CN115190175B - Connection processing method, system, electronic device, server and readable storage medium - Google Patents
Connection processing method, system, electronic device, server and readable storage medium Download PDFInfo
- Publication number
- CN115190175B CN115190175B CN202210840515.7A CN202210840515A CN115190175B CN 115190175 B CN115190175 B CN 115190175B CN 202210840515 A CN202210840515 A CN 202210840515A CN 115190175 B CN115190175 B CN 115190175B
- Authority
- CN
- China
- Prior art keywords
- tls
- client data
- storage space
- preset storage
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
技术领域technical field
本申请涉及服务器领域,特别涉及连接处理方法、系统、电子设备、服务器及可读存储介质。The present application relates to the server field, in particular to a connection processing method, system, electronic equipment, server and readable storage medium.
背景技术Background technique
HTTPS(Hyper Text Transfer Protocol over SecureSocket Layer,超文本传输安全协议)协议是由HTTP加上TLS(Transport Layer Security,传输层安全)/SSL(SecureSocket Layer,安全套接字协议)协议构建的可进行加密传输、身份认证的网络协议,主要通过数字证书、加密算法、非对称密钥等技术完成互联网数据传输加密,实现互联网传输安全保护。传统上该协议运行在CPU端,经测试,Https建立连接大概耗时耗费436毫秒,其中SSL部分花费322毫秒,频繁的重建SSL的session,会占用过多的CPU(Central ProcessingUnit,中央处理器)资源,影响服务器性能。HTTPS (Hyper Text Transfer Protocol over SecureSocket Layer, Hypertext Transfer Security Protocol) protocol is constructed by HTTP plus TLS (Transport Layer Security, Transport Layer Security)/SSL (SecureSocket Layer, Secure Socket Layer) protocol, which can be encrypted The network protocol of transmission and identity authentication mainly completes the encryption of Internet data transmission through digital certificates, encryption algorithms, asymmetric keys and other technologies to realize the security protection of Internet transmission. Traditionally, the protocol runs on the CPU side. After testing, it takes about 436 milliseconds to establish a Https connection, of which the SSL part takes 322 milliseconds. Frequent rebuilding of SSL sessions will take up too much CPU (Central Processing Unit, central processing unit) resources, affecting server performance.
因此,如何提供一种解决上述技术问题的方案是本领域技术人员目前需要解决的问题。Therefore, how to provide a solution to the above technical problems is a problem that those skilled in the art need to solve at present.
发明内容Contents of the invention
本申请的目的是提供一种连接处理方法、系统、电子设备、服务器及可读存储介质,能够减少设计复杂度,避免大量断包处理、状态存储及回读,同时释放了CPU资源,从而保证服务器性能。The purpose of this application is to provide a connection processing method, system, electronic equipment, server and readable storage medium, which can reduce design complexity, avoid a large number of broken packet processing, state storage and readback, and release CPU resources at the same time, thereby ensuring server performance.
为解决上述技术问题,本申请提供了一种连接处理方法,应用于处理装置,所述处理装置独立于CPU,该连接处理方法包括:In order to solve the above technical problems, the present application provides a connection processing method, which is applied to a processing device, and the processing device is independent of the CPU. The connection processing method includes:
对接收到的客户端发送的TCP连接进行解析,得到客户端数据;Analyze the received TCP connection sent by the client to obtain the client data;
将所述客户端数据存储到DDR中与所述TCP连接对应的预设存储空间,并判断所述预设存储空间中存储的所述客户端数据是否满足TLS处理条件;storing the client data in a preset storage space corresponding to the TCP connection in the DDR, and judging whether the client data stored in the preset storage space meets the TLS processing conditions;
若是,对所述预设存储空间中存储的所有所述客户端数据进行TLS计算处理,将处理后的所述客户端数据发送至服务端;If so, perform TLS calculation processing on all the client data stored in the preset storage space, and send the processed client data to the server;
当接收到所述服务端反馈的服务端数据,对所述服务端数据进行所述TLS计算处理,将处理后的所述服务端数据封包发送至所述客户端。When the server data fed back by the server is received, the TLS calculation process is performed on the server data, and the processed server data packet is sent to the client.
可选的,所述将所述客户端数据存储到DDR中与所述TCP连接对应的预设存储空间之前,该连接处理方法包括:Optionally, before storing the client data in the preset storage space corresponding to the TCP connection in the DDR, the connection processing method includes:
从预设地址列表中获取所述TCP连接对应的可写入地址;Obtain the writable address corresponding to the TCP connection from the preset address list;
所述将所述客户端数据存储到DDR中与所述TCP连接对应的预设存储空间的过程包括:The process of storing the client data in the preset storage space corresponding to the TCP connection in the DDR includes:
按所述可写入地址将所述客户端数据存储到DDR中的预设存储空间。The client data is stored in a preset storage space in the DDR according to the writable address.
可选的,所述按所述可写入地址将所述客户端数据存储到DDR中的预设存储空间之后,该连接处理方法还包括:Optionally, after the client data is stored in the preset storage space in the DDR according to the writable address, the connection processing method further includes:
更新所述预设地址列表中所述TCP连接的可写入地址,以便基于所述更新后的可写入地址执行所述TCP连接对应的新的写入操作。Updating the writable address of the TCP connection in the preset address list, so as to execute a new write operation corresponding to the TCP connection based on the updated writable address.
可选的,所述判断所述预设存储空间中存储的所述客户端数据是否满足TLS处理条件的过程包括:Optionally, the process of judging whether the client data stored in the preset storage space meets the TLS processing conditions includes:
判断所述预设存储空间内存储的所述客户端数据是否构成完整的TLS包;judging whether the client data stored in the preset storage space constitutes a complete TLS package;
若否,判定所述预设存储空间中存储的所述客户端数据不满足TLS处理条件;If not, determine that the client data stored in the preset storage space does not meet the TLS processing conditions;
若是,判断所述TLS包是否满足预设状态跳转条件;If so, judging whether the TLS packet satisfies the preset state jump condition;
若是,判定所述预设存储空间中存储的所述客户端数据满足TLS处理条件;If so, determine that the client data stored in the preset storage space meets the TLS processing conditions;
若否,判定所述预设存储空间中存储的所述客户端数据不满足所述TLS处理条件。If not, it is determined that the client data stored in the preset storage space does not satisfy the TLS processing condition.
可选的,该连接处理方法还包括:Optionally, the connection processing method also includes:
当判定所述预设存储空间内存储的所述客户端数据未构成完整的TLS包,记录TLS断点信息;When it is determined that the client data stored in the preset storage space does not constitute a complete TLS package, record TLS breakpoint information;
其中,所述TLS断点信息包括所述TCP连接的连接号、总长度及剩余未接收长度。Wherein, the TLS breakpoint information includes the connection number, total length and remaining unreceived length of the TCP connection.
可选的,该连接处理方法还包括:Optionally, the connection processing method also includes:
当判定所述预设存储空间内存储的所述客户端数据构成完整的TLS包,记录所述TLS包对应的TLS帧类型和长度。When it is determined that the client data stored in the preset storage space constitutes a complete TLS packet, record the TLS frame type and length corresponding to the TLS packet.
可选的,该连接处理方法还包括:Optionally, the connection processing method also includes:
当判定所述预设存储空间内存储的所述客户端数据满足所述TLS处理条件,记录所述TLS包对应的TCP连接号及待处理操作的操作类型;When it is determined that the client data stored in the preset storage space satisfies the TLS processing condition, record the TCP connection number corresponding to the TLS packet and the operation type of the pending operation;
所述对所述预设存储空间中存储的所有所述客户端数据进行TLS计算处理的过程包括:The process of performing TLS calculation processing on all the client data stored in the preset storage space includes:
从所述预设地址列表中根据所述TLS包对应的TCP连接号确定可读取地址;determining a readable address from the preset address list according to the TCP connection number corresponding to the TLS packet;
按所述可读取地址从所述预设存储空间中读取所述客户端数据,并基于所述待处理操作的操作类型对读取到的所述客户端数据进行TLS计算处理。Reading the client data from the preset storage space according to the readable address, and performing TLS calculation processing on the read client data based on the operation type of the operation to be processed.
可选的,所述按所述可读取地址从所述预设存储空间中读取所述客户端数据之后,该连接处理方法还包括:Optionally, after reading the client data from the preset storage space according to the readable address, the connection processing method further includes:
更新所述预设地址列表中所述TCP连接的可读取地址。updating the readable address of the TCP connection in the preset address list.
可选的,所述对接收到的客户端发送的TCP连接进行解析,得到客户端数据的过程包括:Optionally, the process of parsing the received TCP connection sent by the client to obtain the client data includes:
对客户端发送的TCP连接中的TLP帧进行解析,丢弃所述TLP帧的帧头,得到所述客户端数据。Analyzing the TLP frame in the TCP connection sent by the client, discarding the frame header of the TLP frame, and obtaining the client data.
可选的,所述对所述预设存储空间中存储的所有所述客户端数据进行TLS计算处理处理的过程包括:Optionally, the process of performing TLS calculation and processing on all the client data stored in the preset storage space includes:
对所述预设存储空间中存储的所有所述客户端数据进行加解密计算及Hash运算;Perform encryption and decryption calculations and Hash operations on all the client data stored in the preset storage space;
相应的,所述对所述服务端数据进行所述TLS计算处理的过程包括:Correspondingly, the process of performing the TLS calculation processing on the server data includes:
对所述服务端数据进行加解密计算及Hash运算。Encryption and decryption calculations and Hash operations are performed on the server data.
可选的,所述处理装置为FPGA、ASIC、微处理器、单片机、CPLD、DSP中的任意一个。Optionally, the processing device is any one of FPGA, ASIC, microprocessor, single-chip microcomputer, CPLD, and DSP.
为解决上述技术问题,本申请还提供了一种连接处理系统,应用于处理装置,所述处理装置独立于CPU,该连接处理系统包括:In order to solve the above technical problems, the present application also provides a connection processing system, which is applied to a processing device, and the processing device is independent of the CPU. The connection processing system includes:
解析模块,用于对接收到的客户端发送的TCP连接进行解析,得到客户端数据;The analysis module is used to analyze the received TCP connection sent by the client to obtain client data;
存储模块,用于将所述客户端数据存储到DDR中与所述TCP连接对应的预设存储空间,并判断所述预设存储空间中存储的所述客户端数据是否满足TLS处理条件,若是,触发第一TLS计算模块;A storage module, configured to store the client data in a preset storage space corresponding to the TCP connection in the DDR, and determine whether the client data stored in the preset storage space meets the TLS processing conditions, and if so , triggering the first TLS calculation module;
所述第一TLS计算模块,用于对所述预设存储空间中存储的所有所述客户端数据进行TLS计算处理,将处理后的所述客户端数据发送至服务端;The first TLS calculation module is configured to perform TLS calculation processing on all the client data stored in the preset storage space, and send the processed client data to the server;
第二TLS计算模块,用于当接收到所述服务端反馈的服务端数据,对所述服务端数据进行所述TLS计算处理,并触发封包模块;The second TLS calculation module is used to perform the TLS calculation processing on the server data when receiving the server data fed back by the server, and trigger the encapsulation module;
所述封包模块,用于将处理后的所述服务端数据封包发送至所述客户端。The packet module is configured to send the processed data packet of the server to the client.
为解决上述技术问题,本申请还提供了一种电子设备,包括:In order to solve the above technical problems, the present application also provides an electronic device, including:
存储器,用于存储计算机程序;memory for storing computer programs;
处理器,用于执行所述计算机程序时实现如上文任意一项所述的连接处理方法的步骤。A processor configured to implement the steps of the connection processing method described in any one of the above when executing the computer program.
为解决上述技术问题,本申请还提供了一种服务器,包括如上文所述的电子设备。In order to solve the above technical problem, the present application further provides a server, including the electronic device as described above.
为解决上述技术问题,本申请还提供了一种可读存储介质,所述可读存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现如上文任意一项所述的连接处理方法的步骤。In order to solve the above technical problems, the present application also provides a readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the connection processing as described in any one of the above is realized method steps.
本申请提供了一种连接处理方法,应用于处理装置,处理装置独立于CPU,该连接处理方法包括:对接收到的客户端发送的TCP连接进行解析,得到客户端数据;将客户端数据存储到DDR中与TCP连接对应的预设存储空间,并判断预设存储空间中存储的客户端数据是否满足TLS处理条件;若是,对预设存储空间中存储的所有客户端数据进行TLS计算处理,将处理后的客户端数据发送至服务端;当接收到服务端反馈的服务端数据,对服务端数据进行TLS计算处理,将处理后的服务端数据封包发送至客户端。The present application provides a connection processing method, which is applied to a processing device, and the processing device is independent of the CPU. The connection processing method includes: analyzing the received TCP connection sent by the client to obtain client data; storing the client data Go to the preset storage space corresponding to the TCP connection in the DDR, and judge whether the client data stored in the preset storage space meets the TLS processing conditions; if so, perform TLS calculation processing on all client data stored in the preset storage space, Send the processed client data to the server; when receiving the server data fed back by the server, perform TLS calculation processing on the server data, and send the processed server data packet to the client.
可见,在实际应用中,采用本申请的方案,首先将接收到的客户端数据存储到DDR中,在存储的客户端数据满足TLS处理条件时,即相关TLS帧全部到齐后,再对DDR中存储的客户端数据进行计算,减少设计复杂度,避免了大量断包处理,状态存储及回读,同时TLS相关计算由独立于CPU的处理装置执行,释放了CPU资源,从而保证服务器性能。It can be seen that in practical applications, the solution of this application is used to first store the received client data in the DDR, and when the stored client data meets the TLS processing conditions, that is, after all relevant TLS frames are in place, the DDR Calculations are performed on client data stored in the server, reducing design complexity and avoiding a large number of packet break processing, state storage and readback. At the same time, TLS-related calculations are performed by a processing device independent of the CPU, which releases CPU resources and ensures server performance.
本申请还提供了一种连接处理系统、电子设备、服务器及可读存储介质,具有和上述连接处理装置相同的有益效果。The present application also provides a connection processing system, an electronic device, a server, and a readable storage medium, which have the same beneficial effect as the above connection processing device.
附图说明Description of drawings
为了更清楚地说明本申请实施例,下面将对实施例中所需要使用的附图做简单的介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the embodiments of the present application more clearly, the following will briefly introduce the accompanying drawings used in the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present application. As far as people are concerned, other drawings can also be obtained based on these drawings on the premise of not paying creative work.
图1为本申请所提供的一种连接处理方法的步骤流程图;FIG. 1 is a flow chart of the steps of a connection processing method provided by the present application;
图2为本申请所提供的一种通过FPGA实现处理装置各功能的总体架构示意图;Fig. 2 is a kind of general architecture schematic diagram that realizes each function of processing device by FPGA provided by the present application;
图3为本申请所提供的一种tpre_pro模块的结构示意图;Fig. 3 is the structural representation of a kind of tpre_pro module provided by the present application;
图4为本申请所提供的一种状态机的示意图;FIG. 4 is a schematic diagram of a state machine provided by the present application;
图5为本申请所提供的一种高带宽处理示意图;FIG. 5 is a schematic diagram of high-bandwidth processing provided by the present application;
图6为本申请所提供的一种连接处理系统的结构示意图。FIG. 6 is a schematic structural diagram of a connection processing system provided by the present application.
具体实施方式Detailed ways
本申请的核心是提供一种连接处理方法、系统、电子设备、服务器及可读存储介质,能够减少设计复杂度,避免大量断包处理、状态存储及回读,同时释放了CPU资源,从而保证服务器性能。The core of this application is to provide a connection processing method, system, electronic equipment, server and readable storage medium, which can reduce design complexity, avoid a large number of broken packet processing, state storage and readback, and release CPU resources at the same time, thereby ensuring server performance.
为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is a part of the embodiments of this application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.
为便于理解本申请所提供的一种连接处理方法,下面对本申请所提供的连接处理方法所适用的处理装置进行说明,该处理装置独立于CPU,以便释放CPU资源。具体的,该处理装置可以为FPGA(Field Programmable Gate Array,现场可编程逻辑门阵列)、ASIC(Application Specific Integrated Circuit,专用集成电路)、微处理器、单片机、CPLD(Complex Programmable Logic Device,复杂可编程逻辑器件)和DSP(Digital SignalProcess,数字信号处理)中的任意一个。In order to facilitate understanding of a connection processing method provided in the present application, the following describes the processing device to which the connection processing method provided in the present application is applied. The processing device is independent of the CPU, so as to release CPU resources. Specifically, the processing device may be FPGA (Field Programmable Gate Array, Field Programmable Logic Gate Array), ASIC (Application Specific Integrated Circuit, Application Specific Integrated Circuit), microprocessor, single-chip microcomputer, CPLD (Complex Programmable Logic Device, complex programmable Any one of programming logic device) and DSP (Digital Signal Process, digital signal processing).
请参照图1,图1为本申请所提供的一种连接处理方法的步骤流程图,该连接处理方法包括:Please refer to FIG. 1. FIG. 1 is a flow chart of the steps of a connection processing method provided by the present application. The connection processing method includes:
S101:对接收到的客户端发送的TCP连接进行解析,得到客户端数据;S101: Analyze the received TCP connection sent by the client to obtain client data;
具体的,该处理装置中包括TOE(TCP Offload Engine,TCP卸载引擎)模块和NIC,其中,TOE模块用于对NIC(网卡)接收到的客户端发送的TCP(Transmission ControlProtocol,传输控制协议)连接进行解析得到TCP包中的Payload(指TCP连接所携带的有效数据),可以理解的是,该Payload即本步骤中的客户端数据,用于构成TLS包。Specifically, the processing device includes a TOE (TCP Offload Engine, TCP offloading engine) module and a NIC, wherein the TOE module is used to connect to the TCP (Transmission Control Protocol, Transmission Control Protocol) sent by the client received by the NIC (network card). Perform analysis to obtain the Payload in the TCP packet (referring to the valid data carried by the TCP connection). It can be understood that the Payload is the client data in this step and is used to form a TLS packet.
作为一种可选的实施例,对接收到的客户端发送的TCP连接进行解析,得到客户端数据的过程包括:对客户端发送的TCP连接中的TLP帧进行解析,丢弃TLP帧的帧头,得到客户端数据,从而进一步降低后续的数据处理难度。As an optional embodiment, the process of parsing the received TCP connection sent by the client to obtain client data includes: parsing the TLP frame in the TCP connection sent by the client, discarding the frame header of the TLP frame , to obtain client data, thereby further reducing the difficulty of subsequent data processing.
S102:将客户端数据存储到DDR中与TCP连接对应的预设存储空间,并判断预设存储空间中存储的客户端数据是否满足TLS处理条件,若是,执行S103;S102: Store the client data in the preset storage space corresponding to the TCP connection in the DDR, and determine whether the client data stored in the preset storage space meets the TLS processing conditions, and if so, execute S103;
具体的,在解析得到客户端数据后,本申请先将客户端数据存储到DDR(DoubleData Rate memory,双倍数据速率)中与该TCP连接对应的预设存储空间,可以理解的是,每个TCP连接在DDR中有其独立的预设存储空间。判断预设存储空间中存储的客户端数据是否满足TLS处理条件,TLS处理条件可以根据实际需要设置,考虑到一些TLS包的完整的数据内容可能跨越多个TCP包,因此,TLS处理条件可以包括但不限于TLS包数据内容完整和/或TLS包满足状态机调整条件等,避免了大量断包处理、状态存储及回读,同时避免同样数据、参数的反复DDR读取,释放了DDR带宽,将宝贵的DDR带宽留给TLS计算引擎,本申请在此对TLS处理条件不作具体地限定。Specifically, after the client data is obtained by parsing, the application first stores the client data in DDR (Double Data Rate memory, double data rate) in the preset storage space corresponding to the TCP connection. It can be understood that each TCP connection has its own independent preset storage space in DDR. Determine whether the client data stored in the preset storage space meets the TLS processing conditions. The TLS processing conditions can be set according to actual needs. Considering that the complete data content of some TLS packets may span multiple TCP packets, the TLS processing conditions can include But not limited to the integrity of the TLS packet data content and/or the TLS packet meets the state machine adjustment conditions, etc., avoiding a large number of packet break processing, state storage and readback, while avoiding repeated DDR reading of the same data and parameters, releasing DDR bandwidth. The precious DDR bandwidth is reserved for the TLS calculation engine, and the present application does not specifically limit the TLS processing conditions here.
其中,可以根据TLS协议的规则来判断一个TLS包是否接收完成。Wherein, whether a TLS packet is received can be judged according to the rules of the TLS protocol.
S103:对预设存储空间中存储的所有客户端数据进行TLS计算处理,将处理后的客户端数据发送至服务端;S103: Perform TLS calculation processing on all client data stored in the preset storage space, and send the processed client data to the server;
S104:当接收到服务端反馈的服务端数据,对服务端数据进行TLS计算处理,将处理后的服务端数据封包发送至客户端。S104: When receiving the server data fed back by the server, perform TLS calculation processing on the server data, and send the processed server data packet to the client.
作为一种可选的实施例,对预设存储空间中存储的所有客户端数据进行TLS计算处理处理的过程包括:As an optional embodiment, the process of performing TLS calculation and processing on all client data stored in the preset storage space includes:
对预设存储空间中存储的所有客户端数据进行加解密计算及Hash运算;Perform encryption and decryption calculations and Hash operations on all client data stored in the preset storage space;
相应的,对服务端数据进行TLS计算处理的过程包括:Correspondingly, the process of performing TLS calculation and processing on server data includes:
对服务端数据进行加解密计算及Hash运算。Perform encryption and decryption calculations and Hash operations on server data.
具体的,对预设存储空间中存储的满足TLS处理条件的客户端数据进行TLS计算处理。可以理解的是,考虑到不同的TCP连接对应不同的预设存储空间,因此,在对满足该TLS处理条件的客户端数据进行TLS处理时,可能是对一个或多个预设存储空间中的客户端数据统一进行TLS计算处理,并将处理后的客户端数据发送至服务端,服务端会根据客户端数据反馈对应的服务端数据,其中TLS计算处理包括但不限于解密计算及Hash(哈希)运算等。在接收到服务端返回的服务端数据后,对服务端数据进行TLS计算处理,并将处理后的服务端数据封包发送至客户端。Specifically, perform TLS calculation processing on the client data stored in the preset storage space that meets the TLS processing conditions. It can be understood that, considering that different TCP connections correspond to different preset storage spaces, when performing TLS processing on client data that meets the TLS processing conditions, it may be performed on one or more preset storage spaces The client data is uniformly processed by TLS calculation, and the processed client data is sent to the server. The server will feed back the corresponding server data according to the client data. The TLS calculation process includes but not limited to decryption calculation and Hash (ha Greek) operations, etc. After receiving the server data returned by the server, perform TLS calculation processing on the server data, and send the processed server data packet to the client.
可见,本实施例中,首先将接收到的客户端数据存储到DDR中,在存储的客户端数据满足TLS处理条件时,即相关TLS帧全部到齐后,再对DDR中存储的客户端数据进行计算,减少设计复杂度,避免了大量断包处理,状态存储及回读,同时TLS相关计算由独立于CPU的处理装置执行,释放了CPU资源,从而保证服务器性能。It can be seen that in this embodiment, the received client data is first stored in the DDR, and when the stored client data meets the TLS processing conditions, that is, after all relevant TLS frames have arrived, the client data stored in the DDR is Perform calculations to reduce design complexity and avoid a large number of packet break processing, state storage and readback. At the same time, TLS-related calculations are performed by a processing device independent of the CPU, which releases CPU resources and ensures server performance.
在上述实施例的基础上:On the basis of above-mentioned embodiment:
作为一种可选的实施例,将客户端数据存储到DDR中与TCP连接对应的预设存储空间之前,该连接处理方法包括:As an optional embodiment, before storing the client data in the preset storage space corresponding to the TCP connection in the DDR, the connection processing method includes:
从预设地址列表中获取TCP连接对应的可写入地址;Obtain the writable address corresponding to the TCP connection from the preset address list;
将客户端数据存储到DDR中与TCP连接对应的预设存储空间的过程包括:The process of storing client data into the preset storage space corresponding to the TCP connection in DDR includes:
按可写入地址将客户端数据存储到DDR中的预设存储空间。Store client data to the preset storage space in DDR according to writable addresses.
作为一种可选的实施例,按可写入地址将客户端数据存储到DDR中的预设存储空间之后,该连接处理方法还包括:As an optional embodiment, after the client data is stored in the preset storage space in the DDR according to the writable address, the connection processing method further includes:
更新预设地址列表中TCP连接的可写入地址,以便基于更新后的可写入地址执行TCP连接对应的新的写入操作。The writable address of the TCP connection in the preset address list is updated, so as to perform a new write operation corresponding to the TCP connection based on the updated writable address.
具体的,本实施例中,每个TCP连接对应DDR中一个地址,每个TCP连接对应的DDR的地址可以存储到预设地址列表Addr_table中,接收到该TCP连接后,可根据该TCP连接的连接号从预设地址列表确定对应的可写入地址,然后将该TCP连接的客户端数据Payload从该可写入地址写入DDR中的某一预设存储空间。写入操作完成后,更新Addr_table中该TCP连接的可写入地址,下一次该TCP连接的写入操作将从更新后的地址写入。本申请在逻辑资源不变的情况下,支持超多TCP连接,且可支持的TCP连接的个数仅受限于DDR空间。Specifically, in this embodiment, each TCP connection corresponds to an address in the DDR, and the address of the DDR corresponding to each TCP connection can be stored in the preset address list Addr_table. The connection number determines the corresponding writable address from the preset address list, and then writes the client data Payload of the TCP connection into a certain preset storage space in the DDR from the writable address. After the write operation is completed, update the writable address of the TCP connection in the Addr_table, and the next write operation of the TCP connection will be written from the updated address. This application supports a large number of TCP connections under the condition that the logical resources remain unchanged, and the number of supported TCP connections is only limited by the DDR space.
作为一种可选的实施例,判断预设存储空间中存储的客户端数据是否满足TLS处理条件的过程包括:As an optional embodiment, the process of judging whether the client data stored in the preset storage space meets the TLS processing conditions includes:
判断预设存储空间内存储的客户端数据是否构成完整的TLS包;Determine whether the client data stored in the preset storage space constitutes a complete TLS package;
若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件;If not, it is determined that the client data stored in the preset storage space does not meet the TLS processing conditions;
若是,判断TLS包是否满足预设状态跳转条件;If so, determine whether the TLS packet meets the preset state jump condition;
若是,判定预设存储空间中存储的客户端数据满足TLS处理条件;If yes, determine that the client data stored in the preset storage space meets the TLS processing conditions;
若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件。作为一种可选的实施例,该连接处理方法还包括:If not, it is determined that the client data stored in the preset storage space does not meet the TLS processing conditions. As an optional embodiment, the connection processing method further includes:
当判定预设存储空间内存储的客户端数据未构成完整的TLS包,记录TLS断点信息;When it is determined that the client data stored in the preset storage space does not constitute a complete TLS package, record the TLS breakpoint information;
其中,TLS断点信息包括TCP连接的链接号、总长度及剩余未接收长度。Wherein, the TLS breakpoint information includes the connection number, the total length and the remaining unreceived length of the TCP connection.
作为一种可选的实施例,该连接处理方法还包括:As an optional embodiment, the connection processing method further includes:
当判定预设存储空间内存储的客户端数据构成完整的TLS包,记录TLS包对应的TLS帧类型和长度。When it is determined that the client data stored in the preset storage space constitutes a complete TLS packet, record the TLS frame type and length corresponding to the TLS packet.
作为一种可选的实施例,该连接处理方法还包括:As an optional embodiment, the connection processing method further includes:
当判定预设存储空间内存储的客户端数据满足TLS处理条件,记录TLS包对应的TCP连接号及待处理操作的操作类型;When it is determined that the client data stored in the preset storage space meets the TLS processing conditions, record the TCP connection number corresponding to the TLS packet and the operation type of the pending operation;
对预设存储空间中存储的所有客户端数据进行TLS计算处理的过程包括:The process of performing TLS calculation and processing on all client data stored in the preset storage space includes:
从预设地址列表中根据TLS包对应的TCP连接号确定可读取地址;Determine the readable address from the preset address list according to the TCP connection number corresponding to the TLS packet;
按可读取地址从预设存储空间中读取客户端数据,并基于待处理操作的操作类型对读取到的客户端数据进行TLS计算处理。Read client data from the preset storage space according to the readable address, and perform TLS calculation processing on the read client data based on the operation type of the pending operation.
作为一种可选的实施例,按可读取地址从预设存储空间中读取客户端数据之后,该连接处理方法还包括:As an optional embodiment, after reading the client data from the preset storage space according to the readable address, the connection processing method further includes:
更新预设地址列表中TCP连接的可读取地址。Update the readable address of the TCP connection in the default address list.
具体的,考虑到一个完整的TLS包的数据内容可能跨越多个TCP包,因此,还会根据TLS协议的规则,判断TLS包是否接收完成,也即判断预设存储空间内存储的客户端数据是否构成完整的TLS包,如果不能构成完整的TLS包,那么说明预设存储空间中存储的客户端数据不满足TLS处理条件,此时,为了提高后续断包续传的可靠性,作为一种可选的实施例,当判定预设存储空间内存储的客户端数据未构成完整的TLS包,记录TLS断点信息;其中,TLS断点信息包括暗语TCP连接的连接号、总长度及剩余未接收长度。Specifically, considering that the data content of a complete TLS packet may span multiple TCP packets, it will also judge whether the TLS packet has been received according to the rules of the TLS protocol, that is, judge the client data stored in the preset storage space Whether it constitutes a complete TLS package. If it cannot form a complete TLS package, it means that the client data stored in the preset storage space does not meet the TLS processing conditions. At this time, in order to improve the reliability of subsequent packet interruption and resume transmission, as a In an optional embodiment, when it is determined that the client data stored in the preset storage space does not constitute a complete TLS package, the TLS breakpoint information is recorded; wherein, the TLS breakpoint information includes the connection number, the total length and the remaining unused TCP connection. Receive length.
进一步的,考虑到进行TLS计算处理时可能需要对一个或多个TLS包统一进行TLS计算处理,因此,如果预设存储空间内存储的客户端数据能够构成一个完整的TLS包,并该判断该完整的TLS包是否满足预设状态跳转条件,即判断该TLS包是否为触发后续处理动作的节点的TLS包,如果不是,则仅记录TLS包对应的TLS帧类型和长度,不进行其他操作,如果是,则记录该TLS包对应的TCP连接号及待处理操作的操作类型等信息,以触发对预设存储空间中存储的满足TLS处理条件的TLS包进行TLS处理的操作。具体的,对预设存储空间中存储的所有客户端数据进行TLS计算处理的过程包括:从预设地址列表中根据TLS包对应的TCP连接号确定可读取地址;按可读取地址从预设存储空间中读取客户端数据,并基于待处理操作的操作类型对读取到的客户端数据进行TLS计算处理。Further, considering that it may be necessary to perform TLS calculation and processing on one or more TLS packets when performing TLS calculation and processing, if the client data stored in the preset storage space can constitute a complete TLS package, it should be judged Whether the complete TLS packet meets the preset state jump condition, that is, to judge whether the TLS packet is the TLS packet of the node that triggers the subsequent processing action, if not, only record the TLS frame type and length corresponding to the TLS packet, and do not perform other operations , if yes, record information such as the TCP connection number corresponding to the TLS packet and the operation type of the operation to be processed, so as to trigger the operation of performing TLS processing on the TLS packets that meet the TLS processing conditions stored in the preset storage space. Specifically, the process of performing TLS calculation and processing on all client data stored in the preset storage space includes: determining the readable address from the preset address list according to the TCP connection number corresponding to the TLS packet; It is assumed that the client data is read in the storage space, and TLS calculation processing is performed on the read client data based on the operation type of the pending operation.
具体的,请参照图2,图2为本申请所提供的一种通过FPGA实现处理装置得功能的总体架构示意图,该FPGA内部包括:NIC、TOE模块、tpre_pro模块、rbpt模块、rfifo模块、tccal模块、tscal模块、tpack模块和DMA(Direct Memory Access,直接存储器访问)模块,该处理装置通过NIC与客户端进行数据交互,通过DMA与Host端(即服务端)进行数据交互。Specifically, please refer to FIG. 2. FIG. 2 is a schematic diagram of the overall architecture of a processing device provided by the present application to realize the functions of the processing device. The FPGA includes: NIC, TOE module, tpre_pro module, rbpt module, rfifo module, tccal module, tscal module, tpack module and DMA (Direct Memory Access, direct memory access) module, the processing device performs data interaction with the client through the NIC, and performs data interaction with the Host end (ie, the server end) through the DMA.
首先对tpre_pro模块进行说明,该模块用于解析TOE模块的输出,解析TCP连接对应的TLP帧,丢弃TLP帧头,并将解析后的客户端数据写入DDR的接收缓存(Rbuff)中,并更新读写指针rbpt,该tpre_pro模块还可以实现断包续传功能,将同一TLP帧拼接到一块,并在收到完整TLS帧后,根据配置将帧类型、连接num写入rfifo中。First, the tpre_pro module is described. This module is used to parse the output of the TOE module, parse the TLP frame corresponding to the TCP connection, discard the TLP frame header, and write the parsed client data into the receiving buffer (Rbuff) of the DDR, and Update the read-write pointer rbpt, the tpre_pro module can also realize the function of continuous transmission after interrupted packets, splicing the same TLP frame into one piece, and after receiving the complete TLS frame, write the frame type and connection num into rfifo according to the configuration.
进一步的,每个TCP连接都有独立的Rbuff,rbpt模块(Rbuff point table)用于存储每个TCP连接的Rbuff的读写指针,通过sram实现,rfifo模块用于保存当前接收的完整tls帧的类型及长度(可能有多个完整TLS帧);tccal(TLS Client CALCU)模块用于进行客户端数据加解密计算、Hash运算等;tscal(TLS Server CALCU)模块,用于服务端数据加解密计算、Hash运算等;tpack(TLS DATA PACK)模块用于对服务端应答数据封包。其中,对于rfifo中保存的TLS帧类型设计如下:Further, each TCP connection has an independent Rbuff, and the rbpt module (Rbuff point table) is used to store the read and write pointers of the Rbuff of each TCP connection, which is implemented by sram, and the rfifo module is used to save the current received complete tls frame Type and length (there may be multiple complete TLS frames); tccal (TLS Client CALCU) module is used for client data encryption and decryption calculations, Hash operations, etc.; tscal (TLS Server CALCU) module is used for server-side data encryption and decryption calculations , Hash operation, etc.; the tpack (TLS DATA PACK) module is used to reply the data packet to the server. Among them, the design of the TLS frame type saved in rfifo is as follows:
1、Client Hello;2、client encrypted handshake message。1. Client Hello; 2. Client encrypted handshake message.
请参照图3,图3为本申请所提供的一种tpre_pro模块的示意图,该tpre_pro模块包括:Parse模块、Shift_mem模块、cmd_fifo模块、WDDR_ctl模块、Addr_table、RDDR_ctl模块。Please refer to FIG. 3 . FIG. 3 is a schematic diagram of a tpre_pro module provided by the present application. The tpre_pro module includes: Parse module, Shift_mem module, cmd_fifo module, WDDR_ctl module, Addr_table, RDDR_ctl module.
具体的,Parse模块接收TOE模块解析得到的TCP包的Payload,Parse模块会根据该TCP连接,控制WDDR_ctl模块将Payload存入DDR中该TCP连接对应的可写入地址,WDDR_ctl模块在执行写入操作将该Payload写入DDR时,会从Addr_table中读取该TCP连接的可写入地址,写入操作完成后,更新Addr_table中该TCP连接的可写入地址,下一次该TCP连接的写入操作将从该地址写入。Specifically, the Parse module receives the Payload of the TCP packet parsed by the TOE module, and the Parse module will control the WDDR_ctl module to store the Payload in the writable address corresponding to the TCP connection in the DDR according to the TCP connection, and the WDDR_ctl module is performing the write operation When the Payload is written into DDR, the writable address of the TCP connection will be read from Addr_table. After the write operation is completed, the writable address of the TCP connection in Addr_table will be updated. The next write operation of the TCP connection Will write from this address.
由于一个TLS包的数据内容可能跨越多个TCP包,因此Parse模块还会根据TLS协议的规则,判断该TLS包是否接收完成,如果该TLS包未接收完成,则Parse模块向Shift_mem模块写入该TLS包的断点信息,断点信息包括TCP连接号、总长度、剩余未接收的长度等;如果该TLS包已接收完成,但该包不属于触发后续处理动作的节点的包,则Parse不进行其他操作;如果该TLS包已接收完成,且该TLS包属于触发后续处理动作的节点的包,则Parse会向cmd_fifo模块写入该TLS包对应的TCP连接号、后续需要进行处理的操作类型等信息;当cmd_fifo不为空,且tpre_pro模块接收到外部的请求时,则从cmd_fifo中取出一条信息,RDDR_ctl根据信息中的TCP连接号,查找Addr_table中该连接的可读取地址,根据该地址从DDR中读取数据,并和cmd_fifo中保存的信息一起作为响应,发送给后续模块进行处理;同时,RDDR_ctl模块更新Addr_table中对应连接的可读取地址。Since the data content of a TLS packet may span multiple TCP packets, the Parse module will also judge whether the TLS packet has been received according to the rules of the TLS protocol. If the TLS packet has not been received, the Parse module will write the The breakpoint information of the TLS packet, the breakpoint information includes the TCP connection number, the total length, the remaining unreceived length, etc.; if the TLS packet has been received, but the packet does not belong to the node that triggers the subsequent processing action, Parse will not Perform other operations; if the TLS packet has been received, and the TLS packet belongs to the node that triggers the subsequent processing action, Parse will write the TCP connection number corresponding to the TLS packet to the cmd_fifo module, and the type of operation that needs to be processed later and other information; when cmd_fifo is not empty, and the tpre_pro module receives an external request, it will take out a piece of information from cmd_fifo, and RDDR_ctl will search for the readable address of the connection in Addr_table according to the TCP connection number in the information, and according to the address Read the data from DDR, and send it to the subsequent module for processing together with the information saved in cmd_fifo; at the same time, the RDDR_ctl module updates the readable address of the corresponding connection in Addr_table.
具体的,对单个Https连接建立过程进行说明,包括:Specifically, the process of establishing a single Https connection is described, including:
0:三次握手建立TCP连接0: Three-way handshake to establish a TCP connection
1:Client hello,提供客户端支持的加密套件。1: Client hello, providing the cipher suites supported by the client.
2:server hello,确定使用的加密套件;2: server hello, determine the encryption suite used;
3:Certificate,发送服务端证书;3: Certificate, send the server certificate;
4:Server key exchange,服务端公钥计算及参数交换;4: Server key exchange, server public key calculation and parameter exchange;
5:Cerfificate request,客户端证书请求;5: Cerfificate request, client certificate request;
6:Sever hello done,服务端hello结束;6: Sever hello done, server hello ends;
7:Client Certificate,发送客户端证书;7: Client Certificate, send the client certificate;
8:Client key exchange,客户端公钥计算及参数交换;8: Client key exchange, client public key calculation and parameter exchange;
9:Client Certificate verify,对前面所有交互进行签名校验;9: Client Certificate verify, perform signature verification on all previous interactions;
10:Client change cipher spec,客户端将使用对称加密;10: Client change cipher spec, the client will use symmetric encryption;
11:Client Encrypted Handshake Message客户端对前面所有交互进行哈希及对称加密;11: Client Encrypted Handshake Message The client performs hash and symmetric encryption on all previous interactions;
12:Sever change cipher spec,服务端将使用对称加密;12: Sever change cipher spec, the server will use symmetric encryption;
13:Sever Encrypted Handshake Message,服务端对前面所有交互进行哈希及对称加密;13: Sever Encrypted Handshake Message, the server performs hash and symmetric encryption on all previous interactions;
14:Aplication Data,两端开始启动对称加密交换应用数据。14: Aplication Data, both ends start symmetric encryption to exchange application data.
基于此,本实施例设置了状态机,状态机示意图参照图4所示,可以理解的是,本申请中的预设状态跳转条件指状态机的跳转条件,其中:Based on this, a state machine is set in this embodiment, and the schematic diagram of the state machine is shown in FIG.
0IDLE即初始状态,接收到Client hello进入下一状态。1client_hello服务端收到client hello,将所有信息下发至FPGA,FPGA通过模块tscal进行信息加密签名计算,然后送入tpack模块发送给TOE模块,此处连续完成的报文有:server hello,确定使用的加密套件;Certificate,发送服务端证书;Server key exchange,服务端公钥计算及参数交换;Cerfificate request,客户端证书请求;Sever hello done,服务端hello结束,进入下一状态,此处由独立模块完成,所有连接均共享该模块。2server_hello_done服务端hellodone,等待客户端报文。3client_certificate、client key exchange、clientcertificate verify、client change cipher spec、client encrypted handshakemessage,上述报文全部存入Rbuff中后,tpre_pro模块将client encrypted handshakemessage类型及报文长度存入rfifo中,并启动tccal模块对接收信息进行计算,计算全部完成,进入下一状态,此处由独立模块完成,所有连接均共享该模块。4server change cipherspec,Encrypted Handshake Message(finihsend)启动tscal计算对称加密秘钥,计算完成后发送server change cipher spec及Encrypted Handshake Message报文给TOE模块,进入下一状态,此处由独立模块完成,所有连接均共享该模块。5Application Data对称加密,该状态进行应用数据的传输。连接关闭后进入idle。0IDLE is the initial state, and enters the next state after receiving Client hello. 1client_hello The server receives the client hello and sends all the information to the FPGA. The FPGA performs information encryption and signature calculation through the module tscal, and then sends it to the tpack module and sends it to the TOE module. Here, the consecutively completed messages include: server hello, confirm to use cipher suite; Certificate, send server certificate; Server key exchange, server public key calculation and parameter exchange; Cerfificate request, client certificate request; The module is complete and all connections share that module. 2server_hello_done server hellodone, waiting for the client message. 3client_certificate, client key exchange, client certificate verify, client change cipher spec, client encrypted handshakemessage, after all the above messages are stored in Rbuff, the tpre_pro module will store the client encrypted handshakemessage type and message length in rfifo, and start the tccal module to receive Information is calculated, all calculations are completed, and the next state is entered, which is completed by an independent module, and all connections share this module. 4server change cipherspec, Encrypted Handshake Message (finihsend) starts tscal to calculate the symmetric encryption key, after the calculation is completed, send the server change cipher spec and Encrypted Handshake Message message to the TOE module, and enter the next state, which is completed by an independent module here, and all connections share the module. 5Application Data is symmetrically encrypted, and the application data is transmitted in this state. Enter idle after the connection is closed.
进一步的,所有状态遇到异常均进入异常处理状态,完成异常处理后,进入idle,所有相关报文全部丢弃。Further, all states will enter the exception processing state when encountering an exception, and enter idle after completing the exception processing, and all relevant messages will be discarded.
参照图5所示,tpre_pro模块保存完整的tls帧,并根据上述状态描述所述,相关tls帧全部到齐后才送入后续TLS计算引擎中处理,大大减少了设计复杂度,避免了大量断包处理、状态存储及回读,同是避免同样数据、参数的反复DDR读取,释放了DDR带宽,将宝贵的DDR带宽留给TLS计算引擎。TLS计算引擎从DDR读取计算所需数据及参数,保存入内部缓存(SRAM),后续计算采用流水处理,以满足线速处理要求。Referring to Figure 5, the tpre_pro module saves complete tls frames, and according to the above status description, all related tls frames are sent to the subsequent TLS calculation engine for processing, which greatly reduces design complexity and avoids a large number of interrupts. Packet processing, state storage, and readback all avoid repeated DDR reading of the same data and parameters, free up DDR bandwidth, and leave precious DDR bandwidth to the TLS computing engine. The TLS calculation engine reads the data and parameters required for calculation from DDR, and saves them in the internal cache (SRAM). Subsequent calculations use pipeline processing to meet line-speed processing requirements.
综上所述,本申请提出一种基于FPGA的多连接高带宽Https实现机制,该机制能够完成TCP断包处理及强相关TLS帧整合,简化有限状态机设计,防止FPGA逻辑工作碎片化,同时在逻辑资源不变的情况下支持超多连接,连接个数仅受限于DDR空间,实现TLS计算引擎流水设计,满足线速设计要求。In summary, this application proposes an FPGA-based multi-connection high-bandwidth Https implementation mechanism, which can complete TCP packet break processing and strongly correlated TLS frame integration, simplify the design of finite state machines, and prevent the fragmentation of FPGA logic work. Under the condition of unchanged logic resources, it supports super-multiple connections, and the number of connections is only limited by the DDR space. It realizes the pipeline design of TLS computing engine and meets the requirements of line-speed design.
请参照图6,图6为本申请所提供的一种连接处理系统的结构示意图,应用于处理装置,处理装置独立于CPU,该连接处理系统包括:Please refer to FIG. 6. FIG. 6 is a schematic structural diagram of a connection processing system provided by the present application, which is applied to a processing device, and the processing device is independent of the CPU. The connection processing system includes:
解析模块1,用于对接收到的客户端发送的TCP连接进行解析,得到客户端数据;Parsing module 1, for parsing the received TCP connection sent by the client to obtain client data;
存储模块2,用于将客户端数据存储到DDR中与TCP连接对应的预设存储空间,并判断预设存储空间中存储的客户端数据是否满足TLS处理条件,若是,触发第一TLS计算模块3;The
第一TLS计算模块3,用于对预设存储空间中存储的所有客户端数据进行TLS计算处理,将处理后的客户端数据发送至服务端;The first
第二TLS计算模块4,用于当接收到服务端反馈的服务端数据,对服务端数据进行TLS计算处理,并触发封包模块5;The second
封包模块5,用于将处理后的服务端数据封包发送至客户端。The
可见,本实施例中,首先将接收到的客户端数据存储到DDR中,在存储的客户端数据满足TLS处理条件时,即相关TLS帧全部到齐后,再对DDR中存储的客户端数据进行计算,减少设计复杂度,避免了大量断包处理,状态存储及回读,同时TLS相关计算由独立于CPU的处理装置执行,释放了CPU资源,从而保证服务器性能。It can be seen that in this embodiment, the received client data is first stored in the DDR, and when the stored client data meets the TLS processing conditions, that is, after all relevant TLS frames have arrived, the client data stored in the DDR is Perform calculations to reduce design complexity and avoid a large number of packet break processing, state storage and readback. At the same time, TLS-related calculations are performed by a processing device independent of the CPU, which releases CPU resources and ensures server performance.
作为一种可选的实施例,该连接处理系统包括:As an optional embodiment, the connection processing system includes:
第一获取模块,用于从预设地址列表中获取TCP连接对应的可写入地址;The first obtaining module is used to obtain the writable address corresponding to the TCP connection from the preset address list;
将客户端数据存储到DDR中与TCP连接对应的预设存储空间的过程包括:The process of storing client data into the preset storage space corresponding to the TCP connection in DDR includes:
按可写入地址将客户端数据存储到DDR中的预设存储空间。Store client data to the preset storage space in DDR according to writable addresses.
作为一种可选的实施例,按可写入地址将客户端数据存储到DDR中的预设存储空间之后,该连接处理系统还包括:As an optional embodiment, after the client data is stored in the preset storage space in the DDR according to the writable address, the connection processing system further includes:
第一更新模块,用于更新预设地址列表中TCP连接的可写入地址,以便基于更新后的可写入地址执行TCP连接对应的新的写入操作。The first update module is configured to update the writable address of the TCP connection in the preset address list, so as to perform a new write operation corresponding to the TCP connection based on the updated writable address.
作为一种可选的实施例,判断预设存储空间中存储的客户端数据是否满足TLS处理条件的过程包括:As an optional embodiment, the process of judging whether the client data stored in the preset storage space meets the TLS processing conditions includes:
判断预设存储空间内存储的客户端数据是否构成完整的TLS包;Determine whether the client data stored in the preset storage space constitutes a complete TLS package;
若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件;If not, it is determined that the client data stored in the preset storage space does not meet the TLS processing conditions;
若是,判断TLS包是否满足预设状态跳转条件;If so, determine whether the TLS packet meets the preset state jump condition;
若是,判定预设存储空间中存储的客户端数据满足TLS处理条件;If yes, determine that the client data stored in the preset storage space meets the TLS processing conditions;
若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件。If not, it is determined that the client data stored in the preset storage space does not meet the TLS processing conditions.
作为一种可选的实施例,该连接处理系统还包括:As an optional embodiment, the connection processing system further includes:
第一记录模块,用于当判定预设存储空间内存储的客户端数据未构成完整的TLS包,记录TLS断点信息;The first recording module is used to record TLS breakpoint information when it is determined that the client data stored in the preset storage space does not constitute a complete TLS package;
其中,TLS断点信息包括TCP连接的连接号、总长度及剩余未接收长度。Wherein, the TLS breakpoint information includes the connection number, the total length and the remaining unreceived length of the TCP connection.
作为一种可选的实施例,该连接处理系统还包括:As an optional embodiment, the connection processing system further includes:
第二记录模块,用于当判定预设存储空间内存储的客户端数据构成完整的TLS包,记录TLS包对应的TLS帧类型和长度。The second recording module is configured to record the TLS frame type and length corresponding to the TLS packet when it is determined that the client data stored in the preset storage space constitutes a complete TLS packet.
作为一种可选的实施例,该连接处理系统还包括:As an optional embodiment, the connection processing system further includes:
第三记录模块,用于当判定预设存储空间内存储的客户端数据满足TLS处理条件,记录TLS包对应的TCP连接号及待处理操作的操作类型;The third recording module is used to record the TCP connection number corresponding to the TLS packet and the operation type of the operation to be processed when it is determined that the client data stored in the preset storage space meets the TLS processing conditions;
对预设存储空间中存储的所有客户端数据进行TLS计算处理的过程包括:The process of performing TLS calculation and processing on all client data stored in the preset storage space includes:
从预设地址列表中根据TLS包对应的TCP连接号确定可读取地址;Determine the readable address from the preset address list according to the TCP connection number corresponding to the TLS packet;
按可读取地址从预设存储空间中读取客户端数据,并基于待处理操作的操作类型对读取到的客户端数据进行TLS计算处理。Read client data from the preset storage space according to the readable address, and perform TLS calculation processing on the read client data based on the operation type of the pending operation.
作为一种可选的实施例,该连接处理系统还包括:As an optional embodiment, the connection processing system further includes:
第二更新模块,用于更新预设地址列表中TCP连接的可读取地址。The second updating module is used for updating the readable address of the TCP connection in the preset address list.
作为一种可选的实施例,对接收到的客户端发送的TCP连接进行解析,得到客户端数据的过程包括:As an optional embodiment, the process of parsing the received TCP connection sent by the client and obtaining the client data includes:
对客户端发送的TCP连接中的TLP帧进行解析,丢弃TLP帧的帧头,得到客户端数据。Analyze the TLP frame in the TCP connection sent by the client, discard the frame header of the TLP frame, and obtain the client data.
作为一种可选的实施例,对预设存储空间中存储的所有客户端数据进行TLS计算处理处理的过程包括:As an optional embodiment, the process of performing TLS calculation and processing on all client data stored in the preset storage space includes:
对预设存储空间中存储的所有客户端数据进行加解密计算及Hash运算;Perform encryption and decryption calculations and Hash operations on all client data stored in the preset storage space;
相应的,对服务端数据进行TLS计算处理的过程包括:Correspondingly, the process of performing TLS calculation and processing on server data includes:
对服务端数据进行加解密计算及Hash运算。Perform encryption and decryption calculations and Hash operations on server data.
作为一种可选的实施例,处理装置为FPGA、ASIC、微处理器、单片机、CPLD、DSP中的任意一个。As an optional embodiment, the processing device is any one of FPGA, ASIC, microprocessor, single-chip microcomputer, CPLD, and DSP.
为解决上述技术问题,本申请还提供了一种电子设备,包括:In order to solve the above technical problems, the present application also provides an electronic device, including:
存储器,用于存储计算机程序;memory for storing computer programs;
处理器,用于执行计算机程序时实现如上文任意一个实施例所描述的连接处理方法的步骤。The processor is configured to implement the steps of the connection processing method described in any one of the above embodiments when executing the computer program.
具体的,存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统和计算机可读指令,该内存储器为非易失性存储介质中的操作系统和计算机可读指令的运行提供环境。处理器执行存储器中保存的计算机程序时,可以实现以下步骤:对接收到的客户端发送的TCP连接进行解析,得到客户端数据;将客户端数据存储到DDR中与TCP连接对应的预设存储空间,并判断预设存储空间中存储的客户端数据是否满足TLS处理条件;若是,对预设存储空间中存储的所有客户端数据进行TLS计算处理,将处理后的客户端数据发送至服务端;当接收到服务端反馈的服务端数据,对服务端数据进行TLS计算处理,将处理后的服务端数据封包发送至客户端。Specifically, the memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer-readable instructions, and the internal memory provides an environment for the operation of the operating system and computer-readable instructions in the non-volatile storage medium. When the processor executes the computer program stored in the memory, the following steps can be implemented: analyze the received TCP connection sent by the client to obtain client data; store the client data in the preset storage corresponding to the TCP connection in the DDR Space, and judge whether the client data stored in the preset storage space meets the TLS processing conditions; if so, perform TLS calculation processing on all client data stored in the preset storage space, and send the processed client data to the server ; When receiving the server data fed back by the server, perform TLS calculation processing on the server data, and send the processed server data packet to the client.
可见,本实施例中,首先将接收到的客户端数据存储到DDR中,在存储的客户端数据满足TLS处理条件时,即相关TLS帧全部到齐后,再对DDR中存储的客户端数据进行计算,减少设计复杂度,避免了大量断包处理,状态存储及回读,同时TLS相关计算由独立于CPU的处理装置执行,释放了CPU资源,从而保证服务器性能。It can be seen that in this embodiment, the received client data is first stored in the DDR, and when the stored client data meets the TLS processing conditions, that is, after all relevant TLS frames have arrived, the client data stored in the DDR is Perform calculations to reduce design complexity and avoid a large number of packet break processing, state storage and readback. At the same time, TLS-related calculations are performed by a processing device independent of the CPU, which releases CPU resources and ensures server performance.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:从预设地址列表中获取TCP连接对应的可写入地址,按可写入地址将客户端数据存储到DDR中的预设存储空间。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: obtain the writable address corresponding to the TCP connection from the preset address list, Data is stored to the preset storage space in DDR.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:更新预设地址列表中TCP连接的可写入地址,以便基于更新后的可写入地址执行TCP连接对应的新的写入操作。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: update the writable address of the TCP connection in the preset address list, so as to execute based on the updated writable address The new write operation corresponding to the TCP connection.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:判断预设存储空间内存储的客户端数据是否构成完整的TLS包;若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件;若是,判断TLS包是否满足预设状态跳转条件;若是,判定预设存储空间中存储的客户端数据满足TLS处理条件;若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: determine whether the client data stored in the preset storage space constitutes a complete TLS package; if not, determine whether the preset The client data stored in the storage space does not meet the TLS processing conditions; if so, determine whether the TLS packet meets the preset state jump condition; if so, determine that the client data stored in the preset storage space meets the TLS processing conditions; if not, determine Client data stored in the preset storage space does not meet the TLS processing conditions.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:当判定预设存储空间内存储的客户端数据未构成完整的TLS包,记录TLS断点信息,其中,TLS断点信息包括TCP连接的连接号、总长度及剩余未接收长度。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: when it is determined that the client data stored in the preset storage space does not constitute a complete TLS packet, record the TLS breakpoint information , wherein the TLS breakpoint information includes the connection number, total length and remaining unreceived length of the TCP connection.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:当判定预设存储空间内存储的客户端数据构成完整的TLS包,记录TLS包对应的TLS帧类型和长度。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: When it is determined that the client data stored in the preset storage space constitutes a complete TLS packet, record the TLS packet corresponding to the TLS packet. Frame type and length.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:当判定预设存储空间内存储的客户端数据满足TLS处理条件,记录TLS包对应的TCP连接号及待处理操作的操作类型;从预设地址列表中根据TLS包对应的TCP连接号确定可读取地址;按可读取地址从预设存储空间中读取客户端数据,并基于待处理操作的操作类型对读取到的客户端数据进行TLS计算处理。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: when it is determined that the client data stored in the preset storage space meets the TLS processing conditions, record the TCP connection corresponding to the TLS packet number and the operation type of the pending operation; determine the readable address from the preset address list according to the TCP connection number corresponding to the TLS packet; read the client data from the preset storage space according to the readable address, and based on the pending The operation type of the operation performs TLS calculation processing on the read client data.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:更新预设地址列表中TCP连接的可读取地址。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps may be implemented: updating the readable address of the TCP connection in the preset address list.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:对客户端发送的TCP连接中的TLP帧进行解析,丢弃TLP帧的帧头,得到客户端数据。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: analyze the TLP frame in the TCP connection sent by the client, discard the frame header of the TLP frame, and obtain the data.
作为一种可选的实施例,处理器执行存储器中保存的计算机子程序时,可以实现以下步骤:对预设存储空间中存储的所有客户端数据进行加解密计算及Hash运算,对服务端数据进行加解密计算及Hash运算。As an optional embodiment, when the processor executes the computer subroutine stored in the memory, the following steps can be implemented: performing encryption and decryption calculations and Hash operations on all client data stored in the preset storage space, and performing hash operations on the server data Perform encryption and decryption calculations and Hash operations.
为解决上述技术问题,本申请还提供了一种可读存储介质,可读存储介质上存储有计算机程序,计算机程序被处理器执行时实现如上文任意一个实施例所描述的连接处理方法的步骤。In order to solve the above technical problems, the present application also provides a readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the connection processing method as described in any one of the above embodiments are implemented .
该可读存储介质可以包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。该存储介质上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:对接收到的客户端发送的TCP连接进行解析,得到客户端数据;将客户端数据存储到DDR中与TCP连接对应的预设存储空间,并判断预设存储空间中存储的客户端数据是否满足TLS处理条件;若是,对预设存储空间中存储的所有客户端数据进行TLS计算处理,将处理后的客户端数据发送至服务端;当接收到服务端反馈的服务端数据,对服务端数据进行TLS计算处理,将处理后的服务端数据封包发送至客户端。The readable storage medium may include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc., which can store program codes. medium. A computer program is stored on the storage medium, and when the computer program is executed by the processor, the following steps are implemented: analyzing the received TCP connection sent by the client to obtain client data; storing the client data in the DDR corresponding to the TCP connection preset storage space, and determine whether the client data stored in the preset storage space meets the TLS processing conditions; if so, perform TLS calculation processing on all client data stored in the preset Send to the server; when receiving the server data fed back by the server, perform TLS calculation processing on the server data, and send the processed server data packet to the client.
可见,本实施例中,首先将接收到的客户端数据存储到DDR中,在存储的客户端数据满足TLS处理条件时,即相关TLS帧全部到齐后,再对DDR中存储的客户端数据进行计算,减少设计复杂度,避免了大量断包处理,状态存储及回读,同时TLS相关计算由独立于CPU的处理装置执行,释放了CPU资源,从而保证服务器性能。It can be seen that in this embodiment, the received client data is first stored in the DDR, and when the stored client data meets the TLS processing conditions, that is, after all relevant TLS frames have arrived, the client data stored in the DDR is Perform calculations to reduce design complexity and avoid a large number of packet break processing, state storage and readback. At the same time, TLS-related calculations are performed by a processing device independent of the CPU, which releases CPU resources and ensures server performance.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:从预设地址列表中获取TCP连接对应的可写入地址,按可写入地址将客户端数据存储到DDR中的预设存储空间。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps can be specifically implemented: obtain the writable address corresponding to the TCP connection from the preset address list, and press the Write address to store client data to the preset storage space in DDR.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:更新预设地址列表中TCP连接的可写入地址,以便基于更新后的可写入地址执行TCP连接对应的新的写入操作。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps can be specifically implemented: updating the writable address of the TCP connection in the preset address list, so that based on the updated The writable address of the TCP connection corresponds to the new write operation.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:判断预设存储空间内存储的客户端数据是否构成完整的TLS包;若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件;若是,判断TLS包是否满足预设状态跳转条件;若是,判定预设存储空间中存储的客户端数据满足TLS处理条件;若否,判定预设存储空间中存储的客户端数据不满足TLS处理条件。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps may be specifically implemented: judging whether the client data stored in the preset storage space constitutes a complete TLS package; If not, determine that the client data stored in the preset storage space does not meet the TLS processing conditions; if so, determine whether the TLS packet meets the preset state jump condition; if so, determine that the client data stored in the preset storage space meets the TLS processing conditions condition; if not, it is determined that the client data stored in the preset storage space does not meet the TLS processing conditions.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:当判定预设存储空间内存储的客户端数据未构成完整的TLS包,记录TLS断点信息,其中,TLS断点信息包括TCP连接的连接号、总长度及剩余未接收长度。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps can be specifically implemented: when it is determined that the client data stored in the preset storage space does not constitute a complete TLS packet , to record TLS breakpoint information, wherein the TLS breakpoint information includes the connection number, total length and remaining unreceived length of the TCP connection.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:当判定预设存储空间内存储的客户端数据构成完整的TLS包,记录TLS包对应的TLS帧类型和长度。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps may be specifically implemented: when it is determined that the client data stored in the preset storage space constitutes a complete TLS package, Record the TLS frame type and length corresponding to the TLS packet.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:当判定预设存储空间内存储的客户端数据满足TLS处理条件,记录TLS包对应的TCP连接号及待处理操作的操作类型;从预设地址列表中根据TLS包对应的TCP连接号确定可读取地址;按可读取地址从预设存储空间中读取客户端数据,并基于待处理操作的操作类型对读取到的客户端数据进行TLS计算处理。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps can be specifically implemented: when it is determined that the client data stored in the preset storage space meets the TLS processing conditions, record The TCP connection number corresponding to the TLS packet and the operation type of the pending operation; determine the readable address from the preset address list according to the TCP connection number corresponding to the TLS packet; read the client from the preset storage space according to the readable address Data, and perform TLS calculation processing on the read client data based on the operation type of the operation to be processed.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:更新预设地址列表中TCP连接的可读取地址。As an optional embodiment, when the computer subprogram stored in the computer-readable storage medium is executed by the processor, the following steps may be specifically implemented: updating the readable address of the TCP connection in the preset address list.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:对客户端发送的TCP连接中的TLP帧进行解析,丢弃TLP帧的帧头,得到客户端数据。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps can be specifically implemented: parsing the TLP frame in the TCP connection sent by the client, discarding the TLP frame Frame header, get client data.
作为一种可选的实施例,计算机可读存储介质中存储的计算机子程序被处理器执行时,具体可以实现以下步骤:对预设存储空间中存储的所有客户端数据进行加解密计算及Hash运算,对服务端数据进行加解密计算及Hash运算。As an optional embodiment, when the computer subroutine stored in the computer-readable storage medium is executed by the processor, the following steps can be implemented specifically: performing encryption and decryption calculation and hashing on all client data stored in the preset storage space Operation, encrypt and decrypt calculation and Hash operation on server data.
另一方面,本申请还提供了一种服务器,包括如上文的电子设备。On the other hand, the present application also provides a server, including the electronic device as above.
对于本申请所提供的一种服务器的介绍,请参照上述实施例,本申请在此不再赘述。For the introduction of a server provided in this application, please refer to the above-mentioned embodiments, and this application will not repeat it here.
本申请所提供的一种服务器具有和上述连接处理方法相同的有益效果。A server provided by the present application has the same beneficial effects as the above connection processing method.
还需要说明的是,在本说明书中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的状况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should also be noted that in this specification, relative terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that these entities or operations There is no such actual relationship or order between the operations. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.
对所公开的实施例的上述说明,使本领域专业技术人员能够实现或使用本申请。对这些实施例的多种修改对本领域的专业技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本申请的精神或范围的情况下,在其他实施例中实现。因此,本申请将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相一致的最宽的范围。The above description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the application. Therefore, the present application will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (14)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210840515.7A CN115190175B (en) | 2022-07-18 | 2022-07-18 | Connection processing method, system, electronic device, server and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210840515.7A CN115190175B (en) | 2022-07-18 | 2022-07-18 | Connection processing method, system, electronic device, server and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115190175A CN115190175A (en) | 2022-10-14 |
| CN115190175B true CN115190175B (en) | 2023-07-14 |
Family
ID=83518531
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210840515.7A Active CN115190175B (en) | 2022-07-18 | 2022-07-18 | Connection processing method, system, electronic device, server and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115190175B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8528085B1 (en) * | 2011-12-28 | 2013-09-03 | Emc Corporation | Method and system for preventing de-duplication side-channel attacks in cloud storage systems |
| CN103699504A (en) * | 2013-12-30 | 2014-04-02 | 龙芯中科技术有限公司 | DDR physical layer and data processing method and device therefor |
| CN108563808A (en) * | 2018-01-05 | 2018-09-21 | 中国科学技术大学 | The design method of heterogeneous reconfigurable figure computation accelerator system based on FPGA |
| CN109413201A (en) * | 2018-11-27 | 2019-03-01 | 东软集团股份有限公司 | SSL traffic method, apparatus and storage medium |
| CN111741246A (en) * | 2020-06-12 | 2020-10-02 | 浪潮(北京)电子信息产业有限公司 | A video storage method, device, SOC system, and medium |
| CN111858038A (en) * | 2020-06-30 | 2020-10-30 | 浪潮电子信息产业股份有限公司 | Method, device and medium for reading data in FPGA board memory |
| CN114490467A (en) * | 2022-01-26 | 2022-05-13 | 中国电子科技集团公司第五十四研究所 | Message processing DMA (direct memory access) system and method of multi-core network processor |
-
2022
- 2022-07-18 CN CN202210840515.7A patent/CN115190175B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8528085B1 (en) * | 2011-12-28 | 2013-09-03 | Emc Corporation | Method and system for preventing de-duplication side-channel attacks in cloud storage systems |
| CN103699504A (en) * | 2013-12-30 | 2014-04-02 | 龙芯中科技术有限公司 | DDR physical layer and data processing method and device therefor |
| CN108563808A (en) * | 2018-01-05 | 2018-09-21 | 中国科学技术大学 | The design method of heterogeneous reconfigurable figure computation accelerator system based on FPGA |
| CN109413201A (en) * | 2018-11-27 | 2019-03-01 | 东软集团股份有限公司 | SSL traffic method, apparatus and storage medium |
| CN111741246A (en) * | 2020-06-12 | 2020-10-02 | 浪潮(北京)电子信息产业有限公司 | A video storage method, device, SOC system, and medium |
| CN111858038A (en) * | 2020-06-30 | 2020-10-30 | 浪潮电子信息产业股份有限公司 | Method, device and medium for reading data in FPGA board memory |
| CN114490467A (en) * | 2022-01-26 | 2022-05-13 | 中国电子科技集团公司第五十四研究所 | Message processing DMA (direct memory access) system and method of multi-core network processor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115190175A (en) | 2022-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Moon et al. | {AccelTCP}: Accelerating network applications with stateful {TCP} offloading | |
| US10541984B2 (en) | Hardware-accelerated payload filtering in secure communication | |
| US8255544B2 (en) | Establishing a split-terminated communication connection through a stateful firewall, with network transparency | |
| CN105704091B (en) | A kind of session analytic method and system based on SSH agreement | |
| CN114124929B (en) | Cross-network data processing methods and devices | |
| US12034604B2 (en) | MQTT protocol simulation method and simulation device | |
| US20210014343A1 (en) | Method, apparatus and computer program product for processing data | |
| CN110753095B (en) | Data processing method, device and storage medium of network card | |
| CN115297164A (en) | Network proxy method, device, electronic equipment and computer readable storage medium | |
| US11799942B2 (en) | Terminal device and communication method | |
| CN115190175B (en) | Connection processing method, system, electronic device, server and readable storage medium | |
| CN111552668B (en) | High-performance cross-domain copying method based on zfs file system | |
| CN116545995A (en) | Portal authentication method, system, equipment and storage medium based on HTTPS | |
| WO2024040846A1 (en) | Data processing method and apparatus, electronic device, and storage medium | |
| CN115766902A (en) | Method, device, equipment and medium for transmitting non-sensitive data through QUIC | |
| CN118509252B (en) | Encrypted traffic mirror image outgoing method and device | |
| CN118573481B (en) | HTTP message transparent safe processing system and method supporting local cipher machine | |
| TW201437940A (en) | A method, a backup server and a computer program product for providing efficient data replication for a transaction processing server | |
| CN114553938B (en) | A communication message processing method, device, electronic equipment and storage medium | |
| CN117640289B (en) | Gateway and equipment based on user mode WireGuard protocol | |
| CN117354368B (en) | Client information transparent transmission method, device and equipment under seven-layer proxy and storage medium | |
| CN118590517A (en) | Data communication chip, system, method, device and electronic equipment | |
| JP2023535277A (en) | Packet transfer method, device, network node and storage medium | |
| CN114500399A (en) | Data transmission method, apparatus, medium and product | |
| CN117938985A (en) | Data processing method, device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |