CN114374622A - Shunting method based on fusion shunting equipment and fusion shunting equipment - Google Patents

Shunting method based on fusion shunting equipment and fusion shunting equipment Download PDF

Info

Publication number
CN114374622A
CN114374622A CN202111665640.0A CN202111665640A CN114374622A CN 114374622 A CN114374622 A CN 114374622A CN 202111665640 A CN202111665640 A CN 202111665640A CN 114374622 A CN114374622 A CN 114374622A
Authority
CN
China
Prior art keywords
rule
server
address
flow
hash table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111665640.0A
Other languages
Chinese (zh)
Other versions
CN114374622B (en
Inventor
刘子豪
何文杰
高华
尚程
傅强
梁彧
蔡琳
田野
王杰
杨满智
金红
陈晓光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN202111665640.0A priority Critical patent/CN114374622B/en
Publication of CN114374622A publication Critical patent/CN114374622A/en
Application granted granted Critical
Publication of CN114374622B publication Critical patent/CN114374622B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • H04L45/7453Address table lookup; Address filtering using hashing

Abstract

The embodiment of the invention discloses a fusion and distribution equipment-based distribution method and fusion and distribution equipment. Wherein, the method comprises the following steps: the server generates a filtering rule according to the flow characteristics of the application program; when a rule issuing condition is met, the server sends the filtering rule to the shunting board card; the shunting board card acquires the flow output by the light splitting equipment, and carries out shunting processing on the flow based on the filtering rule. According to the embodiment of the invention, through the method, the problems of low granularity of the filtering content, low filtering flexibility and the like in the related technology are solved, the correlation between the filtering content and the application program is realized, the effect of screening flow in a targeted manner is achieved, and the filtering capability and the filtering flexibility of low-value flow are improved.

Description

Shunting method based on fusion shunting equipment and fusion shunting equipment
Technical Field
The embodiment of the invention relates to a computer flow acquisition and analysis technology, in particular to a flow distribution method based on a fusion flow distribution device and the fusion flow distribution device.
Background
In recent years, the national attention on network security is increasingly enhanced, and various supervision systems are continuously improved in construction, so that the supervision and response capability of China on network security is gradually improved. Meanwhile, with continuous innovation of network technology, the flow in the network is increased explosively, and the difficulty of flow acquisition construction of each basic telecommunication enterprise and each supervision department is gradually increased. The number of the acquisition equipment is increased, on one hand, the matching requirement of a machine room is increased, on the other hand, the maintenance cost of the system is also increased, and the field environment generally cannot meet the requirement, so that the problems of large construction investment, difficult standing and the like of a safe acquisition system are caused.
The inventor finds that the defects of the prior art in the invention process are as follows: at the present stage, for the large-flow collection and analysis work, due to the influences of a plurality of technical factors such as flow load balance, machine room dispersion, numerous links and the like, the construction of a collection and analysis system usually needs to rely on the cooperation of a convergence and diversion device and a collection and analysis device to completely collect the flow. Although the current convergence and diversion equipment has the capacity of flow filtration, the filtration method of the convergence and diversion equipment relies on a quintuple blocking mode, and the problems of low granularity of filtration contents, low filtration flexibility and the like exist. In fact, the relevance of the traffic such as video and instant messaging and the like in the current network to the network security is low, the analysis significance is not great, but the proportion of the traffic of the part is up to more than 40% -70%.
Disclosure of Invention
The embodiment of the invention provides a flow distribution method based on a fusion flow distribution device and the fusion flow distribution device, which are used for realizing targeted flow screening and achieving the effect of filtering low-value flow.
In a first aspect, an embodiment of the present invention provides a flow distribution method based on a fusion flow distribution device, where the fusion flow distribution device includes a server and a flow distribution board card, and the server is electrically connected to the flow distribution board card, and the method includes:
the server generates a filtering rule according to the flow characteristic of the application program, wherein the flow characteristic of the application program is determined based on a preset rule file;
when a rule issuing condition is met, the server sends the filtering rule to the shunting board card;
the shunting board card acquires the flow output by the light splitting equipment, and carries out shunting processing on the flow based on the filtering rule.
Further, the server generates a filtering rule according to the traffic characteristics of the application program, including: the server acquires the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file; the server updates a domain name hash table according to the domain name and updates an IP hash table according to the IP address corresponding to the domain name; and the server generates a regular hash table according to the domain name hash table and the IP hash table, wherein the regular hash table is used for recording filtering rules.
Further, the server generates a regular hash table according to the domain name hash table and the IP hash table, including: and for the target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
Further, the server generates a filtering rule according to the traffic characteristics of the application program, and further includes: the server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; the server updates a port hash table according to the port identification corresponding to the application program in the preset rule file; and updating the rule hash table according to the IP hash table and/or the port hash table.
Further, after the splitter board card obtains the flow output by the optical splitting device, the method further includes: the shunting board card acquires the domain name flow in the flow according to the port identification of the flow, and sends the domain name flow to the server; and the server acquires the corresponding relation between the domain name and the service IP address in the domain name flow and updates the regular hash table according to the corresponding relation between the domain name and the service IP address.
Further, before the server sends the filtering rule to the offload board card, the method further includes: the server acquires the number of the filtering rules in the rule hash table; and if the number exceeds a set number threshold, the server deletes the filtering rules exceeding the set number threshold in the rule hash table according to rule generation time.
Further, the server sends the filtering rule to the offload board card, including: the server acquires a source IP address and/or a source port identification and a destination IP address and/or a destination port identification corresponding to each filtering rule; the server generates a first rule file according to the source IP address and/or the source port identification corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identification corresponding to each filtering rule; and the server sends the first rule file to a switching board card in the shunting board card and sends the second rule file to a service board card in the shunting board card.
Further, the shunt board card obtains the flow output by the light splitting device, and based on the filtering rule, the flow is shunted, including: the shunt board card acquires the flow output by the light splitting equipment; the shunting board card acquires a source IP address and a destination IP address of the flow, and determines to forward or discard the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
Further, the shunt board card obtains the flow output by the light splitting device, and based on the filtering rule, the flow is shunted, including: the shunt board card acquires the flow output by the light splitting equipment; the shunting board card acquires a source port identifier and a destination port identifier of the flow, and determines a first processing mode of the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file; the shunting board card acquires a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file; and determining to execute forwarding or discarding processing on the flow according to the first processing mode and the second processing mode.
Further, after the traffic is split based on the filtering rule, the method further includes: the server acquires a flow distribution processing result corresponding to each IP address in the regular hash table, and determines the acquisition time of each IP address according to the flow distribution processing result; and if the time difference value between the acquisition time and the current time is greater than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the regular hash table.
In a second aspect, an embodiment of the present invention further provides a convergence and shunt device, where the convergence and shunt device includes a server and a shunt board card, and the server is electrically connected to the shunt board card, where the server executes the shunt method based on the convergence and shunt device according to any embodiment of the present invention, and the shunt board card executes the shunt method based on the convergence and shunt device according to any embodiment of the present invention.
According to the technical scheme provided by the embodiment of the invention, the server generates the filtering rule according to the flow characteristics of the application program; when a rule issuing condition is met, the server sends the filtering rule to the shunting board card; the shunting board card acquires the flow output by the light splitting equipment, and carries out shunting processing on the flow based on the filtering rule. The method and the device solve the problems of low granularity of the filtering content, low filtering flexibility and the like in the related technology, realize the association of the filtering content and the application program, achieve the effect of targeted flow screening, and improve the filtering capability and the filtering flexibility of low-value flow.
Drawings
Fig. 1 is a flowchart of a flow distribution method based on a fusion flow distribution device according to an embodiment of the present invention;
fig. 2 is a flowchart of another shunting method based on a fusion shunting device according to a second embodiment of the present invention;
fig. 3 is a flowchart of another shunting method based on a fusion shunting device according to a third embodiment of the present invention;
fig. 4 is a flowchart of another shunting method based on a fusion shunting device according to a fourth embodiment of the present invention;
fig. 5 is a structural diagram of a fusion and shunt apparatus according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a flow distribution method based on a fusion flow distribution device according to an embodiment of the present invention. The embodiment can be applied to the condition that the fusion and distribution equipment screens the flow. The method of this embodiment may be executed by a convergence and offloading device, which may be implemented by software and/or hardware.
Correspondingly, the method specifically comprises the following steps:
s110, the server generates a filtering rule according to the flow characteristic of the application program, wherein the flow characteristic of the application program is determined based on a preset rule file.
The server can be a low-cost server platform for realizing High Availability High Density (HAHD) and is specially designed for special application industries and High-Density computing environments. Specifically, the server may be a blade server of an X86 architecture, and the blade server of the X86 architecture implements management of the offload board traffic filtering rule, and generation and issuing of the rule. The flow characteristics of the application program may be the flow characteristics corresponding to the application program determined according to a preset rule file. The filtering rule may be a rule for setting corresponding filtering due to difference of traffic characteristics of the application program.
Illustratively, assume that the server may be a blade server of the X86 architecture. First, the blade server loads a pre-configured blacklist, which may be formed by rule files associated with the application. And acquiring the content in the rule file line by line, and generating a filtering rule according to the flow characteristics in the content. The traffic characteristics include domain name, IP address, port identifier, and the like. .
And S120, when the rule issuing condition is met, the server sends the filtering rule to the shunting board card.
The shunting board card can be a blade server that realizes access of traffic, filtering of traffic, homological homing and distribution of traffic, and that realizes transmission of traffic of a Domain Name System (DNS) to an X86 architecture after filtering the traffic according to a port.
The rule issuing condition is a condition that the server issues the filtering rule to the shunting board card. For example, the rule issuing condition may be a timed issuing or issuing at set time intervals, or the like.
Specifically, when the system time meets the rule issuing condition, the server may send the corresponding filtering rule to the shunting board card.
S130, the shunting board card obtains the flow output by the light splitting equipment, and shunting processing is carried out on the flow based on the filtering rule.
In a mobile communication network, a light splitting device is used as a special probe for signaling monitoring, and the original signaling data acquisition is mainly realized. Specifically, the optical splitter can input the flow into the splitter plate card. The shunting processing can be that the shunting board card can carry out shunting processing operation on corresponding flow according to a filtering rule.
Specifically, the shunt board card can acquire the corresponding output flow from the light splitting device, and the shunt board card can shunt the flow acquired from the light splitting device based on the filtering rule, so that a corresponding shunt processing result can be obtained, and the corresponding shunt processing result can be fed back to the server.
According to the technical scheme provided by the embodiment of the invention, the server generates the filtering rule according to the flow characteristics of the application program; when a rule issuing condition is met, the server sends the filtering rule to the shunting board card; the shunting board card acquires the flow output by the light splitting equipment, and carries out shunting processing on the flow based on the filtering rule. The method and the device solve the problems of low granularity of the filtering content, low filtering flexibility and the like in the related technology, realize the association of the filtering content and the application program, achieve the effect of targeted flow screening, and improve the filtering capability and the filtering flexibility of low-value flow.
Optionally, after the splitter board card obtains the flow output by the optical splitting device, the method further includes: the shunting board card acquires the domain name flow in the flow according to the port identification of the flow, and sends the domain name flow to the server; and the server acquires the corresponding relation between the domain name and the service IP address in the domain name flow and updates the regular hash table according to the corresponding relation between the domain name and the service IP address.
The traffic carries a port identifier, the shunt board card obtains the port identifier by analyzing the traffic, and the domain name traffic is filtered from the acquired traffic based on the port identifier. The domain name traffic may be port identification according to traffic, and the flow distribution board card may acquire the traffic containing the domain name information in the traffic. The regular hash table may map the key value to a location in the table to access the record to speed up the lookup. Specifically, each domain name corresponds to one or more service IP addresses, and the corresponding service IP address can be found by looking up the domain name.
In the present embodiment, it is assumed that the server is a blade server of an X86 architecture. The shunt board card can obtain corresponding output flow from the optical splitting device, and when the shunt board card obtains the flow, the corresponding domain name flow can be identified according to the port identification of the flow. Further, the breakout board may send the domain name traffic to a blade server of the X86 architecture. The blade server of the X86 architecture can establish a corresponding correspondence between the domain name in the domain name traffic and the service IP address, so that the blade server of the X86 architecture can update the regular hash table according to the correspondence.
The advantages of such an arrangement are: the domain name flow is sent to the server through the shunt board card, and the server can further update the regular hash table according to the corresponding relation between the domain name in the domain name flow and the service IP address. Therefore, the relation between the domain name and the service IP address can be established more conveniently and accurately, and the flow can be acquired better.
Optionally, before the server sends the filtering rule to the offload board, the method further includes: the server acquires the number of the filtering rules in the rule hash table; and if the number exceeds a set number threshold, the server deletes the filtering rules exceeding the set number threshold in the rule hash table according to rule generation time.
Wherein, the set quantity threshold value can be set based on the quantity value of the filtering rule that the flow board card can handle. When the number exceeds a set number threshold, the server needs to delete the filtering rules exceeding the set number threshold in the rule hash table; when the number does not exceed the set number threshold, the server can issue the filtering rules to the shunting board card in full.
For example, assume that the server-set number threshold may be 10. Because the quantity value of the filtering rules that can be processed by the flow board card is 10, when the quantity of the filtering rules in the rule hash table is 8, the server can issue the corresponding filtering rules in full quantity because the quantity does not exceed the set quantity threshold value by 10. When the number of the filtering rules in the rule hash table is 11, since the number exceeds the set number threshold by 10, the server deletes the filtering rules exceeding the set number threshold in the rule hash table according to the rule generation time, specifically, the server needs to delete the filtering rule with the earlier generation time of 1 in the rule hash table.
The advantages of such an arrangement are: by comparing the quantity with the set quantity threshold value, the regular hash table can be updated in time, and the condition that the distribution board card processes overload due to the fact that the maximum processing capacity of the distribution board card is exceeded due to the existence of a plurality of filtering rules is avoided. This allows for better flow collection.
Optionally, after the traffic is split based on the filtering rule, the method further includes: the server acquires a flow distribution processing result corresponding to each IP address in the regular hash table, and determines the acquisition time of each IP address according to the flow distribution processing result; and if the time difference value between the acquisition time and the current time is greater than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the regular hash table.
The shunting processing result can be that the shunting board card shunts the flow according to the filtering rule to obtain a corresponding processing result, and the server can obtain the corresponding shunting processing result from the shunting board card. The preset time threshold may be a maximum difference between the acquisition time set by the server and the current time. Specifically, when the time difference between the acquisition time and the current time is greater than the preset time threshold, the server needs to delete the corresponding IP address from the filtering rule included in the rule hash table. And when the time difference value between the acquisition time and the current time is less than or equal to a preset time threshold, the server needs to keep the IP address corresponding to the filtering rule contained in the rule hash table.
For example, assume that the server presets a time threshold of 10 days. The server obtains the shunting processing result of the flow corresponding to each IP address in the regular hash table, and determines that the obtaining time of a certain IP address is 11, 18 and 11 months in 2020 and the current time is 11, 30 and 11 months in 2020 according to the shunting processing result, namely the IP addresses appear in the last 12 days. Since the time difference is 12 days, the time difference between the acquisition time and the current time is 12 days greater than the preset time threshold by 10 days, and the server needs to delete the corresponding IP address from the filtering rule included in the rule hash table.
Further, assume that the acquisition time is 11/18/2020 and the current time is 11/22/2020. Since the time difference is 4 days, the time difference between the acquisition time and the current time is less than the preset time threshold for 10 days, and the server needs to keep the IP address corresponding to the filtering rule included in the rule hash table.
The advantages of such an arrangement are: by comparing the time difference between the acquisition time and the current time with the preset time threshold, when the time difference is greater than the preset time threshold, the IP addresses which are not appeared and correspond to the time difference exceeding the preset time threshold can be deleted from the filtering rules, so that the updating processing of the IP addresses can be realized, and the flow shunting processing can be more accurately carried out.
Example two
Fig. 2 is a flowchart of another shunting method based on a fusion shunting device according to a second embodiment of the present invention. In this embodiment, the server generates the filtering rule according to the traffic characteristics of the application program, and further refines the filtering rule based on the above embodiments.
Correspondingly, the method specifically comprises the following steps:
s210, the server acquires the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file.
And S220, the server updates the domain name hash table according to the domain name and updates the IP hash table according to the IP address corresponding to the domain name.
The domain name hash table may be a table for storing a plurality of domain names, and the server may directly access the data structure according to the key value of the domain name, and specifically, the server may update the domain name hash table according to the domain name. The IP hash table may be a table storing a plurality of IPs, and the server may directly access the data structure according to the key value of the IP, and specifically, the server may update the IP hash table according to the IPs.
And S230, for the target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
Wherein, the rule hash table is used for recording the filtering rule.
In this embodiment, for a target domain name in the domain name hash table, the server may generate a corresponding filtering rule according to each IP address corresponding to the target domain name in the IP hash table. Further, the filtering rules may be updated to the rule hash table.
And S240, when the rule issuing condition is met, the server sends the filtering rule to the shunting board card.
Optionally, the server generates the filtering rule according to the traffic characteristic of the application program, and further includes: the server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; the server updates a port hash table according to the port identification corresponding to the application program in the preset rule file; and updating the rule hash table according to the IP hash table and/or the port hash table.
The port hash table may be a table storing a plurality of ports, and the server may directly access the data structure according to the key code value of the port, and specifically, the server may update the port hash table according to the port.
In this embodiment, first, the server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; further, the server updates a port hash table according to a port identifier corresponding to the application program in the preset rule file; accordingly, the rule hash table can be updated according to the IP hash table, the port hash table, and the IP hash table and the port hash table.
The advantages of such an arrangement are: the regular hash table can be updated according to the IP hash table, the port hash table and the IP hash table and the port hash table. Therefore, the updating operation of the rule hash table can be enriched, and various processing conditions can be handled, so that the flow shunting processing can be more accurately carried out.
And S250, the shunting board card acquires the flow output by the light splitting equipment, and shunting the flow based on the filtering rule.
According to the technical scheme provided by the embodiment of the invention, the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file is obtained through the server; the server updates a domain name hash table according to the domain name and updates an IP hash table according to the IP address corresponding to the domain name; for a target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table; when a rule issuing condition is met, the server sends the filtering rule to the shunting board card; the shunting board card acquires the flow output by the light splitting equipment, and carries out shunting processing on the flow based on the filtering rule. The updating operation of the regular hash table can be enriched, and various processing conditions can be dealt with, so that the flow shunting processing can be more accurately carried out.
EXAMPLE III
Fig. 3 is a flowchart of another shunting method based on a fusion shunting device according to a third embodiment of the present invention. In this embodiment, the filtering rule sent by the server to the offload board is further refined, and forwarding or dropping processing is determined to be performed on the traffic based on an IP address.
Correspondingly, the method specifically comprises the following steps:
and S310, the server generates a filtering rule according to the flow characteristics of the application program.
And determining the flow characteristics of the application program based on a preset rule file.
S320, when the rule issuing condition is met, the server acquires the source IP address and/or the source port identification and the destination IP address and/or the destination port identification corresponding to each filtering rule.
The source IP address may be an identifier for identifying a location of the object, and the information in transmission has the source IP address, which respectively identifies a source node, i.e., an information source, of the communication. The source port identification may be a source port identification number of the network enabled application software. The destination IP address can be information in transmission with the destination IP address, and respectively identifies destination nodes of communication, namely, information sinks. The destination port identification may be a destination port identification number of the network enabled application software.
S330, the server generates a first rule file according to the source IP address and/or the source port identification corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identification corresponding to each filtering rule.
The first rule file may be a rule file generated by the server according to the source IP address, the source port identifier, and the source IP address and the source port identifier corresponding to each filtering rule. The second rule file may be a rule file generated by the server according to the destination IP address, the destination port identifier, and the destination IP address and the destination port identifier corresponding to each filtering rule.
S340, the server sends the first rule file to a switch board card of the splitter board card, and sends the second rule file to a service board card of the splitter board card.
The switching board card may be a board card for executing information exchange processing in the shunting board card, and the server may send the first rule file to the switching board card. The service board card may be a board card that performs service processing in the shunting board card, and the server may send the second rule file to the service board card.
And S350, the shunt board card acquires the flow output by the optical splitting equipment.
S360, the shunting board card obtains a source IP address and a destination IP address of the flow, and forwarding or discarding processing is determined to be executed on the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
In this embodiment, when the offload board acquires a source IP address and a destination IP address of traffic, the server generates a first rule file according to the source IP address, the source port identifier, and the source IP address and the source port identifier corresponding to each filtering rule; and the server generates a second rule file according to the destination IP address, the destination port identification and the destination IP address and the destination port identification corresponding to each filtering rule. The shunting board card can further carry out shunting processing on the flow according to the source IP address, the destination IP address, the first rule file and the second rule file. Specifically, when the flow meets the filtering rule, the shunt board card discards the flow; and when the flow does not meet the filtering rule, the shunt board card executes forwarding processing on the flow. And forwarding the traffic subjected to forwarding processing to a network security traffic acquisition and analysis system, and performing related analysis on the traffic through the network security traffic acquisition and analysis system.
According to the technical scheme provided by the embodiment of the invention, the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file is obtained through the server; the server updates a domain name hash table according to the domain name and updates an IP hash table according to the IP address corresponding to the domain name; for a target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table; when the rule issuing condition is met, the server acquires a source IP address and/or a source port identification and a destination IP address and/or a destination port identification corresponding to each filtering rule; the server generates a first rule file according to the source IP address and/or the source port identification corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identification corresponding to each filtering rule; the server sends the first rule file to a switching board card in the shunting board card, and sends the second rule file to a service board card in the shunting board card; the shunt board card acquires the flow output by the light splitting equipment; the shunting board card acquires a source IP address and a destination IP address of the flow, and determines to forward or discard the flow according to the source IP address, the destination IP address, the first rule file and the second rule file. The embodiment issues the filtering rules based on the source IP address, the source port identifier, the source IP address and the source port identifier, the destination IP address, the destination port identifier, the destination IP address and the destination port, and determines forwarding or discarding of the traffic based on the IP address of the traffic, so that the traffic can be accurately shunted, and the analysis efficiency of the network security traffic collection and analysis system is improved.
Example four
Fig. 4 is a flowchart of another shunting method based on a fusion shunting device according to a fourth embodiment of the present invention. In this embodiment, the server sends the filtering rule to the offload board card to be further refined, and determines to perform forwarding or dropping processing on the traffic based on two aspects of port identification and IP address.
Correspondingly, the method specifically comprises the following steps:
and S410, the server generates a filtering rule according to the flow characteristics of the application program.
And determining the flow characteristics of the application program based on a preset rule file.
And S420, when the rule issuing condition is met, the server acquires the source IP address and/or the source port identification and the destination IP address and/or the destination port identification corresponding to each filtering rule.
And S430, the server generates a first rule file according to the source IP address and/or the source port identification corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identification corresponding to each filtering rule.
And S440, the server sends the first rule file to a switching board card in the shunting board card, and sends the second rule file to a service board card in the shunting board card.
S450, the shunt board card obtains the flow output by the optical splitting equipment.
And S460, the shunting board card obtains the source port identification and the destination port identification of the flow, and determines a first processing mode of the flow according to the source port identification, the destination port identification, the first rule file and the second rule file.
The first processing mode may be that the offload board determines a processing mode for the traffic according to the source port identifier, the destination port identifier, the first rule file, and the second rule file.
S470, the shunting board card obtains a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
The second processing mode may be that the offload board determines the processing mode of the traffic according to the source IP address, the destination IP address, the first rule file, and the second rule file.
Specifically, the shunting board card obtains a source port identifier of the flow to match with the first rule file. And if the filtering rule containing the source port identification is matched in the first rule file, judging that the matching is successful. And matching the destination port identification of the acquired flow with the second rule file. And if the filtering rule containing the destination port identification is matched in the second rule file, judging that the matching is successful. And if at least one of the matching results is successful, determining that the first processing mode of the corresponding flow is discarding. Otherwise, determining that the first processing mode of the corresponding flow is forwarding.
Further, when the first processing mode of the traffic is discarding, the shunt board card obtains the source IP address of the traffic to match with the first rule file. And if the filtering rule containing the IP address is matched in the first rule file, judging that the matching is successful. And matching the destination IP address of the acquired flow with the second rule file. And if the filtering rule containing the destination IP address is matched in the second rule file, judging that the matching is successful. And if at least one of the matching results is successful, determining that the second processing mode of the corresponding flow is discarding. Otherwise, determining the second processing mode of the corresponding flow as forwarding.
And S480, determining to execute forwarding or discarding processing on the flow according to the first processing mode and the second processing mode.
For example, if the first processing method is the same as the second processing method, the corresponding traffic is processed in the first processing method or the second processing method.
And if the first processing mode is different from the second processing mode, processing the corresponding flow by using the second processing mode.
According to the technical scheme provided by the embodiment of the invention, the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file is obtained through the server; the server updates a domain name hash table according to the domain name and updates an IP hash table according to the IP address corresponding to the domain name; for a target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table; when the rule issuing condition is met, the server acquires a source IP address and/or a source port identification and a destination IP address and/or a destination port identification corresponding to each filtering rule; the server generates a first rule file according to the source IP address and/or the source port identification corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identification corresponding to each filtering rule; the server sends the first rule file to a switching board card in the shunting board card, and sends the second rule file to a service board card in the shunting board card; the shunt board card acquires the flow output by the light splitting equipment; the shunting board card acquires a source port identifier and a destination port identifier of the flow, and determines a first processing mode of the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file; the shunting board card acquires a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file; and determining to execute forwarding or discarding processing on the flow according to the first processing mode and the second processing mode. In this embodiment, forwarding or discarding of traffic is determined based on the IP address and the port identifier of the traffic, so that traffic offloading can be performed more accurately by combining the IP address and the port identifier of the traffic, and efficiency of the traffic offloading is improved.
EXAMPLE five
Fig. 5 is a structural diagram of a fusion and shunt apparatus according to a fifth embodiment of the present invention. The integrated shunt device 510 comprises a server 520 and a shunt board card 530, wherein the server 520 is electrically connected with the shunt board card 530.
The server 520 is configured to execute a offloading method based on the fusion offloading device 510; the shunting device is configured to execute a shunting method based on the fusion shunting device 510. Wherein, the method comprises the following steps: the server 520 generates a filtering rule according to the flow characteristic of the application program, wherein the flow characteristic of the application program is determined based on a preset rule file; when a rule issuing condition is met, the server 520 sends the filtering rule to the shunting board card 530; the shunting board card 530 obtains the flow output by the light splitting device, and performs shunting processing on the flow based on the filtering rule.
Optionally, the server 520 generates the filtering rule according to the traffic characteristics of the application program, including: the server 520 obtains a corresponding relationship between a domain name and an IP address corresponding to the application program in the preset rule file; the server 520 updates the domain name hash table according to the domain name, and updates the IP hash table according to the IP address corresponding to the domain name; the server 520 generates a regular hash table according to the domain name hash table and the IP hash table, where the regular hash table is used for recording filtering rules.
Optionally, the server 520 generates a regular hash table according to the domain name hash table and the IP hash table, including: for the target domain name in the domain name hash table, the server 520 generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
Optionally, the server 520 generates the filtering rule according to the traffic characteristics of the application program, and further includes: the server 520 updates the IP hash table according to the IP address corresponding to the application program in the preset rule file; the server 520 updates a port hash table according to the port identifier corresponding to the application program in the preset rule file; and updating the rule hash table according to the IP hash table and/or the port hash table.
Optionally, after the splitter board card 530 obtains the traffic output by the optical splitting device, the method further includes: the shunting board card 530 obtains the domain name traffic in the traffic according to the port identifier of the traffic, and sends the domain name traffic to the server 520; the server 520 obtains the corresponding relationship between the domain name and the service IP address in the domain name traffic, and updates the regular hash table according to the corresponding relationship between the domain name and the service IP address.
Optionally, before the server 520 sends the filtering rule to the offload board 530, the method further includes: the server 520 obtains the number of the filtering rules in the rule hash table; if the number exceeds a set number threshold, the server 520 deletes the filtering rule exceeding the set number threshold in the rule hash table according to the rule generation time.
Optionally, the sending, by the server 520, the filtering rule to the offload board 530 includes: the server 520 obtains a source IP address and/or a source port identifier and a destination IP address and/or a destination port identifier corresponding to each filtering rule; the server 520 generates a first rule file according to the source IP address and/or the source port identifier corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identifier corresponding to each filtering rule; the server 520 sends the first rule file to a switch board card in the splitter board 530, and sends the second rule file to a service board card in the splitter board 530.
Optionally, the shunting board card 530 obtains traffic output by the light splitting device, and performs shunting processing on the traffic based on the filtering rule, including: the splitter board 530 obtains the flow output by the optical splitter; the shunting board card 530 obtains a source IP address and a destination IP address of the traffic, and determines to forward or discard the traffic according to the source IP address, the destination IP address, the first rule file, and the second rule file.
Optionally, the shunting board card 530 obtains traffic output by the light splitting device, and performs shunting processing on the traffic based on the filtering rule, including: the splitter board 530 obtains the flow output by the optical splitter; the shunting board card 530 obtains a source port identifier and a destination port identifier of the traffic, and determines a first processing mode for the traffic according to the source port identifier, the destination port identifier, the first rule file and the second rule file; the shunting board card 530 acquires a source IP address and a destination IP address of the traffic, and determines a second processing mode for the traffic according to the source IP address, the destination IP address, the first rule file and the second rule file; and determining to execute forwarding or discarding processing on the flow according to the first processing mode and the second processing mode.
Optionally, after the traffic is split based on the filtering rule, the method further includes: the server 520 obtains a flow distribution processing result corresponding to each IP address in the regular hash table, and determines the obtaining time of each IP address according to the flow distribution processing result; and if the time difference value between the acquisition time and the current time is greater than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the regular hash table.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (11)

1. A shunting method based on a fusion shunting device is characterized in that the fusion shunting device comprises a server and a shunting board card, wherein the server is electrically connected with the shunting board card;
the server generates a filtering rule according to the flow characteristic of the application program, wherein the flow characteristic of the application program is determined based on a preset rule file;
when a rule issuing condition is met, the server sends the filtering rule to the shunting board card;
the shunting board card acquires the flow output by the light splitting equipment, and carries out shunting processing on the flow based on the filtering rule.
2. The method of claim 1, wherein the server generates the filter rule according to the traffic characteristics of the application, and comprises:
the server acquires the corresponding relation between the domain name and the IP address corresponding to the application program in the preset rule file;
the server updates a domain name hash table according to the domain name and updates an IP hash table according to the IP address corresponding to the domain name;
and the server generates a regular hash table according to the domain name hash table and the IP hash table, wherein the regular hash table is used for recording filtering rules.
3. The method of claim 2, wherein the server generates a regular hash table from the domain name hash table and the IP hash table, comprising:
and for the target domain name in the domain name hash table, the server generates a filtering rule according to each IP address corresponding to the target domain name in the IP hash table, and updates the filtering rule to the rule hash table.
4. The method of claim 2, wherein the server generates the filter rules according to the traffic characteristics of the application, further comprising:
the server updates the IP hash table according to the IP address corresponding to the application program in the preset rule file;
the server updates a port hash table according to the port identification corresponding to the application program in the preset rule file;
and updating the rule hash table according to the IP hash table and/or the port hash table.
5. The method according to claim 2, wherein after the splitter board obtains the traffic output by the optical splitter device, the method further includes:
the shunting board card acquires the domain name flow in the flow according to the port identification of the flow, and sends the domain name flow to the server;
and the server acquires the corresponding relation between the domain name and the service IP address in the domain name flow and updates the regular hash table according to the corresponding relation between the domain name and the service IP address.
6. The method of claim 1, prior to the server sending the filter rules to the offload board, further comprising:
the server acquires the number of the filtering rules in the rule hash table;
and if the number exceeds a set number threshold, the server deletes the filtering rules exceeding the set number threshold in the rule hash table according to rule generation time.
7. The method of claim 1, wherein the server sending the filter rules to the offload board card comprises:
the server acquires a source IP address and/or a source port identification and a destination IP address and/or a destination port identification corresponding to each filtering rule;
the server generates a first rule file according to the source IP address and/or the source port identification corresponding to each filtering rule, and generates a second rule file according to the destination IP address and/or the destination port identification corresponding to each filtering rule;
and the server sends the first rule file to a switching board card in the shunting board card and sends the second rule file to a service board card in the shunting board card.
8. The method according to claim 1, wherein the traffic splitting board obtains traffic output by the optical splitting device, and performs the traffic splitting processing based on the filtering rule, including:
the shunt board card acquires the flow output by the light splitting equipment;
the shunting board card acquires a source IP address and a destination IP address of the flow, and determines to forward or discard the flow according to the source IP address, the destination IP address, the first rule file and the second rule file.
9. The method according to claim 1, wherein the traffic splitting board obtains traffic output by the optical splitting device, and performs the traffic splitting processing based on the filtering rule, including:
the shunt board card acquires the flow output by the light splitting equipment;
the shunting board card acquires a source port identifier and a destination port identifier of the flow, and determines a first processing mode of the flow according to the source port identifier, the destination port identifier, the first rule file and the second rule file;
the shunting board card acquires a source IP address and a destination IP address of the flow, and determines a second processing mode of the flow according to the source IP address, the destination IP address, the first rule file and the second rule file;
and determining to execute forwarding or discarding processing on the flow according to the first processing mode and the second processing mode.
10. The method of claim 1, further comprising, after offloading the traffic based on the filtering rules:
the server acquires a flow distribution processing result corresponding to each IP address in the regular hash table, and determines the acquisition time of each IP address according to the flow distribution processing result;
and if the time difference value between the acquisition time and the current time is greater than a preset time threshold value, deleting the corresponding IP address from the filtering rule contained in the regular hash table.
11. The utility model provides a fuse diverging device, its characterized in that, fuse diverging device includes server and reposition of redundant personnel integrated circuit board, the server with reposition of redundant personnel integrated circuit board electricity is connected:
the server, configured to perform the offloading method according to any one of claims 1-10;
the shunting board card is used for executing the shunting method of any one of claims 1-10.
CN202111665640.0A 2021-12-31 2021-12-31 Shunting method based on fusion shunting equipment and fusion shunting equipment Active CN114374622B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111665640.0A CN114374622B (en) 2021-12-31 2021-12-31 Shunting method based on fusion shunting equipment and fusion shunting equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111665640.0A CN114374622B (en) 2021-12-31 2021-12-31 Shunting method based on fusion shunting equipment and fusion shunting equipment

Publications (2)

Publication Number Publication Date
CN114374622A true CN114374622A (en) 2022-04-19
CN114374622B CN114374622B (en) 2023-12-19

Family

ID=81142438

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111665640.0A Active CN114374622B (en) 2021-12-31 2021-12-31 Shunting method based on fusion shunting equipment and fusion shunting equipment

Country Status (1)

Country Link
CN (1) CN114374622B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117240735A (en) * 2023-11-09 2023-12-15 湖南戎腾网络科技有限公司 Method, system, equipment and storage medium for filtering audio and video streams

Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054924A1 (en) * 2002-09-03 2004-03-18 Chuah Mooi Choo Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks
CN1564547A (en) * 2004-03-25 2005-01-12 上海复旦光华信息科技股份有限公司 High speed filtering and stream dividing method for keeping connection features
US20110035469A1 (en) * 2009-08-05 2011-02-10 Verisign, Inc. Method and system for filtering of network traffic
CN104468636A (en) * 2015-01-09 2015-03-25 李忠 SDN structure for DDoS threatening filtering and link reallocating and working method
CN104539594A (en) * 2014-12-17 2015-04-22 南京晓庄学院 SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization
US20150121525A1 (en) * 2013-10-28 2015-04-30 At&T Intellectual Property I, L.P. Filtering Network Traffic Using Protected Filtering Mechanisms
CN104754066A (en) * 2013-12-26 2015-07-01 华为技术有限公司 Message processing method and message processing equipment
CN105323173A (en) * 2014-07-18 2016-02-10 中兴通讯股份有限公司 Network rule entry setting method and device
CN105871773A (en) * 2015-01-18 2016-08-17 吴正明 DDoS filtering method based on SDN network architecture
CN106549944A (en) * 2016-10-17 2017-03-29 上海斐讯数据通信技术有限公司 A kind of domain filter method based on linux kernel Hash table
CN110808913A (en) * 2018-08-30 2020-02-18 华为技术有限公司 Message processing method, device and related equipment
CN112272193A (en) * 2020-11-19 2021-01-26 天津光电通信技术有限公司 Filtering and shunting platform for effectively solving message multi-hit flow and implementation method
CN112350833A (en) * 2020-11-25 2021-02-09 杭州迪普信息技术有限公司 Flow filtering method and device
US10924456B1 (en) * 2020-07-14 2021-02-16 Centripetal Networks, Inc. Methods and systems for efficient encrypted SNI filtering for cybersecurity applications
CN112491901A (en) * 2020-11-30 2021-03-12 北京锐驰信安技术有限公司 Network flow fine screening device and method
CN112929376A (en) * 2021-02-10 2021-06-08 恒安嘉新(北京)科技股份公司 Flow data processing method and device, computer equipment and storage medium
CN113382019A (en) * 2021-06-30 2021-09-10 山石网科通信技术股份有限公司 Flow data processing method

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040054924A1 (en) * 2002-09-03 2004-03-18 Chuah Mooi Choo Methods and devices for providing distributed, adaptive IP filtering against distributed denial of service attacks
CN1564547A (en) * 2004-03-25 2005-01-12 上海复旦光华信息科技股份有限公司 High speed filtering and stream dividing method for keeping connection features
US20110035469A1 (en) * 2009-08-05 2011-02-10 Verisign, Inc. Method and system for filtering of network traffic
US20150121525A1 (en) * 2013-10-28 2015-04-30 At&T Intellectual Property I, L.P. Filtering Network Traffic Using Protected Filtering Mechanisms
CN104754066A (en) * 2013-12-26 2015-07-01 华为技术有限公司 Message processing method and message processing equipment
CN105323173A (en) * 2014-07-18 2016-02-10 中兴通讯股份有限公司 Network rule entry setting method and device
CN104539594A (en) * 2014-12-17 2015-04-22 南京晓庄学院 SDN (software defined network) framework, system and working method combining DDoS (distributed denial of service) threat filtering and routing optimization
CN104468636A (en) * 2015-01-09 2015-03-25 李忠 SDN structure for DDoS threatening filtering and link reallocating and working method
CN105871773A (en) * 2015-01-18 2016-08-17 吴正明 DDoS filtering method based on SDN network architecture
CN106549944A (en) * 2016-10-17 2017-03-29 上海斐讯数据通信技术有限公司 A kind of domain filter method based on linux kernel Hash table
CN110808913A (en) * 2018-08-30 2020-02-18 华为技术有限公司 Message processing method, device and related equipment
US10924456B1 (en) * 2020-07-14 2021-02-16 Centripetal Networks, Inc. Methods and systems for efficient encrypted SNI filtering for cybersecurity applications
CN112272193A (en) * 2020-11-19 2021-01-26 天津光电通信技术有限公司 Filtering and shunting platform for effectively solving message multi-hit flow and implementation method
CN112350833A (en) * 2020-11-25 2021-02-09 杭州迪普信息技术有限公司 Flow filtering method and device
CN112491901A (en) * 2020-11-30 2021-03-12 北京锐驰信安技术有限公司 Network flow fine screening device and method
CN112929376A (en) * 2021-02-10 2021-06-08 恒安嘉新(北京)科技股份公司 Flow data processing method and device, computer equipment and storage medium
CN113382019A (en) * 2021-06-30 2021-09-10 山石网科通信技术股份有限公司 Flow data processing method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MARC ANTOINE GOSSELIN-LAVIGNE; HUGO GONZALEZ; NATALIA STAKHANOVA; ALI A. GHORBANI: "" A Performance Evaluation of Hash Functions for IP Reputation Lookup Using Bloom Filters"", 《2015 10TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY》 *
李若霖;王金一;陶智勇;陈琦;南凯;阎保平;: "基于Libpcap的局域网流量测量系统设计与实现", 计算机应用研究, no. 10 *
金伟;崔鸿;王志;郭发勤;汪屹文;贺帅;: "针对DDoS攻击的检测与控制系统", 网络空间安全, no. 3 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117240735A (en) * 2023-11-09 2023-12-15 湖南戎腾网络科技有限公司 Method, system, equipment and storage medium for filtering audio and video streams
CN117240735B (en) * 2023-11-09 2024-01-19 湖南戎腾网络科技有限公司 Method, system, equipment and storage medium for filtering audio and video streams

Also Published As

Publication number Publication date
CN114374622B (en) 2023-12-19

Similar Documents

Publication Publication Date Title
CN108809836B (en) Multicast data message forwarding method and device
CN103152352A (en) Perfect information security and forensics monitoring method and system based on cloud computing environment
CN105830407A (en) System and method for scalable inter-domain overlay networking
US20110188400A1 (en) Network monitoring device, network monitoring method, and network monitoring program
CN101789905A (en) Method and equipment for preventing unknown multicast from attacking CPU (Central Processing Unit)
CN111049849A (en) Network intrusion detection method, device, system and storage medium
CN114374622B (en) Shunting method based on fusion shunting equipment and fusion shunting equipment
CN111224901B (en) Data association method, device and distributed system
CN106790411B (en) The non-polymeric port cascade system and method for virtual switch and physical switches
CN112187756A (en) Multicast data transmission method, device, equipment and storage medium
US11595419B2 (en) Communication monitoring system, communication monitoring apparatus, and communication monitoring method
CN113595900A (en) Routing control method, device and system and border gateway protocol peer
CN101552747B (en) Method, device and system for route management
CN115996201A (en) Flow table processing method, openflow switch and computing device
CN113114588B (en) Data processing method and device, electronic equipment and storage medium
CN115811434A (en) Firewall strategy convergence and intelligent issuing method and system
CN113162782B (en) Data center network configuration method and device
JP2008135871A (en) Network monitoring system, network monitoring method, and network monitoring program
CN112291185B (en) Method and device for collecting network data
CN111431930A (en) Flow cleaning method and related equipment
CN111629276B (en) Security filtering method and device for controlling self-conversion of items
CN111629275B (en) Safety filtering method for multicast table item self-aggregation
CN113852572B (en) Message processing method and device
CN111695148B (en) Security filtering method and device for self-learning of network node
US20200412748A1 (en) Abnormality cause specification support system and abnormality cause specification support method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant