[go: up one dir, main page]

CN117573218B - Application identification hardware unloading method and device based on data processing unit - Google Patents

Application identification hardware unloading method and device based on data processing unit Download PDF

Info

Publication number
CN117573218B
CN117573218B CN202311385875.3A CN202311385875A CN117573218B CN 117573218 B CN117573218 B CN 117573218B CN 202311385875 A CN202311385875 A CN 202311385875A CN 117573218 B CN117573218 B CN 117573218B
Authority
CN
China
Prior art keywords
application
data
processing unit
data processing
hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311385875.3A
Other languages
Chinese (zh)
Other versions
CN117573218A (en
Inventor
张岳军
赵鲲鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yusur Technology Co ltd
Original Assignee
Yusur Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yusur Technology Co ltd filed Critical Yusur Technology Co ltd
Priority to CN202311385875.3A priority Critical patent/CN117573218B/en
Publication of CN117573218A publication Critical patent/CN117573218A/en
Application granted granted Critical
Publication of CN117573218B publication Critical patent/CN117573218B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/63Routing a service request depending on the request content or context
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44594Unloading
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • G06F9/5022Mechanisms to release resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a method and a device for unloading application identification hardware based on a data processing unit, comprising the following steps: the DPU receives a rule file and a strategy action issued by a host side, and generates a rule database required by a hardware regular engine after analysis and processing in a DPI daemon; the application identification program receives the data message and extracts quintuple information of the data message, and primarily identifies the application layer protocol through the port number; the DPI daemon receives the data message and the protocol type and extracts the application layer information of the data message; the application layer information is used as input, the hardware regular engine is called to match with characteristic rules in the rule database, and the matching result is processed according to the strategy action; and the application identification program forwards the data message according to the strategy action and uploads the statistical identification information to the host. The method provided by the invention has the advantages of acceleration and unloading of the application identification on the DPU, host and memory resource release, high identification precision, high efficiency and wide application scene.

Description

Application identification hardware unloading method and device based on data processing unit
Technical Field
The present invention relates to the field of application identification technologies, and in particular, to a method and an apparatus for unloading application identification hardware based on a data processing unit.
Background
With the rapid development of the internet, the application of the internet also changes over the sky. From the initial web browsing, email, file transfer protocol (File TransferProtocol, FTP) download to the current P2P applications, games, video, mobile internetworking, rich and colorful applications become the mainstream of the internet.
In the face of endless applications, how to accurately control application traffic is the biggest problem faced by network administrators, and the precondition of control is to accurately identify various applications in the network. The application recognition technology is an application feature extraction and matching technology, and is used for recognizing the application by extracting certain specific fields in the message or the behavior features of the message and matching with a service perception feature library.
The data processing unit (DataProcessing Unit, DPU) is a dedicated hardware accelerator for efficiently performing data processing tasks. DPUs are common in the data center, cloud computing, and edge computing fields, and can provide high performance and low power consumption data processing capabilities. The work mainly undertaken by the DPU can be generalized into four keywords, virtualization, networking, storage, and security, respectively. Application identification is used as the basis for deep packet Inspection (DEEP PACKET Inspection, DPI) in secure traffic, and can provide high-performance low-latency application identification if hardware offload acceleration is implemented on the DPU.
In the current application identification technology, a main technical scheme is implemented in special equipment such as a firewall or separate application software. The traditional application layer protocol identifies and extracts quintuple information, identifies the application through the port number in the message, has higher matching efficiency, but cannot be distinguished more finely as the types of Internet applications are more and more, and has smaller application range. The other kind of technical scheme is based on application identification of message content, and various applications are accurately identified by extracting application layer characteristics, but the performance is greatly reduced due to the fact that the message content matching is involved, and the performance bottleneck in a network is easy to become.
Disclosure of Invention
In view of this, the embodiment of the invention provides a method and a device for unloading application recognition hardware based on a data processing unit, so as to eliminate or improve one or more defects existing in the prior art, and solve the problems of low recognition precision, small application range, low recognition efficiency and performance bottleneck existing in the existing application recognition technical scheme.
In one aspect, the present invention provides a method for identifying hardware uninstallation based on an application of a data processing unit, the method being performed in the data processing unit, the method comprising the steps of:
receiving a rule file preset by a host side and strategy actions to be configured, and analyzing and processing the rule file and the strategy actions by a deep message detection daemon to generate a rule database required by a hardware regular engine;
An application identification program deployed in the data processing unit receives a data message based on a preset tool, extracts quintuple information of the data message, and identifies an application layer protocol of the data message through a port number in the quintuple information to obtain a protocol type;
the deep message detection daemon receives a data message and a protocol type sent by the application identification program, and extracts application layer information of the data message; the application layer information is used as input, and the hardware regular engine is called to be matched with the characteristic rules in the rule database, so that a matching result is obtained; processing the matching result according to the strategy action;
the deep packet inspection daemon forwards the data packet and the strategy action to the application recognition program; and the application identification program forwards the data message according to the strategy action, and the statistical identification information is uploaded to the host.
In some embodiments of the present invention, the deep packet inspection daemon analyzes and processes the rule file and the policy actions to generate a rule database required by a hardware regularization engine, and further includes:
The deep message detection daemon reads the rule file row by row and extracts each field of the rule;
The deep packet inspection daemon reads the strategy actions and extracts actions corresponding to each rule;
And the deep message detection daemon converts and sorts rule contents and actions according to a preset format according to the extracted information of each field to generate the rule database so as to be used by the hardware regularization engine.
In some embodiments of the invention, the rule database is made up of a set of regular expressions.
In some embodiments of the invention, the application recognition program receives the data message based on a data plane development suite.
In some embodiments of the invention, prior to the method, further comprising:
binding a preset network port with the data plane development suite; the data plane development suite directly accesses and/or processes the received data message based on the preset network port.
In some embodiments of the present invention, the application recognition program extracts five-tuple information of the data packet based on the data plane development suite, further including:
the application identification program receives the data message from the preset network port based on a self-contained function of the data plane development kit;
According to the protocol type of the data message, the application identification program extracts a message header structure from the data part of the data message;
According to the message header structure and the field definition, the application identification program extracts the five-tuple information from the data message; the five-tuple information includes a source IP address, a destination IP address, a protocol type, a source port number, and a destination port number.
In some embodiments of the present invention, the deployment method of the application identification program includes the following steps:
acquiring the application recognition program, wherein the application recognition program is obtained based on one or more combination training of deep learning, machine learning and rule matching technologies;
Identifying a program configuration environment and dependency for the application; compiling the source code of the application identification program into an executable file by using a preset programming language and a development tool;
Binding the data processing unit with a network interface of the application identification program, and configuring parameters of the data processing unit;
And starting the application identification program, and monitoring the bound network port to receive and process the data message.
In another aspect, the present invention provides an application-identifying hardware offloading device based on a data processing unit, wherein the device is configured to perform the steps of implementing the method of any one of the above mentioned methods, the device comprising:
A host; the host is used for issuing a preset rule file and strategy actions to be configured to the data processing unit and receiving identification information counted by the data processing unit;
A data processing unit; the data processing unit comprises an application layer protocol identification module and a deep message detection daemon module; the application layer identification module is used for identifying an application layer protocol of the data message according to the port number in the five-tuple information of the data message; the deep message detection daemon module is used for carrying out application identification by calling a hardware regular engine to match with a preset characteristic rule according to the application layer information of the data message.
In some embodiments of the present invention, the host and the data processing unit are interconnected by a high-speed serial bus, and data transmission is implemented based on the high-speed serial bus.
In another aspect, the invention also provides a computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of a method as described in any one of the above-mentioned.
The invention has the advantages that:
The invention provides a method and a device for unloading application identification hardware based on a data processing unit, comprising the following steps: the DPU receives a rule file and a strategy action issued by a host side, and generates a rule database required by a hardware regular engine after analysis and processing in a DPI daemon; the application identification program receives the data message and extracts quintuple information of the data message, and the application layer protocol is primarily identified through a port number configured in the quintuple information; the DPI daemon receives the data message and the protocol type and extracts the application layer information of the data message; the method comprises the steps of taking application layer information as input, matching with characteristic rules in a rule database by calling a hardware regular engine, generating a matching result, processing the matching result according to strategy actions, and forwarding message content and the strategy actions to an application identification program; and the application identification program forwards the data message according to the strategy action and uploads the statistical identification information to the host. The application identification hardware unloading method provided by the invention invokes the hardware regular acceleration engine through the DPI daemon, realizes acceleration and unloading of application identification on the DPU, releases host CPU and memory resources, and has the advantages of high identification precision, high efficiency and wide application scene.
Furthermore, the application layer protocol identification process is separated from the DPI daemon, the DPI daemon mainly realizes the application identification function of the message content, and the DPI daemon can be flexibly used to realize the hardware unloading acceleration of different functions.
Furthermore, the application program at the host side can be freely customized by a user, and the rule files and the strategy actions issued by updating can be timely adjusted, so that the flexibility is high.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and drawings.
It will be appreciated by those skilled in the art that the objects and advantages that can be achieved with the present invention are not limited to the above-described specific ones, and that the above and other objects that can be achieved with the present invention will be more clearly understood from the following detailed description.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate and together with the description serve to explain the application. In the drawings:
FIG. 1 is a block diagram illustrating a method for identifying hardware uninstallation based on an application of a data processing unit according to an embodiment of the present invention.
FIG. 2 is a flowchart of a method for identifying hardware uninstallation based on an application of a data processing unit according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following embodiments and the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent. The exemplary embodiments of the present invention and the descriptions thereof are used herein to explain the present invention, but are not intended to limit the invention.
It should be noted here that, in order to avoid obscuring the present invention due to unnecessary details, only structures and/or processing steps closely related to the solution according to the present invention are shown in the drawings, while other details not greatly related to the present invention are omitted.
It should be emphasized that the term "comprises/comprising" when used herein is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.
It is also noted herein that the term "coupled" may refer to not only a direct connection, but also an indirect connection in which an intermediate is present, unless otherwise specified.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In the drawings, the same reference numerals represent the same or similar components, or the same or similar steps.
It should be emphasized that the references to steps below are not intended to limit the order of the steps, but rather should be understood to mean that the steps may be performed in a different order than in the embodiments, or that several steps may be performed simultaneously.
In order to solve the problems of low recognition precision, small application range and low recognition efficiency and performance bottleneck existing in the existing application recognition technical scheme, the invention provides an application recognition hardware unloading method based on a data processing unit, which is executed in the data processing unit, as shown in fig. 1, and comprises the following steps S101 to S104:
Step S101: and receiving a rule file preset by a host side and strategy actions to be configured, and analyzing and processing the rule file and the strategy actions by a deep message detection daemon to generate a rule database required by a hardware regular engine.
Step S102: the application identification program deployed in the data processing unit receives the data message based on the preset tool, extracts quintuple information of the data message, and identifies an application layer protocol of the data message through a port number in the quintuple information to obtain a protocol type.
Step S103: the deep message detection daemon receives the data message and the protocol type sent by the application identification program and extracts the application layer information of the data message; the application layer information is used as input, and the matching result is obtained by calling a hardware regular engine and matching with the characteristic rules in the rule database; and processing the matching result according to the strategy action.
Step S104: the deep message detection daemon forwards the data message and the strategy action to the application identification program; and the application identification program forwards the data message according to the strategy action and uploads the statistical identification information to the host.
As shown in fig. 2, a flow diagram of a method of hardware offloading is identified for a data processing unit based application.
Step S101 is a pre-stage of the method. In step S101, the host sets in advance a rule file and a policy action for application identification, and issues the rule file and the policy action to a Deep Packet Inspection (DPI) daemon on the data processing unit (Data Processing Unit, DPU). The deep message detection daemon analyzes and processes the rule file and the strategy action to generate a rule database required by the hardware regular engine so as to provide rule database support for subsequent application identification operation. The rule file generally contains the contents of a protocol, a message header, load information and the like which need to be checked; policy actions define the actions that need to be taken when a specified protocol or payload is detected, such as blocking, logging, forwarding, etc.
In some embodiments, the rules database is made up of a set of regular expressions.
In some embodiments, the deep packet inspection daemon analyzes and processes the rule file and the policy actions to generate a rule database required by the hardware regularization engine, and specifically includes the following steps:
The deep packet inspection daemon reads rule files line by line, wherein the rule files contain feature rules to be matched, and the rule files adopt Snort rule formats and extract information of each field of the rules, such as rule IDs, protocol types, source IP addresses, destination IP addresses, port numbers, payload and the like.
The deep packet inspection daemon reads policy actions, which define the processing mode for matching rules, and extracts actions corresponding to each rule.
And the deep message detection daemon converts and sorts rule contents and actions according to a preset format according to the extracted information of each field to generate a rule database. The preset format is a format suitable for the hardware regularization engine, and generally refers to a rule expression mode which is optimized and specifically designed, so that the hardware regularization engine can efficiently perform matching operation. The rule database generated in this way can be used as a basis for feature matching by the hardware regularization engine.
In some embodiments, in order to improve the rule matching efficiency, the deep packet inspection daemon may also perform some optimization processing. For example, merging rules with identical actions and matching conditions, reducing the number of rules; efficient data structures, such as tries, AC automata, etc., are used to accelerate the matching process, etc.
Steps S102 to S104 are steps of application identification hardware offloading.
Step S102 is performed in an application layer protocol identification (Application Recognition, AP) process of the data processing unit. In step S102, an application recognition program deployed on the data processing unit receives a data packet to be recognized, extracts quintuple information of the data packet, performs preliminary recognition through a port number in the quintuple information, and determines a protocol type. The five-tuple information comprises a source IP address, a destination IP address, a protocol type, a source port number and a destination port number, and the application layer protocol can be identified through the configured port number. Typically, the 8080 port corresponds to the HTTP protocol, for example.
In some embodiments, a deployment method of an application identification program includes the steps of:
An application recognition program is obtained, the application recognition program can use proper programming language and development tools to write application recognition algorithms and logic, and the application recognition algorithms and logic can be used for realizing application classification and/or service processing of the data message based on one or more of deep learning, machine learning and rule matching technology.
Application identification program configuration environments and dependencies, including, by way of example, operating systems, compilers, library files (DPDK and related drivers, etc.), development frameworks, and the like. The application identification program source code is compiled into an executable file by using a preset programming language and development tools.
Binding the data processing unit with the network interface of the application identification program, and configuring parameters of the data processing unit so that the data processing unit can receive and process the data message transmitted from the network port.
And finally starting and running an application identification program to monitor the bound network port, so as to receive and process the data message.
In some embodiments, the application identification program receives the data message based on a data plane Development Kit (DATA PLANE Development Kit, DPDK). DPDK is a tool set for data plane development that provides a set of high performance libraries and drivers for accelerating packet processing and network application development. By using DPDK, the computational power and hardware characteristics of modern multi-core processors can be fully utilized to achieve high throughput and low latency network packet processing.
In some embodiments, the application recognition program extracts five-tuple information of the data message based on the data plane development kit, comprising the following specific steps:
The application recognition program previously binds the network interface to the data processing unit using the data plane development suite.
The application identification program receives the data message from the preset network port based on the self-contained function of the data plane development kit. For example, the received data message may be stored in a corresponding memory for subsequent processing.
According to the protocol type of the data message, such as TCP, UDP, IP, the application identification program extracts the message header structure from the data portion of the data message.
And extracting five-tuple information from the data message by the application identification program according to the message header structure and the field definition. For example, the extracted five-tuple information may be stored for subsequent use. The five-tuple information comprises a source IP address, a destination IP address, a protocol type, a source port number and a destination port number. The source IP address and the destination IP address can be extracted from an IPv4 or IPv6 message header; the protocol type may be extracted from the protocol field in the IP header, e.g. a value of 6 for TCP and 17 for UDP; the source port number and the destination port number may be extracted from a TCP or UDP header.
Step S103 is performed in the deep packet inspection daemon of the data processing unit.
In step S103, the deep packet inspection daemon receives the data packet and the protocol type transmitted by the application recognition program, and extracts the application layer information of the data packet. And (3) taking the application layer information as input, matching the application layer information with the characteristic rules in the rule database by calling a hardware regular engine preset in the step S101 to obtain a matching result, and processing the matching result according to the strategy action. And the final deep message detection daemon forwards the data message and the strategy action to the application identification program.
Step S104 performs processing in an application layer protocol identification process of the data processing unit.
In step S104, the application recognition program forwards the data packet according to the policy action, and the statistical recognition information is uploaded to the host.
Based on the above steps S101 to S104, the application recognition hardware uninstallation based on the data processing unit is realized.
The invention also provides an application identification hardware unloading device based on the data processing unit, which is used for executing the application identification hardware unloading method based on the data processing unit, and comprises a host and the data processing unit, and specifically comprises the following two parts:
the host computer is used for issuing a preset rule file and strategy actions to be configured to the data processing unit, and receiving the statistical identification information after the data processing unit completes application identification.
The data processing unit also comprises an application layer protocol identification module and a deep message detection daemon module. The application layer identification module is used for primarily identifying the application layer protocol of the data message according to the port number in the five-tuple information of the data message; the deep message detection daemon module is used for carrying out matching with a preset characteristic rule by calling a hardware regular engine according to the application layer information of the data message so as to carry out recognition again.
In some embodiments, the host and the data processing unit are interconnected by a high-speed serial bus (PERIPHERAL COMPONENT INTERCONNECT EXPRESS, PCIE) based on which data transfer is effected.
The present invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of a data processing unit based application identification hardware offloading method.
Accordingly, the present invention also provides an apparatus comprising a computer apparatus including a processor and a memory, the memory having stored therein computer instructions for executing the computer instructions stored in the memory, the apparatus implementing the steps of the method as described above when the computer instructions are executed by the processor.
The embodiments of the present invention also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the edge computing server deployment method described above. The computer readable storage medium may be a tangible storage medium such as Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, floppy disks, hard disk, a removable memory disk, a CD-ROM, or any other form of storage medium known in the art.
In summary, the present invention provides a method and an apparatus for unloading application identification hardware based on a data processing unit, including: the DPU receives a rule file and a strategy action issued by a host side, and generates a rule database required by a hardware regular engine after analysis and processing in a DPI daemon; the application identification program receives the data message and extracts quintuple information of the data message, and the application layer protocol is primarily identified through a port number configured in the quintuple information; the DPI daemon receives the data message and the protocol type and extracts the application layer information of the data message; the method comprises the steps of taking application layer information as input, matching with characteristic rules in a rule database by calling a hardware regular engine, generating a matching result, processing the matching result according to strategy actions, and forwarding message content and the strategy actions to an application identification program; and the application identification program forwards the data message according to the strategy action and uploads the statistical identification information to the host. The application identification hardware unloading method provided by the invention invokes the hardware regular acceleration engine through the DPI daemon, realizes acceleration and unloading of application identification on the DPU, releases host and memory resources, and has the advantages of high identification precision, high efficiency and wide application scene.
Furthermore, the application layer protocol identification process is separated from the DPI daemon, the DPI daemon mainly realizes the application identification function of the message content, and the DPI daemon can be flexibly used to realize the hardware unloading acceleration of different functions.
Furthermore, the application program at the host side can be freely customized by a user, and the rule files and the strategy actions issued by updating can be timely adjusted, so that the flexibility is high.
Those of ordinary skill in the art will appreciate that the various illustrative components, systems, and methods described in connection with the embodiments disclosed herein can be implemented as hardware, software, or a combination of both. The particular implementation is hardware or software dependent on the specific application of the solution and the design constraints. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave.
It should be understood that the invention is not limited to the particular arrangements and instrumentality described above and shown in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. The method processes of the present invention are not limited to the specific steps described and shown, but various changes, modifications and additions, or the order between steps may be made by those skilled in the art after appreciating the spirit of the present invention.
In this disclosure, features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, and various modifications and variations can be made to the embodiments of the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (7)

1. A method of application identification hardware offloading based on a data processing unit, the method being performed in the data processing unit, the method comprising the steps of:
receiving a rule file preset by a host side and strategy actions to be configured, and analyzing and processing the rule file and the strategy actions by a deep message detection daemon to generate a rule database required by a hardware regular engine;
Binding a preset network port with a data plane development kit, receiving a data message from the preset network port based on a self-contained function of the data plane development kit by an application identification program deployed in the data processing unit, extracting a message header structure from a data part of the data message according to a protocol type of the data message, and extracting five-tuple information from the data message according to the message header structure and field definition; identifying an application layer protocol of the data message through a port number in the five-tuple information to obtain a protocol type; wherein the five-tuple information comprises a source IP address, a destination IP address, a protocol type, a source port number and a destination port number;
the deep message detection daemon receives a data message and a protocol type sent by the application identification program, and extracts application layer information of the data message; the application layer information is used as input, and the hardware regular engine is called to be matched with the characteristic rules in the rule database, so that a matching result is obtained; processing the matching result according to the strategy action;
the deep packet inspection daemon forwards the data packet and the strategy action to the application recognition program; and the application identification program forwards the data message according to the strategy action, and the statistical identification information is uploaded to the host.
2. The method for recognizing hardware uninstallation based on application of data processing unit according to claim 1, wherein a deep packet inspection daemon analyzes the rule file and the policy actions to generate a rule database required by a hardware regularization engine, further comprising:
The deep message detection daemon reads the rule file row by row and extracts each field of the rule;
The deep packet inspection daemon reads the strategy actions and extracts actions corresponding to each rule;
And the deep message detection daemon converts and sorts rule contents and actions according to a preset format according to the extracted information of each field to generate the rule database so as to be used by the hardware regularization engine.
3. The data processing unit based application recognition hardware offloading method of claim 1, wherein the rule database is comprised of a set of regular expressions.
4. The data processing unit-based application identification hardware offloading method of claim 1, wherein the application identification program deployment method comprises the steps of:
acquiring the application recognition program, wherein the application recognition program is obtained based on one or more combination training of deep learning, machine learning and rule matching technologies;
Identifying a program configuration environment and dependency for the application; compiling the source code of the application identification program into an executable file by using a preset programming language and a development tool;
Binding the data processing unit with a network interface of the application identification program, and configuring parameters of the data processing unit;
And starting the application identification program, and monitoring the bound network port to receive and process the data message.
5. An application identification hardware offloading device based on a data processing unit, wherein the device is configured to perform the steps of the application identification hardware offloading method based on a data processing unit as claimed in any one of claims 1 to 4, the device comprising:
A host; the host is used for issuing a preset rule file and strategy actions to be configured to the data processing unit and receiving identification information counted by the data processing unit;
A data processing unit; the data processing unit comprises an application layer protocol identification module and a deep message detection daemon module; the application layer protocol identification module is used for receiving a data message from a preset network port based on a self-contained function of a data plane development kit, the preset network port is bound with the data plane development kit in advance, a message header structure is extracted from a data part of the data message according to a protocol type of the data message, and quintuple information is extracted from the data message according to the message header structure and field definition; identifying an application layer protocol of the data message according to the port number in the five-tuple information of the data message; the deep message detection daemon module is used for carrying out application identification by calling a hardware regular engine to match with a preset characteristic rule according to the application layer information of the data message.
6. The application recognition hardware offload device based on data processing unit of claim 5, wherein the host and the data processing unit are interconnected by a high-speed serial bus, based on which data transfer is achieved.
7. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 4.
CN202311385875.3A 2023-10-24 2023-10-24 Application identification hardware unloading method and device based on data processing unit Active CN117573218B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311385875.3A CN117573218B (en) 2023-10-24 2023-10-24 Application identification hardware unloading method and device based on data processing unit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311385875.3A CN117573218B (en) 2023-10-24 2023-10-24 Application identification hardware unloading method and device based on data processing unit

Publications (2)

Publication Number Publication Date
CN117573218A CN117573218A (en) 2024-02-20
CN117573218B true CN117573218B (en) 2024-09-27

Family

ID=89885224

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311385875.3A Active CN117573218B (en) 2023-10-24 2023-10-24 Application identification hardware unloading method and device based on data processing unit

Country Status (1)

Country Link
CN (1) CN117573218B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120434207B (en) * 2025-07-07 2025-09-05 武汉博易讯信息科技有限公司 Flow blocking method based on distributed DPI system and related equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110915173A (en) * 2017-07-10 2020-03-24 芬基波尔有限责任公司 Data processing unit for computing nodes and storage nodes

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9356844B2 (en) * 2012-05-03 2016-05-31 Intel Corporation Efficient application recognition in network traffic
CN103051725B (en) * 2012-12-31 2015-07-29 华为技术有限公司 Application and identification method, data digging method, Apparatus and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110915173A (en) * 2017-07-10 2020-03-24 芬基波尔有限责任公司 Data processing unit for computing nodes and storage nodes

Also Published As

Publication number Publication date
CN117573218A (en) 2024-02-20

Similar Documents

Publication Publication Date Title
US11985169B2 (en) Classification of unknown network traffic
CN112558948B (en) Method and device for identifying messages under mass flow
CN109547580B (en) A method and device for processing data message
US8176300B2 (en) Method and apparatus for content based searching
US8867395B2 (en) Accelerating data packet parsing
EP2933955B1 (en) Deep packet inspection method, device, and coprocessor
US9397901B2 (en) Methods, systems, and computer readable media for classifying application traffic received at a network traffic emulation device that emulates multiple application servers
US9356844B2 (en) Efficient application recognition in network traffic
US7596809B2 (en) System security approaches using multiple processing units
CN112532538A (en) Flow control method and device, electronic equipment and computer readable storage medium
US11019096B2 (en) Combining apparatus, combining method, and combining program
CN117573218B (en) Application identification hardware unloading method and device based on data processing unit
CN111600852A (en) Firewall design method based on programmable data plane
US20120140640A1 (en) Apparatus and method for dynamically processing packets having various characteristics
CN116055411A (en) UPF data flow classification method, system, device and medium based on machine learning
CN116634046A (en) Message processing method and device, electronic equipment and storage medium
US11616759B2 (en) Increased coverage of application-based traffic classification with local and cloud classification services
CN112637223B (en) Application protocol identification method and device, computer equipment and storage medium
CN119449670A (en) A kernel-based network traffic application identification system and method
US11949658B2 (en) Increased coverage of application-based traffic classification with local and cloud classification services
CN116208374B (en) Industrial protocol identification method, device, equipment and storage medium
EP4141675A1 (en) Coordinating data packet processing between kernel space and user space
WO2022269786A1 (en) Communication data identification device and method
CN120416175A (en) Network traffic application identification method and system based on dynamic rules
CN120693841A (en) Online Inspection of Multipart File Transfers for Network Security Implementation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant