Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DPDK-based HTTP bypass blocking method

A technology of data packets and rules, applied in the field of communication networks, can solve problems such as failure, long DPI time-consuming, high failure rate, etc., and achieve the effects of rapid identification, improved processing performance, and quick response

Active Publication Date: 2018-10-02
广东唯一网络科技有限公司
View PDF7 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the prior art, bypass hardware is also used for blocking. By identifying the first request packet of the three-way handshake of the mirrored data TCP, when the blocking rule is hit, a forged Reset packet is sent to the server and the client. The link is disconnected. At present, the bypass hardware is used for deployment. The bypass hardware device needs to perform DPI (deep packet inspection) on the mirrored data packets, extract the quintuple requested by the data packets, and pass the extracted destination IP To forge the Reset packet, but it takes too long to use DPI in this way. When the forged Reset packet is returned to the server and the client, the client has already received the response from the server and established a connection, resulting in a high failure rate of blocking , especially the existing DPI technology package processing performance is limited, when faced with the large flow of data processing in the IDC computer room, it is easy to cause failure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DPDK-based HTTP bypass blocking method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be further described below in conjunction with the accompanying drawings.

[0026] refer to figure 1 , the HTTP bypass blocking method based on DPDK, also includes the following steps:

[0027] S1: Deploy the DPDK system operating environment on the switch, including building a networking network for network communication; performing mirror configuration for capturing network data packets and performing monitoring and analysis; performing network port enabling configuration; installing the DPDK compilation module, It is used to compile the DPDK operating environment; install the driver loading module to load the DPDK driver; allocate huge page memory to realize the huge page memory configuration; through the above configuration, realize system initialization, DPDK system initialization, memory initialization and each module initialization.

[0028] S2: Establish a filtering rule library, create an http filtering library on the switch, enter f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a DPDK-based HTTP bypass blocking method. The method comprises following steps of S1: deploying DPDK system operation environment on a switch; S2: establishing a filtering rule library; S3: configuring a blocking opening in the switch; S4: calling an api port of the DPDK system and reading a data report of an internet accesses and S5: intercepting fields from the data report acquired in the S4, according to the intercepted fields, calculating Hash values, according to Hash value indexes, searching a filtering rule library, carrying out field value comparison, if the fields values are the same, sending blocking report through the blocking port, if the fields values are different, abandoning the data report and continuously reading the next data repot. According to the invention, a problem that the consumed time is too long by use of the DPI pack processing technology in the prior art can be solved; the blocking report is replied before the service end gives responses; and the blocking success rate reaches 99.99%.

Description

technical field [0001] The invention relates to the technical field of communication networks, in particular to a DPDK-based HTTP bypass blocking method. Background technique [0002] Most of the existing hardware is deployed in series. On the main link of the network, by directly auditing the passing traffic, analyzing the DNS of the request or matching the ACL policy, and discarding the hit request packet directly, so as to block effect. In the prior art, bypass hardware is also used for blocking. By identifying the first request packet of the three-way handshake of the mirrored data TCP, when the blocking rule is hit, a forged Reset packet is sent to the server and the client. The link is disconnected. At present, the bypass hardware is used for deployment. The bypass hardware device needs to perform DPI (deep packet inspection) on the mirrored data packets, extract the quintuple requested by the data packets, and pass the extracted destination IP To forge the Reset pac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L12/26
CPCH04L43/028H04L67/02
Inventor 王宇杰蔡晔华王强严克剑
Owner 广东唯一网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com