A session entry processing method, device and related products in a multi-core system

A multi-core system and session entry technology, applied in the field of data processing, can solve problems such as affecting forwarding performance, packet loss, and untimely processing of packets by the forwarding core, and achieve the effects of improving forwarding performance, defending against attacks, and saving processing resources.

Active Publication Date: 2022-01-07
NEUSOFT CORP
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the forwarding core uses a polling mechanism to process message forwarding and timeout session entries, so that the forwarding core cannot process message forwarding and timeout session entries at the same time
[0003] In practical applications, the firewall can maintain a high throughput performance when it does not encounter a distributed denial of service (Distributed Denial of Service, DDoS) attack, but when it encounters a DDos attack, it will generate a large number of timed-out If the timer of the mechanism takes too long to process the timeout session entry, it will inevitably cause the forwarding core to process the message not in time, resulting in packet loss and affecting the overall forwarding performance

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A session entry processing method, device and related products in a multi-core system
  • A session entry processing method, device and related products in a multi-core system
  • A session entry processing method, device and related products in a multi-core system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to make the above objects, features and advantages of the present application more obvious and understandable, the embodiments of the present application will be further described in detail below in conjunction with the accompanying drawings and specific implementation methods.

[0045]In the research of the traditional firewall working structure, the inventor found that the firewall can be a message forwarding system based on the dpdk platform. Since the working mechanism of the dpdk platform is an endless loop in user mode, that is, the forwarding core loop handles the following two things, one is forwarding The core receives messages from each network card / other forwarding cores and processing cores and forwards the messages; second, the timer of the forwarding core needs to process timed-out session entries to avoid affecting system performance due to the large number of session entries.

[0046] The above-mentioned processing mechanism of the forwarding cor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the present application discloses a session entry processing method and device in a multi-core system. After the forwarding core receives the first handshake message or the second handshake message, when the embodiment of the present application receives the message, First determine whether the message is safe. When the message is an unsafe first handshake message or an unsafe second handshake message, the session timeout item of the message is added to the linked list array, and the linked list array is used to process the session of the message Timeout item, so as to avoid using the timer of the forwarding core to process the session timeout item of the attack message when the received message is an attack message, which not only effectively defends against attacks, but also saves the processing resources of the forwarding core timer, so that the forwarding core It can process security packets normally and improve the overall forwarding performance. In addition, each forwarding core is configured with a linked list array, so as to realize lock-free processing of the multi-core system.

Description

technical field [0001] The present application relates to the field of data processing, in particular to a method, device and related products for processing session entries in a multi-core system. Background technique [0002] For security vendors, after receiving the message, the forwarding core in the firewall queries the session table and forwards the message. If there is no corresponding session table, it builds a session table according to the policy, and finally realizes message forwarding. Since too many session tables will also cause system burden, it is necessary to pay attention to the timeout mechanism of the session table, delete the timed-out session entries in time, and reduce the system load. That is to say, the forwarding core not only needs to process message forwarding, but also needs to process timed-out session entries. However, the forwarding core uses a polling mechanism to process message forwarding and timeout session entries, so that the forwarding...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1458H04L63/02
Inventor 刘健男党丽娜
Owner NEUSOFT CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap