CN117714411A - Automatic conversion method, device, equipment and medium for industrial control data message - Google Patents
Automatic conversion method, device, equipment and medium for industrial control data message Download PDFInfo
- Publication number
- CN117714411A CN117714411A CN202311725898.4A CN202311725898A CN117714411A CN 117714411 A CN117714411 A CN 117714411A CN 202311725898 A CN202311725898 A CN 202311725898A CN 117714411 A CN117714411 A CN 117714411A
- Authority
- CN
- China
- Prior art keywords
- ipv4
- industrial control
- control message
- address
- ipv6
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000006243 chemical reaction Methods 0.000 title claims abstract description 104
- 238000000034 method Methods 0.000 title claims abstract description 101
- 230000006870 function Effects 0.000 claims abstract description 164
- 238000003860 storage Methods 0.000 claims description 9
- 238000012360 testing method Methods 0.000 abstract description 11
- 238000011161 development Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 7
- 238000009776 industrial production Methods 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 150000002170 ethers Chemical class 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an automatic conversion method, a device, equipment and a medium for industrial control data messages, wherein the method comprises the steps of installing a python operation environment, and writing a python message conversion program based on the python operation environment, wherein the message conversion program at least comprises an I PV4 address-to-I PV6 address type method, an I PV4 address-to-I PV6 address function, an I PV4 header-to-I PV6 header function, an I PV4 industrial control message-to-I Pv6 industrial control message function, a single I PV4 industrial control message conversion function and a plurality of I PV4 industrial control message conversion functions; and the I PV4 industrial control message is acquired, and is converted into the I PV6 industrial control message through a message conversion program based on the I PV4 industrial control message, so that the development and test period of the industrial control safety equipment are improved.
Description
Technical Field
The invention relates to the technical field of data processing of industrial control firewalls, in particular to an automatic conversion method, device, equipment and medium for industrial control data messages.
Background
Industrial control firewall: the firewall applied in the industrial control network environment is called an industrial control firewall ICF (Industrial Control Firewall), an industrial firewall IFW (IndustrialFirewalls), or an industrial control firewall; the industrial control firewall is mainly arranged between a management network (office network) and a production network or at the boundary of a control equipment layer, analyzes, identifies and controls the flow of the industrial control network passing through the industrial control network so as to resist the attack of the industrial production equipment from the internal and external networks, the industrial network adopts a special industrial protocol, the industrial protocol is of a plurality of types, the industrial protocol is based on an industrial Ethernet (based on two layers and three layers), and the industrial protocol is based on a serial link (RS 232 and RS 485), and a special industrial protocol analysis module is required for the industrial protocol to filter and analyze the industrial protocol.
In the test link of the industrial control firewall, the test message of the industrial control protocol is generally derived from grabbing in the field industrial production network, but because the industrial control protocol of IPV4 is mainly used at present, the industrial control protocol message of IPV6 can be rarely grabbed in the field environment of the industrial network, and the industrial control protocol is required to support IPV4 and IPV6 simultaneously due to the consideration of compatibility of IPV6 in the future, the protocols used in various industrial fields are different, and the test instruments matched with the industrial control protocol in the market are few; this brings some trouble to the testing of the IPV6 IPV.
Although IPV4 is still the main stream in the network now, IPV6 is a trend and now secure gateway devices are required to support both IPV4 and IPV6, in general, in the testing of gateway security devices, both IPV4 and IPV6 are verified simultaneously by the function, i.e. the gateway security device is required to support both IPV4/IPV6 stacks.
Disclosure of Invention
The invention aims to overcome the technical defects, and provides an automatic conversion method, device, equipment and medium for industrial control data messages, which solve the technical problem that an industrial control firewall in the prior art cannot support IPV4 and IPV6 at the same time.
In order to achieve the technical purpose, the invention adopts the following technical scheme:
the invention provides an automatic conversion method of an industrial control data message, which comprises the following steps:
based on a python operation environment, writing a python message conversion program, wherein the message conversion program at least comprises an IPV4 address-to-IPV 6 address class method, an IPV4 address-to-IPV 6 address function, an IPV4 header-to-IPV 6 header function, an IPV4 industrial control message-to-IPv 6 industrial control message function, a single IPV4 industrial control message conversion function and a plurality of IPV4 industrial control message conversion functions;
and acquiring an IPV4 industrial control message, and converting the IPV4 industrial control message into an IPV6 industrial control message through the message conversion program based on the IPV4 industrial control message.
In some embodiments, writing the python message conversion program based on the python operation environment includes:
step 1, importing a python module and a library;
step 2, creating a method for converting an IPV4 address into an IPV6 address, and converting the IPV4 address of the IPV4 industrial control message into the IPV6 address by the method, wherein the method at least comprises a first method, a second method and a third method;
step 3, creating an IPV4 address-to-IPV 6 address function, obtaining an IPV4 address of an IPV4 industrial control message, transferring the IPV4 address into the IPV6 address through the IPV4 address-to-IPV 6 address function, and returning the converted IPV6 address, wherein the IPV4 address at least comprises a target address and a source address;
step 4, creating an IPV4 header-to-IPV 6 header function, obtaining IPV4 header information of an IPV4 industrial control message, calling the IPV4 address-to-IPV 6 address function through the IPV4 header-to-IPV 6 header function to convert the address of the IPV4 header into an IPV6 address, assigning a protocol field of the IPV4 header to a protocol field of the IPv6 header, and returning to the IPv6 header;
step 5, creating an IPV4 industrial control message to IPv6 industrial control message Wen Hanshu, obtaining an IPV4 industrial control message, and calling an IPV4 header to IPV6 header function through the IPV4 industrial control message to IPv6 industrial control message Wen Hanshu to convert the IPV4 industrial control message into an IPV6 industrial control message;
step 6, creating a single IPV4 industrial control message conversion function, obtaining an IPV4 industrial control message to be converted, and converting the IPV4 industrial control message to be converted into an IPV6 industrial control message by calling the IPV4 industrial control message to IPv6 industrial control message function through the single IPV4 industrial control message conversion function;
step 7, creating a plurality of IPV4 industrial control message conversion functions, obtaining an IPV4 industrial control message catalog to be converted, and calling a single IPV4 industrial control message conversion function through the IPV4 industrial control message conversion functions to convert a plurality of IPV4 industrial control message files under the catalog into corresponding IPV6 industrial control message files;
and 8, creating a program entry, obtaining the file type of the IPV4 industrial control message, and calling a single IPV4 industrial control message conversion function or a plurality of IPV4 industrial control message conversion functions according to the file type of the IPV4 industrial control message.
In some of these embodiments, the python module and library includes at least a re module, a random module, an os module, a scapy. All module, a scapy. Laminates.12 module, and a scapy. Laminates.inet 6 module.
In some embodiments, the converting the IPV4 address of the IPV4 industrial control packet to the IPV6 address by the IPV4 address-to-IPV 6 address-class method includes:
converting the IPV4 address into a hexadecimal character string through the first method;
formatting the hexadecimal character string by the second method based on the hexadecimal character string;
and adding a prefix to the formatted IPV6 address through the third method to obtain the IPV6 address.
In some embodiments, the obtaining IPV4 header information of the IPV4 industrial control packet, calling the IPV4 address to IPV6 address function through the IPV4 header to IPV6 header function to convert an address of the IPV4 header into an IPV6 address, and assigning a protocol field of the IPV4 header to a protocol field of the IPV6 header, and returning to the IPV6 header includes:
acquiring IPV4 head information of an IPV4 industrial control message, wherein the IPV4 head information at least comprises a protocol field, a source address and a target address;
creating an IPV6 head object;
setting the protocol of the IPV4 head as the protocol of the IPV6 head;
and calling an IPV4 address to IPV6 address function through the IPV4 head to IPV6 head function to convert the source address and the target address of the IPV4 head so as to obtain the IPV6 head.
In some embodiments, the obtaining the IPV4 industrial control message, calling, by the IPV4 industrial control message to IPV6 industrial control message Wen Hanshu, an IPV4 header to IPV6 header function to convert the IPV4 industrial control message to an IPV6 industrial control message includes:
creating an Ethernet data packet, and setting the type as IPv6, wherein the source address and the target address are consistent with the source address and the target address of the IPV4 industrial control message;
when the IPv4 of the IPV4 industrial control message has an IP layer, calling an IPV4 header to IPV6 header function to convert the IPv4 header information into IPv6 header information;
and returning to the original data packet when the IP layer does not exist in the data packet.
In some embodiments, the obtaining the IPV4 industrial control message, based on the IPV4 industrial control message, converts the IPV4 industrial control message into an IPV6 industrial control message through the message conversion program, including:
determining the file type of an IPV4 industrial control message, wherein the file type at least comprises a directory file and a single file;
when the IPV4 industrial control message is a single file, calling a single IPV4 industrial control message conversion function through an entrance program of the message conversion program, and sequentially calling an IPV4 industrial control message to IPv6 industrial control message function, an IPV4 head to IPV6 head function, an IPV4 address to IPV6 address function and an IPV4 address to IPV6 address class method through the single IPV4 industrial control message conversion function, so as to convert the single IPV4 industrial control message into the single IPV6 industrial control message;
when the IPV4 industrial control message is a directory file, calling a plurality of IPV4 industrial control message conversion functions through an entry program of the message conversion program, and sequentially calling a single IPV4 industrial control message conversion function, an IPV4 industrial control message to IPv6 industrial control message function, an IPV4 header to IPV6 header function, an IPV4 address to IPV6 address function and an IPV4 address to IPV6 address class method through the plurality of IPV4 industrial control message conversion functions, so as to convert the plurality of IPV4 industrial control messages into corresponding IPV6 industrial control messages.
The invention also provides an automatic conversion device for industrial control data messages, which comprises the following components:
the message conversion program module is used for writing a python message conversion program based on a python operation environment, wherein the message conversion program at least comprises an IPV4 address-to-IPV 6 address class method, an IPV4 address-to-IPV 6 address function, an IPV4 header-to-IPV 6 header function, an IPV4 industrial control message-to-IPv 6 industrial control message function, a single IPV4 industrial control message conversion function and a plurality of IPV4 industrial control message conversion functions;
the conversion module is used for acquiring the IPV4 industrial control message, and converting the IPV4 industrial control message into the IPV6 industrial control message through the message conversion program based on the IPV4 industrial control message.
The third aspect, the present invention also provides an electronic device, including: a processor and a memory;
the memory has stored thereon a computer readable program executable by the processor;
the steps in the automatic conversion method of the industrial control data message are realized when the processor executes the computer readable program.
In a fourth aspect, the present invention also provides a computer readable storage medium storing one or more programs executable by one or more processors to implement the steps in the method for automatically converting industrial control data messages as described above.
Compared with the prior art, the automatic conversion method, the device, the equipment and the medium for the industrial control data message provided by the invention can automatically convert the IPV4 industrial control message captured from the actual production environment into the IPV6 industrial control message for the test link of the industrial control safety equipment, and can greatly improve the development/test period of the industrial control safety equipment (such as an industrial control firewall); the method has great help to the research, development and test work of the industrial control firewall; the automatic conversion can be performed for a certain IPV4 industrial control message, or batch automatic conversion can be performed for a plurality of IPV4 industrial control messages; the flexibility is big, and is fast, and simple to use, the practicality is strong.
Drawings
FIG. 1 is a flowchart of an embodiment of an automatic switching method for industrial control data messages according to the present invention;
FIG. 2 is a schematic diagram of a single IPV4pacb industrial control message to be converted and a conversion program of the automatic conversion method of industrial control data messages provided by the invention;
FIG. 3 is a schematic diagram of a message IPV4 address before conversion in the automatic conversion method of industrial control data messages provided by the invention;
FIG. 4 is a schematic diagram of converting a single IPV4 industrial control message according to the method for automatically converting industrial control data messages provided by the invention;
FIG. 5 is a schematic diagram of the IP address of the pacb message after the conversion of a single IPV4 industrial control message in the automatic conversion method of industrial control data messages provided by the invention;
FIG. 6 is a schematic diagram of batch conversion of IPV4pacb industrial control messages in a folder by an operation conversion program of the automatic conversion method of industrial control data messages provided by the invention;
FIG. 7 is a schematic diagram of an IPC firewall to which an IPv4pcap IPC message is sent before conversion according to the IPC data message automatic conversion method provided by the invention;
FIG. 8 is a schematic diagram of the IPV4pacb industrial control message correctly identified by the industrial control firewall before conversion in the automatic industrial control data message conversion method provided by the invention;
FIG. 9 is a schematic diagram of an IPC firewall to which an IPv6pcap IPC message is sent and converted by the automatic conversion method of IPC data messages;
FIG. 10 is a schematic diagram of an IPV4 industrial control message correctly identified by an industrial control firewall after being converted into an IPv6 address by the automatic conversion method of the industrial control data message;
FIG. 11 is a schematic diagram of an embodiment of an automatic switching device for industrial control data messages according to the present invention;
fig. 12 is a schematic view of an operating environment of an embodiment of an automatic industrial control data message conversion program provided by the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The invention provides an automatic conversion method, device, equipment and medium for industrial control data messages, which can be used in a computer. The method, apparatus, or computer readable storage medium according to the present invention may be integrated with the apparatus described above or may be relatively independent.
The invention provides an automatic conversion method of industrial control data messages, which can be executed by a computer, and particularly can be executed by one or more processors of the computer. Fig. 1 is a flowchart of an automatic conversion method of an industrial control data packet according to an embodiment of the present invention, please refer to fig. 1, the automatic conversion method of the industrial control data packet includes the following steps:
s100, writing a python message conversion program based on a python operation environment, wherein the message conversion program at least comprises an IPV4 address-to-IPV 6 address class method, an IPV4 address-to-IPV 6 address function, an IPV4 header-to-IPV 6 header function, an IPV4 industrial control message-to-IPv 6 industrial control message function, a single IPV4 industrial control message conversion function and a plurality of IPV4 industrial control message conversion functions;
s200, acquiring an IPV4 industrial control message, and converting the IPV4 industrial control message into an IPV6 industrial control message based on the IPV4 industrial control message through a message conversion program.
In this embodiment, firstly, a python operating environment is installed, and a python message conversion program is written based on the python operating environment, wherein the message conversion program at least comprises an IPV4 address-to-IPV 6 address class method, an IPV4 address-to-IPV 6 address function, an IPV4 header-to-IPV 6 header function, an IPV4 industrial control message-to-IPV 6 industrial control message function, a single IPV4 industrial control message conversion function, and a plurality of IPV4 industrial control message conversion functions; secondly, acquiring an IPV4 industrial control message, and converting the IPV4 industrial control message into an IPV6 industrial control message based on the IPV4 industrial control message through a message conversion program; the development and test period of industrial control safety equipment are improved.
In some embodiments, in step S100, after installing the python operating environment, a python message conversion program is written, where the python message conversion program at least includes an IPV4 address-to-IPV 6 address class method, an IPV4 address-to-IPV 6 address function, an IPV4 header-to-IPV 6 header function, an IPV4 industrial control message-to-IPV 6 industrial control message function, a single IPV4 industrial control message conversion function, a plurality of IPV4 industrial control message conversion functions, where the IPV4 address-to-IPV 6 address class method is a ConvertIpv4 method, the IPV4 address-to-IPV 6 address function is an IPV4to6 function, the IPV4 header-to-IPV 6 header function is a header4to6 function, the single IPV4 industrial control message conversion function is a convertjfile function, and the plurality of IPV4 industrial control message conversion functions are convertdirection_direct functions.
In some embodiments, the python message conversion procedure comprises the following specific steps:
step 1, importing a Python module and a library, wherein the Python module and the library at least comprise a re module, a random module, an os module, a scapy.all module, a scapy.layers.12 module and a scapy.layers.inet6 module, the re module is used for carrying out regular expression matching, the random module is used for generating random numbers, the os module is used for operating system related functions, the scapy.all module is used for importing all functions and objects, the Scapy is a Python library used for data packet operation, the scapy.layers.l2 module is used for importing Ether class, processing Ethernet layer data, and the scapy.layers.inet6 module is used for importing IPv6 class and processing IPv6 data packets;
step 2, creating an IPV4 address-to-IPV 6 address class method convertIpv4, and converting an IPV4 address of an IPV4 industrial control message into an IPV6 address through the convertIpv4, wherein the convertIpv4 at least comprises a first method, a second method and a third method, the first method is an iptox method, and the IPv4 address is converted into a hexadecimal format through the iptox method; the second method is a burst method, and the IPv6 address is formatted through the burst method; the third method is an addrefix method, and prefix is added to the IPv6 address through the addrefix method;
step 3, creating an IPV4 address-to-IPV 6 address function IPV4to6, obtaining an IPV4 address of the IPV4 industrial control message, converting the IPV4 address into the IPV6 address by calling a convertIpv4 type method through the IPV4to6 function, and returning the converted IPV6 address, wherein the IPV4 address at least comprises a target address and a source address; firstly, creating an instance object change of a ConvertIpv4 class, secondly, compiling a pattern by using a regular expression to match the format of an IPv4 address, finally, calling an iptohex method of the ConvertIpv4 class method, converting the IPv4 address into hexadecimal format, calling a parse method of the ConvertIpv4 class, formatting the IPv6 address, calling an addredirect method of the ConvertIpv4 class, and adding a specified prefix to the IPv6 address to obtain the IPV6 address;
step 4, creating IPV4 header-to-IPV 6 header function header4to6, obtaining IPV4 header information of the IPV4 industrial control message, calling an IPV4to6 function through the IPV4 header-to-IPV 6 header function header4to6 to convert an address of the IPV4 header into an IPV6 address, assigning a protocol field of the IPV4 header to a protocol field of the IPv6 header, and returning to the IPv6 header; firstly, creating an IPv6 object, which is used for storing a converted IPv6 message header, secondly, assigning a protocol field (proto) in the IPv4 message header to the protocol field (proto) of the IPv6 message header, keeping the protocol unchanged, finally, calling an IPv4to6 function, converting a source address (src) in the IPv4 message header into an IPv6 address, assigning a result to the source address field (src) of the IPv6 message header, calling the IPv4to6 function, converting a destination address (dst) in the IPv4 message header into an IPv6 address, and assigning a result to the destination address field (dst) of the IPv6 message header, so as to obtain the converted IPv6 message header, and taking the converted IPv6 message header as an output result of the function, wherein IPV4 header information at least comprises the protocol field, the source address and the destination address;
step 5, creating an IPV4 industrial control message to IPv6 industrial control message Wen Hanshu overt_ipv4_to_ipv6, obtaining the IPV4 industrial control message, and transferring a header4to6 function through transferring the IPV4 industrial control message to the IPv6 industrial control message Wen Hanshu overt_ipv4_to_ipv6 to convert the IPV4 industrial control message to the IPV6 industrial control message; firstly, creating an Ethernet data packet, setting the type as IPv6, keeping the source MAC address and the target MAC address consistent with the original IPv4 industrial control message data packet, calling a header4to6 function to convert IPv4 header information into IPv6 header information when an IP layer exists in the data packet, further judging a TCP layer and a UDP layer in the data packet, and creating a new data packet when the TCP layer or the UDP layer exists in the data packet, wherein the data packet comprises the Ethernet layer, the IPv6 layer and the TCP layer; when the TCP layer and the UDP layer do not exist, a new data packet is created, wherein the new data packet comprises an Ethernet layer, an IPv6 layer and an IP layer, and then, when the IP layer does not exist in the data packet, the original IPv4 industrial control message data packet is returned;
step 6, creating a single IPV4 industrial control message conversion function conversion_file, obtaining an IPV4 industrial control message to be converted, and calling the conversion_ipv4_to_ipv6 function through the single IPV4 industrial control message conversion function conversion_file to convert the IPV4 industrial control message to be converted into an IPV6 industrial control message; firstly, reading an IPv4 industrial control message data packet file by using rdpcap type, creating an empty list newpkts, storing the converted IPv6 industrial control message data packet, secondly, traversing the IPv4 industrial control message data packet, calling a overt_ipv4_to_ipv6 function to convert the IPv4 industrial control message data packet into an IPv6 data packet when the type field of the data packet is IPv4, adding the converted IPv6 data packet into the newpkts list, and finally, writing the converted IPv6 data packet into the IPv6 industrial control message data packet file;
step 7, creating a plurality of IPV4 industrial control message conversion functions conversion_directors, obtaining IPV4 industrial control message catalogs to be converted, and calling the conversion_file function through the conversion_directors to convert the IPV4 industrial control message files under the catalogs into corresponding IPV6 industrial control message files; firstly, traversing files in a designated directory and sub-directories thereof by using os.walk, returning to a path of a current directory, a list of sub-directories and a list of files, secondly, traversing each file in the list of files, acquiring an old path of the file, constructing a new directory path according to the directory of an IPv6 data packet file and the sub-directory where the current file is located, assigning the new directory path to a new dir variable, removing an extension of the current file name, adding an_ipv6.pcap' as the new file name, assigning the new name variable, splicing the new directory path and the file name into a complete new file path, assigning the new path variable, and finally, calling a changeover_file function, converting the current IPv4 data packet file into an IPv6 data packet file, and storing the IPv6 data packet file in the new path;
step 8, creating a program entry, obtaining the file type of the IPV4 industrial control message, calling a single IPV4 industrial control message conversion function or a plurality of IPV4 industrial control message conversion functions according to the file type of the IPV4 industrial control message, firstly defining an input_name variable, assigning the variable as a designated file or directory path, secondly checking whether the input_name is a directory, judging whether the designated path is a directory by using an os.path.isdir function, calling a controller_directory function when the input_name is a directory, converting all IPV4 industrial control messages in the directory and sub-directories into IPv6 industrial control messages, and storing the IPv6 industrial control messages in a folder directory; when the input_name is not a directory (i.e. is a file path), calling a overt_file function, converting a single IPV4 industrial control message into a single IPV6 industrial control message, storing the single IPV6 industrial control message in the same path, and modifying the file name suffix into "_ipv6.pcap", wherein the os.path.split function is used for separating the file name and the extension name.
In some embodiments, in step S200, firstly, a single IPv4pcap file is converted to obtain an IPv4pcap message to be converted, a python message conversion program is prepared, please refer to fig. 2, a message IPv4 address before conversion is performed, please refer to fig. 3, a python message conversion program is run, after the single IPv4pcap file is identified as a file path through a program entry, a conversion_file function is called, and after a conversion_ipv4_to_ipv6 function, a header4to6 function, an IPv4to6 function and a ConvertIpv4 type method are sequentially called through the conversion_file function, a converted IPv6 industrial control message is obtained, which is converted to a single IPv4 industrial control message, please refer to fig. 4, and a pacb message IP address after conversion of the single IPv4 industrial control message is performed, please refer to fig. 5;
when the input_name is 'D \pcap_cover\ccc.pcap', firstly, judging whether the input_name is a folder through a program entry, and when the input_name is not the folder, entering an else branch, and secondly, calling a cover_file function, wherein an incoming parameter old_path is 'D \pcap_cover\ccc.pcap', new_dir is 'D \pcap_cover', new_name is 'ccc_ipv6.pcap', and new_path is 'D \pcap_cover\ccc_ipv6.pcap'. The overt_file function converts ccc.pcap into an IPv6 format and stores the IPv6 format into a D \pcap_overt\ccc_ipv6.pcap file, namely, the overt_file function is executed completely, and the program is ended.
Next, a message conversion program is run to perform batch conversion on a plurality of IPv4 industrial control messages under the directory, please refer to fig. 6, after identifying a plurality of IPv4pcap files in the directory through a program entry, a conversion_direction function is called, and after sequentially calling a conversion_file function, a conversion_ipv4_to_ipv6 function, a header4to6 function, an IPv4to6 function and a ConvertIpv4 type method through the conversion_direction function, a plurality of converted IPv6 industrial control messages are obtained.
When the input_name is ' D \pcap_cover\mmm ', and the mmam folder contains the aaa.pcap and bbb.pcap 2 pieces of IPv4pcap message files, the input_name is defined as ' D \pcap_cover\mmm ', namely, the input is a file directory, firstly, the input_name is judged to be a folder through a program entry, so that an if branch is entered, and secondly, parameters input_name and os.abspline (input_name) are transmitted into a converter_direction, wherein the input_name represents a pcap folder path in an IPv4 format, and the os.path.abspline (input_name) represents a pc folder path in an IPv6 format, and the two parameters are the same and are ' D_ap_map\; the cover_directory function uses os.walk to traverse the pcap folder "D" in IPv4 format: traversing to all subfolders and files in the 'pcap_cont\mmm', and then sequentially traversing to subfolders and files in the 'D \pcap_cont\mmm' (namely 'D \pcap_cont mmm'), when traversing to the aaa.pcap file, calling a cont_file function, wherein an incoming parameter old_path is 'D \pcap_cont\mmm\aaa.pcap', and wherein new_dir is 'D \pcap_cont\mmm\D \ \pcap_mmm' (namely 'D: \pcap_cont\mmm'), and 'new_name is' aaa_ipv6.pc\aap ', and wherein new_path is' D \pcap_con_mvapm\6 aa_pcs \aa_tsp\6\aa_tsp\aa_tsp\D \100\aa_tsp\6\aa\npm\d\d\d\aa_tsp\d\d\d; converting the aaa.pcap into an IPv6 format by the overt_file function and storing the IPv6 format into a D \pcap_overt\mmm\aaa_ipv6.pcap file; when traversing to the bbb.pcap file, calling a overt_file function, converting the bbb.pcap into an IPv6 format and storing the IPv6 format into the D \pcap_overt\mmm\bbb_ipv6.pcap file, and at the moment, finishing the execution of the overt_direction function, and ending the program.
In some embodiments, verifying the actual effect of the conversion, firstly, sending an IPv4pcap industrial control message before the conversion to an industrial control firewall, checking the identification condition of the industrial control firewall, and sending the IPv4pcap industrial control message before the conversion to the industrial control firewall, please refer to fig. 7, and correctly identifying the IPv4pacb industrial control message before the conversion by the industrial control firewall, please refer to fig. 8; next, the converted IPv6pcap industrial control message is sent to the industrial control firewall, the identification condition of the industrial control firewall is checked, the converted IPv6pcap industrial control message is sent to the industrial control firewall, please refer to fig. 9, and the IPv4 industrial control message converted into the IPv6 address is correctly identified by the industrial control firewall, please refer to fig. 10.
Based on the above-mentioned automatic conversion method of the industrial control data packet, the embodiment of the present invention further provides an automatic conversion device of the industrial control data packet, referring to fig. 11, the automatic conversion device 300 of the industrial control data packet includes a packet conversion program module 310 and a conversion module 320;
a message conversion program module 310, configured to write a python message conversion program based on a python operating environment, where the message conversion program at least includes an IPV4 address to IPV6 address class method, an IPV4 address to IPV6 address function, an IPV4 header to IPV6 header function, an IPV4 industrial control message to IPV6 industrial control message function, a single IPV4 industrial control message conversion function, and a plurality of IPV4 industrial control message conversion functions;
the conversion module 320 is configured to obtain an IPV4 industrial control message, and convert the IPV4 industrial control message into an IPV6 industrial control message based on the IPV4 industrial control message through a message conversion program.
As shown in fig. 12, the present invention further provides an electronic device based on the automatic industrial control data message conversion method, where the electronic device may be a computing device such as a mobile terminal, a desktop computer, a notebook computer, a palm computer, and a server. The electronic device includes a processor 10, a memory 20, and a display 30. Fig. 12 shows only some of the components of the electronic device, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead.
The memory 20 may in some embodiments be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. The memory 20 may also be an external storage device of the electronic device in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like. Further, the memory 20 may also include both internal storage units and external storage devices of the electronic device. The memory 20 is used for storing application software installed in the electronic device and various data, such as program codes for installing the electronic device. The memory 20 may also be used to temporarily store data that has been output or is to be output. In one embodiment, the memory 20 stores an automatic industrial control data message conversion program 40, and the automatic industrial control data message conversion program 40 can be executed by the processor 10, so as to implement the automatic industrial control data message conversion method according to the embodiments of the present invention.
The processor 10 may in some embodiments be a central processing unit (Central Processing Unit, CPU), microprocessor or other data processing chip for executing program code or processing data stored in the memory 20, such as an industrial control data message automatic conversion method, etc.
The display 30 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like in some embodiments. The display 30 is used for displaying the identification information of the automatic conversion program of the industrial control data message and displaying a visual user interface. The components 10-30 of the electronic device communicate with each other via a system bus.
In some embodiments, the steps in the automatic industrial control data message conversion method described in the above embodiments are implemented when the processor 10 executes the automatic industrial control data message conversion program 40 in the memory 20, and since the automatic industrial control data message conversion method is described in detail above, the description is omitted here.
In summary, the method, the device, the equipment and the medium for automatically converting the industrial control data message provided by the invention are characterized in that firstly, a python operation environment is installed, and a python message conversion program is written based on the python operation environment, wherein the message conversion program at least comprises an IPV4 address-to-IPV 6 address type method convertIpv4, an IPV4 address-to-IPV 6 address function IPV4to6, an IPV4 header-to-IPV 6 header function header4to6, an IPV4 industrial control message-to-IPv 6 industrial control message Wen Hanshu controller_ipv4_to_ipv6, a single IPV4 industrial control message conversion function controller_file and a plurality of IPV4 industrial control message conversion functions controller_directors; and secondly, acquiring an IPV4 industrial control message, and converting the IPV4 industrial control message into an IPV6 industrial control message based on the IPV4 industrial control message through a message conversion program, thereby improving the development and test period of industrial control safety equipment.
Of course, those skilled in the art will appreciate that implementing all or part of the above-described methods may be implemented by a computer program for instructing relevant hardware (e.g., a processor, a controller, etc.), where the program may be stored in a computer-readable storage medium, and where the program may include the steps of the above-described method embodiments when executed. The storage medium may be a memory, a magnetic disk, an optical disk, or the like.
The above-described embodiments of the present invention do not limit the scope of the present invention. Any other corresponding changes and modifications made in accordance with the technical idea of the present invention shall be included in the scope of the claims of the present invention.
Claims (10)
1. An automatic conversion method for industrial control data messages is characterized by comprising the following steps:
based on a python operation environment, writing a python message conversion program, wherein the message conversion program at least comprises an IPV4 address-to-IPV 6 address class method, an IPV4 address-to-IPV 6 address function, an IPV4 header-to-IPV 6 header function, an IPV4 industrial control message-to-IPv 6 industrial control message function, a single IPV4 industrial control message conversion function and a plurality of IPV4 industrial control message conversion functions;
and acquiring an IPV4 industrial control message, and converting the IPV4 industrial control message into an IPV6 industrial control message through the message conversion program based on the IPV4 industrial control message.
2. The method for automatically converting an industrial control data message according to claim 1, wherein writing a python message conversion program based on the python operation environment comprises:
step 1, importing a python module and a library;
step 2, creating a method for converting an IPV4 address into an IPV6 address, and converting the IPV4 address of the IPV4 industrial control message into the IPV6 address by the method, wherein the method at least comprises a first method, a second method and a third method;
step 3, creating an IPV4 address-to-IPV 6 address function, obtaining an IPV4 address of an IPV4 industrial control message, transferring the IPV4 address into the IPV6 address through the IPV4 address-to-IPV 6 address function, and returning the converted IPV6 address, wherein the IPV4 address at least comprises a target address and a source address;
step 4, creating an IPV4 header-to-IPV 6 header function, obtaining IPV4 header information of an IPV4 industrial control message, calling the IPV4 address-to-IPV 6 address function through the IPV4 header-to-IPV 6 header function to convert the address of the IPV4 header into an IPV6 address, assigning a protocol field of the IPV4 header to a protocol field of the IPv6 header, and returning to the IPv6 header;
step 5, creating an IPV4 industrial control message to IPv6 industrial control message Wen Hanshu, obtaining an IPV4 industrial control message, and calling an IPV4 header to IPV6 header function through the IPV4 industrial control message to IPv6 industrial control message Wen Hanshu to convert the IPV4 industrial control message into an IPV6 industrial control message;
step 6, creating a single IPV4 industrial control message conversion function, obtaining an IPV4 industrial control message to be converted, and converting the IPV4 industrial control message to be converted into an IPV6 industrial control message by calling the IPV4 industrial control message to IPv6 industrial control message function through the single IPV4 industrial control message conversion function;
step 7, creating a plurality of IPV4 industrial control message conversion functions, obtaining an IPV4 industrial control message catalog to be converted, and calling a single IPV4 industrial control message conversion function through the IPV4 industrial control message conversion functions to convert a plurality of IPV4 industrial control message files under the catalog into corresponding IPV6 industrial control message files;
and 8, creating a program entry, obtaining the file type of the IPV4 industrial control message, and calling a single IPV4 industrial control message conversion function or a plurality of IPV4 industrial control message conversion functions according to the file type of the IPV4 industrial control message.
3. The method for automatically converting industrial control data messages according to claim 2, wherein the python module and the library at least comprise a re module, a random module, an os module, a scapy.
4. The automatic industrial control data message conversion method according to claim 2, wherein the converting the IPV4 address of the IPV4 industrial control message into the IPV6 address by the IPV4 address-to-IPV 6 address-class method includes:
converting the IPV4 address into a hexadecimal character string through the first method;
formatting the hexadecimal character string by the second method based on the hexadecimal character string;
and adding a prefix to the formatted IPV6 address through the third method to obtain the IPV6 address.
5. The method for automatically converting an industrial control data message according to claim 2, wherein the step of obtaining IPV4 header information of an IPV4 industrial control message, calling the IPV4 address to IPV6 address function through the IPV4 header to IPV6 header function to convert an address of the IPV4 header into an IPV6 address, assigning a protocol field of the IPV4 header to a protocol field of the IPV6 header, and returning to the IPV6 header includes:
acquiring IPV4 head information of an IPV4 industrial control message, wherein the IPV4 head information at least comprises a protocol field, a source address and a target address;
creating an IPV6 head object;
setting the protocol of the IPV4 head as the protocol of the IPV6 head;
and calling an IPV4 address to IPV6 address function through the IPV4 head to IPV6 head function to convert the source address and the target address of the IPV4 head so as to obtain the IPV6 head.
6. The method for automatically converting an IPV4 industrial control message according to claim 2, wherein the step of obtaining the IPV4 industrial control message, and transferring the IPV4 industrial control message into an IPV6 industrial control message by transferring the IPV4 industrial control message to an IPV6 industrial control message Wen Hanshu to transfer an IPV4 header to an IPV6 header function, comprises:
creating an Ethernet data packet, and setting the type as IPv6, wherein the source address and the target address are consistent with the source address and the target address of the IPV4 industrial control message;
when the IPv4 of the IPV4 industrial control message has an IP layer, calling an IPV4 header to IPV6 header function to convert the IPv4 header information into IPv6 header information;
and returning to the original data packet when the IP layer does not exist in the data packet.
7. The method for automatically converting an industrial control data message according to claim 2, wherein the step of obtaining an IPV4 industrial control message, based on the IPV4 industrial control message, converting the IPV4 industrial control message into an IPV6 industrial control message by the message conversion program includes:
determining the file type of an IPV4 industrial control message, wherein the file type at least comprises a directory file and a single file;
when the IPV4 industrial control message is a single file, calling a single IPV4 industrial control message conversion function through an entrance program of the message conversion program, and sequentially calling an IPV4 industrial control message to IPv6 industrial control message function, an IPV4 head to IPV6 head function, an IPV4 address to IPV6 address function and an IPV4 address to IPV6 address class method through the single IPV4 industrial control message conversion function, so as to convert the single IPV4 industrial control message into the single IPV6 industrial control message;
when the IPV4 industrial control message is a directory file, calling a plurality of IPV4 industrial control message conversion functions through an entry program of the message conversion program, and sequentially calling a single IPV4 industrial control message conversion function, an IPV4 industrial control message to IPv6 industrial control message function, an IPV4 header to IPV6 header function, an IPV4 address to IPV6 address function and an IPV4 address to IPV6 address class method through the plurality of IPV4 industrial control message conversion functions, so as to convert the plurality of IPV4 industrial control messages into corresponding IPV6 industrial control messages.
8. An automatic industrial control data message conversion device is characterized by comprising:
the message conversion program module is used for writing a python message conversion program based on a python operation environment, wherein the message conversion program at least comprises an IPV4 address-to-IPV 6 address class method, an IPV4 address-to-IPV 6 address function, an IPV4 header-to-IPV 6 header function, an IPV4 industrial control message-to-IPv 6 industrial control message function, a single IPV4 industrial control message conversion function and a plurality of IPV4 industrial control message conversion functions;
the conversion module is used for acquiring the IPV4 industrial control message, and converting the IPV4 industrial control message into the IPV6 industrial control message through the message conversion program based on the IPV4 industrial control message.
9. An electronic device, comprising: a processor and a memory;
the memory has stored thereon a computer readable program executable by the processor;
the steps in the automatic conversion method of industrial control data messages according to any one of claims 1-7 are realized when the processor executes the computer readable program.
10. A computer readable storage medium storing one or more programs executable by one or more processors to implement the steps in the industrial control data message automatic conversion method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311725898.4A CN117714411A (en) | 2023-12-14 | 2023-12-14 | Automatic conversion method, device, equipment and medium for industrial control data message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311725898.4A CN117714411A (en) | 2023-12-14 | 2023-12-14 | Automatic conversion method, device, equipment and medium for industrial control data message |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117714411A true CN117714411A (en) | 2024-03-15 |
Family
ID=90147474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311725898.4A Pending CN117714411A (en) | 2023-12-14 | 2023-12-14 | Automatic conversion method, device, equipment and medium for industrial control data message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117714411A (en) |
-
2023
- 2023-12-14 CN CN202311725898.4A patent/CN117714411A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180262388A1 (en) | Remote device deployment | |
| US8009672B2 (en) | Apparatus and method of splitting a data stream over multiple transport control protocol/internet protocol (TCP/IP) connections | |
| JP4503225B2 (en) | Virtual network with adaptive dispatcher | |
| US20190075049A1 (en) | Determining Direction of Network Sessions | |
| US6914910B1 (en) | Method and system for optimizing layered communication protocols | |
| CN112738791B (en) | User information correlation backfill method, device, equipment and medium based on 5G core network | |
| EP2985968A1 (en) | Method and apparatus for processing messages | |
| US20190327208A1 (en) | Network traffic mangling application | |
| Sommer et al. | Spicy: a unified deep packet inspection framework for safely dissecting all your data | |
| CN113709810A (en) | Method, device and medium for configuring network service quality | |
| CN112764823A (en) | Starting method of NVR (network video recorder) system, host operating system and data communication method | |
| EP3097662B1 (en) | Methods, systems and computer readable media for testing network devices using simulated application traffic | |
| CN117714411A (en) | Automatic conversion method, device, equipment and medium for industrial control data message | |
| CN115314257B (en) | File system authentication method and device, electronic equipment and computer storage medium | |
| CN105610639A (en) | Total log grabbing method and device | |
| US20160337232A1 (en) | Flow-indexing for datapath packet processing | |
| US10367691B2 (en) | Multi platform static semantic consistency checking of network configurations | |
| JP7395615B2 (en) | Data leak prevention | |
| US20130028262A1 (en) | Method and arrangement for message analysis | |
| Cisco | Release Note for NetFlow FlowCollector Release 2.0 | |
| CN104053132A (en) | Method and apparatus for information number identification | |
| Bui et al. | A generic interface for Open vSwitch | |
| CN114328190B (en) | Method, system and server for automatically splitting IPS (in-plane switching) event | |
| CN112565106B (en) | Traffic service identification method, device, equipment and computer storage medium | |
| CN115037572B (en) | Application request identification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |