Currently, the fixed broadband service develops quickly, which brings both opportunities and challenges to operators. With the popularity of applications such as peer-to-peer (P2P), online games, Web television (TV), and Voice over Internet Protocol (VoIP), a series of issues such as broadband management, content-based charging, and information security processing follows.
A deep packet inspection (DPI) technology is considered as a most effective method to deal with a management issue resulting from that multiple services run in a network, that is, the DPI technology can be used to quickly parse network messages of the multiple services running in the network, and identify an application protocol to which a network message belongs.
However, only obtaining, by parsing, the application protocol to which the network message belongs is not enough, it is further required to obtain interesting data carried in the network message by parsing, for example, for a hypertext transfer protocol (HTTP) network message, a method for parsing an HTTP protocol network message is provided in the prior art, where specifically, a network server receives an HTTP protocol network message transmitted between a server and a client, and a data parsing module in the network server presets implementation logic according to a format of the HTTP protocol, and performs processing according to the preset logic after receiving the HTTP protocol network message. The parsing method in the prior art is described by using the following network message as an example:
“GET/root.html HTTP/1.1\r\n”
“User-Agent: Mozilla/5.0 \r\n”
“Host: d.wikimedia.org\r\n”
“Accept-Encoding: gzip,deflate\r\n”
“Keep-Alive: 115\r\n”
“Connection: keep-alive\r\n”
“Content-Length: 10\r\n\r\n”
“0123456789”
When parsing the HTTP protocol network message, the parsing module with a preset logic in the network server obtains, by matching, a request method type and a Host header field value from the network message by using a character-by-character scanning method. In the foregoing example, the determined request method type is “GET”, information that is a uniform resource locator (URL) (“/root.html” specifically) requested by the request method and the Host header field value “d.wikimedia.org” are output to a policy matching module in the network server, where “/root.html” and “d.wikimedia.org” are interesting data carried in the network message; and the policy matching module obtains, by matching, a pre-defined policy, such as a charging policy, used by a data flow, and outputs the pre-defined policy to a policy execution module in the network server, so that the policy execution module in the network server executes the pre-defined policy for the data flow.
The prior art has the following disadvantages:
Because protocols are in different formats, extracted interesting data is different during processing, and it is required to perform analysis and processing for each protocol in advance. However, in a case where the network message received by the network server and transferred between the server and the client has multiple protocols for switching, for example, for a tunnel using the HTTP protocol as a real time streaming protocol (RTSP), an RTSP protocol network message is switched to a real time transport protocol (RTP) network message after a while, the prior art needs to reset implementation logic accordingly, and needs to modify software and hardware to support the protocol switching, so that hitless upgrade, that is, upgrade without service interruption, cannot be implemented, and the reliable operation of the network server is affected.