventors creatively provide an acceleration method, apparatus and storage medium for deep packet inspection.
According to a first aspect of the embodiments of the present invention, there is provided a method for accelerating deep packet identification, where the method uses a programmable hardware accelerator card to complete a deep packet identification function, and includes: receiving a network message by using a network port of a programmable hardware accelerator card; using a chip of a programmable hardware accelerator card to acquire relevant information of a network message; carrying out deep message identification on related information of the network message by using a chip of a programmable hardware accelerator card to obtain a deep message identification result; and sending the depth message identification result back to the host through a PCI bus connected with the host by the programmable hardware accelerator card.
According to an embodiment of the present invention, before receiving a network packet using a portal of a programmable hardware accelerator card, the method further includes: writing core logic in a chip of the programmable hardware accelerator card, wherein the core logic is used for acquiring message related information and realizing the function of deep message identification; and detecting whether the programmable hardware accelerator card is connected with the host, if so, continuing the next operation, and if not, prompting error information.
According to an embodiment of the present invention, the obtaining of the relevant information of the network packet includes: analyzing the network message according to a communication protocol to obtain specific message content and basic information of the stream; additional information for the flow is obtained through the flow table, wherein the flow table is stored in a DDR memory on the programmable hardware accelerator card, and the additional information comprises a counter and Cookie information for the flow.
According to an embodiment of the present invention, before the additional information of the flow is obtained through the flow table, the method further includes: a flow table is created in a DDR memory on a programmable hardware accelerator card, wherein the flow table is composed of flow table entries, and the flow table entries comprise basic information and additional information of the flow.
According to an embodiment of the present invention, performing deep packet identification on related information of a network packet to obtain a deep packet identification result includes: and carrying out message statistics on the related information of the network message to obtain a message statistical result.
According to an embodiment of the present invention, performing deep packet identification on related information of a network packet to obtain a deep packet identification result includes: and carrying out data matching on the related information of the network message by using the regular expression to obtain data matched with the regular expression.
According to an embodiment of the present invention, before performing data matching on related information of a network packet by using a regular expression to obtain data matching the regular expression, the method further includes: receiving a regular expression setting instruction sent by an upper layer application through a PCI bus, wherein the upper layer application is installed on a host; and generating the regular expression according to the regular expression setting instruction.
According to a second aspect of the embodiments of the present invention, an acceleration apparatus for deep packet inspection, the apparatus being equipped with a programmable hardware accelerator card and a PCI bus connected to a host, includes: the message receiving module is used for receiving the network message by using the network port of the programmable hardware accelerator card; the information acquisition module is used for acquiring related information of the network message by using a chip of the programmable hardware accelerator card; the deep message identification module is used for carrying out deep message identification on the related information of the network message by using a chip of the programmable hardware accelerator card to obtain a deep message identification result; and the data sending module is used for sending the deep message identification result back to the host through a PCI bus connected with the host by the programmable hardware accelerator card.
According to an embodiment of the present invention, the apparatus further comprises: the logic writing module is used for writing core logic in a chip of the programmable hardware accelerator card, wherein the core logic is used for acquiring message related information and realizing the function of deep message identification; and the detection module is used for detecting whether the programmable hardware accelerator card is connected with the host, continuing the next operation if the programmable hardware accelerator card is connected with the host, and prompting error information if the programmable hardware accelerator card is not connected with the host.
According to an embodiment of the present invention, the information acquiring module includes: the message analysis unit is used for analyzing the network message according to the communication protocol to obtain specific message content and basic flow information; and the flow table searching unit acquires additional information of the flow through the flow table, wherein the flow table is stored in a DDR memory on the programmable hardware accelerator card, and the additional information comprises a counter of the flow and Cookie information.
According to an embodiment of the present invention, the information obtaining module further includes: and the flow table creating unit is used for creating a flow table in the DDR memory on the programmable hardware accelerator card, wherein the flow table consists of flow table entries, and the flow table entries comprise basic information and additional information of the flow.
According to an embodiment of the present invention, the deep packet identification module includes: and the message counting unit is used for carrying out message counting on the related information of the network message to obtain a message counting result.
According to an embodiment of the present invention, the deep packet identification module includes: and the data matching unit is used for performing data matching on the related information of the network message by using the regular expression to obtain data matched with the regular expression.
According to an embodiment of the present invention, the deep packet identification module further includes: the system comprises a regular expression setting instruction unit, a host computer and a PCI bus, wherein the regular expression setting instruction unit is used for receiving a regular expression setting instruction sent by an upper layer application through the PCI bus, and the upper layer application is installed on the host computer; and the regular expression generating unit is used for generating a regular expression according to the regular expression setting instruction.
According to a third aspect of the embodiments of the present invention, a storage medium stores program instructions, where the program instructions are configured to, when executed, perform any one of the above acceleration methods for deep packet inspection.
The embodiment of the invention provides a method and a device for accelerating deep packet identification and a storage medium. The accelerating method for deep packet inspection DPI provided by the embodiment of the invention uses a programmable hardware accelerating card to complete the deep packet inspection function, and comprises the following steps: firstly, receiving a network message by using a network port of a programmable hardware accelerator card; next, using a chip of the programmable hardware accelerator card to collect relevant information of the network message, and performing deep message identification on the information, such as message statistics, matching of regular expressions and the like; and then, the result obtained by the deep message identification is sent back to the host through a PCI bus connected with the host by the programmable hardware accelerator card. Because the methods are all completed on the programmable hardware accelerator card, the processing speed is very high, and the DPI deep packet identification performance and the accuracy of the statistical result can be improved. And because the resources of the host CPU are not occupied, the host CPU can save more resources to process more tasks, thereby greatly improving the processing capacity of the host.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
in the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Fig. 1 is a schematic view of an application scenario of an acceleration method for deep packet identification according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an implementation flow of an acceleration method for deep packet identification according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a composition structure of an acceleration apparatus for deep packet identification according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
Fig. 1 shows an application scenario of the acceleration method for deep packet identification according to the embodiment of the present invention. As shown in fig. 1, an acceleration method for deep packet identification according to an embodiment of the present invention is a method for completing a deep packet identification function by using a programmable hardware accelerator card 30. The Programmable hardware accelerator card 30 is typically a Programmable intelligent network card, such as a Field Programmable Gate Array (FPGA) accelerator card. The hardware accelerator card 30 generally has a network card physical port 301 of a common network card, a chip 302 and a DDR memory. In this embodiment of the present invention, the network card physical port 301 is used to receive a packet, and the logic module 3021 of the chip 302 is used to execute a customized logic, where the customized logic is a processing logic for performing deep packet recognition, and includes: message analysis, flow table lookup, message statistics, regular expression matching and the like. To perform a lookup of the flow table, a flow table is created in the DDR memory 303. After completing the deep packet recognition, the hardware accelerator card 30 returns the packet statistical result or the regular expression matching result to the host through the PCI bus 20, and the host takes the result and transmits the result to an upper application installed on the host, that is, the deep packet recognition application 101. The deep packet identification application 101 may also set the regular expression to be used in the regular expression matching through the PCI bus 20. For data exchange with the programmable hardware accelerator card 30, the host 10 needs to install the programmable hardware accelerator card driver 103. Executable (lib) library 102 is a library of system tools that deep packet recognition application 101 may call. Deep packet identification application 101 may interact with programmable hardware accelerator card 30 via programmable hardware accelerator card driver 103 using these tool libraries.
The following describes in detail an implementation flow of the acceleration method for deep packet identification according to an embodiment of the present invention with reference to fig. 2. As shown in fig. 2, the method for accelerating deep packet identification according to the embodiment of the present invention includes: operation 410, receiving a network message using a portal of the programmable hardware accelerator card; operation 420, acquiring relevant information of the network message by using a chip of the programmable hardware accelerator card; operation 430, performing deep packet identification on the related information of the network packet by using a chip of the programmable hardware accelerator card to obtain a deep packet identification result; at operation 440, the deep packet identification result is sent back to the host via the PCI bus that the programmable hardware accelerator card is connected to.
In operation 410, the network port is abbreviated as a network card physical port, such as the network card physical port 301 shown in fig. 1. The network port has a physical address (MAC address) which can uniquely identify the network port, and a unique IP address can be obtained through the physical address. The physical address and the IP address can be used to receive various network messages of different network layers. Generally, programmable hardware accelerator cards, such as network cards of FPGAs, are high-speed transceiving interfaces, and can be used to perform high-speed data transceiving and exchange.
In operation 420, obtaining the relevant information of the packet includes decoding and unpacking the received network, segmenting the network packet according to the communication protocol, extracting information with different meanings of each field, and even searching a flow table according to the flow information of the packet to obtain more additional information, and so on. The function of the step is mainly to provide various data bases for the next deep packet identification.
In operation 430, deep packet identification is to perform deep detection, analysis and screening on the entire content and related information of the packet acquired in operation 420. The so-called "deep" is compared with the ordinary message analysis level, and the "ordinary message detection" only analyzes the contents below the IP packet level 4, including the source address, the destination address, the source port, the destination port and the protocol type, and the deep message identification adds the application layer analysis in addition to the previous layer analysis, and identifies various applications and their contents, including: application analysis, such as network traffic composition analysis, performance analysis, flow direction analysis, and the like; user analysis, such as user group differentiation, behavior analysis, terminal analysis, trend analysis, and the like; network element analysis, such as analysis according to the area attribute and the base station load condition; traffic control, such as P2P speed limit, QoS guarantee, bandwidth guarantee, network resource optimization, and the like; and safety guarantee, such as DDoS attack, data broadcast storm, malicious virus attack prevention and the like.
In operation 440, the deep packet identification result obtained after the deep packet identification by the programmable hardware accelerator card is finally transmitted back to the host, and the transmission channel is the PCI bus.
According to an embodiment of the present invention, before receiving a network packet using a portal of a programmable hardware accelerator card, the method further includes: writing core logic in a chip of the programmable hardware accelerator card, wherein the core logic is used for acquiring message related information and realizing the function of deep message identification; and detecting whether the programmable hardware accelerator card is connected with the host, if so, continuing the next operation, and if not, prompting error information.
Here, the core logic for acquiring the message-related information and implementing the deep packet identification function is typically implemented by a hardware programming language. Compared with a software programming language, the hardware programming language has higher efficiency and higher running speed. Taking an FPGA card as an example, most of programmable hardware accelerator cards belong to a semi-custom circuit in an application-specific integrated circuit, and are a programmable logic array, which includes units such as a programmable input/output unit, a configurable logic block, a digital clock management module, an embedded block RAM, a wiring resource, an embedded dedicated hard core, a bottom embedded function, and the like. The FPGA utilizes small lookup tables (16 × 1RAM) to realize combinational logic, each lookup table is connected to the input end of a D flip-flop, and the flip-flops drive other logic circuits or drive I/O (input/output) circuits, so that basic logic modules capable of realizing both combinational logic functions and sequential logic functions are formed, and the modules are connected with each other or connected to an I/O module by utilizing metal connecting wires. Therefore, the operations of deep message identification and the like such as message analysis, flow table lookup, regular expression matching and the like can be realized by writing the core logic into the logic module in the FPGA card through hardware programming. Hardware Description Languages (HDLs), such as VHDL, Verilog HDL, System Verilog, and System C, can be used to design digital logic systems and describe digital circuits.
The programmable hardware accelerator card, similar to a common network card, can be detected before starting a computer or formally starting the computer to ensure that the hardware function is not different and is connected with a host computer, thereby ensuring the usability of the computer. If the programmable hardware accelerator card of the detection result is connected with the host and works normally, the acceleration method for deep packet identification provided by the embodiment of the invention can be executed. And if the detection result is that the programmable hardware accelerator card is not connected, prompting error information such as that the programmable hardware accelerator card is not connected with the host computer.
According to an embodiment of the present invention, the obtaining of the relevant information of the network packet includes: analyzing the network message according to a communication protocol to obtain specific message content and basic information of the stream; additional information for the flow is obtained through the flow table, wherein the flow table is stored in a DDR memory on the programmable hardware accelerator card, and the additional information comprises a counter and Cookie information for the flow.
As mentioned above, the so-called parsing of the network message in operation 420 is a more general meaning. In this embodiment, two parts are mainly included, first, the message segment is evaluated according to the communication protocol to obtain the header and the message content, where the header also contains a piece of basic information of the flow, such as the ingress port, the destination MAC address, the ethernet type, the identifier of the virtual local area network, the source IP address, the destination IP address, and so on. Then, some additional information related to the packet, such as counter and Cookie information, can be queried in the flow table according to the information. The flow table is an abstraction of the data forwarding functionality of a network device by a Software Defined Network (SDN). In a conventional network device, data forwarding of switches and routers needs to depend on a two-layer MAC address forwarding table or a three-layer IP address routing table stored in the device, as does a flow table used in an SDN, but network configuration information of each layer in the network is integrated in its entry, so that richer rules can be used in data forwarding. Counters in the flow table may be maintained for each flow table, each data flow, each device port, and each forwarding queue in the switch, so as to count relevant information of the data flow table. Cookie information in the flow table, which are opaque data values, may be used to filter flow statistics, flow changes, and flow deletions. But cannot be used to process packets. Additional information such as counters and Cookie information in the flow table are very important data sources for the packet statistics function in deep packet recognition.
According to an embodiment of the present invention, before the additional information of the flow is obtained through the flow table, the method further includes: a flow table is created in a DDR memory on a programmable hardware accelerator card, wherein the flow table is composed of flow table entries, and the flow table entries comprise basic information and additional information of the flow.
In the flow table, basic information in the flow table entry, such as an ingress port, a destination MAC address, an ethernet type, an identifier of a virtual local area network, a source IP address, a destination IP address, and the like, is mainly used as a matching field, that is, a flow to which the packet belongs and a corresponding flow table entry are matched through values of these fields, and may also be considered as a key for identifying the flow.
According to an embodiment of the present invention, performing deep packet identification on related information of a network packet to obtain a deep packet identification result includes: and carrying out message statistics on the related information of the network message to obtain a message statistical result.
The message statistics is a very typical function of deep message identification, and mainly collects statistical information of various messages, including counting, distribution and the like, which can be used for performing deeper analysis, such as traffic analysis, flow direction analysis, potential safety hazard analysis and the like.
According to an embodiment of the present invention, performing deep packet identification on related information of a network packet to obtain a deep packet identification result includes: and carrying out data matching on the related information of the network message by using the regular expression to obtain data matched with the regular expression.
The data matching is mainly used for screening out desired information in the message data, such as data of a certain application or a certain user, which is also a very important function of deep message identification, and the matched data can be used for analyzing the use condition of a certain application or the behavior of a certain user by the application.
According to an embodiment of the present invention, before performing data matching on related information of a network packet by using a regular expression to obtain data matching the regular expression, the method further includes: receiving a regular expression setting instruction sent by an upper layer application through a PCI bus, wherein the upper layer application is installed on a host; and generating the regular expression according to the regular expression setting instruction.
The regular expressions in the deep packet identification are usually configurable, different regular expressions can be configured according to different intents, and accordingly different information can be filtered out, so that different results are obtained. In the embodiment of the present invention, the upper layer application may specify the regular expression to be used through the PCI bus so as to obtain the specific data that the upper layer application wants to obtain.
Based on the acceleration method for deep packet identification, the embodiment of the invention further provides an acceleration device for deep packet identification. As shown in fig. 3, the apparatus 50 is equipped with a programmable hardware accelerator card and a PCI bus connected to a host, and includes: a message receiving module 501, configured to receive a network message through a network port of a programmable hardware accelerator card; an information obtaining module 502, configured to obtain relevant information of a network packet by using a chip of a programmable hardware accelerator card; a deep packet identification module 503, configured to perform deep packet identification on related information of the network packet by using a chip of the programmable hardware accelerator card to obtain a deep packet identification result; and a data sending module 504, configured to send the deep packet identification result back to the host through a PCI bus that is connected to the host through the programmable hardware accelerator card.
According to an embodiment of the present invention, the apparatus 50 further comprises: the logic writing module is used for writing core logic in a chip of the programmable hardware accelerator card, wherein the core logic is used for acquiring message related information and realizing the function of deep message identification; and the detection module is used for detecting whether the programmable hardware accelerator card is connected with the host, continuing the next operation if the programmable hardware accelerator card is connected with the host, and prompting error information if the programmable hardware accelerator card is not connected with the host.
According to an embodiment of the present invention, the information obtaining module 502 includes: the message analysis unit is used for analyzing the network message according to the communication protocol to obtain specific message content and basic flow information; and the flow table searching unit acquires additional information of the flow through the flow table, wherein the flow table is stored in a DDR memory on the programmable hardware accelerator card, and the additional information comprises a counter of the flow and Cookie information.
According to an embodiment of the present invention, the information obtaining module 502 further includes: and the flow table creating unit is used for creating a flow table in the DDR memory on the programmable hardware accelerator card, wherein the flow table consists of flow table entries, and the flow table entries comprise basic information and additional information of the flow.
According to an embodiment of the present invention, the deep packet identifying module 503 includes: and the message counting unit is used for carrying out message counting on the related information of the network message to obtain a message counting result.
According to an embodiment of the present invention, the deep packet identifying module 503 includes: and the data matching unit is used for performing data matching on the related information of the network message by using the regular expression to obtain data matched with the regular expression.
According to an embodiment of the present invention, the deep packet identifying module 503 further includes: the system comprises a regular expression setting instruction unit, a host computer and a PCI bus, wherein the regular expression setting instruction unit is used for receiving a regular expression setting instruction sent by an upper layer application through the PCI bus, and the upper layer application is installed on the host computer; and the regular expression generating unit is used for generating a regular expression according to the regular expression setting instruction.
According to a third aspect of the embodiments of the present invention, a storage medium stores program instructions, where the program instructions are configured to, when executed, perform any one of the above acceleration methods for deep packet inspection.
Here, it should be noted that: the above description of the embodiment of the acceleration apparatus for deep packet identification and the description of the embodiment of the storage medium are similar to those of the foregoing method embodiments, and have similar beneficial effects to those of the foregoing method embodiments, and therefore, no further description is given. For the technical details that have not been disclosed in the above description of the embodiment of the acceleration apparatus for deep packet identification and the description of the embodiment of the storage medium of the present invention, please refer to the description of the foregoing method embodiment of the present invention for understanding, and therefore, for brevity, no further description is given.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of a unit is only one logical function division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another device, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media capable of storing program codes, such as a removable storage medium, a Read Only Memory (ROM), a magnetic disk, and an optical disk.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods of the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage medium, a ROM, a magnetic disk, an optical disk, or the like, which can store the program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A Deep Packet Inspection (DPI) acceleration method is characterized in that a programmable hardware accelerator card is used for completing a deep packet inspection function, and the method comprises the following steps:
receiving a network message by using the network port of the programmable hardware acceleration card;
using the chip of the programmable hardware accelerator card to obtain the relevant information of the network message;
performing deep packet identification on the related information of the network packet by using a chip of the programmable hardware accelerator card to obtain a deep packet identification result;
and sending the deep packet identification result back to the host through a PCI bus connected with the host by the programmable hardware accelerator card.
2. The method of claim 1, wherein prior to receiving a network message using the portal of the programmable hardware accelerator card, the method further comprises:
writing core logic in a chip of the programmable hardware accelerator card, wherein the core logic is used for acquiring message related information and realizing a function of deep message identification;
and detecting whether the programmable hardware accelerator card is connected with the host, if so, continuing the next operation, and if not, prompting error information.
3. The method according to claim 1, wherein the obtaining information related to the network packet comprises:
analyzing the network message according to a communication protocol to obtain specific message content and basic information of the stream;
acquiring additional information of the flow through a flow table, wherein the flow table is stored in a DDR memory on the programmable hardware accelerator card, and the additional information comprises a counter and Cookie information of the flow.
4. The method of claim 3, wherein prior to said obtaining additional information for the flow through the flow table, the method further comprises:
creating a flow table in a DDR memory on the programmable hardware accelerator card, wherein the flow table is composed of flow table entries including basic information and additional information of a flow.
5. The method according to claim 1, wherein the performing deep packet inspection on the related information of the network packet to obtain a deep packet inspection result comprises:
and carrying out message statistics on the related information of the network message to obtain a message statistical result.
6. The method according to claim 1, wherein the performing deep packet inspection on the related information of the network packet to obtain a deep packet inspection result comprises:
and carrying out data matching on the related information of the network message by using a regular expression to obtain data matched with the regular expression.
7. The method according to claim 6, wherein before the data matching the related information of the network packet by using the regular expression to obtain the data matching the regular expression, the method further comprises:
receiving a regular expression setting instruction sent by an upper layer application through the PCI bus, wherein the upper layer application is installed on the host;
and generating a regular expression according to the regular expression setting instruction.
8. An acceleration apparatus for deep packet identification, the apparatus being equipped with a programmable hardware accelerator card and a PCI bus connected to a host, the apparatus comprising:
the message receiving module is used for receiving network messages by using the network port of the programmable hardware accelerator card;
the information acquisition module is used for acquiring the related information of the network message by using the chip of the programmable hardware accelerator card;
the deep packet identification module is used for carrying out deep packet identification on the related information of the network packet by using the chip of the programmable hardware accelerator card to obtain a deep packet identification result;
and the data sending module is used for sending the deep packet identification result back to the host through a PCI bus connected with the host through the programmable hardware accelerator card.
9. The apparatus of claim 8, further comprising:
a logic writing module, configured to write core logic in a chip of the programmable hardware accelerator card, where the core logic is configured to obtain message-related information and implement a function of deep packet identification;
and the detection module is used for detecting whether the programmable hardware accelerator card is connected with the host, if so, continuing the next operation, and if not, prompting error information.
10. A storage medium having stored thereon program instructions for performing, when executed, the method of deep packet inspection acceleration according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911392409.1A CN111130946B (en) | 2019-12-30 | 2019-12-30 | Acceleration method and device for deep packet identification and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911392409.1A CN111130946B (en) | 2019-12-30 | 2019-12-30 | Acceleration method and device for deep packet identification and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111130946A true CN111130946A (en) | 2020-05-08 |
| CN111130946B CN111130946B (en) | 2022-03-25 |
Family
ID=70504780
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911392409.1A Active CN111130946B (en) | 2019-12-30 | 2019-12-30 | Acceleration method and device for deep packet identification and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111130946B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988271A (en) * | 2020-06-30 | 2020-11-24 | 联想(北京)有限公司 | Communication flow processing method and device |
| CN112272123A (en) * | 2020-10-16 | 2021-01-26 | 北京锐安科技有限公司 | Network traffic analysis method and device, electronic equipment and storage medium |
| CN112929299A (en) * | 2021-01-27 | 2021-06-08 | 广州市品高软件股份有限公司 | SDN cloud network implementation method, device and equipment based on FPGA accelerator card |
| CN113824772A (en) * | 2021-08-30 | 2021-12-21 | 济南浪潮数据技术有限公司 | Data acquisition method, system and device based on cloud network and readable storage medium |
| CN114726801A (en) * | 2022-04-01 | 2022-07-08 | 北京东土军悦科技有限公司 | Encrypted flow forwarding method and system |
| CN116015700A (en) * | 2021-11-04 | 2023-04-25 | 贵州电网有限责任公司 | Intranet DDOS flow detection and protection method based on software defined network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102217281A (en) * | 2011-06-13 | 2011-10-12 | 华为技术有限公司 | Method and apparatus for protocol analysis |
| CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
| CN104753931A (en) * | 2015-03-18 | 2015-07-01 | 中国人民解放军信息工程大学 | DPI (deep packet inspection) method based on regular expression |
| CN105191212A (en) * | 2014-03-25 | 2015-12-23 | 华为技术有限公司 | Data flow statistics collection method, system and apparatus |
| US20170171039A1 (en) * | 2014-08-25 | 2017-06-15 | Huawei Technologies Co., Ltd. | Network flow information collection method and apparatus |
| CN106899512A (en) * | 2017-02-15 | 2017-06-27 | 北京浩瀚深度信息技术股份有限公司 | Multi engine realization method and system based on DPI in FPGA |
| CN108512763A (en) * | 2018-04-16 | 2018-09-07 | 广州市品高软件股份有限公司 | A kind of tracking of flow table rule generating process |
| CN109525587A (en) * | 2018-11-30 | 2019-03-26 | 新华三信息安全技术有限公司 | A kind of recognition methods of data packet and device |
| CN110324204A (en) * | 2019-07-01 | 2019-10-11 | 中国人民解放军陆军工程大学 | A kind of high speed regular expression matching engine realized in FPGA and method |
-
2019
- 2019-12-30 CN CN201911392409.1A patent/CN111130946B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102217281A (en) * | 2011-06-13 | 2011-10-12 | 华为技术有限公司 | Method and apparatus for protocol analysis |
| CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
| CN105191212A (en) * | 2014-03-25 | 2015-12-23 | 华为技术有限公司 | Data flow statistics collection method, system and apparatus |
| US20170171039A1 (en) * | 2014-08-25 | 2017-06-15 | Huawei Technologies Co., Ltd. | Network flow information collection method and apparatus |
| CN104753931A (en) * | 2015-03-18 | 2015-07-01 | 中国人民解放军信息工程大学 | DPI (deep packet inspection) method based on regular expression |
| CN106899512A (en) * | 2017-02-15 | 2017-06-27 | 北京浩瀚深度信息技术股份有限公司 | Multi engine realization method and system based on DPI in FPGA |
| CN108512763A (en) * | 2018-04-16 | 2018-09-07 | 广州市品高软件股份有限公司 | A kind of tracking of flow table rule generating process |
| CN109525587A (en) * | 2018-11-30 | 2019-03-26 | 新华三信息安全技术有限公司 | A kind of recognition methods of data packet and device |
| CN110324204A (en) * | 2019-07-01 | 2019-10-11 | 中国人民解放军陆军工程大学 | A kind of high speed regular expression matching engine realized in FPGA and method |
Non-Patent Citations (1)
| Title |
|---|
| 刘付斌: "基于NetFPGA的网络数据流量采集器", 《测控技术》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988271A (en) * | 2020-06-30 | 2020-11-24 | 联想(北京)有限公司 | Communication flow processing method and device |
| CN112272123A (en) * | 2020-10-16 | 2021-01-26 | 北京锐安科技有限公司 | Network traffic analysis method and device, electronic equipment and storage medium |
| CN112272123B (en) * | 2020-10-16 | 2022-04-15 | 北京锐安科技有限公司 | Network traffic analysis method, system, device, electronic equipment and storage medium |
| CN112929299A (en) * | 2021-01-27 | 2021-06-08 | 广州市品高软件股份有限公司 | SDN cloud network implementation method, device and equipment based on FPGA accelerator card |
| CN112929299B (en) * | 2021-01-27 | 2021-11-30 | 广州市品高软件股份有限公司 | SDN cloud network implementation method, device and equipment based on FPGA accelerator card |
| CN113824772A (en) * | 2021-08-30 | 2021-12-21 | 济南浪潮数据技术有限公司 | Data acquisition method, system and device based on cloud network and readable storage medium |
| CN116015700A (en) * | 2021-11-04 | 2023-04-25 | 贵州电网有限责任公司 | Intranet DDOS flow detection and protection method based on software defined network |
| CN114726801A (en) * | 2022-04-01 | 2022-07-08 | 北京东土军悦科技有限公司 | Encrypted flow forwarding method and system |
| CN114726801B (en) * | 2022-04-01 | 2024-03-29 | 北京东土军悦科技有限公司 | Method and system for forwarding encrypted traffic |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111130946B (en) | 2022-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111130946B (en) | Acceleration method and device for deep packet identification and storage medium | |
| CN108768866B (en) | Cross-card forwarding method and device for multicast message, network equipment and readable storage medium | |
| CN105684382A (en) | Packet control method, switch and controller | |
| CN108141416A (en) | A kind of message processing method, computing device and message process device | |
| EP4012980A1 (en) | Application identification method and apparatus, and storage medium | |
| EP3979577B1 (en) | Queue congestion control method, device and storage medium | |
| CN114726788B (en) | Message transmission method applied to DPU and related device | |
| CN113114707B (en) | Rule filtering method for power chip Ethernet controller | |
| CN111614580A (en) | Data forwarding method, device and equipment | |
| CN111163018A (en) | Network equipment and method for reducing transmission delay thereof | |
| CN113542043B (en) | Data sampling method, device, equipment and medium of network equipment | |
| CN111294235A (en) | Data processing method, device, gateway and readable storage medium | |
| CN112769738A (en) | DetNet data packet processing method and device | |
| CN112511438B (en) | Method and device for forwarding message by using flow table and computer equipment | |
| CN115002808B (en) | Information forwarding method, device, equipment and storage medium | |
| EP3013000B1 (en) | Traffic statistics collection method and apparatus | |
| CN116192761A (en) | Message forwarding method, forwarding layer device, system, electronic device and storage medium | |
| CN116015796A (en) | Flow table updating method and device, firewall equipment and storage medium | |
| CN115278395A (en) | Network switching equipment, data stream processing control method and related equipment | |
| CN114866488A (en) | Information flow identification method, network chip and network equipment | |
| CN114257526A (en) | In-band telemetry system, method and device | |
| CN112887317A (en) | Method and system for protecting database based on VXLAN network | |
| US20200267054A1 (en) | Determining the importance of network devices based on discovered topology, managed endpoints, and activity | |
| CN111031044A (en) | Message analysis hardware device and message analysis method | |
| US9319327B2 (en) | Packet transmission method, packet transmission apparatus, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |