CN104348776B - Data package processing method and device - Google Patents
Data package processing method and device Download PDFInfo
- Publication number
- CN104348776B CN104348776B CN201310312190.6A CN201310312190A CN104348776B CN 104348776 B CN104348776 B CN 104348776B CN 201310312190 A CN201310312190 A CN 201310312190A CN 104348776 B CN104348776 B CN 104348776B
- Authority
- CN
- China
- Prior art keywords
- packets
- address
- identification information
- type
- web site
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the present invention provides a kind of data package processing method and device.Data package processing method of the present invention, including:IP packets are received, the identification information for being used for indicating type of service corresponding to the IP address is included in the IP address of the IP packets;According to the identification information, filtration treatment is carried out to the IP packets.The embodiment of the present invention, contain the IP packets for indicating that the IP address corresponds to type of service identification information in IP address by receiving, and filtration treatment is carried out according to the identification information pair IP packets in the IP address of the IP packets, detection speed is substantially increased, meets the requirement detected in real time.
Description
Technical field
The present embodiments relate to the communication technology, more particularly to a kind of data package processing method and device.
Background technology
With the development of network technology, internet has become people's work, life, indispensable, just in learning process
Prompt efficient instrument, and the appearance of some malicious websites or fishing website has a strong impact on the data safety information of user, simultaneously
The serious problems of enterprise's generally existing computer and internet abuse, therefore, security gateway technology becomes extremely important, simultaneously for
The requirement of security gateway technology also more and more higher.
After prior art to packet by carrying out a series of depth content analysis, judge whether to need according to bursting tube
Manage strategy and the processing such as discarding accordingly, interception or clearance are carried out to packet.For example, to packet carry application layer data according to
Secondary progress data extraction, by the data input URL of extraction(Uniform Resource Locator, referred to as
URL)Matching module is matched with the URL in malice URL storehouses, and carries out Viral diagnosis to the data of extraction, carries out malice
Code detection, carry out anti-phishing detection etc. a series of detection.
Because prior art needs to do packet substantial amounts of analyses and comparison, its detection speed is slow, it is difficult to meet in real time
Ask.
The content of the invention
This hair embodiment provides a kind of data package processing method and device, and to solve, prior art detection speed is slow to ask
Topic.
In a first aspect, the embodiment of the present invention provides a kind of data package processing method, including:
IP packets are received, is included in the IP address of the IP packets and is used to indicate service class corresponding to the IP address
The identification information of type;
According to the identification information, filtration treatment is carried out to the IP packets.
With reference in a first aspect, in the first possible implementation of first aspect, the identification information is for subnet
The encoded radio of precalculated position bit in location.
With reference to the possible implementation of the first of first aspect or first aspect, second in first aspect is possible
It is described according to the identification information in implementation, filtration treatment is carried out to the IP packets, including:
The business datum that the IP packets carry is extracted, and the type of the business datum is identified, determines institute
It is the first type of service to state the business datum included in IP packets, also, according to the identification information, determines the IP address
Corresponding second type of service;
It is whether consistent with the second type of service to compare first type of service;
If inconsistent, filtration treatment is carried out to the IP packets.
With reference to the possible implementation of the first of first aspect or first aspect, the third in first aspect is possible
It is described according to the identification information in implementation, filtration treatment is carried out to the IP packets, including:
According to the identification information, type of service corresponding to the IP address is determined;
Using security strategy corresponding with the type of service, filtration treatment is carried out to the IP packets.
With reference to first aspect, first aspect the first to the third any possible implementation, in first aspect
The 4th kind of possible implementation in, the IP packets are IPv6 packets or IPv4 packets;
Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
Second aspect, the embodiment of the present invention provide a kind of data packet processing, including:
Receiving module, for receiving IP packets, include and be used for indicating the IP in the IP address of the IP packets
The identification information of type of service corresponding to location;
Processing module, for according to the identification information, filtration treatment to be carried out to the IP packets.
With reference to second aspect, in the first possible implementation in the second face, the identification information is subnet address
The encoded radio of middle precalculated position bit.
With reference to the possible implementation of the first of second aspect or second aspect, second in second aspect is possible
In implementation, the processing module includes:
Recognition unit, the business datum carried for extracting the IP packets, and the type of the business datum is entered
Row identification, the business datum for determining to include in the IP packets is the first type of service, also, according to the identification information,
Determine the second type of service corresponding to the IP address;
Comparing unit, for the recognition unit determine first type of service and the second type of service whether
Unanimously;
First processing units, if the comparative result for the comparing unit is inconsistent, the IP packets are carried out
Filtration treatment.
With reference to the possible implementation of the first of second aspect or second aspect, the third in second aspect is possible
In implementation, the processing module includes:
Determining unit, for according to the identification information, determining type of service corresponding to the IP address;
Second processing unit, for using security strategy corresponding with the type of service of determining unit determination,
Filtration treatment is carried out to the IP packets.
With reference to second aspect, second aspect the first to the third any possible implementation, in second aspect
The 4th kind of possible implementation in, the IP packets are IPv6 packets or IPv4 packets;
Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
The embodiment of the present invention, contain the IP for indicating that the IP address corresponds to type of service identification information in IP address by receiving
Packet, and filtration treatment is carried out according to the identification information pair IP packets in the IP address of the IP packets, greatly improve
Detection speed, meet the requirement detected in real time.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs
Some bright embodiments, for those of ordinary skill in the art, without having to pay creative labor, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 a are the application scenarios schematic diagram of the embodiment of the present invention;
Fig. 1 b are the schematic flow sheet of data package processing method embodiment one of the present invention;
Fig. 2 a are the schematic flow sheet of data package processing method embodiment two of the present invention;
Fig. 2 b are IPv6 address format schematic diagrames in the present embodiment;
Fig. 3 is the schematic flow sheet of data package processing method embodiment three of the present invention;
Fig. 4 is the schematic flow sheet of data package processing method example IV of the present invention;
Fig. 5 is the structural representation of data packet processing embodiment one of the present invention;
Fig. 6 is the structural representation of data packet processing embodiment two of the present invention;
Fig. 7 is the structural representation of data packet processing embodiment three of the present invention;
Fig. 8 is the structural representation of data packet processing example IV of the present invention;
Fig. 9 is the structural representation of processing data packets equipment provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 a are the application scenarios schematic diagram of the embodiment of the present invention, as shown in Figure 1a, in the embodiment of the present invention, executive agent
For data packet processing, the device can be realized by software and/or hardware, and can dispose the data packet processing
Can be specially gateway kind equipment corresponding to the data packet processing in the existing Network Access Point of user or client terminal
Or the software of client, the risk and problem triggered during user terminal online can be reduced.
Fig. 1 b are the schematic flow sheet of data package processing method embodiment one of the present invention.The executive agent of the present embodiment is number
According to bag processing unit.As shown in Figure 1 b, the method for the present embodiment can include:
Step 101, IP packets are received, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding
Type of service identification information.
Interconnection protocol between network at present(Internet Protocol, abbreviation IP agreement)Include Internet protocol fourth edition
(Internet Protocol version4, abbreviation IPv4)And Internet protocol sixth version(Internet Protocol
Version6, abbreviation IPv6).Wherein, IPv4 is widely used, but because its address only has 32, flourishing with internet
Development, the network equipment and terminal increase on a large scale, internet protocol address(Internet Protocol Address, abbreviation IP
Address)Demand it is more and more big, there is IP address shortage.And wherein, IPv6 uses 128 bit address length, expands
Address space, the extreme enrichment of address is brought, there are the idle bit positions more than comparison.Therefore, can be according to content in the present embodiment
Information be that website service content is further divided to IP address, i.e., in the subnet address of IP address choose one positioning
The bit put, the web site contents that the different coding value of these bits is respectively allocated to provide different classes of business provide
Business.
In the present embodiment, it is IP messages that data packet processing, which receives IP packets, and the IP messages are not necessarily single report
Text, can be continuous multiple IP messages based on same connection, i.e. certain data stream.Due to being wrapped in the IP address of the IP packets
Containing the identification information for indicating type of service corresponding to the IP address, the identification information is precalculated position bit in subnet address
The encoded radio of position, such as the encoded radio on a positions to b positions, such as a positions of the IP packet IP address of social class website transmission
80 are encoded to b positions, the position for the IP packet IP address that news category class website is sent is encoded to the similar approach such as 90, wherein
International organization interconnects network data distributor gear(The Internet Assigned Numbers Authority, abbreviation IANA)
After the prefix for distributing to some country, some operator or some one section of regular length of enterprise, then by country or operator's root
IP address is further divided according to the information of content, such as a total of M positions of IP address, IANA distribute to some operator
Prefix is N positions, then remaining M-N positions are available for the operator further to divide, and a positions to being available for further dividing b the position Suo Shu
At least one bit in M-N positions, a span are the natural number in 1 to M-N, in b span 2 to M-N from
So number, a are less than b.Therefore, the service class of the IP packets can be known by the identification information in the IP address of the IP packets
Type.
Step 102, according to the identification information, filtration treatment is carried out to the IP packets.
The type of service of the IP packets is known by the identification information in the IP address of the IP packets, then to the IP
Packet carries out filtration treatment, for example is prevented for malicious websites, or prevents entertainment sites from only permitting for the work hours
The analogues such as perhaps upper technology class website.
In the present embodiment, the IP packets can be IPv6 packets or IPv4 packets;Accordingly, the IP address
Can be IPv6 addresses or IPv4 addresses.
Understand that IPv6 uses 128 bit address length according to above-mentioned, expand address space, there are the idle bit positions more than comparison,
Can be different according to website service content in the present embodiment, IP address is further divided, therefore, IP packets are IPv6 numbers
According to bag and IP address be IPv6 addresses when can realize above-mentioned technical proposal of the present invention.And for IPv4, although mostly
Area IPv4 addresses are more nervous, can be used for indicating content type without too many free address, but with being not precluded within some IP
The abundant IPv4 addresses that are national either regional or distributing to large enterprises in location, can also be indicated using some idle bit positions
Web site contents type, therefore, it can also be realized when IP packets are IPv4 packets and IP address is IPv4 addresses in the present invention
State technical scheme.
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by receiving
Bag, and filtration treatment is carried out according to the identification information pair IP packets in the IP address of the IP packets, substantially increase inspection
Degree of testing the speed, meet the requirement detected in real time.
Several specific embodiments are used below, and the technical scheme of embodiment of the method shown in Fig. 1 is described in detail.
Fig. 2 a are the schematic flow sheet of data package processing method embodiment two of the present invention, as shown in Figure 2 a, the present embodiment
Method can include:
Step 201, IP packets are received, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding
Type of service identification information.
IP address divide into subnet address(Subnet Prefix)With host address (Identifier Id) two parts,
Wherein, network number is used to identify the network where main frame, and its digit directly determines the network number that can be distributed;Host number is used for
The main frame in the network is identified, its digit directly determines host number maximum in network.
In the present embodiment, specifically the identification information is the encoded radio of precalculated position bit in subnet address.
Data packet processing receives IP packets, is included in the subnet address of the IP address of the IP packets and is used to indicate
Subnet address in the identification information of type of service corresponding to the IP address, such as the IP packet IP address of social class website transmission
A positions be encoded to 80 to b positions, those positions coding of subnet address in the IP packet IP address that news category class website is sent
For the similar approach such as 90.In the present embodiment, the identification information may be embodied in the subnet address such as last 4 or 8 or
On person 16 or other positions, the present embodiment is not particularly limited herein.For example, Fig. 2 b are IPv6 address formats in the present embodiment
Schematic diagram, as shown in Figure 2 b, for the IPv6 addresses of 128, subnet address and host address respectively account for 64, in subnet address
57-64 positions are encoded to 10 and represent the website as news category website, and the 57-64 positions in subnet address are encoded to 20 representatives
The website is ecommerce class website etc..Therefore, can be believed by the mark in the subnet address of the IP address of the IP packets
Breath knows the type of service of the IP packets.
The business datum that step 202, the extraction IP packets carry, and the type of the business datum is known
Not, the business datum for determining to include in the IP packets is the first type of service.
In the present embodiment, by using deep-packet detection(Deep Packet Inspection, abbreviation DPI)Technology is extracted
The business datum such as URL, concrete application layer data etc. that IP packets carry, by according to particular content in URL and/or packet
In the business datum that is carried to the IP packets of keyword carry out simply data and parse, only need to identify the IP packet contents
Classification, and identified IP packet content types are classified, " morning newspaper " class are included in such as packet particular content
Like keyword, then the webpage be news website and with " 1 " for representative, comprising " star ", the similar keyword such as " film ", then the net
Page be entertainment sites and with " 3 " for representative, without the excessive analysis of progress and Malicious Code Detection.Such as 1,2 and 3 three
Type, wherein 1,2 and 3 represent respectively:News category, ecommerce class and amusement class, are determined in the IP packets by analyzing
Comprising business datum be the first type of service, for example, Class1 either 2 or 3.
Step 203, according to the identification information, determine the second type of service corresponding to the IP address.
Meanwhile according in IP address include be used for indicate the IP address corresponding to type of service identification information, to IP numbers
Analyzed according to specific bit bit values in the IP address of bag, the second type of service corresponding to the IP address can be quickly determined,
For example, for IPv6 addresses, the 57th -64 in subnet address represent 1 news category, 2 ecommerce respectively for 10,20 and 30
Class and 3 amusement classes.
Whether step 204, first type of service are consistent with the second type of service;If inconsistent, to described
IP packets carry out filtration treatment.
If it should be noted that a website is regular website, necessarily meet above-mentioned first type of service and the second industry
Service type is consistent.Therefore, if by the way that same IP packets are classified according to DPI(That is the first type of service)With according to the IP data
Traffic type information entrained by the IP address of bag is classified(That is the second type of service)Result be compared, judge first business
Whether type is consistent with the second type of service, if inconsistent, illustrates that website corresponding to the IP address is problematic, is personation net
Stand, it may be possible to fishing website, for example, being ecommerce class to the analysis result of IP packet application layer datas by DPI modes
Shopping website, and judge that the IP packets are news websites by the traffic type information entrained by IP address, then illustrate the net
Station is the website of a personation.Correspondingly filtration treatment is carried out to the IP packets according to the security strategy being previously set, for example,
The IP packets are abandoned, or prompt alarm is ejected to user, are confirmed manually by user.
And if judge that first type of service is consistent with the second type of service, also according to the security strategy pair that is previously set
The IP packets are correspondingly handled, for example, the data can be let pass.
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by receiving
Bag, the traffic data type that the IP packets include is tested and analyzed using DPI to the IP packets, and according to the IP packets
IP address in the traffic data type that includes of the identification information judgment IP packets, the business that will be obtained by two ways
Judgement is compared in data type, carries out filtration treatment to the IP packets according to the result of contrast judgement, substantially increases inspection
Degree of testing the speed, meet the requirement detected in real time, while improve the accuracy rate of detection.
Fig. 3 is the schematic flow sheet of data package processing method embodiment three of the present invention, as shown in figure 3, the present embodiment and Fig. 2
The difference of illustrated embodiment in the present embodiment directly according in the IP packets carried in the IP address of IP packets
Hold classification information and filtration treatment is carried out to the IP packets, the method for the present embodiment can include:
Step 301, IP packets are received, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding
Type of service identification information.
In the present embodiment, specifically the identification information is the encoded radio of precalculated position bit in subnet address.This reality
Apply in example, the identification information may be embodied in the subnet address as on last 4 either 8 or 16 or other positions,
The present embodiment is not particularly limited herein., can be different according to the information of IP packet contents for example, for IPv6 addresses,
Give regular coding and represent different types of content information in latter 8 of the subnet address of IP address i.e. 57-64 positions.
Step 302, according to the identification information, determine type of service corresponding to the IP address.
In the present embodiment, executive agent is data packet processing, such as can be network log-in management equipment, online row
For management equipment according in IP address include be used for indicate the IP address corresponding to type of service identification information, to IP packets
IP address in specific bit bit values can be analyzed by inquiring about content category message table, for example, for IPv6 addresses,
The 57th -64 in subnet address represent 1 news category, 2 ecommerce classes and 3 amusement classes respectively for 10,20 and 30, so as to
To quickly determine type of service corresponding to the IP address.
Step 303, using security strategy corresponding with the type of service, filtration treatment is carried out to the IP packets.
, can also be according to thing before network log-in management equipment uses security strategy corresponding to type of service in the present embodiment
Security strategy corresponding to each classification information first set inquires about security strategy corresponding with the type of service, for example, company forbids
Employee, which was on duty on the time, entertains class and shopping class website, only allows technology class website, or forbid child in some time
Dependent game website etc. in section.So as to which network log-in management equipment is according to safe plan corresponding with the type of service of the IP packets
Correspondingly filtration treatment, such as packet loss or clearance processing are slightly carried out to the IP packets.
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by receiving
Bag, and the IP packets progress filtration treatment of the identification information pair directly in the IP address of the IP packets, are greatly improved
Detection and processing speed, meet the requirement detected in real time.
Fig. 4 is the schematic flow sheet of data package processing method example IV of the present invention.The executive agent of the present embodiment is number
According to bag processing unit, the device can be realized by software and/or hardware.As shown in figure 4, the method for the present embodiment can wrap
Include:
Step 401, IP packets are generated, included in the IP address of the IP packets and be used to indicate that the IP address is corresponding
Type of service identification information.
It can be seen from above-described embodiment, IP agreement includes IPv4 and IPv6 at present, and wherein IPv6 is grown using 128 bit address
Degree, expands address space, brings the extreme enrichment of address, there is the idle bit positions more than comparison.And for IPv4, although
Most area IPv4 addresses are more nervous, can be used for indicating content type without too many free address, but be not precluded within
The abundant IPv4 addresses that are national either regional or distributing to large enterprises of some IP address, can also use some idle bit
Position indicates web site contents type.Therefore, can be different according to website service content information in the present embodiment, IP address is entered
Divide to one step, you can different according to website service content, certain bits give the coding being fixed in IP address, i.e., in IP address
In embedded in content pointed by IP address.
In the present embodiment, the IP packets of generation are IP messages, and the IP messages are not necessarily single message, can be based on
Continuous multiple IP messages of same connection, i.e. certain data stream.Include and be used for indicating the IP in the IP address of the IP packets
The identification information of type of service corresponding to location, such as the certain bits of the IP address of social class website, such as a positions to b positions encode
For 80, those positions of news category class website are encoded to the similar approach such as 90, and wherein a positions to b positions are any some in the IP address
Address bit.Therefore, data packet processing can know the IP data by the identification information in the IP address of the IP packets
The type of service of bag.
Step 402, send the IP packets.
The IP packets are sent to gateway kind equipment or client software, is included in the IP address of the IP packets and is used to refer to
Show the identification information of type of service corresponding to the IP address, in order to which gateway kind equipment or client software are according to the IP packets
The information of entrained type of service carries out rapidly filtration treatment to IP packets.
In the present embodiment, the IP packets can be IPv6 packets or IPv4 packets, accordingly, the IP address
Can be IPv6 addresses or IPv4 addresses.
Understand that IPv6 uses 128 bit address length according to above-mentioned, expand address space, there are the idle bit positions more than comparison,
Can be different according to website service content in the present embodiment, IP address is further divided, therefore, IP packets are IPv6 numbers
According to bag and IP address be IPv6 addresses when can realize above-mentioned technical proposal of the present invention.And for IPv4, although mostly
Area IPv4 addresses are more nervous, can be used for indicating content type without too many free address, but with being not precluded within some IP
The abundant IPv4 addresses that are national either regional or distributing to large enterprises in location, can also be indicated using some idle bit positions
Web site contents type, therefore, it can also be realized when IP packets are IPv4 packets and IP address is IPv4 addresses in the present invention
State technical scheme.
Further, the identification information is the encoded radio of precalculated position bit in subnet address.In the present embodiment, number
IP packets are generated according to bag processing unit, is included in the subnet address of the IP address of the IP packets and is used to indicate the IP address pair
The certain bits of subnet address portion in the identification information for the type of service answered, such as the IP address of social class website, such as a positions are arrived
B positions are encoded to 80, and the position of news category class website is encoded to the similar approach such as 90.In the present embodiment, the identification information can be with
In the subnet address such as last 4 either 8 or 16 or other positions, the present embodiment does not limit especially herein
System.For example, for the IPv6 addresses of 128, the 57-64 positions in subnet address are encoded to 10 and represent the website as news category
Website, 57-64 positions are encoded to 20 and represent the website as ecommerce class website etc..
The present embodiment, contain the IP data for indicating that the IP address corresponds to type of service identification information in IP address by generating
Bag, and the IP packets are sent, in order to carry out filtration treatment to IP packets, detection speed is substantially increased, is met real-time
The requirement of detection.
Fig. 5 is the structural representation of data packet processing embodiment one of the present invention.Processing data packets in the present embodiment
Device can be arranged on user side.The data packet processing 50 that the present embodiment provides includes:Receiving module 501 and processing module
502。
Wherein, receiving module 501 is used to receive IP packets, is included in the IP address of the IP packets and is used to indicate institute
State the identification information of type of service corresponding to IP address;
Processing module 502 is used for according to the identification information, and filtration treatment is carried out to the IP packets.
Alternatively, the IP packets are IPv6 packets or IPv4 packets;Accordingly, the IP address is IPv6
Location or IPv4 addresses.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method embodiment one, its
Implementing principle and technical effect are similar, and here is omitted.
Fig. 6 is the structural representation of data packet processing embodiment two of the present invention, as shown in fig. 6, the present embodiment provides
Data packet processing 50 on the basis of data packet processing structure shown in Fig. 5, the processing module 502 can wrap
Include:
Recognition unit 5021, the business datum carried for extracting the IP packets, and the type of business datum is entered
Row identification, the business datum for determining to include in the IP packets is the first type of service, also, according to the identification information,
Determine the second type of service corresponding to the IP address;
Comparing unit 5022, first type of service and the second business determined for the recognition unit 5021
Whether type is consistent;
First processing units 5023, if the comparative result for the comparing unit 5022 is inconsistent, to the IP numbers
Filtration treatment is carried out according to bag.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method embodiment two, its
Implementing principle and technical effect are similar, and here is omitted.
Fig. 7 is the structural representation of data packet processing embodiment three of the present invention, as shown in fig. 7, the present embodiment provides
Data packet processing 50 on the basis of data packet processing structure shown in Fig. 5, the processing module 502 can wrap
Include:
Determining unit 5024, for according to the identification information, determining type of service corresponding to the IP address;
Second processing unit 5025, for pacifying using the type of service determined with the determining unit 5024 is corresponding
Full strategy, filtration treatment is carried out to the IP packets.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method embodiment three, its
Implementing principle and technical effect are similar, and here is omitted.
Fig. 8 is the structural representation of data packet processing example IV of the present invention.Processing data packets in the present embodiment
Device can be arranged on network side.The data packet processing 80 that the present embodiment provides includes:Generation module 801 and sending module
802。
Wherein, generation module 801, for generating IP packets, included in the IP address of the IP packets and be used to indicate
The identification information of type of service corresponding to the IP address;
Sending module 802, for sending the IP packets.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.Alternatively, the IP numbers
It is IPv6 packets or IPv4 packets according to bag;Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
The data packet processing of the present embodiment, it can be used for the technical scheme of data package processing method example IV, its
Implementing principle and technical effect are similar, and here is omitted.
Fig. 9 is the structural representation of processing data packets equipment provided in an embodiment of the present invention.As shown in figure 9, the present embodiment
The processing data packets equipment 90 of offer includes processor 901 and memory 902.Processing data packets equipment 90 can also include network
Interface unit 903, the NIU 903 can be connected with processor 901.Wherein, NIU 903 is used to receive
IP packets, memory 902 is used to store execute instruction, when equipment 90 is run, leads between processor 901 and memory 902
Letter, processor 901 calls the execute instruction in memory 902, for the IP numbers received to the NIU 903
Following operate is performed according to bag:
According to included in the IP address of the IP packets be used for indicate the IP address corresponding to type of service mark
Know information, filtration treatment is carried out to the IP packets.
Alternatively, the identification information is the encoded radio of precalculated position bit in subnet address.
Alternatively, it is described according to the identification information, filtration treatment is carried out to the IP packets, including:
The business datum that the IP packets carry is extracted, and the type of the business datum is identified, determines institute
It is the first type of service to state the business datum included in IP packets, also, according to the identification information, determines the IP address
Corresponding second type of service;
It is whether consistent with the second type of service to compare first type of service;
If inconsistent, filtration treatment is carried out to the IP packets.
Alternatively, it is described according to the identification information, filtration treatment is carried out to the IP packets, including:
According to the identification information, type of service corresponding to the IP address is determined;
Using security strategy corresponding with the type of service, filtration treatment is carried out to the IP packets.
Alternatively, the IP packets are IPv6 packets or IPv4 packets;
Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
The equipment of the present embodiment, it can be used for the skill for performing the data package processing method that any embodiment of the present invention is provided
Art scheme, its implementing principle and technical effect is similar, and here is omitted.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to
The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey
Sequence upon execution, execution the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent
The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to
The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered
Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology
The scope of scheme.
Claims (6)
- A kind of 1. data package processing method, it is characterised in that including:IP packets are received, is included in the IP address of the IP packets and is used to indicate web site contents class corresponding to the IP address The identification information of type;According to the identification information, filtration treatment is carried out to the IP packets;Wherein, it is described according to the identification information, filtration treatment is carried out to the IP packets, including:The business datum that the IP packets carry is extracted, and the type of the business datum is identified, determines the IP The web site contents included in packet are the first web site contents type, also, according to the identification information, determine the IP address Corresponding second web site contents type;Compare the first web site contents type and whether the second web site contents type is consistent;If inconsistent, filtration treatment is carried out to the IP packets.
- 2. according to the method for claim 1, it is characterised in that the identification information is precalculated position bit in subnet address The encoded radio of position.
- 3. method according to claim 1 or 2, it is characterised in that the IP packets are IPv6 packets or IPv4 numbers According to bag;Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
- A kind of 4. data packet processing, it is characterised in that including:Receiving module, for receiving IP packets, included in the IP address of the IP packets and be used to indicate the IP address pair The identification information for the web site contents type answered;Processing module, for according to the identification information, filtration treatment to be carried out to the IP packets;Wherein, the processing module includes:Recognition unit, the business datum carried for extracting the IP packets, and the type of the business datum is known Not, the web site contents for determining to include in the IP packets are the first web site contents type, also, according to the identification information, Determine the second web site contents type corresponding to the IP address;Comparing unit, the first web site contents type and the second web site contents type determined for the recognition unit It is whether consistent;First processing units, if the comparative result for the comparing unit is inconsistent, the IP packets are filtered Processing.
- 5. device according to claim 4, it is characterised in that the identification information is precalculated position bit in subnet address The encoded radio of position.
- 6. the device according to claim 4 or 5, it is characterised in that the IP packets are IPv6 packets or IPv4 numbers According to bag;Accordingly, the IP address is IPv6 addresses or IPv4 addresses.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310312190.6A CN104348776B (en) | 2013-07-23 | 2013-07-23 | Data package processing method and device |
PCT/CN2014/072566 WO2015010472A1 (en) | 2013-07-23 | 2014-02-26 | Packet processing method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310312190.6A CN104348776B (en) | 2013-07-23 | 2013-07-23 | Data package processing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104348776A CN104348776A (en) | 2015-02-11 |
CN104348776B true CN104348776B (en) | 2018-02-06 |
Family
ID=52392675
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310312190.6A Active CN104348776B (en) | 2013-07-23 | 2013-07-23 | Data package processing method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104348776B (en) |
WO (1) | WO2015010472A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107277105A (en) * | 2017-05-08 | 2017-10-20 | 北京北信源软件股份有限公司 | Game auditing method and device based on BlueDrama |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
CN101526946A (en) * | 2008-03-07 | 2009-09-09 | 鸿富锦精密工业(深圳)有限公司 | Search system, web page browser, web page filter system and web page filter method thereof |
CN101867625A (en) * | 2010-07-19 | 2010-10-20 | 中国电信股份有限公司 | Method for allocating IPv6 address and home gateway |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6092110A (en) * | 1997-10-23 | 2000-07-18 | At&T Wireless Svcs. Inc. | Apparatus for filtering packets using a dedicated processor |
US7536479B2 (en) * | 2004-11-09 | 2009-05-19 | Intel Corporation | Local and remote network based management of an operating system-independent processor |
CN101753635A (en) * | 2008-12-17 | 2010-06-23 | 华为技术有限公司 | Method and system of collocating IPV6 (internet protocol version 6) addresses |
CN101997700A (en) * | 2009-08-11 | 2011-03-30 | 上海大学 | Internet protocol version 6 (IPv6) monitoring equipment based on deep packet inspection and deep flow inspection |
US9836724B2 (en) * | 2010-04-23 | 2017-12-05 | Microsoft Technology Licensing, Llc | Email views |
-
2013
- 2013-07-23 CN CN201310312190.6A patent/CN104348776B/en active Active
-
2014
- 2014-02-26 WO PCT/CN2014/072566 patent/WO2015010472A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
CN101526946A (en) * | 2008-03-07 | 2009-09-09 | 鸿富锦精密工业(深圳)有限公司 | Search system, web page browser, web page filter system and web page filter method thereof |
CN101867625A (en) * | 2010-07-19 | 2010-10-20 | 中国电信股份有限公司 | Method for allocating IPv6 address and home gateway |
Also Published As
Publication number | Publication date |
---|---|
CN104348776A (en) | 2015-02-11 |
WO2015010472A1 (en) | 2015-01-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105337966B (en) | For the treating method and apparatus of network attack | |
CN102737119B (en) | The lookup method of URL(uniform resource locator), filter method and relevant device and system | |
CN110519298A (en) | A kind of Tor method for recognizing flux and device based on machine learning | |
CN106815112A (en) | A kind of mass data monitoring system and method based on deep-packet detection | |
CN109271793A (en) | Internet of Things cloud platform device class recognition methods and system | |
CN111901327A (en) | Cloud network vulnerability mining method and device, electronic equipment and medium | |
CN108521408A (en) | Resist method of network attack, device, computer equipment and storage medium | |
CN107547671A (en) | A kind of URL matching process and device | |
CN110245273B (en) | Method for acquiring APP service feature library and corresponding device | |
CN102123058A (en) | Test equipment and method for testing network protocol decoder | |
CN107145779A (en) | A kind of recognition methods of offline Malware daily record and device | |
CN108712428A (en) | A kind of method and device carrying out device type identification to terminal | |
CN104333483A (en) | Identification method, system and identification device for internet application flow | |
CN104333461A (en) | Identification method, system and identification device for internet application flow | |
CN106941501A (en) | A kind of data communications method and device | |
CN104883705B (en) | A kind of the problem of data service is complained localization method and device | |
CN105516200B (en) | Cloud system method and device of safe processing | |
CN104348776B (en) | Data package processing method and device | |
CN113098852B (en) | Log processing method and device | |
CN105718599A (en) | Method and device for analyzing database access data packet | |
CN104219219B (en) | A kind of method of data processing, server and system | |
CN111125704B (en) | Webpage Trojan horse recognition method and system | |
CN104348712B (en) | A kind of rubbish mail filtering method and device | |
CN112866275B (en) | Flow sampling method, device and computer readable storage medium | |
CN107086960A (en) | A kind of message transmitting method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |