CN114584482B - Method, device and network card for storing detection data based on memory - Google Patents
Method, device and network card for storing detection data based on memory Download PDFInfo
- Publication number
- CN114584482B CN114584482B CN202210134818.7A CN202210134818A CN114584482B CN 114584482 B CN114584482 B CN 114584482B CN 202210134818 A CN202210134818 A CN 202210134818A CN 114584482 B CN114584482 B CN 114584482B
- Authority
- CN
- China
- Prior art keywords
- memory
- read
- data
- hit information
- detection rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The embodiment of the specification provides a method, a device and a network card for storing detection data based on a memory, wherein the method comprises the following steps: storing a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein the memory addresses of the hit information are respectively used for carrying out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions; acquiring data; calculating a plurality of hash values corresponding to the data based on a plurality of preset hash functions; a plurality of concurrent read accesses are sent to the memory to read hit information, wherein the memory addresses of the read accesses are respectively determined according to the hash values; and determining whether the data hits the preset detection rule according to the read hit information.
Description
Technical Field
Embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a method, an apparatus, and a network card for storing detection data based on a memory.
Background
With the rapid development of computer technology, various network service products are widely applied in networks, and great convenience is brought to users. In a network, a scenario in which data is detected is often involved. For example, cloud products, also known as cloud services, are an increasing, usage, and interaction model of internet-based related services, typically involving providing dynamically extensible and often virtualized resources over the internet. In the process of unloading cloud products by the intelligent network card, high-performance detection of message data related to the cloud products is often required to filter messages. Rule matching is a common detection means in data detection.
However, based on the current rule matching design, the data detection shows lower performance, and the detection speed is too slow to meet the performance requirement of the network.
Disclosure of Invention
In view of this, the embodiments of the present disclosure provide a method for storing detection data based on a memory. One or more embodiments of the present disclosure relate to an apparatus for storing detection data based on a memory, a network card, a computing device, a computer-readable storage medium, and a computer program, so as to solve the technical drawbacks in the prior art.
According to a first aspect of embodiments of the present disclosure, there is provided a method for storing detection data based on a memory, including: storing a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein the memory addresses of the hit information are respectively used for carrying out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions; acquiring data; calculating a plurality of hash values corresponding to the data based on a plurality of preset hash functions; a plurality of concurrent read accesses are sent to the memory to read hit information, wherein the memory addresses of the read accesses are respectively determined according to the hash values; and determining whether the data hits the preset detection rule according to the read hit information.
Optionally, the memory includes a plurality of independent memories, concurrent access is supported among the plurality of independent memories, and the hash function and the independent memories are in a one-to-one correspondence. The issuing of concurrent read accesses to the memory to read out hit information includes: determining the independent memories corresponding to the read accesses according to the corresponding relation between the hash function and the independent memories; and sending out the concurrent read accesses to the independent memories.
Optionally, the method is applied to a network card, and the data is message data.
Optionally, the method further comprises: and if the message data hits the preset detection rule, determining that the message data is abnormal.
Optionally, the method further comprises: and if the message data hits the preset detection rule, not forwarding the data packet of the message data by hardware.
Optionally, the determining whether the data hits the preset detection rule according to the read hit information includes: if hit information is read from all the memory addresses accessed by the plurality of reads, determining that the data hits the preset detection rule; and if at least one memory address accessed by reading does not read hit information, determining that the data does not hit the preset detection rule.
Optionally, the determining whether the data hits the preset detection rule according to the read hit information includes: if hit information is read from the memory address of the read access, the hit value of the read access is true; if hit information is not read from the memory address of the read access, the hit value of the read access is false; performing logical sum operation on hit values of the plurality of read accesses; if the logical sum operation result of the hit values of the plurality of read accesses is true, the data hits the preset detection rule; if the logical sum operation result of the hit values of the plurality of read accesses is false, the data does not hit the preset detection rule.
According to a second aspect of embodiments of the present disclosure, there is provided an apparatus for storing detection data based on a memory, including: the rule configuration module is configured to store a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein the memory addresses of the hit information are respectively used for carrying out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions. And the data acquisition module is configured to acquire data. The hash calculation module is configured to calculate a plurality of hash values corresponding to the data based on a plurality of preset hash functions. And the concurrent access module is configured to send out concurrent multiple read accesses to the memory to read out hit information, wherein the memory addresses of the multiple read accesses are respectively determined according to the multiple hash values. And the hit judgment module is configured to determine whether the data hits the preset detection rule according to the read hit information.
According to a third aspect of embodiments of the present disclosure, there is provided a network card, including: the system comprises a computing device and a memory, wherein the computing device is configured to store a plurality of pieces of hit information corresponding to at least one preset detection rule in the memory supporting concurrent access in advance, and hash calculation determination is carried out on the preset detection rule by the memory addresses of the hit information based on a plurality of preset hash functions; acquiring data; calculating a plurality of hash values corresponding to the data based on a plurality of preset hash functions; a plurality of concurrent read accesses are sent to the memory to read hit information, wherein the memory addresses of the read accesses are respectively determined according to the hash values; determining whether the data hits the preset detection rule according to the read hit information; the memory is configured to store a plurality of hit information corresponding to at least one preset detection rule.
Optionally, the memory includes a plurality of independent memories; the computing device is configured to determine the independent memories respectively corresponding to the plurality of read accesses according to a one-to-one correspondence between the hash function and the independent memories; and sending out the concurrent read accesses to the independent memory blocks.
According to a fourth aspect of embodiments of the present specification, there is provided a computing device comprising: a memory and a processor; the memory is configured to store computer executable instructions that, when executed by the processor, perform the steps of the method for storing test data based on memory according to any of the embodiments of the present specification.
According to a fifth aspect of embodiments of the present description, there is provided a computer-readable storage medium storing computer-executable instructions which, when executed by a processor, implement the steps of a method for storing detection data based on memory according to any embodiment of the present description.
According to a sixth aspect of embodiments of the present specification, there is provided a computer program, wherein the computer program, when executed in a computer, causes the computer to perform the steps of the method for storing detection data based on memory as described above.
According to the method, a plurality of hit information corresponding to at least one preset detection rule is stored in a memory supporting concurrent access in advance, wherein each memory address of the hit information carries out hash calculation determination on the preset detection rule based on a plurality of preset hash functions, after data are obtained, a plurality of hash values corresponding to the data are calculated based on the plurality of preset hash functions, concurrent read accesses are sent to the memory to read the hit information, and therefore whether the data hit the preset detection rule or not can be determined according to the read hit information quickly, detection speed is high, performance is high, and development requirements of a network can be met.
Drawings
FIG. 1 is a flow chart of a method for storing test data based on memory according to one embodiment of the present disclosure;
FIG. 2 is a schematic diagram of an arrangement of network cards in a network according to one embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a memory supporting concurrent access provided by one embodiment of the present disclosure;
FIG. 4 is a schematic diagram illustrating a process of a method for storing test data based on a memory according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of an apparatus for storing detection data based on a memory according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an apparatus for storing detection data based on a memory according to another embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a network card according to an embodiment of the present disclosure;
FIG. 8 is a block diagram of a computing device provided in one embodiment of the present description.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many other forms than described herein and similarly generalized by those skilled in the art to whom this disclosure pertains without departing from the spirit of the disclosure and, therefore, this disclosure is not limited by the specific implementations disclosed below.
The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that, although the terms first, second, etc. may be used in one or more embodiments of this specification to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first may also be referred to as a second, and similarly, a second may also be referred to as a first, without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
In the present specification, a method for storing detection data based on a memory is provided, and the present specification also relates to an apparatus for storing detection data based on a memory, a network card, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments.
Referring to fig. 1, fig. 1 shows a flowchart of a method for storing detection data based on a memory according to an embodiment of the present disclosure, which specifically includes the following steps.
Step 102: and storing a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein the memory addresses of the hit information are respectively used for carrying out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions.
The memory may be a block of memory supporting concurrent access by itself, or may be multiple memories supporting concurrent access between memories, which is not limited in this embodiment of the present disclosure.
The rule content of the preset detection rule can be determined according to the data content to be detected in the actual application scene, and can be any data such as I P address, port, user identifier and the like. For example, assuming that 100 messages of I P addresses need to be filtered in a message filtering application scenario, the 100 addresses I P may be used as a preset detection rule.
For example, assume that the preset detection rule is 1M, including rule 0; the hash functions include three hash functions of hash0 (), hash1 () and hash2 (), and then the hit information corresponding to rule ru l e0 is respectively: hash0 (ru e 0), hash1 (ru e 0), and hash2 (ru e 0). In the memory supporting concurrent access, three memory address positions corresponding to hash0 (ru le 0), hash1 (ru le 0) and hash2 (ru le 0) are written with hit information "1" in advance, which indicates that the rule is hit in the corresponding hash operation.
Step 104: data is acquired.
The data acquisition mode is not limited, and is set according to the application scene where the detected data are located. For example, the data may be data in a computer network. For example, in the application scenario of message filtering, the message data to be detected may be parsed from the received message, for example, any data to be detected such as I P address, port, etc. may be parsed.
Step 106: and calculating a plurality of hash values corresponding to the data based on a plurality of preset hash functions.
Wherein the plurality of hash functions are different hash functions. It can be understood that the more hash functions, the more hash times, and the higher the matching accuracy. For example, assuming the data is "P", the plurality of hash functions includes: three hash functions of hash0 (), hash1 (), and hash2 (), three hash values are calculated from hash0 (P), hash1 (P), and hash2 (P).
Step 108: and sending out concurrent multiple read accesses to the memory to read out hit information, wherein the memory addresses of the multiple read accesses are respectively determined according to the multiple hash values.
For example, hash calculation is performed on P according to three hash functions, hash0 (), hash1 (), and hash2 (), so as to obtain three memory addresses of hash0 (P), hash1 (P), and hash2 (P), which support concurrent access according to the method provided in the embodiments of the present disclosure, so that corresponding hit information can be quickly read out through three concurrent read accesses.
Step 110: and determining whether the data hits the preset detection rule according to the read hit information.
According to the method, a plurality of pieces of hit information corresponding to at least one preset detection rule are stored in a memory supporting concurrent access in advance, wherein each memory address of the plurality of pieces of hit information carries out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions, after data are acquired, a plurality of hash values corresponding to the data are calculated based on the plurality of preset hash functions, a plurality of concurrent read accesses are sent to the memory to read out the hit information, wherein the memory addresses of the plurality of read accesses are determined according to the plurality of hash values, so that whether the data hit the preset detection rule or not can be determined rapidly according to the read hit information, the detection speed is high, the performance is high, and the development requirement of a cloud network can be met.
In particular, compared with the problem that multiple memory read accesses are required due to the fact that multiple hit information is stored in a memory which does not support concurrent access, the method provided by the embodiment of the specification has the advantages that multiple hit information corresponding to a preset detection rule can be read out at one time and concurrently through the memory which supports concurrent access, the table lookup performance can achieve full bandwidth, the detection speed is high, the performance is high, and more hash functions are allowed to pass through in terms of performance so as to improve rule matching accuracy.
The application scenario of the method provided in the embodiments of the present disclosure is not limited, for example, the method for storing detection data based on a memory may be applied to a network card, and the data may be message data. The intelligent network card applying the method provided by the embodiment of the specification can realize high-performance message filtering, solve the problem of message filtering performance loss, and does not influence the false alarm rate. For example, in the process of unloading cloud products, the intelligent network card often needs high-performance filtering messages, and the architecture of the high-performance filtering messages implemented by the method provided by the embodiment of the specification can improve k times of performance (k is the number of hash functions).
For example, the method provided in the embodiments of the present disclosure may be used for anomaly detection of message data. Specifically, the method may further include: and if the message data hits the preset detection rule, determining that the message data is abnormal. In the case of determining that the message data is abnormal, any possible abnormal processing can be performed on the message data so as to avoid errors.
For another example, the method provided in the embodiments of the present disclosure may be used for forwarding detection of packet data. For example, if the message data hits the preset detection rule, no hardware forwarding is performed on the data packet of the message data.
Taking the network card arrangement schematic diagram of the network card in the network as shown in fig. 2 as an example, the "network card 0" is a network card of the "host 0", and the "network card 0" is used for filtering the message data of the "host 0"; the network card 1 is a network card of the host 1, and the network card 1 is used for filtering message data of the host 1, wherein the fi lter represents a chip to which the method provided by the embodiment of the specification is applied. When the message data is transmitted from the host computer 0, the message data of the virtual machine VM0 is filtered through the network card 0, and the data packet of the message data which does not belong to the transmitting range of the VM0 is not forwarded by hardware. When the message data is input from the network card 1, the message data of the virtual machine VM1 is filtered through the network card 1, and the data packet of the message data which does not belong to the receiving range of the VM1 is not forwarded by hardware.
The method provided in the embodiments of the present disclosure is not limited to a specific embodiment of determining whether the data hits the preset detection rule according to the read hit information. The hit information may be any data type, as long as it can indicate that the detected data hits the corresponding detection rule in the corresponding hash calculation. In one or more embodiments of the present disclosure, the determining whether the data hits the preset detection rule according to the read hit information includes: if hit information is read from all the memory addresses accessed by the plurality of reads, determining that the data hits the preset detection rule; and if at least one memory address accessed by reading does not read hit information, determining that the data does not hit the preset detection rule.
More specifically, for example, the determining whether the data hits the preset detection rule according to the read hit information includes: if hit information is read from the memory address of the read access, the hit value of the read access is true; if hit information is not read from the memory address of the read access, the hit value of the read access is false; performing logical sum operation on hit values of the plurality of read accesses; if the logical sum operation result of the hit values of the plurality of read accesses is true, the data hits the preset detection rule; if the logical sum operation result of the hit values of the plurality of read accesses is false, the data does not hit the preset detection rule. In this embodiment, the hit information may be represented in the same manner as the corresponding hit value, or may be represented in a different manner. For example, the hit information may also be represented by "true" or "false", so that the hit information, i.e., the hit value, may be directly used for logical sum operation. By the logical sum operation of the embodiment, the judgment can be quickly performed, and the efficiency is higher.
In order to make the method for storing detection data based on the memory provided in the embodiments of the present disclosure easier to understand, the memory is taken as an example of a memory including a plurality of independent memories disposed in a network card, and is schematically illustrated below. In this embodiment, concurrent access is supported between the plurality of independent memories. The hash function is in one-to-one correspondence with the independent memory. The issuing of concurrent read accesses to the memory to read the hit information may include: determining the independent memories corresponding to the read accesses according to the corresponding relation between the hash function and the independent memories; and sending out the concurrent read accesses to the independent memories.
As shown in the memory schematic diagram supporting concurrent access in fig. 3, the network card may include 3 independent memories with a width of 1, including: ram_0, ram_1, and ram_2. Assuming that the preset detection rule is 1M, the depths of ram_0, ram_1, ram_2 are 1M each. As shown in fig. 2, for the rules ru 0, ru 1, as marked in the figure, the processing performed in advance includes:
by calculating hash0 (ru 0), the position corresponding to ram_0 is set to 1;
by calculating hash1 (ru 0), the position corresponding to ram_1 is set to 1;
by calculating hash2 (ru 0), the position corresponding to ram_2 is set to 1;
by calculating hash0 (ru 1), the position corresponding to ram_0 is set to 1;
by calculating hash1 (ru 1), the position corresponding to ram_1 is set to 1;
by calculating hash2 (ru 1), the position corresponding to ram_2 is set to 1.
When the network card receives the data packet, the data packet is analyzed to obtain the message data of the bit section to be detected. As shown in a process diagram of storing detection data based on a memory in fig. 4, assume that Packet data obtained from a Packet "is" P ", hash0 (P), hash1 (P), and hash2 (P) are calculated accordingly. The RAM_0 is read by the address corresponding to the hash0 (P), the read hit information is V0, the RAM_1 is read by the address corresponding to the hash1 (P), the read hit information is V1, the RAM_2 is read by the address corresponding to the hash2 (P), and the read hit information is V2. It will be appreciated that, according to the memory schematic shown in fig. 3, if the pre-written hit information can be read from the corresponding address, the read hit information is "1", and if the hit information cannot be read from the corresponding address, the miss rule is described, and the read hit information is "0". If V0& V1& V2= 1, a message data hit rule may be determined, and if V0& V1& V2= 0, a message data miss rule may be determined. According to the method for storing detection data based on the memory, which is provided by the embodiment of the specification, the table look-up is read for 3 RAMs, so that the table look-up performance can achieve full bandwidth, and compared with the filtering performance of a network card which does not support multiple concurrent accesses to the memory, the filtering message performance is improved by 3 times, namely, under the conditions of the same RAM resource and the same false alarm rate.
Corresponding to the above method embodiments, the present disclosure further provides an embodiment of a device for storing detection data based on a memory, and fig. 5 is a schematic structural diagram of a device for storing detection data based on a memory according to one embodiment of the present disclosure. As shown in fig. 5, the apparatus includes: rule configuration module 502, data acquisition module 504, hash computation module 506, concurrent access module 508, and hit judgment module 510.
The rule configuration module 502 may be configured to store, in advance, a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access, where memory addresses of the plurality of pieces of hit information respectively perform hash calculation determination on the preset detection rule based on a plurality of preset hash functions.
The data acquisition module 504 may be configured to acquire data.
The hash calculation module 506 may be configured to calculate a plurality of hash values corresponding to the data based on a plurality of preset hash functions.
The concurrent access module 508 may be configured to issue a plurality of concurrent read accesses to the memory to read the hit information, where the memory addresses of the plurality of read accesses are respectively determined according to the plurality of hash values.
The hit determination module 510 may be configured to determine whether the data hits the preset detection rule according to the read hit information.
The device stores a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein each memory address of the plurality of pieces of hit information carries out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions, after data are acquired, a plurality of hash values corresponding to the data are calculated based on the plurality of preset hash functions, and concurrent read accesses are sent to the memory to read out the hit information, wherein the memory addresses of the plurality of read accesses are determined according to the plurality of hash values, so that whether the data hit the preset detection rule can be determined according to the read hit information quickly, the detection speed is high, the performance is high, and the development requirement of a cloud network can be met.
In particular, compared with the problem that multiple memory read accesses are required due to the fact that multiple hit information is stored in a memory which does not support concurrent access, performance is insufficient, according to the device provided by the embodiment of the specification, multiple hit information corresponding to a preset detection rule can be read out at one time and concurrently through the memory which supports concurrent access, the table lookup performance can achieve full bandwidth, the detection speed is high, the performance is high, and more hash functions are allowed to pass through in terms of performance so as to improve rule matching accuracy.
Fig. 6 is a schematic structural diagram of an apparatus for storing detection data based on a memory according to another embodiment of the present disclosure. As shown in fig. 6, the concurrent access module 508 may include:
the memory determination submodule 5082 may be configured to determine the independent memories to which the plurality of read accesses respectively correspond according to a correspondence between the hash function and the independent memories.
The access execution submodule 5084 may be configured to issue concurrent read accesses to multiple independent memories.
In this embodiment, the memory includes a plurality of independent memories, and concurrent access is supported between the plurality of independent memories, and the hash function and the independent memories are in a one-to-one correspondence.
The application scenario of the device provided in the embodiments of the present disclosure is not limited, and the device may be configured on a network card, where the data is message data. In this embodiment, as shown in fig. 6, the apparatus may further include: the anomaly determination module 512 may be configured to determine that the message data is abnormal if the message data hits the preset detection rule. For another example, the apparatus may further include: the forwarding determining module 514 may be configured to not forward the packet of the packet data in hardware if the packet data hits the preset detection rule.
The device provided in the embodiments of the present disclosure is not limited to a specific embodiment of determining whether the data hits the preset detection rule according to the read hit information. For example, as shown in fig. 6, the hit determination module 510 may be configured to determine that the data hits the preset detection rule if hit information is read from each of the memory addresses of the plurality of read accesses, and determine that the data misses the preset detection rule if hit information is not read from at least one memory address of the read accesses.
Specifically, for example, the hit determination module 510 may include:
hit value determination sub-module 5102 may be configured to determine that the hit value of the read access is true if hit information is read from the memory address of the read access, and to determine that the hit value of the read access is false if hit information is not read from the memory address of the read access.
The hit value operation sub-module 5104 may be configured to logically sum hit values of the plurality of read accesses.
The hit determination submodule 5106 may be configured to hit the preset detection rule by the data if the logical sum operation result of the hit values of the plurality of read accesses is true, and miss the preset detection rule by the data if the logical sum operation result of the hit values of the plurality of read accesses is false.
The foregoing is a schematic scheme of an apparatus for storing detection data based on a memory according to this embodiment. It should be noted that, the technical solution of the device for storing detection data based on the memory and the technical solution of the method for storing detection data based on the memory belong to the same concept, and details of the technical solution of the device for storing detection data based on the memory, which are not described in detail, can be referred to the description of the technical solution of the method for storing detection data based on the memory.
Fig. 7 is a schematic structural diagram of a network card according to an embodiment of the present disclosure. As shown in fig. 7, the network card may include: computing device 702, and memory 704, wherein:
the computing device 702 may be configured to store, in advance, a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access, where memory addresses of the plurality of pieces of hit information respectively perform hash calculation determination on the preset detection rule based on a plurality of preset hash functions; acquiring data; calculating a plurality of hash values corresponding to the data based on a plurality of preset hash functions; a plurality of concurrent read accesses are sent to the memory to read hit information, wherein the memory addresses of the read accesses are respectively determined according to the hash values; and determining whether the data hits the preset detection rule according to the read hit information.
The memory 704 may be configured to store a plurality of hit information corresponding to at least one preset detection rule.
The computing device 702 of the network card stores a plurality of pieces of hit information corresponding to at least one preset detection rule in the memory 704 supporting concurrent access in advance, wherein each memory address of the plurality of pieces of hit information carries out hash calculation determination on the preset detection rule based on a plurality of preset hash functions, after data are acquired, a plurality of hash values corresponding to the data are calculated based on the plurality of preset hash functions, and concurrent read accesses are sent to the memory to read out the hit information, wherein the memory addresses of the plurality of read accesses are determined according to the plurality of hash values, so that whether the data hit the preset detection rule can be determined quickly according to the read hit information, the detection speed is high, the performance is high, and the development requirement of a cloud network can be met.
The memory may be implemented based on RAM or any other memory technology, so long as multiple concurrent accesses are supported. For example, the memory 704 may include multiple independent memories as shown in fig. 7 and 3. Accordingly, the computing device 702 may be configured to determine, according to a one-to-one correspondence between the hash function and the independent memory, the independent memories to which the plurality of read accesses respectively correspond; and sending out the concurrent read accesses to the independent memory blocks.
Fig. 8 illustrates a block diagram of a computing device 800 provided in accordance with one embodiment of the present description. The components of computing device 800 include, but are not limited to, memory 810 and processor 820. Processor 820 is coupled to memory 810 through bus 830 and database 850 is used to hold data.
Computing device 800 also includes access device 840, access device 840 enabling computing device 800 to communicate via one or more networks 860. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 840 may include one or more of any type of network interface, wired or wireless (e.g., a Network Interface Card (NIC)), such as an ieee 802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.
In one embodiment of the present description, the above-described components of computing device 800, as well as other components not shown in FIG. 8, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device illustrated in FIG. 8 is for exemplary purposes only and is not intended to limit the scope of the present description. Those skilled in the art may add or replace other components as desired.
Computing device 800 may be any type of stationary or mobile computing device including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smart phone), wearable computing device (e.g., smart watch, smart glasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 800 may also be a mobile or stationary server.
Wherein the processor 820 is configured to execute computer-executable instructions that, when executed by the processor, perform the steps of the method for storing test data based on memory described above.
The foregoing is a schematic illustration of a computing device of this embodiment. It should be noted that, the technical solution of the computing device and the technical solution of the method for storing detection data based on the memory belong to the same concept, and details of the technical solution of the computing device, which are not described in detail, can be referred to the description of the technical solution of the method for storing detection data based on the memory.
An embodiment of the present disclosure also provides a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the steps of the method for storing detection data based on memory described above.
The above is an exemplary version of a computer-readable storage medium of the present embodiment. It should be noted that, the technical solution of the storage medium and the technical solution of the method for storing detection data based on the memory belong to the same concept, and details of the technical solution of the storage medium which are not described in detail can be referred to the description of the technical solution of the method for storing detection data based on the memory.
An embodiment of the present disclosure further provides a computer program, where the computer program, when executed in a computer, causes the computer to perform the steps of the method for storing detection data based on a memory.
The above is an exemplary version of a computer program of the present embodiment. It should be noted that, the technical solution of the computer program and the technical solution of the method for storing detection data based on the memory belong to the same concept, and details of the technical solution of the computer program, which are not described in detail, can be referred to the description of the technical solution of the method for storing detection data based on the memory.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The computer instructions include computer program code that may be in source code form, object code form, executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier wave signal, a telecommunication signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the embodiments are not limited by the order of actions described, as some steps may be performed in other order or simultaneously according to the embodiments of the present disclosure. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all required for the embodiments described in the specification.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
The preferred embodiments of the present specification disclosed above are merely used to help clarify the present specification. Alternative embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the teaching of the embodiments. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the invention. This specification is to be limited only by the claims and the full scope and equivalents thereof.
Claims (12)
1. A method for storing detection data based on a memory, comprising:
storing a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein the memory addresses of the hit information are respectively used for carrying out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions;
acquiring data;
calculating a plurality of hash values corresponding to the data based on a plurality of preset hash functions;
a plurality of concurrent read accesses are sent to the memory to read hit information, wherein the memory addresses of the read accesses are respectively determined according to the hash values;
and determining whether the data hits the preset detection rule according to the read hit information.
2. The method of claim 1, the memory comprising a plurality of independent memories, concurrent access being supported between the plurality of independent memories, the hash function being in a one-to-one correspondence with the independent memories;
the issuing of concurrent read accesses to the memory to read out hit information includes:
determining the independent memories corresponding to the read accesses according to the corresponding relation between the hash function and the independent memories;
and sending out the concurrent read accesses to the independent memories.
3. The method of claim 1, wherein the method is applied to a network card, and the data is message data.
4. A method according to claim 3, further comprising:
and if the message data hits the preset detection rule, determining that the message data is abnormal.
5. A method according to claim 3, further comprising:
and if the message data hits the preset detection rule, not forwarding the data packet of the message data by hardware.
6. The method of claim 1, the determining whether the data hits the preset detection rule according to the read hit information, comprising:
if hit information is read from all the memory addresses accessed by the plurality of reads, determining that the data hits the preset detection rule;
and if at least one memory address accessed by reading does not read hit information, determining that the data does not hit the preset detection rule.
7. The method of claim 6, the determining whether the data hits the preset detection rule according to the read hit information, comprising:
if hit information is read from the memory address of the read access, the hit value of the read access is true;
if hit information is not read from the memory address of the read access, the hit value of the read access is false;
performing logical sum operation on hit values of the plurality of read accesses;
if the logical sum operation result of the hit values of the plurality of read accesses is true, the data hits the preset detection rule;
if the logical sum operation result of the hit values of the plurality of read accesses is false, the data does not hit the preset detection rule.
8. An apparatus for storing detection data based on a memory, comprising:
the rule configuration module is configured to store a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein the memory addresses of the hit information are respectively used for carrying out hash calculation and determination on the preset detection rule based on a plurality of preset hash functions;
a data acquisition module configured to acquire data;
the hash calculation module is configured to calculate a plurality of hash values corresponding to the data based on a plurality of preset hash functions;
the concurrent access module is configured to send out concurrent multiple read accesses to the memory to read out hit information, wherein the memory addresses of the multiple read accesses are respectively determined according to the multiple hash values;
and the hit judgment module is configured to determine whether the data hits the preset detection rule according to the read hit information.
9. A network card, comprising: a computing device, and a memory, wherein,
the computing device is configured to store a plurality of pieces of hit information corresponding to at least one preset detection rule in a memory supporting concurrent access in advance, wherein memory addresses of the hit information are respectively determined by carrying out hash calculation on the preset detection rule based on a plurality of preset hash functions; acquiring data; calculating a plurality of hash values corresponding to the data based on a plurality of preset hash functions; a plurality of concurrent read accesses are sent to the memory to read hit information, wherein the memory addresses of the read accesses are respectively determined according to the hash values; determining whether the data hits the preset detection rule according to the read hit information;
the memory is configured to store a plurality of hit information corresponding to at least one preset detection rule.
10. The network card of claim 9, the memory comprising a plurality of independent memories;
the computing device is configured to determine the independent memories respectively corresponding to the plurality of read accesses according to a one-to-one correspondence between the hash function and the independent memories; and sending out the concurrent read accesses to the independent memory blocks.
11. A computing device, comprising:
a memory and a processor;
the memory is configured to store computer executable instructions, and the processor is configured to execute the computer executable instructions, which when executed by the processor, implement the steps of the method for storing test data based on memory of any one of claims 1 to 7.
12. A computer readable storage medium storing computer executable instructions which when executed by a processor perform the steps of the method of storing detection data based on memory of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210134818.7A CN114584482B (en) | 2022-02-14 | 2022-02-14 | Method, device and network card for storing detection data based on memory |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210134818.7A CN114584482B (en) | 2022-02-14 | 2022-02-14 | Method, device and network card for storing detection data based on memory |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114584482A CN114584482A (en) | 2022-06-03 |
| CN114584482B true CN114584482B (en) | 2023-09-08 |
Family
ID=81771038
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210134818.7A Active CN114584482B (en) | 2022-02-14 | 2022-02-14 | Method, device and network card for storing detection data based on memory |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114584482B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115664743A (en) * | 2022-10-17 | 2023-01-31 | 浙江网商银行股份有限公司 | Behavior detection method and device |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868571A (en) * | 2012-08-07 | 2013-01-09 | 华为技术有限公司 | Method and device for rule matching |
| CN104536724A (en) * | 2014-12-25 | 2015-04-22 | 华中科技大学 | Hash table concurrent access performance optimization method under multi-core environment |
| CN104615750A (en) * | 2015-02-12 | 2015-05-13 | 中国农业银行股份有限公司 | Realization method of main memory database under host system |
| CN104809179A (en) * | 2015-04-16 | 2015-07-29 | 华为技术有限公司 | Device and method for accessing Hash table |
| US9537972B1 (en) * | 2014-02-20 | 2017-01-03 | Fireeye, Inc. | Efficient access to sparse packets in large repositories of stored network traffic |
| US9992094B1 (en) * | 2016-06-27 | 2018-06-05 | Amazon Technologies, Inc. | Adaptive forwarding tables |
| WO2018177184A1 (en) * | 2017-03-31 | 2018-10-04 | 深圳市中兴微电子技术有限公司 | Method and device for implementing table lookup processing, apparatus, and storage medium |
| CN111221823A (en) * | 2019-12-31 | 2020-06-02 | 上海铿诚智能科技有限公司 | Data processing method and device based on link management table |
| CN111400307A (en) * | 2020-02-20 | 2020-07-10 | 上海交通大学 | Persistent hash table access system supporting remote concurrent access |
| WO2020217640A1 (en) * | 2019-04-26 | 2020-10-29 | 株式会社アクセル | Information processing device |
| CN112583797A (en) * | 2020-11-30 | 2021-03-30 | 深圳力维智联技术有限公司 | Multi-protocol data processing method, device, equipment and computer readable storage medium |
| CN112947856A (en) * | 2021-02-05 | 2021-06-11 | 彩讯科技股份有限公司 | Memory data management method and device, computer equipment and storage medium |
| CN113141400A (en) * | 2021-04-14 | 2021-07-20 | 网宿科技股份有限公司 | Network service access method and device |
| CN113297101A (en) * | 2020-09-30 | 2021-08-24 | 阿里云计算有限公司 | Method and device for hash cache |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9621446B2 (en) * | 2012-10-26 | 2017-04-11 | Comscore, Inc. | Combining measurements based on beacon data |
| US9256548B2 (en) * | 2012-11-29 | 2016-02-09 | Cisco Technology, Inc. | Rule-based virtual address translation for accessing data |
| CN107113282A (en) * | 2014-12-30 | 2017-08-29 | 华为技术有限公司 | A kind of method and device for extracting data message |
-
2022
- 2022-02-14 CN CN202210134818.7A patent/CN114584482B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102868571A (en) * | 2012-08-07 | 2013-01-09 | 华为技术有限公司 | Method and device for rule matching |
| US9537972B1 (en) * | 2014-02-20 | 2017-01-03 | Fireeye, Inc. | Efficient access to sparse packets in large repositories of stored network traffic |
| CN104536724A (en) * | 2014-12-25 | 2015-04-22 | 华中科技大学 | Hash table concurrent access performance optimization method under multi-core environment |
| CN104615750A (en) * | 2015-02-12 | 2015-05-13 | 中国农业银行股份有限公司 | Realization method of main memory database under host system |
| CN104809179A (en) * | 2015-04-16 | 2015-07-29 | 华为技术有限公司 | Device and method for accessing Hash table |
| US9992094B1 (en) * | 2016-06-27 | 2018-06-05 | Amazon Technologies, Inc. | Adaptive forwarding tables |
| WO2018177184A1 (en) * | 2017-03-31 | 2018-10-04 | 深圳市中兴微电子技术有限公司 | Method and device for implementing table lookup processing, apparatus, and storage medium |
| WO2020217640A1 (en) * | 2019-04-26 | 2020-10-29 | 株式会社アクセル | Information processing device |
| CN111221823A (en) * | 2019-12-31 | 2020-06-02 | 上海铿诚智能科技有限公司 | Data processing method and device based on link management table |
| CN111400307A (en) * | 2020-02-20 | 2020-07-10 | 上海交通大学 | Persistent hash table access system supporting remote concurrent access |
| CN113297101A (en) * | 2020-09-30 | 2021-08-24 | 阿里云计算有限公司 | Method and device for hash cache |
| CN112583797A (en) * | 2020-11-30 | 2021-03-30 | 深圳力维智联技术有限公司 | Multi-protocol data processing method, device, equipment and computer readable storage medium |
| CN112947856A (en) * | 2021-02-05 | 2021-06-11 | 彩讯科技股份有限公司 | Memory data management method and device, computer equipment and storage medium |
| CN113141400A (en) * | 2021-04-14 | 2021-07-20 | 网宿科技股份有限公司 | Network service access method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114584482A (en) | 2022-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109885452B (en) | Performance monitoring method and device and terminal equipment | |
| CN104518917A (en) | Automatic server patrol inspection method | |
| CN114584482B (en) | Method, device and network card for storing detection data based on memory | |
| CN114640726B (en) | Message processing method, device, system and storage medium | |
| CN110784345A (en) | Network traffic processing method and device, electronic equipment and machine-readable storage medium | |
| CN111327466B (en) | Alarm analysis method, system, equipment and medium | |
| CN113535721A (en) | Data writing method and device | |
| CN112214465A (en) | Log storage system and method | |
| CN115396528A (en) | Quic data transmission method and device based on protocol family | |
| US20190324930A1 (en) | Method, device and computer program product for enabling sr-iov functions in endpoint device | |
| CN114546676A (en) | Cloud desktop file copying method, device and equipment | |
| CN104144170A (en) | URL filtering method, device and system | |
| CN108009036B (en) | Method for positioning operation causing data abnormity and server | |
| WO2017035938A1 (en) | Method and apparatus for switching bandwidth setting | |
| CN109905486B (en) | Application program identification display method and device | |
| CN114025014B (en) | Asset detection method and device, electronic equipment and storage medium | |
| CN112566096B (en) | Method, device and equipment for acquiring LTE user position change information | |
| CN113297110A (en) | Data acquisition system, method and device | |
| CN112291212B (en) | Static rule management method and device, electronic equipment and storage medium | |
| CN112243258B (en) | Method and device for determining user perception rate | |
| CN113132273B (en) | Data forwarding method and device | |
| CN110503504B (en) | Information identification method, device and equipment of network product | |
| CN113467823A (en) | Configuration information acquisition method, device, system and storage medium | |
| CN111625341A (en) | Task scheduling management method and device | |
| CN112511441A (en) | Message processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |