Unlock instant, AI-driven research and patent intelligence for your innovation.

PCRE hot switching method, network equipment and storage medium

A technology of network equipment and hot switching, applied in the field of network security, can solve the problems of PCRE signature database switching network congestion and other problems

Active Publication Date: 2020-05-15
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In view of this, the purpose of this application is to provide a PCRE hot switching method, network equipment and storage media, to improve the current problem of network congestion caused by PCRE feature library switching in the process of high-load data packet filtering

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PCRE hot switching method, network equipment and storage medium
  • PCRE hot switching method, network equipment and storage medium
  • PCRE hot switching method, network equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0024] In the process of studying this application, the inventor found that the current security device processes packets passing through the device based on packet filtering, mainly in the following two implementation modes: 1. Each process loads the PCRE feature library separately, Each time the configuration is switched, multiple processes simultaneously load and switch the PCRE signature database. In the case of many regular expressions in PCRE, it may take several seconds or even ten seconds, which may easily cause network congestion, packet loss, and consume more memory. 2. Use a single process (management process) to load the configuration and notify the work process to switch the configuration. Although this method can achieve non-blocking of the work process, it is necessary to restart the work process. At this time, in order to ensure that the network service is not interrupted, the data packets during this period of time need to be processed, and the connection saved...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a PCRE hot switching method, network equipment and a storage medium, and belongs to the technical field of network security. The method is applied to network equipment, and the network equipment comprises a management process and a plurality of working processes which correspond to the same shared memory. The method comprises the following steps that: a management processloads a PCRE feature library to a shared memory, updates the value of a global data pointer in the shared memory, and stores the current global count of each working process; the management process periodically acquires the global count of each working process, and judges whether the acquired global count is changed or not compared with the stored current global count; and when the global counts of all the working processes are changed, the management process releases the PCRE feature library loaded last time in the shared memory. By sharing the memory, the same feature data can be accessed among a plurality of working processes, and efficient, lock-free, non-blocking and process restart-free PCRE hot switching is realized by matching with global counting.

Description

Technical field [0001] This application belongs to the field of network security technology, and specifically relates to a PCRE hot switching method, network equipment and storage medium. Background technique [0002] In the current network communication and security field, many routers and firewalls use packet filtering-based processing methods to process packets passing through the device. In order to increase the data processing capability of the equipment, manufacturers often use the method of binding network cards and processes, and use specific processes to poll and detect specific network cards and forward messages. This requires coordination of multiple processes that handle packet forwarding, and the time for each process to process each message is short enough to minimize network delay. Many security devices, such as Intrusion Prevention System (IPS), Web Application Firewall (WAF), firewalls, etc., use a large number of Perl Compatible Regular Expressions (Perl Compat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24H04L29/06G06F16/9035G06F9/54
CPCH04L41/082H04L63/0227G06F9/544G06F16/9035
Inventor 杜晓宇
Owner BEIJING TOPSEC NETWORK SECURITY TECH