CN115580657A - Method and device for auditing and protecting tandem flow based on process separation - Google Patents
Method and device for auditing and protecting tandem flow based on process separation Download PDFInfo
- Publication number
- CN115580657A CN115580657A CN202211571888.5A CN202211571888A CN115580657A CN 115580657 A CN115580657 A CN 115580657A CN 202211571888 A CN202211571888 A CN 202211571888A CN 115580657 A CN115580657 A CN 115580657A
- Authority
- CN
- China
- Prior art keywords
- message
- data
- forwarding
- linked list
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Abstract
The invention relates to the technical field of data security protection, and discloses a method and a device for auditing and protecting serial flow based on process separation, wherein the method and the device comprise the following steps: receiving a message sent by a client; storing a message sent by a client in a ring buffer through a flow proxy process, and caching the message into a forwarding linked list; sequentially acquiring stored messages from the annular buffer area through a service processing process, performing flow audit and protection processing on the acquired messages, and sending a message to a flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed messages; and after receiving the message, the flow proxy process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message and sends the taken-out message to the corresponding server or client. The invention realizes low delay and high reliability of the flow audit and protection mechanism, and can ensure that normal business office of a user is not influenced.
Description
Technical Field
The invention relates to the field of security protection of network data, in particular to a method and a device for auditing and protecting serial flow based on process separation.
Background
The concatenated guard device refers to a device for traffic auditing and guard that is concatenated into the user's actual network environment. In the software environment of the tandem protection device, on one hand, if the software of the tandem protection device has a problem, a single point fault is formed, so that the flow (from a server or a client) in a user network cannot be forwarded in time, thereby causing interruption or delay of user services, bringing great influence to normal business office of a client, and reducing the product satisfaction. On the other hand, the service traffic has a tidal characteristic, and when the traffic is burst at a peak period of the service, the traffic cannot be processed and forwarded in time due to slow software processing of the serial protection device, so that delay and congestion of the user service are brought, and the user service is also seriously influenced.
A commonly used flow auditing method in the prior art, such as the chinese patent application with publication number CN115297033A, provides a system and a method for auditing the flow of an internet of things terminal, and acquires the authentication information of an auditing object and the receiving and sending packet mirror image of the terminal; and extracting a traffic behavior describing the terminal, locking a group to which the terminal belongs and a corresponding auditing strategy, obtaining a coloring mark, a period characteristic and a behavior traffic consumption characteristic of the traffic behavior, and locking the auditing strategy corresponding to the group to which the terminal belongs. Although the multi-module cooperative management can reduce the workload of manual analysis, the data transmission processing burden is increased.
Therefore, a method and a device for serially auditing and protecting traffic are needed, which can reduce the delay of traffic forwarding, improve the reliability of traffic protection and forwarding, and ensure that normal business office of a user is not affected.
Disclosure of Invention
In view of the above defects or shortcomings in the prior art, the present invention provides a method and an apparatus for concatenated traffic auditing and protecting based on process separation, which realize low delay and high reliability of a traffic auditing and protecting mechanism based on the idea of separation of control and service processes, and can ensure that normal business handling of a user is not affected.
In one aspect of the present invention, a method for process separation based tandem flow audit and protection is provided, which includes:
receiving message data sent by a client or a server;
storing message data sent by a client or a server in a ring buffer through a flow proxy process, and caching the message data into a forwarding linked list;
sequentially acquiring stored message data from the annular buffer area through a service processing process, performing flow audit and protection processing on the acquired message data, and sending a message to a flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message;
and after receiving the message, the flow proxy process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message and sends the taken-out message data to the corresponding server or client.
Further, the step of storing the message data sent by the client or the server in the ring buffer by the traffic proxy process includes:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer linked list;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the ring buffer is not full and the buffer linked list has no data, the flow proxy process stores the message data newly sent by the client or the server into the ring buffer.
Further, the step of caching the message data into a forwarding linked list comprises:
after receiving message data sent by a client or a server, a flow agent process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
Further, after receiving the message, the flow proxy process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message, and the step includes:
if the length information of the processed message is equal to the sum of the lengths of the integral number of message nodes sequentially arranged in the forwarding linked list, the message data of the plurality of sequentially arranged message nodes is taken out, the corresponding memory is released, and the taken-out message nodes are deleted from the forwarding linked list;
if the length information of the processed message is not equal to the sum of the lengths of the sequentially arranged integer message nodes in the forwarding linked list, the message data of the sequentially arranged integer message nodes with the length sum smaller than the length information of the processed message is taken out, the corresponding memory is released, the taken out message nodes are deleted from the forwarding linked list, the data lengths of the residual message nodes which are not taken out are marked in the attribute information of the message nodes, and the next deletion is waited.
Further, the attribute information of the message node includes timestamp information of the message node inserted into the forwarding linked list;
and the flow agent process periodically polls the forwarding linked list according to preset overtime and timestamp information, takes out and forwards the message data of the overtime message nodes, and deletes the taken-out message nodes from the forwarding linked list.
In a second aspect of the present invention, there is also provided a process separation-based concatenated traffic auditing and guarding apparatus, including:
the receiving module is configured to receive message data sent by a client or a server;
the first flow agent module is configured to store the message data sent by the client or the server in a ring buffer area through a flow agent process and cache the message data in a forwarding linked list;
the service processing module is configured to sequentially acquire the stored message data from the annular buffer area through a service processing process, perform flow audit and protection processing on the acquired message data, and send a message to a flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message;
and the second flow agent module is configured to take out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message after the flow agent process receives the message, and send the taken out message data to the corresponding server or client.
Further, the first traffic proxy module is further configured to:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer chain table;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the ring buffer is not full and the buffer linked list has no data, the flow proxy process stores the message data newly sent by the client or the server into the ring buffer.
Further, the first traffic proxy module is further configured to:
after receiving message data sent by a client or a server, a flow proxy process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
Further, the second traffic proxy module is further configured to:
if the length information of the processed message is equal to the sum of the lengths of a plurality of message nodes sequentially arranged in the forwarding linked list, the message data of the plurality of message nodes sequentially arranged are taken out, corresponding internal memories are released, and the taken out message nodes are deleted from the forwarding linked list;
if the length information of the processed message is not equal to the sum of the lengths of the message nodes which are sequentially arranged in the forwarding linked list, the message data of the message nodes which are sequentially arranged and the sum of the lengths of which is less than the length information of the processed message is taken out, the corresponding memory is released, the taken out message nodes are deleted from the forwarding linked list, the data lengths of the rest message nodes which are not taken out are marked in the attribute information of the message nodes, and the next deletion is waited.
Further, the attribute information of the message node includes timestamp information of the message node inserted into the forwarding linked list;
the flow agent process periodically polls the forwarding linked list according to preset overtime time and timestamp information, takes out the message data of the overtime message nodes for forwarding, and deletes the taken out message nodes from the forwarding linked list.
The invention discloses a method and a device for auditing and protecting serial flow based on process separation, which provides a complete scheme for auditing, protecting and forwarding the flow of serial equipment, and can realize the decoupling of a flow forwarding module and a service processing module by separating control and service; meanwhile, through the design of the forwarding linked list and the buffer linked list, the problems that the message cannot be forwarded in time and data backlog in the shared ring buffer cannot be solved well. Therefore, the invention can not only prevent the message from losing, but also transmit the message in time, thereby ensuring low delay and high reliability of the user service under the serial link.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments thereof, made with reference to the following drawings:
FIG. 1 is a system diagram of a user network with a tandem protection device according to the present invention;
FIG. 2 is a flow chart of a method for process separation based tandem flow audit and protection according to the present invention;
FIG. 3 is an internal logic diagram of a system for flow auditing and protection of a tandem connection protection device according to the present invention;
FIG. 4 is a diagram illustrating a data structure of a forwarding chain table according to the present invention;
fig. 5 is a schematic diagram illustrating reading a packet of a forwarding chain table according to the present invention;
FIG. 6 is a schematic diagram illustrating reading of another forwarding linked list message according to the present invention;
FIG. 7 is a schematic diagram of polling a forwarding chain table according to the present invention;
FIG. 8 is a schematic diagram of data reading of a buffer chain table according to the present invention;
FIG. 9 is a flow chart of the data reading logic for a forwarding chain table and a buffer chain table according to the present invention;
FIG. 10 is a schematic structural diagram of a device for process separation-based concatenated traffic auditing and guarding provided in the present application;
fig. 11 is a schematic structural diagram of a tandem protection apparatus provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that although the terms first, second, third, etc. may be used to describe the acquisition modules in the embodiments of the present invention, these acquisition modules should not be limited to these terms. These terms are used only to distinguish acquisition modules from one another.
The word "if" as used herein may be interpreted as "at 8230; \8230;" or "when 8230; \8230;" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (a stated condition or event)" may be interpreted as "upon determining" or "in response to determining" or "upon detecting (a stated condition or event)" or "in response to detecting (a stated condition or event)" depending on the context.
It should be noted that the terms "upper," "lower," "left," "right," and the like used in the description of the embodiments of the present invention are illustrated in the drawings, and should not be construed as limiting the embodiments of the present invention. In addition, in this context, it is also to be understood that when an element is referred to as being "on" or "under" another element, it can be directly formed on "or" under "the other element or be indirectly formed on" or "under" the other element through an intermediate element.
As shown in FIG. 1, a message is subjected to flow audit and protection from a client through a serial connection protection device (namely, a flow proxy module), and then is forwarded to a server; after receiving the message sent by the client, the server returns a response message to the client, and the response message also enters the tandem protection device and is then forwarded to the client.
The operating software of the tandem connection protection device is divided into two processes, namely a flow agent process (also called a control process) and a service processing process. The former has the main task of establishing bidirectional connection with a client/server and acting and forwarding flow; the main task of the latter is to audit and guard the flow. The aim of safe and timely forwarding of the flow is achieved through the separation of the flow proxy and the service process.
Referring to fig. 2, an embodiment of the present invention provides a method for process separation-based concatenated traffic auditing and guarding, including the following steps:
step S101, receiving message data sent by a client or a server.
Specifically, a message sent by the client or the server reaches a network card of the tandem connection protection device through network transmission, and the network card receives the message, processes the message through a kernel protocol stack, and sends the message to the flow agent process.
Step S102, storing the message data sent by the client or the server in a ring buffer area through a flow proxy process, and caching the message data in a forwarding linked list.
Specifically, the traffic proxy process puts the received message into a shared ring buffer (RingBuffer), the ring buffer (RingBuffer) is a lock-free ring queue, the traffic proxy process is responsible for putting the received client/server message into the ring buffer (RingBuffer), and the service processing process is responsible for fetching data from the ring buffer, so that the data synchronization between the processes is completed, and the data transmission efficiency is higher.
Referring to fig. 3, in order to enable the flow proxy process to forward data normally, the present invention designs 2 linked lists, one is a forwarding linked list and the other is a buffer linked list, the former is for sending data to a real server/client, and the latter is for temporarily buffering message node data after a shared ring buffer (RingBuffer) is filled.
1. Forwarding chain table
The forwarding chain table stores a plurality of message nodes, the message nodes store one unit of message data, the length of the message nodes in the forwarding chain table is not fixed, and the message nodes are dynamically applied for memory creation according to the length of the message data sent by a client or a server.
Referring to fig. 4, the data structure of the packet node includes the following attribute information:
(1) Character pointers char: and the dynamic application memory is used for storing the data to be forwarded.
(2) Length: and marking the length of the data of the node.
(3) Message node residual byte leftLen: and marking the length of the remaining fragment to be processed of one message node.
(4) Timestamp: and the time of the message node inserted into the forwarding linked list is used as the overtime of the node.
The data processing process of the forwarding chain table is as follows:
I. insertion of message nodes in a linked list
After receiving message data sent by a client or a server, a flow agent process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area. Wherein, the forming of the attribute information of the message node according to the message data comprises: the length field is assigned with the message length, leftLen is set to be 0, timestamp is set to be the current time, and finally the message node is inserted into the forwarding linked list, and the specific process is shown in FIG. 3.
Deletion of message nodes in a linked list
When the service processing process finishes data processing, a message is sent to inform the flow agent process, and the processed data length is sent to the process. The flow proxy process processes the data in the forwarding linked list according to the sent data length, which specifically includes the following conditions:
1) The length of the message is just the sum of the lengths of an integer number of nodes in the linked list;
and sequentially taking out the message data of the message nodes, forwarding the message data through the network card, and then releasing and deleting the space from the linked list. As shown in fig. 5, if the length sent by the service processing process is len1+ len2, the data of node 1 and node 2 are simply forwarded, and then the memory is released and the node is deleted from the linked list.
2) The length of the message is not the sum of an integer number of node lengths;
and sequentially taking out the message nodes meeting the conditions, forwarding the message nodes through the network card, then releasing the space from the linked list and deleting the message nodes, marking the remaining segment length to be processed for the remaining nodes through a leftLeftlen, and waiting for the next deletion.
As shown in fig. 6, the length of the service processing process is length, the lengths of nodes 1-3 are len1, len2, len3, respectively, and (len 1+ len 2) < length < (len 1+ len2+ len 3); at the moment, the node 1 and the node 2 are taken out from the linked list and forwarded, then the memory is released in sequence, and the nodes are deleted from the linked list; the node 3 is reserved, forwarding and deleting are not performed, the leftLen of the node is set to be the residual length, namely len1+ len2+ len3-length, and the next processing is waited.
3) Overtime processing of the message node;
in some abnormal situations, for example, the service processing process is slow to process or stops working, in such a situation, the traffic proxy process cannot receive the message sent by the service processing process in time or cannot receive the message sent by the service processing process at all, so that the forwarding linked list is increased all the time and the cached data cannot be sent out in time, thereby causing that the user cannot receive the forwarded data and affect the normal service. In order to solve the technical problem, the invention introduces a timeout mechanism in the forwarding linked list.
Specifically, each packet node inserted into the linked list assigns the current time to a timestamp, sets an overtime s, periodically polls the linked list, and timely forwards the data of the nodes of the overtime linked list and deletes the data from the forwarding linked list, and the detailed process is shown in fig. 7.
2. Buffer chain table
The traffic forwarding process writes the message into a ring buffer (RingBuffer), from which the service processing process reads, but in actual work, the speed of the service processing process is slower than that of the traffic forwarding process because the service processing process analyzes and audits the traffic, and when the data size is large, data backlog in the ring buffer (RingBuffer) can be caused, and the situation that the ring buffer (RingBuffer) is full can occur in severe cases, so that subsequent incoming data can not be written into the ring buffer (RingBuffer) any more, and thus the loss of the processed data can be caused.
In order to solve the technical problem, the invention specially designs a cache linked list, and the specific scheme is as follows:
when and only when the ring buffer (RingBuffer) is full, the newly incoming data is inserted into the buffer chain table. When new data comes in the following process, whether the ring buffer (RingBuffer) has a vacancy is judged firstly, if yes, the data in the cache linked list are moved to the ring buffer (RingBuffer) in sequence until the ring buffer (RingBuffer) is filled, and then the data are filled into the cache linked list, wherein the process schematic diagram is shown in fig. 8.
The technical scheme can be simply summarized into the following steps:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer linked list;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the ring buffer is not full and the buffer linked list has no data, the flow proxy process stores the message data newly sent by the client or the server into the ring buffer.
Specifically, the processing flow of the message nodes in the forwarding linked list and the buffer linked list in this step is shown in fig. 9.
Step S103, sequentially acquiring the stored message data from the ring buffer area through the service processing process, performing flow audit and protection processing on the acquired message data, and sending a message to the flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message.
Specifically, the service processing process sequentially takes out the message data from the shared ring buffer (RingBuffer), and submits the message data to different application protocol processing modules to perform a flow auditing and protecting strategy. After the application module finishes processing, the service processing process sends a message to inform the flow agent process, and the message carries the length of the processed message.
Step S104, after receiving the message, the flow agent process takes out the message data with the corresponding length from the forwarding chain table according to the length information of the processed message, and sends the taken-out message data to the corresponding server or client.
Specifically, after receiving the message, the traffic proxy process takes out the message length information, and takes out the message data meeting the conditions from the forwarding linked list for forwarding, where the forwarding process of the forwarding linked list refers to step S102. The message data is finally sent to the client or the server through the kernel protocol stack and the network card.
The method for auditing and protecting the concatenated flow based on process separation disclosed by the embodiment can realize the decoupling of the flow forwarding module and the service processing module by separating control and service; meanwhile, through the design of the forwarding linked list and the buffer linked list, the problems that the message cannot be forwarded in time and data backlog in the shared ring buffer cannot be solved well. Therefore, the invention can not only prevent the message from losing, but also forward the message in time, thereby ensuring low delay and high reliability of the user service under the serial link.
Referring to fig. 10, another embodiment of the present invention further provides a device 200 for concatenated traffic auditing and guarding based on process separation, which includes a receiving module 201, a first traffic proxy module 202, a service processing module 203, and a second traffic proxy module 204. The apparatus 200 of the present invention is used to perform the various steps in the method embodiments described above.
Specifically, the apparatus 200 includes:
a receiving module 201, configured to receive message data sent by a client or a server;
the first traffic proxy module 202 is configured to store the message data sent by the client or the server in a ring buffer through a traffic proxy process, and cache the message data in a forwarding linked list;
the service processing module 203 is configured to sequentially acquire the stored message data from the ring buffer through a service processing process, perform flow audit and protection processing on the acquired message data, and send a message to a flow agent process after the flow audit and protection processing is completed, wherein the message carries length information of the processed message;
the second traffic proxy module 204 is configured to, after receiving the message, take out, according to the length information of the processed message, message data of a corresponding length from the forwarding linked list, and send the taken out message data to a corresponding server or client.
It should be noted that, the device 200 provided in this embodiment may be used to implement the technical solutions of the method embodiments, and the implementation principle and technical effects are similar to those of the method, which are not described herein again.
Fig. 11 is a schematic structural diagram of a tandem connection protection apparatus according to an embodiment of the present invention. Fig. 11 shows a schematic diagram of a suitable configuration for implementing the tandem guard apparatus 400 in this embodiment. The tandem guard device 400 in this embodiment may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), and the like, and a stationary terminal such as a desktop computer, a server, and the like. The cascade guard shown in fig. 11 is only an example and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in fig. 11, the concatenation prevention apparatus 400 may include a processing device (e.g., a central processing unit, a graphics processor, etc.) 401 that may perform various suitable actions and processes to implement the methods of the various embodiments as described herein, according to a program stored in a Read Only Memory (ROM) 402 or a program loaded from a storage device 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the concatenation prevention device 400 are also stored. The processing device 401, the ROM 402, and the RAM 403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage devices 408 including, for example, magnetic tape, hard disk, etc.; and a communication device 409. The communication device 409 may allow the tandem guard device 400 to communicate wirelessly or by wire with other devices to exchange data. While fig. 11 illustrates a tandem guard apparatus 400 having various devices, it is to be understood that not all of the illustrated devices are required to be implemented or provided. May be implemented alternatively or with more or fewer devices.
The above description is that of the preferred embodiment of the invention only. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents is encompassed without departing from the spirit of the disclosure. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.
Claims (10)
1. A method for cascading flow auditing and protection based on process separation is characterized by comprising the following steps:
receiving message data sent by a client or a server;
storing message data sent by a client or a server in a ring buffer through a flow proxy process, and caching the message data into a forwarding linked list;
sequentially acquiring stored message data from the annular buffer area through a service processing process, performing flow auditing and protection processing on the acquired message data, and sending a message to the flow agent process after the flow auditing and protection processing is finished, wherein the message carries the length information of the processed message;
and after receiving the message, the flow proxy process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message and sends the taken-out message data to the corresponding server or client.
2. The method for tandem flow audit and protection based on process separation according to claim 1, wherein the step of storing the message data sent by the client or the server in the ring buffer by the flow proxy process includes:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer chain table;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the annular buffer zone is not full and the buffer chain table has no data, the flow proxy process stores the message data newly sent by the client or the server into the annular buffer zone.
3. The method according to claim 1, wherein the step of caching the packet data in a forwarding chain table comprises:
after receiving message data sent by a client or a server, a flow agent process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
4. The method according to claim 3, wherein the step of taking out the message data of the corresponding length from the forwarding chain table according to the length information of the processed message after the flow agent process receives the message comprises:
if the length information of the processed message is equal to the sum of the lengths of the integral number of message nodes sequentially arranged in the forwarding linked list, the message data of the plurality of sequentially arranged message nodes is taken out, the corresponding memory is released, and the taken-out message nodes are deleted from the forwarding linked list;
if the length information of the processed message is not equal to the sum of the lengths of the sequentially arranged integer message nodes in the forwarding linked list, the message data of the sequentially arranged integer message nodes with the length sum smaller than the length information of the processed message is taken out, the corresponding memory is released, the taken out message nodes are deleted from the forwarding linked list, the data lengths of the residual message nodes which are not taken out are marked in the attribute information of the message nodes, and the next deletion is waited.
5. The method of claim 3, wherein the method comprises:
the attribute information of the message node comprises timestamp information of the message node inserted into a forwarding linked list;
and the flow agent process periodically polls the forwarding linked list according to preset overtime and the timestamp information, takes out and forwards the message data of the overtime message nodes, and deletes the taken out message nodes from the forwarding linked list.
6. The utility model provides a flow audit concatenates and protector based on process separation which characterized in that includes:
the receiving module is configured to receive message data sent by a client or a server;
the first flow agent module is configured to store the message data sent by the client or the server in a ring buffer area through a flow agent process and cache the message data in a forwarding linked list;
the service processing module is configured to sequentially acquire the stored message data from the ring buffer area through a service processing process, perform flow audit and protection processing on the acquired message data, and send a message to the flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message;
and the second flow agent module is configured to take out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message after the flow agent process receives the message, and send the taken out message data to the corresponding server or client.
7. The process separation based concatenated traffic auditing and guarding apparatus according to claim 6, wherein said first traffic proxy module is further configured to:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer linked list;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the annular buffer zone is not full and the buffer chain table has no data, the flow proxy process stores the message data newly sent by the client or the server into the annular buffer zone.
8. The process separation-based concatenated traffic auditing and guarding apparatus according to claim 6, wherein said first traffic proxy module is further configured to:
after receiving message data sent by a client or a server, a flow agent process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
9. The process separation-based concatenated traffic auditing and guarding apparatus according to claim 8, wherein said second traffic proxy module is further configured to:
if the length information of the processed message is equal to the sum of the lengths of the integral number of message nodes sequentially arranged in the forwarding linked list, the message data of the plurality of sequentially arranged message nodes is taken out, the corresponding memory is released, and the taken-out message nodes are deleted from the forwarding linked list;
if the length information of the processed message is not equal to the sum of the lengths of the sequentially arranged integer message nodes in the forwarding linked list, the message data of the sequentially arranged integer message nodes with the length sum smaller than the length information of the processed message is taken out, the corresponding memory is released, the taken out message nodes are deleted from the forwarding linked list, the data lengths of the residual message nodes which are not taken out are marked in the attribute information of the message nodes, and the next deletion is waited.
10. The process separation-based concatenated flow audit and prevention device of claim 8, wherein:
the attribute information of the message node comprises timestamp information of the message node inserted into a forwarding linked list;
the flow agent process periodically polls the forwarding linked list according to preset overtime time and the timestamp information, takes out the message data of the overtime message nodes for forwarding, and deletes the taken out message nodes from the forwarding linked list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211571888.5A CN115580657B (en) | 2022-12-08 | 2022-12-08 | Method and device for auditing and protecting serial flow based on process separation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211571888.5A CN115580657B (en) | 2022-12-08 | 2022-12-08 | Method and device for auditing and protecting serial flow based on process separation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115580657A true CN115580657A (en) | 2023-01-06 |
| CN115580657B CN115580657B (en) | 2023-03-10 |
Family
ID=84590581
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211571888.5A Active CN115580657B (en) | 2022-12-08 | 2022-12-08 | Method and device for auditing and protecting serial flow based on process separation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115580657B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100242106A1 (en) * | 2009-03-20 | 2010-09-23 | James Harris | Systems and methods for using end point auditing in connection with traffic management |
| CN108462715A (en) * | 2018-04-24 | 2018-08-28 | 王颖 | The On Network Information Filtering System of WM String matching parallel algorithms based on MPI |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
| CN113114636A (en) * | 2021-03-26 | 2021-07-13 | 西安交大捷普网络科技有限公司 | Process flow auditing method and system of controlled host |
| CN113420007A (en) * | 2021-03-31 | 2021-09-21 | 阿里巴巴新加坡控股有限公司 | Audit processing method and device for database access and electronic equipment |
| CN113839824A (en) * | 2020-06-08 | 2021-12-24 | 奇安信科技集团股份有限公司 | Flow auditing method and device, electronic equipment and storage medium |
| CN115297033A (en) * | 2022-07-20 | 2022-11-04 | 上海量讯物联技术有限公司 | Internet of things terminal flow auditing method and system |
-
2022
- 2022-12-08 CN CN202211571888.5A patent/CN115580657B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100242106A1 (en) * | 2009-03-20 | 2010-09-23 | James Harris | Systems and methods for using end point auditing in connection with traffic management |
| CN108462715A (en) * | 2018-04-24 | 2018-08-28 | 王颖 | The On Network Information Filtering System of WM String matching parallel algorithms based on MPI |
| CN113839824A (en) * | 2020-06-08 | 2021-12-24 | 奇安信科技集团股份有限公司 | Flow auditing method and device, electronic equipment and storage medium |
| CN113114636A (en) * | 2021-03-26 | 2021-07-13 | 西安交大捷普网络科技有限公司 | Process flow auditing method and system of controlled host |
| CN113420007A (en) * | 2021-03-31 | 2021-09-21 | 阿里巴巴新加坡控股有限公司 | Audit processing method and device for database access and electronic equipment |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
| CN115297033A (en) * | 2022-07-20 | 2022-11-04 | 上海量讯物联技术有限公司 | Internet of things terminal flow auditing method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115580657B (en) | 2023-03-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102030226B1 (en) | Apparatus and method for maintaining a message thread with opt-in permanence for entries | |
| JP5668145B2 (en) | Method and device for displaying messages | |
| CN107613529B (en) | Message processing method and base station | |
| CN111221638B (en) | Concurrent task scheduling processing method, device, equipment and medium | |
| NO338030B1 (en) | Procedures and systems for processing email messages | |
| EP3166269B1 (en) | Queue management method and apparatus | |
| CN111385269B (en) | Data transmission method and device | |
| CN103491162B (en) | Information sharing method based on mobile Internet and system | |
| EP2723024A1 (en) | Method, device and system for sharing microblog message | |
| CN103491170B (en) | Email reaches the method and system of prompting message | |
| CN112199174A (en) | Message sending control method and device, electronic equipment and computer readable storage medium | |
| CN113114707B (en) | Rule filtering method for power chip Ethernet controller | |
| CN112698959A (en) | Multi-core communication method and device | |
| CN114390451A (en) | 5G message batch sending method and device based on message queue and electronic equipment | |
| CN115348222A (en) | Message distribution method, device, server and storage medium | |
| US20090225767A1 (en) | Network packet capturing method | |
| CN115580657B (en) | Method and device for auditing and protecting serial flow based on process separation | |
| CN113783913A (en) | Message pushing management method and device | |
| CN107911317B (en) | Message scheduling method and device | |
| US20170346753A1 (en) | Method and device for forwarding data messages | |
| CN110908798B (en) | Multi-process cooperative network traffic analysis method and device | |
| CN112463545A (en) | Detection method and device for operating system | |
| CN113867946A (en) | Method, device, storage medium and electronic equipment for accessing resources | |
| CN113368494A (en) | Cloud equipment distribution method and device, electronic equipment and storage medium | |
| CN105516314B (en) | Method for pushing message to intelligent terminal based on transparent computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |