CN106656815A - Virtual network message processing method and device - Google Patents
Virtual network message processing method and device Download PDFInfo
- Publication number
- CN106656815A CN106656815A CN201510725192.7A CN201510725192A CN106656815A CN 106656815 A CN106656815 A CN 106656815A CN 201510725192 A CN201510725192 A CN 201510725192A CN 106656815 A CN106656815 A CN 106656815A
- Authority
- CN
- China
- Prior art keywords
- virtual network
- network message
- fast path
- message
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract 3
- 238000012545 processing Methods 0.000 claims abstract description 29
- 238000000034 method Methods 0.000 claims description 144
- 239000011800 void material Substances 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 11
- 238000000605 extraction Methods 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 69
- 230000002123 temporal effect Effects 0.000 description 15
- 238000012986 modification Methods 0.000 description 10
- 230000004048 modification Effects 0.000 description 10
- 238000012795 verification Methods 0.000 description 10
- 238000007689 inspection Methods 0.000 description 8
- 238000003860 storage Methods 0.000 description 8
- 239000000284 extract Substances 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000012360 testing method Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 239000000203 mixture Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000009418 renovation Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
- H04L45/7453—Address table lookup; Address filtering using hashing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An aim of the application is to provide a virtual network message processing method and device. Compared with technologies of the prior art, the virtual network message processing method and device are advantageous in that a virtual network message to be processed is obtained, corresponding tuple information is extracted from the virtual network message, and whether an object fast path corresponding to the virtual network message exists is detected according to the tuple information; if yes, the virtual network message is directly subjected to network function processing operation, the virtual network message is sent after being subjected to the network function processing operation, and rapid forwarding of data messages in a virtual network can be realized.
Description
Technical field
The application is related to computer realm, more particularly to a kind of skill for processing virtual network message
Art.
Background technology
In virtual network, in order to solve the privacy concern of safety problem and user, it is right to be typically necessary
The data message of virtual network transmission carries out security control, such as carry out fire wall control to virtual network
System, attack inspection etc., but with the scale of virtual network it is increasing, the side of these security controls
Formula becomes increasingly complex, and not only increases the time delay of forwarded, also greatly reduces forwarded
Performance.Therefore, how on the basis of safety forwarding is ensured, realize that the quick of virtual network message turns
Send out, become the problem that we compel highly necessary to solve.
In prior art, in order to realize the fast-forwarding of virtual network message, mainly employ connection with
Track and status monitoring scheme, this scheme needs the connection status by streams of trace data, general
Real link information can be traced in physical network, but in virtual network, for example, is being adopted
In the virtual network of tunneling technique, it is impossible to trace into real link information, and cause the existing side such as this
Case is infeasible.
The content of the invention
The purpose of the application is to provide a kind of method and apparatus for processing virtual network message, to solve
The problem that data message cannot be forwarded safely and fast in virtual network.
According to the one side of the application, there is provided a kind of method for processing virtual network message, its
In, the method includes:
Obtain pending virtual network message;
Corresponding tuple information is extracted from the virtual network message;
Target through street according to corresponding to the tuple information detects whether to there is the virtual network message
Footpath;
If there is the target fast path, network function process is directly carried out to the virtual network message,
The virtual network message after concurrent warp let-off network function process.
According to the another aspect of the application, a kind of equipment for processing virtual network message is additionally provided,
Wherein, the equipment includes:
Receive message device, for obtaining pending virtual network message;
Tuple information extraction element, for extracting corresponding tuple information from the virtual network message;
Target fast path detection means, it is described virtual for detecting whether to exist according to the tuple information
Target fast path corresponding to network message;
Message processing and dispensing device, if for there is the target fast path, to the virtual network
Message directly carries out network function process, the virtual network message after concurrent warp let-off network function process.
Compared with prior art, the application passes through to obtain pending virtual network message, and from the void
Intend extracting corresponding tuple information in network message, then detect whether there is institute according to the tuple information
The target fast path corresponding to virtual network message is stated, if there is the target fast path, to described
Virtual network message directly carries out network function process, described virtual after concurrent warp let-off network function process
Network message, realizes the fast-forwarding of the data message in virtual network.
And, in the presence of the application can also realize working as the target fast path not, to the virtual net
Network message performs corresponding checking treatment at a slow speed, and when the virtual network message is by the school at a slow speed
When testing process, the new fast path used for subsequent packet process is generated based on the tuple information, and
Network function process, the void after concurrent warp let-off network function process are carried out to the virtual network message
Intend network message, wherein at a slow speed checking treatment includes various safety checks and matched routings etc., realize
The safety forwarding of data message in virtual network.
Additionally, the application can with according to the tuple information inquire about in corresponding fast path set with
The target fast path for having corresponding to the virtual network message is detected whether, and according to the through street
Fast path set described in the usage record information updating of each fast path in the set of footpath, in this way,
The fast-forwarding of multiple data flows can be realized, and, when data flow long-time is passed through without flow,
Corresponding fast path can be reclaimed, memory space can be saved.
Description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, this
Bright other features, objects and advantages will become more apparent upon:
Fig. 1 illustrates the system topological figure of the application;
Fig. 2 illustrates a kind of method stream for processing virtual network message according to the application one side
Cheng Tu;
Fig. 3 is illustrated according to a kind of for processing virtual network message of one preferred embodiment of the application
Method flow diagram;
Fig. 4 illustrates the method flow diagram according to another preferred embodiment of the application;
Fig. 5 illustrates a kind of equipment for processing virtual network message according to the application other side
Schematic diagram;
Fig. 6 is illustrated according to a kind of for processing virtual network message of one preferred embodiment of the application
Equipment schematic diagram.
Same or analogous reference represents same or analogous part in accompanying drawing.
Specific embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
In one typical configuration of the application, terminal, the equipment of service network and trusted party include
One or more processors (CPU), input/output interface, network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory
And/or the form, such as read-only storage (ROM) or flash memory (flash such as Nonvolatile memory (RAM)
RAM).Internal memory is the example of computer-readable medium.
Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can be with
Information Store is realized by any method or technique.Information can be computer-readable instruction, data knot
Structure, the module of program or other data.The example of the storage medium of computer includes, but are not limited to phase
Become internal memory (PRAM), static RAM (SRAM), dynamic random access memory
(DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electrically erasable
Except programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc
Read-only storage (CD-ROM), digital versatile disc (DVD) or other optical storages, magnetic holder
Formula tape, magnetic disk storage or other magnetic storage apparatus or any other non-transmission medium, can use
In the information that storage can be accessed by a computing device.Define according to herein, computer-readable medium
Do not include non-temporary computer readable media (transitory media), such as the data-signal of modulation and
Carrier wave.
Further to illustrate the effect of technological means that the application taken and acquirement, with reference to attached
Figure and preferred embodiment, the technical scheme to the application, carry out clear and complete description.
Fig. 1 illustrates the system topological figure of the application, for the virtual network message for flowing into virtual machine,
Obtained by equipment when host network interface card, selected to enter according to the relevant information of the virtual machine message
Corresponding inspection at a slow speed is processed or corresponding target fast path, then to through examining at a slow speed accordingly
Testing the virtual network message of process or corresponding target fast path carries out network function process, finally
The virtual network message is transmitted to into virtual machine network interface card.For the virtual network report for flowing out virtual machine
Text, is obtained Jing after the forwarding of virtual machine network interface card by equipment, is selected according to the relevant information of the virtual machine message
Select into corresponding inspection at a slow speed and process or corresponding target fast path, then to through corresponding
At a slow speed inspection is processed or the virtual network message of corresponding target fast path is carried out at network function
Reason, is finally transmitted to host network interface card by the virtual network message.Wherein, virtual network, be
Virtual one throws the net network on physical network, for forwarding the flow between virtual machine;Virtual machine, refers to
Can the software of the computer of operation program as real machine realize, can in computer platform and
A kind of environment is created between terminal use, and terminal use is then the environment created based on this software
To operate software.The application concrete implementation mode is described in following part, specifically refers to following
Description.
Fig. 2 illustrates a kind of side for processing virtual network message of one side according to the application
Method, wherein, the method includes:
S1 obtains pending virtual network message;
S2 extracts corresponding tuple information from the virtual network message;
Targets of the S3 according to corresponding to the tuple information detects whether to there is the virtual network message is quick
Path;
If S4 has the target fast path, the virtual network message is directly carried out at network function
Reason, the virtual network message after concurrent warp let-off network function process.
In this embodiment, in step S1, equipment 1 obtains pending virtual network message;
Wherein, virtual network message includes flowing into the network message of the network message of virtual machine and outflow virtual machine,
It will be understood to those skilled in the art that the virtual network message is transmitted in certain data flow, when
When needing to the virtual network Message processing, the virtual network message network message is obtained with temporary transient
It is prevented to continue to transmit.Specifically, the implementation for obtaining the virtual network message can adopt hook
Function (hook) realizing, wherein, Hook Function be one process or filter event call back function,
It can catch the event that current process or other processes occur.For example, as pending network message Jing
It is out-of-date, call Hook Function to obtain the pending network message so that subsequent packet process is used.
Continue in this embodiment, in step S2, equipment 1 is carried from the virtual network message
Take corresponding tuple information;Wherein, for the virtual network using tunnel protocol, the tuple information bag
Include tunnel ID (identification data, recognize data), direction, source IP (Internet Protocol,
Internet protocol), source port, purpose IP, destination interface and protocol type etc., for being provided without tunnel
The virtual network of agreement, the tuple information includes direction, source IP, source port, purpose IP, destination
The information such as mouth and protocol type, for detecting whether there is the virtual network message institute in the tuple information
Corresponding target fast path.It will be understood by those skilled in the art that the composition of network message includes message
Head and message content, contain source IP, source port, purpose IP, destination interface and protocol class in heading
The information such as type, therefore tuple information can be extracted by heading.Specifically, for adopting tunnel protocol
Virtual network, peel tunnel head off first, then obtain network message message header as tuple believe
Breath;For the virtual network for being provided without tunnel protocol, the message header conduct of direct access network message
Tuple information.
Continue in this embodiment, in step S3, equipment 1 is according to tuple information detection
The no target fast path existed corresponding to the virtual network message;Wherein, the target fast path
It is the path for enabling the virtual network message fast-forwarding, the target fast path is according to described
The corresponding tuple information of virtual network message is set up, and according to different tuple informations different mesh can be set up
Mark fast path, so can detect whether there is corresponding target fast path according to tuple information.Tool
Body ground, detects whether there is the mode of the target fast path corresponding to the virtual network message, can lead to
Cross whether the tuple information matches to judge with target fast path information, when the tuple information
During with target fast path information matches, there is corresponding target fast path, when the tuple information with
When target fast path information is mismatched, there is no corresponding target fast path.
Continue in this embodiment, in step S4, if there is the target fast path, equipment
1 pair of virtual network message directly carries out network function process, after concurrent warp let-off network function is processed
The virtual network message.Wherein, the network function process is the chained list set of a network function,
Can independently be extended according to real needs, it may include Qos (quality of service, service quality) is limited
Speed, statistics numeration and message modification etc..Specifically, it is directly right when there is the target fast path
Virtual network message carries out Qos speed limits, statistics numeration and message modification etc. and processes, and sends the process
Virtual network message afterwards.
Preferably, wherein, step S2 includes:
S21 (not shown) decapsulates the virtual net when the virtual network message is based on tunnel protocol
Corresponding tuple information is extracted in network message, and the virtual network message from after decapsulation.
It will be appreciated by those skilled in the art that when the virtual network message is based on tunnel protocol, according to
Tunnel protocol can be packaged to the virtual network message in the form of tunnel head, so, for employing
The virtual network message of tunnel protocol will extract corresponding tuple information, it is necessary to could extract after first unsealing.
Specifically, when the virtual network message is based on tunnel protocol, tunnel head is first peeled off, then from peeling off
Corresponding tuple information is extracted in the virtual network message of tunnel head.
Preferably, wherein, step S4 includes:
If the S41 (not shown) target fast path is not present, it is right that the virtual network message is performed
The checking treatment at a slow speed answered;
S42 (not shown) passes through the checking treatment at a slow speed when the virtual network message, based on the unit
Group information generates the new fast path used for subsequent packet process, and the virtual network message is entered
The process of row network function, the virtual network message after concurrent warp let-off network function process.
In this embodiment, in step S41, if the target fast path is not present, equipment
1 pair of virtual network message performs corresponding checking treatment at a slow speed;Wherein, the checking treatment at a slow speed
Including IP-Mac verifications (internet protocol-media access control, IP address and Mac addresses
Verification), ACL (access control list, accesses control list) verification, attack inspection and route look into
Look for, the checking treatment at a slow speed mainly realizes the safety monitoring to the virtual network message and route
Match somebody with somebody.Specifically, if the target fast path is not present, the virtual network message is performed corresponding
IP-Mac verifications, ACL verifications, attack inspection and route querying etc. are processed.
Continue in this embodiment, in step S42, when the virtual network message is by described
Checking treatment at a slow speed, equipment 1 based on the tuple information generate for subsequent packet process use it is new fast
Fast path, and network function process is carried out to the virtual network message, concurrent warp let-off network function is processed
The virtual network message afterwards.Specifically, when virtual network message is possible to not by the school at a slow speed
Process is tested, at this moment can directly by the virtual network packet loss, when the virtual network message passes through
During the checking treatment at a slow speed, corresponding cryptographic Hash is determined according to the tuple information, and by the cryptographic Hash
Used as the attribute information of new fast path, the attribute information is with current temporal information as new through street
Footpath information, so as to generate the new fast path used for subsequent packet process, and to the virtual network
Message carries out Qos speed limits, statistics numeration and message modification etc. and processes, and then sends Jing network functions and processes
The virtual network message afterwards.
Preferably, wherein, step S1 includes:
Pending virtual network message is obtained using corresponding host network interface card;
Wherein, step S4 includes:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding virtual machine network interface card.
In step S1, equipment 1 obtains pending virtual network using corresponding host network interface card
Message;Specifically, before the virtual network message flows into virtual machine, by corresponding host network interface card
Using Hook Function the pending network message is obtained so that subsequent packet process is used.
In step S4, if there is the target fast path, the virtual network report of equipment 1 pair
Text directly carries out network function process, and the virtual network message Jing after network function process is sent
To corresponding virtual machine network interface card.Specifically, if there is the target fast path, to the virtual network
Message directly carry out Qos speed limits, statistics numeration and message modification etc. process, and by process after the void
Intend network message to send to corresponding virtual machine network interface card.
Preferably, wherein, step S1 includes:
Pending virtual network message is obtained using corresponding virtual machine network interface card;
Wherein, step S4 includes:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding host network interface card.
In step S1, equipment 1 obtains pending virtual network using corresponding virtual machine network interface card
Message;Specifically, when the virtual network message flows out virtual machine, by corresponding virtual machine network interface card
Using Hook Function the pending network message is obtained so that subsequent packet process is used.
In step S4, if there is the target fast path, the virtual network report of equipment 1 pair
Text directly carries out network function process, and the virtual network message Jing after network function process is sent
To corresponding host network interface card.Specifically, if there is the target fast path, to the virtual network
Message directly carry out Qos speed limits, statistics numeration and message modification etc. process, and by process after the void
Intend network message to send to corresponding host network interface card.
In a preferred embodiment (with reference to Fig. 2), wherein, step S3 includes:
S31 (not shown) is inquired about according to the tuple information in corresponding fast path set is to detect
The no target fast path existed corresponding to the virtual network message.
Wherein, fast path set is made up of multiple target fast paths, the plurality of target through street
Footpath is set up according to different tuple informations.Specifically, equipment 1 can be by relatively more described tuple letter
Whether the information in breath fast path set corresponding with the virtual machine matches to detect whether that presence is described
Target fast path corresponding to virtual network message, when in the corresponding fast path set of the virtual machine
During the information that presence is matched with the tuple information, the target corresponding to the virtual network message is there is
Fast path, matches when not existing in the corresponding fast path set of the virtual machine with the tuple information
Information when, then just there is no the target fast path corresponding to the virtual network message.
Preferably, join shown in Fig. 3, the method also includes:
S5 through streets according to the usage record information updating of each fast path in the fast path set
Gather in footpath.
In this embodiment, wherein, the usage record information of each fast path includes each fast path
Attribute information and temporal information etc..Specifically, when the virtual network message for passing through contains new tuple letter
During breath, equipment 1 can set up new fast path according to the new tuple information, that is, increase new through street
Attribute information, the temporal information in footpath etc., so as to update the fast path set;When the virtual net for passing through
When network does not contain new tuple information, found according to the tuple information of the virtual network message corresponding quick
Path, and the temporal information of the fast path is updated, so as to update the fast path set.In addition,
Can be so that according to the usage record information of each fast path in the fast path set, deletion long-time be not
There is the corresponding fast path that virtual network message is passed through, to save space.
It is highly preferred that the method also includes:
If S6 has the target fast path, the corresponding usage record letter of the target fast path is updated
Breath usage record information.
In this embodiment, wherein the corresponding usage record information of target fast path includes target through street
The attribute information and temporal information in footpath etc., if there is the target fast path, expression has existed described
The corresponding attribute information of target fast path, temporal information etc., i.e., had before comprising identical tuple letter
The data message of breath is passed through, as long as so by the corresponding usage record information of the target fast path
Time information renovation is current time.Specifically, if there is the target fast path, by institute
The temporal information stated in target fast path usage record information is covered as current time information, used as described
The corresponding new usage record information of target fast path.
Preferably, wherein, step S3 includes:
S32 (not shown) determines the corresponding cryptographic Hash of the tuple information;
S33 (not shown) is inquired about to detect whether according to the cryptographic Hash in corresponding fast path set
There is the target fast path corresponding to the virtual network message.
In this embodiment, in step S32, equipment 1 determines the corresponding Kazakhstan of the tuple information
Uncommon value;It will be understood to those skilled in the art that the content that tuple information is included is relatively more, so can
Represented so that tuple information is mapped as into corresponding cryptographic Hash, so detecting whether there is the virtual net
During target fast path corresponding to network message, directly detected with cryptographic Hash.Specifically, can be with
Tuple information is mapped as by hash algorithm for the less binary value of unique regular length, i.e. cryptographic Hash.
Continue in this embodiment, in step S33, equipment 1 is according to the cryptographic Hash in correspondence
Fast path set in inquire about quick to detect whether to exist target corresponding to the virtual network message
Path.Wherein, the corresponding fast path set of the virtual machine is set up as attribute information using cryptographic Hash
, i.e., the different cryptographic Hash of different fast path correspondences, it is possible to by detecting the virtual machine pair
Detect whether to there is the virtual network report with the presence or absence of corresponding cryptographic Hash in the fast path set answered
Target fast path corresponding to text.Specifically, the corresponding cryptographic Hash of tuple information has been obtained, as long as
With the presence or absence of the cryptographic Hash of matching relatively in fast path set, when presence in fast path set
During the cryptographic Hash matched somebody with somebody, the target fast path corresponding to the virtual network message is there is;Work as through street
When there is no the cryptographic Hash of matching in the set of footpath, then just do not exist corresponding to the virtual network message
Target fast path.
Fig. 4 illustrates the method flow diagram according to another preferred embodiment of the application, as illustrated, right
Information extraction unit is forwarded in the virtual network message for flowing into virtual machine through host network interface card extract tuple
Information, and detect whether there is target fast path in fast path set by tuple information, if
There is the target fast path then directly to the virtual network message carries out network function process, while
Update quick set of paths;Then the virtual network message is entered if there is no the target fast path
Capable checking treatment at a slow speed, if the virtual network message is directly abandoned described by checking treatment at a slow speed
Message, if the message sets up new target fast path, so as to update by checking treatment at a slow speed
Fast path set, then carries out network function process to the virtual network message, and is sent to virtual
Machine network interface card.
Carry for the virtual network message for flowing out virtual machine is forwarded to information extraction unit through virtual machine network interface card
Tuple information is taken, and detects whether there is target fast path in fast path set by tuple information,
Then directly network function process is carried out to the virtual network message if there is the target fast path,
Update quick set of paths simultaneously;If there is no the target fast path then to the virtual network report
Text carries out checking treatment at a slow speed, if the virtual network message is directly abandoned not by checking treatment at a slow speed
The message, if the message sets up new target fast path by checking treatment at a slow speed, so as to
Quick set of paths is updated, then network function process is carried out to the virtual network message, and be sent to
Host network interface card.
In addition, arrange fast path information time-out administrative unit can to fast path set timing scan,
And delete long-time without the fast path that respective virtual network message is passed through, so as to save memory space,
Improve efficiency.
Compared with prior art, the application passes through to obtain pending virtual network message, and from the void
Intend extracting corresponding tuple information in network message, then detect whether there is institute according to the tuple information
The target fast path corresponding to virtual network message is stated, if there is the target fast path, to described
Virtual network message directly carries out network function process, described virtual after concurrent warp let-off network function process
Network message, realizes the fast-forwarding of the data message in virtual network.
And, in the presence of the application can also realize working as the target fast path not, to the virtual net
Network message performs corresponding checking treatment at a slow speed, and when the virtual network message is by the school at a slow speed
When testing process, the new fast path used for subsequent packet process is generated based on the tuple information, and
Network function process, the void after concurrent warp let-off network function process are carried out to the virtual network message
Intend network message, wherein at a slow speed checking treatment includes various safety checks and matched routings etc., realize
The safety forwarding of data message in virtual network.
Additionally, the application can with according to the tuple information inquire about in corresponding fast path set with
The target fast path for having corresponding to the virtual network message is detected whether, and according to the through street
Fast path set described in the usage record information updating of each fast path in the set of footpath, in this way,
The fast-forwarding of multiple data flows can be realized, and, when data flow long-time is passed through without flow,
Corresponding fast path can be reclaimed, memory space can be saved.
Fig. 5 illustrates the one kind provided according to further aspect of the application to be used to process virtual network report
The equipment 1 of text, wherein, the equipment includes:
Receive message device, obtains pending virtual network message;
Tuple information extraction element, from the virtual network message corresponding tuple information is extracted;
Target fast path detection means, detects whether there is the virtual network according to the tuple information
Target fast path corresponding to message;
Message processing and dispensing device, if there is the target fast path, to the virtual network message
Directly carry out network function process, the virtual network message after concurrent warp let-off network function process.
In this embodiment, Receive message device obtains pending virtual network message;Wherein, virtually
Network message includes flowing into the network message of the network message of virtual machine and outflow virtual machine, the skill of this area
Art personnel are appreciated that the virtual network message is transmitted in certain data flow, when needs are to described
During virtual network Message processing, the virtual network message network message is obtained temporarily to prevent it from continuing
Transmission.Specifically, the implementation for obtaining the virtual network message can adopt Hook Function (hook)
To realize, wherein, Hook Function is the call back function of a process or filter event, and it can catch works as
The event that front process or other processes occur.For example, when pending network message is passed through, hook is called
Subfunction obtains the pending network message so that subsequent packet process is used.
Continue in this embodiment, tuple information extraction element extracts correspondence from the virtual network message
Tuple information;Wherein, for the virtual network using tunnel protocol, the tuple information includes tunnel
ID (identification data recognize data), direction, source IP (Internet Protocol, internet
Agreement), source port, purpose IP, destination interface and protocol type etc., for being provided without tunnel protocol
Virtual network, the tuple information includes direction, source IP, source port, purpose IP, destination interface and association
The information such as view type, the tuple information is for detecting whether exist corresponding to the virtual network message
Target fast path.It will be understood by those skilled in the art that the composition of network message includes heading and report
Literary content, contains the letter such as source IP, source port, purpose IP, destination interface and protocol type in heading
Breath, therefore tuple information can be extracted by heading.Specifically, for using the virtual of tunnel protocol
Network, peels first tunnel head off, then obtains the message header of network message as tuple information;It is right
In the virtual network for being provided without tunnel protocol, the message header of direct access network message is believed as tuple
Breath.
Continue in this embodiment, target fast path detection means is detected whether according to the tuple information
There is the target fast path corresponding to the virtual network message;Wherein, the target fast path is
The path of the virtual network message fast-forwarding is enable, the target fast path is according to the void
Intend what the corresponding tuple information of network message was set up, different targets can be set up according to different tuple informations
Fast path, so can detect whether there is corresponding target fast path according to tuple information.Specifically
Ground, detects whether there is the mode of the target fast path corresponding to the virtual network message, can pass through
Whether the comparison tuple information matches to judge with target fast path information, when the tuple information and
During target fast path information matches, there is corresponding target fast path, when the tuple information and mesh
When mark fast path information is mismatched, there is no corresponding target fast path.
Continue in this embodiment, if there is the target fast path, Message processing and dispensing device pair
The virtual network message directly carries out network function process, described after concurrent warp let-off network function process
Virtual network message.Wherein, the network function process be a network function chained list set, can be with
Independently extended according to real needs, it may include Qos (quality of service, service quality) speed limit,
Statistics numeration and message modification etc..Specifically, when there is the target fast path, directly to virtual
Network message carries out Qos speed limits, statistics numeration and message modification etc. and processes, and sends after the process
Virtual network message.
Preferably, wherein, tuple information extraction element is used for:
When the virtual network message is based on tunnel protocol, the decapsulation virtual network message, and from
Corresponding tuple information is extracted in the virtual network message after decapsulation.
It will be appreciated by those skilled in the art that when the virtual network message is based on tunnel protocol, according to
Tunnel protocol can be packaged to the virtual network message in the form of tunnel head, so, for employing
The virtual network message of tunnel protocol will extract corresponding tuple information, it is necessary to could extract after first unsealing.
Specifically, when the virtual network message is based on tunnel protocol, tunnel head is first peeled off, then from peeling off
Corresponding tuple information is extracted in the virtual network message of tunnel head.
Preferably, wherein, Message processing and dispensing device include:
Checking treatment unit (not shown) at a slow speed, if the target fast path is not present, to the void
Intend network message and perform corresponding checking treatment at a slow speed;
New fast path signal generating unit (not shown), when the virtual network message is by the school at a slow speed
Process is tested, the new fast path used for subsequent packet process is generated based on the tuple information, and it is right
The virtual network message carries out network function process, described virtual after concurrent warp let-off network function process
Network message.
In this embodiment, if the target fast path is not present, at a slow speed checking treatment unit is to described
Virtual network message performs corresponding checking treatment at a slow speed;Wherein, the checking treatment at a slow speed includes IP-Mac
Verification (internet protocol-media access control, IP address and Mac address checks), ACL
(access control list, accesses control list) verification, attack inspection and route querying etc., it is described slow
Fast checking treatment mainly realizes the safety monitoring to the virtual network message and matched routings.Specifically,
If the target fast path is not present, IP-Mac verifications corresponding to virtual network message execution,
ACL verifications, attack inspection and route querying etc. are processed.
Continue in this embodiment, it is new fast when the virtual network message is by the checking treatment at a slow speed
Fast coordinates measurement unit generates the new through street used for subsequent packet process based on the tuple information
Footpath, and network function process is carried out to the virtual network message, after concurrent warp let-off network function is processed
The virtual network message.Specifically, when virtual network message is possible to not pass through at the verification at a slow speed
Reason, at this moment can directly by the virtual network packet loss, when the virtual network message is by described
At a slow speed during checking treatment, corresponding cryptographic Hash is determined according to the tuple information, and using the cryptographic Hash as
The attribute information of new fast path, the attribute information is believed with current temporal information as new fast path
Breath, so as to generate the new fast path used for subsequent packet process, and to the virtual network message
Carry out Qos speed limits, statistics numeration and message modification etc. to process, then send Jing after network function process
The virtual network message.
Preferably, wherein, the Receive message device is used for:
Pending virtual network message is obtained using corresponding host network interface card;
Wherein, the Message processing and dispensing device are used for:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding virtual machine network interface card.
The Receive message device obtains pending virtual network message using corresponding host network interface card;
Specifically, before the virtual network message flows into virtual machine, hook is utilized by corresponding host network interface card
Subfunction obtains the pending network message so that subsequent packet process is used.
If there is the target fast path, the Message processing and dispensing device are to the virtual network report
Text directly carries out network function process, and the virtual network message Jing after network function process is sent
To corresponding virtual machine network interface card.Specifically, if there is the target fast path, to the virtual network
Message directly carry out Qos speed limits, statistics numeration and message modification etc. process, and by process after the void
Intend network message to send to corresponding virtual machine network interface card.
Preferably, wherein, the Receive message device is used for:
Pending virtual network message is obtained using corresponding virtual machine network interface card;
Wherein, the Message processing and dispensing device are used for:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding host network interface card.
The Receive message device obtains pending virtual network message using corresponding virtual machine network interface card;
Specifically, when the virtual network message flows out virtual machine, hook is utilized by corresponding virtual machine network interface card
Subfunction obtains the pending network message so that subsequent packet process is used.
If there is the target fast path, the Message processing and dispensing device are to the virtual network report
Text directly carries out network function process, and the virtual network message Jing after network function process is sent
To corresponding host network interface card.Specifically, if there is the target fast path, to the virtual network
Message directly carry out Qos speed limits, statistics numeration and message modification etc. process, and by process after the void
Intend network message to send to corresponding host network interface card.
In a preferred embodiment (with reference to Fig. 5), wherein, the target fast path detection dress
Put for:
Inquired about to detect whether to there is the void in corresponding fast path set according to the tuple information
Intend the target fast path corresponding to network message.
Wherein, fast path set is made up of multiple target fast paths, the plurality of target through street
Footpath is set up according to different tuple informations.Specifically, target fast path detection means can pass through
Whether the information in the fast path set corresponding with the virtual machine of the comparison tuple information matches to examine
Survey with the presence or absence of the target fast path corresponding to the virtual network message, when the virtual machine it is corresponding
When there is the information matched with the tuple information in fast path set, the virtual network report is there is
Target fast path corresponding to text, when not existing and institute in the corresponding fast path set of the virtual machine
When stating the information of tuple information matching, then the target just not existed corresponding to the virtual network message is fast
Fast path.
Preferably, join shown in Fig. 6, the equipment also includes:
Fast path set updating device, remembers according to using for each fast path in the fast path set
Fast path set described in record information updating.
In this embodiment, wherein, the usage record information of each fast path includes each fast path
Attribute information and temporal information etc..Specifically, when the virtual network message for passing through contains new tuple letter
During breath, fast path set updating device can set up new fast path according to the new tuple information, i.e.,
Increase new attribute information, temporal information of fast path etc., so as to update the fast path set;
When the virtual network passed through does not contain new tuple information, according to the tuple information of the virtual network message
Find corresponding fast path, and update the temporal information of the fast path, so as to update the through street
Gather in footpath.Furthermore it is also possible to according to the usage record information of each fast path in the fast path set,
The corresponding fast path that long-time does not have virtual network message to pass through is deleted, to save space.
It is highly preferred that the equipment also includes:
Usage record information updating apparatus, if there is the target fast path, update the target quick
The corresponding usage record information usage record information in path.
In this embodiment, wherein the corresponding usage record information of target fast path includes target through street
The attribute information and temporal information in footpath etc., if there is the target fast path, expression has existed described
The corresponding attribute information of target fast path, temporal information etc., i.e., had before comprising identical tuple letter
The data message of breath is passed through, as long as so by the corresponding usage record information of the target fast path
Time information renovation is current time.Specifically, if there is the target fast path, use
Record information updating device is covered as the temporal information in the target fast path usage record information to work as
Front temporal information, as the corresponding new usage record information of the target fast path.
Preferably, wherein, the target fast path detection means includes:
Cryptographic Hash determining unit (not shown), determines the corresponding cryptographic Hash of the tuple information;
Cryptographic Hash detects target fast path unit (not shown), according to the cryptographic Hash corresponding fast
The target through street to detect whether to have corresponding to the virtual network message is inquired about in fast set of paths
Footpath.
In this embodiment, cryptographic Hash determining unit determines the corresponding cryptographic Hash of the tuple information;Ability
The technical staff in domain is appreciated that the content that tuple information is included is relatively more, it is possible to believe tuple
Breath is mapped as corresponding cryptographic Hash to represent, so to detect whether to exist the virtual network message institute right
During the target fast path answered, directly detected with cryptographic Hash.Specifically, can be calculated by Hash
Tuple information is mapped as method the less binary value of unique regular length, i.e. cryptographic Hash.
Continue in this embodiment, cryptographic Hash detects target fast path unit according to the cryptographic Hash right
Inquire about fast to detect whether to exist target corresponding to the virtual network message in the fast path set answered
Fast path.Wherein, the corresponding fast path set of the virtual machine is built as attribute information using cryptographic Hash
Vertical, i.e., the different cryptographic Hash of different fast path correspondences, it is possible to by detecting the virtual machine
Detect whether to there is the virtual network with the presence or absence of corresponding cryptographic Hash in corresponding fast path set
Target fast path corresponding to message.Specifically, the corresponding cryptographic Hash of tuple information has been obtained, only
Compare with the presence or absence of the cryptographic Hash of matching in fast path set, when presence in fast path set
During the cryptographic Hash of matching, the target fast path corresponding to the virtual network message is there is;When quick
When there is no the cryptographic Hash of matching in set of paths, then just do not exist corresponding to the virtual network message
Target fast path.
Compared with prior art, the application passes through to obtain pending virtual network message, and from the void
Intend extracting corresponding tuple information in network message, then detect whether there is institute according to the tuple information
The target fast path corresponding to virtual network message is stated, if there is the target fast path, to described
Virtual network message directly carries out network function process, described virtual after concurrent warp let-off network function process
Network message, realizes the fast-forwarding of the data message in virtual network.
And, in the presence of the application can also realize working as the target fast path not, to the virtual net
Network message performs corresponding checking treatment at a slow speed, and when the virtual network message is by the school at a slow speed
When testing process, the new fast path used for subsequent packet process is generated based on the tuple information, and
Network function process, the void after concurrent warp let-off network function process are carried out to the virtual network message
Intend network message, wherein at a slow speed checking treatment includes various safety checks and matched routings etc., realize
The safety forwarding of data message in virtual network.
Additionally, the application can with according to the tuple information inquire about in corresponding fast path set with
The target fast path for having corresponding to the virtual network message is detected whether, and according to the through street
Fast path set described in the usage record information updating of each fast path in the set of footpath, in this way,
The fast-forwarding of multiple data flows can be realized, and, when data flow long-time is passed through without flow,
Corresponding fast path can be reclaimed, memory space can be saved.
It is obvious to a person skilled in the art that the invention is not restricted to the thin of above-mentioned one exemplary embodiment
Section, and without departing from the spirit or essential characteristics of the present invention, can be with other concrete
Form realizes the present invention.Therefore, no matter from the point of view of which point, embodiment all should be regarded as exemplary
, and be nonrestrictive, the scope of the present invention is by claims rather than described above is limited
It is fixed, it is intended that all changes in the implication and scope of the equivalency of claim that will fall are included
In the present invention.Any reference in claim should not be considered as into the right involved by limiting will
Ask.Furthermore, it is to be understood that " an including " word is not excluded for other units or step, odd number is not excluded for plural number.
The multiple units stated in device claim or device can also be by a units or device by soft
Part or hardware are realizing.The first, the second grade word is used for representing title, and is not offered as any spy
Fixed order.
Claims (18)
1. a kind of method for processing virtual network message, wherein, the method includes:
Obtain pending virtual network message;
Corresponding tuple information is extracted from the virtual network message;
Target through street according to corresponding to the tuple information detects whether to there is the virtual network message
Footpath;
If there is the target fast path, network function process is directly carried out to the virtual network message,
The virtual network message after concurrent warp let-off network function process.
2. method according to claim 1, wherein, it is described to extract from the virtual network message
Corresponding tuple information includes:
When the virtual network message is based on tunnel protocol, the decapsulation virtual network message, and from
Corresponding tuple information is extracted in the virtual network message after decapsulation.
3. method according to claim 1 and 2, wherein, it is described to be detected according to the tuple information
Include with the presence or absence of the target fast path corresponding to the virtual network message:
Inquired about to detect whether to there is the void in corresponding fast path set according to the tuple information
Intend the target fast path corresponding to network message.
4. method according to claim 3, wherein, the method also includes:
The fast path according to the usage record information updating of each fast path in the fast path set
Set.
5. method according to claim 4, wherein, the method also includes:
If there is the target fast path, the corresponding usage record information of the target fast path is updated.
6. the method according to any one of claim 3 to 5, wherein, it is described according to the tuple
Infomation detection includes with the presence or absence of the target fast path corresponding to the virtual network message:
Determine the corresponding cryptographic Hash of the tuple information;
Inquire about described virtual to detect whether to exist in corresponding fast path set according to the cryptographic Hash
Target fast path corresponding to network message.
7. method according to any one of claim 1 to 6, wherein, if described have the mesh
Mark fast path, network function process, concurrent warp let-off network work(are directly carried out to the virtual network message
The virtual network message after processing also includes:
It is corresponding to virtual network message execution to verify at a slow speed if the target fast path is not present
Process;
When the virtual network message is by the checking treatment at a slow speed, based on the tuple information generate with
For the new fast path that subsequent packet process is used, and the virtual network message is carried out at network function
Reason, the virtual network message after concurrent warp let-off network function process.
8. method according to any one of claim 1 to 7, wherein, it is described to obtain pending
Virtual network message includes:
Pending virtual network message is obtained using corresponding host network interface card;
Wherein, if described have the target fast path, net is directly carried out to the virtual network message
Network function treatment, the virtual network message after concurrent warp let-off network function is processed includes:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding virtual machine network interface card.
9. method according to any one of claim 1 to 7, wherein, it is described to obtain pending
Virtual network message includes:
Pending virtual network message is obtained using corresponding virtual machine network interface card;
Wherein, if described have the target fast path, net is directly carried out to the virtual network message
Network function treatment, the virtual network message after concurrent warp let-off network function is processed includes:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding host network interface card.
10. a kind of equipment for processing virtual network message, wherein, the equipment includes:
Receive message device, for obtaining pending virtual network message;
Tuple information extraction element, for extracting corresponding tuple information from the virtual network message;
Target fast path detection means, it is described virtual for detecting whether to exist according to the tuple information
Target fast path corresponding to network message;
Message processing and dispensing device, if for there is the target fast path, to the virtual network
Message directly carries out network function process, the virtual network message after concurrent warp let-off network function process.
11. equipment according to claim 10, wherein, the tuple information extraction element is used for:
When the virtual network message is based on tunnel protocol, the decapsulation virtual network message, and from
Corresponding tuple information is extracted in the virtual network message after decapsulation.
12. equipment according to claim 10 or 11, wherein, the target fast path detection
Device is used for:
Inquired about to detect whether to there is the void in corresponding fast path set according to the tuple information
Intend the target fast path corresponding to network message.
13. equipment according to claim 12, wherein, the equipment also includes:
Fast path set updating device, for being made according to each fast path in the fast path set
The fast path set is updated with record information.
14. equipment according to claim 13, wherein, the equipment also includes:
Usage record information updating apparatus, if for there is the target fast path, updating the target
The corresponding usage record information of fast path.
15. equipment according to any one of claim 12 to 14, wherein, the target is quick
Path detection device includes:
Cryptographic Hash determining unit, for determining the corresponding cryptographic Hash of the tuple information;
Cryptographic Hash detect target fast path unit, for according to the cryptographic Hash in corresponding fast path
The target fast path to detect whether to have corresponding to the virtual network message is inquired about in set.
16. equipment according to any one of claim 10 to 15, wherein, the Message processing
And dispensing device also includes:
Checking treatment unit at a slow speed, if not existing for the target fast path, to the virtual network
Message performs corresponding checking treatment at a slow speed;
New fast path signal generating unit, for passing through the checking treatment at a slow speed when the virtual network message,
The new fast path used for subsequent packet process is generated based on the tuple information, and to described virtual
Network message carries out network function process, the virtual network message after concurrent warp let-off network function process.
17. equipment according to any one of claim 10 to 16, wherein, the Receive message
Device is used for:
Pending virtual network message is obtained using corresponding host network interface card;
Wherein, the Message processing and dispensing device are used for:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding virtual machine network interface card.
18. equipment according to any one of claim 10 to 16, wherein, the Receive message
Device is used for:
Pending virtual network message is obtained using corresponding virtual machine network interface card;
Wherein, the Message processing and dispensing device are used for:
If there is the target fast path, network function process is directly carried out to the virtual network message,
And the virtual network message Jing after network function process is sent to corresponding host network interface card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510725192.7A CN106656815A (en) | 2015-10-30 | 2015-10-30 | Virtual network message processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510725192.7A CN106656815A (en) | 2015-10-30 | 2015-10-30 | Virtual network message processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106656815A true CN106656815A (en) | 2017-05-10 |
Family
ID=58830827
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510725192.7A Pending CN106656815A (en) | 2015-10-30 | 2015-10-30 | Virtual network message processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106656815A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108199982A (en) * | 2018-01-03 | 2018-06-22 | 腾讯科技(深圳)有限公司 | Message processing method, device, storage medium and computer equipment |
| CN109729059A (en) * | 2017-10-31 | 2019-05-07 | 杭州华为数字技术有限公司 | Data processing method, device and computer |
| CN113709052A (en) * | 2020-05-21 | 2021-11-26 | 中移(苏州)软件技术有限公司 | Network message processing method and device, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115001A (en) * | 2007-08-17 | 2008-01-30 | 深圳市共进电子有限公司 | The method of dynamic binding between host and PVC of ADSL router |
| CN102571613A (en) * | 2012-03-09 | 2012-07-11 | 华为技术有限公司 | Method and network device for message forwarding |
| CN102647347A (en) * | 2012-03-30 | 2012-08-22 | 汉柏科技有限公司 | Connection-based traffic processing method and system |
| CN102821032A (en) * | 2011-06-10 | 2012-12-12 | 中兴通讯股份有限公司 | Method and three-layer device for rapidly forwarding data packet |
| CN103067281A (en) * | 2012-12-28 | 2013-04-24 | 深圳市磊科实业有限公司 | Router fast forwarding method and system implementing the same |
| CN104125128A (en) * | 2014-08-12 | 2014-10-29 | 烽火通信科技股份有限公司 | Method for supporting VLAN (virtual local area network) by aid of Linux soft bridge |
| CN104521196A (en) * | 2012-06-06 | 2015-04-15 | 瞻博网络公司 | Physical path determination for virtual network packet flows |
-
2015
- 2015-10-30 CN CN201510725192.7A patent/CN106656815A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101115001A (en) * | 2007-08-17 | 2008-01-30 | 深圳市共进电子有限公司 | The method of dynamic binding between host and PVC of ADSL router |
| CN102821032A (en) * | 2011-06-10 | 2012-12-12 | 中兴通讯股份有限公司 | Method and three-layer device for rapidly forwarding data packet |
| CN102571613A (en) * | 2012-03-09 | 2012-07-11 | 华为技术有限公司 | Method and network device for message forwarding |
| CN102647347A (en) * | 2012-03-30 | 2012-08-22 | 汉柏科技有限公司 | Connection-based traffic processing method and system |
| CN104521196A (en) * | 2012-06-06 | 2015-04-15 | 瞻博网络公司 | Physical path determination for virtual network packet flows |
| CN103067281A (en) * | 2012-12-28 | 2013-04-24 | 深圳市磊科实业有限公司 | Router fast forwarding method and system implementing the same |
| CN104125128A (en) * | 2014-08-12 | 2014-10-29 | 烽火通信科技股份有限公司 | Method for supporting VLAN (virtual local area network) by aid of Linux soft bridge |
Non-Patent Citations (1)
| Title |
|---|
| JOHN SHUM: "《计算机网络技术VPN、TCP/IP和PPX网络关键技术应用指南》", 30 November 2000, 北京希望电子出版社 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109729059A (en) * | 2017-10-31 | 2019-05-07 | 杭州华为数字技术有限公司 | Data processing method, device and computer |
| CN109729059B (en) * | 2017-10-31 | 2020-08-14 | 华为技术有限公司 | Data processing method, device and computer |
| US11509749B2 (en) | 2017-10-31 | 2022-11-22 | Huawei Technologies Co., Ltd. | Data processing method and apparatus, and computer |
| CN108199982A (en) * | 2018-01-03 | 2018-06-22 | 腾讯科技(深圳)有限公司 | Message processing method, device, storage medium and computer equipment |
| CN108199982B (en) * | 2018-01-03 | 2021-10-15 | 腾讯科技(深圳)有限公司 | Message processing method and device, storage medium and computer equipment |
| CN113709052A (en) * | 2020-05-21 | 2021-11-26 | 中移(苏州)软件技术有限公司 | Network message processing method and device, electronic equipment and storage medium |
| CN113709052B (en) * | 2020-05-21 | 2024-02-27 | 中移(苏州)软件技术有限公司 | Processing method and device of network message, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9189627B1 (en) | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection | |
| US8856928B1 (en) | Protecting electronic assets using false profiles in social networks | |
| CN112910851A (en) | Data packet marking and tracing device based on knowledge graph | |
| CN102045344B (en) | Cross-domain affiliation method and system based on path information elastic sharding | |
| WO2015051720A1 (en) | Method and device for detecting suspicious dns, and method and system for processing suspicious dns | |
| CN111200575B (en) | Machine learning-based identification method for malicious behaviors of information system | |
| CN113329007B (en) | IPv6 transmission path subsection authentication method and device | |
| CN105516204A (en) | Method for high-security network data storage | |
| CN109600362B (en) | Zombie host recognition method, device and medium based on recognition model | |
| CN116915519B (en) | Methods, devices, equipment and storage media for data flow traceability | |
| CN107004088A (en) | Determining device, determine method and determination program | |
| CN106656815A (en) | Virtual network message processing method and device | |
| CN105407096A (en) | Message data detection method based on stream management | |
| CN107454072A (en) | A kind of control methods of multichannel data content and device | |
| CN104579788B (en) | A kind of location of mistake method of distributed dynamic route network | |
| CN109962879A (en) | A security defense method and controller for distributed reflection denial of service DRDoS | |
| US11232202B2 (en) | System and method for identifying activity in a computer system | |
| CN101291327A (en) | A method and device for detecting the number of shared access hosts | |
| CN108319822A (en) | A kind of method, storage medium, electronic equipment and the system of protection web page code | |
| CN107547390B (en) | The method and device of flow table creation and inquiry | |
| CN112114248A (en) | Chip security simulation analysis method and device for preventing differential time attack | |
| CN108090364A (en) | A kind of localization method and system in data leak source | |
| CN112115657A (en) | A chip security simulation analysis method and device for preventing single-time attack | |
| Yang | Hybrid single‐packet IP traceback with low storage and high accuracy | |
| CN105183740A (en) | Apparatus And Method For Data Taint Tracking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170510 |
|
| RJ01 | Rejection of invention patent application after publication |