JP2018011207A - Communication device, communication control method, and network system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a network system that does not consume many resources in order to change communication control.SOLUTION: A communication device for transmitting and receiving data includes a computation device, a storage device, and a network interface. The communication device also includes: a communication function unit for transmitting and receiving data via the network interface; a communication processing unit for processing the data obtained from the communication function unit and outputting the processed data; a proxy communication function unit for carrying out any communication control for data; and a hook processing unit for changing a call-out to the communication function unit from the communication processing unit to a call-out to the proxy communication function unit.SELECTED DRAWING: Figure 3

Description

  The present invention relates to communication control.

  Cloud computing has become widespread along with the speeding up of network lines such as the Internet. In cloud computing, hardware and software are provided as services via a network such as the Internet. As the use of network lines increases due to the spread of cloud computing, there are problems of poor quality of network lines and information leakage.

  In order to solve these problems, devices that improve line utilization efficiency and devices that change communication control such as encrypting communication data from the viewpoint of security have been introduced.

  As background art of this technical field, for example, as a device for improving the utilization efficiency of a line, Japanese Patent Laying-Open No. 2015-133669 (Patent Document 1) describes “a method for controlling a transmission device connected to a network, Transmits data to a receiving device via a network, receives acknowledgment data including reception confirmation and reception window size information from the receiving device via the network, and controls a bandwidth related to data transmitted from the transmitting device Then, the controlled bandwidth is suppressed so that the data size of the data that has not received an acknowledgment from the receiving device among the transmitted data is less than or equal to the upper limit value determined from the reception window size, Based on the data size and the reception window size, transmission / reception is switched to enable / disable the suppression of the bandwidth. Control method of the apparatus. "Is disclosed.

JP2015-133669A

  In the method of Patent Document 1, a communication device installed between a server and a client receives a packet transmitted by the server and buffers the packet. Thereafter, the communication device performs bandwidth control processing and transmits the buffered packet. As a result, communication control between the server and the client is changed so that the line bandwidth is efficiently used.

  In the above-described method, since the communication device performs transmission / reception of packets before performing bandwidth control processing, the number of times of packet transmission / reception processing increases as the entire system of the server, client, and communication device, and also for buffering packets Use a lot of memory. Therefore, resource consumption is large.

  A typical example of the invention disclosed in the present application is as follows. That is, a communication device that transmits and receives data, and includes a calculation device, a storage device connected to the calculation device, and a network interface connected to the calculation device, and a communication function that transmits and receives data via the network interface A communication processing unit that processes the data acquired from the communication function unit and outputs the processed data, a proxy communication function unit that performs arbitrary communication control on the data, and the communication processing unit And a hook processing unit that changes the call of the communication function unit from the call to the proxy communication function unit.

  According to one aspect of the present invention, it is possible to dynamically change communication control while suppressing resource consumption. Problems, configurations, and effects other than those described above will become apparent from the description of the following examples.

1 is a diagram illustrating a configuration example of a network system according to a first embodiment. 2 is a block diagram illustrating an example of a hardware configuration and a software configuration of a computer according to Embodiment 1. FIG. FIG. 3 is a block diagram illustrating details of a software configuration of the computer according to the first embodiment. It is a figure which shows an example of the format of the TCP packet data which the computer of Example 1 transmits / receives. FIG. 3 is a diagram illustrating an example of a data structure of setting information stored in a setting information storage unit according to the first embodiment. It is a figure which shows an example of the data structure of the flow information stored in the flow information storage part of Example 1. 6 is a flowchart illustrating an example of processing executed by a flow information processing unit according to the first embodiment. 6 is a flowchart illustrating processing executed by a transmission control algorithm selection unit according to the first embodiment. It is a figure which shows an example of the format of the UDP packet data which the computer of Example 2 transmits / receives. FIG. 11 is a block diagram illustrating details of a software configuration of a computer according to a second embodiment. It is a figure which shows an example of the data structure of the setting information stored in the setting information storage part of Example 2. It is a figure which shows an example of the data structure of the flow information stored in the flow information storage part of Example 2. 10 is a flowchart illustrating processing executed by a flow information processing unit according to the second embodiment. 10 is a flowchart illustrating processing executed by a flow information processing unit according to the second embodiment. 12 is a flowchart illustrating processing executed by a transmission control algorithm selection unit according to the second embodiment. 12 is a flowchart illustrating processing executed by a transmission control algorithm selection unit according to the second embodiment. 12 is a flowchart illustrating processing executed by a transmission control algorithm selection unit according to the second embodiment.

  Embodiments of the present invention will be described below with reference to the accompanying drawings. It should be noted that the present embodiment is merely an example for realizing the present invention and does not limit the technical scope of the present invention. In each figure, the same reference numerals are given to common configurations.

  In Example 1, a basic example of the present invention will be described. Specifically, the first embodiment shows a system that realizes data transmission control with reduced resource consumption based on TCP (Transmission Control Protocol), which is a transport control protocol of the transport layer of the OSI reference model.

  FIG. 1 is a diagram illustrating a configuration example of a network system according to the first embodiment.

  The network system includes one or more networks 101 including one or more relay apparatuses 102 and a plurality of computers 100. The computer 100 communicates with other computers 100 via the network 101. The number of computers 100, networks 101, and relay apparatuses 102 is not limited to the numbers shown in FIG.

  In the example illustrated in FIG. 1, the computer 100-1 and the computer 100-2 communicate with each other via the network 101-1. Further, the computer 100-1 and the computer 100-2 communicate with the computer 100-3 via the network 101-1 and the network 101-2.

  The computer 100 may be a physical server, a proxy device, an information processing device, a terminal, or the like. The computer 100 may be a virtual server on a physical server.

  The network 101 may be a LAN (Local Area Network), a WAN (Wide Area Network), the Internet, or the like. The network 101 may be a network whose bandwidth is guaranteed or a network whose bandwidth is not guaranteed.

  Each of the networks 101-1 and 101-2 includes relay apparatuses 102-1 and 102-2. As the relay device 102, for example, a switch and a gateway device can be considered.

  FIG. 2 is a block diagram illustrating an example of a hardware configuration and a software configuration of the computer 100 according to the first embodiment. FIG. 3 is a block diagram illustrating details of the software configuration of the computer 100 according to the first embodiment.

  The computer 100 includes an arithmetic device 200, a main storage device 201, a secondary storage device 202, and a network interface (NIF) 203. The hardware included in the computer 100 is connected to each other via the system bus 204 and transfers data to each other via the system bus 204.

  FIG. 2 shows an example in which the arithmetic device 200, the main storage device 201, the secondary storage device 202, and the NIF 203 are connected via one system bus 204. Each hardware may be connected through a plurality of system buses, or may be directly connected without going through the system bus.

  The computer 100 may include a plurality of arithmetic devices 200, a main storage device 201, a secondary storage device 202, and an NIF 203.

  The arithmetic device 200 executes a program stored in the main storage device 201 and reads / writes data from / to the main storage device 201. The arithmetic device 200 may be a CPU (Central Processing Unit), a GPU (Graphics Processing Unit), or the like. Various functions of the computer 100 are realized by the arithmetic device 200 executing the program. In the following description, when a process is described with a functional unit as a subject, it represents that the arithmetic device 200 is executing a program that realizes the functional unit.

  The main storage device 201 stores a program executed by the arithmetic device 200 and data necessary for the program. The main storage device 201 may be a memory, for example. The program stored in the main storage device 201 will be described later. The secondary storage device 202 permanently stores programs and data. As the secondary storage device 202, for example, an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like can be considered.

  In this embodiment, programs and data are stored in the secondary storage device 202. The arithmetic device 200 reads a program and data from the secondary storage device 202 as needed, and loads the program and data into the main storage device 201.

  The NIF 203 is an interface for connecting to the network 101. The NIF 203 may be a logical NIF on a physical NIF.

  The main storage device 201 stores programs for realizing the communication processing unit 210, the hook processing unit 220, the proxy communication function unit 230, the communication function unit 240, and the setting information input processing unit 250. The main storage device 201 may store a program for realizing a functional unit (not shown). The main storage device 201 includes a setting information storage unit 260 and a flow information storage unit 270.

  The setting information storage unit 260 stores setting information used by the proxy communication function unit 230. The setting information is written by the setting information input processing unit 250. Details of the setting information will be described with reference to FIG.

  The flow information storage unit 270 stores flow information, which is communication flow management information. The flow information includes information indicating a communication state for each communication flow, and is written by the proxy communication function unit 230 and the setting information input processing unit 250. Details of the flow information will be described with reference to FIG.

  The communication processing unit 210 is a third party application that communicates with the network 101 via the NIF 203 in cooperation with the communication function unit 240. Note that the communication processing unit 210 may perform arbitrary processing on the received packet data as necessary.

  The communication processing unit 210 calls the communication function unit 240 to receive the packet data received by the computer 100. At this time, the hook processing unit 220 replaces the call with a call to the proxy communication function unit 230. In this case, the communication processing unit 210 acquires packet data from the proxy communication function unit 230 via the hook processing unit 220. In addition, the communication processing unit 210 calls the communication function unit 240 to transmit packet data from the computer 100. At this time, the hook processing unit 220 replaces the call with a call to the proxy communication function unit 230. In this case, the communication processing unit 210 outputs packet data to the proxy communication function unit 230 via the hook processing unit 220.

  The communication function unit 240 is a communication function provided by an OS (Operating System). The communication function unit 240 manages the NIF 203 and provides an application programming interface (API) for performing communication with an application. Details of the operation will be described later.

  The hook processing unit 220 replaces the API processing provided by the communication function unit 240 with the processing of the proxy communication function unit 230 when the communication processing unit 210 is activated. Accordingly, the hook processing unit 220 can cause the proxy communication function unit 230 to interrupt the processing between the communication processing unit 210 and the communication function unit 240. The replacement of the process is effective until the communication processing unit 210 stops. By including the hook processing unit 220, the computer 100 does not need to buffer packet data transmitted and received by the communication processing unit 210 in order to perform the bandwidth control processing. Therefore, it is possible to realize a dynamic change of communication control with reduced resource consumption without modifying the communication processing unit 210 that is a third party application.

  The communication processing unit 210 and the proxy communication function unit 230 behave so as to directly input / output packet data via the hook processing unit 220. That is, packet data input / output between the communication processing unit 210 and the hook processing unit 220 and packet data input / output between the hook processing unit 220 and the proxy communication function unit 230 are This is synonymous with packet data input / output with the communication function unit 230.

  For example, in the case of a LINUX (registered trademark) OS, when the communication processing unit 210 is activated, the hook processing unit 220 and the proxy communication function unit 230 implemented as a shared library are specified in the environment variable LD_PRELOAD. The hook processing unit 220 defines a function for calling the API of the proxy communication function unit 230 having the same name as the function name existing in the communication function unit 240, so that the communication processing unit 210 calls the API of the communication function unit 240. The proxy communication function unit 230 is replaced with a call. As a result, the calling of the communication function unit 240 for receiving packet data and the calling of the communication function unit 240 for transmitting packet data are changed to calling of the proxy communication function unit 230.

  The proxy communication function unit 230 performs communication control on the packet data using the setting information read from the setting information storage unit 260 and the flow information read from the flow information storage unit 270, and links the NIF 203 in cooperation with the communication function unit 240. Communicate with the network 101 via The proxy communication function unit 230 generates and updates flow information in the process of performing communication control. Details of the operation will be described later.

  The setting information input processing unit 250 receives the input of setting information from the administrator of the communication processing unit 210, deletes the flow information stored in the flow information storage unit 270, and the process of writing the setting information in the setting information storage unit 260 Execute the process. The administrator of the communication processing unit 210 inputs various values using a CUI (Character User Interface) and a GUI (Graphical User Interface). The administrator of the communication processing unit 210 inputs a value using an input device when the computer 100 has an input device, and inputs a value from the outside via a network when the computer 100 does not have an input device. input.

  Here, details of each functional unit will be described.

  The proxy communication function unit 230 includes a transmission control algorithm selection unit 231, a flow information processing unit 232, and a unique TCP transmission control unit 233.

  The communication function unit 240 includes a receiving unit 241, a transmitting unit 242, a loss-based TCP transmission control unit 243, and a delay-based TCP transmission control unit 244.

  The receiving unit 241 acquires received packet data from the NIF 203. As a result, the computer 100 can receive packet data from the network 101. The receiving unit 241 transfers the received packet data to the flow information processing unit 232.

  The transmission unit 242 acquires transmission packet data from any of the unique TCP transmission control unit 233, the loss-based TCP transmission control unit 243, and the delay-based TCP transmission control unit 244. The transmission unit 242 transfers the transmission packet data to the NIF 203. As a result, the computer 100 can transmit packet data to the network 101.

  The unique TCP transmission control unit 233 performs TCP transmission control based on the algorithm described in Patent Document 1, and transfers the transmission packet data received from the transmission control algorithm selection unit 231 to the transmission unit 242. The TCP transmission control is an efficient transmission control method when the RTT (Round Trip Time) and the packet discard rate are large.

  The loss-based TCP transmission control unit 243 performs TCP transmission control based on an algorithm known as TCP Reno, and transfers the transmission packet data received from the transmission control algorithm selection unit 231 to the transmission unit 242. A TCP transmission control process is performed based on the packet discard. TCP Reno is a TCP transmission control method used as a standard.

  The delay-based TCP transmission control unit 244 performs TCP transmission control based on an algorithm known as TCP Vegas, and transfers transmission packet data received from the transmission control algorithm selection unit 231 to the transmission unit 242. In TCP Vegas, TCP transmission control is performed based on RTT so that packet discard does not occur. This is an efficient transmission control method when the delay-based TCP transmission control units 244 perform transmission / reception of packet data in a closed network.

  The transmission control algorithm selection unit 231 selects efficient TCP transmission control using the setting information read from the setting information storage unit 260 and the flow information read from the flow information storage unit 270. The transmission control algorithm selection unit 234 transfers the packet data received from the hook processing unit 220 to the selected function unit that performs transmission control. In other words, the transmission control algorithm selection unit 231 transfers the transmission packet data received from the hook processing unit 220 to any one of the unique TCP transmission control unit 233, the loss-based TCP transmission control unit 243, and the delay-based TCP transmission control unit 244. In addition, the transmission control algorithm selection unit 231 generates and updates flow information in the process. Details of the processing will be described with reference to FIG.

  The computer 100 may use an algorithm other than the TCP transmission control performed by the unique TCP transmission control unit 233, the loss-based TCP transmission control unit 243, and the delay-based TCP transmission control unit 244. Each TCP transmission control unit may be included in either the proxy communication function unit 230 or the communication function unit 240. The number of TCP transmission control units is not limited to the number shown in FIG. 3 and is arbitrary.

  The flow information processing unit 232 generates and updates the flow information using the header information of the received packet data received from the receiving unit 241 and writes the flow information in the flow information storage unit 270. In addition, the flow information processing unit 232 transfers the received packet data to the hook processing unit 220. Details of the processing will be described with reference to FIG.

  The communication processing unit 210, the hook processing unit 220, the proxy communication function unit 230, the communication function unit 240, the setting information input processing unit 250, the setting information storage unit 260, and the flow information storage unit 270 are realized as software. However, part or all of these functions may be realized using hardware such as the arithmetic device 200 and the NIF 203.

  FIG. 4 is a diagram illustrating an example of a format of TCP packet data transmitted and received by the computer 100 according to the first embodiment.

  The packet data includes a MAC header 310, an IP header 320, a TCP header 330, a TCP option header 340, and a TCP payload 350.

  The MAC header 310 includes a DMAC 311, an SMAC 312, a TPID 313, a TCI 314, and a Type 315.

  The DMAC 311 represents a destination MAC address. SMAC 312 represents a source MAC address. The TPID 313 represents a tagged frame and a tag type. The TCI 314 represents tag information. Type 315 represents a MAC frame type.

  The TCI 314 further includes a PCP 316, a CFI 317, and a VID 318. PCP 316 represents priority. CFI 317 indicates whether the MAC address is in a regular format. The VID 318 represents the VLAN ID. Note that the TPID 313 and the TCI 314 do not exist in a network that does not use a VLAN. In this case, the computer 100 performs processing assuming that the VID 318 is “0”.

  The IP header 320 includes an IP length 321, a protocol 322, a SIP 323, and a DIP 324.

  IP length 321 represents a packet length excluding the MAC header 310. The protocol 322 represents a protocol number. SIP 323 represents a source IP address. DIP 324 represents a destination IP address.

  The TCP header is src. port 331, dst. port 332, SEQ 333, ACK 334, flag 335, tcp hlen 336, and win_size 337.

  src. The port 331 represents a transmission source port number. dst. The port 332 represents a destination port number. SEQ333 represents a transmission sequence number. ACK 334 represents a reception sequence number. A flag 335 represents a TCP flag number. tcp hlen 336 represents the header length of TCP. win_size 337 represents the advertisement window size notified to the opposing device.

  The TCP option header 340 includes zero or a plurality of options. For example, options such as an option kind 341, an option length 342, and option information 343 are included. An option kind 341 represents an option type. The option length 342 represents an option length. The option information 343 represents information corresponding to the type of option.

  For example, the MSS (Maximum Segment Size) option is used to notify the opposite device of the MSS size that can be received by the own device when TCP communication is started. A SACK (Selective Acknowledgment) option is used to notify the opposite device that the device is compatible with the SACK option when starting TCP communication. The SACK option is further used to notify the opposite device of the location of data that could be partially received when packet data discarding was detected during communication. The time stamp option is used to notify the opposite device of the reception time of its own device during communication. The window scale option is used to increase the maximum value of the advertisement window size that can be notified to the opposite device by notifying the opposite device of the number of bits for shifting the value notified by win_size 337. As described above, the TCP option is used to transmit a function and information that can be supported by the own apparatus to the opposite apparatus at the start of communication and during communication.

  FIG. 5 is a diagram illustrating an example of a data structure of setting information stored in the setting information storage unit 260 according to the first embodiment.

  The setting information includes network_location 401, rtt_coe 402, loss_coe 403, and threshold 404.

  The network_location 401 represents network configuration information where the own device is located. For example, it represents information such as the Internet, a closed network in which loss-based TCP transmission control is performed, and a closed network in which delay-based TCP transmission control is performed.

  The rtt_coe 402 is an arbitrary numerical value representing the weight of the RTT used when the transmission control algorithm selection unit 231 selects transmission control.

  The loss_coe 403 is an arbitrary numerical value representing the weight of the packet discard rate used when the transmission control algorithm selection unit 231 selects transmission control.

  The threshold 404 is an arbitrary numerical value representing a threshold used when the transmission control algorithm selection unit 231 selects transmission control.

  FIG. 6 is a diagram illustrating an example of a data structure of flow information stored in the flow information storage unit 270 according to the first embodiment.

  The flow information storage unit 270 stores the flow information 500 for each communication flow. The flow information 500 includes flow management information 510 and flow communication state information 520.

  The flow management information 510 is identification information for uniquely identifying a communication flow, and includes src_ip 511, dest_ip 512, src_port 513, dest_port 514, and vlan 515.

  src_ip 511 represents the IP address of the own device. dest_ip 512 represents the IP address of the opposite device. src_port 513 represents the TCP port number of the own apparatus. dest_port 514 represents the TCP port number of the opposite device. vlan 515 represents the VLAN ID.

  The flow communication state information 520 is information indicating the state of the communication flow, and includes rtt 521, loss 522, seq 523, ack_bytes 524, and tx_bytes 525.

  rtt521 represents the RTT. Loss 522 represents a packet discard rate. seq 523 represents a responded sequence number. ack_bytes 524 represents the number of bytes that have been answered. tx_bytes 525 represents the number of transmitted bytes.

  FIG. 7 is a flowchart illustrating an example of processing executed by the flow information processing unit 232 according to the first embodiment.

  The flow information processing unit 232 starts processing upon reception of received packet data from the receiving unit 241 (step S100).

  After receiving the received packet data (step S101), the flow information processing unit 232 copies the header information of the received packet data to the main storage device 201 to acquire the flow information 500 (step S102). Thereafter, the flow information processing unit 232 transfers the received packet data to the hook processing unit 220 (step S103).

  Next, the flow information processing unit 232 determines whether or not the flow information 500 of the communication flow to which the received packet data belongs is stored in the flow information storage unit 270 (step S104). Specifically, the following processing is executed.

  In the flow information processing unit 232, src_ip 511 matches DIP 324, dest_ip 512 matches SIP 323, and src_port 513 matches dst. match port 332 and dest_port 514 is src. It is determined whether or not there is flow information 500 that matches port 331 and vlan 515 matches VID 318.

  When the flow information 500 that satisfies the above-described condition exists, the flow information processing unit 232 determines that the flow information 500 of the communication flow to which the received packet data belongs is stored in the flow information storage unit 270. The above is the description of the processing in step S104.

  When it is determined in step S104 that the flow information 500 of the communication flow to which the received packet data belongs is stored in the flow information storage unit 270 (step S104: Yes), the flow information processing unit 232 displays the flow information storage unit 270. The flow information 500 retrieved from is read out (step S105). Thereafter, the flow information processing unit 232 acquires the current time and calculates the RTT (step S106). The RTT is calculated, for example, as the difference between the time information included in the time stamp option of the TCP option header 340 and the current time. Note that the RTT calculation method may be another calculation method.

  Next, the flow information processing unit 232 updates the flow information 500 (step S107).

  Specifically, the flow information processing unit 232 sets the calculated RTT to rtt 521, adds the difference between seq 523 and ACK 334 to ack_bytes 524, and sets ACK 334 to seq 523.

  Next, the flow information processing unit 232 stores the updated flow information 500 in the flow information storage unit 270 (step S108), and ends the process (step S111).

  When it is determined in step S104 that the flow information 500 of the communication flow to which the received packet data belongs is not stored in the flow information storage unit 270 (step S104: No), the flow information processing unit 232 newly sets the flow information 500. (Step S109), and a value is set to the newly generated flow information 500 based on the header information (step S110).

  Specifically, the flow information processing unit 232 sets the DIP 324 to src_ip 511, sets the SIP 323 to dest_ip 512, and sets the dst. port 332 is set to src_port 513, and src. Port 331 is set to dest_port 514, VID 318 is set to vlan 515, and ACK 334 is set to seq 523. The flow information processing unit 232 sets “0” in each of the rtt 521, the loss 522, the ack_bytes 524, and the tx_bytes 525.

  Next, the flow information processing unit 232 stores the generated flow information 500 in the flow information storage unit 270 (step S108), and ends the process (step S111).

  FIG. 8 is a flowchart illustrating processing executed by the transmission control algorithm selection unit 231 according to the first embodiment.

  The transmission control algorithm selection unit 231 starts processing upon reception of transmission packet data from the hook processing unit 220 (step S200).

  After receiving the transmission packet data (step S201), the transmission control algorithm selection unit 231 reads the setting information from the setting information storage unit 260 (step S202).

  Next, the transmission control algorithm selection unit 231 determines whether the network_location 401 of the read setting information is a closed network in which delay-based TCP transmission control is performed (step S203).

  When it is determined in step S203 that the network_location 401 is a closed network in which delay-based TCP transmission control is performed (step S203: Yes), the transmission control algorithm selection unit 231 transmits transmission packet data to the delay-based TCP transmission control unit. The process is transferred to 244 (step S204), and the process ends (step S215).

  When it is determined in step S203 that the network_location 401 is not a closed network in which delay-based TCP transmission control is performed (step S203: No), the transmission control algorithm selection unit 231 determines the flow information of the communication flow to which the transmission packet data belongs. It is determined whether 500 is stored in the flow information storage unit 270 (step S205). Specifically, the following processing is executed.

  The transmission control algorithm selection unit 231 determines that src_ip 511 matches SIP 323, dest_ip 512 matches DIP 324, and src_port 513 matches src. port 331, and dest_port 514 is dst. It is determined whether or not there is flow information 500 that matches port 332 and vlan 515 matches VID 318.

  When the flow information 500 that satisfies the above-described condition exists, the transmission control algorithm selection unit 231 determines that the flow information 500 of the communication flow to which the transmission packet data belongs is stored in the flow information storage unit 270. The above is the description of the process in step S205.

  When it is determined in step S205 that the flow information 500 of the communication flow to which the transmission packet data belongs is not stored in the flow information storage unit 270 (step S205: No), the transmission control algorithm selection unit 231 stores the flow information 500. A new value is generated (step S206), and a value is set in the newly generated flow information 500 based on the header information (step S207).

  Specifically, the transmission control algorithm selection unit 231 sets SIP 323 to src_ip 511, sets DIP 324 to dest_ip 512, and sets src. port 331 is set to src_port 513, and dst. Port 332 is set to dest_port 514, VID 318 is set to vlan 515, and SEQ 333 is set to seq 523. The transmission control algorithm selection unit 231 sets a value obtained by subtracting the sum of the IP header length (20 bytes) and the tcp hell 336 from the IP length 321 in the tx_bytes 525. Also, the transmission control algorithm selection unit 231 sets “0” to each of the rtt 521, the loss 522, the ack_bytes 524, and the tx_bytes 525.

  Next, the transmission control algorithm selection unit 231 transfers the transmission packet data to the loss-based TCP transmission control unit 243 (step S208).

  Next, the transmission control algorithm selection unit 231 stores the generated flow information 500 in the flow information storage unit 270 (step S209), and ends the process (step S215).

  When it is determined in step S205 that the flow information 500 of the communication flow to which the transmission packet data belongs is stored in the flow information storage unit 270 (step S205: Yes), the transmission control algorithm selection unit 231 displays the flow information storage unit. The flow information 500 retrieved from 270 is read (step S210). Next, the transmission control algorithm selection unit 231 calculates a packet discard rate (step S211). For example, the packet discard rate is calculated by dividing the difference between tx_bytes 525 and ack_bytes 524 by tx_bytes 525. Other calculation methods may be used as the packet discard rate calculation method.

  Next, the transmission control algorithm selection unit 231 updates the flow information 500 (step S212).

  Specifically, the transmission control algorithm selection unit 231 sets the calculated packet discard rate to loss 522, and adds a value obtained by subtracting the sum of the IP header length (20 bytes) and tcp length 336 from IP length 321 to tx_bytes 525. Then, SEQ 333 is set to seq 523.

  Next, the transmission control algorithm selection unit 231 determines whether or not Expression (1) is satisfied (step S213).

  In step S213, when it is determined that the expression (1) is satisfied (step S213: Yes), the transmission control algorithm selection unit 231 transfers the transmission packet data to the unique TCP transmission control unit 233 (step S214).

  Next, the transmission control algorithm selection unit 231 stores the updated flow information 500 in the flow information storage unit 270 (step S209), and ends the process (step S215).

  In step S213, when it is determined that Expression (1) is not satisfied (step S213: No), the transmission control algorithm selection unit 231 transfers the transmission packet data to the loss-based TCP transmission control unit 243 (step S208).

  Next, the transmission control algorithm selection unit 231 stores the updated flow information 500 in the flow information storage unit 270 (step S209), and ends the process (step S215).

  According to the first embodiment, the hook processing unit 220 causes the proxy communication function unit 230 to interrupt the processing between the communication processing unit 210 and the communication function unit 240, thereby buffering the packet data without buffering the packet data. Can be applied. Thus, dynamic communication control change with reduced resource consumption can be realized. In the first embodiment, since it is not necessary to change the communication processing unit 210, it is possible to reduce the development cost and the burden on the administrator of the communication processing unit 210.

  The second embodiment shows a system that adds communication data processing such as encryption to UDP (User Datagram Protocol) communication while suppressing resource consumption. Although UDP communication will be described as an example, since information unique to UDP communication is not used, a similar system can be realized by TCP communication, SCTP (Stream Control Transmission Protocol) communication, and the like.

  Hereinafter, the second embodiment will be described focusing on differences from the first embodiment. In addition, the same code | symbol is attached | subjected about the structure same as Example 1, and the same process, and description is abbreviate | omitted.

  Since the configuration of the network system (FIG. 1) and the hardware configuration of the computer 100 (FIG. 2) are the same as those in the first embodiment, description thereof is omitted. Since the software configuration of the computer 100 is different from that of the first embodiment, it will be described later.

  FIG. 9 is a diagram illustrating an example of a format of UDP packet data transmitted and received by the computer 100 according to the second embodiment.

  The UDP packet data includes a MAC header 310, an IP header 320, a UDP header 360, and a UDP payload 370.

  Since the MAC header 310 and the IP header 320 are the same as the headers included in the TCP packet data of the first embodiment, description thereof is omitted.

  The UDP header 360 is src. port 361, dst. port 362, and UDP length 363.

  src. The port 361 represents a transmission source port number. dst. The port 362 represents a destination port number. UDP length 363 represents the data length of the combined UDP header 360 and UDP payload 370.

  The UDP payload 370 includes a packet_type 371 and an available_func 372.

  The packet_type 371 represents a packet type. The available_func 372 indicates the type of data processing that can be used. The packet_type 371 and the available_func 372 are used by the proxy communication function unit 230 of the second embodiment. Note that the packet_type 371 and the available_func 372 may not exist.

  In the second embodiment, “0” representing control information packet data is set in the packet_type 371 and “110” is set in the available_func 372 in binary, as one of the control information packet data described later. In this example, the first bit from the available_func 372 is the differential transfer function, the second bit is the data compression function, the third bit is the encryption function, “1” is available, and “0” is unavailable. . When available_func 372 is “110”, it means that the available data processing is a data compression function and an encryption function.

  When the packet data is data compressed packet data, “2” representing the data compressed packet data is set in the packet_type 371. The packet data does not have an available_func 372, and compressed data is set in a portion other than the packet_type 371.

  FIG. 10 is a block diagram illustrating details of the software configuration of the computer 100 according to the second embodiment.

  The main storage device 201 of the computer 100 includes programs for realizing the communication processing unit 210, the hook processing unit 220, the proxy communication function unit 230, the communication function unit 240, and the setting information input processing unit 250. The main storage device 201 of the computer 100 includes a setting information storage unit 260 and a flow information storage unit 270.

  In the second embodiment, the computers 100 notify each other of control information by transmitting and receiving control information packet data including control information indicating the types of data processing that can be used by the own device and the opposite device.

  The proxy communication function unit 230 includes a transmission control algorithm selection unit 234, a flow information processing unit 235, a differential transfer processing unit 236, and a data compression processing unit 237. The communication function unit 240 includes a reception unit 245, a transmission unit 246, and an encryption processing unit 247.

  Since the communication processing unit 210, the hook processing unit 220, the setting information input processing unit 250, the setting information storage unit 260, and the flow information storage unit 270 are the same as those in the first embodiment, description thereof is omitted.

  The information stored in the setting information storage unit 260 and the flow information storage unit 270 is different from that in the first embodiment. Information stored in the setting information storage unit 260 and the flow information storage unit 270 will be described with reference to FIGS.

  The receiving unit 245 acquires received packet data from the NIF 203. As a result, the computer 100 can receive packet data from the network 101. The receiving unit 245 transfers the received packet data to the encryption processing unit 247.

  The transmission unit 246 acquires transmission packet data from any one of the transmission control algorithm selection unit 234, the differential transfer processing unit 236, the data compression processing unit 237, and the encryption processing unit 247. The transmission unit 246 transfers transmission packet data to the NIF 203. As a result, the computer 100 can transmit packet data to the network 101.

  The differential transfer processing unit 236 performs differential encoding on the transmission packet data received from the transmission control algorithm selection unit 234, and transfers the encoded transmission packet data to the transmission unit 246. In the differential encoding process, the differential transfer processing unit 236 performs differential encoding on the UDP payload 370 based on the algorithm described in IETF RFC3284, and adds the packet_type 371 data in which information indicating the differential transfer packet data is set. .

  The data compression processing unit 237 compresses the transmission packet data received from the transmission control algorithm selection unit 234 and transfers the compressed transmission packet data to the transmission unit 246. In the data compression processing, the data compression processing unit 237 compresses the UDP payload 370 based on the algorithm described in IETF RFC1951, and adds the packet_type 371 data in which information indicating the data compression packet data is set.

  The flow information processing unit 235 performs differential decryption processing of differential transfer packet data, decompression processing of data compressed packet data, and flow information to the flow information storage unit 270 according to the contents of the received packet data received from the encryption processing unit 247. 700 writing processing or the like is executed. The flow information processing unit 235 transfers the received packet data to the hook processing unit 220.

  When the received packet data is control information packet data, the flow information processing unit 235 sets the control information included in the received packet data in the flow information 700, thereby specifying the type of data processing that can be used by the opposite apparatus as flow information. The point of storing in the storage unit 270 is different from the first embodiment. Details of the processing will be described with reference to FIG.

  The encryption processing unit 247 executes encryption and decryption processing described in IETF RFC4301. The encryption processing unit 247 encrypts the transmission packet data received from the transmission control algorithm selection unit 234 and transfers it to the transmission unit 246. When the received packet data received from the receiving unit 245 is encrypted packet data, the encryption processing unit 247 decrypts the encrypted packet data, and then transfers the decrypted received packet data to the flow information processing unit 235. . If the received packet data received from the receiving unit 245 is not encrypted packet data, the encryption processing unit 247 transfers the received packet data to the flow information processing unit 235 without changing the received packet data.

  By determining whether the protocol 322 of the received packet data is “50” indicating ESP (Encapsulating Security Payload) or “51” indicating AH (Authentication Header), the received packet data is encrypted packet data. It can be determined whether or not there is.

  The transmission control algorithm selection unit 234 uses the setting information read from the setting information storage unit 260 and the flow information 700 read from the flow information storage unit 270 to select a data processing process, and performs a difference transfer processing unit 236 and a data compression process. The transmission packet data received from the hook processing unit 220 is transferred to any of the unit 237, the encryption processing unit 247, or the transmission unit 246. The transmission control algorithm selection unit 234 generates and updates the flow information 700 in the course of processing, and writes the flow information 700 in the flow information storage unit 270. The transmission control algorithm selection unit 234 generates control information packet data including control information, and forwards it to the transmission unit 246 to notify the opposite device of the type of data processing that can be used by the own device. And different. Details of the processing will be described with reference to FIG.

  Note that data processing other than the data processing performed by the differential transfer processing unit 236, the data compression processing unit 237, and the encryption processing unit 247 may be used. Also, the transmission control algorithm selection unit 234 may apply two or more data processing processes to one packet data. Each data processing unit may be included in either the proxy communication function unit 230 or the communication function unit 240. The number of data processing units is not limited to the number shown in FIG.

  FIG. 11 is a diagram illustrating an example of a data structure of setting information stored in the setting information storage unit 260 according to the second embodiment.

  The setting information includes own device setting information 600 and a plurality of counter device setting information 610.

  The own device setting information 600 represents the type of data processing that can be used by the own device, and includes enable_delta_encoding 601, enable_compression 602, and enable_crypto 603.

  enable_delta_encoding 601 indicates whether or not the own apparatus can use the differential transfer function. enable_compression 602 indicates whether or not the device itself can use the data compression function. enable_cryptto 603 indicates whether or not the own apparatus can use the encryption function.

  In the second embodiment, each of enable_delta_encoding 601, enable_compression 602, and enable_cryptto 603 is set to either “1” indicating that it can be used or “0” indicating that it cannot be used.

  The opposing device setting information 610 includes ip_address 611, prefix_length 612, port 613, vlan 614, use_delta_encoding 615, use_compression 616, and use_crypto 617.

  The four pieces of information of ip_address 611, prefix_length 612, port 613, and vlan 614 represent network information of the opposite device to which the communication flow belongs.

  For example, when the network is “192.168.255.0/24”, the port number is “69”, and the VLAN ID is “100”, the ip_address 611 has “192.168.255.0”, and the prefix_length 612 has “ 24, port 613 is set to “69”, and vlan 614 is set to “100”. To represent all networks, all ports, and no VLAN, set ip_address 611 to “0.0.0.0”, prefix_length 612 to “0”, port 613 to “any”, and vlan 614 to “0”. Is done.

  use_delta_encoding 615 indicates whether or not to use the differential transfer function for the opposite device. Use_compression 616 represents whether to use the data compression function for the opposite device. Use_cryptto 617 indicates whether or not to use the encryption function for the opposite device.

  In the second embodiment, in use_delta_encoding 615, use_compression 616, and use_cryptto 617, either “1” indicating use or “0” indicating not use is set.

  FIG. 12 is a diagram illustrating an example of a data structure of flow information stored in the flow information storage unit 270 according to the second embodiment.

  The flow information storage unit 270 stores flow information 700 for each communication flow. The flow information 700 includes flow management information 710 and flow communication state information 720.

  The flow management information 710 is identification information for uniquely identifying a communication flow, and includes src_ip 711, dest_ip 712, src_port 713, dest_port 714, and vlan 715.

  src_ip 711, dest_ip 712, and vlan 715 are the same as src_ip 511, dest_ip 512, and vlan 515. src_port 713 represents the UDP port number of the local apparatus. dest_port 714 represents the UDP port number of the opposite apparatus.

  The flow communication state information 720 is information indicating the state of the communication flow, and includes ready_sent 721, available_delta_encoding 722, available_compression 723, available_crypto 724, and data_cache 725.

  “already_sent” 721 indicates whether or not the control information packet data has been transmitted in the communication flow. The available_delta_encoding 722 indicates whether or not the differential transfer function can be used. The available_compression 723 indicates whether or not the data compression function can be used. The available_crypto 724 indicates whether or not the encryption function can be used. data_cache 725 represents a data cache of a communication flow used in the differential transfer function.

  In the second embodiment, either “1” indicating that the control information packet data has been transmitted or “0” indicating that the control information packet data has not been transmitted is set in ready_sent 721. Each of available_delta_encoding 722, available_compression 723, and available_cryptto 724 is set to either “1” indicating availability or “0” indicating unusable. Further, when data_cache 725 is “0”, it indicates that the data cache is empty.

  13A and 13B are flowcharts for explaining processing executed by the flow information processing unit 235 according to the second embodiment.

  The flow information processing unit 235 starts processing upon reception of the received packet data from the encryption processing unit 247 (step S300). After receiving the received packet data (step S301), the flow information processing unit 235 refers to the packet_type 371 of the received packet data and identifies the packet type (step S302).

  If it is determined in step S302 that the packet type is differential transfer packet data (step S302: differential transfer packet), the flow information processing unit 235 transmits the flow information of the communication flow to which the received packet data belongs from the flow information storage unit 270. 700 is read (step S303).

  Specifically, the flow information processing unit 235 determines that src_ip 711 matches DIP 324, dest_ip 712 matches SIP 323, and src_port 713 matches dst. match port 332 and dest_port 714 is src. The flow information 700 that matches the port 331 and the vlan 715 matches the VID 318 is read.

  Next, the flow information processing unit 235 performs differential decoding processing on the UDP payload 370 of the received packet data using the data_cache 725 of the read flow information 700 (step S304). Further, the flow information processing unit 235 updates the flow information 700 by adding the decrypted received packet data to the data_cache 725 (step S305).

  Next, the flow information processing unit 235 stores the updated flow information 700 in the flow information storage unit 270 (step S306), and then transfers the received packet data to the hook processing unit 220 (step S307). The process ends (step S315).

  When it is determined in step S302 that the packet type is data compressed packet data (step S302: data compressed packet), the flow information processing unit 235 decompresses the UDP payload 370 of the received packet data to decompress the data before compression. Is restored (step S308).

  Next, the flow information processing unit 235 transfers the received packet data to the hook processing unit 220 (step S307) and ends the processing (step S315).

  When it is determined in step S302 that the packet type is control information packet data (step S302: control information packet), the flow information processing unit 235 determines that the flow information 700 of the communication flow to which the received packet data belongs is a flow information storage unit. It is determined whether it is stored in 270 (step S309). Specifically, the following processing is executed.

  In the flow information processing unit 235, src_ip 711 matches DIP 324, dest_ip 712 matches SIP 323, and src_port 713 matches dst. match port 332 and dest_port 714 is src. It is determined whether or not there is flow information 700 that matches port 331 and vlan 715 matches VID 318.

  When the flow information 700 that satisfies the above-described condition exists, the flow information processing unit 235 determines that the flow information 700 of the communication flow to which the received packet data belongs is stored in the flow information storage unit 270. The above is the description of the process in step S309.

  If it is determined in step S309 that the flow information 700 of the communication flow to which the received packet data belongs is not stored in the flow information storage unit 270 (step S309: No), the flow information processing unit 235 updates the flow information 700. (Step S310), and a value is set in the flow information 700 newly generated based on the header information (step S311).

  Specifically, the flow information processing unit 235 sets the DIP 324 to src_ip 711, sets the SIP 323 to dest_ip 712, and sets the dst. port 332 is set to src_port 713, and src. Port 331 is set to dest_port 714 and VID 318 is set to vlan 715.

  Next, the flow information processing unit 235 sets control information in the generated flow information 700 (step S313).

  Specifically, the flow information processing unit 235 sets the first bit from the lower order of the available_func 372 to the available_delta_encoding 722, sets the second bit to the available_compression 723, and sets the third bit to the available_crypto 724. The first bit from the available_func 372 means the differential transfer function, the second bit means the data compression function, and the third bit means the encryption function.

  Next, the flow information processing unit 235 stores the generated flow information 700 in the flow information storage unit 270 (step S314), and ends the process (step S315).

  When it is determined in step S309 that the flow information 700 of the communication flow to which the received packet data belongs is stored in the flow information storage unit 270 (step S309: Yes), the flow information processing unit 235 displays the flow information storage unit 270. The flow information 700 retrieved from is read out (step S312). Thereafter, the flow information processing unit 235 sets control information in the read flow information 700 (step S313).

  Next, the flow information processing unit 235 stores the updated flow information 700 in the flow information storage unit 270 (step S314), and ends the process (step S315).

  When it is determined in step S302 that the packet type does not correspond to any of the differential transfer packet data, the data compression packet data, and the control information packet data (step S302: other packet), the flow information processing unit 235 The data is transferred without change to the hook processing unit 220 (step S307), and the process is terminated (step S315).

  14A, 14B, and 14C are flowcharts illustrating processing executed by the transmission control algorithm selection unit 234 according to the second embodiment.

  The transmission control algorithm selection unit 234 starts processing upon reception of transmission packet data from the hook processing unit 220 (step S400).

  After receiving the transmission packet data (step S401), the transmission control algorithm selection unit 234 reads the setting information from the setting information storage unit 260 (step S402).

  Next, the transmission control algorithm selection unit 234 determines whether or not the flow information 700 of the communication flow to which the transmission packet data belongs is stored in the flow information storage unit 270 (step S403). Specifically, the following processing is executed.

  The transmission control algorithm selection unit 234 determines that src_ip 711 matches SIP 323, dest_ip 712 matches DIP 324, and src_port 713 matches src. port 331, and dest_port 714 is dst. It is determined whether or not there is flow information 700 that matches port 332 and vlan 715 matches VID 318.

  When the flow information 700 that satisfies the above-described condition exists, the transmission control algorithm selection unit 234 determines that the flow information 700 of the communication flow to which the transmission packet data belongs is stored in the flow information storage unit 270. The above is the description of the process in step S403.

  If it is determined in step S403 that the flow information 700 of the communication flow to which the transmission packet data belongs is not stored in the flow information storage unit 270 (step S403: No), the transmission control algorithm selection unit 234 stores the flow information 700. A new value is generated (step S404), and a value is set in the newly generated flow information 700 based on the header information (step S405).

  Specifically, the transmission control algorithm selection unit 234 sets SIP 323 to src_ip 711, sets DIP 324 to dest_ip 712, and sets src. port 331 is set to src_port 713, and dst. port 332 is set to dest_port 714 and VID 318 is set to vlan 715. Also, “0” is set to each of available_delta_encoding 722, available_compression 723, available_crypto 724, and data_cache 725.

  Next, the transmission control algorithm selection unit 234 sets information indicating that control information packet data has been transmitted to the generated flow information 700 (step S406). Specifically, in step S406, the transmission control algorithm selection unit 234 sets “already_sent” 721 of the generated flow information 700 to “1”. Thereafter, the transmission control algorithm selection unit 234 stores the generated flow information 700 in the flow information storage unit 270 (step S407).

  Next, the transmission control algorithm selection unit 234 generates control information packet data (step S408).

  Specifically, the transmission control algorithm selection unit 234 sets “0” representing control information packet data in the packet_type 371, sets enable_delta_encoding 601 in the first bit from the lower bit of the available_func 372, and sets enable_compression 602 in the second bit. By setting enable_crypt 603 to the third bit, control information packet data is generated.

  Next, the transmission control algorithm selection unit 234 transfers the transmission packet data and the generated control information packet data to the transmission unit 246 (step S409), and ends the process (step S421).

  If it is determined in step S403 that the flow information 700 of the communication flow to which the transmission packet data belongs is stored in the flow information storage unit 270 (step S403: Yes), the transmission control algorithm selection unit 234 displays the flow information storage unit. The flow information 700 retrieved from 270 is read (step S410).

  Next, the transmission control algorithm selection unit 234 determines whether or not the control information packet data has been transmitted in the communication flow to which the transmission packet data belongs (step S411).

  Specifically, the transmission control algorithm selection unit 234 determines whether the ready_sent 721 of the read flow information 700 is “1”. When the ready_sent 721 is “1”, the transmission control algorithm selection unit 234 determines that the control information packet data has been transmitted.

  If it is determined in step S411 that the control information packet data has not been transmitted in the communication flow to which the transmission packet data belongs (step S411: No), the transmission control algorithm selection unit 234 sets the ready_sent 721 of the read flow information 700 to “ By setting “1”, the flow information 700 is updated (step S406).

  Next, the transmission control algorithm selection unit 234 stores the updated flow information 700 in the flow information storage unit 270 (step S407).

  Next, the transmission control algorithm selection unit 234 generates control information packet data (step S408).

  Next, the transmission control algorithm selection unit 234 transfers the transmission packet data and the generated control information packet data to the transmission unit 246 (step S409), and ends the process (step S421).

  If it is determined in step S411 that the control information packet data has been transmitted in the communication flow to which the transmission packet data belongs (step S411: Yes), the transmission control algorithm selection unit 234 determines each of the flow information 700 and the setting information. It is determined whether or not differential transfer is enabled for (step S412). That is, it is determined whether or not the own device and the opposite device can use the differential transfer function. Specifically, the following processing is executed.

  In the transmission control algorithm selection unit 234, the available_delta_encoding 722 of the read flow information 700 is “1”, and the value represented by the prefix_length 612 from the upper bits of the setting information matches between the DIP 324 and the ip_address 611, and dst. When port 332 matches port 613 and VID 318 matches vlan 614, use_delta_encoding 615 of opposite device setting information 610 is “1”, and it is determined that differential transfer is enabled for each of flow information 700 and setting information .

  However, when there is no opposing device setting information 610 that satisfies the above-described conditions, use_delta_encoding 615 is treated as “0”. The above is the description of the process in step S412.

  In step S412, when it is determined that differential transfer is enabled for each of the flow information 700 and the setting information (step S412: Yes), the transmission control algorithm selection unit 234 transmits the transmission packet data and the read flow information 700. The data_cache 725 is transferred to the difference transfer processing unit 236 (step S413).

  Next, the transmission control algorithm selection unit 234 updates the flow information 700 by adding the UDP payload 370 of the transmission packet data to the data_cache 725 (step S414).

  Next, the transmission control algorithm selection unit 234 stores the updated flow information 700 in the flow information storage unit 270 (step S415), and ends the process (step S421).

  If it is determined in step S412, that either the flow information 700 or the setting information does not enable differential transfer (step S412: No), the transmission control algorithm selection unit 234 determines each of the flow information 700 and the setting information. It is determined whether or not data compression is enabled for (step S416). That is, it is determined whether or not the own device and the opposite device can use the data compression function. Specifically, the following processing is executed.

  In the transmission control algorithm selection unit 234, the available_compression 723 of the read flow information 700 is “1”, and the value represented by the prefix_length 612 from the upper bits of the setting information matches between the DIP 324 and the ip_address 611, and dst. When port 332 matches port 613 and VID 318 matches vlan 614, use_compression 616 of opposite device setting information 610 is “1”, and it is determined that data compression is enabled for each of flow information 700 and setting information. .

  However, when there is no opposing device setting information 610 that satisfies the above-described condition, the use_compression 616 is treated as “0”. The above is the description of the process in step S416.

  When it is determined in step S416 that data compression is enabled for each of the flow information 700 and the setting information (step S416: Yes), the transmission control algorithm selection unit 234 converts the transmission packet data into the data compression processing unit 237. (Step S417), and the process ends (step S421).

  When it is determined in step S416 that data compression is not enabled for each of the flow information 700 and the setting information (step S416: No), the transmission control algorithm selection unit 234 determines each of the flow information 700 and the setting information. It is determined whether or not encryption is enabled (step S418). That is, it is determined whether the own device and the opposite device can use the encryption function. Specifically, the following processing is executed.

  In the transmission control algorithm selection unit 234, the available_cryptto 724 of the read flow information 700 is “1”, and the value represented by the prefix_length 612 from the upper bits of the setting information matches between the DIP 324 and the ip_address 611, and dst. When port 332 matches port 613 and VID 318 matches vlan 614 and use_cryptto 617 of opposite device setting information 610 is “1”, it is determined that encryption is enabled for each of flow information 700 and setting information. .

  However, when there is no opposing device setting information 610 that satisfies the above-described condition, use_crypto 617 is treated as “0”. The above is the description of the process in step S418.

  When it is determined in step S418 that encryption is enabled for each of the flow information 700 and the setting information (step S418: Yes), the transmission control algorithm selection unit 234 converts the transmission packet data into the encryption processing unit 247. (Step S419), and the process ends (step S421).

  In step S418, when it is determined that encryption is not enabled for each of the flow information 700 and the setting information (step S418: No), the transmission control algorithm selection unit 234 transfers the transmission packet data to the transmission unit 246. (Step S420), and the process ends (Step S421).

  According to the second embodiment, the hook processing unit 220 interrupts the proxy communication function unit 230 in the processing between the communication processing unit 210 and the communication function unit 240, thereby buffering the packet data without buffering the packet data. Processing can be applied. Thus, dynamic communication control change with reduced resource consumption can be realized. In the second embodiment, since it is not necessary to change the communication processing unit 210, it is possible to reduce the development cost and the burden on the administrator of the communication processing unit 210.

  In addition, this invention is not limited to an above-described Example, Various modifications are included. Further, for example, the above-described embodiments are described in detail for easy understanding of the present invention, and are not necessarily limited to those provided with all the described configurations. Further, a part of the configuration of each embodiment can be added to, deleted from, or replaced with another configuration.

  Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. The present invention can also be realized by software program codes that implement the functions of the embodiments. In this case, a storage medium in which the program code is recorded is provided to the computer, and a processor included in the computer reads the program code stored in the storage medium. In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiments, and the program code itself and the storage medium storing it constitute the present invention. As a storage medium for supplying such a program code, for example, a flexible disk, a CD-ROM, a DVD-ROM, a hard disk, an SSD (Solid State Drive), an optical disk, a magneto-optical disk, a CD-R, a magnetic tape, A non-volatile memory card, ROM, or the like is used.

  The program code for realizing the functions described in the present embodiment can be implemented by a wide range of programs or script languages such as assembler, C / C ++, perl, Shell, PHP, Java (registered trademark).

  Furthermore, by distributing the program code of the software that implements the functions of the embodiments via a network, the program code is stored in a storage means such as a hard disk or memory of a computer or a storage medium such as a CD-RW or CD-R. A processor included in the computer may read and execute the program code stored in the storage unit or the storage medium.

  In the above-described embodiments, the control lines and information lines indicate what is considered necessary for the explanation, and not all control lines and information lines on the product are necessarily shown. All the components may be connected to each other.

100 Computer 101 Network 102 Relay Device 200 Arithmetic Device 201 Main Storage Device 202 Secondary Storage Device 203 NIF
204 System Bus 210 Communication Processing Unit 220 Hook Processing Unit 230 Proxy Communication Function Unit 231 Transmission Control Algorithm Selection Unit 232 Flow Information Processing Unit 233 Unique TCP Transmission Control Unit 234 Transmission Control Algorithm Selection Unit 235 Flow Information Processing Unit 236 Difference Transfer Processing Unit 237 Data compression processing unit 240 Communication function unit 241, 245 Reception unit 242, 246 Transmission unit 243 Loss-based TCP transmission control unit 244 Delay-based TCP transmission control unit 247 Encryption processing unit 250 Setting information input processing unit 260 Setting information storage unit 270 Flow information Storage unit 500, 700 Flow information 510, 710 Flow management information 520, 720 Flow communication state information 600 Self-device setting information 610 Counter-device setting information

Claims (12)

A communication device for transmitting and receiving data,
An arithmetic device, a storage device connected to the arithmetic device, and a network interface connected to the arithmetic device,
A communication function unit for transmitting and receiving data via the network interface;
Processing the data acquired from the communication function unit, and outputting the processed data;
A proxy communication function unit for performing arbitrary communication control on the data;
A hook processing unit that changes a call of the communication function unit from the communication processing unit to a call of the proxy communication function unit. The communication device according to claim 1,
Each of the communication processing unit and the proxy communication function unit includes at least one communication control unit that performs arbitrary communication control on transmission data,
The proxy communication function unit includes an algorithm selection unit that selects at least one communication control to be applied to the transmission data. The communication device according to claim 2,
The communication processing unit includes a first communication control unit that performs first communication control on the transmission data,
The proxy communication function unit includes a second communication control unit that performs second communication control on the data,
The hook processing unit changes a call of the communication function unit for the communication processing unit to transmit the transmission data to a call of the proxy communication function unit, and transfers the transmission data to the proxy communication function unit And
The algorithm selection unit includes:
When receiving the transmission data from the hook processing unit, select either the first communication control unit or the second communication control unit,
A communication apparatus that outputs the transmission data to a selected communication control unit. The communication device according to claim 3,
The proxy communication function unit
Including a flow information processing unit for managing flow information for managing a communication flow;
Managing setting information used when selecting a communication control unit to be applied to the transmission data;
The hook processing unit
Change the call of the communication function unit for the communication processing unit to receive received data to call the proxy communication function unit,
The proxy communication function unit
Call the communication function unit, obtain the received data from the communication function unit,
By analyzing the received data, generating the flow information, or updating the flow information,
The algorithm selection unit selects a communication control unit to be applied to the transmission data based on the flow information and the setting information. A communication control method for a communication device for transmitting and receiving data,
An arithmetic device, a storage device connected to the arithmetic device, and a network interface connected to the arithmetic device,
A communication function unit for transmitting and receiving data via the network interface;
Processing the data acquired from the communication function unit, and outputting the processed data;
A proxy communication function unit for performing arbitrary communication control on the data;
A hook processing unit,
The communication control method includes:
A first step in which the communication function unit receives received data via the network interface;
A second step in which the hook processing unit changes a call of the communication function unit for the communication processing unit to receive the received data to a call of the proxy communication function unit;
When the proxy communication function unit receives a call from the communication processing unit for receiving the received data, a third step of calling the communication function unit and acquiring the received data;
A fourth step in which the proxy communication function unit outputs the received data to the communication processing unit;
The hook processing unit changes a call of the communication function unit for the communication processing unit to transmit transmission data to a call of the proxy communication function unit, and transfers the transmission data to the proxy communication function unit. And the steps
A sixth step of selecting communication control to be applied to the transmission data when the proxy communication function unit receives the transmission data;
A communication control method comprising: a seventh step in which the communication function unit transmits the transmission data subjected to the selected communication control via the network interface. The communication control method according to claim 5,
Each of the communication processing unit and the proxy communication function unit includes at least one communication control unit that performs arbitrary communication control on the transmission data,
The sixth step includes a step in which the proxy communication function unit selects at least one communication control unit from among a plurality of communication control units. The communication control method according to claim 6, comprising:
The communication processing unit includes a first communication control unit that performs first communication control on the transmission data,
The proxy communication function unit includes a second communication control unit that performs second communication control on the data,
The sixth step includes
When the proxy communication function unit receives the transmission data from the hook processing unit, selecting either the first communication control unit or the second communication control unit;
The proxy communication function unit includes a step of outputting the transmission data to a selected communication control unit. The communication control method according to claim 7,
The proxy communication function unit
Including a flow information processing unit for managing flow information for managing a communication flow;
Managing setting information used when selecting a communication control unit to be applied to the transmission data;
The third step includes a step in which the proxy communication function unit generates the flow information or updates the flow information by analyzing the received data,
The communication control method according to claim 6, wherein the sixth step includes a step in which the proxy communication function unit selects a communication control unit to be applied to the transmission data based on the flow information and the setting information. A network system comprising a plurality of communication devices for transmitting and receiving data,
Each of the plurality of communication devices is
An arithmetic device, a storage device connected to the arithmetic device, and a network interface connected to the arithmetic device,
A communication function unit for transmitting and receiving data via the network interface;
Processing the data acquired from the communication function unit, and outputting the processed data;
A proxy communication function unit for performing arbitrary communication control on the data;
And a hook processing unit that changes a call of the communication function unit from the communication processing unit to a call of the proxy communication function unit. The network system according to claim 9, wherein
Each of the communication processing unit and the proxy communication function unit includes at least one communication control unit that performs arbitrary communication control on transmission data,
The network system according to claim 1, wherein the proxy communication function unit includes an algorithm selection unit that selects at least one communication control to be applied to the transmission data. The network system according to claim 10, wherein
The communication processing unit includes a first communication control unit that performs first communication control on the transmission data,
The proxy communication function unit includes a second communication control unit that performs second communication control on the data,
The hook processing unit changes a call of the communication function unit for the communication processing unit to transmit the transmission data to a call of the proxy communication function unit, and transfers the transmission data to the proxy communication function unit And
The algorithm selection unit includes:
When receiving the transmission data from the hook processing unit, select either the first communication control unit or the second communication control unit,
A network system, wherein the transmission data is output to a selected communication control unit. The network system according to claim 11, wherein
The proxy communication function unit
Including a flow information processing unit for managing flow information for managing a communication flow;
Managing setting information used when selecting a communication control unit to be applied to the transmission data;
The hook processing unit
Change the call of the communication function unit for the communication processing unit to receive received data to call the proxy communication function unit,
The proxy communication function unit
Call the communication function unit, obtain the received data from the communication function unit,
By analyzing the received data, generating the flow information, or updating the flow information,
The network selection system, wherein the algorithm selection unit selects a communication control unit to be applied to the transmission data based on the flow information and the setting information.

Images