CN116506282A - Method and system for realizing OPENSTACK NAT session log - Google Patents
Method and system for realizing OPENSTACK NAT session log Download PDFInfo
- Publication number
- CN116506282A CN116506282A CN202310220487.3A CN202310220487A CN116506282A CN 116506282 A CN116506282 A CN 116506282A CN 202310220487 A CN202310220487 A CN 202310220487A CN 116506282 A CN116506282 A CN 116506282A
- Authority
- CN
- China
- Prior art keywords
- nat
- session log
- nat session
- user mode
- openstack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000013519 translation Methods 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 12
- 238000013461 design Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 206010047289 Ventricular extrasystoles Diseases 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000005129 volume perturbation calorimetry Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000011835 investigation Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a method and a system for realizing OPENSTACK NAT session log, which relates to the technical field of communication and is applied to an OPENSTACK NAT session log system, wherein the OPENSTACK NAT session log system comprises a kernel part and a user mode program, the kernel part is connected with the user mode program, and the method comprises the following steps: the kernel part converts the NAT address and generates an NAT session log; the kernel part sends the NAT session log to the user mode program; and the user mode program stores the NAT session log into a corresponding database. So that OPENSTACK can record NAT session log while realizing NAT function, and is convenient for IP tracing to check and locate network security event.
Description
Technical Field
Relates to the technical field of communication, in particular to a method, a system and electronic equipment for realizing OPENSTACK NAT session log.
Background
The NETWORK base of many CLOUD hosts/CLOUD computer NETWORK products in the market is based on OPENSTACK or is secondarily modified based on OPENSTACK, a plurality of CLOUD computers of the same (VIRTUAL PRIVATE CLOUD, VPC) generally convert an intranet ADDRESS into the same public NETWORK IP through a (NETWORK ADDRESS TRANSLATION, NAT) function to go out of the Internet (different VPCs can have different public NETWORK IP), however, a native OPENSTACK NAT gateway does not have a NAT session log function, and if a NETWORK security event occurs, the IP tracing, positioning and investigation are inconvenient.
Disclosure of Invention
The embodiment of the invention provides a method, a system and electronic equipment for realizing an OPENSTACK NAT session log, which enable the OPENSTACK to record the NAT session log while realizing the NAT function, and facilitate IP tracing to check and locate network security events.
In order to achieve the above purpose, the invention adopts the following technical scheme:
in a first aspect, a method for implementing an OPENSTACK NAT session log is provided, and is applied to an OPENSTACK NAT session log system, where the OPENSTACK NAT session log system includes a kernel portion and a user mode program, and the kernel portion is connected to the user mode program, and the method includes: the kernel part converts the NAT address and generates an NAT session log; the kernel part sends the NAT session log to the user mode program; and the user mode program stores the NAT session log into a corresponding database.
With reference to the first aspect, in one possible design, the kernel part translates the NAT address and generates a NAT session log, including: the kernel part creates NAT gateway; translating an NAT address based on the NAT gateway; and generating NAT session logs based on the network namespaces corresponding to the NAT gateways.
With reference to the first aspect, in one possible design, the translating NAT addresses based on the NAT gateway includes: and converting the IP address based on the NAT rule stored in the NAT gateway, wherein the IP address is a target IP address corresponding to the converted NAT address.
With reference to the first aspect, in one possible design, before the kernel part sends the NAT session log to the user mode program, the method further includes: identifying the network FLOW and recording five-tuple information corresponding to the network FLOW at the moment; if the network FLOW passes through the conversion NAT address, updating quintuple information corresponding to the network FLOW as second quintuple information; and updating the NAT session log based on the second quintuple information.
With reference to the first aspect, in one possible implementation manner, after updating the NAT session log based on the second quintuple information, the method further includes: if the network FLOW meets the specified condition, adding a specified identifier to the second quintuple information; and updating the NAT session log again based on the second quintuple information that added the specified identifier.
With reference to the first aspect, in one possible scenario involved, the specified condition includes a normal end or timeout of the network FLOW.
With reference to the first aspect, in one possible design, the storing, by the user mode program, the NAT session log into a corresponding database includes: the user mode program monitors the NAT session log based on a pre-established NETLINK SOCKET; and if the NAT session log sent by the kernel part is obtained, storing the NAT session log into a corresponding database.
With reference to the first aspect, in one possible design, the kernel part is connected with the user mode program through a NETLINK message.
In a second aspect, a system for implementing an OPENSTACK NAT session log is provided, and is applied to an OPENSTACK NAT session log system, where the OPENSTACK NAT session log system includes a kernel portion and a user mode program, and the kernel portion is connected to the user mode program, and the system includes: the translation and generation unit is used for translating the NAT address based on the kernel part and generating an NAT session log; a sending unit, configured to send the NAT session log to the user mode program based on the kernel portion; and the storage unit is used for storing the NAT session log into a corresponding database based on the user mode program.
In a third aspect, an embodiment of the present invention provides an electronic device. Comprising the following steps: one or more processors; a memory; one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the method of the first aspect.
According to the method for realizing the OPENSTACK NAT session log, the OPENSTACK can record the NAT session log while realizing the NAT function, and IP tracing is convenient to check and locate network security events.
Drawings
FIG. 1 is a schematic diagram of a prior art NAT translation process;
FIG. 2 illustrates a method for implementing OPENSTACK NAT session logs provided by an embodiment of the application;
FIG. 3 is a block diagram illustrating a method for implementing OPENSTACK NAT session log according to an embodiment of the application;
FIG. 4 illustrates a system for implementing OPENSTACK NAT session logs provided by embodiments of the present application;
fig. 5 shows a block diagram of an electronic device according to an embodiment of the present application.
Description of the drawings: a system-400 for implementing OPENSTACK NAT session logs; -an electronic device-2000; processor-2001; memory-2002.
Detailed Description
The technical scheme of the invention is described below with reference to the accompanying drawings.
In embodiments of the invention, words such as "exemplary," "such as" and the like are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term use of an example is intended to present concepts in a concrete fashion. Furthermore, in embodiments of the present invention, the meaning of "and/or" may be that of both, or may be that of either, optionally one of both.
In the embodiments of the present invention, "image" and "picture" may be sometimes used in combination, and it should be noted that the meaning of the expression is consistent when the distinction is not emphasized. "OF", "CORRESPONDING (CORRESPONDING, RELEVANT)" and "CORRESPONDING (coresponding)" may sometimes be used in combination, and it should be noted that the meaning OF the expression is consistent when the distinction is not emphasized.
In the embodiment of the invention, sometimes the subscript is W 1 May be misidentified as a non-subscripted form such as W1, the meaning it is intended to express being consistent when de-emphasizing the distinction.
Referring to fig. 1, fig. 1 is a schematic diagram of a NAT translation flow in the prior art. The network base of many cloud hosts/cloud computer network products in the market is based on OPENSTACK or is secondarily modified based on OPENSTACK, a plurality of cloud computers of the same VPC generally convert an intranet address into the same public network IP to go out and internet through NAT function, however, a native OPENSTACK NAT gateway does not have NAT session log function, and if a network security event occurs, the IP tracing, positioning and investigation are inconvenient.
The OPENSTACK cloud platform NAT gateway is a soft NAT gateway, namely, the NAT function is realized by software on a deployed server. This is supported by the native OPENSTACK default. The OPENSTACK cloud platform is typically deployed on LINUX class servers where it is easy to implement NAT (e.g., via IPTABLES NAT functionality).
Aiming at the problem that the original OPENSTACK NAT gateway does not have the NAT session log function, no effective solution is proposed at present. The method for realizing OPENSTACK NAT session log is used for solving or partially solving the problem.
Referring to fig. 2, fig. 2 shows a method for implementing an OPENSTACK NAT session log according to an embodiment of the present application, which specifically includes steps S110 to S130.
Step S110: the kernel portion translates the NAT address and generates NAT session logs.
Step S120: the kernel part sends the NAT session log to the user mode program.
Step S130: and the user mode program stores the NAT session log into a corresponding database.
In some embodiments, the method for implementing the OPENSTACK NAT session log can be applied to an OPENSTACK NAT session log system, wherein the OPENSTACK NAT session log system comprises a kernel part and a user mode program, and the kernel part is connected with the user mode program.
For some embodiments, referring to fig. 3, fig. 3 shows a block diagram of a method for implementing an OPENSTACK NAT session log according to an embodiment of the present application. The kernel part is connected with the user mode program through a NETLINK message, which is a protocol for the kernel part to communicate with the user mode program.
The kernel part may be responsible for NAT address translation and generation of NAT session logs, and send NAT session logs to the user mode program via NETLINK message. When OPENSTACK creates NAT gateway, a program is started in corresponding network name space, a NETLINK SOCKET is established for monitoring and receiving information, and NAT session log is written into corresponding database for subsequent searching.
Specifically, when executing step S110, the method may further include: the kernel part creates NAT gateway; translating an NAT address based on the NAT gateway; and generating NAT session logs based on the network namespaces corresponding to the NAT gateways.
The NAT gateway may be created for the neutral network component of OPENSTACK. The NAT gateway is actually a NETWORK NAMASPACE network namespace (which can be understood as a container in which specific NAT rules translate IP addresses); each NAT gateway has a network namespace; each network naming will start a program APP for accepting and warehousing NAT session logs.
Thus, NAT gateways can be created; translating an NAT address based on the NAT gateway; and generating NAT session logs based on the network namespaces corresponding to the NAT gateways.
Optionally, when performing the NAT address translation based on the NAT gateway, the method may further include: and converting the IP address based on the NAT rule stored in the NAT gateway, wherein the IP address is a target IP address corresponding to the converted NAT address.
The NAT rule stored in the NAT gateway may be a NAT rule stored in advance in the NETWORK NAMASPACE network namespace.
In some embodiments, before executing step S120, identifying the network FLOW, and recording quintuple information corresponding to the network FLOW at the time; if the network FLOW passes through the conversion NAT address, updating quintuple information corresponding to the network FLOW as second quintuple information; and updating the NAT session log based on the second quintuple information.
Specifically, the network FLOW can be identified through a CONNTRACK link tracking module of a network subsystem in the LINUX kernel, and quintuple information of the FLOW at the moment is recorded. The five-tuple information may include, for example, a source IP, a source port, a protocol, a destination IP, a destination port, and a start time stamp.
If the network FLOW is subjected to NAT conversion, the related information of the quintuple information corresponding to the network FLOW at this time can be modified and recorded as the second quintuple information. The second quintuple information may include a source IP, a source port, a protocol, a source IP after NAT, a source port after NAT, a destination IP, a destination port, and a start timestamp. The second quintuple of the message seen by the website/server where the destination IP is located is thus: source IP after NAT, source port after NAT, protocol, destination IP, destination port. Wherein, the package message is sent to the user mode program through NETLINK.
Optionally, after performing updating the NAT session log based on the second quintuple information, the method may further include: if the network FLOW meets the specified condition, adding a specified identifier to the second quintuple information; and updating the NAT session log again based on the second quintuple information that added the specified identifier.
The network FLOW meets the specified condition, and may include the normal end or timeout of the network FLOW. Thus, if the network FLOW ends normally or the FLOW times out, the kernel module adds a specified identifier to the second five-tuple information. In some embodiments, an end timestamp may be added to the second quintuple information, so as to obtain the second quintuple information with the specified identifier. For example, the specified identification may include an end timestamp, such that the second five-tuple information with the specified identification may include a source IP, a source port, a protocol, a source IP after NAT, a source port after NAT, a destination IP, a destination port, a start timestamp, and an end timestamp. Thus there is a complete NAT session log record for a stream. Wherein, the package message can be sent to the user mode program through NETLINK.
For some embodiments, when performing step S130, it may further include: the user mode program monitors the NAT session log based on a pre-established NETLINK SOCKET; and if the NAT session log sent by the kernel part is obtained, storing the NAT session log into a corresponding database.
The user mode program can establish a NETLINK SOCKET monitoring NAT session log event, and the received message transfers the NAT session log to a database (such as ELASTICSEARCH) to facilitate subsequent tracing and inquiring. If the session state is "START", directly warehousing; if the status is "FINISH", the status of the update session, the session end timestamp, is looked up.
An exemplary, IP address for NAT gateway is assumed to be 125.94.Xx.197, where XX may be any combination of numbers as desired, and is not limited herein. The IP address of a cloud computer in the VPC is 192.168.1.100, and the first page HTTPS for accessing a website through a webpage is:// WWW.YYYYY.COM (assuming that the IP address is 220.181.38.149). HTTPS service port defaults to 443, assuming cloud computer source port 65432 in the session.
The message sent by NETLINK from the kernel to the user mode at the beginning of the session can be specifically shown in table 1 below.
TABLE 1
At the end of the session, the NETLINK sends a message from the kernel to the user mode, and the specific message can be shown in table 2 below.
TABLE 2
The user mode program will process to merge the same session into one record and update the record in the database. A complete NAT session log session record is shown in table 3 below.
TABLE 3 Table 3
According to the method for realizing the OPENSTACK NAT session log, through stream identification, only one NAT session log can be generated no matter how many data messages are transmitted by one data stream, and the log quantity is greatly reduced. The method has the advantages of less code change and quick deployment. In the field of cloud computing, OPENSTACK is used more, and NAT functions are very common functions, but NAT daily records are lacking, and the method compensates for the defect of the capability of the block. Furthermore, the method can be widely applied to various systems requiring OPENSTACK NAT session logs.
The method for implementing the OPENSTACK NAT session log according to the embodiment of the present application is described in detail based on fig. 2 and 3, and the system for implementing the OPENSTACK NAT session log according to the embodiment of the present application will be described in detail.
As shown in fig. 4, a system 400 for implementing an OPENSTACK NAT session log includes: conversion and generation unit 410, transmission unit 420, and storage unit 430.
For ease of illustration, FIG. 4 shows only the major components of the system 400 implementing an OPENSTACK NAT session log.
The translation and generation unit 410 is configured to translate the NAT address based on the kernel portion and generate a NAT session log. The kernel part is connected with the user mode program through NETLINK information.
Further, the translation and generation unit 410 may be further configured to create a NAT gateway by the kernel portion; translating an NAT address based on the NAT gateway; and generating NAT session logs based on the network namespaces corresponding to the NAT gateways.
Further, the translating and generating unit 410 may be further configured to translate an IP address based on a NAT rule stored in the NAT gateway, where the IP address is a target IP address corresponding to the translated NAT address.
And a sending unit 420, configured to send the NAT session log to the user mode program based on the kernel portion.
Furthermore, the sending unit 420 may be further configured to identify the network FLOW, and record quintuple information corresponding to the network FLOW at this time; if the network FLOW passes through the conversion NAT address, updating quintuple information corresponding to the network FLOW as second quintuple information; and updating the NAT session log based on the second quintuple information.
Further, the sending unit 420 may be further configured to add a specified identifier to the second quintuple information if the network FLOW meets a specified condition; and updating the NAT session log again based on the second quintuple information that added the specified identifier. Wherein the specified condition includes a normal end or timeout of the network FLOW.
And a storage unit 430, configured to store the NAT session log into a corresponding database based on the user mode program.
Further, the storage unit 430 may be further configured to monitor the NAT session log by the user mode program based on a pre-established NETLINK SOCKET; and if the NAT session log sent by the kernel part is obtained, storing the NAT session log into a corresponding database.
In addition, the technical effects of the system 400 for implementing the OPENSTACK NAT session log may refer to the technical effects of any of the foregoing methods, and will not be described herein.
Optionally, the embodiment of the present invention further provides a computer readable storage medium, which comprises a computer program or instructions which, when run on a computer, cause the method provided by any embodiment of the present invention to be performed.
Optionally, the embodiment of the invention further provides an electronic device, which is used for executing the method provided by any embodiment of the invention.
As shown in fig. 5, the electronic device 2000 may include a processor 2001.
Optionally, the electronic device 2000 may also include memory 2002.
The processor 2001 is coupled to the memory 2002, for example, by a communication bus.
The following describes the respective constituent elements of the electronic device 2000 in detail with reference to fig. 5:
the processor 2001 is a control center of the electronic device 2000, and may be one processor or a plurality of processing elements. For example, the processor 2001 is one or more central processing UNITs (CENTRAL PROCESSING UNIT, CPU), or may be an APPLICATION SPECIFIC INTEGRATED Cirsiit (ASIC), or one or more integrated CIRCUITs configured to implement embodiments of the present invention, such as: one or more microprocessors (DIGITAL SIGNAL PROCESSOR, DSP), or one or more field programmable gate arrays (FIELD PROGRAMMABLE GATE ARRAY, FPGA).
Alternatively, the processor 2001 may perform various functions of the electronic device 2000 by running or executing software programs stored in the memory 2002, and invoking data stored in the memory 2002.
In a particular implementation, the processor 2001 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 5, as an example.
The memory 2002 is used for storing a software program for executing the solution of the present invention, and is controlled by the processor 2001 to execute the solution, and the specific implementation may refer to the above method embodiment, which is not described herein again.
Alternatively, MEMORY 2002 may be, but is not limited to, READ-ONLY MEMORY (ROM) or other type of static storage device that can store static information and instructions, RANDOM ACCESS MEMORY (RAM) or other type of dynamic storage device that can store information and instructions, electrically erasable programmable READ-ONLY MEMORY (ELECTRICALLY ERASABLE PROGRAMMABLE READ-ONLY MEMORY, EEPROM), compact disc READ-ONLY MEMORY (COMPACT DISC READ-ONLY MEMORY, CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Memory 2002 may be integrated with processor 2001 or may exist separately and be coupled to processor 2001 through interface circuitry of electronic device 2000 (not shown in fig. 5), as embodiments of the invention are not limited in detail.
It should be noted that the structure of the electronic device 2000 illustrated in fig. 5 is not limited to the electronic device, and an actual electronic device may include more or fewer components than illustrated, or may combine some components, or may be different in arrangement of components.
In addition, the technical effects of the electronic device 2000 may refer to the technical effects of the method described in the above method embodiments, which are not described herein.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the system, system and unit described above may refer to the corresponding process in the foregoing method embodiment, which is not repeated herein.
In the several embodiments provided by the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the system embodiments described above are merely illustrative, e.g., the division of the elements is merely a logical functional division, and there may be additional divisions when actually implemented, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, system or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for implementing an OPENSTACK NAT session log, the method being applied to an OPENSTACK NAT session log system, the OPENSTACK NAT session log system comprising a kernel portion and a user mode program, the kernel portion being connected to the user mode program, the method comprising:
the kernel part converts the NAT address and generates an NAT session log;
the kernel part sends the NAT session log to the user mode program;
and the user mode program stores the NAT session log into a corresponding database.
2. The method of claim 1, wherein the kernel portion translating NAT addresses and generating NAT session logs comprises:
the kernel part creates NAT gateway;
translating an NAT address based on the NAT gateway;
and generating NAT session logs based on the network namespaces corresponding to the NAT gateways.
3. The method of claim 2, wherein the translating NAT addresses based on the NAT gateway comprises:
and converting the IP address based on the NAT rule stored in the NAT gateway, wherein the IP address is a target IP address corresponding to the converted NAT address.
4. The method of claim 1, wherein before the kernel portion sends the NAT session log to the user mode program, further comprising:
identifying the network FLOW and recording five-tuple information corresponding to the network FLOW at the moment;
if the network FLOW passes through the conversion NAT address, updating quintuple information corresponding to the network FLOW as second quintuple information;
and updating the NAT session log based on the second quintuple information.
5. The method of claim 4, wherein after updating the NAT session log based on the second quintuple information, further comprising:
if the network FLOW meets the specified condition, adding a specified identifier to the second quintuple information;
and updating the NAT session log again based on the second quintuple information that added the specified identifier.
6. The method of claim 5, wherein the specified condition comprises a normal end or timeout of the network FLOW.
7. The method of claim 1, wherein the user mode program storing the NAT session log in a corresponding database comprises:
the user mode program monitors the NAT session log based on a pre-established NETLINK SOCKET;
and if the NAT session log sent by the kernel part is obtained, storing the NAT session log into a corresponding database.
8. The method of claim 1, wherein the kernel portion is connected to the user mode program via a NETLINK message.
9. A system for implementing an OPENSTACK NAT session log, the system being adapted to an OPENSTACK NAT session log system, the OPENSTACK NAT session log system comprising a kernel portion and a user mode program, the kernel portion being coupled to the user mode program, the system comprising:
the translation and generation unit is used for translating the NAT address based on the kernel part and generating an NAT session log;
a sending unit, configured to send the NAT session log to the user mode program based on the kernel portion;
and the storage unit is used for storing the NAT session log into a corresponding database based on the user mode program.
10. An electronic device, comprising:
one or more processors; a memory; one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310220487.3A CN116506282A (en) | 2023-03-08 | 2023-03-08 | Method and system for realizing OPENSTACK NAT session log |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310220487.3A CN116506282A (en) | 2023-03-08 | 2023-03-08 | Method and system for realizing OPENSTACK NAT session log |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116506282A true CN116506282A (en) | 2023-07-28 |
Family
ID=87317322
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310220487.3A Pending CN116506282A (en) | 2023-03-08 | 2023-03-08 | Method and system for realizing OPENSTACK NAT session log |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116506282A (en) |
-
2023
- 2023-03-08 CN CN202310220487.3A patent/CN116506282A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108370391B (en) | Shared multi-tenant Domain Name System (DNS) server for virtual networks | |
| CN111885123B (en) | Construction method and device of cross-K8 s target service access channel | |
| CN114008994B (en) | Method and system for proxy server to receive request from client to network server and response from network server to client corresponding to the request | |
| US7640247B2 (en) | Distributed namespace aggregation | |
| US10574724B2 (en) | Automatic discovery of management nodes and generation of CLI using HA module | |
| JP2005535019A (en) | Storage management bridge | |
| CN108427677B (en) | Object access method and device and electronic equipment | |
| CN107135242B (en) | Mongodb cluster access method, device and system | |
| US20090007152A1 (en) | Management of external hardware appliances in a distributed operating system | |
| CN109542862B (en) | Method, device and system for controlling mounting of file system | |
| CN114731291A (en) | Security service | |
| CN106648838B (en) | Resource pool management configuration method and device | |
| WO2017148382A1 (en) | Method and apparatus for accessing storage device by virtual machine in cloud computing management platform | |
| CN113395340A (en) | Information updating method, device, equipment, system and readable storage medium | |
| CN111752681A (en) | Request processing method, device, server and computer readable storage medium | |
| CN111787036A (en) | Solution method, device, storage medium and equipment for front-end private cloud deployment | |
| CN109413224B (en) | Message forwarding method and device | |
| US11303606B1 (en) | Hashing name resolution requests according to an identified routing policy | |
| CN113966604A (en) | Web application wrapper | |
| US20220385596A1 (en) | Protecting integration between resources of different services using service-generated dependency tags | |
| CN114301872B (en) | Domain name based access method and device, electronic equipment and storage medium | |
| CN116506282A (en) | Method and system for realizing OPENSTACK NAT session log | |
| US11134117B1 (en) | Network request intercepting framework for compliance monitoring | |
| US11102141B2 (en) | Outbound request management | |
| CN113986835A (en) | Management method, device, equipment and storage medium for FastDFS distributed files |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |