CN104348776B - Data package processing method and device - Google Patents

Data package processing method and device Download PDF

Info

Publication number
CN104348776B
CN104348776B CN201310312190.6A CN201310312190A CN104348776B CN 104348776 B CN104348776 B CN 104348776B CN 201310312190 A CN201310312190 A CN 201310312190A CN 104348776 B CN104348776 B CN 104348776B
Authority
CN
China
Prior art keywords
packets
address
identification information
type
web site
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310312190.6A
Other languages
Chinese (zh)
Other versions
CN104348776A (en
Inventor
黄敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201310312190.6A priority Critical patent/CN104348776B/en
Priority to PCT/CN2014/072566 priority patent/WO2015010472A1/en
Publication of CN104348776A publication Critical patent/CN104348776A/en
Application granted granted Critical
Publication of CN104348776B publication Critical patent/CN104348776B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention provides a kind of data package processing method and device.Data package processing method of the present invention, including:IP packets are received, the identification information for being used for indicating type of service corresponding to the IP address is included in the IP address of the IP packets;According to the identification information, filtration treatment is carried out to the IP packets.The embodiment of the present invention, contain the IP packets for indicating that the IP address corresponds to type of service identification information in IP address by receiving, and filtration treatment is carried out according to the identification information pair IP packets in the IP address of the IP packets, detection speed is substantially increased, meets the requirement detected in real time.

Description

Data package processing method and device
Technical field
The present embodiments relate to the communication technology, more particularly to a kind of data package processing method and device.
Background technology
With the development of network technology, internet has become people's work, life, indispensable, just in learning process Prompt efficient instrument, and the appearance of some malicious websites or fishing website has a strong impact on the data safety information of user, simultaneously The serious problems of enterprise's generally existing computer and internet abuse, therefore, security gateway technology becomes extremely important, simultaneously for The requirement of security gateway technology also more and more higher.
After prior art to packet by carrying out a series of depth content analysis, judge whether to need according to bursting tube Manage strategy and the processing such as discarding accordingly, interception or clearance are carried out to packet.For example, to packet carry application layer data according to Secondary progress data extraction, by the data input URL of extraction(Uniform Resource Locator, referred to as URL)Matching module is matched with the URL in malice URL storehouses, and carries out Viral diagnosis to the data of extraction, carries out malice Code detection, carry out anti-phishing detection etc. a series of detection.
Because prior art needs to do packet substantial amounts of analyses and comparison, its detection speed is slow, it is difficult to meet in real time Ask.
The content of the invention
This hair embodiment provides a kind of data package processing method and device, and to solve, prior art detection speed is slow to ask Topic.
In a first aspect, the embodiment of the present invention provides a kind of data package processing method, including:
IP packets are received, is included in the IP address of the IP packets and is used to indicate service class corresponding to the IP address The identification information of type;
According to the identification information, filtration treatment is carried out to the IP packets.
With reference in a first aspect, in the first possible implementation of first aspect, the identification information is for subnet The encoded radio of precalculated position bit in location.
With reference to the possible implementation of the first of first aspect or first aspect, second in first aspect is possible It is described according to the identification information in implementation, filtration treatment is carried out to the IP packets, including:
The business datum that the IP packets carry is extracted, and the type of the business datum is identified, determines institute It is the first type of service to state the business datum included in IP packets, also, according to the identification information, determines the IP address Corresponding second type of service;
It is whether consistent with the second type of service to compare first type of service;
If inconsistent, filtration treatment is carried out to the IP packets.
With reference to the possible implementation of the first of first aspect or first aspect, the third in first aspect is possible It is described according to the identification information in implementation, filtration treatment is carried out to the IP packets, including:
According to the identification information, type of service corresponding to the IP address is determined;
Using security strategy corresponding with the type of service, filtration treatment is carried out to the IP packets.
With reference to first aspect, first aspect the first to the third any possible implementation, in first aspect The 4th kind of possible implementation in, the IP packets are IPv6 packets or IPv4 packets;
Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
Second aspect, the embodiment of the present invention provide a kind of data packet processing, including:
Receiving module, for receiving IP packets, include and be used for indicating the IP in the IP address of the IP packets The identification information of type of service corresponding to location;
Processing module, for according to the identification information, filtration treatment to be carried out to the IP packets.
With reference to second aspect, in the first possible implementation in the second face, the identification information is subnet address The encoded radio of middle precalculated position bit.
With reference to the possible implementation of the first of second aspect or second aspect, second in second aspect is possible In implementation, the processing module includes:
Recognition unit, the business datum carried for extracting the IP packets, and the type of the business datum is entered Row identification, the business datum for determining to include in the IP packets is the first type of service, also, according to the identification information, Determine the second type of service corresponding to the IP address;
Comparing unit, for the recognition unit determine first type of service and the second type of service whether Unanimously;
First processing units, if the comparative result for the comparing unit is inconsistent, the IP packets are carried out Filtration treatment.
With reference to the possible implementation of the first of second aspect or second aspect, the third in second aspect is possible In implementation, the processing module includes:
Determining unit, for according to the identification information, determining type of service corresponding to the IP address;
Second processing unit, for using security strategy corresponding with the type of service of determining unit determination, Filtration treatment is carried out to the IP packets.
With reference to second aspect, second aspect the first to the third any possible implementation, in second aspect The 4th kind of possible implementation in, the IP packets are IPv6 packets or IPv4 packets;
Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
The embodiment of the present invention, contain the IP for indicating that the IP address corresponds to type of service identification information in IP address by receiving Packet, and filtration treatment is carried out according to the identification information pair IP packets in the IP address of the IP packets, greatly improve Detection speed, meet the requirement detected in real time.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs Some bright embodiments, for those of ordinary skill in the art, without having to pay creative labor, can be with Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 a are the application scenarios schematic diagram of the embodiment of the present invention;
Fig. 1 b are the schematic flow sheet of data package processing method embodiment one of the present invention;
Fig. 2 a are the schematic flow sheet of data package processing method embodiment two of the present invention;
Fig. 2 b are IPv6 address format schematic diagrames in the present embodiment;
Fig. 3 is the schematic flow sheet of data package processing method embodiment three of the present invention;
Fig. 4 is the schematic flow sheet of data package processing method example IV of the present invention;
Fig. 5 is the structural representation of data packet processing embodiment one of the present invention;
Fig. 6 is the structural representation of data packet processing embodiment two of the present invention;
Fig. 7 is the structural representation of data packet processing embodiment three of the present invention;
Fig. 8 is the structural representation of data packet processing example IV of the present invention;
Fig. 9 is the structural representation of processing data packets equipment provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 a are the application scenarios schematic diagram of the embodiment of the present invention, as shown in Figure 1a, in the embodiment of the present invention, executive agent For data packet processing, the device can be realized by software and/or hardware, and can dispose the data packet processing Can be specially gateway kind equipment corresponding to the data packet processing in the existing Network Access Point of user or client terminal Or the software of client, the risk and problem triggered during user terminal online can be reduced.
Fig. 1 b are the schematic flow sheet of data package processing method embodiment one of the present invention.The executive agent of the present embodiment is number According to bag processing unit.As shown in Figure 1 b, the method for the present embodiment can include:
Step 101, IP packets are received, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding Type of service identification information.
Interconnection protocol between network at present(Internet Protocol, abbreviation IP agreement)Include Internet protocol fourth edition (Internet Protocol version4, abbreviation IPv4)And Internet protocol sixth version(Internet Protocol Version6, abbreviation IPv6).Wherein, IPv4 is widely used, but because its address only has 32, flourishing with internet Development, the network equipment and terminal increase on a large scale, internet protocol address(Internet Protocol Address, abbreviation IP Address)Demand it is more and more big, there is IP address shortage.And wherein, IPv6 uses 128 bit address length, expands Address space, the extreme enrichment of address is brought, there are the idle bit positions more than comparison.Therefore, can be according to content in the present embodiment Information be that website service content is further divided to IP address, i.e., in the subnet address of IP address choose one positioning The bit put, the web site contents that the different coding value of these bits is respectively allocated to provide different classes of business provide Business.
In the present embodiment, it is IP messages that data packet processing, which receives IP packets, and the IP messages are not necessarily single report Text, can be continuous multiple IP messages based on same connection, i.e. certain data stream.Due to being wrapped in the IP address of the IP packets Containing the identification information for indicating type of service corresponding to the IP address, the identification information is precalculated position bit in subnet address The encoded radio of position, such as the encoded radio on a positions to b positions, such as a positions of the IP packet IP address of social class website transmission 80 are encoded to b positions, the position for the IP packet IP address that news category class website is sent is encoded to the similar approach such as 90, wherein International organization interconnects network data distributor gear(The Internet Assigned Numbers Authority, abbreviation IANA) After the prefix for distributing to some country, some operator or some one section of regular length of enterprise, then by country or operator's root IP address is further divided according to the information of content, such as a total of M positions of IP address, IANA distribute to some operator Prefix is N positions, then remaining M-N positions are available for the operator further to divide, and a positions to being available for further dividing b the position Suo Shu At least one bit in M-N positions, a span are the natural number in 1 to M-N, in b span 2 to M-N from So number, a are less than b.Therefore, the service class of the IP packets can be known by the identification information in the IP address of the IP packets Type.
Step 102, according to the identification information, filtration treatment is carried out to the IP packets.
The type of service of the IP packets is known by the identification information in the IP address of the IP packets, then to the IP Packet carries out filtration treatment, for example is prevented for malicious websites, or prevents entertainment sites from only permitting for the work hours The analogues such as perhaps upper technology class website.
In the present embodiment, the IP packets can be IPv6 packets or IPv4 packets;Accordingly, the IP address Can be IPv6 addresses or IPv4 addresses.
Understand that IPv6 uses 128 bit address length according to above-mentioned, expand address space, there are the idle bit positions more than comparison, Can be different according to website service content in the present embodiment, IP address is further divided, therefore, IP packets are IPv6 numbers According to bag and IP address be IPv6 addresses when can realize above-mentioned technical proposal of the present invention.And for IPv4, although mostly Area IPv4 addresses are more nervous, can be used for indicating content type without too many free address, but with being not precluded within some IP The abundant IPv4 addresses that are national either regional or distributing to large enterprises in location, can also be indicated using some idle bit positions Web site contents type, therefore, it can also be realized when IP packets are IPv4 packets and IP address is IPv4 addresses in the present invention State technical scheme.
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by receiving Bag, and filtration treatment is carried out according to the identification information pair IP packets in the IP address of the IP packets, substantially increase inspection Degree of testing the speed, meet the requirement detected in real time.
Several specific embodiments are used below, and the technical scheme of embodiment of the method shown in Fig. 1 is described in detail.
Fig. 2 a are the schematic flow sheet of data package processing method embodiment two of the present invention, as shown in Figure 2 a, the present embodiment Method can include:
Step 201, IP packets are received, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding Type of service identification information.
IP address divide into subnet address(Subnet Prefix)With host address (Identifier Id) two parts, Wherein, network number is used to identify the network where main frame, and its digit directly determines the network number that can be distributed;Host number is used for The main frame in the network is identified, its digit directly determines host number maximum in network.
In the present embodiment, specifically the identification information is the encoded radio of precalculated position bit in subnet address.
Data packet processing receives IP packets, is included in the subnet address of the IP address of the IP packets and is used to indicate Subnet address in the identification information of type of service corresponding to the IP address, such as the IP packet IP address of social class website transmission A positions be encoded to 80 to b positions, those positions coding of subnet address in the IP packet IP address that news category class website is sent For the similar approach such as 90.In the present embodiment, the identification information may be embodied in the subnet address such as last 4 or 8 or On person 16 or other positions, the present embodiment is not particularly limited herein.For example, Fig. 2 b are IPv6 address formats in the present embodiment Schematic diagram, as shown in Figure 2 b, for the IPv6 addresses of 128, subnet address and host address respectively account for 64, in subnet address 57-64 positions are encoded to 10 and represent the website as news category website, and the 57-64 positions in subnet address are encoded to 20 representatives The website is ecommerce class website etc..Therefore, can be believed by the mark in the subnet address of the IP address of the IP packets Breath knows the type of service of the IP packets.
The business datum that step 202, the extraction IP packets carry, and the type of the business datum is known Not, the business datum for determining to include in the IP packets is the first type of service.
In the present embodiment, by using deep-packet detection(Deep Packet Inspection, abbreviation DPI)Technology is extracted The business datum such as URL, concrete application layer data etc. that IP packets carry, by according to particular content in URL and/or packet In the business datum that is carried to the IP packets of keyword carry out simply data and parse, only need to identify the IP packet contents Classification, and identified IP packet content types are classified, " morning newspaper " class are included in such as packet particular content Like keyword, then the webpage be news website and with " 1 " for representative, comprising " star ", the similar keyword such as " film ", then the net Page be entertainment sites and with " 3 " for representative, without the excessive analysis of progress and Malicious Code Detection.Such as 1,2 and 3 three Type, wherein 1,2 and 3 represent respectively:News category, ecommerce class and amusement class, are determined in the IP packets by analyzing Comprising business datum be the first type of service, for example, Class1 either 2 or 3.
Step 203, according to the identification information, determine the second type of service corresponding to the IP address.
Meanwhile according in IP address include be used for indicate the IP address corresponding to type of service identification information, to IP numbers Analyzed according to specific bit bit values in the IP address of bag, the second type of service corresponding to the IP address can be quickly determined, For example, for IPv6 addresses, the 57th -64 in subnet address represent 1 news category, 2 ecommerce respectively for 10,20 and 30 Class and 3 amusement classes.
Whether step 204, first type of service are consistent with the second type of service;If inconsistent, to described IP packets carry out filtration treatment.
If it should be noted that a website is regular website, necessarily meet above-mentioned first type of service and the second industry Service type is consistent.Therefore, if by the way that same IP packets are classified according to DPI(That is the first type of service)With according to the IP data Traffic type information entrained by the IP address of bag is classified(That is the second type of service)Result be compared, judge first business Whether type is consistent with the second type of service, if inconsistent, illustrates that website corresponding to the IP address is problematic, is personation net Stand, it may be possible to fishing website, for example, being ecommerce class to the analysis result of IP packet application layer datas by DPI modes Shopping website, and judge that the IP packets are news websites by the traffic type information entrained by IP address, then illustrate the net Station is the website of a personation.Correspondingly filtration treatment is carried out to the IP packets according to the security strategy being previously set, for example, The IP packets are abandoned, or prompt alarm is ejected to user, are confirmed manually by user.
And if judge that first type of service is consistent with the second type of service, also according to the security strategy pair that is previously set The IP packets are correspondingly handled, for example, the data can be let pass.
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by receiving Bag, the traffic data type that the IP packets include is tested and analyzed using DPI to the IP packets, and according to the IP packets IP address in the traffic data type that includes of the identification information judgment IP packets, the business that will be obtained by two ways Judgement is compared in data type, carries out filtration treatment to the IP packets according to the result of contrast judgement, substantially increases inspection Degree of testing the speed, meet the requirement detected in real time, while improve the accuracy rate of detection.
Fig. 3 is the schematic flow sheet of data package processing method embodiment three of the present invention, as shown in figure 3, the present embodiment and Fig. 2 The difference of illustrated embodiment in the present embodiment directly according in the IP packets carried in the IP address of IP packets Hold classification information and filtration treatment is carried out to the IP packets, the method for the present embodiment can include:
Step 301, IP packets are received, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding Type of service identification information.
In the present embodiment, specifically the identification information is the encoded radio of precalculated position bit in subnet address.This reality Apply in example, the identification information may be embodied in the subnet address as on last 4 either 8 or 16 or other positions, The present embodiment is not particularly limited herein., can be different according to the information of IP packet contents for example, for IPv6 addresses, Give regular coding and represent different types of content information in latter 8 of the subnet address of IP address i.e. 57-64 positions.
Step 302, according to the identification information, determine type of service corresponding to the IP address.
In the present embodiment, executive agent is data packet processing, such as can be network log-in management equipment, online row For management equipment according in IP address include be used for indicate the IP address corresponding to type of service identification information, to IP packets IP address in specific bit bit values can be analyzed by inquiring about content category message table, for example, for IPv6 addresses, The 57th -64 in subnet address represent 1 news category, 2 ecommerce classes and 3 amusement classes respectively for 10,20 and 30, so as to To quickly determine type of service corresponding to the IP address.
Step 303, using security strategy corresponding with the type of service, filtration treatment is carried out to the IP packets.
, can also be according to thing before network log-in management equipment uses security strategy corresponding to type of service in the present embodiment Security strategy corresponding to each classification information first set inquires about security strategy corresponding with the type of service, for example, company forbids Employee, which was on duty on the time, entertains class and shopping class website, only allows technology class website, or forbid child in some time Dependent game website etc. in section.So as to which network log-in management equipment is according to safe plan corresponding with the type of service of the IP packets Correspondingly filtration treatment, such as packet loss or clearance processing are slightly carried out to the IP packets.
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by receiving Bag, and the IP packets progress filtration treatment of the identification information pair directly in the IP address of the IP packets, are greatly improved Detection and processing speed, meet the requirement detected in real time.
Fig. 4 is the schematic flow sheet of data package processing method example IV of the present invention.The executive agent of the present embodiment is number According to bag processing unit, the device can be realized by software and/or hardware.As shown in figure 4, the method for the present embodiment can wrap Include:
Step 401, IP packets are generated, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding Type of service identification information.
It can be seen from above-described embodiment, IP agreement includes IPv4 and IPv6 at present, and wherein IPv6 is grown using 128 bit address Degree, expands address space, brings the extreme enrichment of address, there is the idle bit positions more than comparison.And for IPv4, although Most area IPv4 addresses are more nervous, can be used for indicating content type without too many free address, but be not precluded within The abundant IPv4 addresses that are national either regional or distributing to large enterprises of some IP address, can also use some idle bit Position indicates web site contents type.Therefore, can be different according to website service content information in the present embodiment, IP address is entered Divide to one step, you can different according to website service content, certain bits give the coding being fixed in IP address, i.e., in IP address In embedded in content pointed by IP address.
In the present embodiment, the IP packets of generation are IP messages, and the IP messages are not necessarily single message, can be based on Continuous multiple IP messages of same connection, i.e. certain data stream.Include and be used for indicating the IP in the IP address of the IP packets The identification information of type of service corresponding to location, such as the certain bits of the IP address of social class website, such as a positions to b positions encode For 80, those positions of news category class website are encoded to the similar approach such as 90, and wherein a positions to b positions are any some in the IP address Address bit.Therefore, data packet processing can know the IP data by the identification information in the IP address of the IP packets The type of service of bag.
Step 402, send the IP packets.
The IP packets are sent to gateway kind equipment or client software, is included in the IP address of the IP packets and is used to refer to Show the identification information of type of service corresponding to the IP address, in order to which gateway kind equipment or client software are according to the IP packets The information of entrained type of service carries out rapidly filtration treatment to IP packets.
In the present embodiment, the IP packets can be IPv6 packets or IPv4 packets, accordingly, the IP address Can be IPv6 addresses or IPv4 addresses.
Understand that IPv6 uses 128 bit address length according to above-mentioned, expand address space, there are the idle bit positions more than comparison, Can be different according to website service content in the present embodiment, IP address is further divided, therefore, IP packets are IPv6 numbers According to bag and IP address be IPv6 addresses when can realize above-mentioned technical proposal of the present invention.And for IPv4, although mostly Area IPv4 addresses are more nervous, can be used for indicating content type without too many free address, but with being not precluded within some IP The abundant IPv4 addresses that are national either regional or distributing to large enterprises in location, can also be indicated using some idle bit positions Web site contents type, therefore, it can also be realized when IP packets are IPv4 packets and IP address is IPv4 addresses in the present invention State technical scheme.
Further, the identification information is the encoded radio of precalculated position bit in subnet address.In the present embodiment, number IP packets are generated according to bag processing unit, is included in the subnet address of the IP address of the IP packets and is used to indicate the IP address pair The certain bits of subnet address portion in the identification information for the type of service answered, such as the IP address of social class website, such as a positions are arrived B positions are encoded to 80, and the position of news category class website is encoded to the similar approach such as 90.In the present embodiment, the identification information can be with In the subnet address such as last 4 either 8 or 16 or other positions, the present embodiment does not limit especially herein System.For example, for the IPv6 addresses of 128, the 57-64 positions in subnet address are encoded to 10 and represent the website as news category Website, 57-64 positions are encoded to 20 and represent the website as ecommerce class website etc..
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by generating Bag, and the IP packets are sent, in order to carry out filtration treatment to IP packets, detection speed is substantially increased, is met real-time The requirement of detection.
Fig. 5 is the structural representation of data packet processing embodiment one of the present invention.Processing data packets in the present embodiment Device can be arranged on user side.The data packet processing 50 that the present embodiment provides includes:Receiving module 501 and processing module 502。
Wherein, receiving module 501 is used to receive IP packets, is included in the IP address of the IP packets and is used to indicate institute State the identification information of type of service corresponding to IP address;
Processing module 502 is used for according to the identification information, and filtration treatment is carried out to the IP packets.
Alternatively, the IP packets are IPv6 packets or IPv4 packets;Accordingly, the IP address is IPv6 Location or IPv4 addresses.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method embodiment one, its Implementing principle and technical effect are similar, and here is omitted.
Fig. 6 is the structural representation of data packet processing embodiment two of the present invention, as shown in fig. 6, the present embodiment provides Data packet processing 50 on the basis of data packet processing structure shown in Fig. 5, the processing module 502 can wrap Include:
Recognition unit 5021, the business datum carried for extracting the IP packets, and the type of business datum is entered Row identification, the business datum for determining to include in the IP packets is the first type of service, also, according to the identification information, Determine the second type of service corresponding to the IP address;
Comparing unit 5022, first type of service and the second business determined for the recognition unit 5021 Whether type is consistent;
First processing units 5023, if the comparative result for the comparing unit 5022 is inconsistent, to the IP numbers Filtration treatment is carried out according to bag.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method embodiment two, its Implementing principle and technical effect are similar, and here is omitted.
Fig. 7 is the structural representation of data packet processing embodiment three of the present invention, as shown in fig. 7, the present embodiment provides Data packet processing 50 on the basis of data packet processing structure shown in Fig. 5, the processing module 502 can wrap Include:
Determining unit 5024, for according to the identification information, determining type of service corresponding to the IP address;
Second processing unit 5025, for pacifying using the type of service determined with the determining unit 5024 is corresponding Full strategy, filtration treatment is carried out to the IP packets.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method embodiment three, its Implementing principle and technical effect are similar, and here is omitted.
Fig. 8 is the structural representation of data packet processing example IV of the present invention.Processing data packets in the present embodiment Device can be arranged on network side.The data packet processing 80 that the present embodiment provides includes:Generation module 801 and sending module 802。
Wherein, generation module 801, for generating IP packets, included in the IP address of the IP packets and be used to indicate The identification information of type of service corresponding to the IP address;
Sending module 802, for sending the IP packets.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.Alternatively, the IP numbers It is IPv6 packets or IPv4 packets according to bag;Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method example IV, its Implementing principle and technical effect are similar, and here is omitted.
Fig. 9 is the structural representation of processing data packets equipment provided in an embodiment of the present invention.As shown in figure 9, the present embodiment The processing data packets equipment 90 of offer includes processor 901 and memory 902.Processing data packets equipment 90 can also include network Interface unit 903, the NIU 903 can be connected with processor 901.Wherein, NIU 903 is used to receive IP packets, memory 902 is used to store execute instruction, when equipment 90 is run, leads between processor 901 and memory 902 Letter, processor 901 calls the execute instruction in memory 902, for the IP numbers received to the NIU 903 Following operate is performed according to bag:
According to included in the IP address of the IP packets be used for indicate the IP address corresponding to type of service mark Know information, filtration treatment is carried out to the IP packets.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.
Alternatively, it is described according to the identification information, filtration treatment is carried out to the IP packets, including:
The business datum that the IP packets carry is extracted, and the type of the business datum is identified, determines institute It is the first type of service to state the business datum included in IP packets, also, according to the identification information, determines the IP address Corresponding second type of service;
It is whether consistent with the second type of service to compare first type of service;
If inconsistent, filtration treatment is carried out to the IP packets.
Alternatively, it is described according to the identification information, filtration treatment is carried out to the IP packets, including:
According to the identification information, type of service corresponding to the IP address is determined;
Using security strategy corresponding with the type of service, filtration treatment is carried out to the IP packets.
Alternatively, the IP packets are IPv6 packets or IPv4 packets;
Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
The equipment of the present embodiment, it can be used for the skill for performing the data package processing method that any embodiment of the present invention is provided Art scheme, its implementing principle and technical effect is similar, and here is omitted.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey Sequence upon execution, execution the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology The scope of scheme.

Claims (6)

  1. A kind of 1. data package processing method, it is characterised in that including:
    IP packets are received, is included in the IP address of the IP packets and is used to indicate web site contents class corresponding to the IP address The identification information of type;
    According to the identification information, filtration treatment is carried out to the IP packets;
    Wherein, it is described according to the identification information, filtration treatment is carried out to the IP packets, including:
    The business datum that the IP packets carry is extracted, and the type of the business datum is identified, determines the IP The web site contents included in packet are the first web site contents type, also, according to the identification information, determine the IP address Corresponding second web site contents type;
    Compare the first web site contents type and whether the second web site contents type is consistent;
    If inconsistent, filtration treatment is carried out to the IP packets.
  2. 2. according to the method for claim 1, it is characterised in that the identification information is precalculated position bit in subnet address The encoded radio of position.
  3. 3. method according to claim 1 or 2, it is characterised in that the IP packets are IPv6 packets or IPv4 numbers According to bag;
    Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
  4. A kind of 4. data packet processing, it is characterised in that including:
    Receiving module, for receiving IP packets, included in the IP address of the IP packets and be used to indicate the IP address pair The identification information for the web site contents type answered;
    Processing module, for according to the identification information, filtration treatment to be carried out to the IP packets;
    Wherein, the processing module includes:
    Recognition unit, the business datum carried for extracting the IP packets, and the type of the business datum is known Not, the web site contents for determining to include in the IP packets are the first web site contents type, also, according to the identification information, Determine the second web site contents type corresponding to the IP address;
    Comparing unit, the first web site contents type and the second web site contents type determined for the recognition unit It is whether consistent;
    First processing units, if the comparative result for the comparing unit is inconsistent, the IP packets are filtered Processing.
  5. 5. device according to claim 4, it is characterised in that the identification information is precalculated position bit in subnet address The encoded radio of position.
  6. 6. the device according to claim 4 or 5, it is characterised in that the IP packets are IPv6 packets or IPv4 numbers According to bag;
    Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
CN201310312190.6A 2013-07-23 2013-07-23 Data package processing method and device Active CN104348776B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310312190.6A CN104348776B (en) 2013-07-23 2013-07-23 Data package processing method and device
PCT/CN2014/072566 WO2015010472A1 (en) 2013-07-23 2014-02-26 Packet processing method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310312190.6A CN104348776B (en) 2013-07-23 2013-07-23 Data package processing method and device

Publications (2)

Publication Number Publication Date
CN104348776A CN104348776A (en) 2015-02-11
CN104348776B true CN104348776B (en) 2018-02-06

Family

ID=52392675

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310312190.6A Active CN104348776B (en) 2013-07-23 2013-07-23 Data package processing method and device

Country Status (2)

Country Link
CN (1) CN104348776B (en)
WO (1) WO2015010472A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107277105A (en) * 2017-05-08 2017-10-20 北京北信源软件股份有限公司 Game auditing method and device based on BlueDrama

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399749A (en) * 2007-09-27 2009-04-01 华为技术有限公司 Method, system and device for packet filtering
CN101526946A (en) * 2008-03-07 2009-09-09 鸿富锦精密工业(深圳)有限公司 Search system, web page browser, web page filter system and web page filter method thereof
CN101867625A (en) * 2010-07-19 2010-10-20 中国电信股份有限公司 Method for allocating IPv6 address and home gateway

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092110A (en) * 1997-10-23 2000-07-18 At&T Wireless Svcs. Inc. Apparatus for filtering packets using a dedicated processor
US7536479B2 (en) * 2004-11-09 2009-05-19 Intel Corporation Local and remote network based management of an operating system-independent processor
CN101753635A (en) * 2008-12-17 2010-06-23 华为技术有限公司 Method and system of collocating IPV6 (internet protocol version 6) addresses
CN101997700A (en) * 2009-08-11 2011-03-30 上海大学 Internet protocol version 6 (IPv6) monitoring equipment based on deep packet inspection and deep flow inspection
US9836724B2 (en) * 2010-04-23 2017-12-05 Microsoft Technology Licensing, Llc Email views

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101399749A (en) * 2007-09-27 2009-04-01 华为技术有限公司 Method, system and device for packet filtering
CN101526946A (en) * 2008-03-07 2009-09-09 鸿富锦精密工业(深圳)有限公司 Search system, web page browser, web page filter system and web page filter method thereof
CN101867625A (en) * 2010-07-19 2010-10-20 中国电信股份有限公司 Method for allocating IPv6 address and home gateway

Also Published As

Publication number Publication date
CN104348776A (en) 2015-02-11
WO2015010472A1 (en) 2015-01-29

Similar Documents

Publication Publication Date Title
CN105337966B (en) For the treating method and apparatus of network attack
CN102737119B (en) The lookup method of URL(uniform resource locator), filter method and relevant device and system
CN110519298A (en) A kind of Tor method for recognizing flux and device based on machine learning
CN106815112A (en) A kind of mass data monitoring system and method based on deep-packet detection
CN109271793A (en) Internet of Things cloud platform device class recognition methods and system
CN111901327A (en) Cloud network vulnerability mining method and device, electronic equipment and medium
CN108521408A (en) Resist method of network attack, device, computer equipment and storage medium
CN107547671A (en) A kind of URL matching process and device
CN110245273B (en) Method for acquiring APP service feature library and corresponding device
CN102123058A (en) Test equipment and method for testing network protocol decoder
CN107145779A (en) A kind of recognition methods of offline Malware daily record and device
CN108712428A (en) A kind of method and device carrying out device type identification to terminal
CN104333483A (en) Identification method, system and identification device for internet application flow
CN104333461A (en) Identification method, system and identification device for internet application flow
CN106941501A (en) A kind of data communications method and device
CN104883705B (en) A kind of the problem of data service is complained localization method and device
CN105516200B (en) Cloud system method and device of safe processing
CN104348776B (en) Data package processing method and device
CN113098852B (en) Log processing method and device
CN105718599A (en) Method and device for analyzing database access data packet
CN104219219B (en) A kind of method of data processing, server and system
CN111125704B (en) Webpage Trojan horse recognition method and system
CN104348712B (en) A kind of rubbish mail filtering method and device
CN112866275B (en) Flow sampling method, device and computer readable storage medium
CN107086960A (en) A kind of message transmitting method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant