CN101582815B - Protocol security testing method and device - Google Patents
Protocol security testing method and device Download PDFInfo
- Publication number
- CN101582815B CN101582815B CN2009100868615A CN200910086861A CN101582815B CN 101582815 B CN101582815 B CN 101582815B CN 2009100868615 A CN2009100868615 A CN 2009100868615A CN 200910086861 A CN200910086861 A CN 200910086861A CN 101582815 B CN101582815 B CN 101582815B
- Authority
- CN
- China
- Prior art keywords
- test packet
- value
- protocol fields
- module
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a protocol security testing method and a device. The invention is characterized in that protocol fields are used for classifying test messages, the test messages are sent according to the classification, and the test messages can be reconstructed according to the classification of the test messages to position the specific test messages causing equipment failure when the equipment failure is detected in the process of sending. The sent test messages are not required to be stored, thus greatly saving storage space; meanwhile, the test messages causing such serious failures of equipments as system halted, system hang and system reboot are rapidly positioned by periodically detecting the equipment state, thus improving testing efficiency.
Description
Technical field
The present invention relates to a kind of protocol security testing method and device, belong to data communication technology field.
Background technology
Internet protocol the 6th edition (Internet Protocol Version 6 is called for short IPv6) is in request for comment definition in (Request For Comments is called for short RFC) 2460.IPv6 is one of major criterion of Next Generation Internet devices interconnect.The network equipment (comprising switch, equipment such as router) of at present a lot of manufacturers produce is all realized the support to the IPv6 agreement.The test of IPv6 agreement is important content in the network equipment detection.
The test of IPv6 agreement at present mainly concentrates on the following aspects:
Testing protocol consistency: testing protocol consistency mainly is the description according to agreement, concrete tested realization (Implementation Under Test to agreement, be called for short IUT) test, whether the specific implementation of differentiating an agreement is consistent with pairing consensus standard.Usually utilize one group of test cases sequence, under certain network environment, Black-box Testing is carried out in tested realization,, judge whether IUT is consistent with protocol description by the relatively actual output and the similarities and differences of expecting output of IUT.Black-box Testing is called the test of functional test, data-driven again or based on the test of specification, do not investigate the specific implementation details of measurand, be actually on the position that stands in the end user, whether check input/output information and system performance index the regulation of relevant functional requirement and performance requirement in the specification up to specification.
Performance test: performance test generally comes every performance index of system are tested by multiple normal, peak value of various testing tools simulation and abnormal load condition.Load testing and pressure test all belong to performance test, and both can be in conjunction with carrying out.By load testing, determine the performance of system under various operating loads, target is to test when load increases gradually the situation of change of the every performance index of system.Pressure test is by the bottleneck of determining a system or the performance point that can not receive, other test of maximum service level that comes the acquisition system to provide.Load testing and strength test all belong to the subclass of performance test.
Functional test: mainly be according to the product requirement specification book, check tested system whether to satisfy the instructions for use of various aspects function.The functional test of networking products mainly is whether the function of verifying the product of describing in the configuration guide all is met and realizes.
Protocol security testing: be also referred to as the protocol anomaly test.Mainly be to send the various IPv6 messages that meet and do not meet IPv6 agreement regulation that the network equipment must be handled towards the network equipment.We claim that the message of protocol compliant regulation is legal message, and the message that does not meet the agreement regulation is invalid packet or exception message.Whether the checking network equipment exists defective in handling above-mentioned message software.
Protocol security testing is a very important content measurement.If to the processing defectiveness of invalid packet, can causing the normal operation of the network equipment, the realization of network appliance IP v6 agreement has a strong impact on, such as system in case of system halt, and system crash, catastrophe failure such as is restarted in system.Send a kind of conventional means that illegal IPv6 protocol massages is network user's attacking network Device IP v6 agreement realization of malice to the network equipment.Simultaneously, the network equipment is in the complicated network application environment, needs to handle all kinds of IPv6 messages, and the diverse network fault also can the exception throw message.More serious such as the physical circuit interference ratio, cause some bit-errors of message of receiving, other network device hardware faults and send illegal IPv6 protocol massages, or the like.
Fig. 1 has provided IPv6 agreement package head format, and its each Field Definition is as follows:
Version (version number): 4 bits (bit), the IP protocol version, the value of IPv6 correspondence is 6.
Traffice Class (traffic category): 8bit, indication IPv6 data flow communication classification or priority, function class is similar to Internet protocol the 4th edition COS of (Internet Protocol Version 4 is called for short IPv4) (Type of Service is called for short TOS) field.
Flow Label (flow label): 20bit, IPv6 new field, mark need the data flow of IPv6 router special processing.This field is used for the communication that some service quality to connection has specific (special) requirements, such as real-time Data Transmission such as audio or videos.In IPv6, multiple different data flow can be arranged between the same information source and the stay of two nights, distinguish with non-" 0 " flow label each other.Do not do special processing if require router, then this field value is changed to " 0 ".
Payload Length (load length): 16bit load length.Load length comprises extension header and upper-layer protocol data cell (Protocol Data Unit is called for short PDU), and 16bit can represent 65535 byte load length at most.Surpass the load of this byte number, this field value is changed to " 0 ", uses extension header flood tide load (Jumbo Payload) option in the section of jumping (Hop-by-Hop) option one by one.
Next Header (next packet header): 8bit, identification is immediately following the packet header type behind the IPv6 head, as extension header or certain transport layer protocol head.
Hop Limit (jump hop count restriction): 8bit is similar to lifetime (Time to Live the is called for short TTL) field of IPv4.Different with the lifetime that IPv4 limits bag with the time, IPv6 limits lifetime of bag with wrapping in hop count between the router.Wrap whenever through once transmitting, this field subtracts 1, reduces at 0 o'clock and just this bag is abandoned.
Source IPv6 Address (IPv6 address, source): 128bit, transmit leg host address.
Destination IPv6 Address (purpose IPv6 address): 128bit, purpose side's host address.
There is following problem in present safety test:
(1) the invalid packet number of exhaustive all IPv6 agreement header field is too huge.According to the regulation among the RFC2460, there are 8 fields in IPv6 agreement packet header.The bit that each fields account is used (bit) number as shown in Figure 1.Remove IPv6 address, source (Source IPv6 Address) and purpose IPv6 address (Destination IPV6 Address) fixes, (for a specific test, purpose IPv6 address generally is the IPv6 address on the network equipment.Be convenient test, IPv6 address, source generally also is arranged to fix.) remaining other 6 fields are all variable, exhaustive all messages just have following number of combinations: 2
4* 2
8* 2
20* 2
16* 2
8* 2
8=18446744073709551616.If network equipment per second can be handled 1000 messages, doing such safety test so needs 584942417.4 years.In the face of so huge test packet and very long testing time, the tester generally rule of thumb extracts the part invalid packet and carries out safety test.Doing the invalid packet of omitting some type through regular meeting like this causes testing insufficient.Such as, the network equipment to the jumping hop count in IPv6 message restriction (HopLimit) field value be 0 or 1 message handle and value processing of message between 2-255 different, the tester identifies this difference, by tester structure message, only revise the value of message HopLimit field, get 0,1,255, other fields are that tester default setting (the tester default setting is generally the legal value of normal field) is tested.Like this, only test the value of HopLimit, omitted the test of other types invalid packets.
(2) tester carries out safety test to a large amount of illegal IP v6 message of network equipment transmission.And an often class (or the) invalid packet just of catastrophe failure such as cause that network equipment system deadlock, system crash, system restart.In order from a large amount of test packets, to find the message of this class (or this) initiating failure, the method of tester's employing at present generally is all to catch and preserve beginning to test the message that breaks down, adopt dichotomy, these messages are resend to the tested network equipment, reduce the scope gradually and locate the message of initiating failure.This method test environment is provided with more complicated, and location efficiency is lower.
Summary of the invention
The purpose of this invention is to provide a kind of protocol security testing method and device, be used to improve the testing efficiency and the resource utilization of protocol security testing.
For achieving the above object, the invention provides a kind of protocol security testing method, described method comprises:
The corresponding relation of protocol fields that the described test packet of storage construct is required and protocol fields value species number and the concrete value of protocol fields;
Every kind of value with one or more protocol fields is a classification, comes the test packet of structural classification, and is that keyword identifies the test packet classification with protocol fields and the concrete value of protocol fields;
Test packet is sent respectively by institute is sub-category;
In process of transmitting, regularly detect the test packet that sends and whether cause equipment fault, when equipment fault takes place, re-construct test packet according to classification under the test packet and locate the concrete test packet that causes equipment fault.
To achieve these goals, the present invention also provides a kind of protocol security testing device, and described device comprises memory module, message constructing module, message sending module, fault detection module and fault location module;
Described memory module is connected with described fault location module with described message constructing module, is used for the corresponding relation of the required protocol fields of the described test packet of storage construct and protocol fields value species number and the concrete value of protocol fields.
Described message constructing module, the every kind of value that is used for one or more protocol fields is a classification, comes the test packet of structural classification, and is that keyword identifies the test packet classification with protocol fields and the concrete value of protocol fields;
Described message constructing module is used to construct the test packet of classifying according to protocol fields;
Described message sending module is connected with the message constructing module, is used for test packet is sent respectively by institute is sub-category;
Described fault detection module is connected with the message sending module, is used for regularly detecting the test packet that sends at process of transmitting and whether causes equipment fault;
Described fault location module is connected with fault detection module, is used for when equipment fault takes place, and re-constructs test packet according to classification under the test packet and locatees the concrete test packet that causes equipment fault.
Use agreement field of the present invention is classified to test packet, and with test packet classification transmission, when in process of transmitting, detecting equipment fault, can re-construct test packet according to classification under the test packet and locate the concrete test packet that causes equipment fault, do not need to store the test packet of transmission, saved memory space greatly, simultaneously by regular checkout equipment state, the location causes equipment system in case of system halt to occur fast, system hangs up, the test packet of catastrophe failure such as is restarted in system, has improved testing efficiency.
Description of drawings
Fig. 1 is an IPv6 agreement package head format schematic diagram
Fig. 2 is a kind of protocol security testing method embodiment one schematic diagram of the present invention
Fig. 3 is a kind of protocol security testing method embodiment two schematic diagrames of the present invention
Fig. 4 is a kind of protocol security testing method embodiment three schematic diagrames of the present invention
Fig. 5 is a kind of more excellent equipment fault detection and the message localization method schematic diagram of method embodiment three
Fig. 6 is a kind of protocol security testing method embodiment four schematic diagrames of the present invention
Fig. 7 is a kind of protocol security testing device of the present invention embodiment one schematic diagram
Fig. 8 is a kind of protocol security testing device of the present invention embodiment two schematic diagrames
Fig. 9 is a kind of protocol security testing device of the present invention embodiment three schematic diagrames
Embodiment
The embodiment of the invention provides a kind of protocol security testing method and device, is used to improve the testing efficiency and the resource utilization of protocol security testing, below in conjunction with accompanying drawing the present invention is carried out specific description.
Fig. 2 has provided a kind of protocol security testing method embodiment one schematic diagram of the present invention, and described method comprises:
Step S1, the test packet that structure is classified according to protocol fields;
Step S1 is specifically as follows: every kind of value with one or more protocol fields is a classification, comes the test packet of structural classification, and is that keyword identifies the test packet classification with protocol fields and the concrete value of protocol fields.
For example each protocol fields all has corresponding protocols field value species number, the value species number of each protocol fields can be by the value strategy decision that sets in advance, select a protocol fields, for example can pick out the protocol fields of value most species, all values according to this protocol fields, from first value, all values with other all protocol fields make up successively, the structure message.With the protocol fields of selection and the concrete value of protocol fields is that keyword identifies classification, and the keyword storage format can be (protocol fields, the concrete value of protocol fields).The value species number of this protocol fields is the number of categories of test packet, according to the test packet classification of this protocol fields with possessive construction.
Also can select a plurality of protocol fields to make up classifies to test packet, for example select two protocol fields, according to all values of described two protocol fields combination, from first value, all values with other all protocol fields make up successively, the structure message.With two protocol fields of selection and the concrete value of two protocol fields is that keyword identifies classification, and the keyword storage format can be (first protocol fields, the concrete value of first protocol fields, second protocol fields, the concrete value of second protocol fields).The value species number of described two protocol fields combination is the number of categories of test packet.
Do not occur simultaneously between the message classification that marks off like this, and the message all categories can form all test packets jointly, be a complete division.
Step S2 sends test packet respectively by institute is sub-category; Each message that sends belongs to identical category, and similar test packet can once send, and also can repeatedly send.
Step S3 regularly detects the test packet that sends and whether causes equipment fault in process of transmitting, when equipment fault takes place, re-construct test packet according to classification under the test packet and locate the concrete test packet that causes equipment fault.
For example similar test packet can be divided into multiple batches of transmission, whenever distribute a collection of test packet and detect then whether equipment fault takes place, if then being described, the test packet of this batch caused equipment fault, according to classification under the test packet, and send message batch and every batch of quantity that sends message test packet that can re-construct this batch locate the concrete test packet that causes equipment fault, the method of message location can be used prior art, for example the dichotomy of mentioning in the background technology.
Also similar test packet once can be sent, whether one class testing message sends afterwards checkout equipment again and breaks down, when breaking down, re-construct out all such test packets, thereby the concrete test packet of equipment fault is caused in the location according to classification under the message.
Use agreement field of the present invention is classified to test packet, and with test packet classification transmission, when in process of transmitting, detecting equipment fault, can re-construct test packet according to classification under the test packet and locate the concrete test packet that causes equipment fault, do not need to store the test packet of transmission, saved memory space greatly, simultaneously by regular checkout equipment state, the location causes equipment system in case of system halt to occur fast, system hangs up, the test packet of catastrophe failure such as is restarted in system, has improved testing efficiency.
Fig. 3 has provided a kind of protocol security testing method embodiment two schematic diagrames of the present invention, and present embodiment also comprises except the step that comprises method embodiment one:
Step S4, the corresponding relation of protocol fields that the described test packet of storage construct is required and protocol fields value species number and the concrete value of protocol fields.
For example construct big stores for the bivariate table T of n * m for a short time.Wherein n is the line number of bivariate table, and the value of n is the protocol fields sum, and for example the IPv6 agreement has 6 variable protocol fields, and then n is 6.M is the columns of bivariate table, is worth the value species number for each protocol fields.As shown in table 1.The value T of bivariate table T storage
I, and j (i<=n, j<=m)The j kind value of representing the i protocol fields.T for example
1,1=6, first kind of value of expression Version field is 6.T
6,3=1, the third value of expression Hop Limit field is 1.
The form of table 1 bivariate table T
| The n value | The m value |
| 1 (first protocol fields) | A (the value kind number of first protocol fields) |
| 2 (second protocol fields) | B (the value kind number of second protocol fields) |
| ... | ... |
| N (n protocol fields) | X (the value kind number of n protocol fields) |
By the required protocol fields of the described test packet of storage construct and the corresponding relation of protocol fields value species number and the concrete value of protocol fields, protocol fields easy to use is classified to test packet, and the convenient test packet that re-constructs when detecting equipment fault.Because the content of storage only is the value of message protocol field,, has saved memory space greatly, and used more flexible with respect to the actual message that sends of storage.
Fig. 4 has provided a kind of protocol security testing method embodiment three schematic diagrames of the present invention, and present embodiment also specifically is divided into step S3 except the step that comprises method embodiment two:
Step S31 once sends N test packet of identical category, and detect whether equipment fault takes place, if, execution in step S32 then, otherwise execution in step S33;
For example can once send 500 test packets of identical category, 500 test packets here are the empirical values that the inventor obtains according to test result repeatedly under the fc-specific test FC environment, and concrete N value can be adjusted according to actual conditions.The principle of adjusting can be considered 2 points: the one, and equipment under test is handled the speed of test packet, if it is lower that equipment under test is handled test packet speed, for example equipment under test processing test packet speed is 500 grouping per second (packet per second, be called for short pps), packet loss can take place in the test packet that then sends 1000pps, causes test distortion.Another is the speed of orientation problem message.Adopting dichotomy progressively under the situation of orientation problem message, if once the message number of Fa Songing is too much, the speed of orientation problem message will be slow excessively when equipment fault occurring, if but the message number that once sends is very few, the checkout equipment fault that then can not stop also can reduce the speed of orientation problem message.
Detect and whether equipment fault takes place pass through the Internet packets detector (Packet InternetGrope, abbreviation Ping) and realize.For example we when sending certain class testing message, 500 of every transmissions, with regard to the Ping equipment under test once, whether according to Ping is logical judges, if Ping is obstructed, then equipment fault takes place in explanation, by this method can the detection system deadlock, system crash, system serious problems such as restart.
Step S32 re-constructs test packet according to classification under the test packet and locatees the concrete test packet that causes equipment fault;
Step S33 judges whether test packet sends to finish, if then finish, otherwise execution in step S31.
Present embodiment can also carry out above-mentioned expansion except carrying out the above-mentioned expansion on the basis of method embodiment one on the basis of method embodiment two.
By regular checkout equipment state, fast the location causes equipment system in case of system halt to occur, and system hangs up, and the test packet of catastrophe failure such as is restarted in system, has improved testing efficiency.
Fig. 5 has provided a kind of more excellent equipment fault detection and the message localization method of method embodiment three, may further comprise the steps:
Step 101, send classified IPv6 message to equipment under test, each 500 similar messages, the also disposable transmission of last 500 messages of less than, the keyword that the protocol fields of record transmission message and the concrete value of protocol fields constitute and transmission batch k of such message of sending;
Step 103 judges whether that Ping is logical, if execution in step 106 then, otherwise execution in step 104;
Whether step 105 judge causes the test packet of equipment fault and locatees, if execution in step 107 then, otherwise execution in step 103;
Step 106 is judged whether message sends to finish, if execution in step 107 then, otherwise execution in step 101;
Fig. 6 has provided a kind of protocol security testing method embodiment four schematic diagrames of the present invention, and present embodiment also comprises step S5 except the step that comprises method embodiment two: the value strategy that sets in advance protocol fields.
The value strategy of protocol fields can for: value is divided normal value and illegal value, normal value is the value of agreement regulation, illegal value is got 2 kinds: 0 and the maximum that can get of this protocol fields, and for example the Version field is 4 bit, maximum is 0x1111 (binary system)=15 (10 system).The value of each protocol fields also needs to combine with the concrete regulation of agreement.
Present embodiment can also carry out above-mentioned expansion except carrying out the above-mentioned expansion on the basis of method embodiment three on the basis of method embodiment two.
Provide a kind of preferred embodiment of the present invention below:
(1) the value strategy of the protocol fields of safety test message
To each field, in conjunction with IPv6 agreement regulation, value is as follows:
The Version field: IP version number, 4bit, normal value is 6, illegal value is 0 and 15.
Traffic Class field: indicate the processing priority of IPv6 packet, 8bit.Normal span is 0-255, totally 256 kinds of values, no illegal value.
Flow Label field a: stream of mark IPv6 packet, 20bit.Current the Internet engineering duty group (Internet Engineering Task Force is called for short IETF) does not temporarily have definition how to manage and handle the details of this field, and giving tacit consent to normal value is 0.Illegal value is 65535.
Payload Length field: the length of expression IPv6 data packet payload.Payload is immediately following other parts of packet in IPv6 packet header.Normal value is concrete message payload length.Illegal value is less than actual load length, and value is 0; Greater than actual coincidence length, and value is 65535.
Next Header field: this Field Definition is immediately following the type of data packet in IPv6 packet header.Next header field defines in RFC1700, totally 96 of normal values, and illegal value is 101.
Hop Limit field: this Field Definition the IPv6 packet can be through the maximum hop count of forwarding router.Whenever, this value is subtracted 1 through a hop router.Normal span be more than or equal to 2 and smaller or equal to 255 value, gets 255 here, and illegally value is 0 and 1.
At last, it is as shown in table 2 to sum up all types of list of values of each field.
Table 2IPv6 protocol fields list of values
By above-mentioned division, the type of invalid packet and legal message is total up to 3 * 256 * 2 * 3 * 97 * 3=1340928 message.Press per second and send 1000 message speed calculation, sending whole messages needs 23 minutes.
The value strategy of test packet is not limited to the above-mentioned method that exemplifies, also can use other value strategy, as orthogonal arrage Test Strategy (Orthogonal Array Testing Strategy, be called for short OATS), OATS utilizes quadrature Latin matrix in the statistics to come the method for design test case.
(2) storage policy of message
With the various values of each protocol fields of dividing in the table 2, construct big stores for the bivariate table T of n * m for a short time.Wherein n is the line number of bivariate table, and the value of n is the protocol fields number in the table 2, n=6 here, and every row is represented all values of each field in the table 2.M is the columns of bivariate table, is worth the value species number for each protocol fields.N, the value corresponding relation of m is as shown in table 3.
Table 3IPv6 protocol fields and protocol fields value species number correspondence table T
| The n value | The m value |
| 1 | 3 |
| 2 | 256 |
| 3 | 2 |
| 4 | 3 |
| 5 | 97 |
| 6 | 3 |
The value T of bivariate table T storage
I, and j (i<=n, j<=m)The j kind value of representing the i protocol fields.T for example
1,1=6, first kind of value of expression Version field is 6.T
6,3=1, the third value of expression Hop Limit field is 1.
(3) the composite construction strategy of each protocol fields of message
Pick out the protocol fields of value most species,, then, select the protocol fields that occurs at first according to the appearance order of protocol fields in message if the identical protocol fields of value species number is arranged.In the present embodiment, the protocol fields of value most species is a Traffic Class field, and the value species number is 256.According to all values of this protocol fields, from first value, all values with other all protocol fields make up successively, the structure message.With the protocol fields of selection and the concrete value of protocol fields is that keyword identifies classification, and the keyword storage format is (protocol fields, the concrete value of protocol fields).To Traffic Class field, keyword is (Traffic Class, 0), (Traffic Class, 1) ... (Traffic Class, 255), the value species number of this protocol fields is the number of categories of test packet, so the test packet of possessive construction has been divided into 256 classes.
(4) the transmission strategy of message
To classified all test packets, be that unit sends with the class.Once send 500 messages of identical category, the also disposable transmission of last 500 messages of less than.
(5) carry out equipment fault detection and message location according to method as shown in Figure 5.
Fig. 7 has provided a kind of protocol security testing device of the present invention embodiment one schematic diagram, and described device comprises message constructing module M1, message sending module M2, fault detection module M3 and fault location module M4;
Described message constructing module M1 is used to construct the test packet of classifying according to protocol fields;
Described message sending module M2 is connected with message constructing module M1, is used for test packet is sent respectively by institute is sub-category;
Described fault detection module M3 is connected with message sending module M2, is used for regularly detecting the test packet that sends at process of transmitting and whether causes equipment fault;
Described fault location module M4 is connected with fault detection module M3, is used for when equipment fault takes place, and re-constructs test packet according to classification under the test packet and locatees the concrete test packet that causes equipment fault.
Described message sending module M2 specifically can be used for once sending N test packet of identical category, and calls fault detection module;
Described fault detection module M3 specifically can be used for detecting whether equipment fault takes place, if then call the fault location module, continues to send test packet otherwise call the message sending module.
Every kind of value that described message constructing module M1 specifically can be used for one or more protocol fields is a classification, comes the test packet of structural classification, and is that keyword identifies the test packet classification with protocol fields and the concrete value of protocol fields.
Fig. 8 has provided a kind of protocol security testing device of the present invention embodiment two schematic diagrames, present embodiment is except the architectural feature that comprises device embodiment one, also comprise memory module M5, be connected with fault location module M4 with message constructing module M1, be used for the corresponding relation of the required protocol fields of the described test packet of storage construct and protocol fields value species number and the concrete value of protocol fields.
Fig. 9 has provided a kind of protocol security testing device of the present invention embodiment three schematic diagrames, present embodiment is except the architectural feature that comprises device embodiment two, comprise that also the value strategy is provided with module M6, M5 is connected with memory module, is used to set in advance the value strategy of protocol fields.
Use agreement field of the present invention is classified to test packet, and with test packet classification transmission, when in process of transmitting, detecting equipment fault, can re-construct test packet according to classification under the test packet and locate the concrete test packet that causes equipment fault, do not need to store the test packet of transmission, saved memory space greatly, simultaneously by regular checkout equipment state, the location causes equipment system in case of system halt to occur fast, system hangs up, the test packet of catastrophe failure such as is restarted in system, has improved testing efficiency.
The present invention is not only applicable to the protocol security testing of IPv6 agreement, be equally applicable to other agreement of data communication field, as IPv4, transmission control protocol (Transmission ControlProtocol, abbreviation TCP), User Datagram Protoco (UDP) (User Datagram Protocol is called for short UDP) or the like.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (6)
1. a protocol security testing method is characterized in that, described method comprises:
The corresponding relation of protocol fields that the storage construct test packet is required and protocol fields value species number and the concrete value of protocol fields;
Every kind of value with one or more protocol fields is a classification, comes the test packet of structural classification, and is that keyword identifies the test packet classification with protocol fields and the concrete value of protocol fields;
Test packet is sent respectively by institute is sub-category;
In process of transmitting, regularly detect the test packet that sends and whether cause equipment fault, when equipment fault takes place, re-construct test packet according to classification under the test packet and locate the concrete test packet that causes equipment fault.
2. method according to claim 1, it is characterized in that, whether the described test packet that sends that regularly detects in process of transmitting causes equipment fault, when equipment fault takes place, re-construct test packet according to classification under the test packet and locate the concrete test packet that causes equipment fault, be specially: N the test packet that once sends identical category, detect whether equipment fault takes place, if then re-construct test packet and locate the concrete test packet that causes equipment fault according to classification under the test packet; If not N test packet that then continues the transmission identical category and detection whether equipment fault taking place, finishes until all test packets transmissions.
3. method according to claim 1 is characterized in that, also comprises: the value strategy that sets in advance protocol fields.
4. a protocol security testing device is characterized in that, comprises memory module, message constructing module, message sending module, fault detection module and fault location module;
Described memory module is connected with described fault location module with described message constructing module, is used for the corresponding relation of required protocol fields of storage construct test packet and protocol fields value species number and the concrete value of protocol fields;
Described message constructing module, the every kind of value that is used for one or more protocol fields is a classification, comes the test packet of structural classification, and is that keyword identifies the test packet classification with protocol fields and the concrete value of protocol fields;
Described message sending module is connected with the message constructing module, is used for test packet is sent respectively by institute is sub-category;
Described fault detection module is connected with the message sending module, is used for regularly detecting the test packet that sends at process of transmitting and whether causes equipment fault;
Described fault location module is connected with fault detection module, is used for when equipment fault takes place, and re-constructs test packet according to classification under the test packet and locatees the concrete test packet that causes equipment fault.
5. device according to claim 4 is characterized in that,
Described message sending module specifically is used for once sending N test packet of identical category, and calls fault detection module;
Described fault detection module specifically is used for detecting whether equipment fault takes place, if then call the fault location module, continues to send test packet otherwise call the message sending module.
6. device according to claim 4 is characterized in that, comprises that also the value strategy is provided with module, is connected with memory module, is used to set in advance the value strategy of protocol fields.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100868615A CN101582815B (en) | 2009-06-17 | 2009-06-17 | Protocol security testing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100868615A CN101582815B (en) | 2009-06-17 | 2009-06-17 | Protocol security testing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101582815A CN101582815A (en) | 2009-11-18 |
| CN101582815B true CN101582815B (en) | 2011-06-22 |
Family
ID=41364788
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100868615A Expired - Fee Related CN101582815B (en) | 2009-06-17 | 2009-06-17 | Protocol security testing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101582815B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104954203B (en) * | 2015-06-24 | 2018-11-06 | 深圳市共进电子股份有限公司 | Support the DSL product automations detecting system and method for IPv6 agreements |
| CN105912470B (en) * | 2016-04-11 | 2018-09-07 | 北京简约纳电子有限公司 | Method for generating test case suitable for ASN.1 |
| CN106302025B (en) * | 2016-08-22 | 2021-06-08 | 腾讯科技(深圳)有限公司 | Automatic testing method and device for communication protocol |
| CN109873737B (en) * | 2019-01-31 | 2020-10-09 | 杭州迪普科技股份有限公司 | Test method and device |
| CN112737875B (en) * | 2020-12-24 | 2022-03-18 | 中国银联股份有限公司 | Method and device for generating test message |
-
2009
- 2009-06-17 CN CN2009100868615A patent/CN101582815B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101582815A (en) | 2009-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101132320B (en) | Method for detecting interface trouble and network node equipment | |
| AU2011364975B2 (en) | Systems and methods for packet de-duplication | |
| US7668107B2 (en) | Hardware implementation of network testing and performance monitoring in a network device | |
| CN101582815B (en) | Protocol security testing method and device | |
| CN100495985C (en) | Method for rapidly detecting Ethernet exchanger loop failure | |
| US20090232152A1 (en) | Method and apparatus for aggregating ports | |
| CN101355466B (en) | Method and apparatus for transmitting continuous check information message | |
| CN101924659B (en) | Network equipment and method for detecting links of physical ports of same | |
| CN101267312B (en) | A method for preventing address from confliction detection and cheat in network | |
| CN102571492B (en) | Method and device for detecting failure of routing equipment | |
| CN106817264A (en) | A kind of methods, devices and systems of link failure detection | |
| CN101808021A (en) | Fault detection method, device and system, message statistical method and node equipment | |
| CN108632099A (en) | A kind of fault detection method and device of link aggregation | |
| CN101605063A (en) | Network fault positioning system and method | |
| US20090006650A1 (en) | Communication device, communication method, communication interface, and program product | |
| CN107948157A (en) | A kind of message processing method and device | |
| CN103078791A (en) | Method, device and system for processing operation, administration and maintenance (OAM) message | |
| CN104821957B (en) | A kind of implementation method of BFD state machines, apparatus and system | |
| CN105871661A (en) | Public network server detection method and detection server | |
| CN114338509B (en) | Data packet forwarding loop real-time detection system and detection method based on in-band network telemetry | |
| CN103220189A (en) | Multi-active detection (MAD) backup method and equipment | |
| CN102843274B (en) | The method of a kind of multilink fault detection and device | |
| CN103248567A (en) | BFD conversation message transmission method and equipment | |
| CN1783837A (en) | Method for detecting route unit fault | |
| CN105763375A (en) | Data packet transmission method, receiving method and microwave station |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110622 Termination date: 20140617 |
|
| EXPY | Termination of patent right or utility model |