CN109412893B - Message playback method and device - Google Patents
Message playback method and device Download PDFInfo
- Publication number
- CN109412893B CN109412893B CN201811237036.6A CN201811237036A CN109412893B CN 109412893 B CN109412893 B CN 109412893B CN 201811237036 A CN201811237036 A CN 201811237036A CN 109412893 B CN109412893 B CN 109412893B
- Authority
- CN
- China
- Prior art keywords
- message
- preset number
- data message
- source
- dpi
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
Abstract
The embodiment of the application provides a message playback method and a device, wherein the method comprises the following steps: determining a file to be played back, and extracting load information of each data message in the file to be played back; constructing message headers which respectively correspond to a preset number of source addresses and specify protocol types, and establishing threads which respectively correspond to the preset number of source addresses; adopting message heads corresponding to the source addresses in the preset number of source addresses to respectively carry out encapsulation processing on the extracted load information to obtain a preset number of reconstructed data messages corresponding to the load information; and sending each reconstructed data message to the DPI equipment by adopting a thread corresponding to each source address in a preset number of source addresses, so that the DPI equipment performs DPI test according to each received reconstructed data message. By applying the technical scheme provided by the embodiment of the application, the efficiency of the DPI test can be improved, and the test effect of the DPI is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for playing back a packet.
Background
With the development of network technology, malicious behaviors threatening network security become increasingly complex, and even many malicious behaviors are hidden in application layer loads of data messages. This makes DPI (Deep Packet Inspection) functionality increasingly indispensable, and DPI testing also becomes increasingly important.
Currently, DPI testing mainly uses tcdisplay and other software to play back messages. Specifically, a server running Tcpre software acquires a file to be played back (such as a pcap file), the pcap file comprises a plurality of data messages, a source address of each data message in the pcap file is rewritten into an address of the server, a destination address of each data message in the pcap file is rewritten into an address of preset equipment, and a plurality of data messages are obtained again. And the server sends the plurality of data messages obtained again to the DPI equipment one by one. And the DPI equipment performs DPI test according to the data message.
In the message playback, the server can only play back one data message at a time, which causes that the DPI equipment can only perform DPI test according to one data message at the same time, and causes that the efficiency of the DPI test is low. Meanwhile, the source address and the destination address of each data message subjected to the DPI test by the DPI equipment are the same, the DPI test is single, and the test effect is poor.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for replaying a packet, so as to improve efficiency of a DPI test and improve a test effect of the DPI. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present application provides a message playback method, where the method includes:
determining a file to be played back, and extracting load information of each data message in the file to be played back;
constructing message headers which respectively correspond to a preset number of source addresses and specify protocol types, and establishing threads which respectively correspond to the preset number of source addresses;
adopting the message head corresponding to each source address in the preset number of source addresses to respectively extract each source address
The load information is subjected to encapsulation processing to obtain a preset number of reconstructed data messages corresponding to each load information;
and sending each reconstructed data message to DPI equipment by adopting the thread corresponding to each source address in the preset number of source addresses, so that the DPI equipment performs DPI test according to each received reconstructed data message.
In a second aspect, an embodiment of the present application provides a message playback apparatus, where the apparatus includes:
the extraction unit is used for determining a file to be played back and extracting load information of each data message in the file to be played back;
the device comprises a construction unit and a processing unit, wherein the construction unit is used for constructing message headers which respectively correspond to a preset number of source addresses and specify protocol types, and establishing threads which respectively correspond to the preset number of source addresses;
the encapsulation unit is used for respectively encapsulating the extracted load information by adopting the message header corresponding to each source address in the preset number of source addresses to obtain a preset number of reconstructed data messages corresponding to each load information;
and the sending unit is used for sending each reconstructed data message to DPI equipment by adopting a thread corresponding to each source address in the preset number of source addresses, so that the DPI equipment performs DPI test according to each received reconstructed data message.
In a third aspect, embodiments provide an electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: any step of the message playback method provided in the first aspect is implemented.
In a fourth aspect, embodiments of the present application provide a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: any step of the message playback method provided in the first aspect is implemented.
According to the technical scheme, the multiple threads are opened, the multiple threads can simultaneously forward the multiple reconstructed data messages, the data messages are sent in batches, the DPI equipment can simultaneously perform DPI testing according to the multiple data messages, and the efficiency of the DPI testing is effectively improved. In addition, the data message is reconstructed with different source addresses, the DPI test is diversified, and the DPI test effect is improved.
Of course, it is not necessary for any product or method of the present application to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a test network provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a message playback method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a message playback apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Currently, the DPI test is performed by using software such as tcdisplay to play back messages. In such a packet playback manner, the server can only play back one data file at a time, which causes that the DPI device can only perform the DPI test according to one data packet at the same time, resulting in low efficiency of the DPI test. Meanwhile, the source address and the destination address of each data message subjected to the DPI test by the DPI equipment are the same, the DPI test is single, and the test effect is poor.
In order to improve efficiency of a DPI test and improve a test effect of the DPI, the embodiment of the application provides a message playback method. The method can be applied to any electronic device (such as the server shown in fig. 1). In the message playback method, a file to be played back is determined, and load information of each data message in the file to be played back is extracted; constructing message headers which respectively correspond to a preset number of source addresses and specify protocol types; aiming at each extracted load information, respectively adopting a message head corresponding to each source address in a preset number of source addresses to carry out encapsulation processing on the load information to obtain a preset number of reconstructed data messages corresponding to the load information; and sending each reconstructed data message corresponding to each load information to the DPI equipment by adopting a thread corresponding to each source address in a preset number of source addresses. And the DPI equipment performs DPI test according to the received reconstruction data messages.
As shown in fig. 1, the test network includes at least a server 100 and a DPI device 110. DPI device 110 may be a firewall device, a gateway, a router, a switch, or other communication devices. When the communication device has a DPI function, it can be called a DPI device. Further, the test network may also include a client 120 connected to DPI device 110.
In the technical solution provided in the embodiment of the present application, a plurality of files to be played back (e.g., pacp files) are pre-stored in the server 100, the server 100 determines a plurality of files to be played back that need to be played back according to the configuration file, and extracts payload information of each data packet in the files to be played back; a plurality of different source addresses (source IP addresses and/or source port information) are pre-configured in the server 100, and the server 100 constructs a corresponding message header of a specified protocol for each source address and a corresponding sending thread for each source address; the server 100 uses the constructed message headers to perform encapsulation processing on the extracted payload information respectively to obtain reconstructed data messages corresponding to the payload information respectively, and the server 100 uses the constructed sending threads to send the corresponding reconstructed data messages to the DPI device 110 or to the client 120 (sends the reconstructed data messages to the client 120 through the DPI device 110); so that DPI device 110 performs a DPI test according to each received reconstructed data packet.
In summary, in the technical scheme provided in the embodiment of the present application, the server opens the multiple threads, and the multiple threads can simultaneously forward the multiple reconstructed data packets, so that the data packets are sent in batches, and the DPI device can simultaneously perform the DPI test according to the multiple data packets, thereby effectively improving the efficiency of the DPI test. In addition, the data message is reconstructed with different source addresses, the DPI test is diversified, and the DPI test effect is improved.
The present application will be described in detail below with reference to specific examples.
Referring to fig. 2, fig. 2 is a schematic flowchart of a message playback method according to an embodiment of the present application. The method can be applied to any electronic equipment, and for the convenience of understanding, the server is taken as an example for description. The message playback method comprises the following steps.
In the embodiment of the application, the file to be played back may be a pcap file. One file to be played back comprises one or more data messages. The data packet may be a UDP (User Datagram Protocol) packet or a TCP (Transmission Control Protocol) packet. The data message includes a header and payload information.
In one embodiment of the present application, the list of files to be played back may be stored under a specified directory, and the specified directory may be saved in a configuration file. When the message is played back, the server reads the specified directory in the configuration file, and traverses the file list to be played back under the specified directory to obtain the file to be played back. The file list to be played back comprises one or more files to be played back. After the server acquires the file to be played back, load information of each data message in the file to be played back is extracted.
In an embodiment of the present application, a protocol type of the playback packet is preset in the server, that is, a specified protocol type is specified. The server extracts the load information of the data message of the specified protocol type in the file to be played back. In addition, for the convenience of subsequent processing, the server performs queue caching on the extracted load information. Wherein the specified protocol type may be UDP or TCP.
For example, the file to be played back includes data message 11, data message 12, and data message 13. Data packet 11 includes payload information 11, data packet 12 includes payload information 12, and data packet 13 includes payload information 13. If the data packet 11 and the data packet 12 are UDP protocol packets, the data packet 13 is a TCP protocol packet. If the specified protocol type is UDP, the server extracts the load information 11 and the load information 12 from the file to be played back, and queues and caches the load information 11 and the load information 12.
If the server packages the data message of one protocol type into the data message of another protocol type. For example, encapsulating UDP data packets into TCP data packets may cause unrecognizable data packets. The server extracts the data message of one protocol type in the file to be played back, and reconstructs the data message according to the protocol type, thereby ensuring that the reconstructed data message can be identified.
Step 202, constructing message headers corresponding to a preset number of source addresses respectively and specifying protocol types, and establishing threads corresponding to the preset number of source addresses respectively.
In this embodiment, the source address may be a source IP address and/or a source port. The header specifying the protocol type includes a specified protocol header and an IP header. The specified protocol header may be a UDP header or a TCP header.
The server stores a certain number of source addresses in advance, namely a preset number of source addresses, and constructs a corresponding message header of a specified protocol type aiming at each source address.
In one embodiment, the destination address and the predetermined number of source addresses of the reconstructed data packet may be stored in a configuration file. When the message is played back, the server acquires the destination address and the source addresses of the reconstructed data message from the configuration file, and further constructs message headers which respectively correspond to the source addresses of the preset number and specify the protocol type.
In one embodiment, for one source address in a preset number of source addresses, the server uses an original socket to construct a header of a specified protocol type corresponding to the source address. The source address is any one of a preset number of source addresses.
Further, aiming at one source address in the preset number of source addresses, the server establishes a thread which is corresponding to the source address and used for sending the reconstructed data message. The source address is any one of a preset number of source addresses.
For example, assume that a preset number of source addresses includes: IP1, IP2, and IP3, the server can construct header 1 with source IP address IP1, header 2 with source IP address IP2, and header 3 with source IP address IP 3. In addition, the server may also establish a thread 1 corresponding to the IP1, a thread 2 corresponding to the IP2, and a thread 3 corresponding to the IP3, and may also be understood as a thread 1 corresponding to the header 1, a thread 2 corresponding to the header 2, and a thread 3 corresponding to the header 3. And when the reconstructed data message is sent by the subsequent thread, determining the corresponding thread according to the source IP address carried by one reconstructed data message, and sending the reconstructed data message by using the determined thread.
In the embodiment of the application, the message header is constructed by adopting the original socket, and the message headers with different source addresses can be generated. The destination addresses in the headers of different reconstructed data messages may be the same or different. In order to reduce deployed destination devices and network cost, destination addresses in headers of different reconstructed data messages may be set to be the same.
And the server adopts the message head corresponding to each source address to carry out encapsulation processing on any extracted load information so as to obtain a preset number of reconstructed data messages corresponding to any load information.
For example, the server extracts payload information 11 and payload information 12. The preset number of source addresses includes IP11 and IP 12. The server constructs a message header 11 of a specified protocol type corresponding to the IP11 and a message header 12 of a specified protocol type corresponding to the IP 11.
For the load information 11, the server uses the message header 11 to perform encapsulation processing on the load information 11, so as to obtain a reconstructed data message 111 corresponding to the load information 11; the server uses the message header 12 to perform encapsulation processing on the load information 11, and obtains a reconstructed data message 112 corresponding to the load information 11.
For the load information 12, the server uses the message header 11 to perform encapsulation processing on the load information 12, so as to obtain a reconstructed data message 121 corresponding to the load information 12; the server uses the message header 12 to perform encapsulation processing on the load information 12, and obtains a reconstructed data message 122 corresponding to the load information 11.
And step 204, adopting threads corresponding to the source addresses in the preset number of source addresses to send each reconstructed data message to the DPI equipment, so that the DPI equipment performs DPI test according to the received reconstructed data message.
A plurality of threads are started on the server, the plurality of threads can simultaneously forward a plurality of reconstructed data messages, so that the data messages can be sent in batches, DPI equipment can simultaneously carry out DPI test according to the plurality of data messages, and the efficiency of the DPI test is effectively improved. In addition, the data message is reconstructed with different source addresses, the DPI test is diversified, and the DPI test effect is improved.
In one embodiment, the step of sending each reconstructed data packet corresponding to each piece of load information to the DPI device by the server using a thread corresponding to each source address in a preset number of source addresses may be: and respectively executing the following operations aiming at each reconstruction data message in each reconstruction data message: and sending the reconstructed data message to the DPI equipment by adopting a thread corresponding to the source address carried by the reconstructed data message.
The example in step 203 is still used as an example for explanation. For example, the server obtains the reconstructed data packet 111 and the reconstructed data packet 121 corresponding to the header 11, and obtains the reconstructed data packet 112 and the reconstructed data packet 122 corresponding to the header 12. Header 11 corresponds to IP11 and header 12 corresponds to IP 12. The server transmits the reconstructed data message 111 and the reconstructed data message 121 by using the thread 11 corresponding to the IP11, and transmits the reconstructed data message 112 and the reconstructed data message 122 by using the thread 12 corresponding to the IP 12.
That is, the server performs encapsulation processing on the load information 11 and the load information 12 by using the message header 11 to obtain a reconstructed data message 111 and a reconstructed data message 121, and sends the reconstructed data message 111 and the reconstructed data message 121 by using the thread 11 corresponding to the message header 11 (i.e., IP 11); meanwhile, the server performs encapsulation processing on the load information 11 and the load information 12 by using the header 12 to obtain a reconstructed data packet 112 and a reconstructed data packet 122, and sends the reconstructed data packet 112 and the reconstructed data packet 122 by using the thread 12 corresponding to the header 12 (i.e., IP 12).
In one embodiment, the constructed headers correspond to the established threads one to one. When the server sends each reconstructed data message, the server can determine a thread corresponding to the message header according to the message header of the reconstructed data message, and then the thread corresponding to the message header is adopted to send the reconstructed data message to the DPI equipment.
For example, if the thread corresponding to the header 11 is the thread 11 and the thread corresponding to the header 12 is the thread 12, the reconstructed data packet encapsulated by the header 11 may be sent by the thread 11, and the reconstructed data packet encapsulated by the header 12 may be sent by the thread 12.
In an embodiment of the application, if the specified protocol type is TCP, before sending each reconstructed data packet to the DPI device by using a plurality of threads, the server establishes a TCP channel corresponding to each thread with the DPI device through three-way handshake. And then, the server adopts a plurality of threads to send each reconstructed data message to the DPI equipment through the TCP channel corresponding to each thread.
The data messages can be sent in batch by adopting the TCP channel, but the server needs to process the response messages and establish the TCP channel, so that more resources are consumed, and the realization difficulty is high. In one embodiment, the specified protocol type may be UDP. If the designated protocol type is UDP, before the plurality of threads are adopted to send each reconstructed data message to the DPI equipment, a TCP channel does not need to be established, a response message does not need to be processed, the consumed resources are reduced, and the implementation difficulty is reduced.
In one embodiment of the present application, the number of playbacks, i.e., the target number, is preconfigured. When each reconstructed data message is sent to the DPI equipment, for any reconstructed data message, the server sends the any reconstructed data message to the DPI equipment for a target number of times by adopting a thread corresponding to the source address of the any reconstructed data message. Therefore, data messages can be sent in batch, and the accuracy and reliability of the DPI test are improved.
In another embodiment of the present application, the number of times of playback corresponding to each source address, that is, the number of targets corresponding to each source address, is configured in advance. When each reconstructed data message is sent to the DPI equipment, for any reconstructed data message, the server sends the any reconstructed data message to the DPI equipment for a target number of times corresponding to the source address of the any reconstructed data message by adopting the thread corresponding to the source address of the any reconstructed data message.
Corresponding to the message playback method embodiment, the embodiment of the present application further provides a message playback device. Referring to fig. 3, fig. 3 is a schematic structural diagram of a message playback apparatus according to an embodiment of the present application. The apparatus comprises an extraction unit 301, a construction unit 302, an encapsulation unit 303 and a sending unit 304.
An extracting unit 301, configured to determine a file to be played back, and extract load information of each data packet in the file to be played back;
a constructing unit 302, configured to construct headers of a specified protocol type corresponding to a preset number of source addresses, and establish threads corresponding to the preset number of source addresses;
an encapsulating unit 303, configured to separately encapsulate, by using a packet header corresponding to each source address in a preset number of source addresses, the extracted load information, and obtain a preset number of reconstructed data packets corresponding to each load information;
the sending unit 304 is configured to send each reconstructed data packet to a DPI device by using a thread corresponding to each source address in a preset number of source addresses, so that the DPI device performs a DPI test according to each received reconstructed data packet.
Optionally, the extracting unit 301 may be specifically configured to:
and extracting load information of a data message of a specified protocol type in the file to be played back, and performing queue caching on the extracted load information.
Optionally, the constructing unit 302 may be specifically configured to:
aiming at each source address in a preset number of source addresses, the original socket is adopted to construct a message header which is respectively corresponding to each source address and designates the protocol type.
Optionally, the sending unit 304 may be specifically configured to:
and respectively executing the following operations aiming at each reconstruction data message in each reconstruction data message: and sending the reconstructed data message to the DPI equipment by adopting a thread corresponding to the source address carried by the reconstructed data message.
Optionally, the specified protocol type is UDP or TCP; the source address is the source IP address and/or the source port.
According to the technical scheme, the multiple threads are opened, the multiple threads can simultaneously forward the multiple reconstructed data messages, the data messages are sent in batches, the DPI equipment can simultaneously perform DPI testing according to the multiple data messages, and the efficiency of the DPI testing is effectively improved. In addition, the data message is reconstructed with different source addresses, the DPI test is diversified, and the DPI test effect is improved.
Corresponding to the foregoing message playback method embodiment, an embodiment of the present application further provides an electronic device, as shown in fig. 4, including a processor 401 and a machine-readable storage medium 402, where the machine-readable storage medium 402 stores machine-executable instructions that can be executed by the processor 401. The processor 401 is caused by machine executable instructions to implement any of the steps of the message playback method described above with reference to figure 2. The message playback method comprises the following steps:
determining a file to be played back, and extracting load information of each data message in the file to be played back;
constructing message headers which respectively correspond to a preset number of source addresses and specify protocol types, and establishing threads which respectively correspond to the preset number of source addresses;
adopting message heads corresponding to the source addresses in the preset number of source addresses to respectively carry out encapsulation processing on the extracted load information to obtain a preset number of reconstructed data messages corresponding to the load information;
and sending each reconstructed data message to the DPI equipment by adopting a thread corresponding to each source address in a preset number of source addresses, so that the DPI equipment performs DPI test according to each received reconstructed data message.
According to the technical scheme, the multiple threads are opened, the multiple threads can simultaneously forward the multiple reconstructed data messages, the data messages are sent in batches, the DPI equipment can simultaneously perform DPI testing according to the multiple data messages, and the efficiency of the DPI testing is effectively improved. In addition, the data message is reconstructed with different source addresses, the DPI test is diversified, and the DPI test effect is improved.
In addition, as shown in fig. 4, the electronic device may further include: a communication interface 403 and a communication bus 404; the processor 401, the machine-readable storage medium 402, and the communication interface 403 complete communication with each other through the communication bus 404, and the communication interface 403 is used for communication between the electronic device and other devices.
Corresponding to the above message playback method embodiment, an embodiment of the present application further provides a machine-readable storage medium, which stores machine-executable instructions, and when the machine-readable storage medium is called and executed by a processor, the machine-executable instructions cause the processor to implement any step of the message playback method shown in fig. 2.
The communication bus may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc.
The machine-readable storage medium may include a RAM (Random Access Memory) and a NVM (Non-Volatile Memory), such as at least one disk Memory. Additionally, the machine-readable storage medium may be at least one memory device located remotely from the aforementioned processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also a DSP (Digital signal processing), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the embodiments of the message playback apparatus, the electronic device, and the machine-readable storage medium, since they are substantially similar to the embodiments of the message playback method, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the embodiments of the message playback method.
The above description is only for the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.
Claims (12)
1. A message playback method, the method comprising:
determining a file to be played back, and extracting load information of each data message in the file to be played back;
constructing message headers which respectively correspond to a preset number of source addresses and specify protocol types, and establishing threads which respectively correspond to the preset number of source addresses, wherein the preset number is more than 1;
adopting the message heads corresponding to the source addresses in the preset number of source addresses to respectively carry out encapsulation processing on the extracted load information to obtain a preset number of reconstructed data messages corresponding to the load information;
and sending each reconstructed data message to Deep Packet Inspection (DPI) equipment by adopting the thread corresponding to each source address in the preset number of source addresses, so that the DPI equipment performs DPI test according to each received reconstructed data message.
2. The method according to claim 1, wherein the step of extracting the payload information of each data packet in the file to be played back includes:
and extracting the load information of the data message of the specified protocol type in the file to be played back, and performing queue caching on the extracted load information.
3. The method according to claim 2, wherein the step of constructing headers of the specified protocol types corresponding to the predetermined number of source addresses respectively comprises:
and aiming at each source address in the preset number of source addresses, constructing a message header which is respectively corresponding to each source address and specifies a protocol type by adopting an original socket.
4. The method of claim 1, wherein the step of sending each reconstructed data packet to a DPI device using a thread corresponding to each source address in the preset number of source addresses comprises:
and respectively executing the following operations aiming at each reconstruction data message in each reconstruction data message: and sending the reconstructed data message to the DPI equipment by adopting a thread corresponding to the source address carried by the reconstructed data message.
5. The method according to any one of claims 1-4, wherein the specified protocol type is user datagram protocol, UDP, or Transmission control protocol, TCP;
the source address is a source network protocol IP address and/or a source port.
6. A message playback apparatus, the apparatus comprising:
the extraction unit is used for determining a file to be played back and extracting load information of each data message in the file to be played back;
the device comprises a construction unit and a processing unit, wherein the construction unit is used for constructing message headers which respectively correspond to a preset number of source addresses and specify protocol types, and establishing threads which respectively correspond to the preset number of source addresses, and the preset number is more than 1;
the encapsulation unit is used for respectively encapsulating the extracted load information by adopting the message header corresponding to each source address in the preset number of source addresses to obtain a preset number of reconstructed data messages corresponding to each load information;
and the sending unit is used for sending each reconstructed data message to the DPI equipment for deep packet inspection by adopting the thread corresponding to each source address in the preset number of source addresses, so that the DPI equipment performs DPI test according to each received reconstructed data message.
7. The apparatus according to claim 6, wherein the extraction unit is specifically configured to:
and extracting the load information of the data message of the specified protocol type in the file to be played back, and performing queue caching on the extracted load information.
8. The apparatus according to claim 7, wherein the construction unit is specifically configured to:
and aiming at each source address in the preset number of source addresses, constructing a message header which is respectively corresponding to each source address and specifies a protocol type by adopting an original socket.
9. The apparatus according to claim 6, wherein the sending unit is specifically configured to:
and respectively executing the following operations aiming at each reconstruction data message in each reconstruction data message: and sending the reconstructed data message to the DPI equipment by adopting a thread corresponding to the source address carried by the reconstructed data message.
10. The apparatus according to any one of claims 6-9, wherein the specified protocol type is user datagram protocol, UDP, or transmission control protocol, TCP;
the source address is a source network protocol IP address and/or a source port.
11. An electronic device comprising a processor and a machine-readable storage medium storing a computer program executable by the processor, the processor being caused by the computer program to: carrying out the method steps of any one of claims 1 to 5.
12. A machine readable storage medium having stored thereon a computer program which, when invoked and executed by a processor, causes the processor to: carrying out the method steps of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811237036.6A CN109412893B (en) | 2018-10-23 | 2018-10-23 | Message playback method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811237036.6A CN109412893B (en) | 2018-10-23 | 2018-10-23 | Message playback method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109412893A CN109412893A (en) | 2019-03-01 |
| CN109412893B true CN109412893B (en) | 2020-06-19 |
Family
ID=65468404
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811237036.6A Active CN109412893B (en) | 2018-10-23 | 2018-10-23 | Message playback method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109412893B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110912783B (en) * | 2019-12-18 | 2021-03-12 | 北京嘀嘀无限科技发展有限公司 | Flow playback method and device, electronic equipment and storage medium |
| CN111935533B (en) * | 2020-07-06 | 2022-06-24 | 南京熊猫电子股份有限公司 | Multi-source measurement and control data playback method for unmanned aerial vehicle |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9106541B2 (en) * | 2008-12-10 | 2015-08-11 | Telefonaktiebolaget L M Ericsson (Publ) | Token-based correlation of control sessions for policy and charging control of a data session through a NAT |
| CN101605018A (en) * | 2009-06-17 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of decoding depth message detection protocol method, equipment and system based on stream |
| CN102497297A (en) * | 2011-12-13 | 2012-06-13 | 曙光信息产业(北京)有限公司 | System and method for realizing deep packet inspection technology based on multi-core and multi-thread |
| CN104394090B (en) * | 2014-11-14 | 2017-08-25 | 北京航空航天大学 | A kind of use DPI carries out the SDN controllers of network flow classification to packet |
| CN105847179B (en) * | 2016-03-23 | 2019-07-26 | 武汉绿色网络信息服务有限责任公司 | The method and device that Data Concurrent reports in a kind of DPI system |
| CN107426059B (en) * | 2017-08-28 | 2021-02-05 | 上海国云信息科技有限公司 | DPI equipment feature library automatic updating method and system, DPI equipment and cloud server |
-
2018
- 2018-10-23 CN CN201811237036.6A patent/CN109412893B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109412893A (en) | 2019-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10218733B1 (en) | System and method for detecting a malicious activity in a computing environment | |
| CN109756501B (en) | High-privacy network proxy method and system based on HTTP (hyper text transport protocol) | |
| US8874736B2 (en) | Event extractor | |
| US20150156183A1 (en) | System and method for filtering network communications | |
| CN111431758B (en) | Cloud network equipment testing method and device, storage medium and computer equipment | |
| CN109525461B (en) | Network equipment testing method, device, equipment and storage medium | |
| JP6081031B2 (en) | Attack observation device and attack observation method | |
| CN108664395A (en) | Applied program testing method, device, equipment and storage medium | |
| CN110224897B (en) | Weak network testing method and device of application program, mobile device and storage medium | |
| CN112398781B (en) | Attack testing method, host server and control server | |
| CN109412893B (en) | Message playback method and device | |
| CN102025567A (en) | Sharing access detection method and related device | |
| US20170171286A1 (en) | Methods and devices for validating a video connection or other types of communication sessions over a computer network | |
| CN111447233B (en) | Message filtering method and device based on VXLAN | |
| CN110061888B (en) | Network protocol type judgment method and device, computer equipment and storage medium | |
| CN113645653A (en) | Network simulation test method and device, electronic equipment and storage medium | |
| CN112231209A (en) | Parameter acquisition method and device, computer equipment and storage medium | |
| US11457023B2 (en) | Chunk-scanning of web application layer requests to reduce delays | |
| CN113179251B (en) | Front-end file processing method, device, equipment and machine-readable storage medium | |
| CN106961393B (en) | Detection method and device for UDP (user Datagram protocol) message in network session | |
| CN114710560A (en) | Data processing method and system, proxy equipment and terminal equipment | |
| CN113032255A (en) | Response noise recognition method, model, electronic device, and computer storage medium | |
| CN112870692A (en) | Game acceleration method, acceleration system, acceleration device and storage medium | |
| CN105516017A (en) | Directed acceleration method and device, and terminal equipment | |
| CN109474572B (en) | Method and system for monitoring and capturing horse release sites based on cluster botnet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |