Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

HTTP bypass blocking method based on dpdk

A data message and rule technology, applied in the field of communication networks, can solve the problems of failure, long DPI time, and high failure rate, and achieve the effects of rapid identification, improved processing performance, and rapid response.

Active Publication Date: 2021-05-07
广东唯一网络科技有限公司
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the prior art, bypass hardware is also used for blocking. By identifying the first request packet of the three-way handshake of the mirrored data TCP, when the blocking rule is hit, a forged Reset packet is sent to the server and the client. The link is disconnected. At present, the bypass hardware is used for deployment. The bypass hardware device needs to perform DPI (deep packet inspection) on the mirrored data packets, extract the quintuple requested by the data packets, and pass the extracted destination IP To forge the Reset packet, but it takes too long to use DPI in this way. When the forged Reset packet is returned to the server and the client, the client has already received the response from the server and established a connection, resulting in a high failure rate of blocking , especially the existing DPI technology package processing performance is limited, when faced with the large flow of data processing in the IDC computer room, it is easy to cause failure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP bypass blocking method based on dpdk

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The present invention will be further described below in conjunction with the accompanying drawings.

[0026] refer to figure 1 , the HTTP bypass blocking method based on DPDK, also includes the following steps:

[0027] S1: Deploy the DPDK system operating environment on the switch, including building a networking network for network communication; performing mirror configuration for capturing network data packets and performing monitoring and analysis; performing network port enabling configuration; installing the DPDK compilation module, It is used to compile the DPDK operating environment; install the driver loading module to load the DPDK driver; allocate huge page memory to realize the huge page memory configuration; through the above configuration, realize system initialization, DPDK system initialization, memory initialization and each module initialization.

[0028] S2: Establish a filtering rule library, create an http filtering library on the switch, enter f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a DPDK-based HTTP bypass blocking method, which also includes the following steps: S1: deploying a DPDK system operating environment on a switch; S2: establishing a filter rule library; S3: configuring a blocking port on the switch; S4: calling the DPDK system The api interface reads the data message of the network port; S5: intercept the field of the data message obtained in the step S4, and calculate the hash value according to the intercepted field, and search the filter rule base according to the hash value index and perform the field value Contrast, if the comparison is the same, then the blocking port sends the blocking message, if the comparison is different, then discard the data message and continue to read the next data message. The present invention can solve the problem of using DPI packet processing technology in the prior art. If the time is too long, the blocking message is replied before the server responds, and the blocking success rate is as high as 99.99%.

Description

technical field [0001] The invention relates to the technical field of communication networks, in particular to a DPDK-based HTTP bypass blocking method. Background technique [0002] Most of the existing hardware is deployed in series. On the main link of the network, by directly auditing the passing traffic, analyzing the DNS of the request or matching the ACL policy, and discarding the hit request packet directly, so as to block effect. In the prior art, bypass hardware is also used for blocking. By identifying the first request packet of the three-way handshake of the mirrored data TCP, when the blocking rule is hit, a forged Reset packet is sent to the server and the client. The link is disconnected. At present, the bypass hardware is used for deployment. The bypass hardware device needs to perform DPI (deep packet inspection) on the mirrored data packets, extract the quintuple requested by the data packets, and pass the extracted destination IP To forge the Reset pac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/08H04L12/26
CPCH04L43/028H04L67/02
Inventor 王宇杰蔡晔华王强严克剑
Owner 广东唯一网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com