CN112532620A - Session table control method and device - Google Patents
Session table control method and device Download PDFInfo
- Publication number
- CN112532620A CN112532620A CN202011356586.7A CN202011356586A CN112532620A CN 112532620 A CN112532620 A CN 112532620A CN 202011356586 A CN202011356586 A CN 202011356586A CN 112532620 A CN112532620 A CN 112532620A
- Authority
- CN
- China
- Prior art keywords
- session
- query
- time point
- current
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012544 monitoring process Methods 0.000 claims description 22
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 230000032683 aging Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Abstract
The present specification provides a session table control method, which obtains an effective session number by querying a session table, and according to a preset query time plan, counts the effective session number of a session table at each scheduled query time point, and counts the effective session number of a monitored session table and a newly-built session number in each unit time, if the effective session number counted at a latest time point is relatively large, and the newly-built session number counted in the latest time period is also relatively large, it indicates that a network server is likely to be attacked by a highly-concurrent network attack packet, and thus, a newly-built session for the session table can be rejected.
Description
Technical Field
The present disclosure relates to the field of network technologies, and in particular, to a method and an apparatus for controlling a session table.
Background
Currently, a network server typically records created sessions using a session table. When receiving the message, the network server inquires a session table according to a quintuple (a source IP address, a destination IP address, a protocol number, a source port and a destination port) of the message, if the effective session matched with the quintuple exists in the session table, the message is matched with the effective session, and if the effective session matched with the quintuple does not exist in the session table, a matched session is newly established and added into the session table.
However, in practical applications, the network server may receive a large number of network attack messages in a short time, and the session table does not have an effective session matching with the quintuple of the network attack messages, which may cause a rapid increase of the number of effective sessions in the session table, and cause a great pressure to the network server.
Disclosure of Invention
In order to overcome the problem of high pressure of the network server, the present specification provides a session table control method and device.
The present specification provides a session table control method, including:
inquiring a session table at each inquiry time point based on a plurality of inquiry time points appointed by a preset inquiry plan, and determining the number of effective sessions corresponding to each inquiry time point;
determining the number of new sessions corresponding to each unit time period;
if the control condition is met, refusing to establish a new session for the session table; wherein the control conditions include: the number of the effective sessions corresponding to the latest query time point is larger than the first specified number, and the number of the newly-built sessions corresponding to the latest unit time is larger than the second specified number.
The present specification also provides a session table control apparatus including:
the effective session number query unit is used for querying the session table at each query time point based on a plurality of query time points specified by a preset query plan and determining the effective session number corresponding to each query time point;
a new session number determining unit, configured to determine a number of new sessions corresponding to each unit time period;
the condition monitoring unit is used for refusing to establish a new session for the session table if the condition that the control condition is met is monitored; wherein the control conditions include: the number of the effective sessions corresponding to the latest query time point is larger than the first specified number, and the number of the newly-built sessions corresponding to the latest unit time is larger than the second specified number.
According to the technical scheme of the embodiment of the description, the effective session number is obtained by inquiring the session table, the effective session number of the session table at one time is counted at each scheduled inquiry time point according to the preset inquiry time plan, the effective session number of the monitored session table and the number of the newly-built sessions in each unit time are counted, if the effective session number counted at the latest time point is more and the number of the newly-built sessions counted in the latest time period is more, the network server is proved to be attacked by the highly-concurrent network attack messages, and therefore, the newly-built sessions of the session table can be refused.
Through the technical scheme of the embodiment of the specification, when the indication of high-concurrency network attack messages is found (that is, a large number of network attack messages are predicted to be received in a short time), the new session can be stopped in time, and the phenomenon that the server is stressed due to the fact that effective sessions in a session table are increased rapidly is avoided.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a flowchart illustrating a session table control method according to this specification.
Fig. 2 is a schematic diagram of a session table control method shown in this specification.
Fig. 3 is a schematic diagram of a session table control method shown in this specification.
Fig. 4 is a schematic diagram of a session table control apparatus shown in this specification.
Fig. 5 is a schematic diagram of a hardware structure of a computer device shown in this specification.
Detailed Description
In order to overcome the problem that the number of effective sessions in a session table in the prior art is increased rapidly to cause great pressure on a network server, one implementation scheme is as follows:
and setting a monitoring variable for monitoring the new establishment condition and the aging condition of the session in the session table. And when the value of the monitoring variable becomes larger, refusing to establish a new session for the session table.
In this implementation, there would be two task queues, an add queue and a subtract queue. When a session is monitored to be newly established in a session table, adding a task to an adding queue, wherein the task is used for adding 1 to a monitoring variable; whenever a session is monitored to age in the session table, a task is added to the subtract queue that is used to subtract the monitored variable by 1. However, the adding queue and the subtracting queue are changes for the same monitoring variable, and this frequent adding and subtracting operation for the monitoring variable has an asynchronous problem, that is, as long as one of the tasks in the two queues is not received or the sequence is not correct, the monitoring variable has an error, and the number of valid sessions in the session table obtained based on the error is inaccurate. Specifically, at least the following cases are included:
1. the network server receives two messages of the same quintuple in a short time, when the first message arrives, the query session table is not matched with the corresponding session, and a session corresponding to the quintuple is newly established. Because the session corresponding to the quintuple has not been successfully created, when the second message arrives, the query session table also cannot be matched with the corresponding session, a session corresponding to the quintuple is newly created again, at this time, an adding queue receives two tasks of adding one to the monitoring variable, and the value of the monitoring variable is added by 2. However, since the same quintuple is aged only once, the decrement queue only receives a task of decrementing the monitoring variable by one when the session corresponding to the quintuple is aged, and the value of the monitoring variable is decremented by 1. When new, 2 is added, and when aging, 1 is subtracted, so that errors occur in the monitoring variables.
2. Assuming that the value of the monitor variable is 0 at this time, minus one queue is empty, plus one queue is full. At the moment, one session in the session table is aged quickly, a queue is reduced to be empty, the value of the monitoring variable is immediately modified to be-1, obviously, the value of the monitoring variable cannot be negative, and at the moment, the monitoring variable has obvious errors.
3. Some network servers can set different conditions to perform forced aging sessions, for example, timing is started from session creation, as long as a session existence time length is longer than a preset time length, the session is forced to age, in these cases, a queue is subtracted and cannot be completely received, monitoring variables cannot be completely counted, and therefore errors exist in the monitoring variables.
Errors exist in the monitoring variables, so that the signs of high-concurrency network attack messages cannot be accurately found, and a correct solution strategy cannot be formulated.
In one or more embodiments of the present disclosure, frequent operations of adding one to or subtracting one from the same monitored variable are not performed, and there are no two queues that frequently modify the same monitored variable, thereby avoiding the above-mentioned asynchronous problem. In one or more embodiments of the present description, an effective session number is obtained by querying a session table, and according to a preset query time plan, the effective session number of a session table is counted at a query time point of each plan, and the effective session number of a monitored session table and a new session number in each unit time are counted, if the effective session number counted at a latest time point is relatively large and the new session number counted in a latest time period is relatively large, it is indicated that a network server is likely to be attacked by a highly concurrent network attack packet, and therefore, a new session for the session table can be rejected.
Through one or more embodiments of the present disclosure, when a sign of a highly concurrent network attack packet is found (that is, it is predicted that a large number of network attack packets will be received in a short time), a new session can be stopped in time, so as to avoid a large pressure on a network server caused by an increase of effective sessions in a session table. In addition, the number of effective sessions obtained by inquiring the session table at a plurality of scheduled time points is accurate, and a certain effective session in the session table is not missed or repeatedly counted.
In addition, if the network server encounters the attack of the highly concurrent network attack message, the method not only reflects the rapid increase of the number of effective sessions in the session table, but also reflects the remarkable improvement of the rate of the newly-built session. Therefore, in one or more embodiments of the present specification, in addition to determining whether to stop the new session according to the number of active sessions in the session table, it is also possible to determine whether to stop the new session according to the number of new sessions per unit time (i.e., new session rate).
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The following provides a detailed description of examples of the present specification.
The embodiment of the present description can be implemented on a network server, where the network server can maintain at least one session table, and when there is more than one session table, different session tables can be classified according to a certain classification rule. For example, different session tables may be set to correspond to different source IP addresses, that is, sessions corresponding to messages having the same source IP are in the same session table; or setting different session tables corresponding to different network segments, that is, the sessions corresponding to the messages with the same network identifier are in the same session table; it is also possible to set a session table corresponding to several different source IP addresses, that is, for these several source IP addresses, the session corresponding to the packet of each source IP is in the same session table.
As shown in fig. 1, fig. 1 is a flowchart illustrating a session table control method according to an exemplary embodiment, including the following steps:
When determining the number of effective sessions (also referred to as the number of concurrent connections), the session table may be queried at each query time point based on a plurality of query time points specified by a preset query plan, and the number of effective sessions corresponding to each query time point may be determined.
Specifically, when the number of valid sessions corresponding to each time point is determined, a temporary variable may be set, when starting to query, the temporary variable is initialized to 0, and when querying an valid session, the temporary variable is incremented, and when traversing the session table, the value of the temporary variable is used as the number of valid sessions corresponding to the time point.
The plurality of query time points specified based on the preset query plan may be a polling session table with a fixed period, that is, a fixed time interval exists between the plurality of query time points; or when the number of the effective sessions needs to be determined, the session table is queried to obtain the number of the effective sessions.
Specifically, when the preset query plan is polling, that is, there is a fixed time interval between the query time points, if the set fixed time interval is 5s, it is assumed that, starting from 9:36:00, query is performed once at time point 9:36:05, query is performed once at time point 9:36:10, query is performed once at time point 9:36:15, and so on. If the preset query plan is triggered by the query operation, that is, if there is a query thread for querying the valid sessions, then if the query thread query time is 9:40:20, the time point is 9:40:20, and if the query thread queries the valid sessions again for 9:41:22, the corresponding time point is 9:41:22, and so on.
In one or more embodiments, the number of valid sessions obtained by the query may be written into a designated storage space as a current statistical value, and the current statistical value is kept updated, so that the current statistical value is always the number of valid sessions corresponding to the latest query time point.
And step 104, determining the number of the newly-built sessions in unit time.
And determining the number of the new sessions in unit time as the new session rate, wherein in general, 1s is taken as unit time, and the number of the new sessions per second is taken as the new session rate.
Specifically, for each unit time period, when the unit time period starts, the accumulated value is initialized to 0, in the unit time period, when a new session is monitored, the accumulated value is added by 1, and when the unit time period ends, the accumulated value is used as the number of new sessions corresponding to the unit time period.
In one or more embodiments, the number of new sessions obtained through query may be written in a specified storage space as a current new session rate, and the current new session rate is kept updated, so that the current new session rate is always the number of new sessions corresponding to the latest query time point.
And step 106, monitoring the number of the effective sessions and the number of the newly-built sessions, and refusing to newly build the sessions for the session table if the number of the effective sessions and the number of the newly-built sessions meet the control conditions.
The meeting of the control condition means that the number of the effective sessions corresponding to the latest query time point is greater than a first specified number, the number of the newly-built sessions corresponding to the latest unit time is greater than a second specified number, the first specified number and the second specified number can be set by technical personnel, and if the control condition is met, the situation that a large number of network attack messages are received within a short time with a large probability is shown.
In one or more embodiments, when a new session is needed, the number of active sessions and the number of new sessions may be queried, and then it is determined whether a control condition is satisfied, if the control condition is satisfied, the new session is rejected, and if the control condition is not satisfied, the session is newly created, as shown in fig. 2.
In one or more embodiments, the number of active sessions and the number of new sessions may be continuously monitored, and it is determined whether a control condition is satisfied, and if the control condition is satisfied, the new creation of any session is rejected, as shown in fig. 3, that is, whenever a new session is required, it is queried whether the control condition is satisfied, if the control condition is satisfied, the new creation of the session is rejected, and if the control condition is not satisfied, the session is created.
In practical application, the duration of the current statistical value 0 can be monitored, if the duration of the current statistical value 0 is longer than a specified duration, it is indicated that a session is not newly built in the session table for a long time, and at this time, the corresponding statistical value can be deleted, that is, the current statistical value is aged, so that unnecessary waste of storage resources is reduced.
When the current effective session number is written into the designated storage space, the time stamps can be written together, and if the current effective session number is not 0, the current time stamps are written together; if the current effective session number is 0 but the statistic value of the designated storage space is not 0, writing the current time stamp into the storage space; if the number of currently active sessions is 0 and the statistical value of the designated storage space is also 0, the timestamp of the designated storage space is reserved (i.e., the timestamp is not updated). At this time, when the duration of which the current statistic value is 0 is obtained, the current time point may be obtained first, and then a difference between the current time point and the time point of which the timestamp is used for characterization is calculated as the duration of which the current statistic value is 0.
In addition, there are operations of writing the value of the number of valid sessions, the timestamp, and the like into a designated storage space, and there are also operations of reading the value of the number of valid sessions, the timestamp, and the like from the designated storage space, and therefore, there may be a problem of read-write collision or dirty read, and therefore, when writing the value of the number of valid sessions, the timestamp, and the like into the storage space, it may be determined whether the storage space is locked first, and if not, the storage space is locked first, and the value of the number of valid sessions, the timestamp, and the like are written into the storage space, and then unlocked; and if the storage space is locked, waiting for the unlocking of the storage space, firstly locking the specified storage space, writing the value, the timestamp and the like of the effective session number, and then unlocking. When reading the effective session number or the timestamp of the storage space, firstly judging whether the storage space is locked, if not, firstly locking the storage space, reading a corresponding value, and then unlocking; if the storage space is locked, the specified storage space is locked first after the storage space is unlocked, the corresponding value is read, and then the storage space is unlocked.
In one or more embodiments of the present disclosure, in step 106, after it is determined that the control condition is satisfied, a packet loss warning is generated and a warning log is reported to remind a technician that the control condition is satisfied and a packet corresponding to a five-tuple that does not exist in the session table is no longer received.
In one or more embodiments of the present disclosure, three modules may be provided, including a foreground new query module, a background session polling module, and a session statistics module.
When receiving a command of a newly-built session, a foreground newly-built query queries a current statistic value and a newly-built session rate, queries a limit threshold (a first quantity) corresponding to the statistic value and a limit threshold (a second quantity) corresponding to the newly-built session rate, compares the current statistic value and the limit threshold to determine whether a control condition is met, and if so, refusing to newly build the session for a session table and generating a packet loss warning reporting warning log. When the foreground newly-built query module queries the current statistical value, the timestamp corresponding to the statistical value is updated. The new session rate is determined by foreground new query according to the instructions of the new session received in each unit time, the new instructions received in each unit time are the number of the new sessions in each unit time, and then the foreground new query writes the new session rate to the designated storage space.
The background polling session module is used for determining the number of effective sessions, and when the time point of the preset query plan is not reached, the background polling session starts to query the session table, specifically, a temporary variable is set and initialized to 0, and is added with one every time an effective session is queried, when the session table is traversed, the value of the temporary variable is used as the number of effective sessions at the time point, and the number of effective sessions is written into a designated space and is used as the current statistical value. Simultaneously writing time points corresponding to the number of the effective sessions in the appointed storage space, and if the number of the effective sessions is not 0, writing the time points and the corresponding time stamps together; if the number of the current effective sessions is 0 but the statistic value of the designated storage space is not 0, writing the corresponding timestamps into the storage space together; if the number of currently active sessions is 0 and the statistical value of the designated storage space is also 0, the timestamp of the designated storage space is reserved (i.e., the timestamp is not updated).
The session counting module is used for determining whether to continuously query the statistics and establish the session rate, the session counting module can query the statistics and the timestamp of the specified storage space at the time point of the preset query plan, if the statistics is 0, and the difference value between the current time point and the time point corresponding to the timestamp is greater than the preset time length, the session table is not established for a long time, at the moment, the session counting module can age the statistics, and can also inform background session polling and foreground establishment query to pause updating of the statistics, namely the new session rate.
The session counting module, the foreground new query module and the background session polling can either write in or read in the specified space, so that when the foreground new query module queries the current statistical value, namely reads the statistical value stored in the specified space, whether the storage space is locked or not is judged, if not, the storage space is locked, then the statistical value is read, and the storage space is unlocked; if the storage space is locked, waiting for unlocking the space, then locking the storage space, reading the statistic value, and unlocking the storage space. Similarly, when the session statistics module queries the statistics value and the timestamp, it first determines whether the storage space is locked, and if not, the storage space is locked, and then the statistics value is read to unlock the storage space; if the storage space is locked, waiting for unlocking the space, then locking the storage space, reading the statistic value, and unlocking the storage space. When the background session polling module updates the effective session number of the current time point to the designated storage space, firstly judging whether the storage space is locked, if not, locking the storage space, then updating the statistical value, and unlocking the storage space; if the storage space is locked, waiting for the space to be unlocked, then updating the statistical value and unlocking the storage space when the storage space is locked. The designated Memory space may be a Dynamic Random Access Memory (DRAM).
When the network server maintains a plurality of session tables, the above-described method is performed for each session table, but the first number and the second number corresponding between each session table may be different, that is, processing strategies for different control conditions are made for different session tables.
The present specification also provides a session table control apparatus, as shown in fig. 4, including:
the effective session number query unit is used for querying the session table at each query time point based on a plurality of query time points specified by a preset query plan and determining the effective session number corresponding to each query time point;
a new session number determining unit, configured to determine a number of new sessions corresponding to each unit time period;
the condition monitoring unit is used for refusing to establish a new session for the session table if the condition that the control condition is met is monitored; wherein the control conditions include: the number of the effective sessions corresponding to the latest query time point is greater than the first specified number, and the number of the newly-built sessions corresponding to the latest unit time is greater than the second specified number;
a statistic value determining unit for determining a current statistic value; the current statistic value is the effective session number corresponding to the latest query time point;
and the query stopping unit is used for deleting the statistical value if the duration of the current statistical value 0 is longer than the specified duration.
The effective session number query unit may be further specifically configured to query the session table at each query time point based on a plurality of query time points specified by a preset query plan, and determine an effective session number corresponding to each query time point; the plurality of query time points have a fixed time interval therebetween.
The statistic value determining unit may be further specifically configured to determine a current statistic value; the current statistic value is the effective session number corresponding to the latest query time point; the current statistical value has a corresponding timestamp; if the current statistical value is not 0, the timestamp is used for representing the latest query time point, and if the current statistical value is 0, the timestamp is used for representing the time point of changing the statistical value from non-0 to 0; at this time, the query stopping unit is specifically configured to acquire a current time point, calculate a difference between the current time point and a time point at which the timestamp is used for representing, and use the difference as a duration time of which the current statistical value is 0, and delete the statistical value if the duration time of which the current statistical value is 0 is greater than a specified duration time.
The new session number determining unit may be further specifically configured to, for each unit time period, initialize an accumulated value of 0 at the beginning of the unit time period; in the unit time period, adding 1 to the accumulated value every time a new session is monitored; and when the unit time period is ended, taking the accumulated value as the number of the new sessions corresponding to the unit time period.
The embodiment of the message processing device in the specification can be applied to computer equipment, such as a network server or terminal equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. The software implementation is taken as an example, and as a logical device, the device is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory for operation through the processor in which the file processing is located. From a hardware aspect, as shown in fig. 5, which is a hardware structure diagram of a computer device in which a file processing apparatus is located in the embodiment of this specification, except for the processor 1010, the memory 1020, the input/output interface 1030, and the communication interface 1040 shown in fig. 5, a device in which a session table control apparatus is located in the embodiment may also include other hardware according to an actual function of the computer device, and details of this are not described again.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the elements can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
Accordingly, the present specification also provides a network device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor is configured to perform any of the methods described above.
Embodiments of the present specification also provide a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to perform any one of the methods described above.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. Information may be computer readable instructions, data structures, units of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A session table control method, comprising:
inquiring a session table at each inquiry time point based on a plurality of inquiry time points appointed by a preset inquiry plan, and determining the number of effective sessions corresponding to each inquiry time point;
determining the number of new sessions corresponding to each unit time period;
if the control condition is met, refusing to establish a new session for the session table; wherein the control conditions include: the number of the effective sessions corresponding to the latest query time point is larger than the first specified number, and the number of the newly-built sessions corresponding to the latest unit time is larger than the second specified number.
2. The method of claim 1, wherein the plurality of query time points have a fixed time interval therebetween.
3. The method of claim 1, further comprising:
determining a current statistical value; the current statistic value is the effective session number corresponding to the latest query time point;
and if the duration of the current statistical value 0 is longer than the specified duration, deleting the statistical value.
4. The method of claim 3, wherein the current statistical value has a corresponding timestamp; if the current statistical value is not 0, the timestamp is used for representing the latest query time point, and if the current statistical value is 0, the timestamp is used for representing the time point of changing the statistical value from non-0 to 0;
the duration for which the current statistic is 0 is determined as follows:
and acquiring a current time point, and calculating a difference value between the current time point and the time point of the timestamp for representing as the duration of the current statistical value of 0.
5. The method of claim 1, wherein determining the number of new sessions per unit time period comprises:
for each unit time period, initializing an accumulated value to 0 at the beginning of the unit time period;
in the unit time period, adding 1 to the accumulated value every time a new session is monitored;
and when the unit time period is ended, taking the accumulated value as the number of the new sessions corresponding to the unit time period.
6. A session table control apparatus, comprising:
the effective session number query unit is used for querying the session table at each query time point based on a plurality of query time points specified by a preset query plan and determining the effective session number corresponding to each query time point;
a new session number determining unit, configured to determine a number of new sessions corresponding to each unit time period;
the condition monitoring unit is used for refusing to establish a new session for the session table if the condition that the control condition is met is monitored; wherein the control conditions include: the number of the effective sessions corresponding to the latest query time point is larger than the first specified number, and the number of the newly-built sessions corresponding to the latest unit time is larger than the second specified number.
7. The apparatus of claim 6,
the effective session number query unit is specifically configured to query the session table at each query time point based on a plurality of query time points specified by a preset query plan, and determine an effective session number corresponding to each query time point; the plurality of query time points have a fixed time interval therebetween.
8. The apparatus of claim 6, further comprising:
a statistic value determining unit for determining a current statistic value; the current statistic value is the effective session number corresponding to the latest query time point;
and the query stopping unit is used for deleting the statistical value if the duration of the current statistical value 0 is longer than the specified duration.
9. The apparatus of claim 8,
the statistic value determining unit is specifically configured to determine a current statistic value; the current statistic value is the effective session number corresponding to the latest query time point; the current statistical value has a corresponding timestamp; if the current statistical value is not 0, the timestamp is used for representing the latest query time point, and if the current statistical value is 0, the timestamp is used for representing the time point of changing the statistical value from non-0 to 0;
the query stopping unit is specifically configured to acquire a current time point, calculate a difference between the current time point and a time point at which the timestamp is used for representing, and use the difference as a duration time of which the current statistical value is 0, and delete the statistical value if the duration time of which the current statistical value is 0 is greater than a specified duration time.
10. The apparatus of claim 6,
the new session number determining unit is specifically configured to initialize an accumulated value of 0 for each unit time period when the unit time period starts; in the unit time period, adding 1 to the accumulated value every time a new session is monitored; and when the unit time period is ended, taking the accumulated value as the number of the new sessions corresponding to the unit time period.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011356586.7A CN112532620A (en) | 2020-11-26 | 2020-11-26 | Session table control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011356586.7A CN112532620A (en) | 2020-11-26 | 2020-11-26 | Session table control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112532620A true CN112532620A (en) | 2021-03-19 |
Family
ID=74994032
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011356586.7A Pending CN112532620A (en) | 2020-11-26 | 2020-11-26 | Session table control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112532620A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080162742A1 (en) * | 2006-12-28 | 2008-07-03 | Samsung Electronics Co., Ltd. | Method of creating and managing session between wireless universal serial bus host and wireless universal serial bus device and providing wireless universal serial bus host and wireless universal serial bus device |
| CN101958841A (en) * | 2010-10-26 | 2011-01-26 | 杭州华三通信技术有限公司 | Method and equipment for limiting P2P application |
| US20110055921A1 (en) * | 2009-09-03 | 2011-03-03 | Juniper Networks, Inc. | Protecting against distributed network flood attacks |
| CN105592050A (en) * | 2015-09-07 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and firewall for preventing attacks |
| CN105939288A (en) * | 2015-07-31 | 2016-09-14 | 杭州迪普科技有限公司 | Session control method and device |
| CN107634971A (en) * | 2017-10-26 | 2018-01-26 | 杭州迪普科技股份有限公司 | A kind of method and device for detecting flood attack |
| CN107888610A (en) * | 2017-11-29 | 2018-04-06 | 锐捷网络股份有限公司 | A kind of method of attack defending, the network equipment and computer-readable storage medium |
| CN110120956A (en) * | 2019-05-28 | 2019-08-13 | 杭州迪普科技股份有限公司 | Message processing method and device based on virtual firewall |
| CN110519248A (en) * | 2019-08-19 | 2019-11-29 | 光通天下网络科技股份有限公司 | Ddos attack determines and the method, apparatus and electronic equipment of flow cleaning |
| CN111131337A (en) * | 2020-03-31 | 2020-05-08 | 北京安博通科技股份有限公司 | UDP Flood attack detection method and device |
-
2020
- 2020-11-26 CN CN202011356586.7A patent/CN112532620A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080162742A1 (en) * | 2006-12-28 | 2008-07-03 | Samsung Electronics Co., Ltd. | Method of creating and managing session between wireless universal serial bus host and wireless universal serial bus device and providing wireless universal serial bus host and wireless universal serial bus device |
| US20110055921A1 (en) * | 2009-09-03 | 2011-03-03 | Juniper Networks, Inc. | Protecting against distributed network flood attacks |
| CN101958841A (en) * | 2010-10-26 | 2011-01-26 | 杭州华三通信技术有限公司 | Method and equipment for limiting P2P application |
| CN105939288A (en) * | 2015-07-31 | 2016-09-14 | 杭州迪普科技有限公司 | Session control method and device |
| CN105592050A (en) * | 2015-09-07 | 2016-05-18 | 杭州华三通信技术有限公司 | Method and firewall for preventing attacks |
| CN107634971A (en) * | 2017-10-26 | 2018-01-26 | 杭州迪普科技股份有限公司 | A kind of method and device for detecting flood attack |
| CN107888610A (en) * | 2017-11-29 | 2018-04-06 | 锐捷网络股份有限公司 | A kind of method of attack defending, the network equipment and computer-readable storage medium |
| CN110120956A (en) * | 2019-05-28 | 2019-08-13 | 杭州迪普科技股份有限公司 | Message processing method and device based on virtual firewall |
| CN110519248A (en) * | 2019-08-19 | 2019-11-29 | 光通天下网络科技股份有限公司 | Ddos attack determines and the method, apparatus and electronic equipment of flow cleaning |
| CN111131337A (en) * | 2020-03-31 | 2020-05-08 | 北京安博通科技股份有限公司 | UDP Flood attack detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111104235B (en) | Queue-based asynchronous processing method and device for service requests | |
| CN110888889B (en) | Data information updating method, device and equipment | |
| US20190036798A1 (en) | Method and apparatus for node processing in distributed system | |
| WO2016081633A1 (en) | Service addressing in distributed environment | |
| US20080086561A1 (en) | Method for obtaining log information from network element device by network management server, a network element device and a network management server | |
| CN109246182B (en) | Distributed lock manager and implementation method thereof | |
| US20220201085A1 (en) | Data management method, related product, and communications system | |
| CN111343089B (en) | Method and system for solving flooding problem caused by MAC address HASH conflict | |
| TWI677210B (en) | Information loading method and device for enterprise object | |
| US11677769B2 (en) | Counting SYN packets | |
| WO2020029405A1 (en) | Data transmission method and device | |
| CN109428682A (en) | A kind of Message Processing confirmation method and device | |
| CN114745358A (en) | IP address management method, system and controller in load balancing service | |
| CN112532620A (en) | Session table control method and device | |
| CN111131066B (en) | Traffic shaping method and device | |
| CN113064732A (en) | Distributed system and management method thereof | |
| CN110837428B (en) | Storage device management method and device | |
| CN115118615A (en) | Network monitoring data processing method and device | |
| CN113905092A (en) | Method, device, terminal and storage medium for determining reusable agent queue | |
| JP3104221B2 (en) | Polling delay avoidance method | |
| CN109005128B (en) | Protocol message scheduling method, device and network equipment | |
| EP4170518A1 (en) | Distributed transaction processing method, terminal and computer readable storage medium | |
| CN116506388A (en) | Message processing method and device | |
| CN115103020B (en) | Data migration processing method and device | |
| CN113300901B (en) | Data stream monitoring method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210319 |