CN111756636B - Data packet processing method, device and equipment and storage medium - Google Patents
Data packet processing method, device and equipment and storage medium Download PDFInfo
- Publication number
- CN111756636B CN111756636B CN201910249389.6A CN201910249389A CN111756636B CN 111756636 B CN111756636 B CN 111756636B CN 201910249389 A CN201910249389 A CN 201910249389A CN 111756636 B CN111756636 B CN 111756636B
- Authority
- CN
- China
- Prior art keywords
- data packet
- target
- address
- mac address
- local
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a data packet processing method, a device and equipment, and a storage medium, wherein the method is applied to a main control node in a distributed analysis system, the distributed analysis system also comprises an analysis node, and the method comprises the following steps: acquiring a first data packet from a target data packet buffer queue; when the first data packet is received through a local LAN (local area network) card, determining a first target table entry matched with the first data packet, and carrying out NAT (network address translation) processing and forwarding on the first data packet according to the first target table entry; and when the first data packet is received through the local WAN network card, determining a second target table entry matched with the first data packet, and performing NAT processing and forwarding on the first data packet according to the second target table entry.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a method, an apparatus, and a device for processing a data packet, and a storage medium.
Background
A distributed analysis system is a system consisting of a set of nodes that communicate over a network and that work in concert to accomplish a common task. The analysis node needs to communicate with an external device outside the distributed analysis system, for example, when a server needs to distribute data to the analysis nodes in the distributed analysis system for analysis processing, the data is encapsulated into a data packet and sent to the analysis node for processing, and after the analysis node processes the data packet carrying the processing result needs to be sent to the server.
In the related packet processing method, forwarding is usually implemented by using dedicated hardware, for example, a three-layer switch that can operate at a network layer, which is a third layer of the OSI network standard model, is used. In the above manner, forwarding needs to be implemented by using dedicated hardware, and the hardware architecture is high in complexity and poor in compatibility.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, and a device for processing a data packet, and a storage medium, which have better compatibility.
A first aspect of the present invention provides a data packet processing method, where the method is applied to a master control node in a distributed analysis system, where the distributed analysis system further includes an analysis node, and the method includes:
acquiring a first data packet from a target data packet buffer queue;
when the first data packet is received through a local LAN (local area network) card, determining a first target table entry matched with the first data packet, and carrying out NAT (network address translation) processing and forwarding on the first data packet according to the first target table entry;
and when the first data packet is received through the local WAN network card, determining a second target table entry matched with the first data packet, and performing NAT processing and forwarding on the first data packet according to the second target table entry.
According to an embodiment of the present invention, the determining the first target entry matching the first packet includes:
searching a SNAT table item corresponding to a first data packet parameter in a local Source Network Address Translation (SNAT) table by taking the first data packet parameter of the first data packet as a key word, if the SNAT table item is searched, determining the searched SNAT table item as a first target table item matched with the first data packet, otherwise, constructing the SNAT table item corresponding to the first data packet parameter, and determining the constructed SNAT table item as the first target table item matched with the first data packet.
According to an embodiment of the present invention, the first target entry includes at least: the system comprises an IP address, a Port identifier and an MAC address, wherein the IP address is the IP address of a local WAN network card, the Port identifier is the identifier of an analysis node of a first data packet source, and the MAC address is a designated gateway MAC address;
the performing NAT processing and forwarding on the first data packet according to the first target table entry includes:
modifying the source IP address in the first data packet into the IP address in the first target table item, modifying the source Port into the Port identifier in the first target table item, modifying the destination MAC address into the MAC address in the first target table item, and obtaining a second data packet;
and forwarding the second data packet through a local WAN network card.
According to an embodiment of the present invention, when the SNAT table entry corresponding to the first packet parameter is not found in the SNAT table, the method further includes:
constructing a third target table entry corresponding to a second data packet parameter of a second data packet, wherein the third target table entry at least comprises an IP address, a Port and an MAC address, the IP address is a source IP address of the first data packet, the Port is a source Port of the first data packet, and the MAC address is a source MAC address of the first data packet;
and recording the constructed third target table entry into a local destination network address translation DNAT table.
According to an embodiment of the present invention, the determining the second target entry matching the first packet includes:
searching a DNAT table item corresponding to a first data packet parameter in a local Destination Network Address Translation (DNAT) table by taking the first data packet parameter of the first data packet as a keyword, and determining the searched DNAT table item as a second target table item matched with the first data packet;
the performing NAT processing and forwarding on the first data packet according to the second target table entry includes:
modifying the target IP address in the first data packet into the IP address in the second target table entry, modifying the target Port into the Port in the second target table entry, modifying the target MAC address into the MAC address in the second target table entry, and obtaining a third data packet;
and forwarding the third data packet through a local LAN card.
According to an embodiment of the invention, the method further comprises:
monitoring a MAC address change event; the MAC address change event is caused by the change of the MAC address of the analysis node and/or the gateway connected with the main control node;
when the MAC address change event is monitored, finding the MAC address corresponding to the IP address carried by the MAC address change event in a local SNAT table and a DNAT table, and modifying the found MAC address into the MAC address carried by the MAC address change event.
According to an embodiment of the present invention, the target packet buffer queue is configured to store packets with a protocol type of non-ARP, and the protocol type of the first packet is non-ARP.
A second aspect of the present invention provides a data packet processing apparatus, which is applied to a master control node in a distributed analysis system, where the distributed analysis system further includes an analysis node, and the apparatus includes:
the data packet obtaining module is used for obtaining a first data packet from a target data packet cache queue;
the first processing and forwarding module is used for determining a first target table entry matched with the first data packet when the first data packet is received through the local LAN network card, and performing NAT processing and forwarding on the first data packet according to the first target table entry;
and the second processing and forwarding module is used for determining a second target table entry matched with the first data packet when the first data packet is received through the local WAN network card, and performing NAT processing and forwarding on the first data packet according to the second target table entry.
According to an embodiment of the present invention, when the first processing and forwarding module determines the first target entry matching the first packet, the first processing and forwarding module is specifically configured to:
searching a SNAT table item corresponding to a first data packet parameter in a local Source Network Address Translation (SNAT) table by taking the first data packet parameter of the first data packet as a key word, if the SNAT table item is searched, determining the searched SNAT table item as a first target table item matched with the first data packet, otherwise, constructing the SNAT table item corresponding to the first data packet parameter, and determining the constructed SNAT table item as the first target table item matched with the first data packet.
According to an embodiment of the present invention, the first target entry includes at least: the system comprises an IP address, a Port identifier and an MAC address, wherein the IP address is the IP address of a local WAN network card, the Port identifier is the identifier of an analysis node of a first data packet source, and the MAC address is a designated gateway MAC address;
the first processing and forwarding module, when performing NAT processing on the first data packet according to the first target table entry and forwarding, is specifically configured to:
modifying the source IP address in the first data packet into the IP address in the first target table item, modifying the source Port into the Port identifier in the first target table item, modifying the destination MAC address into the MAC address in the first target table item, and obtaining a second data packet;
and forwarding the second data packet through a local WAN network card.
According to an embodiment of the present invention, when the SNAT table entry corresponding to the first packet parameter is not found in the SNAT table, the apparatus further includes:
the table item constructing module is used for constructing a third target table item corresponding to a second data packet parameter of a second data packet, wherein the third target table item at least comprises an IP address, a Port and an MAC address, the IP address is a source IP address of the first data packet, the Port is a source Port of the first data packet, and the MAC address is a source MAC address of the first data packet;
and the table entry recording module is used for recording the constructed third target table entry to a local destination network address translation DNAT table.
According to an embodiment of the present invention, when the second processing and forwarding module determines the second target entry matching the first packet, the second processing and forwarding module is specifically configured to:
searching a DNAT table item corresponding to a first data packet parameter in a local Destination Network Address Translation (DNAT) table by taking the first data packet parameter of the first data packet as a keyword, and determining the searched DNAT table item as a second target table item matched with the first data packet;
the second processing and forwarding module is specifically configured to, when performing NAT processing on the first data packet according to the second target entry and forwarding the first data packet:
modifying the target IP address in the first data packet into the IP address in the second target table entry, modifying the target Port into the Port of the second target table entry, modifying the target MAC address into the MAC address in the second target table entry, and obtaining a third data packet;
and forwarding the third data packet through a local LAN card.
According to an embodiment of the invention, the apparatus further comprises:
the event monitoring module is used for monitoring a MAC address change event; the MAC address change event is caused by the change of the MAC address of the analysis node and/or the gateway connected with the main control node;
and the MAC address modification module is used for searching the MAC address corresponding to the IP address carried by the MAC address change event in a local SNAT table and a DNAT table when the MAC address change event is monitored, and modifying the found MAC address into the MAC address carried by the MAC address change event.
According to an embodiment of the present invention, the target packet buffer queue is configured to store packets with a protocol type of non-ARP, and the protocol type of the first packet is non-ARP.
A third aspect of the present invention provides an electronic device, comprising a processor and a memory; the memory stores a program that can be called by the processor; wherein, when the processor executes the program, the data packet processing method as described in the foregoing embodiments is implemented.
A fourth aspect of the present invention provides a machine-readable storage medium on which a program is stored, the program, when executed by a processor, implementing the packet processing method as described in the foregoing embodiments.
The embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, the data packet acquired by the main control node through the local WAN network card and the data packet acquired by the local LAN network card can be stored in the target data packet cache queue, and after the first data packet is acquired from the target data packet cache queue, the corresponding target table entry can be determined according to whether the first data packet is received through the local WAN network card or the local LAN network card, and the NAT processing and forwarding of the first data packet can be realized according to the corresponding target table entry.
Drawings
FIG. 1 is a flow chart illustrating a packet processing method according to an embodiment of the invention;
FIG. 2 is a block diagram of a distributed analysis system according to an embodiment of the invention;
fig. 3 is a block diagram of a packet processing apparatus according to an embodiment of the present invention;
fig. 4 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one type of device from another. For example, a first device may also be referred to as a second device, and similarly, a second device may also be referred to as a first device, without departing from the scope of the present invention. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In order to make the description of the present invention clearer and more concise, some technical terms in the present invention are explained below:
DPDK: a data plane level kit is a framework for providing fast network packet processing. The method can run on different CPU architectures, and provides support of library functions and drivers for efficient data packet processing.
NAT: network address translation, which is an IETF (Internet Engineering Task Force) standard, allows an entire organization to appear on the Internet as a public IP (Internet protocol) address, is a technology for translating an internal private network IP address into a legal public network IP address, and can effectively solve the problem of insufficient public network addresses to a certain extent by NAT.
ARP: address resolution protocol, an address resolution protocol, is a protocol for acquiring a physical address according to an IP address.
MAC address: the media access control, which may be referred to as a physical address or a hardware address, is used to define the location of the network device.
The following describes the data packet processing method according to the embodiment of the present invention more specifically, but should not be limited thereto. In one embodiment, the data packet processing method is applied to a master node in a distributed analysis system, the distributed analysis system further includes an analysis node, and referring to fig. 1, the method includes the following steps:
s100: acquiring a first data packet from a target data packet buffer queue;
s200: when the first data packet is received through a local LAN (local area network) card, determining a first target table entry matched with the first data packet, and carrying out NAT (network address translation) processing and forwarding on the first data packet according to the first target table entry;
s300: and when the first data packet is received through the local WAN network card, determining a second target table entry matched with the first data packet, and performing NAT processing and forwarding on the first data packet according to the second target table entry.
The execution main body of the data packet processing method of the embodiment of the invention is the main control node, the main control node can be integrated in the electronic equipment, the execution main body can be a processor of the main control node in the electronic equipment, wherein, the processor can be one or more.
Referring to FIG. 2, a distributed analysis system 20 is shown comprising: the figure shows four analysis nodes, namely, the analysis nodes 201 and 204, and the master control node 200, which are located in the same internal network, although not limited thereto. The main control node 200 is connected to the analysis node 201 and 204 through a Local Area Network (LAN) card, and the main control node 200 is connected to a gateway in an external Network environment through a Local WAN (Wide Area Network) card, where the external Network environment is an internet environment, i.e., a public Network.
In some application scenarios, devices in the external network environment need to communicate with the analysis nodes in the distributed analysis system. For example, in a scene where image analysis is required, the imaging device transmits acquired image data to the server, but the acquired image data needs to be analyzed and processed and then used, in order to improve the efficiency of analysis and processing, the server transmits the image data to each analysis node in the distributed analysis system for analysis and processing, and the image data is returned to the server after the analysis and processing is completed.
In the embodiment of the invention, NAT processing and forwarding of the data packet can be realized through the main control node, so that communication between the analysis node in the internal network and equipment in the external network environment is realized.
In step S100, a first data packet is obtained from a target data packet buffer queue.
The main control node can be configured with a designated application interface API, and data packets are obtained from the local LAN network card and the local WAN network card through the designated API. The obtained data packet can be directly stored into a target data packet buffer queue; or the data packets may be classified and stored into corresponding data packet buffer queues according to the protocol types of the data packets, wherein the target data packet buffer queue may be used to store data packets of one or more protocol types.
The designated API may be, for example, a packet reception interface of DPDK. The DPDK runs in the user space, and transmits and receives packets by using a data plane library provided by the DPDK, thereby bypassing the process of processing the packets by a protocol stack of a system kernel (such as a linux kernel). Namely, the designated API directly sends the acquired data packet to the user space without processing through the kernel protocol stack, so that the processing efficiency of the data packet is higher.
The first data packet is obtained from the target data packet cache queue, and since the first data packet may be a data packet from an analysis node received through the local LAN network card or a data packet from a device in an external network environment received through the local WAN network card, it is necessary to determine whether the first data packet is received through the local LAN network card or the local WAN network card.
For example, determining whether the first packet is received via the local LAN card or the local WAN card may include: calculating a corresponding network address according to the network mask used by the analysis node and the source IP address in the first data packet; and judging whether the calculated network address is matched with the network address used by the analysis node, if so, determining that the first data packet is received through a local LAN (local area network) card, otherwise, determining that the first data packet is received through a local WAN (wide area network) card.
Of course, the specific manner is not limited to this, and an analysis node IP address table in which the IP addresses of all analysis nodes are recorded may be preset in the master control node, and the source IP address in the first data packet may be searched in the analysis node IP address table, and if the source IP address is found, it is determined that the first data packet is received through the local LAN network card, otherwise, it is determined that the first data packet is received through the local WAN network card.
In step S200, when the first data packet is received through the local LAN card, a first target entry matching the first data packet is determined, and the first data packet is subjected to NAT processing and forwarding according to the first target entry.
The first data packet is received through the local LAN card, which indicates that the first data packet is sent by a certain analysis node and needs to be forwarded to the external network environment. The main control node needs to perform NAT processing and forwarding on the first data packet, and information required for performing NAT processing and forwarding on the first data packet is recorded in the first target table entry. The NAT processing may be source address translation or ported source address translation, such as translating a source IP address in the first packet from a private network IP address to a public network IP address. When forwarding, the main control node can perform corresponding processing required by forwarding on the first data packet.
In step S300, when the first data packet is received through the local WAN network card, a second target entry matching the first data packet is determined, and the first data packet is subjected to NAT processing and forwarding according to the second target entry.
The first data packet is received through the local WAN network card, which indicates that the first data packet is sent by a device in the external network environment and needs to be forwarded to a certain analysis node. The main control node needs to perform NAT processing and forwarding on the first data packet, and the second target table entry records information required for performing NAT processing and forwarding on the first data packet. The NAT processing may be source address translation or ported source address translation, such as translating a destination IP address in the first packet from a public network IP address to a private network IP address. When in forwarding, the main control node can perform processing required by corresponding forwarding on the first data packet.
In the embodiment of the invention, the data packet acquired by the main control node through the local WAN network card and the data packet acquired by the local LAN network card can be stored in the target data packet cache queue, and after the first data packet is acquired from the target data packet cache queue, the corresponding target table entry can be determined according to whether the first data packet is received through the local WAN network card or the local LAN network card, and the NAT processing and forwarding of the first data packet can be realized according to the corresponding target table entry.
In the embodiment of the present invention, referring to fig. 2, the external device is in an external network environment, and sends the data packet to the main control node 200 through the gateway 30; the main control node 200 receives the data packet through the local WAN network card, performs corresponding NAT processing on the data packet, and forwards the data packet to a corresponding analysis node, such as the analysis node 201, through the local LAN network card; the analysis node 201 analyzes and processes the data packet, encapsulates the data packet into a data packet, sends the encapsulated data packet to the main control node 200, the main control node 200 receives the data packet through the local LAN network card, performs corresponding NAT processing on the data packet, forwards the data packet to the gateway 30 through the local WAN network card, and sends the data packet to a corresponding external device through the gateway. In this process, the main control node 200 executes the processing required for forwarding, and the local LAN card and the local WAN card on the main control node 200 only support the two-layer forwarding protocol, and the forwarding of the data packet can be completed without the participation of the three-layer switch.
In one embodiment, the above-mentioned packet processing method flow can be executed by the packet processing apparatus 100, as shown in fig. 3, the packet processing apparatus 100 mainly includes 3 modules: a data packet obtaining module 101, a first processing and forwarding module 102 and a second processing and forwarding module 103. The packet obtaining module 101 is configured to perform the step S100, the first processing forwarding module 102 is configured to perform the step S200, and the second processing forwarding module 103 is configured to perform the step S300.
In one embodiment, in step S200, the determining that the first target entry matches the first packet includes:
searching a SNAT table item corresponding to a first data packet parameter in a local Source Network Address Translation (SNAT) table by taking the first data packet parameter of the first data packet as a key word, if the SNAT table item is searched, determining the searched SNAT table item as a first target table item matched with the first data packet, otherwise, constructing the SNAT table item corresponding to the first data packet parameter, and determining the constructed SNAT table item as the first target table item matched with the first data packet.
The first data packet may carry some parameters related to the first data packet, including a source IP address, a source Port, a source MAC address, a destination IP address, a destination Port, a destination MAC address, a transport layer protocol, and the like.
The first packet parameter may use five-tuple information of the first packet, including a source IP address, a source Port, a destination IP address, a destination Port, and a transport layer protocol in the first packet. The form of the keyword can be a character string formed by a source IP address, a source Port, a destination IP address, a destination Port and a transport layer protocol in sequence, or a hash value corresponding to the character string. The quintuple information is used as a key word, so that the uniqueness of SNAT table entries matched with data packets sent to different external devices by different analysis nodes in the SNAT table can be ensured.
If the SNAT table item corresponding to the first data packet parameter is found in the SNAT table, the SNAT table item corresponding to the first data packet parameter is established before, the found SNAT table item is directly used as the first target table item, and if the SNAT table item is not established before, the SNAT table item corresponding to the first data packet parameter is established, and the established SNAT table item is used as the first target table item.
The SNAT table entries are recorded in the SNAT table, and under the condition that a data packet sent to the same destination device by the same source analysis node is received next time, the matched SNAT table entries can be directly found from the SNAT table, so that the task amount required by creation is reduced.
In one embodiment, the first target entry includes at least: the system comprises an IP address, a Port identifier and an MAC address, wherein the IP address is the IP address of a local WAN network card, the Port identifier is the identifier of an analysis node of a first data packet source, and the MAC address is a designated gateway MAC address;
in step S200, the performing NAT processing and forwarding on the first data packet according to the first target table entry includes:
modifying the source IP address in the first data packet into the IP address in the first target table item, modifying the source Port into the Port identifier in the first target table item, modifying the destination MAC address into the MAC address in the first target table item, and obtaining a second data packet;
and forwarding the second data packet through a local WAN network card.
The Port identifier may be randomly generated or preset in the master node, and is not limited specifically, as long as the analysis node that sends the first data packet can be uniquely marked, so as to ensure that which analysis node sends the data packet can be determined according to the Port identifier. When the first data packet arrives at the server in the external network environment, the server can identify the analysis node from which the first data packet comes according to the Port identifier, so that the data packet is prevented from being mixed up when the first data packet is processed by the server.
And modifying the source IP address in the first data packet into the IP address of the local WAN network card, modifying the source Port into the identifier of the analysis node of the source of the first data packet, realizing the NAT processing required by forwarding the first data packet, and converting the source IP address in the first data packet from the private network IP address into the public network IP address.
Meanwhile, the destination MAC address in the first data packet is modified into a specified gateway MAC address. The designated gateway is the gateway connected with the local WAN network card. And obtaining a second data packet after the modification, wherein the destination MAC address of the second data packet is the designated gateway MAC address, so that the next hop of the second data packet is ensured to be the gateway.
In the existing routing mode, the IP address is used as a basis to find the address of the next hop in the routing table, and then the destination MAC address in the current data packet is modified to be the MAC address of the next hop, so that a special device supporting three-layer forwarding is required to implement forwarding.
In the embodiment of the invention, the next hop path is determined only by modifying the MAC address, and the main control node can realize forwarding; and the MAC address of the next hop, the IP address and the Port identification required by the NAT are all recorded in the first target table entry, the NAT and the routing can be carried out at the same time only by once table lookup, and the processing speed is higher.
And after the second data packet is obtained, the second data packet is forwarded to the gateway through the local WAN network card, and the gateway can correspondingly forward when recognizing that the destination MAC address is the own MAC address. In order to avoid that the local WAN network card cannot forward in time, the second data packet may be cached in the first forwarding queue configured in the main control node, and wait for the local WAN network card to forward.
In one embodiment, when the SNAT table entry corresponding to the first packet parameter is not found in the SNAT table, the method further includes:
constructing a third target table entry corresponding to a second data packet parameter of a second data packet, wherein the third target table entry at least comprises an IP address, a Port and an MAC address, the IP address is a source IP address of the first data packet, the Port is a source Port of the first data packet, and the MAC address is a source MAC address of the first data packet;
and recording the constructed third target table entry into a local destination network address translation DNAT table.
The second packet parameter of the second packet may be five tuple information of the second packet. The form of the key may be a character string sequentially composed of the destination IP address, the destination Port, the source IP address, the source Port, and the transport layer protocol of the second packet, or a hash value corresponding to the character string, where, of the keys determined by the first packet parameter and the second packet parameter, the source IP address and the destination IP address are interchanged, and the destination Port and the source Port are interchanged, although the form of the key is not limited thereto.
The source IP address of the first data packet is the IP address of the analysis node that sends the first data packet, the source Port of the first data packet is the Port number of the analysis node that sends the first data packet, and the source MAC address of the first data packet is the MAC address of the analysis node that sends the first data packet.
In this embodiment, the self-learning of the SNAT table and the DNAT table may be achieved according to the first packet and the second packet. Because the third target table entry is created in the DNAT table synchronously when the first target table entry is created in the SNAT table, the first target table entry may be used for processing when a packet from a certain analysis node to a designated external device is forwarded, and the second target table entry may be used for processing when a packet from the designated external device to the analysis node is forwarded.
In other words, only if the analysis node has a packet addressed to the designated external device will a corresponding entry be created in the DNAT table. Then, when the specified external device needs to send the data packet to the analysis node, the master control node may forward the data packet according to the corresponding entry in the DNAT table.
Therefore, for a data packet actively sent from an external network environment, the master control node does not respond (no corresponding table entry exists in the DNAT table, NAT processing and next hop determination cannot be performed), and only when an analysis node in the distributed analysis system actively sends the data packet to the external network environment, the master control node can perform table entry learning, thereby ensuring the security of the internal network.
In one embodiment, in step S300, the determining that the second target entry matches the first packet includes:
searching a DNAT table item corresponding to a first data packet parameter in a local Destination Network Address Translation (DNAT) table by taking the first data packet parameter of the first data packet as a keyword, and determining the searched DNAT table item as a second target table item matched with the first data packet;
in step S300, the performing NAT processing and forwarding on the first data packet according to the second target entry includes:
modifying the target IP address in the first data packet into the IP address in the second target table entry, modifying the target Port into the Port in the second target table entry, modifying the target MAC address into the MAC address in the second target table entry, and obtaining a third data packet;
and forwarding the third data packet through a local LAN card.
If the DNAT table item is found in the DNAT table, the first data packet is the data packet which is allowed to be forwarded to the analysis node by the main control node, and the found DNAT table item is determined as a second target table item.
The IP address in the second target table entry is the IP address of the destination analysis node, the Port in the second target table entry is the Port of the destination analysis node, and the MAC address in the second target table entry is the MAC address of the destination analysis node. The destination analysis node is an analysis node to which the first packet is to finally arrive.
And modifying the target IP address in the first data packet into the IP address of the target analysis node and modifying the target Port into the Port of the target analysis node, so that the NAT processing required by forwarding the first data packet is realized, and the target IP address in the first data packet is converted into a private network IP address from a public network IP address.
Meanwhile, the destination MAC address in the first data packet is modified into the MAC address of the destination analysis node, and a third data packet is obtained after the modification is completed. And the destination MAC address of the third data packet is the MAC address of the destination analysis node, so that the next hop of the third data packet is ensured to be the destination analysis node.
In the embodiment of the invention, the next hop path is determined only by modifying the MAC address, and the main control node can realize forwarding; and the MAC address of the next hop, the IP address and the Port required by the NAT are all recorded in the second target table entry, and the NAT and the routing can be carried out at the same time only by once table lookup, so that the processing speed is higher.
And after the third data packet is obtained, forwarding the third data packet to the destination analysis node through the local LAN network card, and analyzing and processing the third data packet after the destination analysis node receives the third data packet. In order to avoid that the local LAN card cannot forward in time, the third data packet may be cached in the second forwarding queue configured in the main control node, and wait for the local LAN card to forward.
In an embodiment, when the second target entry is not found in the DNAT table, it indicates that the first data packet is actively initiated by an illegal device in the external network environment, and the first data packet is directly discarded, so that malicious attack from the external network environment can be prevented.
In one embodiment, the method further comprises the steps of:
s400: monitoring a MAC address change event; the MAC address change event is caused by the change of the MAC address of the analysis node and/or the gateway connected with the main control node;
s500: when the MAC address change event is monitored, searching a MAC address corresponding to the IP address carried by the MAC address change event in a local SNAT table and a DNAT table, and modifying the found MAC address into the MAC address carried by the MAC address change event.
Steps S400 and S500 are not sequential to the aforementioned steps S100 to S300, and may be performed simultaneously.
The master control node may be preset with an ARP information table that records IP addresses and corresponding MAC addresses. Taking a gateway connected with a master control node as an example, when an MAC address corresponding to an IP address of the gateway in an ARP information table is different from a current MAC address of the gateway, an MAC address corresponding to the IP address in the ARP information table is modified, an MAC address change event is triggered, and the IP address and the current MAC address of the gateway are carried in the MAC address change event.
And when an MAC address change event is monitored, searching a corresponding MAC address in the SNAT table and the DNAT table according to the IP address carried in the event, and modifying the MAC address. When creating the table entries in the SNAT table and the DNAT table, the IP address corresponding to the MAC address and the MAC address may be recorded in the table entries together, so as to search the corresponding MAC address according to the IP address.
The replacement of the next-hop gateway interfaced by the distributed analysis system is not known and controlled by the master node. The result of the change of the gateway connected with the main control node is that the MAC address in the ARP information table changes. In the face of such a change, in this embodiment, through event monitoring, when a gateway and/or an analysis node connected to the master node is replaced, the corresponding MAC address in the SNAT table and the DNAT table of the master node may be updated in time.
In this embodiment, the MAC dynamic monitoring is realized, the MAC addresses in the SNAT table and the DNAT table can be updated in time, errors during subsequent NAT processing and forwarding are avoided, and the normal operation of the distributed analysis system is not affected even when the gateway and/or the analysis node connected to the master control node changes.
In one embodiment, the target packet buffer queue is configured to store packets with a protocol type that is not ARP, and the protocol type of the first packet is not ARP.
After the main control node acquires the data packets from the local LAN network card and the local WAN network card, the data packets are classified and stored according to the protocol types of the data packets. The ethernet header of the data packet carries the protocol type of the data packet, and the ethernet header of the data packet can be analyzed to obtain the protocol type.
The protocol type of the data packet may include ARP, TCP, UDP, etc., and the data packet with the protocol type of ARP may be stored in the ARP data packet buffer queue, and the data packet with the protocol type of non-ARP (such as TCP, UDP) may be stored in the target data packet buffer queue.
In one embodiment, the method further comprises:
acquiring a fourth data packet from the ARP data packet cache queue;
when the fourth data packet is received through a local LAN network card, performing ARP response processing on the fourth data packet through a virtual LAN network card configured in a main control node to generate a first ARP response data packet, and sending the first ARP response data packet to the analysis node through the local LAN network card;
when the fourth data packet is received through the local WAN network card, ARP response processing is carried out on the fourth data packet through a virtual WAN network card configured in the main control node, a second ARP response data packet is generated, and the second ARP response data packet is sent to a gateway connected with the local WAN network card through the local WAN network card.
For example, a local ARP information table is updated according to the IP address and the MAC address carried in the data packet, the MAC address of the main control node is carried in a corresponding ARP response data packet, and the like, the ARP response processing method may be referred to specifically, and is not described herein again.
The main control node can be configured with DPDK, the virtual LAN network card and the virtual WAN network card can be realized by the virtual network card in the DPDK, the main control node responds to the ARP data packet from the analysis node received by the local LAN network card through the virtual LAN network card and responds to the ARP data packet from the external equipment received by the local WAN network card through the virtual WAN network card, no additional APR response equipment is needed to process the ARP data packet, the realization complexity is further reduced, and the equipment cost is also reduced.
The present invention further provides a data packet processing apparatus, referring to fig. 3, where the data packet processing apparatus 100 is applied to a master node in a distributed analysis system, the distributed analysis system further includes an analysis node, and the apparatus 100 includes:
a data packet obtaining module 101, configured to obtain a first data packet from a target data packet buffer queue;
a first processing and forwarding module 102, configured to determine a first target table entry matched with the first data packet when the first data packet is received through the local LAN card, and perform NAT processing and forwarding on the first data packet according to the first target table entry;
and the second processing and forwarding module 103 is configured to determine a second target table entry matched with the first data packet when the first data packet is received through the local WAN network card, perform NAT processing on the first data packet according to the second target table entry, and forward the first data packet.
In an embodiment, when the first processing and forwarding module determines the first target entry matching the first packet, the first processing and forwarding module is specifically configured to:
and searching for a SNAT table item corresponding to a first data packet parameter in a local Source Network Address Translation (SNAT) table by taking the first data packet parameter of the first data packet as a keyword, if the SNAT table item is searched, determining the searched SNAT table item as a first target table item matched with the first data packet, otherwise, constructing the SNAT table item corresponding to the first data packet parameter, and determining the constructed SNAT table item as the first target table item matched with the first data packet.
In one embodiment, the first target entry includes at least: the system comprises an IP address, a Port identifier and an MAC address, wherein the IP address is the IP address of a local WAN network card, the Port identifier is the identifier of an analysis node of a first data packet source, and the MAC address is a designated gateway MAC address;
the first processing and forwarding module, when performing NAT processing on the first data packet according to the first target table entry and forwarding, is specifically configured to:
modifying the source IP address in the first data packet into the IP address in the first target table item, modifying the source Port into the Port identifier in the first target table item, modifying the destination MAC address into the MAC address in the first target table item, and obtaining a second data packet;
and forwarding the second data packet through a local WAN network card.
According to an embodiment of the present invention, when the SNAT table entry corresponding to the first packet parameter is not found in the SNAT table, the apparatus further includes:
the table item constructing module is used for constructing a third target table item corresponding to a second data packet parameter of a second data packet, wherein the third target table item at least comprises an IP address, a Port and an MAC address, the IP address is a source IP address of the first data packet, the Port is a source Port of the first data packet, and the MAC address is a source MAC address of the first data packet;
and the table entry recording module is used for recording the constructed third target table entry to a local destination network address translation DNAT table.
In an embodiment, when the second processing and forwarding module determines the second target entry matching the first packet, the second processing and forwarding module is specifically configured to:
searching a DNAT table item corresponding to a first data packet parameter in a local Destination Network Address Translation (DNAT) table by taking the first data packet parameter of the first data packet as a keyword, and determining the searched DNAT table item as a second target table item matched with the first data packet;
the second processing and forwarding module, when performing NAT processing on the first data packet according to the second target table entry and forwarding, is specifically configured to:
modifying the target IP address in the first data packet into the IP address in the second target table entry, modifying the target Port into the Port of the second target table entry, modifying the target MAC address into the MAC address in the second target table entry, and obtaining a third data packet;
and forwarding the third data packet through a local LAN card.
In one embodiment, the apparatus further comprises:
the event monitoring module is used for monitoring a MAC address change event; the MAC address change event is caused by the change of the MAC address of the analysis node and/or the gateway connected with the main control node;
and the MAC address modification module is used for searching the MAC address corresponding to the IP address carried by the MAC address change event in a local SNAT table and a DNAT table when the MAC address change event is monitored, and modifying the found MAC address into the MAC address carried by the MAC address change event.
In one embodiment, the target packet buffer queue is configured to store packets with a protocol type of non-ARP, and the protocol type of the first packet is non-ARP.
The implementation process of the functions and actions of each module in the above device is detailed in the implementation process of the corresponding steps in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts shown as units may or may not be physical units.
The invention also provides an electronic device, which comprises a processor and a memory; the memory stores a program that can be called by the processor; wherein, when the processor executes the program, the data packet processing method as described in the foregoing embodiments is implemented.
The embodiment of the data packet processing device can be applied to electronic equipment. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation. From a hardware aspect, as shown in fig. 4, fig. 4 is a hardware structure diagram of an electronic device where the data packet processing apparatus 100 is located according to an exemplary embodiment of the present invention, and except for the processor 510, the memory 530, the interface 520, and the nonvolatile memory 540 shown in fig. 4, the electronic device where the apparatus 100 is located in the embodiment may also include other hardware according to an actual function of the electronic device, which is not described again.
The present invention also provides a machine-readable storage medium on which a program is stored, which, when executed by a processor, implements the packet processing method as described in the foregoing embodiments.
The present invention may take the form of a computer program product embodied on one or more storage media including, but not limited to, disk storage, CD-ROM, optical storage, and the like, having program code embodied therein. Machine-readable storage media include both permanent and non-permanent, removable and non-removable media, and the storage of information may be accomplished by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of machine-readable storage media include, but are not limited to: phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technologies, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic tape storage or other magnetic storage devices, or any other non-transmission medium, may be used to store information that may be accessed by a computing device.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (10)
1. A data packet processing method is characterized in that the method is applied to a main control node in a distributed analysis system, an application interface API is configured in the main control node, the API comprises a DPDK data packet receiving interface, a local LAN network card and a local WAN network card of the main control node support a two-layer forwarding protocol, the distributed analysis system also comprises an analysis node, and the method comprises the following steps:
acquiring a first data packet from a target data packet buffer queue; the data packets in the target data packet cache queue are acquired from a local LAN network card and a local WAN network card by the main control node through the API;
when the first data packet is received through a local LAN (local area network) card, determining a first target table entry matched with the first data packet, and carrying out NAT (network address translation) processing and forwarding on the first data packet according to the first target table entry;
and when the first data packet is received through the local WAN network card, determining a second target table entry matched with the first data packet, and performing NAT processing on the first data packet according to the second target table entry and forwarding the first data packet.
2. The packet processing method of claim 1, wherein said determining the first target entry matching the first packet comprises:
searching a SNAT table item corresponding to a first data packet parameter in a local Source Network Address Translation (SNAT) table by taking the first data packet parameter of the first data packet as a key word, if the SNAT table item is searched, determining the searched SNAT table item as a first target table item matched with the first data packet, otherwise, constructing the SNAT table item corresponding to the first data packet parameter, and determining the constructed SNAT table item as the first target table item matched with the first data packet.
3. The packet processing method of claim 1, wherein the first target entry comprises at least: the system comprises an IP address, a Port identifier and an MAC address, wherein the IP address is the IP address of a local WAN network card, the Port identifier is the identifier of an analysis node of a first data packet source, and the MAC address is a designated gateway MAC address;
the performing NAT processing and forwarding on the first data packet according to the first target table entry includes:
modifying the source IP address in the first data packet into the IP address in the first target table item, modifying the source Port into the Port identifier in the first target table item, modifying the destination MAC address into the MAC address in the first target table item, and obtaining a second data packet;
and forwarding the second data packet through a local WAN network card.
4. The packet processing method according to claim 3, wherein when the SNAT table entry corresponding to the first packet parameter is not found in the SNAT table, the method further comprises:
constructing a third target table entry corresponding to a second data packet parameter of a second data packet, wherein the third target table entry at least comprises an IP address, a Port and an MAC address, the IP address is a source IP address of the first data packet, the Port is a source Port of the first data packet, and the MAC address is a source MAC address of the first data packet;
and recording the constructed third target table entry into a local destination network address translation DNAT table.
5. The packet processing method of claim 1, wherein said determining a second target entry that matches the first packet comprises:
searching a DNAT table item corresponding to a first data packet parameter in a local Destination Network Address Translation (DNAT) table by taking the first data packet parameter of the first data packet as a keyword, and determining the searched DNAT table item as a second target table item matched with the first data packet;
the performing NAT processing and forwarding on the first data packet according to the second target table entry includes:
modifying the target IP address in the first data packet into the IP address in the second target table entry, modifying the target Port into the Port in the second target table entry, modifying the target MAC address into the MAC address in the second target table entry, and obtaining a third data packet;
and forwarding the third data packet through a local LAN network card.
6. The method of claim 4, further comprising:
monitoring a MAC address change event; the MAC address change event is caused by the change of the MAC address of the analysis node and/or the gateway connected with the main control node;
when the MAC address change event is monitored, searching a MAC address corresponding to the IP address carried by the MAC address change event in a local SNAT table and a DNAT table, and modifying the found MAC address into the MAC address carried by the MAC address change event.
7. The method according to any one of claims 1 to 6, wherein the target packet buffer queue is configured to store packets with a protocol type of non-ARP, and the protocol type of the first packet is non-ARP.
8. A data packet processing device is applied to a main control node in a distributed analysis system, an application interface API is configured in the main control node, the API includes a DPDK data packet receiving interface, a local LAN network card and a local WAN network card of the main control node support a two-layer forwarding protocol, the distributed analysis system further includes an analysis node, and the device includes:
the data packet obtaining module is used for obtaining a first data packet from a target data packet cache queue; the data packets in the target data packet cache queue are acquired from a local LAN network card and a local WAN network card by the main control node through the API;
the first processing and forwarding module is used for determining a first target table entry matched with the first data packet when the first data packet is received through the local LAN network card, and performing NAT processing and forwarding on the first data packet according to the first target table entry;
and the second processing and forwarding module is used for determining a second target table entry matched with the first data packet when the first data packet is received through the local WAN network card, and performing NAT processing and forwarding on the first data packet according to the second target table entry.
9. An electronic device comprising a processor and a memory; the memory stores a program that can be called by the processor; wherein the processor, when executing the program, implements the packet processing method according to any one of claims 1 to 7.
10. A machine-readable storage medium, having stored thereon a program which, when executed by a processor, implements the packet processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910249389.6A CN111756636B (en) | 2019-03-29 | 2019-03-29 | Data packet processing method, device and equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910249389.6A CN111756636B (en) | 2019-03-29 | 2019-03-29 | Data packet processing method, device and equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111756636A CN111756636A (en) | 2020-10-09 |
| CN111756636B true CN111756636B (en) | 2022-05-31 |
Family
ID=72671803
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910249389.6A Active CN111756636B (en) | 2019-03-29 | 2019-03-29 | Data packet processing method, device and equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111756636B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113612963A (en) * | 2021-07-27 | 2021-11-05 | 深圳市捷视飞通科技股份有限公司 | Data forwarding method and device, computer equipment and storage medium |
| CN113886323A (en) * | 2021-08-26 | 2022-01-04 | 北京鸿合爱学教育科技有限公司 | Network sharing method and device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023039A (en) * | 2013-02-28 | 2014-09-03 | 国际商业机器公司 | Data packet transmission method and device |
| CN105357151A (en) * | 2015-11-19 | 2016-02-24 | 成都科来软件有限公司 | DPDK-based packet capture and mirror image flow forwarding method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1416382A1 (en) * | 2002-10-31 | 2004-05-06 | Sap Ag | Identifying solutions to computer problems in main system by service system |
| US7706266B2 (en) * | 2007-03-12 | 2010-04-27 | Citrix Systems, Inc. | Systems and methods of providing proxy-based quality of service |
| CN101682565B (en) * | 2007-03-12 | 2015-08-19 | 思杰系统有限公司 | For being carried out the system and method for dynamic bandwidth control by agency |
| CN104158817A (en) * | 2014-08-25 | 2014-11-19 | 深圳市中兴移动通信有限公司 | Data packet forwarding method, device and system |
| CN105515978B (en) * | 2016-01-08 | 2018-11-02 | 盛科网络(苏州)有限公司 | Realize the method and device of distributed routing, physical host access |
-
2019
- 2019-03-29 CN CN201910249389.6A patent/CN111756636B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023039A (en) * | 2013-02-28 | 2014-09-03 | 国际商业机器公司 | Data packet transmission method and device |
| CN105357151A (en) * | 2015-11-19 | 2016-02-24 | 成都科来软件有限公司 | DPDK-based packet capture and mirror image flow forwarding method |
Non-Patent Citations (1)
| Title |
|---|
| 《软件定义网络中协议无感知转发的关键技术研究》;李晟如;《中国博士学位论文全文数据库》;20180930;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111756636A (en) | 2020-10-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7797419B2 (en) | Method of determining intra-session event correlation across network address translation devices | |
| WO2017000878A1 (en) | Message processing | |
| US9917928B2 (en) | Network address translation | |
| EP3595271B1 (en) | Packet transmission method, apparatus and network | |
| US20140325637A1 (en) | Supporting IP Address Overlapping Among Different Virtual Networks | |
| US9686233B2 (en) | Tracking network packets across translational boundaries | |
| US10831920B2 (en) | Filter-based control information query in software-defined networking (SDN) environments | |
| US10880264B1 (en) | Customer-side and provider-side translation of Internet Protocol addresses without pre-shared prefixes | |
| US10104002B2 (en) | Method and system for network address re-use in network address translation | |
| CN111756636B (en) | Data packet processing method, device and equipment and storage medium | |
| CN110505621B (en) | Terminal migration processing method and device | |
| US11757766B2 (en) | Reflection route for link local packet processing | |
| CN111131539B (en) | Message forwarding method and device | |
| JP2004222229A (en) | Router and its packet transmission method | |
| US20140156667A1 (en) | Increasing Internet Protocol Version 6 Host Table Scalability in Top of Rack Switches for Data Center Deployments | |
| CN110932934A (en) | Network packet loss detection method and device | |
| US20220360577A1 (en) | Systems and methods for applying attestation tokens to lisp messages | |
| CN111147519A (en) | Data detection method, device, electronic equipment and medium | |
| CN111049947B (en) | Message forwarding method and device, electronic equipment and storage medium | |
| CN112104761A (en) | NAT address translation method | |
| CN109246016B (en) | Cross-VXLAN message processing method and device | |
| US9860157B2 (en) | Zero configuration approach for port forwarding cascaded routers | |
| CN106878308B (en) | ICMP message matching system and method | |
| JP2020027961A (en) | Mirror packet transfer program and mirror packet transfer method | |
| CN109688237B (en) | NAT (network Address translation) conversion method and device and NAT equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |