CN116634047A - Message transmission method, device, equipment and medium - Google Patents

Message transmission method, device, equipment and medium Download PDF

Info

Publication number
CN116634047A
CN116634047A CN202310684481.1A CN202310684481A CN116634047A CN 116634047 A CN116634047 A CN 116634047A CN 202310684481 A CN202310684481 A CN 202310684481A CN 116634047 A CN116634047 A CN 116634047A
Authority
CN
China
Prior art keywords
message
transmitted
application layer
layer data
end processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310684481.1A
Other languages
Chinese (zh)
Inventor
杨勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Topsec Network Security Technology Co Ltd
Original Assignee
Hubei Topsec Network Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Topsec Network Security Technology Co Ltd filed Critical Hubei Topsec Network Security Technology Co Ltd
Priority to CN202310684481.1A priority Critical patent/CN116634047A/en
Publication of CN116634047A publication Critical patent/CN116634047A/en
Pending legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The embodiment of the application provides a method, a device, equipment and a medium for transmitting a message, wherein the method comprises the following steps: extracting application layer data of a message to be transmitted, wherein the message to be transmitted is sent by a sending device, the sending device is connected with a front-end processor, and the front-end processor is connected with a rear-end processor; negotiating with the post-processor through a preset protocol to obtain a negotiation protocol, and confirming that the application layer data verification is successful; and transmitting the application layer data to the post-machine through the negotiation protocol. According to the method and the device, the synchronization of the transmission channel establishment and the transmission message can be realized, so that the transmission efficiency of the transmission channel is improved.

Description

Message transmission method, device, equipment and medium
Technical Field
The embodiment of the application relates to the field of message transmission, in particular to a method, a device, equipment and a medium for message transmission.
Background
In the related art, the transmission and channel of data are divided into two parts, the data are compressed before being transmitted, and slicing is carried out according to the maximum transmission unit, and after slicing is finished, the algorithm is adopted to finish the selection of the transmission channel from the rear-end processor to the front-end processor. However, the related art has a lengthy data processing process, and the front-end processor needs to perform multiple operations such as compression, channel selection, etc. after receiving the data, which has low performance and low security.
Therefore, how to improve the efficiency of the message transmission process becomes a problem to be solved.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a medium for transmitting a message, which can at least realize the synchronization of the establishment of a transmission channel and the transmission of the message through some embodiments of the application, thereby improving the transmission efficiency of the transmission channel.
In a first aspect, the present application provides a method for transmitting a message, applied to a front-end processor, where the method includes: extracting application layer data of a message to be transmitted, wherein the message to be transmitted is sent by a sending device, the sending device is connected with a front-end processor, and the front-end processor is connected with a rear-end processor; negotiating with the post-processor through a preset protocol to obtain a negotiation protocol, and confirming that the application layer data verification is successful; and transmitting the application layer data to the post-machine through the negotiation protocol.
Therefore, unlike the technical scheme that the data needs to be sliced before transmission in the related art, the embodiment of the application can simultaneously establish a channel and transmit the data by negotiating a protocol and then verifying the data, thereby improving the efficiency of data transmission and reducing the resource consumption.
With reference to the first aspect, in an implementation manner of the present application, after the extracting application layer data of the message to be transmitted, the method further includes: generating a label corresponding to the message to be transmitted according to the five-tuple information of the message to be transmitted, wherein the label is used for managing the current session; packaging the application layer data according to the label to obtain packaging data; the transmitting the application layer data to the post-machine through the negotiation protocol includes: and transmitting the encapsulated data to the post-machine through the negotiation protocol.
Therefore, the embodiment of the application generates the corresponding label through the five-tuple information of the message, can conveniently verify the message to be transmitted, and improves the security of message transmission.
With reference to the first aspect, in an implementation manner of the present application, the generating, according to the five-tuple information of the to-be-transmitted packet, a tag corresponding to the to-be-transmitted packet includes: and carrying out hash value calculation on the five-tuple information of the message to be transmitted, and generating a label corresponding to the message to be transmitted.
Therefore, the embodiment of the application can reduce the calculated amount in the calculation process and ensure the safety by taking the hash value as the corresponding label.
With reference to the first aspect, in an embodiment of the present application, before the extracting the application layer data of the message to be transmitted, the method further includes: and confirming that the message to be transmitted meets the proxy and forwarding requirements based on the strategy.
Therefore, the embodiment of the application can prevent forwarding the message which does not accord with the strategy by confirming the strategy before extracting the message, and improves the safety in the process of transmitting the message.
In a second aspect, the present application provides a method for transmitting a message, which is applied to a post-processor, and the method includes: receiving application layer data sent by a front-end processor; generating a label corresponding to the message to be transmitted according to five-tuple information of the message to be transmitted, wherein the application layer data belongs to the message to be transmitted; and if the label meets the preset requirement, unpacking the application layer data and establishing a message transmission channel.
Therefore, the channel is established after the message to be transmitted is verified by the post-processor through the label, so that the channel can be established while the message is transmitted, and the message transmission efficiency is ensured.
With reference to the second aspect, in an embodiment of the present application, the tag includes a hash value tag; and unpacking the application layer data to establish a message transmission channel if the label meets the preset requirement, wherein the method comprises the following steps: and if the hash value label is the same as the label transmitted by the front-end processor, unpacking the application layer data and establishing a message transmission channel.
Therefore, the embodiment of the application can reduce the calculated amount of the post-machine in the process of calculating the verification label by confirming the hash value label, thereby ensuring the running speed of the post-machine.
With reference to the second aspect, in an embodiment of the present application, the tag includes a hash value tag; the method further comprises the steps of: and if the hash value label is different from the label transmitted by the front-end processor, discarding the application layer data.
Therefore, the embodiment of the application can ensure that the message transmitted to the receiving equipment is a safe message by discarding the message which does not accord with the label.
In a third aspect, the present application provides a device for transmitting a message, applied to a front-end processor, where the device includes: the data extraction module is configured to extract application layer data of a message to be transmitted, wherein the message to be transmitted is sent by sending equipment, the sending equipment is connected with the front-end processor, and the front-end processor is connected with the rear-end processor; the negotiation module is configured to negotiate with the post-processor through a preset protocol to obtain a negotiation protocol, and confirm that the application layer data verification is successful; and the transmission module is configured to transmit the application layer data to the post-machine through the negotiation protocol.
With reference to the third aspect, in an embodiment of the present application, the data extraction module is further configured to: generating a label corresponding to the message to be transmitted according to the five-tuple information of the message to be transmitted, wherein the label is used for managing the current session; packaging the application layer data according to the label to obtain packaging data; the transmission module is further configured to: and transmitting the encapsulated data to the post-machine through the negotiation protocol.
With reference to the third aspect, in an embodiment of the present application, the data extraction module is further configured to: and carrying out hash value calculation on the five-tuple information of the message to be transmitted, and generating a label corresponding to the message to be transmitted.
With reference to the third aspect, in an embodiment of the present application, the data extraction module is further configured to: and confirming that the message to be transmitted meets the proxy and forwarding requirements based on the strategy.
In a fourth aspect, the present application provides a device for transmitting a message, applied to a post-processor, where the device includes: the data receiving module is configured to receive application layer data sent by the front end processor; the tag generation module is configured to generate a tag corresponding to the message to be transmitted according to five-tuple information of the message to be transmitted, wherein the application layer data belongs to the message to be transmitted; and the channel establishment module is configured to confirm that the tag meets the preset requirement, unpack the application layer data and establish a message transmission channel.
With reference to the fourth aspect, in an embodiment of the present application, the tag includes a hash value tag; the channel setup module is further configured to: and if the hash value label is the same as the label transmitted by the front-end processor, unpacking the application layer data and establishing a message transmission channel.
With reference to the fourth aspect, in an embodiment of the present application, the tag includes a hash value tag; the apparatus for transmitting messages is further configured to: and if the hash value label is different from the label transmitted by the front-end processor, discarding the application layer data.
In a fifth aspect, the present application provides an electronic device, comprising: a processor, a memory, and a bus; the processor is connected to the memory via the bus, the memory storing a computer program which, when executed by the processor, performs the method according to any embodiment of the first and second aspects.
In a sixth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which when executed performs a method according to any embodiment of the first and second aspects.
Drawings
Fig. 1 is a schematic diagram of a scene composition of a message transmission according to an embodiment of the present application;
FIG. 2 is a flow chart of a method for message transmission according to an embodiment of the present application;
FIG. 3 is a second flowchart of a method for transmitting a message according to an embodiment of the present application;
FIG. 4 is a third flowchart illustrating a method for transmitting a message according to an embodiment of the present application;
FIG. 5 is a flow chart of a method for message transmission according to an embodiment of the present application;
FIG. 6 is a flow chart of a method for message transmission according to an embodiment of the present application;
FIG. 7 is a flowchart of a method for message transmission according to an embodiment of the present application;
FIG. 8 is a flow chart of a method for message transmission according to an embodiment of the present application;
FIG. 9 is a schematic diagram of a message transmission apparatus according to an embodiment of the present application;
FIG. 10 is a second schematic diagram illustrating a message transmission device according to the embodiment of the present application;
fig. 11 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without any inventive effort, are intended to be within the scope of the present application based on the embodiments of the present application.
The embodiment of the application can be applied to the scene of message transmission in a secure data exchange system, and in order to solve the problems in the background technology, in some embodiments of the application, a channel and transmission data can be simultaneously established by negotiating a protocol before verifying the data, thereby improving the efficiency of data transmission and reducing the resource consumption. For example: in some embodiments of the present application, firstly, application layer data of a message to be transmitted is extracted, then, negotiation is performed with a post-processor through a preset protocol to obtain a negotiation protocol, and verification of the application layer data is confirmed to be successful, and finally, the application layer data is transmitted to the post-processor through the negotiation protocol.
The method steps in the embodiments of the present application are described in detail below with reference to the drawings.
Fig. 1 provides a schematic diagram of a scenario of message transmission in some embodiments of the present application, where the scenario includes a sending device 110, a front end processor 120, a gatekeeper 130, a back end processor 140, and a receiving device 150. Specifically, the sending device 110 sends the message to be transmitted to the front end processor 120, the front end processor 120 establishes a transmission channel with the back end processor 140 in the process of sending the message to be transmitted, the gatekeeper 130 sends the message to be transmitted to the back end processor 140, and the back end processor 140 sends the message to be transmitted to the receiving device 150.
It can be understood that the secure data exchange system is a platform for implementing data synchronization between two different network service areas by comprehensively utilizing security measures such as equipment authentication, format check and the like based on the network gate and unidirectional optical gate technology. To prevent the leakage of important information, related enterprises often partition the network, and deploy a gatekeeper or a shutter between the partitioned areas. The net gate or the optical gate mainly provides a physical isolation function, and on the basis, a safety data exchange system is used for enhancing the safety of data exchange between areas. The hardware structure of the safety data exchange system consists of a rear-end machine, a network gate or a light gate and a front-end machine. The data transmission between the front and rear sets is called a data transmission channel.
Different from the related art, the application mainly solves the problem of low transmission rate performance processing of the transmission channel, realizes the transmission channel by adopting a mode of combining a user datagram protocol (User Datagram Protocol, UDP) and a KCP protocol, and ensures the reliability of transmission to a certain extent while improving the transmission performance. In addition, the transmission channel disclosed by the application is high in expandability based on TCP/IP, and can carry out encrypted transmission on data by using a newer safe encryption mode, so that the data exchange safety is improved, the transmission rate of the transmission channel is improved, the data safety verification is improved, the process required by an isolation gateway is simplified, and the resource consumption is reduced.
A method of data transmission performed by the front-end and back-end will be described in detail.
To at least solve the problems in the background art, as shown in fig. 2, some embodiments of the present application provide a method for transmitting a message, where the method includes:
s210, the front-end processor extracts application layer data of the message to be transmitted.
It should be noted that the message to be transmitted is sent by a sending device, the sending device is connected with a front-end processor, and the front-end processor is connected with a back-end processor.
In one embodiment of the present application, before S210, the method further includes: and confirming that the message to be transmitted meets the proxy and forwarding requirements based on the strategy.
In particular, the application provides a method for establishing a transmission channel based on a secure data exchange system, which has high multiplexing, high expansibility and high security. The main components of the transmission channel setup include an application layer proxy 301, an encryption module 302, an extraction verification process 303, a transmission module 304, and a data link layer 305 as shown in fig. 3. I.e. the user confirms the sending device as well as the receiving device using the command line issuing agent configuration. The application layer proxy 301 extracts application layer data and processes the data after the security processing. The encryption module 302 autonomously selects an encryption mode to encrypt the message to be transmitted, and in the present application, a secure socket layer (Secure Socket Layer, SSL) protocol is used as an example by default. The transmission module 304 is jointly implemented by a UDP and a KCP process, and in the SSL negotiation and the transmission process of the secure data channel after the negotiation, the UDP is responsible for transmission, the KCP process is responsible for extraction and integrity check of data, and functions such as SSL channel establishment are performed. The session of the KCP process can also be managed, and the protocols of the use of the data transmitted by the front-end processor and the back-end processor can be managed. The management of the session is completed by a session number (session_id), and the management of the protocol is completed by a protocol identification (protocol_id).
It will be appreciated that the modules in fig. 3 need to be configured on the front-end processor and the back-end processor, respectively.
That is, the user may issue a policy to the security system through a web page or command line, collect a corresponding generation policy of the security data exchange system after the user command, and process the data sent from the sending device through the security data system, if there is no policy, the data is not processed. The application layer agent 301 extracts and restores data of an application layer, the encryption module 302 is an encryption component, and can be expanded by itself, the transmission module 304 is a fast transmission part, which is mainly responsible for guaranteeing fast transmission of data, and simultaneously providing session management interfaces, sliding windows, timeout retransmission and other functions for guaranteeing complete arrival of data. The implementation of KCP in session management provides session management functions and provides a method for rapid identification and restoration of protocols.
In one embodiment of the present application, after S210, further comprising: firstly, generating a label corresponding to a message to be transmitted according to five-tuple information of the message to be transmitted, wherein the label is used for managing a current session, and then packaging application layer data according to the label to obtain packaged data.
Specifically, hash value calculation is performed on five-tuple information of the message to be transmitted, and a label corresponding to the message to be transmitted is generated.
S220, the front end processor negotiates with the back end processor through a preset protocol to obtain protocol negotiation, and confirms that the verification of the application layer data is successful.
In one embodiment of the application, the encapsulated data is transmitted to the post-machine via a negotiation protocol.
S230, the front end processor transmits the application layer data to the back end processor through a negotiation protocol.
As an embodiment of the present application, after the data of the front end processor 120 is processed safely, the data needs to be transmitted from the front end processor 120 to the back end processor 140, and at this time, the encryption module 302, the extraction verification process 303 and the transmission module 304 are called to establish a secure transmission channel. As shown in fig. 4, the front end processor 120 accesses the back end processor 140 using UDP and SSL protocols, and the back end processor 140 replies to the front end processor 120 using UDP and SSL protocols. The front end processor 120 then exchanges keys with the back end processor 140, after which the front end processor 120 establishes a transmission channel with the back end processor 140.
Specifically, after the user configures the policy, the front end processor 120 receives the message to be transmitted, processes the message, and after the processing, the front end processor 120 needs to transmit the message to be transmitted to the back end processor 140, and at this time, the front end processor 120 and the back end processor 140 perform secure key exchange through SSL protocol. Since UDP itself has no session, it is a connectionless protocol, and thus the connection tagging is done jointly using KCP procedures and session management.
As a specific embodiment of the present application, the front end processor 120 executes the steps as shown in fig. 5, S501 receives a message to be transmitted, S502 determines whether an agent is needed, if no agent is needed, S504 does not process, disconnects, if an agent is needed, S503 extracts application layer data, generates a session table according to five-tuple information, performs hash value calculation, generates a hash value tag, then transmits the hash value tag to an extraction checking process (i.e., a KCP process), continues to execute S505 to call an SSL interface, starts SSL negotiation, then executes S506 an extraction checking process to encapsulate an SSL packet, and finally, executes S507 a transmission layer to use UDP to perform encapsulation and transmission according to a TCP/IP flow.
That is, after the front end processor 120 receives the data, it determines whether to perform proxy or other processing, if so, extracts the data by using the application layer proxy, generates session_id and protocol_id by using session management, and generates a hash value by performing hash operation on the session_id with five-tuple as an internal port of the front end processor 120. And calling encryption negotiation of the encryption module, transmitting a hash value generated by session management to a KCP process, wherein the KCP gives the hash to a conv field for short, so that identification of the session is completed, and after the KCP process encapsulates the packet, the KCP process transmits the packet to a post-processor for processing and sending transmission according to a TCP/IP flow.
In one embodiment of the present application, the post-processor, after receiving the application layer data sent by the pre-processor, performs the steps of:
s2301, generating a label corresponding to the message to be transmitted according to the five-tuple information of the message to be transmitted.
S2302, unpacking the application layer data and establishing a message transmission channel when the label meets the preset requirement.
Specifically, the tag comprises a hash value tag, and if the hash value tag is confirmed to be the same as the tag transmitted by the front-end processor, unpacking is performed on the application layer data, and a message transmission channel is established. If the hash value label is different from the label transmitted by the front-end processor, discarding the application layer data.
As a specific embodiment of the present application, as shown in fig. 6, the post-processor executes S601 to receive a message to be transmitted, S602 extracts application layer data, generates a session table according to five-tuple information, performs hash value calculation to generate a hash value tag, then executes S603 to compare the hash value tag, executes S604 to discard if it is inconsistent, does not process, executes S605 to extract and check the process to unpack the SSL packet if it is inconsistent, S606 invokes the SSL interface, starts SSL negotiation, finally executes S607 to establish a channel, and deletes the channel after the keep-alive time, that is, after the channel is established, the channel is reserved for a period of time, and the channel is deleted after a period of time, so as to prevent the transmission channel from occupying the memory space.
Specifically, after receiving the negotiation message, the post-processor extracts data, generates a session_id according to the five-tuple, performs hash operation on the session_id, compares the session_id with a hash value in the received packet, and if the hash value is consistent with the hash value in the received packet, unpacks the negotiation packet process by the kcp process and processes the negotiation packet process by the upper layer. After the negotiation is completed, an encrypted transmission channel is established.
After the secure transmission channel is established, the application layer proxy, the encryption module, the transmission module and the extraction verification process together complete the message transmission task. As shown in fig. 7, the front end processor performs S701 application layer data extraction, S702 SSL encryption, S703 extraction verification process, S704 transmission by a transmission module, and S705 transmission by a basic transmission component (e.g., transmission by a network cable). The post-machine performs S705 operation using the basic transmission component (e.g., receiving using a network cable), S704 transmission by the transmission module, S703 extraction verification process processing, S702 SSL encryption, and S701 reception assembly.
Specifically, after the encryption transmission channel is established, the front-end processor performs extraction on application layer data, SSL encryption is used, meanwhile, a session management process transmits protocol_id to a KCP process, after the KCP process receives the encryption data and the protocol_id, the KCP process packages the data and transmits the data through lower layer processing, and a protocol used by the transmission layer is UDP. And after receiving the data, the post-processor firstly restores the data by using a KCP process to obtain encrypted data and protocol_id, the encrypted data is decrypted by an SSL process, the protocol_id is sent to a session management part, and the session management part informs an application layer processing process of the need of restoring the data according to what protocol and sending the data to the receiving equipment.
Specifically, as shown in fig. 8, the KCP process executes S802 to send application layer data in the front-end processor, and then S803 updates the application layer data, S805 packages, S806 outputs, and S807 transmits. The post-processor performs S808 input after transmission, and then performs S809 unpacking, S803 updating, S804 receives the application layer data 801.
As a specific embodiment of the application, the application can be applied to all isolation products in a safety data safety isolation system, such as a front end processor, a back end processor, a net gate and a light gate. The embodiment is based on a safe data exchange isolation system, and the message transmission scheme provided by the application is used for enhancing the data exchange safety and flexibly using the components to establish a data channel when data exchange and data proxy are carried out.
The safety data exchange system bears the proxy service of the user to access the data center, and when the user accesses the receiving equipment, the user needs to forward proxy through the front end processor and then backward proxy through the back end processor to the receiving equipment. Between the front and back positions, there is a need for data exchange. The embodiment of the application discloses a data channel for data exchange, which provides a high-efficiency and reliable transmission mode while ensuring the safety.
For example, in the process of an audio video agent: s1, configuring services needing proxy and a proxy client range on the front-end processor. S2, configuring the service needing the proxy and the proxy server address on the post machine. And S3, after the configuration is issued, the sending equipment initiates a service request, taking HTTP as an example, and the sending equipment initiates a GET request. And S4, after the front-end processor receives the GET request, matching the proxy service, processing the data by using the application layer proxy, and preparing to forward to the rear-end processor. S5, the front-end processor bottom layer uses the extraction verification process and the transmission module to initiate SSL negotiation to the back-end processor. S6, the bottom layer of the post machine uses the encryption module and the transmission module, and after receiving and verifying the opposite terminal, the SSL negotiation is responded. And S7, after the SSL negotiation is completed, the front-end processor forwards the proxy data to the back-end processor through the transmission module. And S8, after the post-processor receives the data, the data to be transmitted is obtained through the transmission module and the application layer proxy, and the data is restored and forwarded to the receiving equipment according to the protocol identifier provided by session management and the fast matching proxy service.
The application therefore specifies a method for establishing and transmitting a transmission channel based on secure data exchange. In the method, the algorithm is used for completing the establishment of the data channel, so that the resource consumption is reduced, when the channel is established, a multi-element, such as a conv label in session_id and kcp, is used for identifying the session, so that the calculation of channel selection is reduced, in addition, when the channel is transmitted, UDP is used for transmission, and a protocol label is added before the transmission, so that the destination terminal can quickly restore and complete the follow-up proxy service after receiving the message, and the transmission rate is accelerated. The transmission channel can be built by embedding various encryption modes, such as SSL, so that the security of the transmission channel is enhanced.
The application aims at providing a high-efficiency and safe data transmission channel method, and the related technical key points are as follows: the data channel is completed in the form of the components, and the expandability of each component is high; the data transmission is carried out after the connection is not required to be established, and the transmission rate is faster; the current available channel is not required to be calculated through an algorithm, so that the resource consumption is reduced; the UDP-based encryption component is used for enhancing the safe transmission of the data transmission channel and accelerating the transmission rate. The method can ensure the rapid transmission of data, ensure the reliable data transmission, encrypt the data channel by adopting an encryption algorithm, further ensure the safety of the data, simplify the channel selection mode and reduce the resource consumption.
The foregoing describes a specific embodiment of a method for transmitting a message, and a device for transmitting a message will be described below.
As shown in fig. 9, some embodiments of the present application provide an apparatus 900 for transmitting a message, where the apparatus includes: a data extraction module 910, a negotiation module 920, and a transmission module 930.
The data extraction module 910 is configured to extract application layer data of a message to be transmitted, where the message to be transmitted is sent by a sending device, the sending device is connected with the front-end processor, and the front-end processor is connected with the back-end processor; the negotiation module 920 is configured to negotiate with the post-processor through a preset protocol to obtain a negotiation protocol, and confirm that the application layer data verification is successful; a transmission module 930, configured to transmit the application layer data to the post-machine through the negotiation protocol.
In one embodiment of the present application, the data extraction module 910 is further configured to: generating a label corresponding to the message to be transmitted according to the five-tuple information of the message to be transmitted, wherein the label is used for managing the current session; packaging the application layer data according to the label to obtain packaging data; the transmission module 930 is further configured to: and transmitting the encapsulated data to the post-machine through the negotiation protocol.
In one embodiment of the present application, the data extraction module 910 is further configured to: and carrying out hash value calculation on the five-tuple information of the message to be transmitted, and generating a label corresponding to the message to be transmitted.
In one embodiment of the present application, the data extraction module 910 is further configured to: and confirming that the message to be transmitted meets the proxy and forwarding requirements based on the strategy.
In an embodiment of the present application, the module shown in fig. 9 can implement each process in the method embodiments of fig. 1 to 8. The operation and/or function of the individual modules in fig. 9 are respectively for realizing the respective flows in the method embodiments in fig. 1 to 8. Reference is specifically made to the description in the above method embodiments, and detailed descriptions are omitted here as appropriate to avoid repetition.
As shown in fig. 10, some embodiments of the present application provide a device 100 for transmitting a message, the device including: a data receiving module 101, a tag generating module 102 and a channel establishing module 103.
A data receiving module 101 configured to receive application layer data transmitted by the front-end processor; the tag generation module 102 is configured to generate a tag corresponding to a message to be transmitted according to five-tuple information of the message to be transmitted, wherein the application layer data belongs to the message to be transmitted; and the channel establishing module 103 is configured to confirm that the tag meets a preset requirement, unpack the application layer data and establish a message transmission channel.
In one embodiment of the application, the tag comprises a hash value tag; the channel setup module 103 is further configured to: and if the hash value label is the same as the label transmitted by the front-end processor, unpacking the application layer data and establishing a message transmission channel.
In one embodiment of the application, the tag comprises a hash value tag; the apparatus for transmitting messages is further configured to: and if the hash value label is different from the label transmitted by the front-end processor, discarding the application layer data.
In an embodiment of the present application, the module shown in fig. 10 can implement the respective processes in the embodiments of the methods of fig. 1 to 8. The operation and/or function of the individual modules in fig. 10 are respectively for realizing the respective flows in the method embodiments in fig. 1 to 8. Reference is specifically made to the description in the above method embodiments, and detailed descriptions are omitted here as appropriate to avoid repetition.
As shown in fig. 11, an embodiment of the present application provides an electronic device 11, including: a processor 111, a memory 112 and a bus 113, said processor being connected to said memory by means of said bus, said memory storing computer readable instructions for implementing the method according to any of the above-mentioned embodiments when said computer readable instructions are executed by said processor, in particular see the description of the above-mentioned method embodiments, which detailed description is omitted here as appropriate for avoiding repetition.
Wherein the bus is used to enable direct connection communication of these components. The processor in the embodiment of the application can be an integrated circuit chip with signal processing capability. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but may also be a Digital Signal Processor (DSP), application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The Memory may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc. The memory has stored therein computer readable instructions which, when executed by the processor, perform the method described in the above embodiments.
It will be appreciated that the configuration shown in fig. 11 is illustrative only and may include more or fewer components than shown in fig. 11 or have a different configuration than shown in fig. 11. The components shown in fig. 11 may be implemented in hardware, software, or a combination thereof.
Embodiments of the present application also provide a computer readable storage medium, on which a computer program is stored, which when executed by a server, implements a method according to any one of the foregoing embodiments, and specifically reference may be made to the description in the foregoing method embodiments, and detailed descriptions are omitted herein as appropriate for avoiding repetition.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (11)

1. A method for transmitting a message, which is applied to a front-end processor, the method comprising:
extracting application layer data of a message to be transmitted, wherein the message to be transmitted is sent by a sending device, the sending device is connected with a front-end processor, and the front-end processor is connected with a rear-end processor;
negotiating with the post-processor through a preset protocol to obtain a negotiation protocol, and confirming that the application layer data verification is successful;
and transmitting the application layer data to the post-machine through the negotiation protocol.
2. The method according to claim 1, wherein after the extracting the application layer data of the message to be transmitted, the method further comprises:
generating a label corresponding to the message to be transmitted according to the five-tuple information of the message to be transmitted, wherein the label is used for managing the current session;
packaging the application layer data according to the label to obtain packaging data;
the transmitting the application layer data to the post-machine through the negotiation protocol includes:
and transmitting the encapsulated data to the post-machine through the negotiation protocol.
3. The method of claim 2, wherein generating a tag corresponding to the message to be transmitted according to the five-tuple information of the message to be transmitted comprises:
and carrying out hash value calculation on the five-tuple information of the message to be transmitted, and generating a label corresponding to the message to be transmitted.
4. A method according to any of claims 1-3, characterized in that before said extracting the application layer data of the message to be transmitted, the method further comprises:
and confirming that the message to be transmitted meets the proxy and forwarding requirements based on the strategy.
5. A method for transmitting a message, which is applied to a post-processor, the method comprising:
receiving application layer data sent by a front-end processor;
generating a label corresponding to the message to be transmitted according to five-tuple information of the message to be transmitted, wherein the application layer data belongs to the message to be transmitted;
and if the label meets the preset requirement, unpacking the application layer data and establishing a message transmission channel.
6. The method of claim 5, wherein the tag comprises a hash value tag;
and unpacking the application layer data to establish a message transmission channel if the label meets the preset requirement, wherein the method comprises the following steps:
and if the hash value label is the same as the label transmitted by the front-end processor, unpacking the application layer data and establishing a message transmission channel.
7. The method of claim 5, wherein the tag comprises a hash value tag; the method further comprises the steps of:
and if the hash value label is different from the label transmitted by the front-end processor, discarding the application layer data.
8. A device for transmitting messages, which is applied to a front-end processor, the device comprising:
the data extraction module is configured to extract application layer data of a message to be transmitted, wherein the message to be transmitted is sent by sending equipment, the sending equipment is connected with the front-end processor, and the front-end processor is connected with the rear-end processor;
the negotiation module is configured to negotiate with the post-processor through a preset protocol to obtain a negotiation protocol, and confirm that the application layer data verification is successful;
and the transmission module is configured to transmit the application layer data to the post-machine through the negotiation protocol.
9. A device for transmitting messages, which is applied to a post-processor, the device comprising:
the data receiving module is configured to receive application layer data sent by the front end processor;
the tag generation module is configured to generate a tag corresponding to the message to be transmitted according to five-tuple information of the message to be transmitted, wherein the application layer data belongs to the message to be transmitted;
and the channel establishment module is configured to confirm that the tag meets the preset requirement, unpack the application layer data and establish a message transmission channel.
10. An electronic device, comprising: a processor, a memory, and a bus; the method.
11. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed, implements the method according to any of claims 1-7.
CN202310684481.1A 2023-06-08 2023-06-08 Message transmission method, device, equipment and medium Pending CN116634047A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310684481.1A CN116634047A (en) 2023-06-08 2023-06-08 Message transmission method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310684481.1A CN116634047A (en) 2023-06-08 2023-06-08 Message transmission method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN116634047A true CN116634047A (en) 2023-08-22

Family

ID=87591986

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310684481.1A Pending CN116634047A (en) 2023-06-08 2023-06-08 Message transmission method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN116634047A (en)

Similar Documents

Publication Publication Date Title
CN107534665B (en) Scalable intermediary network device utilizing SSL session ticket extensions
CN108769292B (en) Message data processing method and device
CN110572460B (en) Data transmission method and device based on block chain system and computer equipment
US9350711B2 (en) Data transmission method, system, and apparatus
CN107046495B (en) Method, device and system for constructing virtual private network
CN111786867B (en) Data transmission method and server
CN112260926B (en) Data transmission system, method, device, equipment and storage medium of virtual private network
CN109120405B (en) Terminal secure access method, device and system
US20170359214A1 (en) IPSEC Acceleration Method, Apparatus, and System
CN111786869B (en) Data transmission method between servers and server
CN112261062A (en) Internet of things security access method, gateway and system supporting multi-protocol conversion
CN113572766A (en) Power data transmission method and system
CN107948217B (en) Switch system and communication method
CN108924157B (en) Message forwarding method and device based on IPSec VPN
CN107294968A (en) The monitoring method and system of a kind of audio, video data
CN107483369B (en) Message processing method and virtual switch
CN108900584B (en) Data transmission method and system for content distribution network
CN116634047A (en) Message transmission method, device, equipment and medium
CN111416791A (en) Data transmission method, equipment and system
CN113472626B (en) Data message transmission method, electronic device and storage medium
CN113114643B (en) Operation and maintenance access method and system of operation and maintenance auditing system
CN112636913B (en) Networking method for key sharing
CN110995730B (en) Data transmission method and device, proxy server and proxy server cluster
CN114205185B (en) Proxy method and device for control message
CN113950802B (en) Gateway device and method for performing site-to-site communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination