CN112165410A - Message capturing method and device - Google Patents
Message capturing method and device Download PDFInfo
- Publication number
- CN112165410A CN112165410A CN202010974904.XA CN202010974904A CN112165410A CN 112165410 A CN112165410 A CN 112165410A CN 202010974904 A CN202010974904 A CN 202010974904A CN 112165410 A CN112165410 A CN 112165410A
- Authority
- CN
- China
- Prior art keywords
- message
- filtering
- packet
- cpu
- packet capturing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000001914 filtration Methods 0.000 claims abstract description 89
- 238000012545 processing Methods 0.000 claims abstract description 41
- 230000003044 adaptive effect Effects 0.000 claims abstract description 10
- 238000005070 sampling Methods 0.000 claims description 58
- 125000004122 cyclic group Chemical group 0.000 claims description 23
- 230000005540 biological transmission Effects 0.000 abstract description 19
- 230000006870 function Effects 0.000 description 21
- 230000008569 process Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This specification provides a method and an apparatus for capturing a packet, where the method is applied to a forwarding module in a forwarding device, and the method includes: receiving an original message and acquiring message characteristics of the original message; when the message characteristics are matched with preset message characteristics, determining the original message as a target message; and filtering the target message according to a preset filtering rule, and uploading the packet capturing message obtained by filtering to a CPU (central processing unit), wherein the filtering rule is used for enabling the uploading rate of the packet capturing message to be adaptive to the processing performance of the CPU. The uploading rate of the packet capturing message is limited, so that the uploading rate of the packet capturing message is adaptive to the processing performance of the CPU, and the normal use of the packet capturing function is ensured while the original transmission rate of the network flow is maintained.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a method and an apparatus for capturing a packet.
Background
When a technician needs to determine whether a specific flow enters a device or needs to check an original message structure and data of the flow, the process is usually completed by using a packet capturing technology.
In the prior art, the packet capturing function can be realized by calling an interface function of a switching chip, and the acquired packet capturing message is uploaded to a CPU.
The switching chip can only capture packets according to the original transmission rate of the network flow, and can upload all packet capturing messages to the CPU, and the CPU has limited capability of processing the packet capturing messages, so that the phenomenon that the uploading rate is not matched with the CPU processing performance can be caused. For example, when the original transmission rate of the network traffic is high, the uploading rate of the acquired packet capturing message may exceed the processing speed of the CPU, and since the CPU cannot process all packet capturing messages and the CPU is in a high-load working state for a long time, the CPU may lose packets and even crash, and thus the packet capturing function cannot be completed. In order to ensure the normal use of the packet capturing function, the original transmission rate of network traffic is limited in the prior art, but this is equivalent to artificially limiting the bandwidth of the network, so that the prior packet capturing technology cannot be applied to a network environment with a higher transmission rate.
Disclosure of Invention
In order to overcome the problems in the related art, the present specification provides a method and an apparatus for capturing a packet.
According to a first aspect of an embodiment of the present specification, a method for capturing a packet is provided, where the method includes:
receiving an original message and acquiring message characteristics of the original message;
when the message characteristics are matched with preset message characteristics, determining the original message as a target message;
and filtering the target message according to a preset filtering rule, and uploading the packet capturing message obtained by filtering to a CPU (central processing unit), wherein the filtering rule is used for enabling the uploading rate of the packet capturing message to be adaptive to the processing performance of the CPU.
Optionally, the method further includes:
and automatically adjusting the filtering rule according to the busy degree of the CPU, so that the uploading rate of the packet capturing message is adaptive to the busy degree of the CPU.
Optionally, the filtering rule includes:
if the moment of filtering the target message is in a sampling shielding period, discarding the target message;
and if the moment of filtering the target message is not in the sampling shielding period, determining the target message as the packet capturing message.
Optionally, the sampling mask period is set by the following method:
counting the acquired packet capturing messages;
and setting a sampling shielding period with a preset duration and clearing the count when the count reaches a preset number.
Optionally, the sampling mask period may be further set by:
is periodically set
Or a plurality of sampling shielding periods with preset time length.
Optionally, the filtering rule includes:
identifying the numerical value of the designated bit of the preset binary cyclic sequence; wherein, after filtering the target message according to the filtering rule, the binary cyclic sequence is cyclically adjusted according to a preset arrangement direction to update the designated bit;
if the designated bit value is a first value, discarding the target message;
and if the designated bit value is a second value, determining the target message as the packet capturing message.
Optionally, the forwarding module includes an FPGA chip.
According to a second aspect of the embodiments of the present specification, there is provided a packet capturing apparatus, including:
the receiving unit is used for receiving an original message and acquiring the message characteristics of the original message;
the matching unit is used for determining the original message as a target message when the message characteristics are matched with preset message characteristics;
and the filtering unit is used for filtering the target message according to a preset filtering rule and uploading the packet capturing message obtained by filtering to the CPU, and the filtering rule is used for enabling the uploading rate of the packet capturing message to be adaptive to the processing performance of the CPU.
Optionally, the apparatus further comprises:
and the adjusting unit is used for automatically adjusting the filtering rule according to the busy degree of the CPU, so that the uploading rate of the packet capturing message is adaptive to the busy degree of the CPU.
Optionally, the filtering rules in the filtering unit include:
if the moment of filtering the target message is in a sampling shielding period, discarding the target message;
and if the moment of filtering the target message is not in the sampling shielding period, determining the target message as the packet capturing message.
Optionally, the sampling mask period in the filtering unit is set by the following method:
counting the acquired packet capturing messages;
and setting a sampling shielding period with a preset duration and clearing the count when the count reaches a preset number.
Optionally, the sampling mask period in the filtering unit is set by the following method:
one or more sampling mask periods of a preset duration are periodically set.
Optionally, the filtering rules in the filtering unit include:
identifying the numerical value of the designated bit of the preset binary cyclic sequence; wherein, after filtering the target message according to the filtering rule, the binary cyclic sequence is cyclically adjusted according to a preset arrangement direction to update the designated bit;
if the designated bit value is a first value, discarding the target message;
and if the designated bit value is a second value, determining the target message as the packet capturing message.
Optionally, the forwarding module includes an FPGA chip.
According to a third aspect of embodiments herein, there is provided an electronic apparatus including:
a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement the steps of the message capturing method.
According to a fourth aspect of embodiments herein, there is provided a computer-readable storage medium having stored thereon executable instructions; when the instruction is executed by the processor, the steps of the message capturing method are realized.
The technical scheme provided by the embodiment of the specification can have the following beneficial effects:
in the embodiment of the present specification, the target packet is filtered according to the preset filtering rule, and the packet capturing packet obtained by filtering is uploaded to the CPU, so that the uploading rate of the packet capturing packet is limited, and the uploading rate of the packet capturing packet is adapted to the processing performance of the CPU, thereby ensuring the normal use of the packet capturing function while maintaining the original transmission rate of the network traffic.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present specification and together with the description, serve to explain the principles of the specification.
Fig. 1 is a flowchart illustrating a message capturing method according to an exemplary embodiment of the present disclosure.
Fig. 2 is a flowchart illustrating another message capturing method according to an exemplary embodiment of the present disclosure.
Fig. 3 is a flowchart illustrating a further method for capturing a packet according to an exemplary embodiment of the present disclosure.
Fig. 4 is a hardware structure diagram of a forwarding device where a message capturing apparatus is located in the embodiment of the present description.
Fig. 5 is a block diagram of a message capture device according to an exemplary embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The following provides a detailed description of examples of the present specification.
As shown in fig. 1, fig. 1 is a flowchart of a message capturing method according to an exemplary embodiment shown in this specification, and includes the following steps:
s101, receiving an original message and acquiring the message characteristics of the original message.
The original packet referred to in the embodiments of the present description refers to a data packet exchanged and transmitted in a network, where data content and an organization mode thereof included in the data packet are determined by corresponding network protocols, such as TCP and HTTP protocols, and packets of different protocols generally have different packet structures, and the packets may be divided into different types according to the network protocols adopted by the packets.
The message characteristics referred to in the embodiments of the present description include the type of the message and/or the specific data encapsulated in the message. The types of the messages include a TCP message, a UDP message, or an HTTP message, and the specific contents encapsulated in the messages include an active IP address, a source port, a destination IP address, a destination port, a transport layer protocol, and the like, which is not limited in this specification.
S102: and when the message characteristics are matched with the preset message characteristics, determining the original message as a target message.
The preset message characteristics related in the embodiments of the present description reflect the requirements of packet capturing. For example, a message characteristic of "the source IP address is 121.14.88.76" may be preset, and as long as the source IP address of the received original message is 121.14.88.76, the message characteristic of the original message is considered to be matched with the preset message characteristic, and it is determined that the original message is the target message required for packet capture.
S103: and filtering the target message according to a preset filtering rule, and uploading the packet capturing message obtained by filtering to a CPU (central processing unit), wherein the filtering rule is used for enabling the uploading rate of the packet capturing message to be adaptive to the processing performance of the CPU.
In the embodiment of the present specification, after an original message is screened into a target message, the target message is further filtered according to a filtering rule, and the target message obtained by filtering is a packet capturing message; and finally, uploading the packet capturing message to a CPU to complete the message capturing. The filtering rule is equivalent to a further screening of the target message, and the target message meeting specific conditions can be determined as a packet capturing message, while other target messages are discarded. Therefore, the number of the packet capturing messages can be reduced by discarding part of the target messages through the filtering rules, so that the uploading rate of the packet capturing messages to the CPU is limited, and the uploading rate of the packet capturing messages is matched with the processing rate of the packet capturing messages by the CPU.
The discarding of the original message or the target message related to the embodiment of the present specification may be direct discarding and destroying, or may be output at the same output port as the packet capturing message, and by setting a packet capturing flag bit for the messages of all input devices, setting the packet capturing flag bit of the packet capturing message, and not setting the packet capturing flag bits of other messages, it is distinguished whether the message is determined to be the packet capturing message, so as to direct the message to be uploaded to a CPU or transmitted to a server or other forwarding devices as normal network traffic.
For an application scenario, before the packet capturing action is completed, the mirror image function or other modes are not used to perform mirror image processing on the packet transmitted in the network, at this time, the packet capturing will cause the loss of the target packet from the network, and affect the normal transmission of the target packet, although the retransmission mechanism ensures the robustness of the network, the pressure of each device in the network is indirectly increased due to more messages generated in the network, the scheme of the embodiment of the specification can greatly alleviate the problem, when the packet capturing message is directly output at the same output port as the flag bit, because part of the target message is confirmed to be a packet capturing message in the filtering process, and part of the target message is discarded to be regarded as normal network traffic, therefore, the target message can partially and effectively pass through the network, thereby reducing the influence of the packet capturing process on the network as much as possible; in another implementation mode, before setting the packet capturing flag bit of the packet capturing message, mirror image copying is performed on the packet capturing message, the packet capturing flag bit of the packet capturing message obtained by copying is not set, but is directly output from an output port, in this implementation mode, the packet capturing message is copied, the original packet capturing message is uploaded to a CPU because the packet capturing flag bit is set, and the copied packet capturing message is continuously transmitted in a network because the packet capturing flag bit is not set, so that in the implementation mode, a target message can effectively pass through the network completely, and the influence of the packet capturing process on the network is avoided.
For another application scenario, before the packet capturing action is completed, a mirror image function or other modes are used for mirror image copy of the messages transmitted in the network, one part of the messages transmitted in the network is directly used for subsequent normal network transmission, and the other part of the messages is used for packet capturing processing. In this application scenario, according to the scheme of the embodiment of the present specification, a packet capturing function can be implemented in a network environment with large network traffic and fast transmission rate, and since the network traffic for capturing packets is separated from the network traffic for normal transmission at the beginning, the scheme only involves processing the network traffic for capturing packets, and does not involve any processing on the network traffic for normal transmission at all, and thus does not cause any influence on the network itself.
It can be seen from the above embodiments that, by filtering the target packet according to the preset filtering rule and uploading the packet capturing packet obtained by filtering to the CPU, the uploading rate of the packet capturing packet is limited, so that the uploading rate of the packet capturing packet is adapted to the processing performance of the CPU, and thus, while maintaining the original transmission rate of the network traffic, packet loss and even crash caused by the CPU not having time to process the packet or being in a high-load working state for a long time is effectively avoided, and normal use of the packet capturing function is ensured.
As shown in fig. 2, which is a flowchart of another packet capturing method shown according to an exemplary embodiment, on the basis of the foregoing embodiment, this embodiment describes a processing procedure of how to filter a target packet according to the filtering rule and upload a packet capturing packet obtained by filtering to a CPU when determining the target packet, and includes the following steps:
s201: and receiving an original message and obtaining the message characteristics of the original message.
S202: and when the message characteristics are matched with the preset message characteristics, determining the original message as a target message.
For the description of S201-S202, reference may be made to S101-S102 described above, which are not described herein again.
S203: checking whether the moment of filtering the target message is in a sampling shielding period, if so, executing S203A, and discarding the target message; if the moment of filtering the target packet is not in the sampling mask period, S203B is executed, and the target packet is determined to be the packet capturing packet.
S204: and uploading the packet capturing message obtained by filtering to a CPU.
The sampling mask period referred to in step S203 in the embodiment of the present specification may be set in various ways.
In one embodiment, the sampling mask period is set by:
one or more sampling mask periods of a preset duration are periodically set.
The sampling mask period may be a continuous time period or a plurality of discontinuous time periods within a set period, the sum of the time periods is equal to the preset time period, and the time periods are combined according to a predefined combination mode to form a discontinuous sampling mask period, wherein the preset time period may be set by default of a system or may be set in advance by a user.
Under the condition that one or more sampling shielding periods with preset duration are periodically set, the time axis forms a periodic sampling shielding period according to the preset period, when the target message is received in the sampling shielding period, the target message is discarded, and only when the target message is not received in the sampling shielding period, the target message is determined to be a packet capturing message. The preset duration of the sampling shielding period in one period is divided by the preset period, so that the proportion of the sampling shielding period in one cycle period can be obtained, the larger the proportion is, the more obvious the shielding effect is, the larger the filtering force is, the smaller the uploading rate of the packet capturing message is.
In this embodiment, the control of the packet capturing packet uploading rate may be completed by setting the preset duration and/or the preset period, so that the uploading rate of the packet capturing packet is adapted to the processing performance of the CPU, and thus, the normal use of the packet capturing function is ensured while the original transmission rate of the network traffic is maintained.
In another optional embodiment of the foregoing embodiment, before step S203, the method further includes automatically adjusting a setting mode of a sampling mask period according to a busy degree of the CPU, so that an upload rate of the packet capturing packet is adapted to a processing performance of the CPU. The busy degree of the CPU can be obtained by the following steps:
periodically sending a busy degree acquisition request to the CPU, and receiving indication information including the busy degree of the CPU returned by the CPU; or
And receiving indication information which is sent by the CPU to the equipment actively and contains the busy degree of the CPU, wherein the indication information can be automatically sent to the equipment when the busy degree of the CPU self-checking changes.
Specifically, the ratio of the sampling mask period in one cycle period can be changed by adjusting the preset duration of the sampling mask period and/or forming a new preset period of the sampling mask period each time, so as to dynamically control the upload rate of the packet capturing message to adapt to the busy degree of the CPU contained in the CPU indication information.
In this optional embodiment, the upload rate of the packet capturing packet may be adaptively adjusted according to the busy degree of the CPU, so that when the working state of the CPU changes, the upload rate of the packet capturing packet may still be adapted to the processing performance of the CPU.
In another embodiment, the sampling mask period is set by:
counting the acquired packet capturing messages;
and setting a sampling shielding period with a preset duration and clearing the count when the count reaches a preset number.
The sampling shielding period is a period of continuous time, and the preset time can be set by default of a system or preset by a user.
In the case where the sampling mask period is set in this way, the time axis forms an aperiodic sampling mask period based on the counting result. And the period when the count does not reach the preset number does not belong to the sampling shielding period, the period of the target message is received, the target message is determined as a packet capturing message, the count is increased by one, only when the count reaches the preset number, a sampling shielding period of preset time is formed on a time axis, and the target message is discarded when the sampling shielding period is received. The average time of each packet capturing message which is formed by filtering one packet capturing message can be obtained by dividing the preset number by the preset duration of the sampling shielding period, the larger the average time is, the more obvious the shielding effect is, the larger the filtering force is, the smaller the uploading speed of the packet capturing message is.
In this embodiment, the control of the packet capturing packet uploading rate can be completed by setting the preset duration and/or the preset number, so that the packet capturing packet uploading rate is adapted to the processing performance of the CPU, and thus the normal use of the packet capturing function is ensured while the original transmission rate of the network traffic is maintained.
In another optional embodiment of the foregoing embodiment, before step S203, the method further includes automatically adjusting a setting mode of a sampling mask period according to a busy degree of the CPU, so that an upload rate of the packet capturing packet is adapted to a processing performance of the CPU. The obtaining manner of the busy level of the CPU is the same as that in the foregoing embodiment, and is not described herein again.
Specifically, the average time of the sampling mask period formed by one packet capturing message can be changed by adjusting the preset duration of the sampling mask period and/or triggering the preset number of the sampling mask periods, so that the uploading rate of the packet capturing message is dynamically controlled to adapt to the busy degree of a CPU (central processing unit) contained in the CPU indication information, for example, when the busy degree of the CPU is larger, the average time of the sampling mask period formed by one packet capturing message is increased by reducing the preset number of the triggering sampling mask period, so that the uploading rate of the packet capturing message is reduced.
In this optional embodiment, the upload rate of the packet capturing packet may be adaptively adjusted according to the busy degree of the CPU, so that when the working state of the CPU changes, the upload rate of the packet capturing packet may still be adapted to the processing performance of the CPU.
As shown in fig. 3, which is a flowchart of another packet capturing method shown according to an exemplary embodiment, on the basis of the foregoing embodiment, this embodiment describes a processing procedure of how to filter a target packet according to the filtering rule and upload a packet capturing packet obtained by filtering to a CPU when determining the target packet, and includes the following steps:
s301: and receiving an original message and obtaining the message characteristics of the original message.
S302: and when the message characteristics are matched with the preset message characteristics, determining the original message as a target message.
For the description of S301 to S302, reference may be made to S101 to S102 described above, and details are not repeated here.
S303: identifying the numerical value of the designated bit of the preset binary cyclic sequence; and after the target message is filtered according to the filtering rule, circularly adjusting the binary circular sequence according to a preset arrangement direction to update the designated bit.
The binary cyclic sequence referred to in the embodiments of the present specification may be set by default by the system, or set in advance by the user. The binary cyclic sequence is formed by arranging a plurality of binary numbers, when a target message is received, the binary cyclic sequence is circularly adjusted according to a preset arrangement direction, and a designated position, such as the highest position, is selected for indicating sampling logic, so that the value on the highest position is continuously updated due to the circular adjustment of the binary cyclic sequence along with the continuous reception of the target message. For example, for a binary cyclic sequence "101001000", when a target message is received, the binary cyclic sequence will automatically adjust to "010100100", which is equivalent to that when all binary numbers are shifted to the right by one bit (the lowest binary number is cyclically adjusted to the highest bit), the value at the highest bit is changed from "1" to "0", thereby completing the update of the value at the designated bit.
In another implementation manner, the binary cyclic sequence itself does not perform cyclic adjustment, but performs cyclic adjustment on the designated bit according to a preset flow direction when a target message is received, so as to continuously complete updating of the value on the designated bit. For example, for a binary cyclic sequence "101001000", the original designated bit is the highest bit, and the corresponding value is "1", when a target message is received, the designated bit is moved from the highest bit to the next highest bit, and the corresponding value is changed from "1" to "0", thereby completing the update of the value on the designated bit.
S304: identifying a numerical value corresponding to the designated bit, if the numerical value of the designated bit is a first value, executing S304A, and discarding the target message; if the specified bit value is the second value, S304B is executed, and the target packet is determined to be the packet capturing packet.
The numerical value of the designated bit can be '0' or '1', one of the numbers can correspond to the condition of discarding the target message, and the other number can correspond to the condition of determining the packet capturing message. For example, the first value may be "0" and the second value may be "1".
Dividing the number of digits of the numerical value used for determining the condition of discarding the target message in the binary cyclic sequence by the total digits of the binary cyclic sequence to obtain the proportion of the number of digits of the numerical value in the total digits of the cyclic sequence, wherein the greater the proportion is, the more obvious the shielding effect is, the greater the filtering strength is, the smaller the uploading rate of the packet capturing message is.
S305: and uploading the packet capturing message obtained by filtering to a CPU.
In this embodiment, the control of the packet capturing packet uploading rate can be completed by setting the binary cyclic sequence, so that the packet capturing packet uploading rate is adapted to the processing performance of the CPU, and thus the normal use of the packet capturing function is ensured while the original transmission rate of the network traffic is maintained.
In another optional embodiment of the foregoing embodiment, before the step S303, the method further includes automatically adjusting a setting mode of a binary loop sequence according to a busy degree of the CPU, so that an upload rate of the packet capturing packet is adapted to a processing performance of the CPU. The busy degree of the CPU can be obtained by the following steps:
periodically sending a busy degree acquisition request to the CPU, and receiving indication information including the busy degree of the CPU returned by the CPU; or
And receiving indication information which is sent by the CPU to the equipment actively and contains the busy degree of the CPU, wherein the indication information can be automatically sent to the equipment when the busy degree of the CPU self-checking changes.
Specifically, the ratio of "0" and "1" in the binary loop sequence can be changed by adjusting the number of bits and/or the numerical content of the binary loop sequence, so as to dynamically control the upload rate of the packet capture message to adapt to the busy degree of the CPU contained in the CPU indication information, for example, when the busy degree of the CPU is greater and the first value is "0", the number of bits and/or the numerical content of the original binary loop sequence can be changed so that the proportion of "0" in the new binary loop sequence is greater than the proportion of "0" in the original binary loop sequence, thereby reducing the upload rate of the packet capture message.
In this optional embodiment, the upload rate of the packet capturing packet may be adaptively adjusted according to the busy degree of the CPU, so that when the working state of the CPU changes, the upload rate of the packet capturing packet may still be adapted to the processing performance of the CPU.
In the embodiment of this specification, the above method embodiment is applied to a forwarding module in a forwarding device, where the forwarding device includes a router, a switch, a repeater, a bridge, a hub, a repeater, and the like; the forwarding module can be implemented based on a programmable logic device such as an FPGA chip.
When the forwarding module is implemented based on the FPGA chip, the cost can be compressed as much as possible on the basis of realizing the packet capturing function, and meanwhile, the forwarding module has higher processing efficiency, has stronger expansibility due to rich interfaces of the FPGA, and has higher flexibility due to the programmable function.
Corresponding to the embodiment of the method, the specification also provides an embodiment of the device and application equipment thereof.
The embodiment of the capturing apparatus for a packet in this specification can be applied to forwarding devices, such as servers, terminal devices, or devices based on FPGA chips. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a capturing device of a message in a logical sense, a processor reads a corresponding computer program instruction in a nonvolatile memory into a memory for operation. In terms of hardware, as shown in fig. 4, the hardware structure of the forwarding device where the capturing apparatus for a packet is located in the embodiment of the present description is a diagram, except for the processor 410, the memory 430, the network interface 420, the nonvolatile memory 440, and the forwarding module 450 shown in fig. 4, other hardware may also be included according to the actual function of the forwarding device, which is not described again.
As shown in fig. 5, fig. 5 is a block diagram of a message capturing apparatus according to an exemplary embodiment shown in this specification, where the apparatus includes:
a receiving unit 510, configured to receive an original packet and obtain a packet feature of the original packet;
a matching unit 520, configured to determine the original packet as a target packet when the packet characteristic matches a preset packet characteristic;
and the filtering unit 540 is configured to filter the target packet according to a preset filtering rule, and upload the packet capturing packet obtained by filtering to the CPU, where the filtering rule is used to adapt an upload rate of the packet capturing packet to the processing performance of the CPU.
It can be seen from the above embodiments that, by filtering the target packet according to the preset filtering rule and uploading the packet capturing packet obtained by filtering to the CPU, the uploading rate of the packet capturing packet is limited, so that the uploading rate of the packet capturing packet is adapted to the processing performance of the CPU, and the normal use of the packet capturing function is ensured while the original transmission rate of the network traffic is maintained.
Optionally, in another optional embodiment, in addition to the above units, the apparatus further comprises:
an adjusting unit 530, configured to automatically adjust the filtering rule according to the busy degree of the CPU, so that the uploading rate of the packet capturing packet is adapted to the busy degree of the CPU.
In this optional embodiment, the upload rate of the packet capturing packet may be adaptively adjusted according to the busy degree of the CPU, so that when the working state of the CPU changes, the upload rate of the packet capturing packet may still be adapted to the processing performance of the CPU.
Optionally, in another embodiment, the filtering rules in the filtering unit 540 include:
if the moment of filtering the target message is in a sampling shielding period, discarding the target message;
and if the moment of filtering the target message is not in the sampling shielding period, determining the target message as the packet capturing message.
The sampling mask period referred to in the embodiments of the present specification may be set in various ways.
In one embodiment, the sampling mask period is set by:
one or more sampling mask periods of a preset duration are periodically set.
In this embodiment, the control of the packet capturing packet uploading rate may be completed by setting the preset duration and/or the preset period, so that the uploading rate of the packet capturing packet is adapted to the processing performance of the CPU, and thus, the normal use of the packet capturing function is ensured while the original transmission rate of the network traffic is maintained.
In another embodiment, the sampling mask period is set by:
counting the acquired packet capturing messages;
and setting a sampling shielding period with a preset duration and clearing the count when the count reaches a preset number.
In this embodiment, the control of the packet capturing packet uploading rate can be completed by setting the preset duration and/or the preset number, so that the packet capturing packet uploading rate is adapted to the processing performance of the CPU, and thus the normal use of the packet capturing function is ensured while the original transmission rate of the network traffic is maintained.
Optionally, in another embodiment, the filtering rules in the filtering unit 540 include:
identifying the numerical value of the designated bit of the preset binary cyclic sequence; and after the target message is filtered according to the filtering rule, circularly adjusting the binary circular sequence according to a preset arrangement direction to update the designated bit.
If the designated bit value is a first value, discarding the target message; and if the designated bit value is a second value, determining the target message as the packet capturing message.
In this embodiment, the control of the packet capturing packet uploading rate can be completed by setting the binary cyclic sequence, so that the packet capturing packet uploading rate is adapted to the processing performance of the CPU, and thus the normal use of the packet capturing function is ensured while the original transmission rate of the network traffic is maintained.
The functions and functions of each module in the device are described simply, and the detailed implementation process of the device is referred to the implementation process of the corresponding step in the method, which is not described herein again.
Correspondingly, the present specification also provides an apparatus comprising a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement the steps of the message capturing method provided in fig. 1.
Accordingly, the present specification also provides a computer readable storage medium having executable instructions stored thereon; wherein, when being executed by the processor, the instructions implement the steps of the message capturing method provided in fig. 1.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A message capturing method is applied to a forwarding module in forwarding equipment, and the method comprises the following steps:
receiving an original message and acquiring message characteristics of the original message;
when the message characteristics are matched with preset message characteristics, determining the original message as a target message;
and filtering the target message according to a preset filtering rule, and uploading the packet capturing message obtained by filtering to a CPU (central processing unit), wherein the filtering rule is used for enabling the uploading rate of the packet capturing message to be adaptive to the processing performance of the CPU.
2. The method of claim 1, further comprising:
and automatically adjusting the filtering rule according to the busy degree of the CPU, so that the uploading rate of the packet capturing message is adaptive to the busy degree of the CPU.
3. The method of claim 1, wherein the filtering rules comprise:
if the moment of filtering the target message is in a sampling shielding period, discarding the target message;
and if the moment of filtering the target message is not in the sampling shielding period, determining the target message as the packet capturing message.
4. The method of claim 3, wherein the sampling mask period is set by:
counting the acquired packet capturing messages;
and setting a sampling shielding period with a preset duration and clearing the count when the count reaches a preset number.
5. The method of claim 3, wherein the sampling mask period is set by:
one or more sampling mask periods of a preset duration are periodically set.
6. The method of claim 1, wherein the filtering rules comprise:
identifying the numerical value of the designated bit of the preset binary cyclic sequence; wherein, after filtering the target message according to the filtering rule, the binary cyclic sequence is cyclically adjusted according to a preset arrangement direction to update the designated bit;
if the designated bit value is a first value, discarding the target message;
and if the designated bit value is a second value, determining the target message as the packet capturing message.
7. The method of any of claims 1-6, wherein the forwarding module comprises an FPGA chip.
8. A message capturing device is applied to a forwarding module in a forwarding device, and the device comprises:
the receiving unit is used for receiving an original message and acquiring the message characteristics of the original message;
the matching unit is used for determining the original message as a target message when the message characteristics are matched with preset message characteristics;
and the filtering unit is used for filtering the target message according to a preset filtering rule and uploading the packet capturing message obtained by filtering to the CPU, and the filtering rule is used for enabling the uploading rate of the packet capturing message to be adaptive to the processing performance of the CPU.
9. An electronic device includes a processor; memory for storing processor-executable instructions, wherein the processor is configured to implement the steps of the method of any one of claims 1-7.
10. A computer-readable storage medium having stored thereon executable instructions, wherein the instructions, when executed by a processor, perform the steps of the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010974904.XA CN112165410A (en) | 2020-09-16 | 2020-09-16 | Message capturing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010974904.XA CN112165410A (en) | 2020-09-16 | 2020-09-16 | Message capturing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112165410A true CN112165410A (en) | 2021-01-01 |
Family
ID=73859044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010974904.XA Pending CN112165410A (en) | 2020-09-16 | 2020-09-16 | Message capturing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112165410A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1477823A (en) * | 2003-07-31 | 2004-02-25 | CPU message flow control method of distributed exchange router system | |
| CN103441946A (en) * | 2013-09-05 | 2013-12-11 | 上海斐讯数据通信技术有限公司 | CPU-protecting mass-flow attack identification method and device |
| US8958318B1 (en) * | 2011-09-21 | 2015-02-17 | Cisco Technology, Inc. | Event-based capture of packets from a network flow |
| CN107948157A (en) * | 2017-11-24 | 2018-04-20 | 锐捷网络股份有限公司 | A kind of message processing method and device |
| CN108737217A (en) * | 2018-06-01 | 2018-11-02 | 杭州迪普科技股份有限公司 | A kind of packet snapping method and device |
| CN109408246A (en) * | 2018-09-05 | 2019-03-01 | 江苏博智软件科技股份有限公司 | A kind of adaptive auditing method of industry control network |
-
2020
- 2020-09-16 CN CN202010974904.XA patent/CN112165410A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1477823A (en) * | 2003-07-31 | 2004-02-25 | CPU message flow control method of distributed exchange router system | |
| US8958318B1 (en) * | 2011-09-21 | 2015-02-17 | Cisco Technology, Inc. | Event-based capture of packets from a network flow |
| CN103441946A (en) * | 2013-09-05 | 2013-12-11 | 上海斐讯数据通信技术有限公司 | CPU-protecting mass-flow attack identification method and device |
| CN107948157A (en) * | 2017-11-24 | 2018-04-20 | 锐捷网络股份有限公司 | A kind of message processing method and device |
| CN108737217A (en) * | 2018-06-01 | 2018-11-02 | 杭州迪普科技股份有限公司 | A kind of packet snapping method and device |
| CN109408246A (en) * | 2018-09-05 | 2019-03-01 | 江苏博智软件科技股份有限公司 | A kind of adaptive auditing method of industry control network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11336581B2 (en) | Automatic rate limiting based on explicit network congestion notification in smart network interface card | |
| EP2959645B1 (en) | Dynamic optimization of tcp connections | |
| US20070083924A1 (en) | System and method for multi-stage packet filtering on a networked-enabled device | |
| US7831745B1 (en) | Scalable direct memory access using validation of host and scatter gather engine (SGE) generation indications | |
| EP3588865A1 (en) | Event ingestion management | |
| US20220286402A1 (en) | Method and apparatus for controlling data packet sending, model training method and apparatus, and system | |
| KR20170060118A (en) | Managing classified network streams | |
| CN115349121A (en) | Method and device for processing stateful service | |
| CN113542145A (en) | Method for sharing Ethernet link aggregation group load and network equipment | |
| CN111431871A (en) | Processing method and device of TCP (Transmission control protocol) semi-transparent proxy | |
| CN110996268B (en) | SIG mesh-based broadcast bearer layer message filtering strategy method | |
| CN111858046A (en) | Service request processing method and device, storage medium and electronic device | |
| CN115086250A (en) | Network target range distributed traffic generation system and method | |
| US10897402B2 (en) | Statistics increment for multiple publishers | |
| CN113438169A (en) | Data scheduling method, electronic equipment and storage medium | |
| US11546261B2 (en) | Congestion control method and related device | |
| CN111740922B (en) | Data transmission method, device, electronic equipment and medium | |
| CN112165410A (en) | Message capturing method and device | |
| CN115514709B (en) | Congestion control event queue scheduling method, device, equipment and storage medium | |
| CN112714159A (en) | Message forwarding method and device, storage medium and electronic device | |
| CN105704057B (en) | The method and apparatus for determining the type of service of burst port congestion packet loss | |
| CN112367265B (en) | Reliable data transmission method and device suitable for narrow-band weak connection network | |
| CN112511323B (en) | Method and related apparatus for handling network congestion | |
| CN111865884B (en) | Message processing method, device and equipment | |
| CN113852445A (en) | Method, system, equipment and storage medium for improving data transmission reliability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210101 |