摘要
To reduce the TCP flow processing cost, some bit patterns selected from the TCP/IP packet can be used as TCP flow identification. Based on the entropy and randomness analysis of the distribution of sequence number (SN) and acknowledgement number (AN) in the first packet of a TCP flow, this paper proposes a new uniform TCP flow identification by sequence and acknowledgement number (FIDSAN) to the heavy-tailed IP or TCP traffic. The experimental results suggest that some bits in the TCP sequence number and acknowledgment number can be selected out as flow ID with acceptable confliction probability. The bit length of flow ID selected under given confliction probability can be conducted from an equation deduced from the observing window and flow ID range. FIDSAN has low computation cost in the comparison with the traditional methods, such as 5-tuple, CRC, and Checksum etc.
为了降低TCP流的处理开销,可以从TCP/IP报文中选取某些位串来作为流的标识.从位熵和随机性的角度分析了TCP流首报文的顺序号(SN)和确认号(AN)的分布,提出了一种从重尾的IP或TCP流里获得随机均匀的流标识的新方法(FIDSAN).实验结果表明,在可以接受的冲突概率下,TCP流首报文的顺序号和确认号的部分高位比特可以用来作为流标签.给定冲突概率时,该流标识的比特长度可以根据一个由观察窗口和流ID值域导出的关系式求出.与TCP五元组,CRC,Checksum等比较发现,FIDSAN具有更低的计算开销.
基金
TheNationalBasicResearchProgramofChina(973Program)(No.2003CB314804).
