CN117041337A - Network traffic processing method, system and RISC device - Google Patents

Network traffic processing method, system and RISC device Download PDF

Info

Publication number
CN117041337A
CN117041337A CN202311014960.9A CN202311014960A CN117041337A CN 117041337 A CN117041337 A CN 117041337A CN 202311014960 A CN202311014960 A CN 202311014960A CN 117041337 A CN117041337 A CN 117041337A
Authority
CN
China
Prior art keywords
instruction
risc
task
processed
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311014960.9A
Other languages
Chinese (zh)
Inventor
李天正
崔恩放
全硕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Original Assignee
China Telecom Technology Innovation Center
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Technology Innovation Center, China Telecom Corp Ltd filed Critical China Telecom Technology Innovation Center
Priority to CN202311014960.9A priority Critical patent/CN117041337A/en
Publication of CN117041337A publication Critical patent/CN117041337A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • H04L47/125Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/04Protocols for data compression, e.g. ROHC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present disclosure relates to a method, a system and a RISC device for processing network traffic, and relates to the field of computer technology. The method of the present disclosure is performed by a reduced instruction set computing, RISC, device, wherein the RISC device is communicatively coupled to a server, the method comprising: receiving a task to be processed of network traffic sent by a server; determining RISC-V instructions corresponding to tasks to be processed; processing the task to be processed by using a RISC-V instruction and a circuit corresponding to the RISC-V instruction; and returning the processing result of the task to be processed to the server.

Description

Network traffic processing method, system and RISC device
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and a system for processing network traffic, and a RISC device.
Background
The various tasks of processing network traffic, such as encryption/decryption, data compression, load balancing, etc. of HTTPS protocol, existing on the gateway server consume more CPU computing resources. When the gateway server is used as an entrance of the back end to face larger flow, the performance requirement is difficult to meet only by the computing resource of the CPU.
It has been difficult to continue optimizing gateway programs, such as Nginx, tengine, and the like, and to increase the processing efficiency of tasks.
Disclosure of Invention
One technical problem to be solved by the present disclosure is: and the processing efficiency of the tasks of the network traffic is improved.
According to some embodiments of the present disclosure, there is provided a method of processing network traffic, performed by a reduced instruction set computing, RISC, device, wherein the RISC device is communicatively coupled to a server, the method comprising: receiving a task to be processed of network traffic sent by a server; determining RISC-V instructions corresponding to tasks to be processed; processing the task to be processed by using a RISC-V instruction and a circuit corresponding to the RISC-V instruction; and returning the processing result of the task to be processed to the server.
In some embodiments, the task to be processed of the network traffic sent by the receiving server includes: and receiving the task to be processed sent by the server through an interface corresponding to the type of the task to be processed.
In some embodiments, the task to be processed includes: the data to be processed and the processing algorithm, and the determination of RISC-V instructions corresponding to the tasks to be processed comprises the following steps: and determining a basic RISC-V instruction and/or an extended RISC-V instruction corresponding to the task to be processed according to each step in the processing algorithm.
In some embodiments, the task to be processed includes: the data to be processed and the processing algorithm, the processing of the task to be processed by using the RISC-V instruction and the circuit corresponding to the RISC-V instruction comprises the following steps: for each RISC-V instruction, storing the data to be processed or the data corresponding to the RISC-V instruction in the data to be processed and the processing algorithm into a register in the RISC-V instruction format; and reading the data stored in the register in the RISC-V instruction format by using a circuit corresponding to the RISC-V instruction, and executing a step corresponding to the RISC-V instruction in a processing algorithm to process the stored data.
In some embodiments, processing the task to be processed using the RISC-V instruction and circuitry corresponding to the RISC-V instruction further comprises: for each RISC-V instruction, storing the result data generated by the previous RISC-V instruction into a register in the RISC-V instruction format, in the case that the step corresponding to the RISC-V instruction uses the result data generated by the previous RISC-V instruction in the processing algorithm.
In some embodiments, the task to be processed includes at least one of an encryption task of the hypertext transfer security protocol HTTPS request, a decryption task of the HTTPS request, a data compression task, and a load balancing task.
In some embodiments, in the case where the task to be processed includes an encryption and/or decryption task of a hypertext transfer security protocol HTTPS request, the data to be processed includes HTTPS data, the processing algorithm includes a data encryption standard DES algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction including a permutation instruction, a key generation instruction, and a round function instruction, the permutation instruction is used for a permutation process in the DES algorithm, the key generation instruction is used for generating a K key, and the round function instruction is used for round function calculation.
In some embodiments, processing a task to be processed using RISC-V instructions and circuitry corresponding to the RISC-V instructions includes: storing data to be replaced in HTTPS data to a source register of a replacement instruction format, and storing an address of a replacement table in an address register of the replacement instruction format; reading the data to be replaced in the source register of the replacement instruction format by utilizing a circuit corresponding to the replacement instruction, searching a replacement table according to the address of the replacement table in the address register of the replacement instruction format, and replacing the data to be replaced according to the replacement table to obtain replacement result data; storing the source data of the generated key into a source register of a key generation instruction format, and storing the address of the substitution table into an address register of the key generation instruction format; reading source data in a source register in a key generation instruction format by utilizing a circuit corresponding to the key generation instruction, searching a substitution table according to an address of a substitution table in an address register in the key generation instruction format, and substituting the source data according to the substitution table to obtain a K key; storing the replacement result data and the K key to two source registers in a round function instruction format; and reading the replacement result data and the K key in the two source registers in the round function instruction format by using a circuit corresponding to the round function instruction, and performing round function calculation to obtain an encryption or decryption result.
In some embodiments, in the case that the task to be processed includes an encryption task of a hypertext transfer security protocol HTTPS request, the data to be processed includes HTTPS data, the processing algorithm includes an RSA algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including an encryption key generation instruction and an encryption instruction, the encryption key generation instruction is used for an encryption key generation process in the RSA algorithm, and the encryption instruction is used for an encryption process in the RSA algorithm; and/or under the condition that the task to be processed comprises a decryption task of the HTTPS request, the processing algorithm comprises an RSA algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction and comprises a decryption key generation instruction and a decryption instruction, the decryption key generation instruction is used for a decryption key generation process in the RSA algorithm, and the decryption instruction is used for a decryption process in the RSA algorithm.
In some embodiments, processing a task to be processed using RISC-V instructions and circuitry corresponding to the RISC-V instructions includes: storing the two randomly selected prime numbers into two source registers in an encryption key generation instruction format under the condition that the task to be processed comprises an encryption task of an HTTPS request; reading two prime numbers in two source registers in the format of an encryption key generation instruction by utilizing a circuit corresponding to the encryption key generation instruction, and generating a product of the encryption key and the two prime numbers; storing the encryption key, the product of the two prime numbers and the HTTPS data to three source registers in an encryption instruction format; and reading the encryption keys, the product sum of two prime numbers and the HTTPS data in three source registers in the encryption instruction format by utilizing a circuit corresponding to the encryption instruction, and carrying out encryption calculation to obtain an HTTPS ciphertext.
In some embodiments, processing a task to be processed using RISC-V instructions and circuitry corresponding to the RISC-V instructions includes: under the condition that the task to be processed comprises a decryption task of an HTTPS request, storing the two randomly selected prime numbers into two source registers of a decryption key generation instruction format; reading two prime numbers in two source registers in a decryption key generation instruction format by utilizing a circuit corresponding to the decryption key generation instruction to generate a product of the decryption key and the two prime numbers; storing the decryption key, the product of the two prime numbers and the HTTPS ciphertext into three source registers in a decryption instruction format; and reading decryption keys, products of two prime numbers and HTTPS ciphertext in three source registers in a decryption instruction format by utilizing a circuit corresponding to the decryption instruction, and performing decryption calculation to obtain HTTPS data.
In some embodiments, in the case where the task to be processed includes a data compression task, the data to be processed includes data to be compressed, the processing algorithm includes a data compression algorithm, and the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a compression instruction, for use in the data compression process.
In some embodiments, processing a task to be processed using RISC-V instructions and circuitry corresponding to the RISC-V instructions includes: storing data to be compressed and a length to two source registers in a compressed instruction format; and reading the data to be compressed and the length in the two source registers in the format of the compression instruction by utilizing a circuit corresponding to the compression instruction, and compressing the data to be compressed according to the length.
In some embodiments, in the case where the task to be processed includes a load balancing task, the data to be processed includes an IP address, a uniform resource locator URL, host information of the server, or port information, the processing algorithm includes a hash algorithm, and the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a hash instruction, for use in a hash calculation process.
In some embodiments, processing a task to be processed using RISC-V instructions and circuitry corresponding to the RISC-V instructions includes: storing the IP address or the URL into an address register of a hash instruction format, storing a constant for modulo computation into a source register of the hash instruction format, and reading the IP address or the URL in the address register of the hash instruction format and the constant for modulo computation in the source register of the hash instruction format by utilizing a circuit corresponding to the hash instruction format to perform hash computation; or storing Host information or port information of the server into an address register of a hash instruction format, storing a length value into a source register of the hash instruction format, and reading the Host information or port information of the server in the address register of the hash instruction format and the length value in the source register of the hash instruction format by utilizing a circuit corresponding to the hash instruction format to perform hash calculation.
According to further embodiments of the present disclosure, there is provided a reduced instruction set computing RISC apparatus comprising: the receiving module is used for receiving the task to be processed of the network traffic sent by the server; the determining module is used for determining RISC-V instructions corresponding to the tasks to be processed; the processing module is used for processing the task to be processed by using the RISC-V instruction and a circuit corresponding to the RISC-V instruction; and the sending module is used for returning the processing result of the task to be processed to the server.
According to still further embodiments of the present disclosure, there is provided a reduced instruction set computing RISC device comprising: a processor; and a memory coupled to the processor for storing instructions that, when executed by the processor, cause the processor to perform the method of processing network traffic as in any of the embodiments described above.
According to still further embodiments of the present disclosure, there is provided a processing system of network traffic, comprising: the RISC device and the server according to any of the foregoing embodiments, where the server is configured to receive a processing request of a network flow, determine whether a type of a processing task corresponding to the processing request is a preset type, and send a task to be processed of the network flow to the RISC device when the type of the processing task corresponding to the processing request is the preset type.
According to still further embodiments of the present disclosure, a non-transitory computer-readable storage medium is provided, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of processing network traffic of any of the previous embodiments.
In the method, a RISC device in communication connection with a server is arranged, a task to be processed of network traffic sent by the server is received, a corresponding RISC-V instruction is determined, the RISC-V instruction and a corresponding circuit are used for processing the task to be processed, and a processing result of the task to be processed is returned to the server. RISC devices can offload and share tasks in the CPU in the server, improving the efficiency of processing tasks for network traffic as a whole.
Other features of the present disclosure and its advantages will become apparent from the following detailed description of exemplary embodiments of the disclosure, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
Fig. 1 illustrates a flow diagram of a method of processing network traffic in accordance with some embodiments of the present disclosure.
Fig. 2 illustrates a network architecture schematic diagram of some embodiments of the present disclosure.
FIG. 3A illustrates a schematic diagram of a format of a RISC-V instruction according to some embodiments of the present disclosure.
FIG. 3B illustrates a schematic diagram of a format of a RISC-V instruction according to further embodiments of the present disclosure.
FIG. 3C illustrates a schematic diagram of a format of a RISC-V instruction according to further embodiments of the present disclosure.
FIG. 3D illustrates a schematic diagram of a format of a RISC-V instruction according to still other embodiments of the present disclosure.
Fig. 4 shows a flow diagram of a method of processing network traffic in accordance with further embodiments of the present disclosure.
Fig. 5 illustrates a schematic diagram of the architecture of a RISC device of some embodiments of the present disclosure.
Fig. 6 shows a schematic diagram of the structure of a RISC device of other embodiments of the present disclosure.
Fig. 7 shows a schematic diagram of the structure of a RISC device of further embodiments of the present disclosure.
Fig. 8 illustrates a schematic architecture of a processing system for network traffic in accordance with some embodiments of the present disclosure.
Detailed Description
The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses. Based on the embodiments in this disclosure, all other embodiments that a person of ordinary skill in the art would obtain without making any inventive effort are within the scope of protection of this disclosure.
The present disclosure provides a method for processing network traffic, which is described below in conjunction with fig. 1-4.
Fig. 1 is a flow chart of some embodiments of a method of processing network traffic of the present disclosure. As shown in fig. 1, the method of this embodiment is performed by a RISC (Reduced Instruction Set Computing ) chip, including: steps S102 to S108.
In step 102, a task to be processed of network traffic sent by a server is received.
The RISC device may include a RISC chip including one or more 64-bit RISC-V cores (RV 64 GCK). The RISC device is communicatively coupled to a server (gateway server), for example, as shown in fig. 2, which may be communicatively coupled to the server via the CXL protocol, the network-on-chip of fig. 2 being used for communication.
In some embodiments, the task to be processed sent by the server is received through an interface corresponding to the type of the task to be processed.
As shown in fig. 2, the hardware driver and the interface library of the RISC device may be implemented in the server at the software level. The interface library provides interfaces for different types of tasks to be processed, and can be called by any gateway program such as Nginx, tengine.
The tasks to be processed may include one or more types, including at least one of an encryption task of HTTPS (Hypertext Transfer Protocol Secure, hypertext transfer security protocol) request, a decryption task of HTTPS request, a data compression task, and a load balancing task, for example. For example, as shown in FIG. 2, a RISC chip may logically include three processing modules, depending on the type of task to be processed: encryption and decryption module, data compression module and load balancing module.
In step S104, RISC-V instructions corresponding to the task to be processed are determined.
The RISC chip can implement a base RISC-V instruction (IMAGFDCK instruction) and an extended RISC-V instruction (custom instruction). The basic RISC-V instruction includes, for example: RV64I, etc., extended RISC-V instructions include, for example, instructions that are custom based on a predefined instruction format (R-type, I-type, etc.).
In some embodiments, the task to be processed includes: and the data to be processed and the processing algorithm determine a basic RISC-V instruction and/or an extended RISC-V instruction corresponding to the task to be processed according to each step in the processing algorithm. The various steps in the processing algorithm may be analyzed to determine RISC-V instructions corresponding to one or more steps.
In step S106, the task to be processed is processed using the RISC-V instruction and the circuit corresponding to the RISC-V instruction.
The corresponding RISC-V instructions may be executed sequentially in the order of the steps in the processing algorithm. For any step, if the step corresponds to a base RISC-V instruction, the base RISC-V instruction and corresponding circuitry may be used for processing, and if the step corresponds to an extended RISC-V instruction, the base RISC-V instruction and corresponding circuitry may be used for processing.
In some embodiments, for each RISC-V instruction, the data to be processed or the data corresponding to the RISC-V instruction in the data to be processed and processing algorithm is stored to a register in the RISC-V instruction format; and reading the data stored in the register in the RISC-V instruction format by using a circuit corresponding to the RISC-V instruction, and executing a step corresponding to the RISC-V instruction in a processing algorithm to process the stored data.
In some embodiments, for each RISC-V instruction, where the step corresponding to the RISC-V instruction in the processing algorithm uses the result data generated by the previous RISC-V instruction, the result data generated by the previous RISC-V instruction is stored to a register in the RISC-V instruction format.
As shown in fig. 2, three modules in a RISC chip may include corresponding RISC-V instructions and circuitry, respectively. The calculation can be performed through a basic RISC-V instruction or an extended RISC-V instruction and a corresponding circuit thereof while unloading the tasks of the CPU of the server in each module. For example, the encryption and decryption module may be responsible for processing encryption and decryption in HTTPS protocol, and during the calculation process, encryption and decryption may be performed using cryptographic instructions such as AES (Advanced Encryption Standard ), SM, SHA, etc. implemented in the standard K instruction module, or related instructions of a custom DES (Data Encryption Standard ) and RSA (Rivest-Shamir-Adleman) encryption algorithm; the data compression module may be responsible for data compression tasks, such as compression processing using custom lz77 and Huffman compression algorithm instructions; the load balancing module can be responsible for processing load balancing tasks, and can execute a hash algorithm by using a user-defined hash algorithm related instruction.
In some embodiments, in a case where the task to be processed includes an encryption and/or decryption task of an HTTPS request, the data to be processed includes HTTPS data, the processing algorithm includes a DES algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a permutation instruction, a key generation instruction, and a round function instruction, the permutation instruction is used for a permutation process in the DES algorithm, the key generation instruction is used for generating a K key, and the round function instruction is used for round function calculation.
In some embodiments, data to be permuted in HTTPS data is stored to a source register of a permute instruction format, and an address of a permute table is stored in an address register of the permute instruction format; reading the data to be replaced in the source register of the replacement instruction format by utilizing a circuit corresponding to the replacement instruction, searching a replacement table according to the address of the replacement table in the address register of the replacement instruction format, and replacing the data to be replaced according to the replacement table to obtain replacement result data; storing the source data of the generated key into a source register of a key generation instruction format, and storing the address of the substitution table into an address register of the key generation instruction format; reading source data in a source register in a key generation instruction format by utilizing a circuit corresponding to the key generation instruction, searching a substitution table according to an address of a substitution table in an address register in the key generation instruction format, and substituting the source data according to the substitution table to obtain a K key; storing the replacement result data and the K key to two source registers in a round function instruction format; and reading the replacement result data and the K key in the two source registers in the round function instruction format by using a circuit corresponding to the round function instruction, and performing round function calculation to obtain an encryption or decryption result.
The specific calculation process of the DES algorithm may refer to the prior art, and will not be described in detail, and the present disclosure designs relevant RISC-V instructions according to the DES algorithm. For example, the format of a permute instruction (which may be referred to as a desp instruction) is shown in fig. 3A, where an address register (addr) holds the address of the permute table and a source register (rs 1) holds the data to be permuted. The format of the key generation instruction (which may be referred to as a DESK instruction) is as shown in FIG. 3A, the address register also holds the address of the substitution table, and the source register holds the source data for generating the key. The format of the round function instruction (which may be referred to as a DESF instruction) is shown in fig. 3A, with two source registers (rs 1, rs 2) for holding the data to be encrypted and the K key. Func3 and function 7 in the instruction format represent functions corresponding to the instruction, opcode is an instruction operation code, and configuration is carried out according to the type and rule of RISC-V instruction. The result generated by each instruction may be saved to a destination register (rd).
In some embodiments, in the case that the task to be processed includes an encryption task of an HTTPS request, the data to be processed includes HTTPS data, the processing algorithm includes an RSA algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including an encryption key generation instruction and an encryption instruction, the encryption key generation instruction is used for an encryption key generation process in the RSA algorithm, and the encryption instruction is used for an encryption process in the RSA algorithm; and/or under the condition that the task to be processed comprises a decryption task of the HTTPS request, the processing algorithm comprises an RSA algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction and comprises a decryption key generation instruction and a decryption instruction, the decryption key generation instruction is used for a decryption key generation process in the RSA algorithm, and the decryption instruction is used for a decryption process in the RSA algorithm.
In some embodiments, in the case where the task to be processed comprises an encryption task of an HTTPS request, storing the two randomly selected primes to two source registers of the encryption key generation instruction format; reading two prime numbers in two source registers in the format of an encryption key generation instruction by utilizing a circuit corresponding to the encryption key generation instruction, and generating a product of the encryption key and the two prime numbers; storing the encryption key, the product of the two prime numbers and the HTTPS data to three source registers in an encryption instruction format; and reading the encryption keys, the product sum of two prime numbers and the HTTPS data in three source registers in the encryption instruction format by utilizing a circuit corresponding to the encryption instruction, and carrying out encryption calculation to obtain an HTTPS ciphertext.
The present disclosure contemplates the relevant RISC-V instructions according to the RSA algorithm. For example, the format (not shown) of the encryption key generation instruction (may be referred to as the RSAEK instruction), the two source registers (rs 1, rs 2) hold two randomly selected prime numbers p, q, and the circuit corresponding to the encryption key generation instruction may calculate n=pxq, and further calculate the euler function value Then randomly generating an encryption key e to satisfy + ->The format of the encryption instruction (which may be referred to as the RSAEN instruction) is shown in FIG. 3B, with three source registers (rs 1, rs2, rs 3) holding the encryption key e, the product n of two primes, and the HTTPS data x. The instruction may be compiled by assembler instructions, such as rseen rd, rs1, rs2, rs3, and using the instruction and its corresponding hardware circuit to realize y=x e mod n. The encryption key generation process may also be implemented using basic RISC-V instructions.
In some embodiments, in the case where the task to be processed comprises a decryption task of an HTTPS request, storing the two randomly selected primes to two source registers of a decryption key generation instruction format; reading two prime numbers in two source registers in a decryption key generation instruction format by utilizing a circuit corresponding to the decryption key generation instruction to generate a product of the decryption key and the two prime numbers; storing the decryption key, the product of the two prime numbers and the HTTPS ciphertext into three source registers in a decryption instruction format; and reading decryption keys, products of two prime numbers and HTTPS ciphertext in three source registers in a decryption instruction format by utilizing a circuit corresponding to the decryption instruction, and performing decryption calculation to obtain HTTPS data.
In case both encryption and decryption tasks are performed, the two source registers of the decryption key generation instruction format may store the Euler function values described aboveAnd an encryption key e. Reading Euler function values in two source registers of a decryption key generation instruction format by using a circuit corresponding to the decryption key generation instruction >And an encryption key e, generating a decryption key. The decryption key instruction and the corresponding circuitry do not need to repeatedly perform the euler function value +.>And a generation process of an encryption key e.
For example, the format of the decryption key generation instruction (which may be referred to as the RSAMMI instruction) is as shown in FIG. 3C, with two source registers (rs 1, rs 2) holding Euler function valuesAnd an encryption key e.The format of the decryption instruction (which may be referred to as the RSADE instruction) is shown in FIG. 3C, where three source registers (rs 1, rs2, rs 3) hold the HTTPS ciphertext y, the decryption key d, and the product n of two prime numbers.
In some embodiments, in the case where the task to be processed includes a data compression task, the data to be processed includes data to be compressed, the processing algorithm includes a data compression algorithm, and the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a compression instruction, for use in the data compression process.
In some embodiments, the data to be compressed and the length are stored to two source registers in a compressed instruction format; and reading the data to be compressed and the length in the two source registers in the format of the compression instruction by utilizing a circuit corresponding to the compression instruction, and compressing the data to be compressed according to the length.
For example, the custom two RISC-V instructions are used for the lz77 algorithm and the Huffman algorithm in gzip, respectively. The format of the compress instruction (which may include the gzip 77 instruction, gzip uff instruction) is shown in fig. 3D, with two source registers (rs 1, rs 2) holding the data and length to be compressed.
In some embodiments, in the case where the task to be processed includes a load balancing task, the data to be processed includes an IP address, URL (Uniform Resource Locator ), host information or port information of the server, the processing algorithm includes a hash algorithm, and the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a hash instruction, for use in the hash calculation process.
In some embodiments, storing an IP address or URL in an address register of a hash instruction format, storing a constant for modulo computation in a source register of the hash instruction format, and reading the IP address or URL in the address register of the hash instruction format and the constant for modulo computation in the source register of the hash instruction format by using a circuit corresponding to the hash instruction format to perform hash computation; or storing Host information or port information of the server into an address register of a hash instruction format, storing a length value into a source register of the hash instruction format, and reading the Host information or port information of the server in the address register of the hash instruction format and the length value in the source register of the hash instruction format by utilizing a circuit corresponding to the hash instruction format to perform hash calculation.
For example, three RISC-V instructions are custom used for the crc32 algorithm in the ip hash, url hash, and consistent hash, respectively.
The format of the hash instruction (e.g., an iphath instruction) is shown in fig. 3D, with the IP register holding the IP address of the request and the source register holding the constants for modulo computation. The format of the hash instruction (e.g., the URLHASH instruction) is shown in fig. 3D, with the url register holding the url address and the source register holding the constants for modulo computation as well. The format of the hash instruction (e.g., CHASHC 32 instruction) is shown in FIG. 3D, the crc32 register is used to hold the host or port of the server, and the source register holds the corresponding length value
In step S108, the processing result of the task to be processed is returned to the server.
In the above embodiment, a RISC device in communication connection with the server is provided, a task to be processed of the network traffic sent by the server is received, a corresponding RISC-V instruction is determined, the RISC-V instruction and a corresponding circuit are used to process the task to be processed, and a processing result of the task to be processed is returned to the server. RISC devices can offload and share tasks in the CPU in the server, improving the efficiency of processing tasks for network traffic as a whole. In addition, RISC-V instruction flexibility is high, easy to realize, and has good expansibility and applicability.
Further embodiments of the method of processing network traffic of the present disclosure are described below in conjunction with fig. 4.
Fig. 4 is a flowchart of another embodiment of a method for processing network traffic according to the present disclosure. As shown in fig. 4, the method of this embodiment includes: steps S402 to S414.
In step S402, the server receives a processing request of network traffic.
For example, a gateway program such as Nginx, tengine receives a request for processing network traffic.
In step S404, the server determines whether the type of the task to be processed corresponding to the processing request is a preset type, if so, step S406 is executed, otherwise, step S405 is executed.
For example, it is determined whether the task to be processed is an HTTPS encryption or decryption task, a data compression task, or a load balancing task.
In step S405, the server delivers a task to be processed to the CPU for processing.
In step S406, the server invokes an interface corresponding to the task to be processed in the interface library, and sends the task to be processed to the RISC device.
In step S408, the RISC device determines a base RISC-V instruction and/or an extended RISC-V instruction corresponding to the task to be processed according to each step in the processing algorithm in the task to be processed.
In step S410, the RISC device processes steps associated with the underlying RISC-V instruction using the underlying RISC-V instruction and corresponding circuitry.
In step S412, the RISC device processes steps associated with the extended RISC-V instruction using the extended RISC-V instruction and corresponding circuitry.
In step S414, the RISC device returns the processing result of the task to be processed to the server.
The present disclosure also provides a RISC device, described below in conjunction with fig. 5.
Fig. 5 is a block diagram of some embodiments of the disclosed RISC device. As shown in fig. 4, the apparatus 50 of this embodiment includes: a receiving module 510, a determining module 520, a processing module 530, and a transmitting module 540.
And the receiving module 510 is configured to receive a task to be processed of the network traffic sent by the server.
In some embodiments, the receiving module 510 is configured to receive, through an interface corresponding to a type of a task to be processed, the task to be processed sent by the server.
The determining module 520 is configured to determine RISC-V instructions corresponding to the task to be processed.
In some embodiments, the determining module 520 is configured to determine a base RISC-V instruction and/or an extended RISC-V instruction corresponding to the task to be processed according to each step in the processing algorithm.
The processing module 530 is configured to process the task to be processed using RISC-V instructions and circuits corresponding to RISC-V instructions. The processing module 530 may include the encryption and decryption module, the data compression module, and the load balancing module in the foregoing embodiments.
In some embodiments, the task to be processed includes: the processing module 530 is configured to store, for each RISC-V instruction, the data to be processed or data corresponding to the RISC-V instruction in the data to be processed and the processing algorithm to a register in the RISC-V instruction format; and reading the data stored in the register in the RISC-V instruction format by using a circuit corresponding to the RISC-V instruction, and executing a step corresponding to the RISC-V instruction in a processing algorithm to process the stored data.
In some embodiments, the processing module 530 is configured to store, for each RISC-V instruction, result data generated by a previous RISC-V instruction to a register in the RISC-V instruction format, where the step corresponding to the RISC-V instruction uses the result data generated by the previous RISC-V instruction in the processing algorithm.
In some embodiments, the task to be processed includes at least one of an encryption task of the hypertext transfer security protocol HTTPS request, a decryption task of the HTTPS request, a data compression task, and a load balancing task.
In some embodiments, in the case where the task to be processed includes an encryption and/or decryption task of a hypertext transfer security protocol HTTPS request, the data to be processed includes HTTPS data, the processing algorithm includes a data encryption standard DES algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction including a permutation instruction, a key generation instruction, and a round function instruction, the permutation instruction is used for a permutation process in the DES algorithm, the key generation instruction is used for generating a K key, and the round function instruction is used for round function calculation.
In some embodiments, the processing module 530 is configured to store data to be permuted in HTTPS data to a source register of a permute instruction format, and store an address of a permutation table in an address register of the permute instruction format; reading the data to be replaced in the source register of the replacement instruction format by utilizing a circuit corresponding to the replacement instruction, searching a replacement table according to the address of the replacement table in the address register of the replacement instruction format, and replacing the data to be replaced according to the replacement table to obtain replacement result data; storing the source data of the generated key into a source register of a key generation instruction format, and storing the address of the substitution table into an address register of the key generation instruction format; reading source data in a source register in a key generation instruction format by utilizing a circuit corresponding to the key generation instruction, searching a substitution table according to an address of a substitution table in an address register in the key generation instruction format, and substituting the source data according to the substitution table to obtain a K key; storing the replacement result data and the K key to two source registers in a round function instruction format; and reading the replacement result data and the K key in the two source registers in the round function instruction format by using a circuit corresponding to the round function instruction, and performing round function calculation to obtain an encryption or decryption result.
In some embodiments, in the case that the task to be processed includes an encryption task of a hypertext transfer security protocol HTTPS request, the data to be processed includes HTTPS data, the processing algorithm includes an RSA algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including an encryption key generation instruction and an encryption instruction, the encryption key generation instruction is used for an encryption key generation process in the RSA algorithm, and the encryption instruction is used for an encryption process in the RSA algorithm; and/or under the condition that the task to be processed comprises a decryption task of the HTTPS request, the processing algorithm comprises an RSA algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction and comprises a decryption key generation instruction and a decryption instruction, the decryption key generation instruction is used for a decryption key generation process in the RSA algorithm, and the decryption instruction is used for a decryption process in the RSA algorithm.
In some embodiments, the processing module 530 is configured to store the two randomly selected primes to two source registers in the encryption key generation instruction format in the case where the task to be processed includes an encryption task of an HTTPS request; reading two prime numbers in two source registers in the format of an encryption key generation instruction by utilizing a circuit corresponding to the encryption key generation instruction, and generating a product of the encryption key and the two prime numbers; storing the encryption key, the product of the two prime numbers and the HTTPS data to three source registers in an encryption instruction format; and reading the encryption keys, the product sum of two prime numbers and the HTTPS data in three source registers in the encryption instruction format by utilizing a circuit corresponding to the encryption instruction, and carrying out encryption calculation to obtain an HTTPS ciphertext.
In some embodiments, the processing module 530 is configured to store the two randomly selected primes to the two source registers in the decryption key generation instruction format in the case where the task to be processed includes a decryption task of the HTTPS request; reading two prime numbers in two source registers in a decryption key generation instruction format by utilizing a circuit corresponding to the decryption key generation instruction to generate a product of the decryption key and the two prime numbers; storing the decryption key, the product of the two prime numbers and the HTTPS ciphertext into three source registers in a decryption instruction format; and reading decryption keys, products of two prime numbers and HTTPS ciphertext in three source registers in a decryption instruction format by utilizing a circuit corresponding to the decryption instruction, and performing decryption calculation to obtain HTTPS data.
In some embodiments, in the case where the task to be processed includes a data compression task, the data to be processed includes data to be compressed, the processing algorithm includes a data compression algorithm, and the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a compression instruction, for use in the data compression process.
In some embodiments, the processing module 530 is configured to store the data to be compressed and the length to two source registers in the compressed instruction format; and reading the data to be compressed and the length in the two source registers in the format of the compression instruction by utilizing a circuit corresponding to the compression instruction, and compressing the data to be compressed according to the length.
In some embodiments, in the case where the task to be processed includes a load balancing task, the data to be processed includes an IP address, a uniform resource locator URL, host information of the server, or port information, the processing algorithm includes a hash algorithm, and the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a hash instruction, for use in a hash calculation process.
In some embodiments, the processing module 530 is configured to store an IP address or URL into an address register of a hash instruction format, store a constant for modulo computation into a source register of the hash instruction format, and perform hash computation by using a circuit corresponding to the hash instruction format to read the IP address or URL in the address register of the hash instruction format and the constant for modulo computation in the source register of the hash instruction format; or storing Host information or port information of the server into an address register of a hash instruction format, storing a length value into a source register of the hash instruction format, and reading the Host information or port information of the server in the address register of the hash instruction format and the length value in the source register of the hash instruction format by utilizing a circuit corresponding to the hash instruction format to perform hash calculation.
And the sending module 540 is configured to return a processing result of the task to be processed to the server.
The RISC devices in embodiments of the present disclosure may each be implemented by a variety of computing devices or computer systems, as described below in connection with FIGS. 6 and 7.
Fig. 6 is a block diagram of some embodiments of the RISC device of the present disclosure. As shown in fig. 6, the apparatus 60 of this embodiment includes: a memory 610 and a processor 620 coupled to the memory 610, the processor 620 being configured to perform the method of processing network traffic in any of the embodiments of the present disclosure based on instructions stored in the memory 610.
The memory 610 may include, for example, system memory, fixed nonvolatile storage media, and the like. The system memory stores, for example, an operating system, application programs, boot Loader (Boot Loader), database, and other programs.
Fig. 7 is a block diagram of other embodiments of the RISC device of the present disclosure. As shown in fig. 7, the apparatus 70 of this embodiment includes: memory 710 and processor 720 are similar to memory 610 and processor 620, respectively. Input/output interface 730, network interface 740, storage interface 750, and the like may also be included. These interfaces 730, 740, 750, as well as the memory 710 and the processor 720, may be connected by a bus 760, for example. The input/output interface 730 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, a touch screen, etc. The network interface 740 provides a connection interface for various networking devices, such as may be connected to a database server or cloud storage server, or the like. Storage interface 750 provides a connection interface for external storage devices such as SD cards, U-discs, and the like.
The present disclosure also provides a system for processing network traffic, as described below in connection with fig. 8.
Fig. 8 is a block diagram of some embodiments of a processing system of network traffic of the present disclosure. As shown in fig. 8, the system 8 of this embodiment includes: the processing system 50/60/70 of network traffic and the server 82 of any of the foregoing embodiments, the server 82 may be a gateway server.
The server 82 is configured to receive a processing request of the network traffic, determine whether a type of a processing task corresponding to the processing request is a preset type, and send a task to be processed of the network traffic to the RISC device when the type of the processing task corresponding to the processing request is the preset type.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flowchart and/or block of the flowchart illustrations and/or block diagrams, and combinations of flowcharts and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the preferred embodiments of the present disclosure is not intended to limit the disclosure, but rather to enable any modification, equivalent replacement, improvement or the like, which fall within the spirit and principles of the present disclosure.

Claims (19)

1. A method of processing network traffic performed by a reduced instruction set computing, RISC, device, wherein the RISC device is communicatively coupled to a server, the method comprising:
receiving a task to be processed of the network traffic sent by the server;
determining RISC-V instructions corresponding to the tasks to be processed;
processing the task to be processed by using the RISC-V instruction and a circuit corresponding to the RISC-V instruction;
and returning the processing result of the task to be processed to the server.
2. The processing method according to claim 1, wherein the receiving the task to be processed of the network traffic sent by the server includes:
and receiving the task to be processed sent by the server through an interface corresponding to the type of the task to be processed.
3. The processing method according to claim 1, wherein the task to be processed includes: the method comprises the steps of data to be processed and a processing algorithm, wherein the step of determining RISC-V instructions corresponding to the tasks to be processed comprises the following steps:
and determining a basic RISC-V instruction and/or an extended RISC-V instruction corresponding to the task to be processed according to each step in the processing algorithm.
4. The processing method according to claim 1, wherein the task to be processed includes: the processing of the task to be processed by using the RISC-V instruction and a circuit corresponding to the RISC-V instruction comprises the following steps:
for each RISC-V instruction, storing the data to be processed or the data to be processed and the data corresponding to the RISC-V instruction in the processing algorithm into a register in a RISC-V instruction format;
and reading the data stored in the register in the RISC-V instruction format by using a circuit corresponding to the RISC-V instruction, and executing the step corresponding to the RISC-V instruction in the processing algorithm to process the stored data.
5. The processing method according to claim 4, wherein the processing the task to be processed using the RISC-V instruction and a circuit corresponding to the RISC-V instruction further includes:
for each RISC-V instruction, storing the result data generated by the previous RISC-V instruction into a register in the RISC-V instruction format when the result data generated by the previous RISC-V instruction is used by the corresponding step of the RISC-V instruction in the processing algorithm.
6. The processing method according to any one of claims 1-5, wherein the task to be processed comprises at least one of an encryption task of a hypertext transfer security protocol HTTPS request, a decryption task of an HTTPS request, a data compression task, and a load balancing task.
7. The processing method according to claim 5, wherein, in case the task to be processed comprises an encryption and/or decryption task of a hypertext transfer security protocol HTTPS request,
the data to be processed comprises HTTPS data,
the processing algorithm includes a data encryption standard DES algorithm,
the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, and comprises a replacement instruction, a key generation instruction and a round function instruction, wherein the replacement instruction is used for a replacement process in the DES algorithm, the key generation instruction is used for generating a K key, and the round function instruction is used for round function calculation.
8. The processing method of claim 7, wherein the processing the task to be processed using circuitry corresponding to the RISC-V instruction and the RISC-V instruction comprises:
storing data to be permuted in the HTTPS data to a source register of the permute instruction format, and storing an address of a permute table in an address register of the permute instruction format;
reading the data to be permuted in the source register of the permutation instruction format by utilizing a circuit corresponding to the permutation instruction, searching the permutation table according to the address of the permutation table in the address register of the permutation instruction format, and permuting the data to be permuted according to the permutation table to obtain permuted result data;
storing source data for generating a key into a source register of a key generation instruction format, and storing an address of the substitution table into an address register of the key generation instruction format;
reading the source data in a source register of the key generation instruction format by utilizing a circuit corresponding to the key generation instruction, searching a substitution table according to the address of the substitution table in an address register of the key generation instruction format, and substituting the source data according to the substitution table to obtain the K key;
Storing the permutation result data and the K key to two source registers of the round function instruction format;
and reading the replacement result data and the K key in the two source registers of the round function instruction format by utilizing a circuit corresponding to the round function instruction, and performing round function calculation to obtain an encryption or decryption result.
9. The process according to claim 5, wherein,
in the case that the task to be processed comprises an encryption task of a hypertext transfer security protocol (HTTPS) request, the data to be processed comprises HTTPS data, the processing algorithm comprises an RSA algorithm, the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction and comprises an encryption key generation instruction and an encryption instruction, wherein the encryption key generation instruction is used for an encryption key generation process in the RSA algorithm, and the encryption instruction is used for an encryption process in the RSA algorithm; and/or
In the case that the task to be processed includes a decryption task of an HTTPS request, the processing algorithm includes an RSA algorithm, and the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a decryption key generation instruction and a decryption instruction, where the decryption key generation instruction is used for a decryption key generation process in the RSA algorithm, and the decryption instruction is used for a decryption process in the RSA algorithm.
10. The processing method according to claim 9, wherein the processing the task to be processed using the RISC-V instruction and a circuit corresponding to the RISC-V instruction includes:
storing the two randomly selected prime numbers to two source registers in the encryption key generation instruction format under the condition that the task to be processed comprises an encryption task of an HTTPS request;
reading two prime numbers in two source registers in the format of the encryption key generation instruction by utilizing a circuit corresponding to the encryption key generation instruction, and generating a product of an encryption key and the two prime numbers;
storing the encryption key, the product of the two primes, and the HTTPS data to three source registers of the encrypted instruction format;
and reading the encryption key, the product of the two prime numbers and the HTTPS data in three source registers in the encryption instruction format by utilizing a circuit corresponding to the encryption instruction, and carrying out encryption calculation to obtain an HTTPS ciphertext.
11. The processing method according to claim 9, wherein the processing the task to be processed using the RISC-V instruction and a circuit corresponding to the RISC-V instruction includes:
Storing the two randomly selected prime numbers to two source registers in the decryption key generation instruction format under the condition that the task to be processed comprises a decryption task of an HTTPS request;
reading two prime numbers in two source registers of the decryption key generation instruction format by utilizing a circuit corresponding to the decryption key generation instruction to generate a product of a decryption key and the two prime numbers;
storing the decryption key, the product of the two prime numbers and the HTTPS ciphertext to three source registers in the decryption instruction format;
and reading the decryption key, the product of the two prime numbers and the HTTPS ciphertext in three source registers in the decryption instruction format by utilizing a circuit corresponding to the decryption instruction, and performing decryption calculation to obtain HTTPS data.
12. The processing method according to claim 5, wherein, in the case where the task to be processed includes a data compression task,
the data to be processed comprises data to be compressed,
the processing algorithm comprises a data compression algorithm,
the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a compression instruction, and is used for a data compression process.
13. The processing method of claim 12, wherein the processing the task to be processed using circuitry corresponding to the RISC-V instruction and the RISC-V instruction comprises:
storing the data to be compressed and the length to two source registers in the compressed instruction format;
and reading the data to be compressed and the length in the two source registers in the compression instruction format by utilizing a circuit corresponding to the compression instruction, and compressing the data to be compressed according to the length.
14. The processing method according to claim 5, wherein, in the case where the task to be processed includes a load balancing task,
the data to be processed comprises an IP address, a uniform resource locator URL, host information or port information of a server,
the processing algorithm comprises a hash algorithm and,
the RISC-V instruction corresponding to the task to be processed is an extended RISC-V instruction, including a hash instruction, and is used in a hash calculation process.
15. The processing method of claim 14, wherein the processing the task to be processed using circuitry corresponding to the RISC-V instruction and the RISC-V instruction comprises:
storing the IP address or the URL into an address register of the hash instruction format, storing a constant for modulo calculation into a source register of the hash instruction format, and reading the IP address or the URL in the address register of the hash instruction format and the constant for modulo calculation in the source register of the hash instruction format by utilizing a circuit corresponding to the hash instruction format to perform hash calculation; or alternatively
Storing Host information or port information of the server to an address register of the hash instruction format, storing a length value to a source register of the hash instruction format, and reading the Host information or port information of the server in the address register of the hash instruction format and the length value in the source register of the hash instruction format by utilizing a circuit corresponding to the hash instruction format to perform hash calculation.
16. A reduced instruction set computing RISC apparatus comprising:
the receiving module is used for receiving the task to be processed of the network traffic sent by the server;
the determining module is used for determining RISC-V instructions corresponding to the tasks to be processed;
the processing module is used for processing the task to be processed by using the RISC-V instruction and a circuit corresponding to the RISC-V instruction;
and the sending module is used for returning the processing result of the task to be processed to the server.
17. A reduced instruction set computing RISC apparatus comprising:
a processor; and
a memory coupled to the processor for storing instructions that, when executed by the processor, cause the processor to perform the method of processing network traffic according to any of claims 1-15.
18. A system for processing network traffic, comprising: the RISC device and server of claim 16 or 17, wherein,
the server is configured to receive a processing request of the network traffic, determine whether a type of a processing task corresponding to the processing request is a preset type, and send a task to be processed of the network traffic to the RISC device when the type of the processing task corresponding to the processing request is the preset type.
19. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the program when executed by a processor implements the steps of the method of any of claims 1-15.
CN202311014960.9A 2023-08-14 2023-08-14 Network traffic processing method, system and RISC device Pending CN117041337A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311014960.9A CN117041337A (en) 2023-08-14 2023-08-14 Network traffic processing method, system and RISC device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311014960.9A CN117041337A (en) 2023-08-14 2023-08-14 Network traffic processing method, system and RISC device

Publications (1)

Publication Number Publication Date
CN117041337A true CN117041337A (en) 2023-11-10

Family

ID=88634917

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311014960.9A Pending CN117041337A (en) 2023-08-14 2023-08-14 Network traffic processing method, system and RISC device

Country Status (1)

Country Link
CN (1) CN117041337A (en)

Similar Documents

Publication Publication Date Title
CN111201754B (en) Device for providing cryptographically protected and filtered and ordered collection of transaction data sets for links of a blockchain
US20130010949A1 (en) Method and system for compressing and encrypting data
CN110933063B (en) Data encryption method, data decryption method and equipment
CN111783124A (en) Data processing method and device based on privacy protection and server
CN112262544B (en) Device, system and method for generating and processing cryptographic parameters
WO2017006118A1 (en) Secure distributed encryption system and method
CN111404892B (en) Data supervision method and device and server
CN114785524B (en) Electronic seal generation method, device, equipment and medium
JP6273226B2 (en) Encryption system, authentication system, encryption device, decryption device, authenticator generation device, verification device, encryption method, authentication method
KR101445339B1 (en) Integrated cryptographic apparatus for providing confidentiality and integrity
CN111130791B (en) Data signature method, electronic device and computer readable storage medium
CN116070240B (en) Data encryption processing method and device of multi-chip calling mechanism
CN110266478B (en) Information processing method and electronic equipment
CN111865557B (en) Verification code generation method and device
CN117041337A (en) Network traffic processing method, system and RISC device
CN115757624A (en) Data processing method and device, electronic equipment and storage medium
JP6273224B2 (en) ENCRYPTION SYSTEM, ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD
CN111447072B (en) Method, apparatus and storage medium for generating data equivalent zero knowledge proof
CN114422209A (en) Data processing method, device and storage medium
CN114091041A (en) Data transmission method, device, equipment and medium based on embedded equipment
CN112184440A (en) Data processing method, data processing device, node equipment and storage medium
CN115086048B (en) Data processing method, device, electronic equipment and readable storage medium
CN113381854B (en) Data transmission method, device, equipment and storage medium
EP4033696A1 (en) Method for generating signatures
CN110568992A (en) data processing device and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination