CN115580657B - Method and device for auditing and protecting serial flow based on process separation - Google Patents
Method and device for auditing and protecting serial flow based on process separation Download PDFInfo
- Publication number
- CN115580657B CN115580657B CN202211571888.5A CN202211571888A CN115580657B CN 115580657 B CN115580657 B CN 115580657B CN 202211571888 A CN202211571888 A CN 202211571888A CN 115580657 B CN115580657 B CN 115580657B
- Authority
- CN
- China
- Prior art keywords
- message
- data
- flow
- linked list
- forwarding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Abstract
The invention relates to the technical field of data security protection, and discloses a method and a device for auditing and protecting serial flow based on process separation, wherein the method and the device comprise the following steps: receiving a message sent by a client; storing a message sent by a client in a ring buffer through a flow proxy process, and caching the message into a forwarding linked list; sequentially acquiring stored messages from the annular buffer area through a service processing process, performing flow audit and protection processing on the acquired messages, and sending a message to a flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed messages; and after receiving the message, the flow proxy process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message and sends the taken-out message to the corresponding server or client. The invention realizes low delay and high reliability of the flow audit and protection mechanism, and can ensure that normal business office of a user is not influenced.
Description
Technical Field
The invention relates to the field of security protection of network data, in particular to a method and a device for auditing and protecting tandem flow based on process separation.
Background
The tandem protection device refers to a device for traffic auditing and protection which is tandem connected to the actual network environment of a user. In the software environment of the tandem protection device, on one hand, if the software of the tandem protection device has a problem, a single point fault is formed, so that the flow (from a server or a client) in a user network cannot be forwarded in time, thereby causing interruption or delay of user services, bringing great influence to normal business office of a client, and reducing the product satisfaction. On the other hand, the service traffic has a tidal characteristic, and when the traffic is burst at a peak period of the service, the traffic cannot be processed and forwarded in time due to slow software processing of the serial protection device, so that delay and congestion of the user service are brought, and the user service is also seriously influenced.
A commonly used flow auditing method in the prior art, such as the chinese patent application with publication number CN115297033A, provides a system and a method for auditing the flow of an internet of things terminal, and acquires the authentication information of an auditing object and the receiving and sending packet mirror image of the terminal; extracting flow behaviors describing the terminal, locking a group to which the terminal belongs and a corresponding auditing strategy, obtaining coloring marks, period characteristics and behavior flow consumption characteristics of the flow behaviors, and locking the auditing strategy corresponding to the group to which the terminal belongs. Although the multi-module cooperative management can reduce the workload of manual analysis, the data transmission processing burden is increased.
Therefore, a method and a device for serially auditing and protecting traffic are needed, which can reduce the delay of traffic forwarding, improve the reliability of traffic protection and forwarding, and ensure that normal business office of a user is not affected.
Disclosure of Invention
In view of the above defects or shortcomings in the prior art, the present invention provides a method and an apparatus for concatenated traffic auditing and protecting based on process separation, which realize low delay and high reliability of a traffic auditing and protecting mechanism based on the idea of separation of control and service processes, and can ensure that normal business handling of a user is not affected.
In one aspect of the present invention, a method for process separation based tandem flow audit and protection is provided, which includes:
receiving message data sent by a client or a server;
storing message data sent by a client or a server in a ring buffer through a flow proxy process, and caching the message data into a forwarding linked list;
sequentially acquiring stored message data from the annular buffer area through a service processing process, performing flow audit and protection processing on the acquired message data, and sending a message to a flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message;
and after receiving the message, the flow proxy process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message and sends the taken-out message data to the corresponding server or client.
Further, the step of storing the message data sent by the client or the server in the ring buffer by the traffic proxy process includes:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer linked list;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
if the ring buffer is not full and the buffer chain table has no data, the flow proxy process stores the message data newly sent by the client or the server into the ring buffer.
Further, the step of caching the message data into a forwarding linked list comprises:
after receiving message data sent by a client or a server, a flow agent process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
Further, after receiving the message, the flow proxy process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message, and the step includes:
if the length information of the processed message is equal to the sum of the lengths of the integral number of message nodes sequentially arranged in the forwarding linked list, the message data of the plurality of sequentially arranged message nodes is taken out, the corresponding memory is released, and the taken-out message nodes are deleted from the forwarding linked list;
if the length information of the processed message is not equal to the sum of the lengths of the sequentially arranged integer message nodes in the forwarding linked list, the message data of the sequentially arranged integer message nodes with the length sum smaller than the length information of the processed message is taken out, the corresponding memory is released, the taken out message nodes are deleted from the forwarding linked list, the data lengths of the residual message nodes which are not taken out are marked in the attribute information of the message nodes, and the next deletion is waited.
Further, the attribute information of the message node includes timestamp information of the message node inserted into the forwarding linked list;
and the flow proxy process periodically polls the forwarding linked list according to preset overtime time and timestamp information, takes out and forwards the message data of the overtime message nodes, and deletes the taken out message nodes from the forwarding linked list.
In a second aspect of the present invention, there is also provided a process separation-based concatenated traffic auditing and guarding apparatus, including:
the receiving module is configured to receive message data sent by a client or a server;
the first flow agent module is configured to store the message data sent by the client or the server in a ring buffer area through a flow agent process and cache the message data in a forwarding linked list;
the service processing module is configured to sequentially acquire the stored message data from the ring buffer area through a service processing process, perform flow audit and protection processing on the acquired message data, and send a message to a flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message;
and the second flow agent module is configured to take out the message data with the corresponding length from the forwarding chain table according to the length information of the processed message after the flow agent process receives the message, and send the taken out message data to the corresponding server or client.
Further, the first traffic proxy module is further configured to:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer chain table;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the ring buffer is not full and the buffer linked list has no data, the flow proxy process stores the message data newly sent by the client or the server into the ring buffer.
Further, the first traffic proxy module is further configured to:
after receiving message data sent by a client or a server, a flow proxy process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
Further, the second traffic proxy module is further configured to:
if the length information of the processed message is equal to the sum of the lengths of a plurality of message nodes sequentially arranged in the forwarding linked list, the message data of the plurality of message nodes sequentially arranged are taken out, corresponding internal memories are released, and the taken out message nodes are deleted from the forwarding linked list;
if the length information of the processed message is not equal to the sum of the lengths of the message nodes which are sequentially arranged in the forwarding linked list, the message data of the message nodes which are sequentially arranged and have the length sum smaller than the length information of the processed message are taken out, the corresponding memory is released, the taken-out message nodes are deleted from the forwarding linked list, the data lengths of the residual message nodes which are not taken out are marked in the attribute information of the message nodes, and the next deletion is waited.
Further, the attribute information of the message node includes timestamp information of the message node inserted into the forwarding linked list;
the flow agent process is configured to periodically poll the forwarding linked list according to preset overtime and timestamp information, take out the message data of the overtime message nodes for forwarding, and delete the taken out message nodes from the forwarding linked list.
The invention discloses a method and a device for auditing and protecting serial flow based on process separation, which provide a complete scheme for auditing, protecting and forwarding the serial equipment flow, and can realize the decoupling of a flow forwarding module and a service processing module by separating control and service; meanwhile, through the design of the forwarding linked list and the buffer linked list, the problems that the message cannot be forwarded in time and data backlog in the shared ring buffer is solved well. Therefore, the invention can not only prevent the message from losing, but also forward the message in time, thereby ensuring low delay and high reliability of the user service under the serial link.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a system diagram of a user network with a tandem security device according to the present invention;
FIG. 2 is a flow chart of a method for process separation based tandem flow audit and protection according to the present invention;
FIG. 3 is an internal logic diagram of a system for auditing and protecting traffic of a tandem protection device according to the present invention;
FIG. 4 is a diagram illustrating a data structure of a forwarding chain table according to the present invention;
fig. 5 is a schematic diagram illustrating reading a packet of a forwarding chain table according to the present invention;
FIG. 6 is a schematic diagram illustrating reading of another forwarding linked list message according to the present invention;
FIG. 7 is a schematic diagram of polling a forwarding chain table according to the present invention;
FIG. 8 is a schematic diagram of data reading of a buffer chain table according to the present invention;
FIG. 9 is a flow chart of the data reading logic for a forwarding chain table and a buffer chain table according to the present invention;
fig. 10 is a schematic structural diagram of a device for process separation-based concatenated flow audit and protection according to the present application;
fig. 11 is a schematic structural diagram of a tandem protection apparatus provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that although the terms first, second, third, etc. may be used to describe the acquisition modules in embodiments of the present invention, these acquisition modules should not be limited to these terms. These terms are used only to distinguish acquisition modules from one another.
The word "if" as used herein may be interpreted as "at 8230; \8230;" or "when 8230; \8230;" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrases "if determined" or "if detected (a stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when detected (a stated condition or event)" or "in response to a detection (a stated condition or event)", depending on the context.
It should be noted that the terms "upper," "lower," "left," "right," and the like used in the description of the embodiments of the present invention are illustrated in the drawings, and should not be construed as limiting the embodiments of the present invention. In addition, in this context, it is also to be understood that when an element is referred to as being "on" or "under" another element, it can be directly formed on "or" under "the other element or be indirectly formed on" or "under" the other element through an intermediate element.
As shown in fig. 1, a message is subjected to flow audit and protection from a client through a serial connection protection device (i.e. a flow proxy module), and then is forwarded to a server; after receiving the message sent by the client, the server returns a response message to the client, and the response message also enters the tandem protection device and is then forwarded to the client.
The operating software of the tandem connection protection device is divided into two processes, namely a flow agent process (also called a control process) and a service processing process. The former has the main task of establishing bidirectional connection with a client/server and acting and forwarding flow; the main task of the latter is to audit and guard the flow. The aim of safe and timely forwarding of the flow is achieved through the separation of the flow proxy and the service process.
Referring to fig. 2, an embodiment of the present invention provides a method for process separation-based concatenated traffic auditing and guarding, including the following steps:
step S101, receiving message data sent by a client or a server.
Specifically, a message sent by the client or the server reaches a network card of the tandem protection device through network transmission, and the network card receives the message, processes the message through a kernel protocol stack, and sends the message to the flow agent process.
Step S102, storing the message data sent by the client or the server in a ring buffer area through a flow proxy process, and caching the message data in a forwarding linked list.
Specifically, the traffic proxy process puts the received message into a shared ring buffer (RingBuffer), the ring buffer (RingBuffer) is a lock-free ring queue, the traffic proxy process is responsible for putting the received client/server message into the ring buffer (RingBuffer), and the service processing process is responsible for fetching data from the ring buffer, so that the data synchronization between the processes is completed, and the data transmission efficiency is higher.
Referring to fig. 3, in order to make the flow proxy process normally forward data, the present invention designs 2 linked lists, one is a forwarding linked list and the other is a buffer linked list, the former is for sending data to a real server/client, and the latter is for temporarily buffering message node data after a shared ring buffer (RingBuffer) is filled.
1. Forwarding chain table
The forwarding chain table stores a plurality of message nodes, the message nodes store one unit of message data, the length of the message nodes in the forwarding chain table is not fixed, and the message nodes are dynamically applied for memory creation according to the length of the message data sent by a client or a server.
Referring to fig. 4, the data structure of the packet node includes the following attribute information:
(1) Character pointer char: and the dynamic application memory is used for storing the data to be forwarded.
(2) Length: and marking the length of the data of the node.
(3) Message node residual byte leftLen: and marking the length of the remaining fragment to be processed of one message node.
(4) Timestamp: the time of the message node inserting the forwarding linked list is used as the overtime of the node.
The data processing process of the forwarding chain table is as follows:
I. insertion of message nodes in a linked list
After receiving message data sent by a client or a server, a flow agent process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area. The forming of the attribute information of the message node according to the message data includes: assigning the message length to the length field, setting leftLen to 0, setting timestamp to current time, and finally inserting the message node into the forwarding chain table, which refers to fig. 3.
Deletion of message nodes in a linked list
When the service processing process finishes processing the data, a message is sent to inform the flow agent process, and the processed data length is sent to the process. The flow proxy process processes the data in the forwarding linked list according to the sent data length, and specifically includes the following conditions:
1) The length of the message is just the sum of the lengths of an integer number of nodes in the linked list;
and sequentially taking out the message data of the message nodes, forwarding the message data through the network card, and then releasing and deleting the space from the linked list. As shown in fig. 5, if the length sent by the service processing process is len1+ len2, the data of node 1 and node 2 are simply forwarded, and then the memory is released and the node is deleted from the linked list.
2) The length of the message is not the sum of an integer number of node lengths;
and sequentially taking out the message nodes meeting the conditions, forwarding the message nodes through the network card, then releasing the space from the linked list and deleting the message nodes, marking the remaining segment length to be processed for the remaining nodes through a leftLeftlen, and waiting for the next deletion.
As shown in fig. 6, the length sent by the service processing process is length, the lengths of nodes 1 to 3 are len1, len2 and len3, respectively, and (len 1+ len 2) < length < (len 1+ len2+ len 3); at the moment, taking out the node 1 and the node 2 from the linked list and forwarding the nodes, then sequentially releasing the memory, and deleting the nodes from the linked list; and the node 3 is reserved, forwarding and deleting are not performed, the leftLen of the node is set as the residual length, namely len1+ len2+ len3-length, and the next processing is waited.
3) Carrying out overtime processing on the message node;
in some abnormal situations, such as slow processing or stop working of the service processing process, in such a scenario, the traffic proxy process cannot receive the message sent by the service processing process in time or cannot receive the message sent by the service processing process at all, so that the forwarding linked list is increased all the time and the cached data cannot be sent out in time, thereby causing the user to influence the normal service because the user cannot receive the forwarded data. In order to solve the technical problem, the invention introduces a timeout mechanism in the forwarding linked list.
Specifically, each packet node inserted into the linked list assigns the current time to a timestamp, sets the timeout time s, periodically polls the linked list, and timely forwards the data of the node of the link list that is out of time and deletes the data from the forwarding linked list, which is shown in fig. 7 for a detailed process.
2. Buffer chain table
The traffic forwarding process writes the message into a ring buffer (RingBuffer), and the service processing process reads the message from the ring buffer, but in actual work, the speed of the service processing process is slower than that of the traffic forwarding process because the traffic is analyzed and audited, when the data size is large, data overstock in the ring buffer (RingBuffer) can be caused, and the situation that the ring buffer (RingBuffer) is full can occur in severe cases, so that subsequent incoming data can not be written into the ring buffer (RingBuffer) any more, and loss of processed data can be caused.
In order to solve the technical problem, the invention specially designs a buffer chain table, and the specific scheme is as follows:
if and only if the ring buffer (RingBuffer) is full, the new incoming data is inserted into the buffer chain table. When new data comes in the following process, whether the ring buffer (RingBuffer) has a vacancy is judged firstly, if yes, the data in the buffer chain table are moved to the ring buffer (RingBuffer) in sequence until the ring buffer (RingBuffer) is filled, and then the data are filled into the buffer chain table, wherein the process schematic diagram is shown in fig. 8.
The technical scheme can be simply summarized into the following steps:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer linked list;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the ring buffer is not full and the buffer linked list has no data, the flow proxy process stores the message data newly sent by the client or the server into the ring buffer.
Specifically, the processing flow of the message nodes in the forwarding linked list and the buffer linked list in this step is shown in fig. 9.
Step S103, sequentially acquiring the stored message data from the ring buffer area through the service processing process, performing flow audit and protection processing on the acquired message data, and sending a message to the flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message.
Specifically, the service processing process sequentially takes out the message data from the shared ring buffer (RingBuffer), and submits the message data to different application protocol processing modules to perform a flow auditing and protecting strategy. After the application module finishes processing, the service processing process sends a message to inform the flow agent process, and the message carries the length of the processed message.
And step S104, after receiving the message, the flow agent process takes out the message data with the corresponding length from the forwarding linked list according to the length information of the processed message and sends the taken-out message data to the corresponding server or client.
Specifically, after receiving the message, the traffic proxy process takes out the message length information, and takes out the message data meeting the conditions from the forwarding linked list for forwarding, where the forwarding process of the forwarding linked list refers to step S102. The message data is finally sent to the client or the server through the kernel protocol stack and the network card.
The method for auditing and protecting the concatenated flow based on process separation disclosed by the embodiment can realize the decoupling of the flow forwarding module and the service processing module by separating control and service; meanwhile, through the design of the forwarding linked list and the buffer linked list, the problems that the message cannot be forwarded in time and data backlog in the shared ring buffer is solved well. Therefore, the invention can not only prevent the message from losing, but also transmit the message in time, thereby ensuring low delay and high reliability of the user service under the serial link.
Referring to fig. 10, another embodiment of the present invention further provides a device 200 for concatenated traffic auditing and guarding based on process separation, which includes a receiving module 201, a first traffic proxy module 202, a service processing module 203, and a second traffic proxy module 204. The apparatus 200 of the present invention is used to perform the various steps in the method embodiments described above.
Specifically, the apparatus 200 includes:
a receiving module 201 configured to receive message data sent by a client or a server;
a first traffic proxy module 202, configured to store, in a ring buffer, message data sent by a client or a server through a traffic proxy process, and cache the message data in a forwarding chain table;
the service processing module 203 is configured to sequentially acquire the stored message data from the ring buffer through a service processing process, perform flow audit and protection processing on the acquired message data, and send a message to a flow agent process after the flow audit and protection processing is completed, wherein the message carries length information of the processed message;
the second traffic proxy module 204 is configured to, after receiving the message, the traffic proxy process extract message data of a corresponding length from the forwarding chain table according to the length information of the processed message, and send the extracted message data to a corresponding server or client.
It should be noted that, the apparatus 200 provided in this embodiment may be used to implement the technical solutions of the method embodiments, and the implementation principle and the technical effects are similar to those of the method, which are not described herein again.
Fig. 11 is a schematic structural diagram of a tandem connection protection apparatus according to an embodiment of the present invention. Fig. 11 shows a schematic diagram of a suitable configuration for implementing the tandem guard apparatus 400 in this embodiment. The tandem guard device 400 in this embodiment may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), and the like, and a stationary terminal such as a desktop computer, a server, and the like. The cascade guard shown in fig. 11 is only an example and should not bring any limitation to the function and the scope of use of the embodiment of the present invention.
As shown in fig. 11, the concatenation prevention apparatus 400 may include a processing device (e.g., a central processing unit, a graphics processor, etc.) 401 that may perform various suitable actions and processes to implement the methods of the various embodiments as described herein, according to a program stored in a Read Only Memory (ROM) 402 or a program loaded from a storage device 408 into a Random Access Memory (RAM) 403. In the RAM 403, various programs and data necessary for the operation of the concatenation prevention device 400 are also stored. The processing device 401, the ROM 402, and the RAM 403 are connected to each other through a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
Generally, the following devices may be connected to the I/O interface 405: input devices 406 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 407 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 408 including, for example, tape, hard disk, etc.; and a communication device 409. The communication device 409 may allow the cascade guard 400 to communicate wirelessly or by wire with other equipment to exchange data. While fig. 11 illustrates a tandem guard apparatus 400 having various devices, it is to be understood that not all of the illustrated devices are required to be implemented or provided. May alternatively be implemented or have more or fewer devices.
The above description is that of the preferred embodiment of the invention only. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents is encompassed without departing from the spirit of the disclosure. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.
Claims (8)
1. A method for cascading flow auditing and protection based on process separation is characterized by comprising the following steps:
receiving message data sent by a client or a server;
storing message data sent by a client or a server in an annular buffer area through a flow proxy process, and caching the message data into a forwarding linked list;
sequentially acquiring stored message data from the annular buffer area through a service processing process, performing flow auditing and protection processing on the acquired message data, and sending a message to the flow agent process after the flow auditing and protection processing is finished, wherein the message carries the length information of the processed message;
if the length information of the processed message is equal to the sum of the lengths of the integer message nodes sequentially arranged in the forwarding linked list, taking out the message data of the integer message nodes sequentially arranged, releasing the corresponding memory, and deleting the taken out message nodes from the forwarding linked list; if the length information of the processed message is not equal to the sum of the lengths of the sequentially arranged integer message nodes in the forwarding linked list, taking out the message data of the sequentially arranged integer message nodes of which the length sum is less than the length information of the processed message, releasing a corresponding memory, deleting the taken out message nodes from the forwarding linked list, marking the data lengths of the residual message nodes which are not taken out in the attribute information of the message nodes, and waiting for the next deletion; and sending the extracted message data to a corresponding server or client.
2. The method for tandem flow audit and protection based on process separation according to claim 1, wherein the step of storing the message data sent by the client or the server in the ring buffer by the flow proxy process includes:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer chain table;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the ring buffer is not full and the buffer linked list has no data, the flow proxy process stores the message data newly sent by the client or the server into the ring buffer.
3. The method for process separation-based concatenated traffic auditing and guarding according to claim 1, wherein the step of caching the packet data in a forwarding chain table comprises:
after receiving message data sent by a client or a server, a flow agent process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
4. The method of claim 3, wherein the method comprises:
the attribute information of the message node comprises timestamp information of the message node inserted into a forwarding linked list;
and the flow proxy process periodically polls the forwarding linked list according to preset overtime and the timestamp information, takes out and forwards the message data of the overtime message nodes, and deletes the taken out message nodes from the forwarding linked list.
5. The utility model provides a flow audit and protector concatenate based on process separation which characterized in that includes:
the receiving module is configured to receive message data sent by a client or a server;
the first flow agent module is configured to store the message data sent by the client or the server in a ring buffer area through a flow agent process and cache the message data in a forwarding linked list;
the service processing module is configured to sequentially acquire the stored message data from the ring buffer area through a service processing process, perform flow audit and protection processing on the acquired message data, and send a message to the flow agent process after the flow audit and protection processing is finished, wherein the message carries the length information of the processed message;
the second traffic agent module is configured to, if the length information of the processed message is equal to the sum of the lengths of the sequentially arranged integer message nodes in the forwarding linked list, take out the message data of the sequentially arranged integer message nodes, release the corresponding memory, and delete the taken out message nodes from the forwarding linked list; if the length information of the processed message is not equal to the sum of the lengths of the sequentially arranged integer message nodes in the forwarding linked list, taking out the message data of the sequentially arranged integer message nodes of which the length sum is less than the length information of the processed message, releasing a corresponding memory, deleting the taken out message nodes from the forwarding linked list, marking the data lengths of the residual message nodes which are not taken out in the attribute information of the message nodes, and waiting for the next deletion; and sending the extracted message data to a corresponding server or client.
6. The process separation based concatenated traffic auditing and guarding apparatus according to claim 5, wherein said first traffic proxy module is further configured to:
if the ring buffer is full, the flow proxy process stores the message data newly sent by the client or the server into a buffer linked list;
if the ring buffer is not full and the buffer linked list contains data, the flow proxy process transfers the data in the buffer linked list to the ring buffer until the ring buffer is full;
and if the annular buffer zone is not full and the buffer chain table has no data, the flow proxy process stores the message data newly sent by the client or the server into the annular buffer zone.
7. The process separation based concatenated traffic auditing and guarding apparatus according to claim 5, wherein said first traffic proxy module is further configured to:
after receiving message data sent by a client or a server, a flow proxy process creates a message node containing the message data, forms attribute information of the message node according to the message data, dynamically applies for a memory area according to the length of the message data contained in the message node, and stores the message data contained in the message node into the memory area.
8. The process separation-based concatenated traffic auditing and guarding apparatus according to claim 7, wherein:
the attribute information of the message node comprises timestamp information of the message node inserted into a forwarding linked list;
the third flow agent module is configured to periodically poll the forwarding linked list according to preset timeout time and the timestamp information by the flow agent process, take out the message data of the timeout message nodes for forwarding, and delete the taken out message nodes from the forwarding linked list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211571888.5A CN115580657B (en) | 2022-12-08 | 2022-12-08 | Method and device for auditing and protecting serial flow based on process separation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211571888.5A CN115580657B (en) | 2022-12-08 | 2022-12-08 | Method and device for auditing and protecting serial flow based on process separation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115580657A CN115580657A (en) | 2023-01-06 |
| CN115580657B true CN115580657B (en) | 2023-03-10 |
Family
ID=84590581
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211571888.5A Active CN115580657B (en) | 2022-12-08 | 2022-12-08 | Method and device for auditing and protecting serial flow based on process separation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115580657B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108462715A (en) * | 2018-04-24 | 2018-08-28 | 王颖 | The On Network Information Filtering System of WM String matching parallel algorithms based on MPI |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
| CN113114636A (en) * | 2021-03-26 | 2021-07-13 | 西安交大捷普网络科技有限公司 | Process flow auditing method and system of controlled host |
| CN113839824A (en) * | 2020-06-08 | 2021-12-24 | 奇安信科技集团股份有限公司 | Flow auditing method and device, electronic equipment and storage medium |
| CN115297033A (en) * | 2022-07-20 | 2022-11-04 | 上海量讯物联技术有限公司 | Internet of things terminal flow auditing method and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8782755B2 (en) * | 2009-03-20 | 2014-07-15 | Citrix Systems, Inc. | Systems and methods for selecting an authentication virtual server from a plurality of virtual servers |
| CN113420007B (en) * | 2021-03-31 | 2023-09-26 | 阿里巴巴新加坡控股有限公司 | Audit processing method and device for database access and electronic equipment |
-
2022
- 2022-12-08 CN CN202211571888.5A patent/CN115580657B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108462715A (en) * | 2018-04-24 | 2018-08-28 | 王颖 | The On Network Information Filtering System of WM String matching parallel algorithms based on MPI |
| CN113839824A (en) * | 2020-06-08 | 2021-12-24 | 奇安信科技集团股份有限公司 | Flow auditing method and device, electronic equipment and storage medium |
| CN113114636A (en) * | 2021-03-26 | 2021-07-13 | 西安交大捷普网络科技有限公司 | Process flow auditing method and system of controlled host |
| CN113032710A (en) * | 2021-04-13 | 2021-06-25 | 上海汉邦京泰数码技术有限公司 | Comprehensive audit supervisory system |
| CN115297033A (en) * | 2022-07-20 | 2022-11-04 | 上海量讯物联技术有限公司 | Internet of things terminal flow auditing method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115580657A (en) | 2023-01-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102030226B1 (en) | Apparatus and method for maintaining a message thread with opt-in permanence for entries | |
| CN107613529B (en) | Message processing method and base station | |
| CN111221638B (en) | Concurrent task scheduling processing method, device, equipment and medium | |
| CN103491162B (en) | Information sharing method based on mobile Internet and system | |
| CN107005418B (en) | Red packet data processing method and terminal | |
| CN111817984B (en) | Message sending method, device, equipment and storage medium | |
| CN111385269A (en) | Data transmission method and device | |
| CN112698959A (en) | Multi-core communication method and device | |
| CN115348222A (en) | Message distribution method, device, server and storage medium | |
| CN109710502B (en) | Log transmission method, device and storage medium | |
| CN113114707B (en) | Rule filtering method for power chip Ethernet controller | |
| CN113422808B (en) | Internet of things platform HTTP information pushing method, system, device and medium | |
| CN115580657B (en) | Method and device for auditing and protecting serial flow based on process separation | |
| US20090225767A1 (en) | Network packet capturing method | |
| CN107911317B (en) | Message scheduling method and device | |
| CN104079368B (en) | A kind of the test data transmission method and server of application software | |
| US10250515B2 (en) | Method and device for forwarding data messages | |
| CN111935316B (en) | Method and device for acquiring front-end equipment catalog | |
| CN110908798B (en) | Multi-process cooperative network traffic analysis method and device | |
| CN113867946A (en) | Method, device, storage medium and electronic equipment for accessing resources | |
| CN109067864B (en) | Notification message pushing method and device and electronic equipment | |
| CN112463545A (en) | Detection method and device for operating system | |
| CN113391985A (en) | Resource allocation method and device | |
| CN105516314B (en) | Method for pushing message to intelligent terminal based on transparent computing | |
| CN113098859B (en) | Webpage page rollback method, device, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |