CN116010077A - Control method and device for multi-core CPU (Central processing Unit) processor of home intelligent gateway - Google Patents
Control method and device for multi-core CPU (Central processing Unit) processor of home intelligent gateway Download PDFInfo
- Publication number
- CN116010077A CN116010077A CN202211132158.5A CN202211132158A CN116010077A CN 116010077 A CN116010077 A CN 116010077A CN 202211132158 A CN202211132158 A CN 202211132158A CN 116010077 A CN116010077 A CN 116010077A
- Authority
- CN
- China
- Prior art keywords
- cpu
- core
- request
- https
- binding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
In the control method and the device for the multi-core CPU processor of the home intelligent gateway, a first process is bound to a first CPU core, a second process is bound to a second CPU core, wherein the operand of the first process is larger than that of the second process, namely the first process is bound to different CPU cores according to the difference of the operand of the processes, further, https analysis processes are bound to the first CPU core, and other processes except https analysis processes are bound to the second CPU core; furthermore, the encryption and decryption processes of the https request message are bound to the first CPU core, and other processes except the encryption and decryption processes of the https request message are bound to the second CPU core. The operation resources on the second CPU are abundant, and even if the operation on the first CPU is congested, the experience of the user on the second CPU is not affected, so that the experience of the user is improved.
Description
This application is a divisional application, the filing number of the original application is 202110099821.5, the filing date of the original application is 2021, 01 and 25, and the entire contents of the original application are incorporated herein by reference.
Technical Field
The application relates to the technical field of home intelligent gateways, in particular to a control method and a control device of a multi-core CPU (central processing unit) processor of a home intelligent gateway.
Background
The home intelligent gateway realizes bridging/routing, protocol conversion, address management and conversion in the home and from inside to outside, and bears the role of a firewall; the home intelligent gateway can connect various intelligent devices in the home to the Internet and can also enable the intelligent devices to communicate with each other.
The embedded multi-core CPU has a simpler architecture, and cannot complete the autonomous load balancing of the table processor, so that mutual interference among processes under the same multi-core CPU is caused, http service cannot run smoothly, and therefore, the CPU is blocked, and the user experience is affected.
Disclosure of Invention
The application provides a control method and a control device for a multi-core CPU processor of a home intelligent gateway, which are used for solving the technical problem of CPU blocking caused by mutual interference among processes.
In a first aspect, the present application provides a method for controlling a multi-core CPU processor of a home intelligent gateway, where the method includes:
binding a first process to a first CPU core and binding a second process to a second CPU core, wherein the operand of the first process is larger than that of the second process.
Optionally, the https parsing process is bound to the first CPU core, and other processes except the https parsing process are bound to the second CPU core.
Optionally, the encryption and decryption process of the https request message is bound to the first CPU core, and other processes except the encryption and decryption process of the https request message are bound to the second CPU core.
Optionally, the binding the encryption and decryption process of the https request packet to the first CPU core includes:
when the actual https request times sent by the terminal is larger than a preset threshold, binding an https request message encryption and decryption process to the first CPU core and binding a gateway server process to the second CPU core, wherein:
when the actual https request times sent by the terminal are larger than a preset threshold, the operand of the encryption and decryption process of the https request message is larger than that of the gateway server process.
Optionally, the gateway server receives the http request plaintext and judges the effective message and the ineffective message according to the http request plaintext;
and redirecting the effective message to generate a redirection address, and returning the redirection address to the terminal.
Optionally, before generating the redirection address after redirecting the valid message, the method further includes:
and redirecting the request sent by the terminal to the local address in the ip layer DNS.
Optionally, the redirecting the valid message to generate a redirect address includes:
redirecting the effective message to a destination address corresponding to the local address through 302, wherein the destination address is the redirecting address.
Optionally, the judging the valid message and the invalid message according to the request plaintext includes:
extracting a User-Agent field from the request plaintext;
when the User-Agent field starts with Mozilla, the request plaintext is a valid message;
when the User-Agent field does not start with Mozilla, the request plaintext is an invalid message.
In a second aspect, the present application provides a control device of a multi-core CPU processor of a home intelligent gateway, where the device includes:
and the different CPU core binding module is used for binding a first process to the first CPU core and binding a second process to the second CPU core, wherein the operand of the first process is larger than that of the second process.
Optionally, the different CPU core binding modules include:
the first binding submodule is used for binding the https analysis process to the first CPU core;
and the second binding submodule is used for binding other processes except the https analysis process to the second CPU core.
The beneficial effects are that:
in the control method and the device for the multi-core CPU processor of the home intelligent gateway, a first process is bound to the first CPU core, a second process is bound to the second CPU core, wherein the operand of the first process is larger than that of the second process, namely, the first process is bound to different CPU cores according to different magnitudes of the operand of the processes, further, as the operand of an https request message analysis process is larger, the consumption of the CPU is larger, and the request message analysis process can cause the blocking of the CPU, the https analysis process is specifically bound to the first CPU core, and other processes except the https analysis process are bound to the second CPU core; furthermore, the encryption and decryption processes of the https request message are bound to the first CPU core, and other processes except the encryption and decryption processes of the https request message are bound to the second CPU core. The processes with larger operand occupation are independently bound on one CPU core, and other processes are bound on the other CPU, so that the operation resources on the second CPU are more abundant, the user experience on the second CPU can not be influenced even if the operation on the first CPU is congested, the processes are not interfered with each other, the clamping of the CPU operation is avoided, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are needed in the embodiments will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1 is a schematic topology diagram of a home gateway redirection method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a Stunnel workflow provided in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The application scenes of the home gateway are as follows: 1. when the gateway of the Internet end of the home gateway fails, a user connects the gateway for the first time and pops up a configuration page of the home router, and the user can directly enter the configuration page to diagnose the failure, so that the time of positioning the Internet failure at the terminal by the user is saved. 2. When the home gateway is installed for the first time, the installation equipment is connected with the gateway, and the configuration page of the home router is popped up, so that the installation time is saved. 3. The carrier customized gateway can limit the user's unusual internet behavior by redirecting to an alert page. When the user sends out the request message of the application through the terminal, the gateway redirects to the destination address, specifically, the 80-port and 443-port requests are redirected to the local server by using the iptables rule, the local server returns 302 to redirect to the requesting terminal, and the requesting terminal revisits the resource of the URL corresponding to the home gateway locally according to the address redirected back by 302.
The above scheme is mainly limited to the processing of HTTPS requests, because when HTTPS requests enter a local http server to perform decryption, the decryption process needs to be performed at least twice, the first time is that the original HTTPS requests of the terminal are returned 302 for redirection, the second time is that the terminal uses the address after the HTTPS access 302 for redirection, these calculation amounts are not large, but in the actual use situation, since the iptables redirection or DNS redirection used by the third layer is not used for distinguishing URLs, all the HTTPS requests of the terminal can be redirected to the HTTPS server, the terminal (mobile phone or computer) does not know that the request of the terminal is redirected, some background processes in the terminal (mobile phone or computer) can be repeated, a large number of HTTPS requests are sent, and the HTTPS is characterized in that the consumption of encryption and decryption on the CPU is far greater than the consumption of the processing the tp protocol itself on the CPU, thus the encryption and decryption service blocks the CPU, and the experience of the gateway operation of the user is affected.
The HTTPS (full name: hyper Text Transfer Protocol over Secure Socket Layer) is an HTTP channel targeting security, and ensures the security of the transmission process by transmission encryption and identity authentication on the basis of HTTP. HTTPS adds an SSL layer on an HTTP basis, and the security basis of HTTPS is SSL, so the details of encryption require SSL. HTTPS has a default port other than HTTP and an encryption/authentication layer (between HTTP and TCP).
The mainstream portal is currently preferred to https as an interaction mode, so the application mainly relates to https requests; and there is a certain lack of functionality if only http requests are involved; when https requests are involved, the problem of high CPU occupancy during processing of https requests, or even blocking of the CPU, is unavoidable.
Meanwhile, the embedded multi-core CPU architecture is simpler, and autonomous load balancing of the table processor cannot be completed, so that mutual interference among processes under the same multi-core CPU is caused, http service cannot run smoothly, and therefore, clamping of the CPU is caused, and user experience is affected.
Therefore, in the embodiment of the application, the first process is bound to the first CPU core, and the second process is bound to the second CPU core, wherein the operand of the first process is larger than that of the second process, that is, the first process is bound to different CPU cores according to the difference of the operand of the processes.
Further, since the https request message analysis process has larger operand and larger consumption on the CPU, the request message analysis process can cause the blocking of the CPU, so that the https analysis process is specifically bound to the first CPU core and other processes except the https analysis process are bound to the second CPU core in the application.
Furthermore, the encryption and decryption processes of the https request message are bound to the first CPU core, and other processes except the encryption and decryption processes of the https request message are bound to the second CPU core.
Therefore, the operation resources on the second CPU are more abundant, even if the operation on the first CPU is congested, the experience of the user on the second CPU is not affected, the processes are not interfered with each other, the clamping of the operation of the CPU is avoided, and the experience of the user is improved.
The above method is described in the embodiments of the present application taking home gateway redirection as an example.
In this embodiment of the present application, after a user sends an HTTPS request through a terminal, the terminal sends a DNS (Domain Name System ) request to a DNS server, and the DNS server analyzes an IP according to a domain name in a request packet, specifically, the location of a DNS module in a home gateway is a DNS proxy, which functions to receive the DNS request from a LAN side and forward the DNS request from a WAN side, and when a network on the WAN side is not available or restricted, the DNS module redirects the request to a local address of the home gateway, such as localhost (127.0.0.1), where the DNS is the DNS redirection of the IP layer. On the TCP layer, the home gateway LAN side has 80 ports and 443 ports to monitor, and based on security considerations, the home gateway product in this embodiment of the present application only monitors 80,443,53 ports on the LAN side, where 80 ports are used for HTTP,443 ports are used for HTTPs,53 ports are used for DNS, and other messages are redirected to 127.0.0.1 in time and also can be discarded, so that the system operation efficiency is not affected.
After IP layer DNS redirection to the local address, a TCP (Transmission control protocol, TCP) session and TLS (Transport layer security) session are respectively established, specifically https uses 443 ports in the TCP/IP protocol family, we can consider the browser as a process, this process will initiate a handshake to 443 ports of the target host, establish a connection, and if 443 ports of the target host cannot be accessed, the TCP connection cannot be established. Even if a TCP connection is established, the browser will not immediately initiate an application layer exchange, and the packet-grabbing analysis finds that the browser will initiate a TLS session, exchange keys, and if the destination IP cannot complete the key exchange, the entire connection is terminated and subsequent HTTP requests (HTTPs:// www.ifeng.com/news/gupiao. Html) will not enter the web server of the destination host. After the TLS session is established, the https request enters a web server, the plain text (GET news/gupiao.html) is still processed at the web server layer, and the original logic is not affected. The TLS proxy program is used to process TLS connection used by https, and the TLS proxy program is used, where the patent uses open source software stunnel, but the scope of protection of the embodiment of the application is not limited to stunnel, and the TLS proxy stunnel listens on the home gateway LAN side for a request redirected to a host 443 port (127.0.0.1:443) through DNS, and forwards the request to the http port (127.0.0.1:80) of the host after resolution, where the port is a port of the web server. Webserver handles the redirection of the http layer and the local configuration of the gateway. In the embodiment of the application, the home gateway web page is bound on the CPU0, when the gateway Wan port functions normally, the CPU1 processes WAN related services, when the gateway Wan port functions abnormally or is limited, the CPU1 starts the stunnel TLS agent, the process possibly occupies the CPU1 instantly under high load, the CPU0 is not influenced, the http service still can run smoothly, and the user experience is not influenced. When the internet surfing service is normal, the DNS redirection is closed, the https request does not enter 127.0.0.1:443, the terminal normally uses the external network, and the stunnel resource is synchronously released.
The following describes a redirection method for the application layer.
The home gateway redirection method provided in the embodiment of the present application is described below with reference to fig. 1:
step one: and establishing a stunnel tunnel based on a stunnel protocol at the terminal and the gateway server.
It should be noted that, in the embodiment of the present application, encryption and decryption of the message are implemented by using a manner of establishing the stunnel tunnel, and the embodiment of the present application is not limited to this manner, and other manners are also within the protection scope of the embodiment of the present application.
In the embodiment of the application, a virtual stunnel tunnel is established between the terminal and the gateway server based on a traditional stunnel protocol, and the tunnel between the terminal and the gateway is established by adopting stunnel. The stunnel tunnel may decrypt the request message Wen Miwen sent from the terminal into a message plaintext and transmit the message plaintext to the gateway, or may encrypt the request plaintext sent from the gateway into a request message and transmit the request message to the terminal.
The Stunnel workflow is shown in fig. 2, https request ciphertext sent by the terminal is transmitted to 443 ports and 80 ports of the Stunnel tunnel, http request plaintext is generated, and the http request plaintext is sent to 80 ports of the gateway server.
Step two: and when the actual https request times sent by the terminal are larger than a preset threshold, respectively binding the stunnel tunnel and the gateway server to different CPUs.
Firstly, the stunnel tunnel and the gateway server are respectively bound to different CPUs, for example, the stunnel tunnel is bound to a first CPU, the gateway server is bound to a second CPU, thus the encryption and decryption process is separated from the CPU of the gateway by establishing the stunnel tunnel, and the encryption and decryption process cannot be influenced by other processes because the stunnel tunnel and the gateway are respectively bound to different CPUs; therefore, the key analysis process and the gateway server process are split into two independent processes, so that CPU operation resources of the gateway are abundant, and user experience on the CPU of the gateway is not affected even if the CPU operation capability of the stunnel tunnel is already congested.
Secondly, the CPU core bound by the stunnel tunnel can be dynamically planned through the relation between the actual https request times sent by the terminal and the preset threshold value, so that the energy-saving requirement is met.
The CPU core for dynamically programming the stunnel tunnel binding comprises:
the request counter is arranged on the http and used for counting the request times of the request queue, and when the accumulated requests of the counter are smaller than the threshold value in one minute, the stunnel on the first CPU is bound to the second CPU again, and the first CPU is released, so that a CPU core can be idled, and the power consumption of the chip is reduced. To achieve the low power consumption, the method is as follows:
a counter and timer are started at http server.
When the timer starts to count, the counter is increased by 1 each time an http request is received;
when the timer expires for one minute, the timer is emptied, and the counter is compared with a preset threshold value;
binding stunnel to the second CPU when the counter is smaller than a preset threshold value;
and binding stunnel to the first CPU when the counter is larger than a preset threshold value.
Therefore, when the actual request times sent by the terminal is larger than a preset threshold, and the https request times are too large, the CPU will have larger resource consumption in decryption and encryption of the message, and the CPU will be blocked easily, and the stunnel tunnel and the gateway server end will be bound to the first CPU and the second CPU respectively; based on LINUX platform, the scheme can bind stunnel on CPU1 through a task set tool, and the command is as follows:
#taskset-c 1stunnel;
and when the actual request times sent by the terminal are smaller than a preset threshold, binding the stunnel tunnel and the gateway server to the second CPU.
Step three: and the gateway server receives the http request plaintext from the stunnel tunnel and distinguishes effective messages from ineffective messages according to the http request plaintext.
The message transmitted to the gateway through the stunnel tunnel is a request plaintext, and after receiving the request plaintext, the embodiment of the application firstly judges that the request plaintext is an effective message and an ineffective message, and realizes the identification of the effective message and the filtration of the ineffective message.
Extracting a User-Agent field from the request plaintext;
when the User-Agent field starts with Mozilla, the request plaintext is a valid message;
when the User-Agent field does not start with Mozilla, the request plaintext is an invalid message.
Specifically, the above content includes:
the HTTP message header allows the client and server to pass additional information through the request and response. A request header is preceded by a name (case-insensitive) followed by a colon ": "colon is followed by a specific value (without a linefeed). The leading blank preceding this value is ignored. User-Agent is an important field in the HTTP message header.
The User-Agent header contains a characteristic string that is used by the opposite end of the network protocol to identify the application type, operating system, software developer, and version number of the User Agent that originated the request.
User-Agent:<product>/<product-version><comment>
The format commonly used by browsers is:
User-Agent:Mozilla/<version>(<system-information>)<platform>
(<platform-details>)<extensions>
the formal browser request User-Agent field must be started by Mozilla to represent this one browser process, while the invalid message usually uses https as the private protocol of the message carrier, so that in the process of parsing and extracting the User-Agent field according to the http request plaintext, if the User-Agent does not start by Mozilla, the subsequent steps are terminated, and thus saving half of the stunnel operation overhead running in the first CPU is achieved.
It should be noted that, the manner of identifying the valid message and the invalid message by using the User-Agent field in the embodiment of the present application is only one of them, and other identifying manners are also within the protection scope of the embodiment of the present application.
Furthermore, in the embodiment of the present application, whether the terminal issues an excessive invalid request may be defined by another threshold, and exceeding the threshold, the stunnel is bound to the first CPU core, and the stunnel is bound to the second CPU core, which is lower than the threshold, so that a CPU core may be idle, and chip power consumption may be reduced.
Step four: and redirecting the effective message to generate a redirection address, and returning the redirection address to the terminal.
After the effective message is identified and the ineffective message is filtered, the effective message is subjected to subsequent operation in the embodiment of the application, that is, the subsequent redirection is aimed at the effective message, and occupation of CPU operation resources can be reduced to a certain extent after the ineffective message is filtered. After identifying the valid message:
and redirecting the request sent by the terminal to the local address in the ip layer DNS. Such as to a local address 192.168.1.1.
Redirecting the effective message to a destination address corresponding to the local address through 302, wherein the destination address is the redirecting address, and if the destination address is 192.168.1.1/index.
And after the redirection address is returned to the terminal, the CPU resource of the tunnel is released. Specifically, when the user removes the fault or the Internet service restriction is canceled through operating the web, the WAN side service is recovered, DNS redirection is canceled, at this time, the stunnel process is closed, and the CPU1 resource is released for network access and WIFI service.
The following embodiments specifically describe a home gateway redirection method provided in the present application in conjunction with each hardware structure based on the above description.
The terminal sends out https original request ciphertext and sends the https original request ciphertext to the stunnel;
stunnel generates HTTP original request plaintext and sends the HTTP original request plaintext to a web server of a gateway;
the web server analyzes and extracts the User-Agent field to identify effective messages and filters ineffective messages;
redirecting the effective message 302, directing a jump URL to 192.168.1.1/index.html, redirecting the https302 after stunel encryption, directing the jump URL to 192.168.1.1/index.html, generating an https ciphertext request URL192.168.1.1/index.html and transmitting the https ciphertext request URL192.168.1.1/index.html to a terminal;
the http ciphertext request URL192.168.1.1/index. Html received by the terminal generates an http plaintext request URL192.168.1.1/index. Html after being subjected to stunnel;
and returning the http plaintext request URL192.168.1.1/index. Html from the gateway, obtaining an http ciphertext through stunnel, and returning the http ciphertext to the terminal.
In summary, in the application, the HTTPS processing process is bound to the first CPU, so that the operation resources on the second CPU are abundant, even if the operation capability on the first CPU is already congested (the CPU occupies 100%), the user experience on the second CPU is not affected.
Meanwhile, the embodiment of the application filters the invalid request by using the algorithm, and blocks 302 the request by using the filtering algorithm, so that half of operation resources can be saved as a whole.
The embodiment of the application is a principle that a low-cost multi-core processor applies parallel operation, is used for but not limited to https processing, and can be also used for a scene that two processes solicit a CPU.
Further, in the embodiment of the present application, the http service module (a), the stunnel TLS processing module (B), the Internet related service (C) may be abstracted into three types of objects, where the three types of objects are abstracted into the following relationships:
a and B are in a coexistence relationship, but A and B are mutually influenced in a CPU, so that A and B are in a mutual exclusion relationship in the CPU, B and C are in a mutual exclusion relationship, and C is operated in the first CPU originally, and C is replaced by B due to triggering of B, and meanwhile, C is replaced in the first CPU, and as a result, A uses a second CPU, B uses the first CPU, the direct contradiction between A and B is relieved, and meanwhile, B replaces C, and no extra calculation is added in the whole system; and thus the efficiency of a improves.
Another example application of the abstract description above is in a home gateway where other services use a second CPU, since WIFI services consume more CPU, binding WIFI services to the first CPU.
Further, the object a and the object B are in a coexistence relationship, the condition D is that the object a and the object B are in a mutually exclusive relationship in the CPU, the condition D is that the object B triggers a certain scene or exceeds a certain threshold, when the condition D is detected to be met, the object a is bound to the second CPU, the object B is bound to the first CPU, when the condition D is detected to be released, the object a and the object B are simultaneously released in the CPU in a mutually exclusive relationship, at the moment, the object B releases the first CPU and returns to the second CPU, the first CPU is released, and the overall power consumption of the system is reduced.
In a second aspect, the present application provides a control device of a multi-core CPU processor of a home gateway, where the device includes:
and the different CPU core binding module is used for binding a first process to the first CPU core and binding a second process to the second CPU core, wherein the operand of the first process is larger than that of the second process.
Further, since the https request message analysis process has larger operand and larger consumption on the CPU, the request message analysis process can cause the blocking of the CPU, so that the https analysis process is specifically bound to the first CPU core and other processes except the https analysis process are bound to the second CPU core in the application.
Furthermore, the encryption and decryption processes of the https request message are bound to the first CPU core, and other processes except the encryption and decryption processes of the https request message are bound to the second CPU core.
Therefore, the operation resources on the second CPU are more abundant, even if the operation on the first CPU is congested, the experience of the user on the second CPU is not affected, the processes are not interfered with each other, the clamping of the operation of the CPU is avoided, and the experience of the user is improved.
Optionally, the different CPU core binding modules include:
the first binding submodule is used for binding the https analysis process to the first CPU core;
and the second binding submodule is used for binding other processes except the https analysis process to the second CPU core.
The above device is specifically described taking home gateway redirection as an example. When the method and the device are specifically applied to redirection of the home gateway, the device can be specifically subdivided into the following structures:
the stunnel tunnel establishment module is used for establishing a stunnel tunnel based on a stunnel protocol at the terminal and the gateway server terminal;
the CPU binding module is used for respectively binding the stunnel tunnel and the gateway server to different CPUs when the actual https request times sent by the terminal are larger than a preset threshold value;
the effective message identification module is used for realizing that the gateway server receives http request plaintext from the stunnel tunnel and distinguishing effective messages from invalid messages according to the http request plaintext;
and the redirection module is used for generating a redirection address after redirecting the effective message and returning the redirection address to the terminal.
In sum, the HTTPS processing process is bound on the first CPU in the application, so that the operation resources on the second CPU are abundant, the user experience on the second CPU can not be influenced even if the operation capacity on the first CPU is congested (the CPU occupies 100%), the application is used for the low-cost multi-core CPU, the CPU can not intelligently allocate the operation, and the situations of '1-core busy and multi-core surrounding' of the CPU can be solved.
Meanwhile, the embodiment of the application filters the invalid request by using the algorithm, and blocks 302 the request by using the filtering algorithm, so that half of operation resources can be saved as a whole.
In the control method and the device for the multi-core CPU processor of the home gateway, a first process is bound to the first CPU core, a second process is bound to the second CPU core, wherein the operation amount of the first process is larger than that of the second process, namely, the first process is bound to different CPU cores according to the difference of the operation amounts of the processes, further, as the operation amount of an https request message analysis process is larger, the consumption of the CPU is larger, and the request message analysis process can cause the blocking of the CPU, the https analysis process is specifically bound to the first CPU core, and other processes except the https analysis process are bound to the second CPU core; furthermore, the encryption and decryption processes of the https request message are bound to the first CPU core, and other processes except the encryption and decryption processes of the https request message are bound to the second CPU core. The processes with larger operand occupation are independently bound on one CPU core, and other processes are bound on the other CPU, so that the operation resources on the second CPU are more abundant, the user experience on the second CPU can not be influenced even if the operation on the first CPU is congested, the processes are not interfered with each other, the clamping of the CPU operation is avoided, and the user experience is improved.
According to the control method of the multi-core CPU processor of the home gateway, which is provided by the application, by taking redirection of the home gateway as an illustration, firstly, a stunnel tunnel is established at a terminal and a gateway server terminal based on a stunnel protocol, the stunnel tunnel and the gateway are respectively bound to different CPUs, the stunnel tunnel can decrypt https request data and then transmit the decrypted data to the gateway, and http request data sent from the gateway can be encrypted and then transmit the encrypted data to a terminal, so that an encryption and decryption process is separated from the CPU of the gateway by establishing the stunnel tunnel, and the encryption and decryption process cannot be influenced by other processes because the stunnel tunnel and the gateway are respectively bound to different CPUs; it can be seen that the key analysis process and the gateway server process are split into two independent processes, so that CPU operation resources of the gateway are abundant, and user experience on the CPU of the gateway is not affected even if the CPU operation capability of the stunnel tunnel is already congested. Meanwhile, the CPU core bound by the stunnel tunnel can be dynamically planned through the relation between the actual https request times sent by the terminal and the preset threshold value, and the energy-saving requirement is met.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. The control method of the multi-core CPU processor of the home intelligent gateway is characterized by comprising the following steps:
respectively binding the processes to different CPU cores according to the operand of the processes, wherein the processes comprise a first process and a second process;
binding the first process to a first CPU core, and binding the second process to a second CPU core, wherein the first process operand is greater than the second process operand;
or;
binding both the first process and the second process to the second CPU core.
2. The method for controlling a home intelligent gateway multi-core CPU processor according to claim 1, wherein,
the first process comprises a stunnel tunnel established between a terminal and the home intelligent gateway server;
the second process comprises the home intelligent gateway server side;
when the actual request times sent by the terminal are larger than a preset threshold, binding the stunnel tunnel and the home intelligent gateway server to the first CPU core and the second CPU core respectively;
and when the actual request times sent by the terminal are smaller than a preset threshold, binding the stunnel tunnel and the home intelligent gateway server to the second CPU core.
3. The control method of a home intelligent gateway multi-core CPU processor according to claim 1, wherein https parsing process is bound to the first CPU core and other processes except the https parsing process are bound to the second CPU core.
4. The control method of a multi-core CPU processor of a home intelligent gateway according to claim 2, wherein an https request message encryption and decryption process is bound to the first CPU core, and other processes except the https request message encryption and decryption process are bound to the second CPU core.
5. The method for controlling a multi-core CPU processor of a home intelligent gateway according to claim 4, wherein the binding the https request message encryption and decryption process to the first CPU core includes:
when the actual https request times sent by the terminal is larger than a preset threshold, binding an https request message encryption and decryption process to the first CPU core and binding a gateway server process to the second CPU core, wherein:
when the actual https request times sent by the terminal are larger than a preset threshold, the operand of the encryption and decryption process of the https request message is larger than that of the gateway server process.
6. The control method of the multi-core CPU processor of the home intelligent gateway according to claim 5, wherein the gateway server receives http request plaintext and judges valid messages and invalid messages according to the http request plaintext;
and redirecting the effective message to generate a redirection address, and returning the redirection address to the terminal.
7. The method for controlling a home intelligent gateway multi-core CPU processor according to claim 6, wherein before generating a redirect address after redirecting the valid message, the method further comprises:
and redirecting the request sent by the terminal to the local address in the ip layer DNS.
8. The method for controlling a multi-core CPU processor of a home intelligent gateway according to claim 7, wherein the redirecting the valid message to generate the redirected address includes:
redirecting the effective message to a destination address corresponding to the local address through 302, wherein the destination address is the redirecting address.
9. The method for controlling a multi-core CPU processor of a home intelligent gateway according to claim 6, wherein the determining valid messages and invalid messages according to the request plaintext includes:
extracting a User-Agent field from the request plaintext;
when the User-Agent field starts with Mozilla, the request plaintext is a valid message;
when the User-Agent field does not start with Mozilla, the request plaintext is an invalid message.
10. A control device of a home intelligent gateway multi-core CPU processor, characterized in that the control method of a home intelligent gateway multi-core CPU processor according to claim 1, the device comprises:
the first CPU core binding module is used for binding the first process to the first CPU core;
and the second CPU core binding module is used for binding a second process to the second CPU core, wherein the operand of the first process is larger than that of the second process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211132158.5A CN116010077A (en) | 2021-01-25 | 2021-01-25 | Control method and device for multi-core CPU (Central processing Unit) processor of home intelligent gateway |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110099821.5A CN114791857A (en) | 2021-01-25 | 2021-01-25 | Control method and device for home gateway multi-core CPU (Central processing Unit) |
| CN202211132158.5A CN116010077A (en) | 2021-01-25 | 2021-01-25 | Control method and device for multi-core CPU (Central processing Unit) processor of home intelligent gateway |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110099821.5A Division CN114791857A (en) | 2021-01-25 | 2021-01-25 | Control method and device for home gateway multi-core CPU (Central processing Unit) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116010077A true CN116010077A (en) | 2023-04-25 |
Family
ID=82460504
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110099821.5A Pending CN114791857A (en) | 2021-01-25 | 2021-01-25 | Control method and device for home gateway multi-core CPU (Central processing Unit) |
| CN202211132158.5A Pending CN116010077A (en) | 2021-01-25 | 2021-01-25 | Control method and device for multi-core CPU (Central processing Unit) processor of home intelligent gateway |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110099821.5A Pending CN114791857A (en) | 2021-01-25 | 2021-01-25 | Control method and device for home gateway multi-core CPU (Central processing Unit) |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN114791857A (en) |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011210201A (en) * | 2010-03-30 | 2011-10-20 | Toshiba Corp | Information processing apparatus |
| CN104536822B (en) * | 2014-12-31 | 2018-03-23 | 中科创达软件股份有限公司 | A kind of process scheduling optimization method, process perform method and relevant apparatus |
| CN106603376B (en) * | 2016-12-14 | 2019-09-13 | 东软集团股份有限公司 | Message processing method and Virtual Private Network SSLVPN server |
| CN108829510B (en) * | 2018-05-04 | 2021-01-29 | 天津猎鹰网络技术有限公司 | Thread binding processing method and device |
| CN110879870A (en) * | 2019-11-08 | 2020-03-13 | 深圳市友华软件科技有限公司 | Page redirection method and device based on HTTP request |
| CN110928601B (en) * | 2019-12-04 | 2022-05-20 | 锐捷网络股份有限公司 | Method and device for isolating CPU and storage medium |
| CN115904729A (en) * | 2022-12-27 | 2023-04-04 | 北京天融信网络安全技术有限公司 | Method, device, system, equipment and medium for connection allocation |
-
2021
- 2021-01-25 CN CN202110099821.5A patent/CN114791857A/en active Pending
- 2021-01-25 CN CN202211132158.5A patent/CN116010077A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| CN114791857A (en) | 2022-07-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8250214B2 (en) | System, method and computer program product for communicating with a private network | |
| US10778582B2 (en) | Method and apparatus for traffic optimization in virtual private networks (VPNs) | |
| US9148493B2 (en) | Apparatus, method and computer program product for efficiently pooling connections between clients and servers | |
| US7441262B2 (en) | Integrated VPN/firewall system | |
| US6754621B1 (en) | Asynchronous hypertext messaging system and method | |
| US7673048B1 (en) | Methods and apparatus for establishing a computerized device tunnel connection | |
| EP1892887B1 (en) | Communication method between communication devices and communication apparatus | |
| US7278157B2 (en) | Efficient transmission of IP data using multichannel SOCKS server proxy | |
| US20070160073A1 (en) | Packet communications unit | |
| JP6444988B2 (en) | Communication system using HTTP | |
| JP2017118545A5 (en) | ||
| US7564848B2 (en) | Method for the establishing of connections in a communication system | |
| US20230370435A1 (en) | Methods, systems, and computer readable media for processing quic communications in a network | |
| EP1282286B1 (en) | Method of establishing a secure data connection | |
| JP2003179647A (en) | Packet transfer device and packet transfer method | |
| KR101109608B1 (en) | Internet listener/publisher | |
| CN116010077A (en) | Control method and device for multi-core CPU (Central processing Unit) processor of home intelligent gateway | |
| US8639842B1 (en) | Scalable gateway for multiple data streams | |
| JP4285101B2 (en) | Real-time data communication system, real-time data communication apparatus, and real-time data communication method | |
| FI109436B (en) | Data processing in an access node | |
| JP3929969B2 (en) | COMMUNICATION SYSTEM, SERVER, TERMINAL DEVICE, COMMUNICATION METHOD, PROGRAM, AND STORAGE MEDIUM | |
| JP4893279B2 (en) | Communication apparatus and communication method | |
| CN114978643B (en) | Communication method, network equipment and storage medium | |
| KR20080013563A (en) | Method and system for operating an sctp transmission-based network management protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |