CN118101459A - FTTR-based data management and control method and device, gateway equipment and medium - Google Patents

FTTR-based data management and control method and device, gateway equipment and medium Download PDF

Info

Publication number
CN118101459A
CN118101459A CN202410472037.8A CN202410472037A CN118101459A CN 118101459 A CN118101459 A CN 118101459A CN 202410472037 A CN202410472037 A CN 202410472037A CN 118101459 A CN118101459 A CN 118101459A
Authority
CN
China
Prior art keywords
data
target
data packet
operating system
linux operating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410472037.8A
Other languages
Chinese (zh)
Inventor
阳凌
满鹏安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Tianyi Comheart Telecom Co Ltd
Original Assignee
Sichuan Tianyi Comheart Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Tianyi Comheart Telecom Co Ltd filed Critical Sichuan Tianyi Comheart Telecom Co Ltd
Priority to CN202410472037.8A priority Critical patent/CN118101459A/en
Publication of CN118101459A publication Critical patent/CN118101459A/en
Pending legal-status Critical Current

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides FTTR-based data management and control method and device, gateway equipment and medium, and relates to the technical field of network communication. In the application, firstly, a target user mode program for data management and control is configured; secondly, after the system kernel of the Linux operating system acquires data packets from other network devices, extracting the data packets needing to be managed and controlled from the system kernel of the Linux operating system by utilizing a target user state program to obtain target data packets; and then, analyzing and processing the target data packet by utilizing the target user mode program to obtain a corresponding data packet analysis result. Based on the above, the problem that data collision easily occurs in the existing data management and control technology can be improved.

Description

FTTR-based data management and control method and device, gateway equipment and medium
Technical Field
The present application relates to the field of network communications technologies, and in particular, to a data management and control method and apparatus based on FTTR, a gateway device, and a medium.
Background
FTTR (Fiber to THE RESIDENCE) is a network access mode from Fiber to subscriber premises. FTTR is directed to providing high-speed, stable broadband connections to meet the needs of users for large bandwidth applications and services. In particular, the deployment of FTTR means that the fiber is introduced into the customer's premises in the last segment of the fiber network, rather than just at the edge of the residential area. In the network system based on FTTR, the gateway device plays an important role as an important network device, for example, the data packets of other network devices need to be correspondingly managed, but the inventor researches find that in the existing data management technology, the problem of easy occurrence of data collision exists.
Disclosure of Invention
In view of the above, the present application aims to provide a data management and control method and apparatus, gateway device and medium based on FTTR, so as to solve the problem of easy occurrence of data collision in the existing data management and control technology.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical scheme:
A FTTR-based data management and control method applied to gateway equipment, wherein a Linux operating system is deployed on the gateway equipment, and the FTTR-based data management and control method comprises the following steps:
configuring a target user mode program for data management and control, wherein the target user mode program can perform data interaction with the Linux operating system;
After the system kernel of the Linux operating system acquires the data packets from other network devices, extracting the data packets to be managed from the system kernel of the Linux operating system by using the target user state program to obtain corresponding target data packets, wherein the gateway device and the other network devices belong to a FTTR-based network system;
And analyzing and processing the target data packet by using the target user mode program to obtain a corresponding data packet analysis result, wherein the data packet analysis result is used for reflecting the management and control operation required to be performed on the target data packet.
In a preferred option of the embodiment of the present application, in the data management method based on FTTR, the step of configuring the target user mode program for data management includes:
A target user mode program and a target data queue are deployed, wherein the target user mode program is used for analyzing and processing data packets extracted from the target data queue, and the target data queue is used for storing the data packets needing to be managed and controlled in a system kernel of the Linux operating system;
and carrying out association processing on the target user mode program and the target data queue, so that the target user mode program can monitor the target data queue and extract the data packet to be managed when the data packet is stored in the target data queue.
In a preferred option of the embodiment of the present application, in the above FTTR-based data management method, the step of performing association processing on the target user state program and the target data queue, so that the target user state program can monitor the target data queue, and extract a data packet when the data packet to be managed is stored in the target data queue includes:
creating a target connection by using the target user state program, wherein the target connection belongs to socket connection, and a first target function is created by calling the target user state program;
And binding the target connection to the target data queue, wherein the target user state program is used for designating a data queue number to be connected by calling a second target function so as to be bound with the target data queue, and is used for configuring a replication mode of a data packet by a third target function so as to replicate a corresponding data packet from the target data queue through the target connection.
In a preferred option of the embodiment of the present application, in the data management and control method based on FTTR, after the system kernel of the Linux operating system obtains the data packets from other network devices, the step of extracting the data packets to be managed from the system kernel of the Linux operating system by using the target user mode program to obtain the corresponding target data packets includes:
After the system kernel of the Linux operating system acquires data packets from other network devices, determining a bound target data queue by utilizing the target user state program through a pre-established target connection, wherein the target data queue is used for storing the data packets needing to be managed and controlled in the system kernel of the Linux operating system;
and extracting the data packet to be managed and controlled from the target data queue through a fourth target function which is deployed in advance by utilizing the target user mode program, so as to obtain a corresponding target data packet.
In a preferred option of the embodiment of the present application, in the data management and control method based on FTTR, the step of analyzing and processing the target data packet by using the target user mode program to obtain a corresponding data packet analysis result includes:
After a data packet to be managed is extracted from a system kernel of the Linux operating system to obtain a corresponding target data packet, triggering a fifth preset objective function, wherein the fifth objective function belongs to a callback function which is preset;
In the fifth objective function, analyzing and processing the objective data packet through the objective user mode program to obtain a corresponding data packet analysis result;
And transmitting the data packet analysis result to a system kernel of the Linux operating system by utilizing a sixth pre-configured objective function, so that the system kernel of the Linux operating system can perform corresponding management and control operation on the target data packet based on the data packet analysis result.
In a preferred option of the embodiment of the present application, in the data management method based on FTTR, in the fifth objective function, the step of analyzing the target data packet by the target user mode program to obtain a corresponding data packet analysis result includes:
In the fifth objective function, performing hierarchical extraction processing on the objective data packet through the objective user mode program to obtain a plurality of objective layer data, wherein the plurality of objective layer data at least comprises first objective layer data, second objective layer data and third objective layer data;
analyzing network address information of the target data packet based on the first target layer data, and/or analyzing data transmission type information of the target data packet based on the second target layer data, and/or analyzing user side data structure information of the target data packet based on the third target layer data;
and carrying out management and control confirmation operation on the target data packet based on the network address information, the data transmission type information and/or the user side data structure information to obtain a corresponding data packet analysis result, wherein the data packet analysis result comprises passing refusal, passing permission or data modification.
In a preferred option of the embodiment of the present application, in the data management method based on FTTR, the step of transmitting the data packet analysis result to the system kernel of the Linux operating system by using a sixth objective function configured in advance, so that the system kernel of the Linux operating system can perform a corresponding management operation on the target data packet based on the data packet analysis result includes:
Generating corresponding decision data based on the data packet analysis result by utilizing a sixth pre-configured objective function, wherein the decision data further comprises at least one of first data, second data, third data, fourth data and fifth data when the data packet analysis result is included, wherein the first data is used for reflecting reasons or rules for forming the data packet analysis result, the second data is used for reflecting the severity or level of threat generated by the target data packet, the third data is used for reflecting related source and target network addresses or host information, the fourth data is used for reflecting related network protocol and port number, and the fifth data is used for reflecting time generated by the data packet analysis result;
And transmitting the decision data to a system kernel of the Linux operating system by using the sixth objective function, so that the system kernel of the Linux operating system can perform corresponding control operation on the objective data packet based on the decision data.
The embodiment of the application also provides a data management and control device based on FTTR, which is applied to gateway equipment, wherein a Linux operating system is deployed on the gateway equipment, and the data management and control device based on FTTR comprises:
The user state program configuration module is used for configuring a target user state program for data management and control, wherein the target user state program can perform data interaction with the Linux operating system;
The data packet extracting module is used for extracting the data packet to be managed from the system kernel of the Linux operating system by utilizing the target user mode program after the system kernel of the Linux operating system acquires the data packet from other network devices to obtain a corresponding target data packet, wherein the gateway device and the other network devices belong to a FTTR-based network system;
And the data packet analysis module is used for analyzing and processing the target data packet by utilizing the target user mode program to obtain a corresponding data packet analysis result, wherein the data packet analysis result is used for reflecting the management and control operation required to be performed on the target data packet.
On the basis of the above, the embodiment of the present application further provides a gateway device, including:
a memory for storing a computer program;
and the processor is connected with the memory and is used for executing the computer program stored in the memory so as to realize the data management and control method based on FTTR.
On the basis of the above, the embodiment of the application also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and the computer program executes the steps of the data management method based on FTTR.
The application provides a FTTR-based data management and control method and device, gateway equipment and medium, wherein a target user mode program for data management and control is configured firstly; secondly, after the system kernel of the Linux operating system acquires data packets from other network devices, extracting the data packets needing to be managed and controlled from the system kernel of the Linux operating system by utilizing a target user state program to obtain target data packets; and then, analyzing and processing the target data packet by utilizing the target user mode program to obtain a corresponding data packet analysis result. Based on the above, the target user mode program is configured, so that the data packet to be managed in the system kernel of the Linux operating system can be extracted and analyzed by using the target user mode program, thereby obtaining the data packet analysis result, that is, the data packet is not needed to be analyzed and processed by the system kernel of the Linux operating system, so that the burden of the system kernel of the Linux operating system can be reduced to a certain extent, the probability of data processing conflict caused by overlarge data processing burden of the system kernel of the Linux operating system is reduced, and the problem that the data conflict is easy to occur in the existing data management technology can be improved. In addition, the analysis processing of the data packet is realized by utilizing the target user state program, and the target user state program belongs to the user state program, so that the adjustment, update and other processes of the program can be more convenient, and the analysis processing logic of the data packet can be convenient for adjustment and update. In addition, the user mode program can be optimized for specific hardware and environment of the gateway equipment, so that more efficient algorithms and data structures can be utilized, and the performance and efficiency of data packet analysis management and control are improved.
Drawings
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Fig. 1 is a block diagram of a gateway device according to an embodiment of the present application.
Fig. 2 is a flow chart of a data management and control method based on FTTR according to an embodiment of the present application.
Fig. 3 is a block diagram of a FTTR-based data management and control device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
As shown in fig. 1, an embodiment of the present application provides a gateway device. The gateway device may include a memory, a processor, and FTTR-based data management and control means.
In detail, in an alternative embodiment, the memory and the processor are electrically connected directly or indirectly to realize transmission or interaction of data. For example, electrical connection may be made to each other via one or more communication buses or signal lines. The FTTR-based data management device includes at least one software function module that may be stored in the memory in the form of software or firmware (firmware). The processor is configured to execute an executable computer program stored in the memory, for example, a software function module and a computer program included in the FTTR-based data management and control device, so as to implement the FTTR-based data management and control method provided by the embodiment of the application.
Alternatively, the Memory may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
And, the processor may be a general-purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), a System on Chip (SoC), etc.; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
It will be appreciated that the architecture shown in fig. 1 is merely illustrative, and that the gateway device may also include more or fewer components than shown in fig. 1, or have a different configuration than shown in fig. 1, e.g., may also include a communication unit for information interaction with other devices (e.g., servers, etc.).
In addition, the gateway device may be deployed with at least one operating system, such as a primary operating system, a secondary operating system, etc., where the primary operating system may be a Linux operating system. The auxiliary operating system can be a lightweight (relative to the Linux operating system) operating system, the specific type of which is not limited and can be configured according to actual requirements.
With reference to fig. 2, the embodiment of the present application further provides a FTTR-based data management and control method applicable to the gateway device. Wherein the method steps defined by the flow related to the FTTR-based data management and control method can be implemented by the gateway device.
The specific flow shown in fig. 2 will be described in detail.
Step S110, a target user mode program for data management and control is configured.
In the embodiment of the application, the gateway device can be configured with a target user mode program for data management and control. The target user mode program can conduct data interaction with the Linux operating system. It should be noted that, in the Linux environment, there are generally kernel-mode and user-mode execution environments, that is, two different execution environments in which an operating system kernel and an application program run. Kernel Mode (Kernel Mode), which is the privilege level of Kernel operation of an operating system, in which the operating system has complete control over system hardware and resources, and can perform privileged operations, code running in Kernel Mode is usually part of the Kernel of the operating system, responsible for managing the resources of the system and providing operating system services, such as device drivers, file systems, schedulers, etc., and Kernel Mode has higher authority and wider access authority, and can directly access memory, hardware and system resources for performing bottom-level operations. The User Mode is a Mode of running an application program, and compared with the kernel Mode, the User Mode has lower authority and limited access authority, the application program running in the User Mode cannot directly access the underlying hardware and system resources and must access the underlying hardware and system resources through an interface provided by an operating system, the access is limited and protected by the operating system so as to ensure the safety and stability of the system, and the application program in the User Mode is usually a common application program, such as a Web browser, a text editor, a game and the like, and runs on an abstract layer provided by the operating system and depends on services and resources provided by the operating system.
Step S120, after the system kernel of the Linux operating system obtains the data packets from other network devices, the data packets to be managed and controlled are extracted from the system kernel of the Linux operating system by using the target user mode program, so as to obtain the corresponding target data packets.
In the embodiment of the application, after the system kernel of the Linux operating system acquires the data packets from other network devices, the gateway device can extract the data packets to be managed from the system kernel of the Linux operating system by using the target user mode program to obtain the corresponding target data packets. Wherein the gateway device and the other network devices both belong to FTTR-based network systems. The gateway device may be a master gateway device, and the other network devices may be slave gateway devices, and the master gateway device may be communicatively connected to a plurality of slave gateway devices for managing data packets of the slave gateway devices.
And step S130, analyzing and processing the target data packet by utilizing the target user state program to obtain a corresponding data packet analysis result.
In the embodiment of the application, the gateway device can analyze and process the target data packet by using the target user mode program to obtain a corresponding data packet analysis result. The data packet analysis result is used for reflecting the management and control operation required to be performed on the target data packet, such as passing refusal, passing permission or data modification, and the like, and is not particularly limited.
Based on the above, the target user mode program is configured, so that the data packet to be managed in the system kernel of the Linux operating system can be extracted and analyzed by using the target user mode program, thereby obtaining the data packet analysis result, that is, the data packet is not needed to be analyzed and processed by the system kernel of the Linux operating system, so that the burden of the system kernel of the Linux operating system can be reduced to a certain extent, the probability of data processing conflict caused by overlarge data processing burden of the system kernel of the Linux operating system is reduced, and the problem that the data conflict is easy to occur in the existing data management technology can be improved. In addition, the analysis processing of the data packet is realized by utilizing the target user state program, and the target user state program belongs to the user state program, so that the adjustment, update and other processes of the program can be more convenient, and the analysis processing logic of the data packet can be convenient for adjustment and update. In addition, the user mode program can be optimized for specific hardware and environment of the gateway equipment, so that more efficient algorithms and data structures can be utilized, and the performance and efficiency of data packet analysis management and control are improved.
In the first aspect, it should be noted that, in step S110, the specific manner of configuring the target user mode program is not limited, and may be selected according to actual requirements, for example, different configurations may be available based on different requirements for the target user mode program.
For example, in an alternative embodiment, in order to enable the reliable and stable extraction, analysis, and other operations to be performed on the data packet to be managed by the target user mode program, the step S110 may further include a step S111 and a step S112, and the specific content of each step may be as follows.
Step S111, deploying the target user mode program and the target data queue.
In the embodiment of the application, the target user mode program and the target data queue can be deployed on the gateway equipment. The target user mode program is used for analyzing and processing the data packets extracted from the target data queue, and the target data queue is used for storing the data packets which need to be managed and controlled in the system kernel of the Linux operating system. That is, after the system kernel of the Linux operating system acquires a data packet to be managed, the data packet may be stored in the target data queue, for example, after the gateway device belongs to a master gateway device and the slave gateway device sends the data packet to the master gateway device, the system kernel of the Linux operating system of the master gateway device may acquire the data packet (for example, acquire the data packet through a configured network interface) and then may store the data packet in the target data queue. Specifically, a rule may be created by using the iptables tool to delegate all received network packets (data packets) to a particular queue, e.g., the queue number specified here may be 0, so the rule may be: iptables-A INPUT-j NFQUEUE- -queue-num 0. The iptable is a command line tool for configuring firewall rules in a Linux environment, and allows a user to configure the firewall rules and control the flow of data packets. -a INPUT: -a option indicates that a rule is appended to the end of the specified chain, INPUT being the name of one firewall chain, indicating that the rule is to be applied to incoming packets. -j nfquue: the j option specifies an action, i.e. an operation to be performed when a rule is matched, where NFQUEUE indicates that the matched packet is sent to NETFILTER QUEUE. -queue-num 0: the queue-num option is used to specify the number of NFQUEUE in which the packet can be sent to the queue numbered 0.
Step S112, performing association processing on the target user mode program and the target data queue, so that the target user mode program can monitor the target data queue, and extract a data packet to be managed when the data packet is stored in the target data queue.
In the embodiment of the application, after the target user mode program and the target data queue are deployed, the target user mode program and the target data queue can be associated, for example, the target user mode program is directed to the target data queue, so that the target user mode program can monitor the target data queue, and when a data packet needing to be managed is stored in the target data queue, the data packet is extracted.
It should be understood that, for step S112, it should be noted that the specific manner of performing the association processing on the target user mode program and the target data queue is not limited, and may be selected according to actual requirements.
For example, in an alternative embodiment, in order to enable the target user mode program to more reliably obtain the data packet to be managed from the target data queue, the step S112 may further include a step S112a and a step S112b, where details of each step are as follows.
Step S112a, creating a target connection by using the target user mode program.
In the embodiment of the application, after the target user mode program is deployed, the target user mode program can be utilized to create target connection. The target connection belongs to socket connection (such as socket connection, reliable data transmission can be realized, and the target connection has perfect error processing and retransmission mechanism, so that the integrity and reliability of data can be ensured), and is formed by calling a first target function through the target user state program. Illustratively, the first objective function may be nfq _open function, and nfq _open function is a function in the libnetfilter _queue library that opens an NFQUEUE and returns a handle associated therewith. The nfq _open function may be used in the user mode program to initialize the NFQUEUE queue.
Step S112b, binding the target connection to the target data queue.
In an embodiment of the present application, after the target connection is created, the target connection may be further bound to the target data queue. The target user state program is used for designating a data queue number to be connected by calling a second target function, binding the data queue number with the target data queue, and configuring a replication mode of a data packet by a third target function, so that a corresponding data packet can be replicated from the target data queue through the target connection. Illustratively, the second objective function may be a nfq _create_queue function and the third objective function may be a nfq _set_mode function. That is, it is possible to specify information such as a queue number, a callback function, etc. to be connected using the nfq _create_queue function, and set parameters such as a packet copy mode using the nfq _set_mode function. Wherein nfq _create_queue function is a function in libnetfilter _queue library, and the attribute of the newly created queue, such as the number of the queue, the buffer size, etc., can be configured by parameters. The nfq _set_mode function is a function in the libnetfilter _queue library that is used to set the mode of operation of the NFQUEUE, and this function is typically used in a user mode program to configure the mode of operation of the NFQUEUE to specify the manner in which packets are handled. Specifically, the nfq _set_mode function functions: setting the working mode of a queue: the mode of operation of the NFQUEUE queue can be specified by parameters, and mainly includes two modes: NFQNL _COPY_PACKET: a duplicate packet mode in which, when a packet arrives at the queue, the kernel sends a duplicate of the packet to the user mode program for processing, and the original packet is either forwarded or discarded; NFQNL _COPY_META: the metadata copying mode, in which the kernel only sends metadata (such as protocol type, packet length, etc.) of the data packet to the user mode program, and does not send a copy of the data packet, is suitable for a scenario of analyzing or processing the metadata of the data packet.
In the second aspect, it should be noted that, in step S120, a specific manner of extracting the data packet to be managed from the system kernel of the Linux operating system by using the target user mode program is not limited, and may be selected according to actual requirements.
For example, in an alternative embodiment, in order to enable the target user mode program to reliably and stably extract the data packet to be managed from the system kernel of the Linux operating system, the step S120 may further include a step S121 and a step S122, where details of each step are as follows.
Step S121, after the system kernel of the Linux operating system acquires the data packets from other network devices, the bound target data queue is determined by using the target user mode program through the pre-created target connection.
In the embodiment of the application, after the system kernel of the Linux operating system acquires the data packets from other network devices, the bound target data queue is determined by the target user mode program through the pre-established target connection. The target data queue is used for storing data packets to be managed and controlled in a system kernel of the Linux operating system. The target connection may be a socket connection, for example, as described in the foregoing.
Step S122, extracting the data packet to be managed from the target data queue by using the target user state program through a fourth target function deployed in advance, so as to obtain a corresponding target data packet.
In the embodiment of the application, after the target data queue is determined, the target user mode program can be utilized to extract the data packet to be managed from the target data queue through a fourth pre-deployed objective function, so as to obtain the corresponding target data packet. The fourth objective function may be, for example, a recv function. The recv function is a system call for receiving data on a socket (socket), which is typically used to receive data from the other end in network programming. Illustratively, the recv function functions are: receiving data: the function receives data from the connected socket and stores the received data in a designated buffer; waiting for data to arrive: if no data is available in the socket receive buffer, the recv function will block (unless the socket is set to non-blocking mode) until there is data to arrive, which allows the program to wait for the arrival of data without having to query the socket frequently; processing the received data: once there is data arriving, the recv function copies the data from the socket receive buffer into the specified buffer and returns the number of bytes received; error handling: if an error occurs (e.g., connection is broken, timeout, etc.), the recv function returns a negative number, while the global variable errno is set to indicate the type of error.
In the third aspect, it should be noted that, in step S130, a specific manner of performing the analysis processing on the target data packet by using the target user mode program is not limited, and may be selected according to actual requirements.
For example, in an alternative embodiment, in order to ensure the reliability of the data management of the target data packet, the step S130 may further include a step S131, a step S132, and a step S133, which are described below.
Step S131, after extracting the data packet to be managed from the system kernel of the Linux operating system to obtain the corresponding target data packet, triggering a preconfigured fifth objective function.
In the embodiment of the present application, after the data packet to be managed is extracted from the system kernel of the Linux operating system to obtain the corresponding target data packet, for example, after step S120, a preconfigured fifth objective function may be triggered, where the fifth objective function belongs to a preconfigured callback function, and a triggering mechanism of the fifth objective function may be preconfigured, that is, after the target data packet is extracted, a call of the fifth objective function may be triggered. The fifth objective function may be a packet_callback function, where the packet_callback function is a function for processing a received packet, and is registered in the libnetfilter _queue library as a callback function for processing an NFQUEUE packet.
Step S132, in the fifth objective function, performing analysis processing on the target data packet by using the target user mode program to obtain a corresponding data packet analysis result.
In the embodiment of the present application, after the fifth objective function is triggered, the fifth objective function may be called, so that in the fifth objective function, the objective user mode program analyzes and processes the objective data packet to obtain a corresponding data packet analysis result. That is, the specific management operations that need to be performed on the target data packet may be analyzed.
And step S133, transmitting the data packet analysis result to a system kernel of the Linux operating system by utilizing a sixth pre-configured objective function, so that the system kernel of the Linux operating system can perform corresponding control operation on the target data packet based on the data packet analysis result.
In the embodiment of the present application, after the data packet analysis result is obtained, the data packet analysis result may be further transmitted to the system kernel of the Linux operating system by using a sixth objective function configured in advance, so that the system kernel of the Linux operating system may perform a corresponding management and control operation on the target data packet based on the data packet analysis result. That is, for the target data packet, the analysis processing of the target data packet can be implemented through the target user mode program, and the specific management operation of the target data packet is implemented through the system kernel of the Linux operating system, so that the target user mode program and the system kernel of the Linux operating system can better work and cooperate, the processing timeliness of the data packet is ensured, and the problem that data collision easily occurs is avoided.
It should be understood that, for the step S132, the specific way of analyzing the target data packet by the target user mode program is not limited, and may be selected according to actual requirements.
For example, in an alternative embodiment, the specific data content of the target data packet may be parsed, such as whether there is illegal content or not.
For another example, in another alternative embodiment, in order to enable fine-tuning control of the target data packet, the step S132 may further include a step S132a, a step S132b, and a step S132c, where the details of each step are as follows.
In step S132a, in the fifth objective function, the objective user mode program performs hierarchical extraction processing on the objective data packet to obtain a plurality of objective layer data.
In the embodiment of the present application, after the fifth objective function is triggered, in the fifth objective function, the objective data packet may be subjected to hierarchical extraction processing by the objective user mode program, so as to obtain a plurality of objective layer data. Wherein the plurality of target layer data includes at least first target layer data (e.g., a network layer), second target layer data (e.g., a transport layer), and third target layer data (e.g., a user layer). The target data packet may be hierarchically extracted, for example, by means of a OSI (Open Systems Interconnection) seven-layer model. In addition, the OSI seven-layer model is an abstract computer network architecture for describing and standardizing the different levels of computer network communications, which divides network communications into seven different levels, each having specific functions and responsibilities, with clear boundaries and interaction specifications between the layers, e.g., the layers of the OSI seven-layer model and their functions are as follows: physical layer (PHYSICAL LAYER): the original bit stream is responsible for transmission, and the specifications of electrical characteristics and physical connection are defined, such as voltage, cable type, transmission rate and the like; data link layer (DATA LINK LAYER): responsible for transmitting data frames between adjacent nodes, providing reliable data transmission, and performing error detection and correction, such as an ethernet protocol; network Layer (Network Layer): the method is responsible for selecting proper routes and paths in the network, realizing communication among different networks, and processing the grouping, routing and forwarding of the data packets, such as an IP protocol; transport Layer (Transport Layer): responsible for end-to-end data transmission, providing reliable data transmission services and error recovery mechanisms, such as TCP protocol and UDP protocol; session Layer (Session Layer): responsible for establishing, managing and terminating session connections, providing control and synchronization of data exchanges, such as RPC (Remote Procedure Call); representation layer (Presentation Layer): responsible for format conversion, encryption and compression of data to ensure compatibility and readability of data between different systems, such as ASCII code conversion, data encryption and compression; application layer (Application Layer): providing an interface between web services and applications, supporting user access to the network and application interactions, such as the HTTP protocol, FTP protocol, and SMTP protocol, may also be referred to as the user layer described above.
Step S132b, based on the first target layer data, analyzes network address information of the target data packet, and/or, based on the second target layer data, analyzes data transmission type information of the target data packet, and/or, based on the third target layer data, analyzes user side data structure information of the target data packet.
In the embodiment of the present application, when the plurality of destination layer data includes the first destination layer data, network address information, such as analyzed Ipv4/Ipv6 address information, included in the destination data packet may be analyzed based on the first destination layer data. When the plurality of target layer data includes the second target layer data, data transmission type information, such as TCP/UDP (port) information, of the target data packet may be analyzed based on the second target layer data. When the plurality of target layer data includes the third target layer data, user side data structure information of the target data packet may be analyzed based on the third target layer data, for example, a data structure of a user side is analyzed, for example, feature data of a user application, specifically, the first 4 bytes of the data packet are fixed to be FD, and may be taken as feature data of the user application, where the feature data may reflect a corresponding user application, such as/huyalive/, and is characterized by "tiger living broadcast" of the user application.
Step S132c, performing a management and control confirmation operation on the target data packet based on the network address information, the data transmission type information and/or the user side data structure information, to obtain a corresponding data packet analysis result.
In the embodiment of the present application, after analyzing the network address information, the data transmission type information and/or the user side data structure information, at least one of the network address information, the data transmission type information and the user side data structure information is obtained, and based on the network address information, the data transmission type information and/or the user side data structure information, a management and control confirmation operation may be performed on the target data packet to obtain a corresponding data packet analysis result. Wherein the data packet analysis result comprises a reject traffic (nf_drop), an allow traffic (nf_accept), or a data modification (nf_accept+nf_modify). For example, the network address information, the data transmission type information and/or the user side data structure information may be compared with information in a pre-constructed information database, and if corresponding information is matched in the information database, it may be determined that the destination data packet needs to be refused to pass, allowed to pass or modified; or if the corresponding information is not matched in the information database, determining that the passing refusal, the passing permission or the data modification of the target data packet are required, and configuring a specific control strategy according to actual requirements.
It may be appreciated that, in an alternative embodiment, in order to make the management accuracy of the target data packet higher, the target data packet may be further parsed to obtain corresponding domain name information, and then, a corresponding management operation may be performed on the target data packet based on the domain name information, where if the corresponding domain name information exists in the pre-constructed information database, the target data packet is determined to be a data packet that needs to be refused to pass, allowed to pass, or modified in data; or if the corresponding domain name information does not exist in the pre-constructed information database, determining the target data packet as a data packet which needs to be refused to pass, allowed to pass or modified in data, wherein the specific management and control strategy can be configured according to the actual requirement. In addition, in some specific applications, when some domain name accesses are managed, the corresponding domain name request may be hijacked or redirected.
It should be understood that, for the step S133, a specific manner of transmitting the packet analysis result to the system kernel of the Linux operating system by using the sixth objective function is not limited, and may be selected according to actual requirements.
For example, in an alternative embodiment, in order to make the efficiency of the management and control operation on the target data packet higher, after the data packet analysis result is obtained, the data packet analysis result may be directly transmitted to the system kernel of the Linux operating system, so that the system kernel of the Linux operating system may perform the corresponding management and control operation in time.
For another example, in another alternative embodiment, in order to make the reliability of the control operation for the target data packet higher, the step S133 may further include a step S133a and a step S133b, where the specific content of each step is as follows.
Step S133a, generating corresponding decision data based on the data packet analysis result by using a sixth objective function configured in advance.
In the embodiment of the present application, after the packet analysis result is obtained, a sixth objective function configured in advance may be used to generate corresponding decision data based on the packet analysis result. When the data packet analysis result is included, the decision data further includes at least one of first data, second data, third data, fourth data and fifth data, where the first data (Reason, meason) is used to reflect a Reason or a rule forming the data packet analysis result, the second data (threat level ) is used to reflect a severity or a level of a threat generated by the target data packet, the third data (Source Address) and destination Address (Destination Address) is used to reflect a Source and destination network Address or host information involved, the fourth data (Protocol) and Port (Port)) is used to reflect a network Protocol and Port number involved, the fifth data (Timestamp) is used to reflect a time generated by the data packet analysis result.
And step S133b, transmitting the decision data to a system kernel of the Linux operating system by using the sixth objective function, so that the system kernel of the Linux operating system can perform corresponding control operation on the target data packet based on the decision data.
In the embodiment of the present application, after the decision data is generated, the sixth objective function may be further utilized to transmit the decision data to a system kernel of the Linux operating system, so that the system kernel of the Linux operating system may perform a corresponding management and control operation on the target data packet based on the decision data.
The FTTR-based data management method described above can be used to improve the problem in the following applications:
With the diversification of network applications and network behaviors, enterprise network administrators need to normalize users' surfing behavior in complex network environments. The government enterprise gateway is strongly required to support internet surfing behavior management, so that various user access authentication mechanisms and application control can be realized, the internet surfing behavior of a user is effectively managed, illegal user access is avoided, staff is prevented from performing network behaviors irrelevant to work, and the bandwidth resource utilization rate is improved. The internet surfing behavior management system is a software and hardware integrated control management gateway for government enterprise clients, can carry out omnibearing effective management on internet surfing behaviors of staff in enterprises, protects Web access safety, reduces the use risk of the enterprise Internet, avoids leakage of confidential information of the enterprises, improves the working efficiency of the staff, prevents and limits P2P and other applications which seriously consume bandwidth, and ensures the core service bandwidth of the enterprises. In order to prevent staff from accessing websites irrelevant to work in working time and improve working efficiency, enterprise administrators need to control and manage Internet users based on applications. The intelligent application control SAC (Smart Application Control) is supported, various applications can be intelligently classified, and refined strategy control can be performed aiming at different types of applications. For example, for network behavior unrelated to work, access can be limited, so that the internet surfing behavior of a user is standardized, and the work efficiency is improved.
With reference to fig. 3, the embodiment of the application further provides a FTTR-based data management and control device applicable to the gateway device. The FTTR-based data management and control device can comprise a user mode program configuration module, a data packet extraction module and a data packet analysis module.
In detail, in an alternative embodiment, the user mode program configuration module may be configured to configure a target user mode program for performing data management and control, where the target user mode program is capable of performing data interaction with the Linux operating system. In the embodiment of the present application, the user mode program configuration module may be used to execute step S110 shown in fig. 2, and the description of step S110 may be referred to for the relevant content of the user mode program configuration module.
In detail, in an alternative embodiment, the data packet extracting module may be configured to extract, by using the target user mode program, a data packet to be managed from a system kernel of the Linux operating system after the system kernel of the Linux operating system obtains a data packet from another network device, so as to obtain a corresponding target data packet, where the gateway device and the other network device both belong to a network system based on FTTR. In the embodiment of the present application, the packet extraction module may be used to perform step S120 shown in fig. 2, and the description of step S120 may be referred to above for the relevant content of the packet extraction module.
In detail, in an alternative embodiment, the packet analysis module may be configured to perform analysis processing on the target packet by using the target user mode program to obtain a corresponding packet analysis result, where the packet analysis result is used to reflect a management operation that needs to be performed on the target packet. In an embodiment of the present application, the packet analysis module may be used to perform step S130 shown in fig. 2, and the description of step S130 may be referred to for the relevant content of the packet analysis module.
Illustratively, the user-mode program configuration module may be specifically configured to:
A target user mode program and a target data queue are deployed, wherein the target user mode program is used for analyzing and processing data packets extracted from the target data queue, and the target data queue is used for storing the data packets needing to be managed and controlled in a system kernel of the Linux operating system;
and carrying out association processing on the target user mode program and the target data queue, so that the target user mode program can monitor the target data queue and extract the data packet to be managed when the data packet is stored in the target data queue.
Illustratively, the packet extraction module may specifically be configured to:
After the system kernel of the Linux operating system acquires data packets from other network devices, determining a bound target data queue by utilizing the target user state program through a pre-established target connection, wherein the target data queue is used for storing the data packets needing to be managed and controlled in the system kernel of the Linux operating system;
and extracting the data packet to be managed and controlled from the target data queue through a fourth target function which is deployed in advance by utilizing the target user mode program, so as to obtain a corresponding target data packet.
Illustratively, the packet analysis module may be specifically configured to:
After a data packet to be managed is extracted from a system kernel of the Linux operating system to obtain a corresponding target data packet, triggering a fifth preset objective function, wherein the fifth objective function belongs to a callback function which is preset;
In the fifth objective function, analyzing and processing the objective data packet through the objective user mode program to obtain a corresponding data packet analysis result;
And transmitting the data packet analysis result to a system kernel of the Linux operating system by utilizing a sixth pre-configured objective function, so that the system kernel of the Linux operating system can perform corresponding management and control operation on the target data packet based on the data packet analysis result.
In an embodiment of the present application, corresponding to the data management method based on FTTR applied to the gateway device, a computer readable storage medium is further provided, where a computer program is stored, and the computer program executes each step of the data management method based on FTTR when running.
The steps executed when the computer program runs are not described in detail herein, and the explanation of the data management method based on FTTR can be referred to.
In summary, the data management and control method and device based on FTTR, the gateway device and the medium provided by the application firstly configure the target user mode program for data management and control; secondly, after the system kernel of the Linux operating system acquires data packets from other network devices, extracting the data packets needing to be managed and controlled from the system kernel of the Linux operating system by utilizing a target user state program to obtain target data packets; and then, analyzing and processing the target data packet by utilizing the target user mode program to obtain a corresponding data packet analysis result. Based on the above, the target user mode program is configured, so that the data packet to be managed in the system kernel of the Linux operating system can be extracted and analyzed by using the target user mode program, thereby obtaining the data packet analysis result, that is, the data packet is not needed to be analyzed and processed by the system kernel of the Linux operating system, so that the burden of the system kernel of the Linux operating system can be reduced to a certain extent, the probability of data processing conflict caused by overlarge data processing burden of the system kernel of the Linux operating system is reduced, and the problem that the data conflict is easy to occur in the existing data management technology can be improved. In addition, the analysis processing of the data packet is realized by utilizing the target user state program, and the target user state program belongs to the user state program, so that the adjustment, update and other processes of the program can be more convenient, and the analysis processing logic of the data packet can be convenient for adjustment and update. In addition, the user mode program can be optimized for specific hardware and environment of the gateway equipment, so that more efficient algorithms and data structures can be utilized, and the performance and efficiency of data packet analysis management and control are improved. Therefore, the method can produce better application effect in practical application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus and method embodiments described above are merely illustrative, for example, flow diagrams and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (10)

1. The data management and control method based on FTTR is characterized by being applied to gateway equipment, wherein a Linux operating system is deployed on the gateway equipment, and the data management and control method based on FTTR comprises the following steps:
configuring a target user mode program for data management and control, wherein the target user mode program can perform data interaction with the Linux operating system;
After the system kernel of the Linux operating system acquires the data packets from other network devices, extracting the data packets to be managed from the system kernel of the Linux operating system by using the target user state program to obtain corresponding target data packets, wherein the gateway device and the other network devices belong to a FTTR-based network system;
And analyzing and processing the target data packet by using the target user mode program to obtain a corresponding data packet analysis result, wherein the data packet analysis result is used for reflecting the management and control operation required to be performed on the target data packet.
2. The FTTR-based data management method as defined in claim 1, wherein the step of configuring the target user mode program for data management includes:
A target user mode program and a target data queue are deployed, wherein the target user mode program is used for analyzing and processing data packets extracted from the target data queue, and the target data queue is used for storing the data packets needing to be managed and controlled in a system kernel of the Linux operating system;
and carrying out association processing on the target user mode program and the target data queue, so that the target user mode program can monitor the target data queue and extract the data packet to be managed when the data packet is stored in the target data queue.
3. The FTTR-based data management method according to claim 2, wherein the step of performing association processing on the target user mode program and the target data queue to enable the target user mode program to monitor the target data queue and extract a data packet to be managed when the data packet is stored in the target data queue includes:
creating a target connection by using the target user state program, wherein the target connection belongs to socket connection, and a first target function is created by calling the target user state program;
And binding the target connection to the target data queue, wherein the target user state program is used for designating a data queue number to be connected by calling a second target function so as to be bound with the target data queue, and is used for configuring a replication mode of a data packet by a third target function so as to replicate a corresponding data packet from the target data queue through the target connection.
4. The method for managing and controlling data based on FTTR as set forth in claim 1, wherein the step of extracting, by using the target user mode program, a data packet to be managed and controlled from the system kernel of the Linux operating system after the system kernel of the Linux operating system acquires the data packet from other network devices, and obtaining a corresponding target data packet includes:
After the system kernel of the Linux operating system acquires data packets from other network devices, determining a bound target data queue by utilizing the target user state program through a pre-established target connection, wherein the target data queue is used for storing the data packets needing to be managed and controlled in the system kernel of the Linux operating system;
and extracting the data packet to be managed and controlled from the target data queue through a fourth target function which is deployed in advance by utilizing the target user mode program, so as to obtain a corresponding target data packet.
5. The FTTR-based data management and control method according to claim 1, wherein the step of analyzing the target data packet by using the target user state program to obtain a corresponding data packet analysis result includes:
After a data packet to be managed is extracted from a system kernel of the Linux operating system to obtain a corresponding target data packet, triggering a fifth preset objective function, wherein the fifth objective function belongs to a callback function which is preset;
In the fifth objective function, analyzing and processing the objective data packet through the objective user mode program to obtain a corresponding data packet analysis result;
And transmitting the data packet analysis result to a system kernel of the Linux operating system by utilizing a sixth pre-configured objective function, so that the system kernel of the Linux operating system can perform corresponding management and control operation on the target data packet based on the data packet analysis result.
6. The FTTR-based data management method according to claim 5, wherein in the fifth objective function, the step of analyzing the target data packet by the target user mode program to obtain a corresponding data packet analysis result includes:
In the fifth objective function, performing hierarchical extraction processing on the objective data packet through the objective user mode program to obtain a plurality of objective layer data, wherein the plurality of objective layer data at least comprises first objective layer data, second objective layer data and third objective layer data;
analyzing network address information of the target data packet based on the first target layer data, and/or analyzing data transmission type information of the target data packet based on the second target layer data, and/or analyzing user side data structure information of the target data packet based on the third target layer data;
and carrying out management and control confirmation operation on the target data packet based on the network address information, the data transmission type information and/or the user side data structure information to obtain a corresponding data packet analysis result, wherein the data packet analysis result comprises passing refusal, passing permission or data modification.
7. The method for data management and control based on FTTR, wherein the step of transmitting the packet analysis result to a system kernel of the Linux operating system by using a sixth objective function configured in advance to enable the system kernel of the Linux operating system to perform a corresponding management and control operation on the target packet based on the packet analysis result includes:
Generating corresponding decision data based on the data packet analysis result by utilizing a sixth pre-configured objective function, wherein the decision data further comprises at least one of first data, second data, third data, fourth data and fifth data when the data packet analysis result is included, wherein the first data is used for reflecting reasons or rules for forming the data packet analysis result, the second data is used for reflecting the severity or level of threat generated by the target data packet, the third data is used for reflecting related source and target network addresses or host information, the fourth data is used for reflecting related network protocol and port number, and the fifth data is used for reflecting time generated by the data packet analysis result;
And transmitting the decision data to a system kernel of the Linux operating system by using the sixth objective function, so that the system kernel of the Linux operating system can perform corresponding control operation on the objective data packet based on the decision data.
8. The data management and control device based on FTTR is characterized by being applied to gateway equipment, wherein a Linux operating system is deployed on the gateway equipment, and the data management and control device based on FTTR comprises:
The user state program configuration module is used for configuring a target user state program for data management and control, wherein the target user state program can perform data interaction with the Linux operating system;
The data packet extracting module is used for extracting the data packet to be managed from the system kernel of the Linux operating system by utilizing the target user mode program after the system kernel of the Linux operating system acquires the data packet from other network devices to obtain a corresponding target data packet, wherein the gateway device and the other network devices belong to a FTTR-based network system;
And the data packet analysis module is used for analyzing and processing the target data packet by utilizing the target user mode program to obtain a corresponding data packet analysis result, wherein the data packet analysis result is used for reflecting the management and control operation required to be performed on the target data packet.
9. A gateway device, comprising:
a memory for storing a computer program;
a processor coupled to the memory for executing a computer program stored in the memory for implementing the FTTR-based data management method according to any one of claims 1-7.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when run, performs the steps of the FTTR-based data management method according to any one of claims 1-7.
CN202410472037.8A 2024-04-19 2024-04-19 FTTR-based data management and control method and device, gateway equipment and medium Pending CN118101459A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410472037.8A CN118101459A (en) 2024-04-19 2024-04-19 FTTR-based data management and control method and device, gateway equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410472037.8A CN118101459A (en) 2024-04-19 2024-04-19 FTTR-based data management and control method and device, gateway equipment and medium

Publications (1)

Publication Number Publication Date
CN118101459A true CN118101459A (en) 2024-05-28

Family

ID=91155192

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410472037.8A Pending CN118101459A (en) 2024-04-19 2024-04-19 FTTR-based data management and control method and device, gateway equipment and medium

Country Status (1)

Country Link
CN (1) CN118101459A (en)

Similar Documents

Publication Publication Date Title
US9118719B2 (en) Method, apparatus, signals, and medium for managing transfer of data in a data network
US7058974B1 (en) Method and apparatus for preventing denial of service attacks
US7406709B2 (en) Apparatus and method for allowing peer-to-peer network traffic across enterprise firewalls
US7480707B2 (en) Network communications management system and method
US11750721B2 (en) Bidirectional command protocol via a unidirectional communication connection for reliable distribution of tasks
EP1624644A2 (en) Privileged network routing
EP1266277A1 (en) System, device and method for rapid packet filtering and processing
AU2001241717A1 (en) System, device and method for rapid packet filtering and processing
CN104205751A (en) Network system, controller, and packet authentication method
US10795912B2 (en) Synchronizing a forwarding database within a high-availability cluster
JP2009528757A (en) Detection and control of peer-to-peer communication
US20080104688A1 (en) System and method for blocking anonymous proxy traffic
US11329959B2 (en) Virtual routing and forwarding (VRF)-aware socket
US20060150243A1 (en) Management of network security domains
WO2023114184A1 (en) Encrypted data packet forwarding
Bian et al. A survey on software-defined networking security
CN114422160B (en) Virtual firewall setting method and device, electronic equipment and storage medium
Cho et al. A sophisticated packet forwarding scheme with deep packet inspection in an openflow switch
CN118101459A (en) FTTR-based data management and control method and device, gateway equipment and medium
US9338021B2 (en) Network traffic redirection in bi-planar networks
US20100166011A1 (en) Method, apparatus and system for realizing dynamic correlation of control plane traffic rate
US9246880B2 (en) Methods for secure communication between network device services and devices thereof
CN113824808B (en) Method and system for network address translation penetration using an intermediate meeting proxy
KR102094316B1 (en) Network Separation System Based on Account Switching
CN117376011A (en) Safety protection system, safety protection method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination