CN114327882A - Data forwarding method, device and system - Google Patents

Data forwarding method, device and system Download PDF

Info

Publication number
CN114327882A
CN114327882A CN202111592643.6A CN202111592643A CN114327882A CN 114327882 A CN114327882 A CN 114327882A CN 202111592643 A CN202111592643 A CN 202111592643A CN 114327882 A CN114327882 A CN 114327882A
Authority
CN
China
Prior art keywords
network card
memory
dma
data
dma memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111592643.6A
Other languages
Chinese (zh)
Inventor
赵刚
谢正明
叶建伟
黄�俊
叶晓虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nsfocus Technologies Inc, Nsfocus Technologies Group Co Ltd filed Critical Nsfocus Technologies Inc
Priority to CN202111592643.6A priority Critical patent/CN114327882A/en
Publication of CN114327882A publication Critical patent/CN114327882A/en
Pending legal-status Critical Current

Links

Images

Abstract

The application provides a data forwarding method, a data forwarding device and a data forwarding system, which are used for solving the technical problems of low data forwarding efficiency or high implementation cost when the Bypass function of a network card is realized in a software mode in the prior art, and the method comprises the following steps: modifying a network card drive of the network security equipment; based on the modified network card drive, creating a DMA memory queue and a corresponding Buffer memory queue for each network card of the network security equipment in the kernel space of the operating system; writing the data to be forwarded received by the first network card into a Buffer memory corresponding to the first DMA memory; exchanging a Buffer memory corresponding to the first DMA memory with a Buffer memory corresponding to the second DMA memory; and writing the data to be forwarded in the Buffer memory corresponding to the second DMA memory into the second network card so that the second network card sends the data to be forwarded.

Description

Data forwarding method, device and system
Technical Field
The present application relates to the field of communications technologies, and in particular, to a data forwarding method, apparatus, and system.
Background
The network security device is generally applied between two or more networks, such as between an internal network and an external network, a program in the network security device analyzes a network packet passing through the network security device, and forwards the packet according to a routing rule after the analysis, but when the network security device is in a "virtual line" mode, the program does not forward the packet according to the routing rule any more, but forwards the packet according to a network card mapping table, for example, a network card mapped by a network card a is a network card B, data received by the network card a is sent out by the network card B, and the network security device in the "virtual line" mode is equivalent to one network line, so that the network security device can reduce the intrusion of the network security device on the network.
At present, data cutoff is caused when software upgrade or logic abnormality occurs to a network security device in a "virtual line" mode, so data cutoff is often avoided by a network card supporting a Bypass (Bypass) function. Because some network cards of network security devices may not support the Bypass function, if the network cards are replaced, the implementation cost is high, at this time, the Bypass function of the network cards may be implemented in a software manner, for example, Data received by the network card a is forwarded to the network card B through the operating system and sent out, that is, the Data received by the network card a is copied from the network card a to the Kernel space of the operating system and then copied from the Kernel space of the operating system to the user space of the operating system, the user space of the operating system is sent back to the Kernel space of the operating system from the user space of the operating system after being exchanged by an application program and then sent out through the network card B, but the Data needs to be copied twice (from the network card to the Kernel space and from the Kernel space to the user space), which results in low Data forwarding efficiency, or the Data received by the network card a is developed through a Data Plane Development Kit (Data Plane Development Kit, DPDK) is forwarded to the network card B and sent out, although the data is copied only once (network card to user space), the user application program needs to be changed, which results in higher implementation cost.
Therefore, in the prior art, when the Bypass function of the network card is realized in a software mode, the problem that data forwarding efficiency is low because data needs to be copied twice or the problem that implementation cost is high because a user program needs to be changed although the data is copied once exists.
Disclosure of Invention
The embodiment of the application provides a data forwarding method, device and system, which are used for solving the technical problems of low data forwarding efficiency or high implementation cost when the Bypass function of a network card is implemented in a software mode in the prior art.
In a first aspect, to solve the foregoing technical problem, an embodiment of the present application provides a data forwarding method, including:
modifying a network card drive of the network security equipment; wherein the modification disables the interrupt and send functions of the network card drive;
based on the modified network card drive, creating a Direct Memory Access (DMA) memory queue and a corresponding Buffer memory queue for each network card of the network security equipment in the kernel space of an operating system; the DMA memory in the DMA memory queue corresponds to the Buffer memory in the Buffer memory queue one by one, and the DMA memory queue comprises a DMA memory receiving queue and a DMA memory transmitting queue;
writing the data to be forwarded received by the first network card into a Buffer memory corresponding to the first DMA memory; the first DMA memory is any DMA memory which is marked as free in the receiving DMA memory queue of the first network card;
exchanging the Buffer memory corresponding to the first DMA memory with the Buffer memory corresponding to the second DMA memory; the second DMA memory is any DMA memory which is identified as idle in the sending DMA memory queue of the second network card, and the second network card is a network card corresponding to the first network card in a network card mapping table;
and writing the data to be forwarded in the Buffer memory corresponding to the second DMA memory into the second network card so that the second network card sends the data to be forwarded.
In the embodiment of the present application, a network card driver of a network security device may be modified, wherein the network card driver is modified to disable an interrupt and a transmission function of the network card driver, a DMA memory queue and a corresponding Buffer memory queue are created in a kernel space of an operating system for each network card of the network security device based on the modified network card driver, wherein DMA memories in the DMA memory queues correspond to Buffer memories in the corresponding Buffer memory queues one-to-one, the DMA memory queues include a receive DMA memory queue and a transmit DMA memory queue, data to be forwarded received by a first network card is written into the Buffer memory corresponding to a first DMA memory, wherein the first DMA memory is any DMA memory identified as free in the receive DMA memory queue of the first network card, the Buffer memory corresponding to the first DMA memory is exchanged with the Buffer memory corresponding to a second DMA memory, wherein the second DMA memory is any DMA memory identified as free in the transmit DMA memory queue of the second network card, the second network card is the network card corresponding to the first network card in the network card mapping table, and the data to be forwarded in the Buffer memory corresponding to the second DMA memory is written into the second network card, so that the second network card sends the data to be forwarded. By forbidding the interruption and the sending function of the network card drive, when the Bypass function of the network card is realized in a software mode to avoid data cutoff, only one system processes the data of the network card, so as to avoid generating dirty data, and after the data to be forwarded received by the first network card is written into the Buffer memory corresponding to the first DMA memory, the Buffer memory corresponding to the first DMA memory and the Buffer memory corresponding to the second DMA memory are exchanged, the data to be forwarded is directly exchanged from the receiving DMA memory queue of the first network card to the sending DMA memory queue of the second network card, so that not only is the data to be copied reduced, but also when the data received by the first network card is forwarded to the second network card through the kernel of the operating system, the data only needs to be copied to the kernel space of the network card, so that the data forwarding efficiency is improved, and the implementation cost is reduced.
In an optional implementation, the modifying the network card driver of the network security device includes:
determining whether the network security equipment is in a preset state; the preset state indicates that the network security equipment carries out software upgrading or logical abnormity occurs;
and if the network safety equipment is determined to be in the preset state, modifying the network card drive of the network safety equipment.
In the embodiment of the application, whether the network security device is in a preset state can be determined, wherein the preset state indicates that the network security device performs software upgrading or has logic abnormality, if the network security device is determined to be in the preset state, a network card driver of the network security device is modified, whether data cutoff is possible to occur in the network security device is determined by determining whether the network security device performs software upgrading or has logic abnormality, and when the data cutoff is determined to be possible, an interrupt function and a sending function of the network card driver are disabled, so that only one system processes data of the network card when the Bypass function of the network card is realized in a software mode to avoid data cutoff, and further dirty data is avoided.
In an optional embodiment, each network card of the network security device supports a DMA function; the DMA function is used for copying data of a network card to the kernel space and copying the data of the kernel space to the network card.
In an alternative embodiment, the method further comprises:
after data to be forwarded received by a first network card is written into a Buffer memory corresponding to a first DMA memory, the identifier of the first DMA memory is changed from idle to non-idle;
and after the Buffer memory corresponding to the first DMA memory is exchanged with the Buffer memory corresponding to the second DMA memory, the identifier of the first DMA memory is changed from non-idle to idle, and the identifier of the second DMA memory is changed from idle to non-idle.
In a second aspect, an embodiment of the present application further provides a data forwarding apparatus, including:
the first modification module is used for modifying the network card drive of the network security equipment; wherein the modification disables the interrupt and send functions of the network card drive;
a creating module, configured to create, based on the modified network card driver, a direct memory access DMA memory queue and a corresponding Buffer memory queue for each network card of the network security device in a kernel space of an operating system; the DMA memory in the DMA memory queue corresponds to the Buffer memory in the Buffer memory queue one by one, and the DMA memory queue comprises a DMA memory receiving queue and a DMA memory transmitting queue;
the first write-in module is used for writing the data to be forwarded received by the first network card into a Buffer memory corresponding to the first DMA memory; the first DMA memory is any DMA memory which is marked as free in the receiving DMA memory queue of the first network card;
the exchange module is used for exchanging the Buffer memory corresponding to the first DMA memory with the Buffer memory corresponding to the second DMA memory; the second DMA memory is any DMA memory which is identified as idle in the sending DMA memory queue of the second network card, and the second network card is a network card corresponding to the first network card in a network card mapping table;
and the second writing module is used for writing the data to be forwarded in the Buffer memory corresponding to the second DMA memory into the second network card so that the second network card sends the data to be forwarded.
In an optional implementation manner, the modification module is specifically configured to:
determining whether the network security equipment is in a preset state; the preset state indicates that the network security equipment carries out software upgrading or logical abnormity occurs;
and if the network safety equipment is determined to be in the preset state, modifying the network card drive of the network safety equipment.
In an optional embodiment, each network card of the network security device supports a DMA function; the DMA function is used for copying data of a network card to the kernel space and copying the data of the kernel space to the network card.
In an optional embodiment, the apparatus further comprises a second modification module configured to:
after data to be forwarded received by a first network card is written into a Buffer memory corresponding to a first DMA memory, the identifier of the first DMA memory is changed from idle to non-idle;
and after the Buffer memory corresponding to the first DMA memory is exchanged with the Buffer memory corresponding to the second DMA memory, the identifier of the first DMA memory is changed from non-idle to idle, and the identifier of the second DMA memory is changed from idle to non-idle.
In a third aspect, an embodiment of the present application further provides a data forwarding system, including:
a memory for storing program instructions;
and the processor is used for calling the program instructions stored in the memory and executing the steps included in any one of the implementation modes of the first aspect according to the obtained program instructions.
In a fourth aspect, embodiments of the present application provide a storage medium storing computer-executable instructions for causing a computer to perform the steps included in any one of the embodiments of the first aspect.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application.
Fig. 1 is a schematic structural diagram of a data forwarding system according to an embodiment of the present application;
fig. 2a is a schematic flowchart of a data forwarding method according to an embodiment of the present application;
fig. 2b is a schematic diagram of data forwarding provided in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a data forwarding apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of another data forwarding system provided in the embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions in the embodiments of the present application will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. In the present application, the embodiments and features of the embodiments may be arbitrarily combined with each other without conflict. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described can be performed in an order different than here.
The terms "first" and "second" in the description and claims of the present application and the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the term "comprises" and any variations thereof, which are intended to cover non-exclusive protection. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
In the embodiments of the present application, "at least one" may mean at least two, for example, two, three, or more, and the embodiments of the present application are not limited.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document generally indicates that the preceding and following related objects are in an "or" relationship unless otherwise specified.
At present, data cutoff is caused when software upgrade or logic abnormality occurs to a network security device in a "virtual line" mode, so data cutoff is often avoided by a network card supporting a Bypass (Bypass) function. Because some network cards of network security devices may not support the Bypass function, if the network cards are replaced, the implementation cost is high, at this time, the Bypass function of the network cards may be implemented in a software manner, for example, Data received by the network card a is forwarded to the network card B through the operating system and sent out, that is, the Data received by the network card a is copied from the network card a to the Kernel space of the operating system and then copied from the Kernel space of the operating system to the user space of the operating system, the user space of the operating system is sent back to the Kernel space of the operating system from the user space of the operating system after being exchanged by an application program and then sent out through the network card B, but the Data needs to be copied twice (from the network card to the Kernel space and from the Kernel space to the user space), which results in low Data forwarding efficiency, or the Data received by the network card a is developed through a Data Plane Development Kit (Data Plane Development Kit, DPDK) is forwarded to the network card B and sent out, although the data is copied only once (network card to user space), the user application program needs to be changed, which results in higher implementation cost. Therefore, in the prior art, when the Bypass function of the network card is realized in a software mode, the problem that data forwarding efficiency is low because data needs to be copied twice or the problem that implementation cost is high because a user program needs to be changed although the data is copied once exists.
In view of this, an embodiment of the present application provides a data forwarding method, which may modify a network card driver of a network security device, wherein the modification is to disable an interrupt and a transmission function of the network card driver, create a DMA memory queue and a corresponding Buffer memory queue for each network card of the network security device in a kernel space of an operating system based on the modified network card driver, wherein DMA memories in the DMA memory queues correspond to Buffer memories in the corresponding Buffer memory queues one-to-one, the DMA memory queues include a receive DMA memory queue and a transmit DMA memory queue, write data to be forwarded received by a first network card into a Buffer memory corresponding to a first DMA memory, wherein the first DMA memory is any DMA memory identified as free in the receive DMA memory queue of the first network card, exchange the Buffer memory corresponding to the first DMA memory with a Buffer memory corresponding to a second DMA memory, the second DMA memory is any DMA memory marked as free in a DMA memory queue for sending of the second network card, the second network card is the network card corresponding to the first network card in the network card mapping table, and data to be forwarded in a Buffer memory corresponding to the second DMA memory is written into the second network card so that the second network card sends the data to be forwarded. By forbidding the interruption and the sending function of the network card drive, when the Bypass function of the network card is realized in a software mode to avoid data cutoff, only one system processes the data of the network card, so as to avoid generating dirty data, and after the data to be forwarded received by the first network card is written into the Buffer memory corresponding to the first DMA memory, the Buffer memory corresponding to the first DMA memory and the Buffer memory corresponding to the second DMA memory are exchanged, the data to be forwarded is directly exchanged from the receiving DMA memory queue of the first network card to the sending DMA memory queue of the second network card, so that not only is the data to be copied reduced, but also when the data received by the first network card is forwarded to the second network card through the kernel of the operating system, the data only needs to be copied to the kernel space of the network card, so that the data forwarding efficiency is improved, and the implementation cost is reduced.
In order to better understand the technical solutions, the technical solutions of the present application are described in detail below through the drawings and the specific embodiments of the specification, and it should be understood that the specific features of the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, and are not limitations of the technical solutions of the present application, and the technical features of the embodiments and examples of the present application may be combined with each other without conflict.
Fig. 1 is a schematic structural diagram of a data forwarding system to which the method provided in the embodiment of the present application is applicable, and it should be understood that the data forwarding system shown in fig. 1 is a simple illustration of a data forwarding system to which the method provided in the embodiment of the present application is applicable, and is not a limitation of a data forwarding system to which the method provided in the embodiment of the present application is applicable.
The data forwarding system shown in fig. 1 includes a network security device 101 and an operating system 102. The network security device 101 includes a first network card 1011 and a second network card 1012, and the memory Space of the operating system 102 includes Kernel Space (Kernel Space) and User Space (User Space), such as Linux operating system, and its virtual address Space is 4G (i.e. 32 th power of 2) bytes, where the highest 1G bytes (from virtual address 0xC0000000 to virtual address 0 xfffffffff) are used by the Kernel and are referred to as Kernel Space, and the lower 3G bytes (from virtual address 0x00000000 to virtual address 0 xfffffffff) are used by each process and are referred to as User Space.
It should be noted that, in this embodiment of the application, the network security device 101 may include one network card or may include multiple network cards, fig. 1 only depicts two exemplary network cards, and this embodiment of the application does not limit the number of the network cards included in the network security device 101.
Referring to fig. 2a, a schematic flowchart of a data forwarding method according to an embodiment of the present application is shown, where the method can be executed by the data forwarding system shown in fig. 1. The specific flow of the method is described below.
Step 201: and modifying the network card drive of the network security equipment.
In the embodiment of the application, whether the network security device is in a preset state or not can be determined, wherein the preset state indicates that the network security device performs software upgrading or has logic abnormality, if the network security device is determined to be in the preset state, it is determined that data cutoff may occur in the network security device, and a network card driver of the network security device is modified, wherein an interrupt function and a sending function for disabling the network card driver are modified, so that only one system processes data of the network card when the Bypass function of the network card is realized in a software mode to avoid data cutoff, and further dirty data is avoided.
Step 202: based on the modified network card driver, a Direct Memory Access (DMA) Memory queue and a corresponding Buffer Memory queue are created for each network card of the network security device in a kernel space of the operating system.
In this embodiment of the present application, after modifying the network card driver of the network security device, a DMA memory queue and a corresponding Buffer memory queue may be created for each network card of the network security device in a kernel space of the operating system based on the modified network card driver, where DMA memories in the DMA memory queues correspond to Buffer memories in the corresponding Buffer memory queues one to one, and the DMA memory queues include a DMA memory receiving queue and a DMA memory sending queue
It should be noted that, in the embodiment of the present application, each network card of the network security device supports a DMA function, where the DMA function is used to copy data of the network card to a kernel space of an operating system and copy data of the kernel space of the operating system to the network card.
Illustratively, as shown in fig. 2b, a schematic diagram of data forwarding provided in the embodiment of the present application is shown. The network security device 101 in fig. 2b includes a first network card 1011 and a second network card 1012, where the first network card 1011 and the second network card 1012 are ethernet cards, and include two layers of an Open System Interconnection (OSI) model: the physical layer defines electrical and optical signals, line states, clock references, data codes, circuits and the like required for data transmission and reception, and provides a standard interface for data link layer equipment, a chip of the physical layer is abbreviated as PHY, the data link layer provides functions of an addressing mechanism, data frame construction, data error check, transmission control, a standard data interface for a network layer and the like, a chip of the data link layer is abbreviated as MAC, and both reception (Rx) data and transmission (Transport, Tx) data of the First network card 1011 and the second network card 1012 conform to a First Input First Output (FIFO) principle.
Based on the modified network card driver of the network security device 101, a receive DMA memory queue (Rx _ DMA _ Que _1011) and a corresponding Buffer memory queue (Rx _ Buffer _ Que _1011) are created for the first network card 1011, a transmit DMA memory queue (Tx _ DMA _ Que _1011) and a corresponding Buffer memory queue (Tx _ Buffer _ Que _1011) are created for the operating system 102, a receive DMA memory queue (Rx _ DMA _ Que _1012) and a corresponding Buffer memory queue (Rx _ Buffer _ Que _1012) are created for the second network card 1012, and a transmit DMA memory queue (Tx _ DMA _ Que _1012) and a corresponding Buffer memory queue (Tx _ Buffer _ Que _1012) are created for the operating system 102.
Wherein, the DMA memory in the DMA memory queue is in one-to-one correspondence with the Buffer memory in the corresponding Buffer memory queue, the Buffer memory corresponding to the DMA memory marked as idle (Empty) is not written with data, the Buffer memory corresponding to the DMA memory marked as non-idle (Used) is written with data, for example, there are three DMA memories in Rx _ DMA _ Que _1011, there are also three Buffer memories in Rx _ Buffer _ Que _1011 corresponding to Rx _ DMA _ Que _1011, and the three DMA memories correspond to the three Buffer memories one by one, that is, a DMA memory corresponds to a data structure, and there is a variable pointer to the Buffer memory for storing data, so that the DMA function of the network card can read and write the memory based on partial sub-fields in the DMA memory, copy the data of the network card to the Buffer memory corresponding to the DMA memory marked as Empty, or copying the data in the Buffer memory corresponding to the Used DMA memory to the network card.
Step 203: and writing the data to be forwarded received by the first network card into a Buffer memory corresponding to the first DMA memory.
In this embodiment of the application, after creating a DMA memory queue and a corresponding Buffer memory queue for each network card of the network security device in a kernel space of the operating system based on the modified network card drive, data to be forwarded received by the first network card may be written into a Buffer memory corresponding to the first DMA memory, where the first network card is any network card of the network security device, and the first DMA memory is any DMA memory identified as Empty in a receiving DMA memory queue of the first network card.
It should be noted that, in the embodiment of the present application, after the data to be forwarded received by the first network card is written into the Buffer memory corresponding to the first DMA memory, the identifier of the first DMA memory may be modified from Empty to Used, so as to indicate that the Buffer memory corresponding to the first DMA memory has been written with data.
For example, as shown in fig. 2b, by using the DMA function of the first network card 1011, after the data to be forwarded received by the first network card 1011 is copied to any DMA memory identified as Empty in Rx _ DMA _ ques _1011 created for the first network card 1011 in the kernel space of the operating system 102, the identification of the DMA memory is modified from Empty to Used.
Step 204: and exchanging the Buffer memory corresponding to the first DMA memory with the Buffer memory corresponding to the second DMA memory.
In this embodiment of the present application, after writing the data to be forwarded received by the first network card into the Buffer memory corresponding to the first DMA memory, the Buffer memory corresponding to the first DMA memory may be exchanged with the Buffer memory corresponding to the second DMA memory, where the second DMA memory is any DMA memory identified as Empty in the sending DMA memory queue of the second network card, and the second network card is the network card corresponding to the first network card in the network card mapping table. For example, the first DMA memory corresponds to the first Buffer memory, the second DMA memory corresponds to the second Buffer memory, the first DMA memory corresponds to the second Buffer memory after the exchange, and the second DMA memory corresponds to the first Buffer memory, so that the data to be forwarded is directly copied from the receiving DMA memory queue of the first network card to the transmitting DMA memory queue of the second network card, and the data to be copied is reduced.
It should be noted that, in the embodiment of the present application, after the Buffer memory corresponding to the first DMA memory and the Buffer memory corresponding to the second DMA memory are exchanged, the identifier of the first DMA memory may be modified from Used to Empty, and the identifier of the second DMA memory is modified from Empty to Used, so as to indicate that the Buffer memory corresponding to the first DMA memory is not written with data, and the Buffer memory corresponding to the second DMA memory is written with data.
Step 205: and writing the data to be forwarded in the Buffer memory corresponding to the second DMA memory into the second network card so that the second network card sends the data to be forwarded.
In the embodiment of the present application, after the Buffer memory corresponding to the first DMA memory and the Buffer memory corresponding to the second DMA memory are exchanged, the data to be forwarded in the Buffer memory corresponding to the second DMA memory may be written into the second network card, so that the second network card sends the data to be forwarded, and when the data received by the first network card is forwarded to the second network card through the operating system and sent out, the data only needs to be copied from the network card to the kernel space, thereby improving the data forwarding efficiency and reducing the implementation cost.
It should be noted that, in the embodiment of the present application, after the data to be forwarded in the Buffer memory corresponding to the second DMA memory is written into the second network card, the identifier of the second DMA memory may be modified from Used to Empty, thereby indicating that the Buffer memory corresponding to the second DMA memory is not written with data.
Based on the same inventive concept, the embodiment of the present application further provides a data forwarding apparatus, which may be applied to the data forwarding system shown in fig. 1. The data forwarding device can realize the corresponding functions of the data forwarding method. The data forwarding device may be a hardware structure, a software module, or a hardware structure plus a software module. The data forwarding device can be realized by a chip system, and the chip system can be formed by a chip and can also comprise the chip and other discrete devices. Referring to fig. 3, a schematic structural diagram of a data forwarding apparatus provided in an embodiment of the present application is shown, where the data forwarding apparatus includes a first modification module 301, a creation module 302, a first writing module 303, a switching module 304, and a second writing module 305.
The first modification module is used for modifying the network card drive of the network security equipment; wherein the modification disables the interrupt and send functions of the network card drive;
a creating module, configured to create, based on the modified network card driver, a direct memory access DMA memory queue and a corresponding Buffer memory queue for each network card of the network security device in a kernel space of an operating system; the DMA memory in the DMA memory queue corresponds to the Buffer memory in the Buffer memory queue one by one, and the DMA memory queue comprises a DMA memory receiving queue and a DMA memory transmitting queue;
the first write-in module is used for writing the data to be forwarded received by the first network card into a Buffer memory corresponding to the first DMA memory; the first DMA memory is any DMA memory which is marked as free in the receiving DMA memory queue of the first network card;
the exchange module is used for exchanging the Buffer memory corresponding to the first DMA memory with the Buffer memory corresponding to the second DMA memory; the second DMA memory is any DMA memory which is identified as idle in the sending DMA memory queue of the second network card, and the second network card is a network card corresponding to the first network card in a network card mapping table;
and the second writing module is used for writing the data to be forwarded in the Buffer memory corresponding to the second DMA memory into the second network card so that the second network card sends the data to be forwarded.
In an optional implementation manner, the modifying module 301 is specifically configured to:
determining whether the network security equipment is in a preset state; the preset state indicates that the network security equipment carries out software upgrading or logical abnormity occurs;
and if the network safety equipment is determined to be in the preset state, modifying the network card drive of the network safety equipment.
In an optional embodiment, each network card of the network security device supports a DMA function; the DMA function is used for copying data of a network card to the kernel space and copying the data of the kernel space to the network card.
In an optional embodiment, the apparatus further comprises a second modification module configured to:
after data to be forwarded received by a first network card is written into a Buffer memory corresponding to a first DMA memory, the identifier of the first DMA memory is changed from idle to non-idle;
and after the Buffer memory corresponding to the first DMA memory is exchanged with the Buffer memory corresponding to the second DMA memory, the identifier of the first DMA memory is changed from non-idle to idle, and the identifier of the second DMA memory is changed from idle to non-idle.
Based on the same inventive concept, an embodiment of the present application further provides a data forwarding system, please refer to fig. 4, which is a schematic structural diagram of a data forwarding system provided in the embodiment of the present application, where the data forwarding system includes at least one processor 402 and a memory 401 connected to the at least one processor, a specific connection medium between the processor 402 and the memory 401 is not limited in the embodiment of the present application, fig. 4 is an example in which the processor 402 and the memory 401 are connected by a bus 400, the bus 400 is shown by a thick line in fig. 4, and a connection manner between other components is only schematically illustrated and not limited. The bus 400 may be divided into an address bus, a data bus, a control bus, etc., and is shown with only one thick line in fig. 4 for ease of illustration, but does not represent only one bus or type of bus.
In the embodiment of the present application, the memory 401 stores instructions executable by the at least one processor 402, and the at least one processor 402 may execute the steps included in the foregoing data forwarding method by calling the instructions stored in the memory 401. The processor 402 is a control center of the data forwarding system, and may be connected to various parts of the entire data forwarding system through various interfaces and lines, and implement various functions of the data forwarding system by executing instructions stored in the memory 401. Optionally, the processor 402 may include one or more processing units, and the processor 402 may integrate an application processor and a modem processor, wherein the application processor mainly handles operating systems, user interfaces, application programs, and the like, and the modem processor mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 402. In some embodiments, processor 402 and memory 401 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.
Memory 401, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 401 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory 401 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 401 in the embodiments of the present application may also be a circuit or any other device capable of implementing a storage function for storing program instructions and/or data.
In the embodiments of the present application, the processor 402 may be a general-purpose processor, such as a Central Processing Unit (CPU), a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware components, and may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the data forwarding method disclosed in the embodiments of the present application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
By programming the processor 402, the code corresponding to the data forwarding method described in the foregoing embodiment may be fixed in the chip, so that the chip can execute the steps of the data forwarding method when running, and how to program the processor 402 is a technique known by those skilled in the art, and is not described herein again.
Based on the same inventive concept, embodiments of the present application further provide a storage medium storing computer instructions, which, when executed on a computer, cause the computer to perform the steps of the data forwarding method as described above.
In some possible embodiments, the aspects of the data forwarding method provided in the present application may also be implemented in the form of a program product, which includes program code for causing a data forwarding system to perform the steps in the data forwarding method according to various exemplary embodiments of the present application described above in this specification, when the program product runs on the data forwarding system.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A method for forwarding data, comprising:
modifying a network card drive of the network security equipment; wherein the modification disables the interrupt and send functions of the network card drive;
based on the modified network card drive, creating a Direct Memory Access (DMA) memory queue and a corresponding Buffer memory queue for each network card of the network security equipment in the kernel space of an operating system; the DMA memory in the DMA memory queue corresponds to the Buffer memory in the Buffer memory queue one by one, and the DMA memory queue comprises a DMA memory receiving queue and a DMA memory transmitting queue;
writing the data to be forwarded received by the first network card into a Buffer memory corresponding to the first DMA memory; the first DMA memory is any DMA memory which is marked as free in the receiving DMA memory queue of the first network card;
exchanging the Buffer memory corresponding to the first DMA memory with the Buffer memory corresponding to the second DMA memory; the second DMA memory is any DMA memory which is identified as idle in the sending DMA memory queue of the second network card, and the second network card is a network card corresponding to the first network card in a network card mapping table;
and writing the data to be forwarded in the Buffer memory corresponding to the second DMA memory into the second network card so that the second network card sends the data to be forwarded.
2. The method of claim 1, wherein the modifying the network card driver of the network security device comprises:
determining whether the network security equipment is in a preset state; the preset state indicates that the network security equipment carries out software upgrading or logical abnormity occurs;
and if the network safety equipment is determined to be in the preset state, modifying the network card drive of the network safety equipment.
3. The method of claim 1, wherein each network card of the network security device supports DMA functionality; the DMA function is used for copying data of a network card to the kernel space and copying the data of the kernel space to the network card.
4. The method of any of claims 1-3, further comprising:
after data to be forwarded received by a first network card is written into a Buffer memory corresponding to a first DMA memory, the identifier of the first DMA memory is changed from idle to non-idle;
and after the Buffer memory corresponding to the first DMA memory is exchanged with the Buffer memory corresponding to the second DMA memory, the identifier of the first DMA memory is changed from non-idle to idle, and the identifier of the second DMA memory is changed from idle to non-idle.
5. A data forwarding apparatus, comprising:
the first modification module is used for modifying the network card drive of the network security equipment; wherein the modification disables the interrupt and send functions of the network card drive;
a creating module, configured to create, based on the modified network card driver, a direct memory access DMA memory queue and a corresponding Buffer memory queue for each network card of the network security device in a kernel space of an operating system; the DMA memory in the DMA memory queue corresponds to the Buffer memory in the Buffer memory queue one by one, and the DMA memory queue comprises a DMA memory receiving queue and a DMA memory transmitting queue;
the first write-in module is used for writing the data to be forwarded received by the first network card into a Buffer memory corresponding to the first DMA memory; the first DMA memory is any DMA memory which is marked as free in the receiving DMA memory queue of the first network card;
the exchange module is used for exchanging the Buffer memory corresponding to the first DMA memory with the Buffer memory corresponding to the second DMA memory; the second DMA memory is any DMA memory which is identified as idle in the sending DMA memory queue of the second network card, and the second network card is a network card corresponding to the first network card in a network card mapping table;
and the second writing module is used for writing the data to be forwarded in the Buffer memory corresponding to the second DMA memory into the second network card so that the second network card sends the data to be forwarded.
6. The apparatus of claim 5, wherein the modification module is specifically configured to:
determining whether the network security equipment is in a preset state; the preset state indicates that the network security equipment carries out software upgrading or logical abnormity occurs;
and if the network safety equipment is determined to be in the preset state, modifying the network card drive of the network safety equipment.
7. The apparatus of claim 5, wherein each network card of the network security device supports DMA functionality; the DMA function is used for copying data of a network card to the kernel space and copying the data of the kernel space to the network card.
8. The apparatus of any of claims 5-7, further comprising a second modification module to:
after data to be forwarded received by a first network card is written into a Buffer memory corresponding to a first DMA memory, the identifier of the first DMA memory is changed from idle to non-idle;
and after the Buffer memory corresponding to the first DMA memory is exchanged with the Buffer memory corresponding to the second DMA memory, the identifier of the first DMA memory is changed from non-idle to idle, and the identifier of the second DMA memory is changed from idle to non-idle.
9. A data forwarding system, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory and for executing the steps comprised by the method of any one of claims 1 to 4 in accordance with the obtained program instructions.
10. A storage medium storing computer-executable instructions for causing a computer to perform the steps comprising the method of any one of claims 1-4.
CN202111592643.6A 2021-12-23 2021-12-23 Data forwarding method, device and system Pending CN114327882A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111592643.6A CN114327882A (en) 2021-12-23 2021-12-23 Data forwarding method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111592643.6A CN114327882A (en) 2021-12-23 2021-12-23 Data forwarding method, device and system

Publications (1)

Publication Number Publication Date
CN114327882A true CN114327882A (en) 2022-04-12

Family

ID=81054933

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111592643.6A Pending CN114327882A (en) 2021-12-23 2021-12-23 Data forwarding method, device and system

Country Status (1)

Country Link
CN (1) CN114327882A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115442183A (en) * 2022-08-02 2022-12-06 天翼云科技有限公司 Data forwarding method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115442183A (en) * 2022-08-02 2022-12-06 天翼云科技有限公司 Data forwarding method and device
CN115442183B (en) * 2022-08-02 2024-01-02 天翼云科技有限公司 Data forwarding method and device

Similar Documents

Publication Publication Date Title
CN111930676B (en) Method, device, system and storage medium for communication among multiple processors
EP1764703A1 (en) A system for providing access to multiple data buffers of a data retaining and processing device
CN109688058B (en) Message processing method and device and network equipment
JP2006502470A (en) Data processing system having multiple register contexts and method for the system
US7526579B2 (en) Configurable input/output interface for an application specific product
CN103218266B (en) The method used when virtual machine communicates with external mechanical, equipment and dummy machine system
US10936048B2 (en) System, apparatus and method for bulk register accesses in a processor
CN104598402A (en) Flash memory controller and control method of flash memory controller
JP3943616B2 (en) Data processor with transparent operation in background mode
CN114168271B (en) Task scheduling method, electronic device and storage medium
CN108062235A (en) Data processing method and device
CN114327882A (en) Data forwarding method, device and system
CN117311817B (en) Coprocessor control method, device, equipment and storage medium
US8751703B2 (en) Interrupt event management
CN110659143B (en) Communication method and device between containers and electronic equipment
JPH11272603A (en) Bus bridge device and transaction forwarding method
KR20170117326A (en) Direct memory access control device for at least one processing unit having a random access memory
US10802828B1 (en) Instruction memory
US10803007B1 (en) Reconfigurable instruction
US20220156211A1 (en) Dynamic provisioning of pcie devices at run time for bare metal servers
EP2351304A1 (en) Bit inversion for communication interface
US8990436B2 (en) Method for handling access transactions and related system
US8966149B2 (en) Emulation of an input/output advanced programmable interrupt controller
KR20100087294A (en) Controller with indirect accessible memory
CN111124987B (en) PCIE-based data transmission control system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination