CN114978950B - Network algorithm calling method and system based on FPGA and CPU cooperation - Google Patents
Network algorithm calling method and system based on FPGA and CPU cooperation Download PDFInfo
- Publication number
- CN114978950B CN114978950B CN202210622786.5A CN202210622786A CN114978950B CN 114978950 B CN114978950 B CN 114978950B CN 202210622786 A CN202210622786 A CN 202210622786A CN 114978950 B CN114978950 B CN 114978950B
- Authority
- CN
- China
- Prior art keywords
- fpga
- cpu
- message
- module
- configuration management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 239000000284 extract Substances 0.000 claims abstract description 11
- 230000004913 activation Effects 0.000 claims description 7
- 230000002194 synthesizing effect Effects 0.000 claims description 6
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 238000003786 synthesis reaction Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 46
- 230000008569 process Effects 0.000 description 9
- 238000005457 optimization Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A network algorithm calling method and system based on FPGA and CPU cooperation, the method includes the steps that the type of a network data packet is identified by the FPGA: if the network data packet is a configuration management data message, the FPGA forwards the configuration management data message to the CPU; the CPU receives a network data packet forwarded by the FPGA, the CPU identifies the type of the network data packet, if the network data packet is a configuration management data message, the CPU synthesizes algorithm parameters from the configuration management data message and the local password resource, the CPU sends the synthesized algorithm parameters to the FPGA, and the FPGA configures the algorithm parameters into an algorithm; if the network data packet is a service message, a handle is acquired from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from the context table entry space and carries out cryptographic operation. The application shortens the call flow, reduces the occupation of the CPU time of the system and improves the response speed.
Description
Technical Field
The application relates to the technical field of computer network communication, in particular to a network algorithm calling method and system based on FPGA and CPU cooperation.
Background
The network algorithm call is a basic network application, and its operation includes a Client deployed on PC and a Server and algorithm engine deployed on Server. The existing Server cipher machine mostly adopts a high-performance network processor and a high-performance algorithm card to be matched with each other for use, wherein the network processor runs a Server program and is responsible for establishing a connection relationship with clients to finish data interaction with the clients; the high-performance algorithm card mainly serves as an algorithm engine to provide algorithm service, and a PCIe mode is conventionally used to provide algorithm service for a network processor.
In the prior art, firstly, a Server deployed on a Server is required to receive data, then algorithm service of an algorithm engine is called, and finally the calculated data is transmitted to clients, so that the whole flow path is overlong, and the processing time delay is overlong. Meanwhile, the network processing capacity of the CPU is easy to become a bottleneck for restricting the calling performance due to the participation of the CPU. How to shorten the call flow, reduce the pressure of the CPU, and improve the overall performance is a technical problem to be solved.
Disclosure of Invention
Therefore, the application provides a network algorithm calling method and system based on FPGA and CPU cooperation, which are used for solving the problems of longer processing delay, overlarge CPU pressure and poor overall performance in the traditional technology.
In order to achieve the above object, the present application provides the following technical solutions: a network algorithm calling method based on FPGA and CPU cooperation comprises the following steps:
the FPGA receives a network data packet, and the FPGA identifies the type of the network data packet:
if the network data packet is a data message for configuration management, the FPGA judges whether the data message format for configuration management is correct, and if the data message format for configuration management is correct, the FPGA forwards the data message for configuration management to the CPU; the CPU receives the network data packet forwarded by the FPGA, the CPU identifies the type of the network data packet, if the network data packet is a configuration management data message, the CPU judges whether the configuration management data message format is correct, if the configuration management data message format is correct, the CPU synthesizes algorithm parameters from the configuration management data message and the local password resource, the CPU sends the synthesized algorithm parameters to the FPGA, and the FPGA configures the algorithm parameters into an algorithm;
if the network data packet is a service message, the FPGA judges whether the format of the data message for configuration management is correct, if the format of the service message is correct, a handle is acquired from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation.
As a preferable scheme of a network algorithm calling method based on the cooperation of the FPGA and the CPU, when the FPGA extracts a secret key and context information from a context table entry space to carry out password operation, judging whether the service message is the last packet according to a flag mark in the service message, if the service message is the last packet, returning a data packet, disconnecting the service by the CPU, and setting a handle and the context information to be in a failure state by the FPGA.
As a network algorithm calling method optimization scheme based on the cooperation of the FPGA and the CPU, the handle and the context information in the failure state in the FPGA are cleared.
As a network algorithm calling method optimization scheme based on the cooperation of the FPGA and the CPU, if the service message is not the last packet, the FPGA refreshes the intermediate chain variable after the operation is finished into the context information; the data packet is then returned to the host.
As a network algorithm calling method optimization scheme based on the cooperation of the FPGA and the CPU, if the context information is not searched according to the handle, the FPGA sends a key negotiation application message to the CPU, the CPU starts message negotiation after receiving the key negotiation application message sent by the FPGA, and the CPU acquires the service key and the parameter information and forwards the service key and the parameter information to the FPGA;
the FPGA creates a handle, synthesizes key information and context initialization parameters; updating the service key and the parameter information as context information into an FPGA address space; setting the handle as a valid identifier, and enabling the handle and the context information to be in an activated state.
The application also provides a network algorithm calling system based on the cooperation of the FPGA and the CPU, which comprises an FPGA processing unit and a CPU processing unit;
the FPGA processing unit comprises:
the first data receiving module is used for receiving the network data packet by the FPGA;
the first data identification module is used for identifying the type of the network data packet by the FPGA;
the first format judging module is used for judging whether the format of the data message for configuration management is correct or not by the FPGA if the network data packet is the data message for configuration management;
the first data forwarding module is used for forwarding the data message of the configuration management to the CPU processing unit by the FPGA if the data message of the configuration management is in a correct format;
the parameter configuration module is used for configuring algorithm parameters into an algorithm by the FPGA;
the CPU processing unit includes:
the second data receiving module is used for receiving the network data packet forwarded by the FPGA by the CPU;
the second data identification module is used for identifying the type of the network data packet by the CPU;
the second format judging module is used for judging whether the format of the data message for configuration management is correct or not by the CPU if the network data packet is the data message for configuration management;
the parameter synthesis module is used for synthesizing algorithm parameters by the CPU through the configuration management data message and the local password resource if the configuration management data message is in a correct format;
and the second data forwarding module is used for sending the synthesized algorithm parameters to the FPGA by the CPU.
As a network algorithm calling system optimization scheme based on the cooperation of the FPGA and the CPU, the FPGA processing unit further comprises a message ending judging module, which is used for judging whether the service message is the last packet according to the flag identification in the service message when the FPGA extracts the secret key and the context information from the context table entry space to carry out the password operation;
the CPU processing unit also comprises a service disconnection module, which is used for disconnecting the service connection by the CPU when the data packet is returned if the service message is the last packet;
the FPGA processing unit further comprises a failure configuration module used for setting the handle and the context information to be in a failure state.
As a network algorithm calling system optimization scheme based on the cooperation of the FPGA and the CPU, the FPGA processing unit further comprises a failure clearing module for clearing the handle and the context information in the failure state in the FPGA.
As a network algorithm calling system optimization scheme based on the cooperation of the FPGA and the CPU, the FPGA processing unit further comprises a variable refreshing module, wherein the variable refreshing module is used for refreshing the intermediate chain variable after the operation is finished into the context information if the service message is not the last packet; the data packet is then returned to the host.
The FPGA processing unit further comprises a negotiation application module used for sending a key negotiation application message to the CPU if the context information is not searched according to the handle as a network algorithm calling system optimization scheme based on the cooperation of the FPGA and the CPU;
the CPU processing unit also comprises a message negotiation module which is used for starting message negotiation after the CPU receives a key negotiation application message sent by the FPGA;
the CPU processing unit also comprises a parameter acquisition and forwarding module, which is used for the CPU to acquire the service key and parameter information and forward the service key and parameter information to the FPGA;
the FPGA processing unit further comprises a handle creation module, which is used for creating a handle, synthesizing key information and context initialization parameters by the FPGA;
the FPGA processing unit also comprises a context updating module which is used for updating the service key and the parameter information into an FPGA address space as context information;
the FPGA processing unit further comprises an activation configuration module, wherein the activation configuration module is used for setting the handle as a valid identifier, so that the handle and the context information are in an activation state.
The application has the following advantages: receiving a network data packet through an FPGA, and identifying the type of the network data packet by the FPGA: if the network data packet is a data message for configuration management, the FPGA judges whether the data message format for configuration management is correct, and if the data message format for configuration management is correct, the FPGA forwards the data message for configuration management to the CPU; the CPU receives a network data packet forwarded by the FPGA, the CPU identifies the type of the network data packet, if the network data packet is a data message for configuration management, the CPU judges whether the data message format for configuration management is correct, if the data message format for configuration management is correct, the CPU synthesizes algorithm parameters from the data message for configuration management and the local password resource, the CPU sends the synthesized algorithm parameters to the FPGA, and the FPGA configures the algorithm parameters into an algorithm; if the network data packet is a service message, the FPGA judges whether the format of the data message for configuration management is correct, if the format of the service message is correct, a handle is acquired from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation. The application can bear a large amount of password operation and scheduling operation in the network data processing process by the FPGA hardware, shortens the call flow, reduces the occupation of the CPU time of the system, can improve the response speed and is beneficial to reducing the network data transmission delay; the service message is not in the system memory and is not easy to be tampered by other software, so that the security of the network system is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It will be apparent to those skilled in the art from this disclosure that the drawings described below are merely exemplary and that other embodiments may be derived from the drawings provided without undue effort.
The structures, proportions, sizes, etc. shown in the present specification are shown only for the purposes of illustration and description, and are not intended to limit the scope of the application, which is defined by the claims, so that any structural modifications, changes in proportions, or adjustments of sizes, which do not affect the efficacy or the achievement of the present application, should fall within the scope of the application.
Fig. 1 is a schematic diagram of an FPGA processing flow in a network algorithm calling method based on cooperation of an FPGA and a CPU according to embodiment 1 of the present application;
fig. 2 is a schematic diagram of a CPU processing flow in the network algorithm calling method based on FPGA and CPU cooperation provided in embodiment 1 of the present application;
fig. 3 is a schematic diagram of a network algorithm calling system based on cooperation of FPGA and CPU according to embodiment 2 of the present application.
Detailed Description
Other advantages and advantages of the present application will become apparent to those skilled in the art from the following detailed description, which, by way of illustration, is to be read in connection with certain specific embodiments, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Example 1
Referring to fig. 1 and fig. 2, embodiment 1 of the present application provides a network algorithm calling method based on cooperation of an FPGA and a CPU, wherein the algorithm is called in a cooperative manner by cooperation of the FPGA and the CPU, and the implementation process includes an FPGA processing flow and a CPU processing flow, and a cooperative relationship exists between the FPGA processing flow and the CPU processing flow, and specific implementation steps are as follows.
The FPGA processing flow is as follows:
s001: resetting is completed after the FPGA is powered on, a network interface of the FPGA is initialized, a context table entry space is initialized, and the next step is to step S002;
s002: receiving a network data packet through the initialized MAC interface, classifying the messages according to the type in the data message of the network data packet, and if the messages are the data messages for configuration management, turning to S101 for processing; if the message is a service message, the process goes to S201;
s101: checking that the format of the data message meets the requirement, performing CRC (cyclic redundancy check) field inspection, judging that the data message is normally configured and managed, and then turning to S701, if the data message is wrong, discarding the data message;
s201: checking that the format of the data message meets the requirement, performing CRC field check, judging that the data message is a service message, turning to S202, and discarding the message if the data message is wrong;
s202: acquiring a handle from the message, and turning to S203;
s203: retrieving context information according to the handle retrieval, and turning to S204 next; the corresponding context information is not searched, a key negotiation application message is sent, and S801 is transferred;
s204: extracting a key and context information from the context entry space;
s205: performing cryptographic operation on the data with operators by using the context information and the secret key, and turning to S206;
s206: judging whether the message is the last packet according to the flag mark in the message, returning the data packet if the message is the last packet, and turning to S901, and turning to S207 if the message is not the last packet;
s207: refreshing the intermediate chain variable after the operation is finished into the context information, and turning to S208;
s208: returning the data packet to the host;
s301: creating a handle, synthesizing key information and context initialization parameters;
s302: updating information such as a secret key, an initialization parameter and the like into an FPGA address space as context information;
s303: setting a handle effective identifier to indicate that the handle and the context information are in an activated state;
s401: firstly, setting a handle to be invalid, enabling the handle and the context information to be in an invalid state, and turning to S402;
s402: the context information in the FPGA is cleared, and the process goes to S403;
s403: clearing the handle information;
s501: configuring algorithm parameters to an algorithm;
s502: and after the configuration is finished, the initialization is finished.
The CPU processing flow is as follows:
s601: resetting is completed after the CPU is powered on, operation parameters, network interfaces, cache space and the like are initialized, and the next step is to step S602;
s602: receiving a network data packet forwarded by the FPGA, and classifying the messages according to type: if the configuration management message is the configuration management message, the process goes to S701; if the key agreement request message is the key agreement request message, the process goes to S801; if the service completes the identification message, the processing is transferred to S901;
s701: checking the data format of the message, calculating the CRC of the message, discarding the error message, and transferring the correct message to S702;
s702: synthesizing algorithm parameters together with the local password resource, and turning to S703;
s703: sending the synthesized algorithm parameters to the FPGA, and turning to S501;
s801: starting message negotiation, and turning to S802;
s802: acquiring a service key and parameter information, and turning to S301;
s901: disconnecting the service connection;
s902: the handle is recovered, the context information is cleared, and the next step goes to S401.
In summary, the application receives the network data packet through the FPGA, and the FPGA identifies the type of the network data packet: if the network data packet is a data message for configuration management, the FPGA judges whether the data message format for configuration management is correct, and if the data message format for configuration management is correct, the FPGA forwards the data message for configuration management to the CPU; the CPU receives the network data packet forwarded by the FPGA, the CPU identifies the type of the network data packet, if the network data packet is a configuration management data message, the CPU judges whether the configuration management data message format is correct, if the configuration management data message format is correct, the CPU synthesizes algorithm parameters from the configuration management data message and the local password resource, the CPU sends the synthesized algorithm parameters to the FPGA, and the FPGA configures the algorithm parameters into an algorithm; if the network data packet is a service message, the FPGA judges whether the format of the data message for configuration management is correct, if the format of the service message is correct, a handle is acquired from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation. When the FPGA extracts the secret key and the context information from the context table entry space to carry out the password operation, judging whether the service message is the last packet according to the flag identification in the service message, returning the data packet if the service message is the last packet, disconnecting the service by the CPU, and setting the handle and the context information to be in a failure state by the FPGA. And clearing the handle and the context information in the failure state in the FPGA. If the service message is not the last packet, the FPGA refreshes the intermediate chain variable after the operation is finished into the context information; the data packet is then returned to the host. If the context information is not searched according to the handle, the FPGA sends a key negotiation application message to the CPU, the CPU starts message negotiation after receiving the key negotiation application message sent by the FPGA, and the CPU acquires the service key and the parameter information and forwards the service key and the parameter information to the FPGA; the FPGA creates a handle, synthesizes key information and context initialization parameters; updating the service key and the parameter information as context information into an FPGA address space; setting the handle as a valid identifier, and enabling the handle and the context information to be in an activated state. The FPGA hardware is used for carrying out a large amount of password operation and scheduling operations in the network data processing process, so that the call flow is shortened, the occupation of the CPU time of the system is reduced, the response speed is improved, and the network data transmission delay is reduced; the service message is not in the system memory and is not easy to be tampered by other software, so that the security of the network system is improved.
It should be noted that the method of the embodiments of the present disclosure may be performed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the methods of embodiments of the present disclosure, the devices interacting with each other to accomplish the methods.
It should be noted that the foregoing describes some embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Example 2
Referring to fig. 3, embodiment 2 of the present application provides a network algorithm calling system based on cooperation of FPGA and CPU, which includes an FPGA processing unit 1 and a CPU processing unit 2;
the FPGA processing unit 1 includes:
a first data receiving module 101, configured to receive a network data packet by using an FPGA;
the first data identification module 102 is configured to identify a type of the network data packet by using the FPGA;
a first format judging module 103, configured to, if the network data packet is a configuration management data packet, judge, by the FPGA, whether the configuration management data packet format is correct;
the first data forwarding module 104 is configured to forward the data packet of configuration management to the CPU processing unit by the FPGA if the format of the data packet of configuration management is correct;
a parameter configuration module 105, configured to configure algorithm parameters into an algorithm by the FPGA;
the CPU processing unit 2 includes:
a second data receiving module 201, configured to receive, by using a CPU, the network data packet forwarded by the FPGA;
a second data identification module 202, configured to identify a type of the network data packet by using a CPU;
a second format judging module 203, configured to, if the network data packet is a configuration management data packet, judge whether the configuration management data packet format is correct by the CPU;
the parameter synthesis module 204 is configured to synthesize the algorithm parameter from the configuration management data message and the local password resource by the CPU if the configuration management data message is in a correct format;
and the second data forwarding module 205 is configured to send the synthesized algorithm parameters to the FPGA by the CPU.
In this embodiment, the FPGA processing unit 1 further includes a packet end judging module 106, configured to judge whether the service packet is the last packet according to the flag identifier in the service packet when the FPGA extracts the key and the context information from the context entry space to perform the cryptographic operation;
the CPU processing unit 2 further includes a service disconnection module 206, configured to disconnect the service by the CPU when the data packet is returned if the service packet is the last packet;
the FPGA processing unit 1 further comprises a failure configuration module 107, configured to enable the FPGA setup handle and the context information to be in a failure state.
In this embodiment, the FPGA processing unit 1 further includes a failure clearing module 108, configured to clear the handle and the context information in the FPGA that are in the failure state.
In this embodiment, the FPGA processing unit 1 further includes a variable refreshing module 109, configured to refresh, if the service packet is not the last packet, the intermediate chain variable after the operation is finished into the context information by the FPGA; the data packet is then returned to the host.
In this embodiment, the FPGA processing unit 1 further includes a negotiation application module 110, configured to send a key negotiation application message to the CPU by the FPGA if the context information is not retrieved according to the handle;
the CPU processing unit 2 further includes a message negotiation module 207, configured to start message negotiation after the CPU receives a key negotiation application message sent by the FPGA;
the CPU processing unit 2 further includes a parameter obtaining and forwarding module 208, configured to obtain a service key and parameter information by using the CPU, and forward the service key and parameter information to the FPGA;
the FPGA processing unit 1 further includes a handle creation module 111, configured to create a handle, and synthesize key information and context initialization parameters by using the FPGA;
the FPGA processing unit 1 further includes a context updating module 112, configured to update the service key and the parameter information as context information into the FPGA address space;
the FPGA processing unit 1 further includes an activation configuration module 113, configured to set the handle to a valid identifier, so that the handle and the context information are in an activated state.
It should be noted that, because the content of information interaction and execution process between the modules/units of the above system is based on the same concept as the method embodiment in the embodiment 1 of the present application, the technical effects brought by the content are the same as the method embodiment of the present application, and the specific content can be referred to the description in the foregoing illustrated method embodiment of the present application, which is not repeated herein.
Example 3
Embodiment 3 of the present application provides a non-transitory computer readable storage medium, in which program code for a network algorithm calling method based on FPGA and CPU cooperation is stored, the program code including instructions for executing the network algorithm calling method based on FPGA and CPU cooperation of embodiment 1 or any possible implementation thereof.
Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk (SolidStateDisk, SSD)), etc.
Example 4
Embodiment 4 of the present application provides an electronic device, including: a memory and a processor;
the processor and the memory complete communication with each other through a bus; the memory stores program instructions executable by the processor, and the processor invokes the program instructions to perform the network algorithm invoking method based on cooperation of FPGA and CPU in embodiment 1 or any possible implementation thereof.
Specifically, the processor may be implemented by hardware or software, and when implemented by hardware, the processor may be a logic circuit, an integrated circuit, or the like; when implemented in software, the processor may be a general-purpose processor, implemented by reading software code stored in a memory, which may be integrated in the processor, or may reside outside the processor, and which may reside separately.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.).
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may alternatively be implemented in program code executable by computing devices, so that they may be stored in a memory device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module for implementation. Thus, the present application is not limited to any specific combination of hardware and software.
While the application has been described in detail in the foregoing general description and specific examples, it will be apparent to those skilled in the art that modifications and improvements can be made thereto. Accordingly, such modifications or improvements may be made without departing from the spirit of the application and are intended to be within the scope of the application as claimed.
Claims (2)
1. The network algorithm calling method based on the cooperation of the FPGA and the CPU is characterized by comprising the following steps:
the FPGA receives a network data packet, and the FPGA identifies the type of the network data packet:
if the network data packet is a data message for configuration management, the FPGA judges whether the data message format for configuration management is correct, and if the data message format for configuration management is correct, the FPGA forwards the data message for configuration management to the CPU; the CPU receives the network data packet forwarded by the FPGA, the CPU identifies the type of the network data packet, if the network data packet is a configuration management data message, the CPU judges whether the configuration management data message format is correct, if the configuration management data message format is correct, the CPU synthesizes algorithm parameters from the configuration management data message and the local password resource, the CPU sends the synthesized algorithm parameters to the FPGA, and the FPGA configures the algorithm parameters into an algorithm;
if the network data packet is a service message, the FPGA judges whether the format of the data message for configuration management is correct, if the format of the service message is correct, a handle is obtained from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation;
when the FPGA extracts a secret key and context information from a context table entry space to carry out password operation, judging whether the service message is the last packet according to a flag mark in the service message, returning a data packet if the service message is the last packet, disconnecting the service by a CPU, and setting a handle and the context information to be in a failure state by the FPGA;
clearing the handle and the context information in the FPGA in the failure state;
if the service message is not the last packet, the FPGA refreshes the intermediate chain variable after the operation is finished into the context information; then the data packet is returned to the host;
if the context information is not searched according to the handle, the FPGA sends a key negotiation application message to the CPU, the CPU starts message negotiation after receiving the key negotiation application message sent by the FPGA, and the CPU acquires the service key and the parameter information and forwards the service key and the parameter information to the FPGA;
the FPGA creates a handle, synthesizes key information and context initialization parameters; updating the service key and the parameter information as context information into an FPGA address space; setting the handle as a valid identifier, and enabling the handle and the context information to be in an activated state.
2. The network algorithm calling system based on the cooperation of the FPGA and the CPU is characterized by comprising an FPGA processing unit and a CPU processing unit;
the FPGA processing unit comprises:
the first data receiving module is used for receiving the network data packet by the FPGA;
the first data identification module is used for identifying the type of the network data packet by the FPGA;
the first format judging module is used for judging whether the format of the data message for configuration management is correct or not by the FPGA if the network data packet is the data message for configuration management;
the first data forwarding module is used for forwarding the data message of the configuration management to the CPU processing unit by the FPGA if the data message of the configuration management is in a correct format;
the parameter configuration module is used for configuring algorithm parameters into an algorithm by the FPGA;
the CPU processing unit includes:
the second data receiving module is used for receiving the network data packet forwarded by the FPGA by the CPU;
the second data identification module is used for identifying the type of the network data packet by the CPU;
the second format judging module is used for judging whether the format of the data message for configuration management is correct or not by the CPU if the network data packet is the data message for configuration management;
the parameter synthesis module is used for synthesizing algorithm parameters by the CPU through the configuration management data message and the local password resource if the configuration management data message is in a correct format;
the second data forwarding module is used for sending the synthesized algorithm parameters to the FPGA by the CPU;
the FPGA processing unit further comprises a message ending judging module which is used for judging whether the service message is the last packet according to the flag identification in the service message when the FPGA extracts the secret key and the context information from the context table entry space to carry out the password operation;
the CPU processing unit also comprises a service disconnection module, which is used for disconnecting the service connection by the CPU when the data packet is returned if the service message is the last packet;
the FPGA processing unit further comprises a failure configuration module, wherein the failure configuration module is used for setting a handle and context information to be in a failure state by the FPGA;
the FPGA processing unit further comprises a failure clearing module, which is used for clearing the handle and the context information in the failure state in the FPGA;
the FPGA processing unit further comprises a variable refreshing module, wherein the variable refreshing module is used for refreshing the intermediate chain variable after the operation is finished into the context information if the service message is not the last packet; then the data packet is returned to the host;
the FPGA processing unit further comprises a negotiation application module, and is used for sending a key negotiation application message to the CPU if the context information is not searched according to the handle;
the CPU processing unit also comprises a message negotiation module which is used for starting message negotiation after the CPU receives a key negotiation application message sent by the FPGA;
the CPU processing unit also comprises a parameter acquisition and forwarding module, which is used for the CPU to acquire the service key and parameter information and forward the service key and parameter information to the FPGA;
the FPGA processing unit further comprises a handle creation module, which is used for creating a handle, synthesizing key information and context initialization parameters by the FPGA;
the FPGA processing unit also comprises a context updating module which is used for updating the service key and the parameter information into an FPGA address space as context information;
the FPGA processing unit further comprises an activation configuration module, wherein the activation configuration module is used for setting the handle as a valid identifier, so that the handle and the context information are in an activation state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210622786.5A CN114978950B (en) | 2022-06-02 | 2022-06-02 | Network algorithm calling method and system based on FPGA and CPU cooperation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210622786.5A CN114978950B (en) | 2022-06-02 | 2022-06-02 | Network algorithm calling method and system based on FPGA and CPU cooperation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114978950A CN114978950A (en) | 2022-08-30 |
| CN114978950B true CN114978950B (en) | 2023-10-27 |
Family
ID=82958917
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210622786.5A Active CN114978950B (en) | 2022-06-02 | 2022-06-02 | Network algorithm calling method and system based on FPGA and CPU cooperation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978950B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145173A (en) * | 2006-09-12 | 2008-03-19 | 国际商业机器公司 | System and method for securely saving and restoring a context of a secure program loader |
| CN104519055A (en) * | 2014-12-11 | 2015-04-15 | 曙光信息产业(北京)有限公司 | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server |
| CN107526963A (en) * | 2017-08-30 | 2017-12-29 | 深圳市风云实业有限公司 | Cipher key lookup equipment, method and computer-readable recording medium |
| CN111224773A (en) * | 2018-11-26 | 2020-06-02 | 山东量子科学技术研究院有限公司 | Quantum key management equipment |
| CN111917552A (en) * | 2020-06-23 | 2020-11-10 | 深圳奥联信息安全技术有限公司 | Handle authority control method, device and system based on identification key |
| CN112491887A (en) * | 2019-09-25 | 2021-03-12 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing operation of virtual machine based on FPGA |
| CN112910932A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method, device and system |
| CN112910646A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method and device of server cipher machine and server cipher machine |
| WO2021109275A1 (en) * | 2019-12-05 | 2021-06-10 | 广东省新一代通信与网络创新研究院 | Fpga device-based network-defined storage method, reading method and system |
| CN113194097A (en) * | 2021-04-30 | 2021-07-30 | 北京数盾信息科技有限公司 | Data processing method and device for security gateway and security gateway |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10009428B2 (en) * | 2015-12-07 | 2018-06-26 | Dell Products L.P. | Method and system for reconnecting server message block (SMB) clients to persistent file handles |
| CN110061992B (en) * | 2019-04-22 | 2021-12-24 | 杭州迪普科技股份有限公司 | Method for dynamically configuring FPGA and network security equipment |
-
2022
- 2022-06-02 CN CN202210622786.5A patent/CN114978950B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145173A (en) * | 2006-09-12 | 2008-03-19 | 国际商业机器公司 | System and method for securely saving and restoring a context of a secure program loader |
| CN104519055A (en) * | 2014-12-11 | 2015-04-15 | 曙光信息产业(北京)有限公司 | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server |
| CN107526963A (en) * | 2017-08-30 | 2017-12-29 | 深圳市风云实业有限公司 | Cipher key lookup equipment, method and computer-readable recording medium |
| CN111224773A (en) * | 2018-11-26 | 2020-06-02 | 山东量子科学技术研究院有限公司 | Quantum key management equipment |
| CN112491887A (en) * | 2019-09-25 | 2021-03-12 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing operation of virtual machine based on FPGA |
| WO2021109275A1 (en) * | 2019-12-05 | 2021-06-10 | 广东省新一代通信与网络创新研究院 | Fpga device-based network-defined storage method, reading method and system |
| CN111917552A (en) * | 2020-06-23 | 2020-11-10 | 深圳奥联信息安全技术有限公司 | Handle authority control method, device and system based on identification key |
| CN112910932A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method, device and system |
| CN112910646A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method and device of server cipher machine and server cipher machine |
| CN113194097A (en) * | 2021-04-30 | 2021-07-30 | 北京数盾信息科技有限公司 | Data processing method and device for security gateway and security gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114978950A (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109379432B (en) | Data processing method, device, server and computer readable storage medium | |
| US20170163479A1 (en) | Method, Device and System of Renewing Terminal Configuration In a Memcached System | |
| US20210328810A1 (en) | Methods and apparatuses for processing transactions based on blockchain integrated station | |
| US11336660B2 (en) | Methods and apparatuses for identifying replay transaction based on blockchain integrated station | |
| US20210326887A1 (en) | Methods and apparatuses for transferring transaction based on blockchain integrated station | |
| TWI582609B (en) | Method and apparatus for performing remote memory access(rma) data transfers between a remote node and a local node | |
| CN115039392A (en) | Message processing method, device and system and server | |
| CN112764877A (en) | Method and system for communication between hardware acceleration equipment and process in docker | |
| CN113014510A (en) | Data caching method and device in distributed test of inertial navigation system | |
| CN113986969A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN114978950B (en) | Network algorithm calling method and system based on FPGA and CPU cooperation | |
| US11489817B2 (en) | Computing system with gateway data transfer based upon device data flow characteristics and related methods | |
| CN109714337B (en) | Data encryption transmission method and equipment | |
| WO2017032110A1 (en) | Application message processing system and method, and application device | |
| US20160261719A1 (en) | Information processing system, control program, and control method | |
| CN105281944B (en) | Method for setting network protocol address and service management system | |
| CN109656674B (en) | Computer equipment, virtualization chip and data transmission method | |
| US20220052902A1 (en) | Method for managing remote device through management device | |
| CN112383617B (en) | Method, device, terminal equipment and medium for performing long connection | |
| US9509780B2 (en) | Information processing system and control method of information processing system | |
| CN113422754A (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN109710183B (en) | Data synchronization method and device | |
| CN113420860A (en) | Memory smart card, device, network, method and computer storage medium | |
| WO2024109388A1 (en) | Feature synchronization method and apparatus, and computer device, storage medium and program product | |
| US11824917B2 (en) | Computing system with data transfer based upon device data flow characteristics and related methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |