CN114884706B - Vehicle-mounted message processing method and system - Google Patents

Vehicle-mounted message processing method and system Download PDF

Info

Publication number
CN114884706B
CN114884706B CN202210433338.0A CN202210433338A CN114884706B CN 114884706 B CN114884706 B CN 114884706B CN 202210433338 A CN202210433338 A CN 202210433338A CN 114884706 B CN114884706 B CN 114884706B
Authority
CN
China
Prior art keywords
message
mac address
authentication
ecu
filtering module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210433338.0A
Other languages
Chinese (zh)
Other versions
CN114884706A (en
Inventor
张蕾
郭卫华
杨孙永
武剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Hirain Tech Co Ltd
Original Assignee
Beijing Jingwei Hirain Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Hirain Tech Co Ltd filed Critical Beijing Jingwei Hirain Tech Co Ltd
Priority to CN202210433338.0A priority Critical patent/CN114884706B/en
Publication of CN114884706A publication Critical patent/CN114884706A/en
Application granted granted Critical
Publication of CN114884706B publication Critical patent/CN114884706B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The present disclosure provides a vehicle-mounted message processing method and system, the system includes a plurality of ECUs, TBOX and a vehicle-mounted switch, the vehicle-mounted switch is used for transmitting communication information between the ECUs and the TBOX, an authentication client is disposed in each ECU, an authentication server and a first message filtering module are disposed in the TBOX, the method includes: under the condition that the first message filtering module receives a first message sent by the authentication client and meets a first condition, the first message filtering module sends the first message to the authentication server for authentication, wherein the first condition comprises that a control item corresponding to a first source MAC address in the first message in a first MAC address control list is discarded and the first message is based on an authentication protocol; under the condition that the first message meets a second condition, the first message filtering module allows the first message to pass through, and the second condition comprises that a control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass through; otherwise, discarding the first message.

Description

Vehicle-mounted message processing method and system
Technical Field
The disclosure relates to the technical field of automobiles, in particular to a vehicle-mounted message processing method and a vehicle-mounted message processing system.
Background
Ethernet is currently the most common type of computer network and implements the idea of transmitting information by a plurality of nodes of a radio system on the network, each of which must acquire a cable or channel to transmit the information, sometimes called ethernet. Each node has a globally unique 48-bit address, i.e., the MAC (Media Access Control ) address assigned to the network card by the manufacturer, to ensure that all nodes on the ethernet network can authenticate each other.
In order to ensure the safety of the equipment accessed by the user, safety authentication is often required when the Ethernet is accessed. The IEEE 802.1X protocol is the most commonly used ethernet authentication protocol, which implements authentication in a "client + server" manner. The authentication server is typically deployed on an access switch or edge switch and runs an IEEE 802.1X protocol state machine. The authentication client runs on an access device such as a personal computer, VOIP (Voice over Internet Protocol, voice over IP) phone, etc. When the authentication client accesses the network, the authentication client initiatively initiates an authentication starting message to the authentication server to trigger authentication, then the authentication client and the authentication server interact according to the IEEE 802.1X protocol specification, and finally the authentication success or the authentication failure of the authentication client is determined according to the content of the interaction message and the state of the protocol state machine. And the authentication server deployed on the switch controls the behavior of the authentication client by controlling the message forwarding of the switch chip interface according to the authentication state of the authentication client. This requires the switch running the authentication server to run the IEEE 802.1X authentication protocol using a high performance CPU (Central Processing Unit ) and to use a high performance switching chip to dynamically change the message forwarding behavior of the access port.
However, the above solution is not suitable for an on-board ethernet network, because: the processing capacity of a switch (i.e. an on-board switch) in the on-board Ethernet is weaker, only one embedded processing program can be operated, and complex IEEE 802.1X authentication protocols can not be independently operated, so that an authentication server can not be deployed on an on-board network access switch or an intermediate switch, and the switch adopts a single function of a switch chip, and does not support the message forwarding behavior of dynamically changing ports according to MAC address authentication information.
Disclosure of Invention
The invention provides a vehicle-mounted message processing method and a vehicle-mounted message processing system, which not only can successfully deploy a vehicle-mounted Ethernet in a vehicle to realize Ethernet protocol authentication, but also can dynamically change message forwarding behaviors of ports according to MAC address authentication information to improve message processing safety.
The specific technical scheme is as follows:
in a first aspect, an embodiment of the present disclosure provides a vehicle-mounted packet processing method, where the method is applied to a vehicle-mounted packet processing system, the system includes a plurality of electronic control units ECU, a telematics unit TBOX, and a vehicle-mounted switch, the vehicle-mounted switch is configured to transmit a communication message between the ECU and the TBOX, an authentication client is disposed in each ECU, and an authentication server and a first packet filtering module are disposed in the TBOX, and the method includes:
When the first message filtering module receives that a first message sent by the authentication client meets a first condition, the first message filtering module sends the first message to the authentication server for authentication, wherein the first condition comprises that a control item corresponding to a first source Media Access Control (MAC) address in the first message in a first MAC address control list is discarded, and the first message is based on an authentication protocol, and the first MAC address control list comprises MAC addresses of all ECUs in a vehicle and the control item corresponding to the MAC address of each ECU;
under the condition that the first message meets a second condition, the first message filtering module allows the first message to pass, wherein the second condition comprises that the control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass;
and under the condition that the first message meets a third condition, the first message filtering module discards the first message, wherein the third condition comprises that the control item corresponding to the first source MAC address in the first MAC address control list is discarded and the first message is not based on the authentication protocol, or the first source MAC address is not in the first MAC address control list.
In one embodiment, after the first message filtering module sends the first message to the authentication server for authentication, the method further includes:
the first message filtering module receives an authentication result message sent by the authentication server, wherein the authentication result message comprises the first source MAC address, and the authentication result message also comprises an authentication result of the authentication client corresponding to the first message or a control item corresponding to the authentication result;
and under the condition that the authentication result in the authentication result message is authentication success or the control item is allowed to pass, the first message filtering module updates the control item corresponding to the first source MAC address in the first MAC address control list to be allowed to pass.
In one embodiment, the method further comprises:
after the TBOX is started, initializing the first message filtering module by the TBOX, so that the first message filtering module generates a first initial MAC address control list, wherein the first initial MAC address control list is empty;
the first message filtering module updates the first initial MAC address control list according to a first MAC address control message sent by the authentication server, and takes the updated first initial MAC address control list as the first MAC address control list, wherein the first MAC address control message comprises at least one MAC address of the ECU and the control item for indicating discarding, the first MAC address control message is generated according to a whole vehicle configuration information table, and the whole vehicle configuration information table comprises the MAC addresses of the ECUs in the vehicle.
In one embodiment, after the first message filtering module sends the first message to the authentication server for authentication, the method further includes:
and the authentication server sends an authentication result message to each authentication client through the designated connection.
In one embodiment, a second message filtering module is further disposed in each ECU, and the method further includes:
when the authentication client determines that the first source MAC address in the authentication result message is not the own MAC address, the second message filtering module in the ECU to which the authentication client belongs receives the authentication result message sent by the authentication client, and updates the control item corresponding to the first source MAC address in a second MAC address control list according to the authentication result message, where the authentication client sends an operation result response for the authentication result to the authentication server through the designated connection, and the second MAC address control list includes other MAC addresses except the own MAC address and the control items corresponding to the other MAC addresses, and the operation result response includes a control item for indicating that updating of the second MAC address control list based on the authentication result message is successful, or for indicating that updating of the second MAC address control list based on the authentication result message fails;
And under the condition that the authentication client determines that the first source MAC address in the authentication result message is the self MAC address, the authentication client sends an operation success response for indicating that the second MAC address control list is successfully updated based on the authentication result message to the authentication server through the designated connection.
In one embodiment, the on-board switch is further configured to transmit a communication message between each of the ECUs, the method further comprising:
when the second message filtering module receives that the second messages sent by other authentication clients meet a fourth condition, the second message filtering module allows the second messages to pass, wherein the fourth condition includes that the control item corresponding to a second source MAC address in the second messages in the second MAC address control list is allowed to pass;
and under the condition that the second message meets a fifth condition, discarding the second message by the second message filtering module, wherein the fifth condition comprises that the control item corresponding to the second source MAC address in the second MAC address control list is discarded, or that the second source MAC address is not in the second MAC address control list.
In one embodiment, the method further comprises:
after the ECU is started, initializing the second message filtering module by the ECU, so that a second initial MAC address control list is generated in the second message filtering module, wherein the second initial MAC address control list is empty;
the second message filtering module updates the second initial MAC address control list according to a second MAC address control message sent by the authentication client, and takes the updated second initial MAC address control list as the second MAC address control list, where the second MAC address control message includes at least one MAC address of the other ECU and the control item for indicating discarding, and the second MAC address control message is generated according to the whole vehicle configuration information table.
In one embodiment, before the authentication server sends the authentication result message to each of the authentication clients through a designated connection, the method further includes:
the first thread created by the authentication client establishes the appointed connection with an appointed transmission service opened by a second thread created by the authentication server through an appointed port, wherein the appointed port comprises a registered port in an unbound state or a private port in an unbound state in a Transmission Control Protocol (TCP) port, and the appointed transmission service comprises a transmission authentication result message and/or the operation result response.
In one embodiment, the first MAC address control list and/or the second MAC address control list further include an ECU port identifier corresponding to the MAC address.
In a second aspect, an embodiment of the present disclosure provides a vehicle-mounted packet processing system, where the system includes a plurality of electronic control units ECU, a telematics unit TBOX, and a vehicle-mounted switch, where the vehicle-mounted switch is configured to transmit a communication message between the ECU and the TBOX, each ECU is configured to have an authentication client deployed therein, and the TBOX is configured to have an authentication server and a first packet filtering module deployed therein;
the first message filtering module is configured to send a first message sent by the authentication client to the authentication server for authentication when the first message received meets a first condition, where the first condition includes that a control item corresponding to a first source media access control MAC address in the first message in a first MAC address control list is discarded, and the first message is a message based on an authentication protocol, and the first MAC address control list includes MAC addresses of each ECU in a vehicle and the control item corresponding to the MAC address of each ECU;
The first message filtering module is further configured to allow the first message to pass when the first message meets a second condition, where the second condition includes that the control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass;
the first packet filtering module is further configured to discard the first packet when the first packet meets a third condition, where the third condition includes that the control item corresponding to the first source MAC address in the first MAC address control list is discarded and the first packet is not a packet based on the authentication protocol, or that the first source MAC address is not in the first MAC address control list.
In one embodiment, the first packet filtering module is further configured to receive an authentication result packet sent by the authentication server, where the authentication result packet includes the first source MAC address, and the authentication result packet further includes an authentication result of the authentication client corresponding to the first packet or a control item corresponding to the authentication result; and under the condition that the authentication result in the authentication result message is authentication success or the control item is allowed to pass, the first message filtering module updates the control item corresponding to the first source MAC address in the first MAC address control list to be allowed to pass.
In one embodiment, the TBOX is configured to initialize the first packet filtering module after the TBOX is started, so that the first packet filtering module generates a first initial MAC address control list, where the first initial MAC address control list is empty;
the first message filtering module is further configured to update the first initial MAC address control list according to a first MAC address control message sent by the authentication server, and use the updated first initial MAC address control list as the first MAC address control list, where the first MAC address control message includes at least one MAC address of the ECU and the control item for indicating discarding, and the first MAC address control message is generated according to a whole vehicle configuration information table, where the whole vehicle configuration information table includes the MAC addresses of the ECUs in the vehicle.
In one embodiment, the authentication server is configured to send, after the first message filtering module sends the first message to the authentication server for authentication, an authentication result message to each authentication client through a designated connection.
In one implementation, a second message filtering module is further disposed in each ECU;
the second message filtering module is configured to receive, when the authentication client determines that the first source MAC address in the authentication result packet is not the own MAC address, the authentication result packet sent by the authentication client, and update, according to the authentication result packet, the control item corresponding to the first source MAC address in a second MAC address control list, where the authentication client sends, to the authentication server through the designated connection, an operation result response for the authentication result, where the second MAC address control list includes other MAC addresses except the own MAC address and the control item corresponding to the other MAC addresses, and the operation result response includes a control item for indicating that updating of the second MAC address control list based on the authentication result packet is successful, or indicates that updating of the second MAC address control list based on the authentication result packet fails;
the authentication client is configured to send, to the authentication server through the designated connection, an operation success response for indicating success of updating the second MAC address control list based on the authentication result message, where the authentication client determines that the first source MAC address in the authentication result message is a self MAC address.
In one embodiment, the on-board switch is further configured to transmit a communication message between each of the ECUs;
the second message filtering module is further configured to allow the second message to pass when receiving second messages sent by other authentication clients and satisfying a fourth condition, where the fourth condition includes that a control item corresponding to a second source MAC address in the second message in the second MAC address control list is allowed to pass; and discarding the second message under the condition that the second message meets a fifth condition, wherein the fifth condition comprises that the control item corresponding to the second source MAC address in the second MAC address control list is discarded, or that the second source MAC address is not in the second MAC address control list.
In one embodiment, the ECU is configured to initialize the second packet filtering module after the ECU is started, so that a second initial MAC address control list is generated in the second packet filtering module, where the second initial MAC address control list is empty;
the second message filtering module is configured to update the second initial MAC address control list according to a second MAC address control message sent by the authentication client, and use the updated second initial MAC address control list as the second MAC address control list, where the second MAC address control message includes at least one MAC address of the other ECU and the control item for indicating discarding, and the second MAC address control message is generated according to the whole vehicle configuration information table.
In one embodiment, the authentication client is configured to, before sending an authentication result packet to each authentication client through a designated connection, establish the designated connection by using a first thread created by the authentication client and a designated transport service opened by a second thread created by the authentication server through a designated port, where the designated port includes a registered port in an unbound state or a private port in an unbound state in a TCP port of a transport control protocol, and the designated transport service includes transmitting the authentication result packet and/or the operation result response.
In one embodiment, the first MAC address control list and/or the second MAC address control list further include an ECU port identifier corresponding to the MAC address.
In a third aspect, another embodiment of the present disclosure provides a storage medium having stored thereon executable instructions that when executed by a processor cause the processor to implement a method according to any of the embodiments of the first aspect.
In a fourth aspect, another embodiment of the present disclosure provides a vehicle comprising the system of any one of the embodiments of the second aspect.
As can be seen from the foregoing, the embodiments of the present disclosure provide a vehicle-mounted message processing method and system, where an authentication client can be disposed in each ECU, an authentication server is disposed in a TBOX, and a first message filtering module is disposed in the TBOX, where the ECU and the TBOX communicate with each other through a vehicle-mounted switch, where the first message filtering module receives a first message sent by the authentication client and meets a first condition, the first message filtering module sends the first message to the authentication server to perform authentication, the first condition includes that a control item corresponding to a first source MAC address in the first message in a first MAC address control list is a message based on an authentication protocol, the first MAC address control list includes that a MAC address of each ECU in a vehicle and a control item corresponding to a MAC address of each ECU in the vehicle are discarded, and where the first message filtering module allows the first message to pass under a second condition that the first source MAC address in the first MAC address control list meets a control item that the first source MAC address in the first MAC address control list corresponds to pass, and the first message is not allowed to discard under the first MAC address control list or that the first MAC address in the first MAC address control list is not based on the authentication protocol. It can be known that, according to the embodiment of the disclosure, the function of the authentication server can be executed through the TBOX with stronger CPU performance, so that the ethernet authentication of each ECU can be realized, the first message sent by the ECU can be filtered through the first message filtering module in the TBOX according to the first MAC address control list, and meanwhile, because the control items in the table are controlled by the authentication server and are generated according to the authentication result of the ethernet authentication protocol (such as IEEE 802.1X protocol), the function same as the message forwarding through the control port of the exchange chip is completely realized, and the aim of controlling each ECU in the vehicle to interact with the external network through the TBOX according to the authentication result is achieved. In addition, the ECUs can also communicate through the vehicle-mounted switch, and the second message filtering module is deployed in each ECU, so that the second message filtering module filters second messages sent by other ECUs according to the second MAC address control list. Finally, a network access control network in the vehicle is established between each ECU in the network in the vehicle and between the ECU and the TBOX according to the authentication result of the Ethernet authentication protocol, and the control logic of the network is dynamically changed according to the authentication result of the Ethernet authentication protocol, so that the aim of controlling all messages in the vehicle to mutually receive and transmit according to the authentication result of the Ethernet authentication protocol is fulfilled.
Of course, not all of the above-described advantages need be achieved simultaneously in practicing any one of the products or methods of the present disclosure.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It will be apparent that the drawings in the following description are only some embodiments of the present disclosure. Other figures may be derived from these figures without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a schematic diagram of an on-vehicle message processing system according to an embodiment of the disclosure;
fig. 2 is a flow chart of a vehicle-mounted message processing method provided in an embodiment of the disclosure;
FIG. 3 is a schematic diagram of another vehicle-mounted message processing system according to an embodiment of the disclosure;
fig. 4 is a flow chart of another vehicle-mounted message processing method according to an embodiment of the disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present disclosure. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without undue burden, are within the scope of the present disclosure.
It should be noted that the terms "comprising" and "having" and any variations thereof in the embodiments of the present disclosure and the accompanying drawings are intended to cover non-exclusive inclusions. A process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed but may alternatively include other steps or elements not listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a schematic diagram of an on-vehicle message processing system according to an embodiment of the present disclosure, where the system includes a plurality of ECUs (Electronic Control Unit, electronic control units) 11, a TBOX (telematics box) 12, and an on-vehicle switch 13, where the on-vehicle switch 13 is configured to transmit a communication message between the ECUs 11 and the TBOX12, and/or transmit a communication message between the ECUs 11, and an authentication client 111 is disposed in each ECU11, and the TBOX12 is disposed with an authentication server 121 and a first message filtering module 122. By adopting the system architecture, the TBOX12 with stronger processing capability can be used as the authentication server 121 to successfully process the ethernet protocol (such as 802.1X protocol), while the vehicle-mounted switch 13 with weaker processing capability can be used as a relay to forward the data between the authentication client 111 and the authentication server 121, and the message forwarding can be performed by the first message filtering module 122 in the TBOX12 according to the MAC address authentication information.
The following describes the processing procedure of the vehicle-mounted message based on the system architecture:
fig. 2 is a flow chart of a vehicle-mounted message processing method according to an embodiment of the present disclosure, where the method is applied to a vehicle, and may specifically be applied to a vehicle-mounted message processing system in the vehicle, and the method further includes:
s210: under the condition that the first message filtering module receives a first message sent by the authentication client and meets a first condition, the first message filtering module sends the first message to the authentication server for authentication, wherein the first condition comprises that a control item corresponding to a first source Media Access Control (MAC) address in the first message in a first MAC address control list is discarded, and the first message is based on an authentication protocol.
The first MAC address control list comprises MAC addresses of all ECUs in the vehicle and control items corresponding to the MAC addresses of all ECUs. Each ECU may have a plurality of ECU ports, and each ECU port corresponds to one MAC address, so the first MAC address control list may further include an ECU port identifier corresponding to the MAC address, so that the first packet filtering module quickly learns the ECU port corresponding to the MAC address. The first message filtering module may be an eBPF (Extended Berkeley Packet Filter, extended berkeley message filter) module, or may be a filtering module based on other filtering technologies. When the control item corresponding to the first source MAC address in the first message in the first MAC address control list is discarded and the first message is based on the authentication protocol, the authentication client corresponding to the first source MAC address is not completed, and the authentication is requested or is in the authentication process, so that the first message filtering module sends the first message to the authentication server for authentication. The messages based on the authentication protocol comprise a start authentication message and other messages involved in the authentication process, and the authentication protocol comprises an IEEE 802.1X authentication protocol.
After TBOX is started, initializing a first message filtering module, so that the first message filtering module generates a first initial MAC address control list, wherein the first initial MAC address control list is empty; the first message filtering module updates a first initial MAC address control list according to a first MAC address control message sent by the authentication server, and takes the updated first initial MAC address control list as a first MAC address control list, wherein the first MAC address control message comprises at least one MAC address of the ECU and a control item for indicating discarding, the first MAC address control message is generated according to a whole vehicle configuration information table, the whole vehicle configuration information table comprises the MAC addresses of all ECUs in the vehicle, and the whole vehicle configuration information table can also comprise ECU port identifiers corresponding to all the MAC addresses.
The first message filtering module updates a first initial MAC address control list according to the first MAC address control message, wherein the first message filtering module adds the MAC address in the first MAC address control message and a control item corresponding to the MAC address to the first initial MAC address control list. When the first message filtering module is initialized, each authentication client does not complete authentication, so that the control item corresponding to each MAC address in the first MAC address control list obtained at the beginning is discarded, and then the control item can be updated according to the authentication condition.
After a first message filtering module sends a first message to an authentication server for authentication, the first message filtering module receives an authentication result message sent by the authentication server, wherein the authentication result message comprises the first source MAC address, and the authentication result message also comprises an authentication result of the authentication client corresponding to the first message or a control item corresponding to the authentication result; and under the condition that the authentication result in the authentication result message is authentication success or the control item is allowed to pass, the first message filtering module updates the control item corresponding to the first source MAC address in the first MAC address control list to be allowed to pass. That is, after the authentication server authenticates the authentication client to obtain an authentication result, the authentication server may directly send an authentication result message including the first source MAC address and the authentication result to the first message filtering module, where the first message filtering module updates the first MAC address control list according to the correspondence between the authentication result and the control item, and the authentication server may also generate an authentication result message including the first source MAC address and the control item according to the authentication result and send the authentication result message to the first message filtering module, where the first message filtering module may directly update the first MAC address control list according to the control item in the authentication result message. The authentication result comprises authentication success or authentication failure, the control item corresponding to the authentication success is allowed to pass, and the control item corresponding to the authentication failure is discarded.
In one embodiment, after the first message filtering module sends the first message to the authentication server to perform authentication, the authentication server sends an authentication result message to each authentication client through a designated connection, where the authentication result message is the same as the authentication result message, and the authentication result message includes a first source MAC address, and further includes an authentication result of the authentication client corresponding to the first message or a control item corresponding to the authentication result, and the designated connection is used for transmitting the authentication result message and/or an operation result response aiming at the authentication result.
In addition, for the authentication clients that have not been authenticated, the authentication server may first send an unauthenticated message to each authentication client through a designated connection, so that each authentication client does not allow other authentication clients (or other ECUs) that have not been authenticated to access itself.
S220: and under the condition that the first message meets the second condition, the first message filtering module allows the first message to pass, wherein the second condition comprises that the control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass.
When the control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass, the authentication client corresponding to the first source MAC address is successfully authenticated, so that the ECU corresponding to the first source MAC address can be allowed to access the external network through the TBOX, and the first message can be allowed to pass.
S230: and under the condition that the first message meets a third condition, the first message filtering module discards the first message, wherein the third condition comprises that a control item corresponding to the first source MAC address in the first MAC address control list is discarded and the first message is not based on an authentication protocol, or the first source MAC address is not in the first MAC address control list.
When the control item corresponding to the first source MAC address in the first MAC address control list is discarded and the first message is not based on the authentication protocol, or the first source MAC address is not in the first MAC address control list, the ECU corresponding to the first source MAC address is an illegal ECU, and potential safety hazards exist, so that the first message filtering module can discard the first message to prevent the first message from being attacked or otherwise illegal, and further improve the security of TBOX.
Taking the first message filtering module as a first eBPF module as an example, the process of the ECU accessing the external network through the TBOX is illustrated as follows:
authentication service end in A1 and TBOX initializes first eBPF module in TBOX
After the TBOX is started, the first eBPF module is initialized first, and this module initializes a first initial MAC address control list, which includes only four fields, i.e., ecu_ name, port, MAC _addr and action, as shown in table 1, with the field values being null, ecu_name indicating the name of the ECU, port indicating the port of the ECU, mac_addr indicating the MAC address, and action indicating the control item.
TABLE 1
ecu_name port mac_addr action
null null null null
And then the authentication server on the TBOX starts to initialize, and the authentication server establishes a whole vehicle configuration information table shown in table 2 according to the whole vehicle configuration information, wherein the whole vehicle configuration information table comprises one TBOX and 2 ECUs.
TABLE 2
Figure BDA0003611873240000101
Figure BDA0003611873240000111
And the authentication server constructs a first MAC address control message piece by piece according to the whole vehicle configuration information table and sends the first MAC address control message to the first eBPF module.
The first MAC address control message of ecu_ecu1 constructed by the authentication server is shown in table 3:
TABLE 3 Table 3
ecu_name=ecu_ecu1 port=eth0 mac_addr=8A:39:11:3C:D3:64 action=drop
The first MAC address control message of ecu_ecu2 constructed by the authentication server is shown in table 4:
TABLE 4 Table 4
ecu_name=ecu_ecu2 port=eth0 mac_addr=22:2A:25:81:B7:70 action=drop
After the first eBPF module receives the first MAC address control message sent by the authentication server, the first eBPF module searches the corresponding MAC address in a first initial MAC address control list of the first eBPF module and updates the control item of the corresponding MAC address, and when the first eBPF module receives the first MAC address control messages of the ecu_ecu1 and the ecu_ecu2 respectively, the first eBPF module inserts the related information of the two MAC addresses in the first initial MAC address control list respectively, so that the first initial MAC address control list is updated to obtain a first MAC address control list, and the table 5 is specifically referred to.
TABLE 5
ecu_name port mac_addr action
ecu_ecu1 eth0 8A:39:11:3C:D3:64 drop
ecu_ecu2 eth0 22:2A:25:81:B7:70 drop
A2, the authentication client and the authentication server perform IEEE 802.1X protocol interaction to realize authentication
After the authentication clients running on the ecu_ecu1 and the ecu_ecu2 are initialized, an authentication start message is sent to the ecu_tbox immediately, an IEEE 802.1X authentication process is started, after the authentication server of the ecu_tbox receives the message, an IEEE 802.1X protocol state machine is built according to the source MAC address of the received message, and request ID messages are constructed according to an IEEE 802.1X standard protocol and are respectively sent to the ecu_ecu1 and the ecu_ecu2. Subsequent message interactions are performed in accordance with the IEEE 802.1X protocol standard entirely. Finally, according to the IEEE 802.1X protocol specification, through a series of message interactions, ecu_ecg1 and ecu_ecg2 either succeed in authentication or fail in authentication.
A3, the authentication server informs the first eBPF module to carry out corresponding processing according to the IEEE 802.1X authentication result
According to the authentication result of A2, if the authentication of the ecu_ecu1 and the ecu_ecu2 is successful, the IEEE 802.1X authentication server side issues an authentication result message to the first eBPF module, and notifies the first eBPF module to release all messages from the ecu_ecu1 and the ecu_ecu2. The authentication success messages of the ecu_ecu1 and ecu_ecu2 constructed by the authentication server may be shown in table 6 and table 7, respectively. In table 6 and table 7, the authentication result message includes a control item, and in fact, the authentication result message including the authentication result may also be directly sent.
TABLE 6
ecu_name=ecu_ecu1 port=eth0 mac_addr=8A:39:11:3C:D3:64 action=accept
TABLE 7
ecu_name=ecu_ecu2 port=eth0 mac_addr=22:2A:25:81:B7:70 action=accept
After the first eBPF module receives the authentication result message sent by the authentication server, the corresponding MAC address is searched in a first MAC address control list of the first eBPF module, control items corresponding to the MAC addresses are updated, the control items corresponding to the MAC addresses of the ecu_ecu1 and the ecu_ecu2 are modified to accept, and the finally updated first MAC address control list is shown in a table 8.
TABLE 8
ecu_name port mac_addr action
ecu_ecu1 eth0 8A:39:11:3C:D3:64 accept
ecu_ecu2 eth0 22:2A:25:81:B7:70 accept
Similarly, according to the authentication result of A2, if the authentication of ecu_ecu1 and/or ecu_ecu2 fails, the authentication server may send the authentication result message to the first eBPF module, or may not send the authentication result message, because the initial control item of the first MAC address control list is discarded.
When the reauthentication time interval arrives, the authentication server side sends reauthentication messages to the ecu_ecu1 and the ecu_ecu2, and then the ecu_ec1 and the ecu_ec2 are finally authenticated successfully or failed after a series of message interactions according to the protocol specification of IEEE 802.1X. At this time, the authentication server side sends an authentication result message to the first eBPF module again according to the authentication result. After the first eBPF module receives the message, the first MAC address control list in the message is updated.
The first eBPF module detects each received message, extracts the source MAC address, searches the first MAC address control list in the first eBPF module, controls the receiving and transmitting of the message according to the control item in the control item, and simultaneously, the control item is controlled by the authentication server and is generated according to the authentication result of the IEEE 802.1X protocol, so that the same function as message forwarding through the control port of the exchange chip is completely realized, and the aim of controlling each ECU in the vehicle to interact with an external network through TBOX according to the authentication result is fulfilled.
The embodiment of the disclosure provides a vehicle-mounted message processing method, which can deploy an authentication client in each ECU, deploy an authentication server in a TBOX, and deploy a first message filtering module in the TBOX, wherein the ECU is communicated with the TBOX through a vehicle-mounted switch, when the first message filtering module receives a first message sent by the authentication client and meets a first condition, the first message filtering module sends the first message to the authentication server for authentication, the first condition comprises that a control item corresponding to a first source MAC address in the first message in a first MAC address control list is discarded, the first message is a message based on an authentication protocol, the first MAC address control list comprises MAC addresses of all ECUs in a vehicle and control items corresponding to MAC addresses of all ECUs, and when the first message meets a second condition, the first message filtering module allows the first message to pass, and when the second condition comprises that the control item corresponding to a first source MAC address in the first MAC address control list is allowed to pass, and when the first condition is met, the first message is not discarded in the first MAC address control list, and the first message is based on the first MAC address in the first MAC address control list. It can be known that, according to the embodiment of the disclosure, the function of the authentication server can be executed through the TBOX with stronger CPU performance, so that the ethernet authentication of each ECU can be realized, the first message sent by the ECU can be filtered through the first message filtering module in the TBOX according to the first MAC address control list, and meanwhile, because the control items in the table are controlled by the authentication server and are generated according to the authentication result of the ethernet authentication protocol (such as IEEE 802.1X protocol), the function same as the message forwarding through the control port of the exchange chip is completely realized, and the aim of controlling each ECU in the vehicle to interact with the external network through the TBOX according to the authentication result is achieved.
In one embodiment, as shown in fig. 3, a second message filtering module 112 is further disposed in each ECU11 on the basis of fig. 1. Secure communications between the various ECUs may be achieved through the second message filtering module 112.
The following describes the scheme involved in the second packet filtering module:
initialization of the second message filtering module
After the ECU is started, initializing a second message filtering module, so that a second initial MAC address control list is generated in the second message filtering module, wherein the second initial MAC address control list is empty; the second message filtering module updates a second initial MAC address control list according to a second MAC address control message sent by the authentication client, and takes the updated second initial MAC address control list as a second MAC address control list, wherein the second MAC address control message comprises at least one MAC address of other ECUs and a control item for indicating discarding, and can also comprise a control item for indicating passing permission corresponding to the MAC address of TBOX and the MAC address of TBOX. And the second MAC address control message is generated according to the whole vehicle configuration information table.
The second message filtering module updates a second initial MAC address control list according to a second MAC address control message sent by the authentication client, including: the second message filtering module adds the MAC address in the second MAC address control message and the control item corresponding to the MAC address to the second initial MAC address control list. When the second message filtering module is initialized, each authentication client does not complete authentication, so that the control item corresponding to each MAC address in the second MAC address control list obtained at the beginning is discarded, and then the control item can be updated according to the authentication condition fed back by the authentication client. The second MAC address control list further includes an ECU port identifier corresponding to the MAC address.
In the process of initializing the second message filtering module, the authentication client may create a first thread, so that the first thread establishes a specified connection with a specified transmission service opened by a second thread created by the authentication server through a specified port, where the specified port includes a registered port in an unbound state or a private port in an unbound state in a TCP (Transmission Control Protocol ) port, for example, may be a private port 8888 port, and the specified transmission service includes a transmission authentication result message and/or an operation result response, where the private port is a custom port.
(II) updating second MAC address control list in second message filtering module
After the authentication client receives the authentication result message sent by the authentication server through the designated connection, under the condition that the authentication client determines that a first source MAC address in the authentication result message is not the self MAC address, a second message filtering module in an ECU to which the authentication client belongs receives the authentication result message sent by the authentication client and updates a control item corresponding to the first source MAC address in a second MAC address control list according to the authentication result message, and the authentication client sends an operation result response aiming at the authentication result to the authentication server through the designated connection, wherein the second MAC address control list comprises other MAC addresses except the self MAC address and control items corresponding to other MAC addresses, and can also comprise the MAC address of TBOX and the corresponding control item, and the operation result response comprises a control item for indicating that the second MAC address control list is successfully updated based on the authentication result message or indicates that the second MAC address control list is failed to be updated based on the authentication result message; and under the condition that the authentication client determines that the first source MAC address in the authentication result message is the self MAC address, the authentication client sends an operation success response for indicating that the second MAC address control list is successfully updated based on the authentication result message to the authentication server through the designated connection. For example, the operation result response may specifically include a response sender name, a response receiver name, an ECU name corresponding to the processed authentication result message, an ECU port identification, a MAC address, and an operation result.
The authentication result message comprises a first source MAC address, and also comprises an authentication result of the authentication client corresponding to the first message or a control item corresponding to the authentication result. When the authentication result message comprises a first source MAC address and an authentication result, the second message filtering module can update the control item corresponding to the first source MAC address in the second MAC address control list according to the corresponding relation between the authentication result and the control item; when the authentication result message includes the first source MAC address and the control item, the second message filtering module may update the control item corresponding to the first source MAC address in the second MAC address control list directly according to the control item in the authentication result message. In addition, when the authentication result message sent by the authentication server to each authentication client includes the first source MAC address and the authentication result, the authentication client may modify the received authentication result message according to the corresponding relationship between the authentication result and the control item, modify the received authentication result message to include the first source MAC address and the control item, and send the modified authentication result message to the second message filtering module, so that the second message filtering module may update the second MAC address control list directly according to the control item in the authentication result message.
(III) the second message filtering module filters the second messages sent by other ECUs
The specific implementation method for filtering the second messages sent by other ECUs by the second message filtering module in one ECU comprises the following steps: under the condition that the second message filtering module receives a second message sent by other authentication clients and meets a fourth condition, the second message filtering module allows the second message to pass, wherein the fourth condition comprises that a control item corresponding to a second source MAC address in the second message in a second MAC address control list is allowed to pass; and under the condition that the second message meets a fifth condition, the second message filtering module discards the second message, wherein the fifth condition comprises that the corresponding control item of the second source MAC address in the second MAC address control list is discarding, or that the second source MAC address is not in the second MAC address control list.
As shown in fig. 4, the following exemplifies the communication process between the ECUs by taking the first message filtering module as the first eBPF module and the second message filtering module as the second eBPF module. Wherein each ECU and TBOX includes a Linux kernel and an ethernet driver.
B1, initializing a first eBPF module and a second eBPF module
B1.1, TBOX initializes the first eBPF module, see step A1 above for examples.
B1.2, authentication server on TBOX, at initialization, a thread (hereinafter referred to as the first thread) is newly created, which listens to a designated port, e.g. 8888 port, waiting for a connection to authenticate the client, which may be referred to as a designated connection, for passing authentication result messages between TBOX and ECU. The specific contents about the designated connection are as follows:
(b1) TBOX creates a thread first thread;
(b2) TBOX establishes TCP socket;
(b3) TCP socket binds the IP address of TBOX and the appointed port;
(b4) Monitoring TCP connection in a first thread, and waiting for a connection request of an authentication client;
(b5) If a certain authentication client requests and TBOX connection, establishing corresponding appointed connection, and continuing waiting for connection requests of other authentication clients;
(b6) The established appointed connection is a long connection, namely the connection exists until the authentication client actively exits, and the connection continuously processes the interaction message of the authentication client and the authentication server;
(b7) When the TBOX receives a first message from the ECU on a certain appointed connection, the first message is processed;
(b8) When the authentication server needs to send an authentication result message to the ECU, the authentication result message is sent to the authentication client through the designated connection.
B1.3, initializing a second eBPF module
After the authentication clients for ecu_ecu1 and ecu_ecu2 are started, the second eBPF module is initialized first, and this module initializes a first initial MAC address control list, which is the same as table 1.
And then, respectively starting initialization of the authentication clients running on the ecu_ecu1 and the ecu_ecu2, and respectively establishing a whole vehicle configuration information table shown in the table 2 according to the whole vehicle configuration information by the authentication clients or directly receiving the whole vehicle configuration information table sent by the TBOX.
And the authentication clients on the ecu_ecu1 and the ecu_ecu2 construct a second MAC address control message piece by piece according to the whole vehicle configuration information table, and send the second MAC address control message to a second eBPF module on the second MAC address control message.
The authentication client of ecu_ecu1 will construct the second MAC address control messages of ecu_tbox and ecu_ecu2 as shown in table 9 to control the behavior of ecu_tbox and ecu_ecu2 into ecu_ecu1, and since ecu_tbox includes the authentication server, report Wen Mo of ecu_tbox approves that ecu_ec1 can be entered.
TABLE 9
ecu_name=ecu_tbox port=eth0 mac_addr=D2:F3:53:13:F1:FC action=accept
ecu_name=ecu_ecu2 port=eth0 mac_addr=22:2A:25:81:B7:70 action=drop
The authentication client of ecu_ecu2 will construct the second MAC address control messages of ecu_tbox and ecu_ecu1 as shown in table 10 to control the behavior of ecu_tbox and ecu_ecu1 into ecu_ecu2, and since ecu_tbox includes the authentication server, report Wen Mo of ecu_tbox recognizes that ecu_ec2 can be entered.
Table 10
ecu_name=ecu_tbox port=eth0 mac_addr=D2:F3:53:13:F1:FC action=accept
ecu_name=ecu_ecu1 port=eth0 mac_addr=8A:39:11:3C:D3:64 action=drop
After receiving the second MAC address control message sent by the authentication client, the second eBPF modules on each of the ecu_ecc1 and ecu_ecc2 find the corresponding MAC address in the second initial MAC address control list of each of the second eBPF modules, and update the control item of the corresponding MAC address. The second MAC address control lists obtained by ecu_ecu1 and ecu_ecu2 are shown in tables 11 and 12, respectively.
TABLE 11
ecu_name port mac_addr action
ecu_tbox eth0 D2:F3:53:13:F1:FC accept
ecu_ecu2 eth0 22:2A:25:81:B7:70 drop
Table 12
ecu_name port mac_addr action
ecu_tbox eth0 D2:F3:53:13:F1:FC accept
ecu_ecu1 eth0 8A:39:11:3C:D3:64 drop
B1.4, ecu_ec1 and ecu_ec2, each create a thread (hereinafter referred to as a second thread) at initialization, and attempt to connect to a designated port listening on ecu_tbox, establish a designated connection with ecu_tbox, which is used to pass authentication result messages between ecu_ec1 and ecu_tbox, and between ecu_ec2 and ecu_tbox, respectively. The specific contents about the designated connection are as follows: the ECU establishes a second thread, establishes a TCP socket, connects the IP address of the TBOX and the designated port, tries to read data from the designated connection after the designated connection is established, processes the authentication result message after the ECU receives the authentication result message from the TBOX, and then sends the processing result of the authentication result message to the TBOX through the designated connection.
B2, the authentication client and the authentication server perform IEEE 802.1X protocol interaction to realize authentication
After initialization of the ecu_ec1 and the ecu_ec2, and after establishment of the designated connection between the authentication client of the ecu_ec1 and the ecu_ec2 and the service end of the ecu_tbox, the authentication client of the ecu_ec1 and the ecu_ec2 immediately sends out a start authentication message, and after receiving the start authentication message, the authentication service end of the ecu_tbox establishes an IEEE 802.1X protocol state machine according to the source MAC address of the start authentication message, constructs a request ID message according to the IEEE 802.1X standard protocol, and sends the request ID message to the ecu_ec1 and the ecu_ec2 respectively. Subsequent message interactions are performed in accordance with the IEEE 802.1X protocol standard entirely. Finally, according to the IEEE 802.1X protocol specification, through a series of message interactions, ecu_ecg1 and ecu_ecg2 either succeed in authentication or fail in authentication.
B3, the authentication server sends the IEEE 802.1X authentication result to each authentication client
Through the message interaction of B2, the IEEE 802.1X authentication results of the ecu_ecu1 and the ecu_ecu2 can be finally obtained. At this time, the authentication server of the ecu_tbox respectively connects the authentication results through the appointed connection, respectively assembles the authentication results of ecu_ec1 and ecu_ec2 into an authentication result message, and sends out the authentication result message through the appointed connection. When one ECU has been authenticated, the TBOX will send the authentication result to all ECUs, in this example two ECUs, so two authentication result messages need to be sent (here, it is assumed that both ecu_ecu1 and ecu_ecu2 authenticate successfully). The authentication result messages are shown below (dst indicates the receiver, src indicates the sender), and the authentication result messages sent by the ecu_tbox to the ecu_ec1 are shown in tables 13 and 14, respectively.
TABLE 13
dst src ecu_name port mac_addr auth_state
ecu_ecu1 ecu_tbox ecu_ecu1 eth0 8A:39:11:3C:D3:64 authenticated
TABLE 14
dst src ecu_name port mac_addr auth_state
ecu_ecu1 ecu_tbox ecu_ecu2 eth0 22:2A:25:81:B7:70 authenticated
The authentication result messages sent by the ecu_tbox to the ecu_ec2 are shown in tables 15 and 16, respectively.
TABLE 15
dst src ecu_name port mac_addr auth_state
ecu_ecu2 ecu_tbox ecu_ecu1 eth0 8A:39:11:3C:D3:64 authenticated
Table 16
dst src ecu_name port mac_addr auth_state
ecu_ecu2 ecu_tbox ecu_ecu2 eth0 22:2A:25:81:B7:70 authenticated
And B4, informing the corresponding eBPF module to perform corresponding processing according to the authentication result message by the authentication client and the authentication server:
and B4.1, the authentication server informs the first eBPF module to carry out corresponding processing according to the IEEE 802.1X authentication result, and the step A3 can be referred to.
After receiving the authentication result messages of ecu_ec1 and ecu_ec2 sent by the ecu_tbox, the authentication client of ecu_ec1 may send the authentication result message to the second eBPF module in ecu_ec1. Since the ecu_ecu1 does not need to control itself, there is no need to construct an authentication result message of ecu_ecu1, and only the second eBPF module on which the authentication result message of ecu_ecu2 is transmitted and sent needs to be constructed, as shown in table 17. Because the A3 takes the authentication result message including the control item as an example, the authentication client of ecu_ecu1 may directly send the authentication result message to the second eBPF module in ecu_ecu1 after receiving the authentication result message, so that the second eBPF module in ecu_ecu1 is the message shown in table 17. When the authentication result message includes the authentication result and does not include the control item, after the authentication client of ecu_ecu1 receives the authentication result message, the received authentication result message needs to be modified according to the corresponding relation between the authentication result and the control item to obtain the authentication result message including the control item, so that the second eBPF module in ecu_ecu1 can be enabled to be a message as shown in table 17.
TABLE 17
ecu_name=ecu_ecu2 port=eth0 mac_addr=22:2A:25:81:B7:70 action=accept
The second eBPF module of ecu_ecu1 updates the second MAC address control list according to the authentication result message, and the final second MAC address control list is shown in table 18.
TABLE 18
ecu_name port mac_addr action
ecu_tbox eth0 D2:F3:53:13:F1:FC accept
ecu_ecu2 eth0 22:2A:25:81:B7:70 accept
B4.3, ecu_ecu1 feeds back the processing result of the second eBPF module to ecu_tbox, respectively.
The authentication client in ecu_ecu1 encapsulates the operation result response according to the operation result for the authentication result message fed back by the second eBPF module in ecu_ecu1 and sends the operation result response to ecu_tbox, and since ecu_ecu1 does not need to control itself, the operation result response for ecu_ecu1 and ecu_ecu2 may include success, see tables 19 and 20 specifically.
TABLE 19
dst src ecu_name port mac_addr op_status
ecu_tbox ecu_ecu1 ecu_ecu1 eth0 8A:39:11:3C:D3:64 success
Table 20
dst src ecu_name port mac_addr op_status
ecu_tbox ecu_ecu1 ecu_ecu2 eth0 22:2A:25:81:B7:70 success
And after receiving the operation result response, the B4.4 and the ecu_tbox record that the operation result of the ecu_ec1 on the authentication record is a success mark, and no authentication result messages of the ecu_ec1 and the ecu_ec2 are sent to the ecu_ec1. If a certain record operation is unsuccessful, the ecu_tbox will try to send the authentication result message again to ecu_ec1.
For example, if the result of the operation of ecu_ecu1 to return ecu_ecu2 is failure (as shown in table 21), then after the result of the operation is recorded by ecu_tbox, an authentication result message of ecu_ecu2 is sent again to ecu_ecu1.
Table 21
dst src ecu_name port mac_addr op_status
ecu_tbox ecu_ecu1 ecu_ecu2 eth0 22:2A:25:81:B7:70 failure
The ecu_tbox receives the failure message of the ecu_ec1 to the authentication result operation of ecu_ec2, which indicates that the authentication result of ecu_ec2 is not valid on ecu_ec1, and then the ecu_tbox needs to send the authentication result message of ecu_ec2 to ecu_ec1 again. The ecu_tbox sends the authentication result message of ecu_ec2 to ecu_ec1 again. This process loops until the operation is successful.
The processing flows of B4.5 and ecu_ecu2 are the same as those of ecu_ecu1, and will not be described in detail here.
In summary, in the above steps, finally, between the in-vehicle network ecu_ecu1 and ecu_ecu2, between ecu_ecu1 and ecu_tbox, and between ecu_ecu2 and ecu_tbox, according to the authentication result of IEEE 802.1X, an in-vehicle access control network with a mesh structure is established, and the control logic of the network is dynamically changed according to the authentication result of IEEE 802.1X, so as to achieve the purpose of controlling all messages in the in-vehicle network to be mutually received and transmitted according to the authentication result of IEEE 802.1X.
Based on the above method embodiments, as shown in fig. 1 and 2, another embodiment of the present disclosure provides a vehicle-mounted message processing system, where the system includes a plurality of electronic control units ECU11, a telematics processor TBOX12, and a vehicle-mounted switch 13, where the vehicle-mounted switch 13 is configured to transmit a communication message between the ECU11 and the TBOX12, and an authentication client 111 is disposed in each ECU11, and an authentication server 121 and a first message filtering module 122 are disposed in the TBOX 12;
the first message filtering module 122 is configured to send a first message sent by the authentication client 111 to the authentication server 121 for authentication if the first message meets a first condition, where the first condition includes that a control item corresponding to a first source media access control MAC address in the first message in a first MAC address control list is discarded, and the first message is a message based on an authentication protocol, and the first MAC address control list includes MAC addresses of each ECU11 in a vehicle and the control item corresponding to the MAC address of each ECU 11;
The first packet filtering module 122 is further configured to allow the first packet to pass if the first packet meets a second condition, where the second condition includes that the control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass;
the first packet filtering module 122 is further configured to discard the first packet if the first packet meets a third condition, where the third condition includes that the control item corresponding to the first source MAC address in the first MAC address control list is discarded and the first packet is not based on the authentication protocol, or that the first source MAC address is not in the first MAC address control list.
In one embodiment, the first packet filtering module 122 is further configured to receive an authentication result packet sent by the authentication server 121, where the authentication result packet includes the first source MAC address, and the authentication result packet further includes an authentication result of the authentication client 111 corresponding to the first packet or a control item corresponding to the authentication result; and when the authentication result in the authentication result message is that authentication is successful or the control item is allowed to pass, the first message filtering module 122 updates the control item corresponding to the first source MAC address in the first MAC address control list to be allowed to pass.
In one embodiment, the TBOX12 is configured to initialize the first packet filtering module 122 after the TBOX12 is started, so that the first packet filtering module 122 generates a first initial MAC address control list, where the first initial MAC address control list is empty;
the first message filtering module 122 is further configured to update the first initial MAC address control list according to a first MAC address control message sent by the authentication server, and use the updated first initial MAC address control list as the first MAC address control list, where the first MAC address control message includes the MAC address of at least one ECU11 and the control item for indicating discarding, and the first MAC address control message is generated according to a whole vehicle configuration information table, where the whole vehicle configuration information table includes the MAC addresses of the ECUs 11 in the vehicle.
In one embodiment, the authentication server 121 is configured to send the authentication result message to each of the authentication clients 111 through a designated connection after the first message filtering module 122 sends the first message to the authentication server 121 for authentication.
In one embodiment, a second message filtering module 112 is further disposed in each ECU 11;
the second message filtering module 112 is configured to receive the authentication result message sent by the authentication client 111 when the authentication client 111 determines that the first source MAC address in the authentication result message is not the own MAC address, and update the control item corresponding to the first source MAC address in a second MAC address control list according to the authentication result message, where the authentication client 111 sends an operation result response for the authentication result to the authentication server 121 through the designated connection, and the second MAC address control list includes other MAC addresses except the own MAC address and the control items corresponding to the other MAC addresses, and the operation result response includes a control item for indicating that updating of the second MAC address control list based on the authentication result message is successful, or indicates that updating of the second MAC address control list based on the authentication result message fails;
the authentication client 111 is configured to send, to the authentication server 121 through the designated connection, an operation success response indicating success of updating the second MAC address control list based on the authentication result message, in a case where the authentication client 111 determines that the first source MAC address in the authentication result message is a self MAC address.
In one embodiment, the in-vehicle switch 13 is further configured to transmit a communication message between each of the ECUs 11;
the second packet filtering module 112 is further configured to allow the second packet to pass when receiving second packets sent by other authentication clients 111 that satisfy a fourth condition, where the fourth condition includes that the control item corresponding to a second source MAC address in the second packet in the second MAC address control list is allowed to pass; and discarding the second message under the condition that the second message meets a fifth condition, wherein the fifth condition comprises that the control item corresponding to the second source MAC address in the second MAC address control list is discarded, or that the second source MAC address is not in the second MAC address control list.
In one embodiment, the ECU11 is configured to initialize the second packet filtering module 112 after the ECU11 is started, so that a second initial MAC address control list is generated in the second packet filtering module 112, where the second initial MAC address control list is empty;
the second message filtering module 112 is configured to update the second initial MAC address control list according to a second MAC address control message sent by the authentication client 111 device, and take the updated second initial MAC address control list as the second MAC address control list, where the second MAC address control message includes at least one MAC address of the other ECU11 and the control item for indicating discarding, and the second MAC address control message is generated according to the whole vehicle configuration information table.
In one embodiment, the authentication client 111 is configured to, before the server 121 sends an authentication result packet to each of the authentication clients 111 through a designated connection, establish the designated connection by using a first thread created by the authentication client 111 and a designated transport service opened by a second thread created by the authentication server 121 through a designated port, where the designated port includes a registered port in an unbound state or a private port in an unbound state in a TCP port of a transport control protocol, and the designated transport service includes transmitting the authentication result packet and/or the operation result response.
In one embodiment, the first MAC address control list and/or the second MAC address control list further include an ECU port identifier corresponding to the MAC address.
The embodiment of the disclosure provides a vehicle-mounted message processing system, which can deploy an authentication client in each ECU, deploy an authentication server in a TBOX, and deploy a first message filtering module in the TBOX, wherein the ECU is communicated with the TBOX through a vehicle-mounted switch, when the first message filtering module receives a first message sent by the authentication client and meets a first condition, the first message filtering module sends the first message to the authentication server for authentication, the first condition comprises that a control item corresponding to a first source MAC address in the first message in a first MAC address control list is discarded, the first message is a message based on an authentication protocol, the first MAC address control list comprises MAC addresses of all ECUs in a vehicle and control items corresponding to MAC addresses of all ECUs, and when the first message meets a second condition, the first message filtering module allows the first message to pass, and when the second condition comprises that the control item corresponding to a first source MAC address in the first MAC address control list is allowed to pass, and when the first condition is met, the first message is not discarded in the first MAC address control list, and the first message is based on the first MAC address in the first MAC address control list. It can be known that, according to the embodiment of the disclosure, the function of the authentication server can be executed through the TBOX with stronger CPU performance, so that the ethernet authentication of each ECU can be realized, the first message sent by the ECU can be filtered through the first message filtering module in the TBOX according to the first MAC address control list, and meanwhile, because the control items in the table are controlled by the authentication server and are generated according to the authentication result of the ethernet authentication protocol (such as IEEE 802.1X protocol), the function same as the message forwarding through the control port of the exchange chip is completely realized, and the aim of controlling each ECU in the vehicle to interact with the external network through the TBOX according to the authentication result is achieved. In addition, the ECUs can also communicate through the vehicle-mounted switch, and the second message filtering module is deployed in each ECU, so that the second message filtering module filters second messages sent by other ECUs according to the second MAC address control list. Finally, a network access control network in the vehicle is established between each ECU in the network in the vehicle and between the ECU and the TBOX according to the authentication result of the Ethernet authentication protocol, and the control logic of the network is dynamically changed according to the authentication result of the Ethernet authentication protocol, so that the aim of controlling all messages in the vehicle to mutually receive and transmit according to the authentication result of the Ethernet authentication protocol is fulfilled.
Based on the above method embodiments, another embodiment of the present disclosure provides a storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to implement the method of any of the method embodiments described above.
Based on the above method embodiments, another embodiment of the present disclosure provides a vehicle, which includes the vehicle-mounted message processing system according to any one of the above method embodiments.
The system and device embodiments correspond to the method embodiments, and have the same technical effects as the method embodiments, and specific description refers to the method embodiments. The apparatus embodiments are based on the method embodiments, and specific descriptions may be referred to in the method embodiment section, which is not repeated herein. Those of ordinary skill in the art will appreciate that: the figures are schematic representations of one embodiment only and the modules or flows in the figures are not necessarily required to practice the present disclosure.
Those of ordinary skill in the art will appreciate that: the modules in the apparatus of the embodiments may be distributed in the apparatus of the embodiments according to the description of the embodiments, or may be located in one or more apparatuses different from the present embodiments with corresponding changes. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
Finally, it should be noted that: the above embodiments are merely for illustrating the technical solution of the present disclosure, and are not limiting thereof; although the present disclosure has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims (10)

1. The method is applied to a vehicle-mounted message processing system, the system comprises a plurality of Electronic Control Units (ECU), a remote information processor (TBOX) and a vehicle-mounted switch, the vehicle-mounted switch is used for transmitting communication messages between the ECU and the TBOX, an authentication client is deployed in each ECU, and an authentication server and a first message filtering module are deployed in the TBOX, and the method comprises the following steps:
when the first message filtering module receives that a first message sent by the authentication client meets a first condition, the first message filtering module sends the first message to the authentication server for authentication, wherein the first condition comprises that a control item corresponding to a first source Media Access Control (MAC) address in the first message in a first MAC address control list is discarded, and the first message is based on an authentication protocol, and the first MAC address control list comprises MAC addresses of all ECUs in a vehicle and the control item corresponding to the MAC address of each ECU;
Under the condition that the first message meets a second condition, the first message filtering module allows the first message to pass, wherein the second condition comprises that the control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass;
and under the condition that the first message meets a third condition, the first message filtering module discards the first message, wherein the third condition comprises that the control item corresponding to the first source MAC address in the first MAC address control list is discarded and the first message is not based on the authentication protocol, or the first source MAC address is not in the first MAC address control list.
2. The method of claim 1, wherein after the first message filtering module sends the first message to the authentication server for authentication, the method further comprises:
the first message filtering module receives an authentication result message sent by the authentication server, wherein the authentication result message comprises the first source MAC address, and the authentication result message also comprises an authentication result of the authentication client corresponding to the first message or a control item corresponding to the authentication result;
And under the condition that the authentication result in the authentication result message is authentication success or the control item is allowed to pass, the first message filtering module updates the control item corresponding to the first source MAC address in the first MAC address control list to be allowed to pass.
3. The method according to claim 1, wherein the method further comprises:
after the TBOX is started, initializing the first message filtering module by the TBOX, so that the first message filtering module generates a first initial MAC address control list, wherein the first initial MAC address control list is empty;
the first message filtering module updates the first initial MAC address control list according to a first MAC address control message sent by the authentication server, and takes the updated first initial MAC address control list as the first MAC address control list, wherein the first MAC address control message comprises at least one MAC address of the ECU and the control item for indicating discarding, the first MAC address control message is generated according to a whole vehicle configuration information table, and the whole vehicle configuration information table comprises the MAC addresses of the ECUs in the vehicle.
4. The method of claim 2, wherein after the first message filtering module sends the first message to the authentication server for authentication, the method further comprises:
and the authentication server sends the authentication result message to each authentication client through the appointed connection.
5. The method of claim 4, wherein each ECU further has a second message filtering module disposed therein, the method further comprising:
when the authentication client determines that the first source MAC address in the authentication result message is not the own MAC address, the second message filtering module in the ECU to which the authentication client belongs receives the authentication result message sent by the authentication client, and updates the control item corresponding to the first source MAC address in a second MAC address control list according to the authentication result message, where the authentication client sends an operation result response for the authentication result to the authentication server through the designated connection, and the second MAC address control list includes other MAC addresses except the own MAC address and the control items corresponding to the other MAC addresses, and the operation result response includes a control item for indicating that updating of the second MAC address control list based on the authentication result message is successful, or for indicating that updating of the second MAC address control list based on the authentication result message fails;
And under the condition that the authentication client determines that the first source MAC address in the authentication result message is the self MAC address, the authentication client sends an operation success response for indicating that the second MAC address control list is successfully updated based on the authentication result message to the authentication server through the designated connection.
6. The method of claim 5, wherein the on-board switch is further configured to transmit communication messages between each of the ECUs, the method further comprising:
when the second message filtering module receives that the second messages sent by other authentication clients meet a fourth condition, the second message filtering module allows the second messages to pass, wherein the fourth condition includes that the control item corresponding to a second source MAC address in the second messages in the second MAC address control list is allowed to pass;
and under the condition that the second message meets a fifth condition, discarding the second message by the second message filtering module, wherein the fifth condition comprises that the control item corresponding to the second source MAC address in the second MAC address control list is discarded, or that the second source MAC address is not in the second MAC address control list.
7. The method of claim 5, wherein the method further comprises:
after the ECU is started, initializing the second message filtering module by the ECU, so that a second initial MAC address control list is generated in the second message filtering module, wherein the second initial MAC address control list is empty;
the second message filtering module updates the second initial MAC address control list according to a second MAC address control message sent by the authentication client, and takes the updated second initial MAC address control list as the second MAC address control list, where the second MAC address control message includes at least one MAC address of the other ECU and the control item for indicating discarding, and the second MAC address control message is generated according to the whole vehicle configuration information table.
8. The method according to any of claims 4-7, wherein before the authentication server sends the authentication result messages to the respective authentication clients via a designated connection, the method further comprises:
the first thread created by the authentication client establishes the appointed connection with an appointed transmission service opened by a second thread created by the authentication server through an appointed port, wherein the appointed port comprises a registered port in an unbound state or a private port in an unbound state in a Transmission Control Protocol (TCP) port, and the appointed transmission service comprises a transmission authentication result message and/or the operation result response.
9. The method according to any of claims 5-7, wherein the first MAC address control list and/or the second MAC address control list further comprises an ECU port identification to which the MAC address corresponds.
10. The vehicle-mounted message processing system is characterized by comprising a plurality of Electronic Control Units (ECU), a remote information processor (TBOX) and a vehicle-mounted switch, wherein the vehicle-mounted switch is used for transmitting communication messages between the ECU and the TBOX, an authentication client is deployed in each ECU, and an authentication server and a first message filtering module are deployed in the TBOX;
the first message filtering module is configured to send a first message sent by the authentication client to the authentication server for authentication when the first message received meets a first condition, where the first condition includes that a control item corresponding to a first source media access control MAC address in the first message in a first MAC address control list is discarded, and the first message is a message based on an authentication protocol, and the first MAC address control list includes MAC addresses of each ECU in a vehicle and the control item corresponding to the MAC address of each ECU;
The first message filtering module is further configured to allow the first message to pass when the first message meets a second condition, where the second condition includes that the control item corresponding to the first source MAC address in the first MAC address control list is allowed to pass;
the first packet filtering module is further configured to discard the first packet when the first packet meets a third condition, where the third condition includes that the control item corresponding to the first source MAC address in the first MAC address control list is discarded and the first packet is not a packet based on the authentication protocol, or that the first source MAC address is not in the first MAC address control list.
CN202210433338.0A 2022-04-24 2022-04-24 Vehicle-mounted message processing method and system Active CN114884706B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210433338.0A CN114884706B (en) 2022-04-24 2022-04-24 Vehicle-mounted message processing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210433338.0A CN114884706B (en) 2022-04-24 2022-04-24 Vehicle-mounted message processing method and system

Publications (2)

Publication Number Publication Date
CN114884706A CN114884706A (en) 2022-08-09
CN114884706B true CN114884706B (en) 2023-06-16

Family

ID=82672122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210433338.0A Active CN114884706B (en) 2022-04-24 2022-04-24 Vehicle-mounted message processing method and system

Country Status (1)

Country Link
CN (1) CN114884706B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878303A (en) * 2017-02-15 2017-06-20 北京航空航天大学 A kind of vehicle-mounted T Box Information Security Defending Systems and method for teleinstruction
CN110741604A (en) * 2017-06-23 2020-01-31 住友电气工业株式会社 In-vehicle communication device, communication control method, and communication control program
CN114338234A (en) * 2022-02-28 2022-04-12 北京经纬恒润科技股份有限公司 Method and device for processing message

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017174111A (en) * 2016-03-23 2017-09-28 株式会社東芝 On-vehicle gateway device, accumulation control method, and program
CN114640995A (en) * 2019-06-28 2022-06-17 华为技术有限公司 Authentication method, equipment and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106878303A (en) * 2017-02-15 2017-06-20 北京航空航天大学 A kind of vehicle-mounted T Box Information Security Defending Systems and method for teleinstruction
CN110741604A (en) * 2017-06-23 2020-01-31 住友电气工业株式会社 In-vehicle communication device, communication control method, and communication control program
CN114338234A (en) * 2022-02-28 2022-04-12 北京经纬恒润科技股份有限公司 Method and device for processing message

Also Published As

Publication number Publication date
CN114884706A (en) 2022-08-09

Similar Documents

Publication Publication Date Title
CN105009546B (en) Information processor and information processing method
CN107864207B (en) ECU software upgrading method based on vehicle-mounted Ethernet
EP3259928B1 (en) Establishing and managing identities for constrained devices
CN103621028B (en) Control computer system, controller and the method for network access policies
US10298600B2 (en) Method, apparatus, and system for cooperative defense on network
JP6674007B1 (en) In-vehicle communication device, communication control method, and communication control program
CN101232509A (en) Equipment, system and method for supporting insulation mode network access control
US10110599B2 (en) Motor vehicle communication network with switch device
CN111385180B (en) Communication tunnel construction method, device, equipment and medium
CN101554016B (en) Apparatus and methods for supporting 802.1X in daisy chained devices
US20120054830A1 (en) Network Relay Device and Relay Control Method of Received Frames
US11038912B2 (en) Method of selecting the most secure communication path
TWI315139B (en)
Kwon et al. Mitigation mechanism against in-vehicle network intrusion by reconfiguring ECU and disabling attack packet
CN109391523A (en) Method for monitoring the traffic between the network members in network
CN107888711B (en) Cross-network-segment equipment searching and communication method
CN114884706B (en) Vehicle-mounted message processing method and system
JP2024041799A (en) In-vehicle information processing device, information processing method, and server program
US9130940B2 (en) Network system
CN108259420B (en) Message processing method and device
JP2017130756A (en) Relay device
US20220355750A1 (en) Relay device, in-vehicle communication system, in-vehicle communication method, and storage medium
CN110535867B (en) Server safety device and method and server
JP7158826B2 (en) COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL SYSTEM AND COMMUNICATION CONTROL METHOD
CN113271283B (en) Message access method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant