摘要
随着网络速率的不断提升,网络安全系统对于数据包内容的实时检测变得越发困难,基于零拷贝思想和多核技术设计实现了一种高速报文内容检测系统,系统采用零拷贝的思想消除数据包在处理过程中的复制操作,提高系统对数据包的处理效率,并通过创建可并行处理的数据包缓冲区,实现对捕获数据包的并行处理,成倍提高系统对数据包的处理速率.经测试,本文实现的高速报文内容检测系统对高速数据流具有很好的处理性能.
As the rate of network devices is constantly upgrading, it is getting more and more difficult to design a network security system for real-time packet content detection. In this paper, the author devised a new high-speed packet content detection system which is based on zero-copy and multi-core technology. Zero-Copy is employed to eliminate the overhead in the process of duplicate copy. Multi-core technology is used in the parallel computing of captured packets. By means of comprehensive experiment, it is showed that the high-speed packet content detection system we proposed possess a favourable performance.
出处
《小型微型计算机系统》
CSCD
北大核心
2013年第11期2496-2498,共3页
Journal of Chinese Computer Systems
基金
国家自然基金项目(60903184
61073167)资助
国家"八六三"高技术研究发展计划项目(2008AA01A323)资助
国家科技支撑计划项目(2011BAH15B08)资助
关键词
网络安全
零拷贝技术
并行处理
多核技术
network security
zero-copy technology
parallel processing
multi-core technology
