CN114124680B - File access control alarm log management method and device - Google Patents
File access control alarm log management method and device Download PDFInfo
- Publication number
- CN114124680B CN114124680B CN202111121916.9A CN202111121916A CN114124680B CN 114124680 B CN114124680 B CN 114124680B CN 202111121916 A CN202111121916 A CN 202111121916A CN 114124680 B CN114124680 B CN 114124680B
- Authority
- CN
- China
- Prior art keywords
- access control
- file access
- log
- alarm log
- control alarm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title abstract description 30
- 238000012545 processing Methods 0.000 claims abstract description 97
- 238000000034 method Methods 0.000 claims abstract description 58
- 230000005540 biological transmission Effects 0.000 claims abstract description 32
- 230000008569 process Effects 0.000 claims abstract description 23
- 230000006870 function Effects 0.000 claims description 32
- 230000002159 abnormal effect Effects 0.000 claims description 29
- 238000004590 computer program Methods 0.000 claims description 12
- 230000002618 waking effect Effects 0.000 claims description 5
- 230000003993 interaction Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 15
- 238000011217 control strategy Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000002045 lasting effect Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001364 causal effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application discloses a file access control alarm log management method and a device, which are applied to kernel space, wherein the method comprises the following steps: receiving a read-write operation request of file system input or output initiated by an application program of a user space; determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table; determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo equipment; and based on a system call mode sent by the transmission control protocol TCP reliable connection, sending the file access control alarm log to a remote log processing server. The method can process the alarm log data with minimum software and hardware resource consumption in the shortest time only through one interaction between the user space and the kernel space, and reduces the loss of transmission performance.
Description
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a file access control alarm log management method and device.
Background
At present, a file access control system under the Linux operating system environment mostly adopts a mode that a kernel driver level file system I/O operation related system calls HOOK to control a file access request initiated by a user space application program, and generates alarm log information when the file access request initiated by the application program is refused. In addition, since the access control uses the system call function as the control granularity, when a large number of application programs continuously initiate the file illegal access operation request, the kernel space generates a large amount of file access control alarm log data in a short time, and since the file access control system is mostly deployed in the client server environment, how to process the alarm log data in the shortest time with the least consumption of software and hardware resources, ensuring that a large amount of file access control alarm log data is not lost and ensuring that the client server environment is not affected to the greatest extent becomes important.
In response to this problem, the following schemes are provided in the related art:
scheme 1: the file access control alarm log generated in the kernel space is firstly cached, the file access control alarm log is sent to the user space through the message communication technology of the kernel space and the user space, is processed by the alarm log processing service process of the user space, and is stored in a local file system or a database server in a lasting mode. However, since the log processing is placed at the file access control system node in scheme 1, this way, a portion of the CPU (central processing unit ) resources and additional memory resources of the client server environment are consumed, which affects the performance of the client server to some extent.
Scheme 2: the file access control alarm log is moved to the log processing server for centralized processing, so that the consumption of software and hardware resources of a file access control system to a user server environment is reduced, but in the scheme 2, the file access control alarm log is firstly transferred from a 'kernel space' to a 'user space', then transferred from the 'user space' to the 'kernel space', and finally sent to the log processing server from the 'kernel space', so that transmission performance loss is brought, and even the loss of the file access control alarm log is possibly caused.
Disclosure of Invention
The embodiment of the application provides a method and a device for managing a file access control alarm log, which are used for reducing the loss of transmission performance of the file access control alarm log.
In a first aspect, an embodiment of the present application provides a method for managing a file access control alarm log, which is applied to a kernel space, where the method includes:
receiving a read-write operation request of file system input or output initiated by an application program of a user space;
determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo equipment;
and based on a system call mode sent by the transmission control protocol TCP reliable connection, sending the file access control alarm log to a remote log processing server.
In a possible implementation manner, the sending the file access control alarm log to the remote log processing server based on the system call mode sent by the transmission control protocol TCP reliable connection includes:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and transmitting the file access control alarm log to a remote log processing server through a protocol stack.
In a possible implementation manner, after writing the file access control alarm log to the associated preset pseudo device, the method further includes:
determining whether abnormal data is received;
when abnormal data is determined to be received, switching the system call mode sent by the reliable connection based on the Transmission Control Protocol (TCP) into a NETPOLL mode sent by the unreliable connection based on the User Datagram Protocol (UDP);
and transmitting the file access control alarm log to a remote log processing server based on a NETPOLL mode transmitted by the user datagram protocol UDP unreliable connection.
In a possible implementation manner, the sending the file access control alarm log to the remote log processing server based on the netpol mode of the UDP unreliable connection sending includes:
waking up a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function to interact with the network card driver based on the log sending kernel thread to send the file access control alarm log to the remote log processing server.
In a possible implementation manner, the abnormal data includes one or more of data corresponding to abnormal exit of a sending process, data corresponding to abnormal network protocol stack or data corresponding to abnormal system interrupt control.
In a second aspect, a file access control alarm log management apparatus is provided, applied to a kernel space, the apparatus including:
the receiving unit is used for receiving a read-write operation request of file system input or output initiated by an application program of a user space;
the processing unit is used for determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
the processing unit is further configured to: determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo equipment;
and the control unit is used for transmitting the file access control alarm log to a remote log processing server based on a system call mode transmitted by a Transmission Control Protocol (TCP) reliable connection.
In a possible embodiment, the control unit is specifically configured to:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and transmitting the file access control alarm log to a remote log processing server through a protocol stack.
In a possible implementation manner, after writing the file access control alert log to the associated preset pseudo device, the processing unit is further configured to:
determining whether abnormal data is received;
when abnormal data is determined to be received, switching the system call mode sent by the reliable connection based on the Transmission Control Protocol (TCP) into a NETPOLL mode sent by the unreliable connection based on the User Datagram Protocol (UDP);
and transmitting the file access control alarm log to a remote log processing server based on a NETPOLL mode transmitted by the user datagram protocol UDP unreliable connection.
In a possible embodiment, the control unit is further configured to:
waking up a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function to interact with the network card driver based on the log sending kernel thread to send the file access control alarm log to the remote log processing server.
In a possible implementation manner, the abnormal data includes one or more of data corresponding to abnormal exit of a sending process, data corresponding to abnormal network protocol stack or data corresponding to abnormal system interrupt control.
In a third aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the file access control alarm log management method of the present application when executing the program.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium including a program or instructions, which when executed, implement the steps in the file access control alert log management method according to the present application.
The embodiment of the application has the following beneficial effects:
the application provides a file access control alarm log management method and a device, which avoid the performance loss caused by the redundant operation that the log data is transferred from the kernel space to the user space and then from the user space to the kernel space because the file access control alarm log in the kernel space is directly transferred from the kernel space to a protocol stack or a network card driver. In addition, by sending the file access control alarm log to the remote log processing server, the consumption of CPU resources and extra memory resources of the client server environment can be reduced, and the use experience of the client is improved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a schematic diagram of a method for managing a file access control alarm log according to an embodiment of the present application;
fig. 2 is a schematic diagram of a network topology of a system according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an implementation flow of a method for managing a file access control alarm log according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a structure of a log management device for file access control and alarm according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to better understand the above technical solutions, the following detailed description will be made with reference to the accompanying drawings and specific embodiments of the present application, and it should be understood that specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, and not limiting the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and in the claims are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the images so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
The following briefly describes the design concept of the embodiment of the present application:
at present, in the related art, when processing the file access control alarm log, two schemes are mainly adopted, wherein in the scheme 1, an alarm log processing service process of a user space is used for processing, and then the processed alarm log is stored in a local file system or a database server in a lasting manner. Although the alarm log data can be processed by the scheme, the log processing is put on the file access control system node, so that a part of CPU resources and additional memory resources of the client server environment are consumed, and the performance of the client server is affected to a certain extent.
In view of this, a scheme 2 is provided in the related art, specifically, in the scheme 2, the file access control alarm log is moved to the log processing server to perform centralized processing, so that the consumption of software and hardware resources of the file access control system on the user server environment is reduced, but the processing of the file access control alarm log in the scheme 2 is subjected to multiple processing from the kernel space and the user space, that is, there is a problem of redundancy of transmission paths for transmitting the file access control alarm log.
In view of the foregoing problems with scheme 2 in the related art, an embodiment of the present application provides a method for managing a file access control alarm log, by which consumption of transmission context resources and corresponding system performance of the file access control alarm log can be reduced.
After the design concept of the embodiment of the present application is introduced, some simple descriptions are provided below for application scenarios suitable for the technical solution of file access control alarm log management in the embodiment of the present application, and it should be noted that, the application scenarios described in the embodiment of the present application are for more clearly describing the technical solution of the embodiment of the present application, and do not constitute a limitation on the technical solution provided by the embodiment of the present application, and as a person of ordinary skill in the art knows, with the appearance of a new application scenario, the technical solution provided by the embodiment of the present application is also suitable for similar technical problems.
Referring to fig. 1, a schematic diagram of a method for managing a file access control alarm log according to an embodiment of the present application is shown. The file system access control node comprises a user space and a kernel space, the user space and the kernel space can interact with each other, the user space can send a file access control alarm log to a log processing server, and the log processing server can conduct centralized processing on the file access control alarm log. Specifically, the file system access control node is deployed on a computer device.
In the embodiment of the application, the user space comprises a configuration process, a file access control log event monitoring module and a file access control log sending sub-module, and the kernel space comprises a file system access control module, a stored file system access control strategy sent by the configuration process of the user space, an access control log memory file system module and a file system access control log sending module.
Referring to fig. 2, a topology diagram of a network structure of an alternative system according to an embodiment of the present application is shown. Specifically, the system comprises a file system access control node, a log processing server, a database server, a centralized management platform and the like. It should be noted that, in fig. 2, a network topology diagram in the case where the system has only one file access control node is taken as an example, in an actual implementation, the file access control node may be multiple and interact with the log processing server.
The centralized management platform can provide an operation interface for a user, such as a visual user management interface, and the user can perform grouping management on all file system access control nodes included in the system through the visual user management interface corresponding to the centralized management platform.
Specifically, a user can divide a plurality of file access control nodes into different groups according to file access control requirements through a centralized management platform, and the configuration management of the file access control strategy is performed by taking the groups as units. Therefore, the configuration of the control strategy is not needed for each file access control node, the operation steps in the strategy configuration process are reduced, and the configuration efficiency of the control strategy is improved.
In addition, the user can also query various file access control log information generated by the file access control node through the centralized management platform, or use various file access control logs generated by the file access control node for secondary development.
In the embodiment of the application, the log processing server is responsible for receiving and processing the alarm log data reported by all the file system access control nodes and storing the processed log to the database server in a lasting way, so that the consumption of software and hardware resources of a client server environment can be reduced.
In the embodiment of the application, the file system access control node consists of a configuration process running in a user space, a file system access control log sending module running in a kernel space, a file system access control module and an access control log memory file system module.
Specifically, the user issues one or more file access control configuration rules, such as configuration rules for controlling whether a file access request is allowed or not, configuration rules for a sending mode of a log, and the like, to the file system access control node through the centralized management platform based on different use requirements. The one or more file access control configuration rules are then transferred to the kernel space via the configuration process of the user space and stored in the kernel space, i.e. the kernel space stores an access control policy table comprising the one or more file access control configuration rules, so that when an application program of the user space initiates a file system access request, the kernel space can match the configuration rules in the file access control policy table, based on the file system access request, to determine whether the file access request is allowed or not, thereby giving a file access control decision, and generating a corresponding file access control log, and then transmitting the log to a remote log processing server based on a corresponding transmission mode.
In the embodiment of the application, the computer equipment can also execute initialization, specifically, can load a driver of a kernel space, creates a memory file system file/proc/nsfocus/hds/event_notify, and binds a self-defined memory file system file operation callback function set to an event_notify file. And the computer device also creates an associated pseudo device for caching of the file access control alert log in the kernel space and defines a pseudo device operation function. In addition, a send task wait queue may be initialized.
In the embodiment of the application, after initialization, a user can issue file access control configuration rules to a file access control node through a centralized management platform and transfer the configuration rules to a kernel space through a configuration process of a user space.
Optionally, when the file access control log sending mode is a netholl mode, specific information that the computer device may control the configuration process of the user space to issue to the kernel space includes, but is not limited to: the IP addresses and the log processing service ports of the file access control node and the remote log processing server, the network card names sent by the file access log of the file access control node and the network card address of the remote log processing server.
Further, the computer device may create a NETPOLL instance at the driver and register with the kernel space, then create a file access control alert log kernel send thread, and the file access control alert log kernel send thread will join the send task wait queue, thereby waking up the file access control alert log kernel send thread send log when the file system access control module generates the file access control log. In addition, the computer equipment issues file system access control configuration rules to the kernel space through the configuration process of the user space, and opens the file access control switch.
Optionally, when determining that the sending mode of the file access control alarm log is a system call mode, the computer device may control a sending process corresponding to the user space to create a socket, connect to a remote log processing server, and add the socket to a poll event monitoring queue; and opening the memory file system file/proc/nsfocus/hds/event_notify and adding this to the poll event snoop queue. In addition, the computer equipment issues file system access control configuration rules to the kernel space through the configuration process of the user space, and can open a file access control switch of the user space.
In the embodiment of the application, the file system access control module in the kernel space can realize interfaces such as pseudo device file opening, closing, reading, offset calculation, poll interface, shared memory mapping and the like, thereby supporting zero copy transmission of the file access control log under two transmission modes (namely a NETPOLL mode and a system call module).
In order to further explain the scheme of the file access control alarm log management method provided by the embodiment of the application, the following detailed description is given with reference to the attached drawings and the specific embodiments. Although embodiments of the present application provide the method operational steps shown in the following embodiments or figures, more or fewer operational steps may be included in the method based on routine or non-inventive labor. In steps where there is logically no necessary causal relationship, the execution order of the steps is not limited to the execution order provided by the embodiments of the present application. The methods may be performed sequentially or in parallel (e.g., parallel processor or multi-threaded processing application environments) as shown in the embodiments or figures when the methods are performed in the actual process or apparatus.
The method for managing the file access control alarm log in the embodiment of the present application is described below with reference to the method flowchart shown in fig. 3, and the method flowchart in the embodiment of the present application is described below.
Step 301: and receiving a read-write operation request of file system input or output initiated by an application program of the user space.
In the embodiment of the application, before the kernel space receives a read-write operation request of file system input or output initiated by an application program of the user space, a file system access control module in the kernel space can receive a file system access control configuration rule issued by the user space, and then store the file system access control configuration rule into a file system access control policy table.
In an embodiment of the present application, the file system access control policy table may include a configuration rule that denies or passes a file system input or output read/write operation request.
Step 302: and determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table.
In the embodiment of the present application, a file system access control module in a kernel space queries a preset file system access control policy table based on a received read-write operation request, where the preset file system access control policy table may include: and the user space is based on a configuration rule sent by a configuration process to reject or pass the read-write operation request input or output by the file system.
Specifically, a file system access control policy table can be preset, read-write operation requests are matched to obtain a matching result, and a pass or reject decision is made on an I/O read-write operation request initiated by an application program according to the matching result, namely, a processing result of the read-write operation request is determined.
Step 303: and determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo device.
In the embodiment of the application, after the processing result is obtained, the file system access control module in the kernel space can determine the file access control alarm log based on the processing result, and write the file access control alarm log into the associated preset pseudo device.
Step 304: and based on a system call mode sent by the transmission control protocol TCP reliable connection, sending a file access control alarm log to a remote log processing server.
In the embodiment of the present application, the configuration rule of the sending mode of the log may be a rule including two sending modes for sending the file access control alarm log, specifically:
(1) A system call mode based on TCP (Transmission Control Protocol ) reliable connection transmission;
(2) Netholl mode based on UDP (User Datagram Protocol ) unreliable connection transmission.
In the embodiment of the application, under the default condition, the system adopts a system call mode transmitted based on TCP reliable connection, when the system call mode transmitted based on TCP reliable connection cannot be used, the system is automatically switched to a NETPOLL mode, and when the system call mode is recovered, the system is automatically switched back to the system call mode, and the log is transmitted to the log processing server as timely and reliably as possible.
In the embodiment of the application, a corresponding preset read operation callback function in a system call mode can be determined, a file access control alarm log stored in an associated preset pseudo device is read based on the preset read operation callback function, and the file access control alarm log is copied to a socket buffer area; and transmitting the file access control alarm log to a remote log processing server through a protocol stack.
Specifically, in the system call mode, when the file system access control module writes the file access control alert log to the associated pseudo device, the system will generate a poll event notification on the per proc/nsfocus/hds/event_notify file handle, so that the sending task will be awakened.
Further, the user space sending task calls a system call function sys_sendfile to execute zero copy sending of the file access control log, the call function directly performs data interaction with the associated pseudo device in the kernel space, specifically, reads the file access control log data content stored in the pseudo device through a read operation callback function, copies the file access control log data content to a socket buffer area, and then completes sending of log data to a remote log processing server through a protocol stack; at the same time, the file offset pointer is updated by the file offset callback function. In addition, when log data is successfully sent to the remote log processing server, the log data storage space cached in the pseudo device will be reclaimed for subsequent log storage use.
In an embodiment of the present application, after step 304 is performed, it may also be determined whether the kernel space receives exception data; the abnormal data comprises one or more of data corresponding to abnormal exit of a sending process, data corresponding to abnormal network protocol stack or data corresponding to abnormal system interrupt control.
It can be seen that when the system call mode is adopted, if an exception occurs in the process, the exception data can be received. Further, when it is determined that abnormal data is received, a system call mode sent based on a Transmission Control Protocol (TCP) reliable connection is switched to a NETPOLL mode sent based on a User Datagram Protocol (UDP) unreliable connection, and then a file access control alarm log can be sent to a remote log processing server based on the NETPOLL mode sent by the User Datagram Protocol (UDP) unreliable connection.
In the embodiment of the application, the kernel space can wake up the log sending kernel thread corresponding to the kernel sending task of the file access control alarm log, and then call the first preset function and the network card drive to interact with the file access control alarm log based on the log sending kernel thread so as to send the file access control alarm log to the remote log processing server. The first preset function can be a function which is derived by calling the netpoll_send_udp, and the function directly interacts log data with the network card driver, so that the data can be sent to a remote log processing server under the condition of not depending on interrupt and protocol stack, and zero copy sending of the file access control alarm log can be realized in a NETPOLL mode.
In the embodiment of the application, the adaptive mode switching is adopted, namely in the system call mode, when the file system control module detects that the user space log sending task is abnormal, the system call mode is switched to the NETPOLL mode, and when the user space log sending task is detected to be recovered to be normal, the system call mode is switched back to the NETPOLL mode. Therefore, as long as the network card is still in a working state, the file system access control node can be ensured to the greatest extent, and even under the abnormal condition of kernel space protocol stack or interrupt control, the file system access control alarm log is not lost.
In the embodiment of the application, the sending thread blocks the waiting poll signal, when the file system access control module writes a file access control alarm log, the sending thread blocked on the poll signal is awakened, and the sending thread and the pseudo device carry out data transmission in the kernel space, so that the log data is prevented from being transmitted to the user space from the kernel space and then transmitted to the kernel space from the user space, and zero copy transmission of the log data is realized.
In the embodiment of the application, after log data is successfully sent to a remote log processing server, the log data storage space cached in the pseudo device is recovered for subsequent log storage and use. Therefore, the storage space in the pseudo device can be repeatedly utilized all the time, the resource can be repeatedly utilized, and unnecessary resource consumption is reduced.
Based on the same inventive concept, the embodiment of the application also provides a file access control alarm log management device, and because the principle of the file access control alarm log management device for solving the problem is similar to that of the file access control alarm log management method, the implementation of the device can refer to the implementation of the method, and the repetition is omitted.
As shown in fig. 4, which is a schematic structural diagram of a file access control alarm log management apparatus 400 according to an embodiment of the present application, the method may include:
a receiving unit 401, configured to receive a read-write operation request initiated by an application program in a user space and input or output by a file system;
a processing unit 402, configured to determine a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
the processing unit 402 is further configured to: determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo equipment;
and the control unit 403 is configured to send the file access control alarm log to a remote log processing server based on a system call mode sent by a transmission control protocol TCP reliable connection.
In a possible embodiment, the control unit 403 is specifically configured to:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and transmitting the file access control alarm log to a remote log processing server through a protocol stack.
In a possible embodiment, after writing the file access control alert log to the associated preset pseudo device, the processing unit 402 is further configured to:
determining whether abnormal data is received;
when abnormal data is determined to be received, switching the system call mode sent by the reliable connection based on the Transmission Control Protocol (TCP) into a NETPOLL mode sent by the unreliable connection based on the User Datagram Protocol (UDP);
and transmitting the file access control alarm log to a remote log processing server based on a NETPOLL mode transmitted by the user datagram protocol UDP unreliable connection.
In a possible embodiment, the control unit 403 is further configured to:
waking up a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function to interact with the network card driver based on the log sending kernel thread to send the file access control alarm log to the remote log processing server.
In a possible implementation manner, the abnormal data includes one or more of data corresponding to abnormal exit of a sending process, data corresponding to abnormal network protocol stack or data corresponding to abnormal system interrupt control.
Based on the same technical concept, the embodiment of the present application further provides an electronic device 500, referring to fig. 5, where the electronic device 500 is configured to implement the file access control alarm log management method described in the foregoing method embodiment, and the electronic device 500 of this embodiment may include: memory 501, processor 502, and a computer program stored in the memory and executable on the processor, such as a file access control alert log management program. The processor, when executing the computer program, implements the steps in the embodiments of the method for managing the file access control alarm log, for example, the steps shown in fig. 3. Alternatively, the processor, when executing the computer program, performs the functions of the modules/units of the apparatus embodiments described above, e.g. 400.
The specific connection medium between the memory 501 and the processor 502 is not limited in the embodiment of the present application. In the embodiment of the present application, the memory 501 and the processor 502 are connected through the bus 503 in fig. 5, the bus 503 is indicated by a thick line in fig. 5, and the connection manner between other components is only schematically illustrated, but not limited to. The bus 503 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 5, but not only one bus or one type of bus.
The memory 501 may be a volatile memory (RAM), such as a random-access memory (RAM); the memory 501 may also be a non-volatile memory (non-volatile memory), such as a read-only memory, a flash memory (flash memory), a Hard Disk Drive (HDD) or a Solid State Drive (SSD), or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. Memory 501 may be a combination of the above.
A processor 502, configured to implement a method for managing a file access control alert log as shown in fig. 3, includes:
receiving a read-write operation request of file system input or output initiated by an application program of a user space; determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table; determining a file access control alarm log based on a processing result, and writing the file access control alarm log into a preset pseudo device associated with the kernel space; and based on a system call mode sent by the transmission control protocol TCP reliable connection, sending a file access control alarm log to a remote log processing server.
The embodiment of the application also provides a computer readable storage medium, which comprises a program or instructions, and when the program or instructions are executed, the file access control alarm log management method provided by the embodiment of the application is realized.
In some possible embodiments, aspects of the file access control alert log management method provided by the present application may also be implemented in the form of a program product, which includes program code for causing an electronic device to perform the steps in the file access control alert log management method according to the various exemplary embodiments of the present application described above in this specification, when the program product is run on the electronic device, for example, receiving a read-write operation request of a file system input or output initiated by an application program of a user space; determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table; determining a file access control alarm log based on the processing result, and writing the file access control alarm log into the associated preset pseudo equipment; and based on a system call mode sent by the transmission control protocol TCP reliable connection, sending a file access control alarm log to a remote log processing server.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (8)
1. A method for managing a file access control alarm log, the method being applied to a kernel space, the method comprising:
receiving a read-write operation request of file system input or output initiated by an application program of a user space;
determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment created in the kernel space;
based on a system call mode sent by a Transmission Control Protocol (TCP) reliable connection, sending the file access control alarm log to a remote log processing server;
the system call mode based on the transmission control protocol TCP reliable connection transmission transmits the file access control alarm log to a remote log processing server, and the method comprises the following steps:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and transmitting the file access control alarm log to a remote log processing server through a protocol stack.
2. The method of claim 1, wherein after writing the file access control alert log to the associated pre-set pseudo device, the method further comprises:
determining whether abnormal data is received;
when abnormal data is determined to be received, switching the system call mode sent by the reliable connection based on the Transmission Control Protocol (TCP) into a NETPOLL mode sent by the unreliable connection based on the User Datagram Protocol (UDP);
and transmitting the file access control alarm log to a remote log processing server based on a NETPOLL mode transmitted by the user datagram protocol UDP unreliable connection.
3. The method of claim 2, wherein transmitting the file access control alert log to a remote log processing server based on a netholl mode of user datagram protocol, UDP, unreliable connection transmission, comprises:
waking up a log sending kernel thread corresponding to a kernel sending task of the file access control alarm log;
and calling a first preset function to interact with the network card driver based on the log sending kernel thread to send the file access control alarm log to the remote log processing server.
4. The method of claim 2, wherein the exception data comprises one or more of data corresponding to a send process exception exit, data corresponding to a network protocol stack exception, or data corresponding to a system interrupt control exception.
5. A file access control alert log management apparatus for use in a kernel space, said apparatus comprising:
the receiving unit is used for receiving a read-write operation request of file system input or output initiated by an application program of a user space;
the processing unit is used for determining a processing result of the read-write operation request based on the read-write operation request and a preset file system access control policy table;
the processing unit is further configured to: determining a file access control alarm log based on the processing result, and writing the file access control alarm log into associated preset pseudo equipment created in the kernel space;
the control unit is used for transmitting the file access control alarm log to a remote log processing server based on a system call mode transmitted by a Transmission Control Protocol (TCP) reliable connection;
wherein, the control unit is specifically configured to:
determining a corresponding preset read operation callback function in the system call mode, reading a file access control alarm log stored in the associated preset pseudo device based on the preset read operation callback function, and copying the file access control alarm log to a socket buffer area; and transmitting the file access control alarm log to a remote log processing server through a protocol stack.
6. The apparatus of claim 5, wherein after writing the file access control alert log to the associated pre-set pseudo device, the processing unit is further to:
determining whether abnormal data is received;
when abnormal data is determined to be received, switching the system call mode sent by the reliable connection based on the Transmission Control Protocol (TCP) into a NETPOLL mode sent by the unreliable connection based on the User Datagram Protocol (UDP);
and transmitting the file access control alarm log to a remote log processing server based on a NETPOLL mode transmitted by the user datagram protocol UDP unreliable connection.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 4 when the program is executed by the processor.
8. A computer readable storage medium comprising a program or instructions which, when executed, performs the method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111121916.9A CN114124680B (en) | 2021-09-24 | 2021-09-24 | File access control alarm log management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111121916.9A CN114124680B (en) | 2021-09-24 | 2021-09-24 | File access control alarm log management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114124680A CN114124680A (en) | 2022-03-01 |
| CN114124680B true CN114124680B (en) | 2023-11-17 |
Family
ID=80441192
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111121916.9A Active CN114124680B (en) | 2021-09-24 | 2021-09-24 | File access control alarm log management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114124680B (en) |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5832515A (en) * | 1996-09-12 | 1998-11-03 | Veritas Software | Log device layered transparently within a filesystem paradigm |
| US7330862B1 (en) * | 2003-04-25 | 2008-02-12 | Network Appliance, Inc. | Zero copy write datapath |
| US7461080B1 (en) * | 2003-05-09 | 2008-12-02 | Sun Microsystems, Inc. | System logging within operating system partitions using log device nodes that are access points to a log driver |
| CN102402487A (en) * | 2011-11-15 | 2012-04-04 | 北京天融信科技有限公司 | Method and system for receiving message in zero copy mode |
| JP2013171542A (en) * | 2012-02-22 | 2013-09-02 | Nippon Telegr & Teleph Corp <Ntt> | Performance analysis device, method for analyzing performance, and performance analysis program |
| CN103632107A (en) * | 2012-08-23 | 2014-03-12 | 苏州慧盾信息安全科技有限公司 | Mobile terminal information safety protection system and method |
| CN103716354A (en) * | 2012-10-09 | 2014-04-09 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for information system |
| US9092426B1 (en) * | 2011-01-03 | 2015-07-28 | Applied Micro Circuts Corporation | Zero-copy direct memory access (DMA) network-attached storage (NAS) file system block writing |
| CN104978543A (en) * | 2015-07-09 | 2015-10-14 | 黄凯锋 | Mobile terminal information safety protection system and method |
| CN109561105A (en) * | 2018-12-29 | 2019-04-02 | 江苏博智软件科技股份有限公司 | A kind of high-performance message capturing transmission platform based on message Zero-copy mode |
| US10303663B1 (en) * | 2014-06-12 | 2019-05-28 | Amazon Technologies, Inc. | Remote durable logging for journaling file systems |
| CN110650038A (en) * | 2019-09-12 | 2020-01-03 | 国家电网有限公司 | Method and system for collecting and processing security event logs for multiple types of supervision objects |
| CN110674530A (en) * | 2019-09-29 | 2020-01-10 | 北京神州绿盟信息安全科技股份有限公司 | File access control method, equipment and device based on user mode |
| CN110764962A (en) * | 2018-07-26 | 2020-02-07 | 武汉海康存储技术有限公司 | Log processing method and device |
| CN111078607A (en) * | 2019-12-24 | 2020-04-28 | 上海交通大学 | Method and system for deploying RDMA (remote direct memory Access) and non-volatile memory-oriented network access programming frame |
| CN112350850A (en) * | 2020-09-29 | 2021-02-09 | 宇龙计算机通信科技(深圳)有限公司 | Log file reporting method and device, storage medium and electronic equipment |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100930018B1 (en) * | 2007-12-07 | 2009-12-07 | 주식회사 마크애니 | Digital Information Security System, Kernel Driver Device, and Digital Information Security Method |
| US9239776B2 (en) * | 2012-02-09 | 2016-01-19 | Vmware, Inc. | Systems and methods to simulate storage |
| US8904551B2 (en) * | 2012-11-07 | 2014-12-02 | International Business Machines Corporation | Control of access to files |
| KR20150082010A (en) * | 2014-01-07 | 2015-07-15 | 삼성전자주식회사 | Micro-journaling for non-volatile memory file system |
| US20150341377A1 (en) * | 2014-03-14 | 2015-11-26 | Avni Networks Inc. | Method and apparatus to provide real-time cloud security |
| US20150319050A1 (en) * | 2014-03-14 | 2015-11-05 | Avni Networks Inc. | Method and apparatus for a fully automated engine that ensures performance, service availability, system availability, health monitoring with intelligent dynamic resource scheduling and live migration capabilities |
| US10157108B2 (en) * | 2014-05-27 | 2018-12-18 | International Business Machines Corporation | Multi-way, zero-copy, passive transaction log collection in distributed transaction systems |
| US20210073198A1 (en) * | 2019-09-09 | 2021-03-11 | Oracle International Corporation | Using persistent memory and remote direct memory access to reduce write latency for database logging |
| US11477123B2 (en) * | 2019-09-26 | 2022-10-18 | Apple Inc. | Methods and apparatus for low latency operation in user space networking |
| US11829303B2 (en) * | 2019-09-26 | 2023-11-28 | Apple Inc. | Methods and apparatus for device driver operation in non-kernel space |
| US12126652B2 (en) * | 2019-12-18 | 2024-10-22 | Pathlock Inc. | Systems, methods, and devices for logging activity of a security platform |
-
2021
- 2021-09-24 CN CN202111121916.9A patent/CN114124680B/en active Active
Patent Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5832515A (en) * | 1996-09-12 | 1998-11-03 | Veritas Software | Log device layered transparently within a filesystem paradigm |
| US7330862B1 (en) * | 2003-04-25 | 2008-02-12 | Network Appliance, Inc. | Zero copy write datapath |
| US7461080B1 (en) * | 2003-05-09 | 2008-12-02 | Sun Microsystems, Inc. | System logging within operating system partitions using log device nodes that are access points to a log driver |
| US9092426B1 (en) * | 2011-01-03 | 2015-07-28 | Applied Micro Circuts Corporation | Zero-copy direct memory access (DMA) network-attached storage (NAS) file system block writing |
| CN102402487A (en) * | 2011-11-15 | 2012-04-04 | 北京天融信科技有限公司 | Method and system for receiving message in zero copy mode |
| JP2013171542A (en) * | 2012-02-22 | 2013-09-02 | Nippon Telegr & Teleph Corp <Ntt> | Performance analysis device, method for analyzing performance, and performance analysis program |
| CN103632107A (en) * | 2012-08-23 | 2014-03-12 | 苏州慧盾信息安全科技有限公司 | Mobile terminal information safety protection system and method |
| CN103716354A (en) * | 2012-10-09 | 2014-04-09 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for information system |
| US10303663B1 (en) * | 2014-06-12 | 2019-05-28 | Amazon Technologies, Inc. | Remote durable logging for journaling file systems |
| CN104978543A (en) * | 2015-07-09 | 2015-10-14 | 黄凯锋 | Mobile terminal information safety protection system and method |
| CN110764962A (en) * | 2018-07-26 | 2020-02-07 | 武汉海康存储技术有限公司 | Log processing method and device |
| CN109561105A (en) * | 2018-12-29 | 2019-04-02 | 江苏博智软件科技股份有限公司 | A kind of high-performance message capturing transmission platform based on message Zero-copy mode |
| CN110650038A (en) * | 2019-09-12 | 2020-01-03 | 国家电网有限公司 | Method and system for collecting and processing security event logs for multiple types of supervision objects |
| CN110674530A (en) * | 2019-09-29 | 2020-01-10 | 北京神州绿盟信息安全科技股份有限公司 | File access control method, equipment and device based on user mode |
| CN111078607A (en) * | 2019-12-24 | 2020-04-28 | 上海交通大学 | Method and system for deploying RDMA (remote direct memory Access) and non-volatile memory-oriented network access programming frame |
| CN112350850A (en) * | 2020-09-29 | 2021-02-09 | 宇龙计算机通信科技(深圳)有限公司 | Log file reporting method and device, storage medium and electronic equipment |
Non-Patent Citations (2)
| Title |
|---|
| 基于新型非易失内存的远程零拷贝文件系统;韩文炳;陈小刚;李顺芬;李大刚;陈诗雁;段有康;宋志棠;;国防科技大学学报(第03期);全文 * |
| 基于虚拟机的多个安全级别的日志生成方法;赵斯琴;付勇;陈康;郑纬民;;清华大学学报(自然科学版)(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114124680A (en) | 2022-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11687555B2 (en) | Conditional master election in distributed databases | |
| JP6328134B2 (en) | Method, apparatus, and program for performing communication channel failover in a clustered computer system | |
| US5818448A (en) | Apparatus and method for identifying server computer aggregation topologies | |
| JP5006348B2 (en) | Multi-cache coordination for response output cache | |
| CN102955851B (en) | A kind of switching method and apparatus of database | |
| US5748897A (en) | Apparatus and method for operating an aggregation of server computers using a dual-role proxy server computer | |
| US20120197959A1 (en) | Processing pattern framework for dispatching and executing tasks in a distributed computing grid | |
| CN105933408B (en) | A kind of implementation method and device of Redis universal middleware | |
| US8612973B2 (en) | Method and system for handling interrupts within computer system during hardware resource migration | |
| EP3834088B1 (en) | One-sided reliable remote direct memory operations | |
| US9448827B1 (en) | Stub domain for request servicing | |
| CN102968457B (en) | Database method for switching between and system | |
| CN115150464A (en) | Application proxy method, device, equipment and medium | |
| US10798146B2 (en) | System and method for universal timeout in a distributed computing environment | |
| JP2005535002A (en) | Shared resource domain | |
| CN114461593A (en) | Log writing method and device, electronic equipment and storage medium | |
| CN114124680B (en) | File access control alarm log management method and device | |
| WO2018188959A1 (en) | Method and apparatus for managing events in a network that adopts event-driven programming framework | |
| JP6740543B2 (en) | Communication device, system, rollback method, and program | |
| CN111221642B (en) | Data processing method, device, storage medium and terminal | |
| CN117793034A (en) | Network card adding method, device, computing equipment and machine-readable storage medium | |
| WO2023274409A1 (en) | Method for executing transaction in blockchain system and blockchain node | |
| CN109308247B (en) | Log processing method, device and equipment and network equipment | |
| US20080244087A1 (en) | Data processing system with routing tables | |
| CN113467932B (en) | A load balancing method, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |