CN103595661A - Message fragmentation restructuring method and device - Google Patents
Message fragmentation restructuring method and device Download PDFInfo
- Publication number
- CN103595661A CN103595661A CN201310624643.9A CN201310624643A CN103595661A CN 103595661 A CN103595661 A CN 103595661A CN 201310624643 A CN201310624643 A CN 201310624643A CN 103595661 A CN103595661 A CN 103595661A
- Authority
- CN
- China
- Prior art keywords
- message
- fragment
- checking
- whole
- restructuring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a message fragmentation restructuring method and device. A sending end calculates the whole message checksum before message fragmentation. The whole message checksum is added on a primary part of each fragmented message for calculation and verification of an opposite end. After receiving the fragmented messages, the receiving end verifies and calculates the whole messages after restructuring the messages. The calculation result is compared with the whole message checksum carried by the message primary part. If the calculation result is uniform with the whole message checksum, the restructured messages are determined to be accurate. If errors exist, the restructured messages are determined to have errors and are abandoned. Through the mode, the method and device can effectively identify forged fragmented messages, and can effectively ensure the accuracy of the restructured messages.
Description
Technical field
The application relates to network technology, especially relates to method and the device of in network, realizing message fragment restructuring.
Background technology
IP agreement, when transmitting packet, is divided into some bursts by data message and transmits, and recombinate in goal systems, and this process is called message fragment.IP message fragment occurs in the situation that the IP message size that will transmit has surpassed maximum transfer unit MTU, for example, the maximum IP message size that can transmit in ethernet environment is 1500 bytes, if the message size of transmission surpasses 1500 bytes, needs to transmit after burst.How judging which fragment message belongs to same message, is the key of message restructuring.In prior art scheme, the fragment message with identical sources, destination address, segmental identification, protocol number can be considered to the different fragment messages of same message.
Segmental identification is 16 bits, maximum segmental identification is 65535, that is to say, when message transmitting party sends after the fragment message that a segmental identification is N, after sending again 65536 messages, the segmental identification of new message is again from N, can cause like this fragment message of former and later two different messages can be considered to the different bursts of same message, certainly, the prerequisite that occurs this situation is that segmental identification is that all bursts of message of N all could not arrive opposite end within the time of 65536 messages, under proper network environment, the probability that occurs this situation is smaller, but, at network environment more complicated or flow very large in the situation that, this situation is still than being easier to occur.
Also have a kind of situation of utilizing fragment message to attack, some IP fragmentations are attacked except for carrying out Denial of Service attack, also through being usually used in hiding fire compartment wall or Network Intrusion Detection System.
Summary of the invention
In view of this, the application provides a kind of message fragment device, at transmitting terminal, message being carried out to burst processing, it is characterized in that, comprising: computing module and processing module,
Described computing module judges whether message size has surpassed the MTU of interface, if so, calculate whole message checking and, be added on the stem of IP message, for opposite end, carry out calculation check;
Described processing module is carried out burst, in each fragment message, carry comprise whole message checking and IP stem, message is sent to opposite end.
Described whole message checking and identical in each fragment message, be carried at IP heading latter two byte.
Invention thought based on same, the application also provides a message reconstruction unit, comprising: judge module, correction verification module and processing module,
The information that described processing module is carried according to the stem of message, adds restructuring queue by message;
Described judge module judges whether fragment message is collected completely, when all fragment messages, collects when complete, and notification handler module is recombinated to message, and calculate whole message checking after restructuring and;
The whole message checking that described correction verification module carries by the verification of calculating with heading and comparing, if consistent, the message after proof restructuring is correct, if inconsistent, proves that these message fragments are not same messages, by packet loss.
Described judge module is further used for: whether the message that judgement is received is fragment message, if not fragment message, according to the protocol fields of IP heading, protocol stack corresponding to message up sending is processed.
The information that described heading is carried specifically comprise source address, destination address, MIC message identification code, protocol number and whole message checking and at least one.
Invention thought based on same, the application provides a kind of method of message fragment, and for message being carried out to burst processing at transmitting terminal, described method comprises:
Judge whether message size has surpassed the MTU of interface, if so, calculate whole message checking and, be added on the stem of IP message, for opposite end, carry out calculation check;
Described message is carried out to burst, in each fragment message, carry comprise whole message checking and IP stem, message is sent to opposite end.
Described whole message checking and identical in each fragment message, be carried at IP heading latter two byte.
Invention thought based on same, the application provides the method for a message restructuring, and described method comprises:
The information of carrying according to the stem of message, adds restructuring queue by message;
Judge whether fragment message is collected completely, when all fragment messages, collects when complete, and notification handler module is recombinated to message, and calculate whole message checking after restructuring and;
The whole message checking carrying by the verification of calculating with heading and comparing, if consistent, the message after proof restructuring is correct, if inconsistent, proves that these message fragments are not same messages, by packet loss.
Whether the message that judgement is received is fragment message, if not fragment message, according to the protocol fields of IP heading, protocol stack corresponding to message up sending is processed.
The information that described heading is carried specifically comprise source address, destination address, MIC message identification code, protocol number and whole message checking and at least one.
This technical scheme is concerning user, not only can be in message many segmental identification, the more important thing is, opposite equip. is received after fragment message can carry out verification and calculating according to the message after restructuring, and the verification of carrying by the verification calculating with message and compare checking, has further guaranteed the correctness of reconstructed file, avoided the attack of recombination error and forged fragment message, concerning the network equipment, change also very little, compatible strong.
Accompanying drawing explanation
Fig. 1 is the hardware schematic diagram of the application's device embodiment mono-.
Fig. 2 is the hardware schematic diagram of the application's device embodiment bis-.
Fig. 3 is the schematic diagram of the application's embodiment of the method.
Fig. 4 is the schematic diagram of the application's the another embodiment of method.
Embodiment
The application provides a kind of device of message fragment, for message being carried out to burst processing at transmitting terminal, the basic hardware environment of this device comprises CPU, internal memory, nonvolatile memory and other hardware, this device logically comprises: computing module and processing module, these modules are actually computer program and by CPU, are loaded in internal memory operation and form.Please also refer to Fig. 2, described device is carried out following flow process in running:
Step 11: computing module is filled field and the load of IP heading, judges whether pending IP message size has surpassed the MTU of interface, if so, calculate whole message checking and, be added on the stem of IP message, otherwise, directly send.
Step 12: processing module, when the IP message to pending carries out burst, is carried this whole message checking and and send at this IP message fragment in the IP stem in each fragment message forming.
In a traditional IP message, in the stem of IP message, there is the stem checksum field of 16bit, it calculates gained according to IP stem, but does not comprise load (payload) below.Different from traditional approach, in this application, IP header field and load all fill in complete after, according to heading and whole message checking of load overall calculation and, be additionally added on the stem of IP message.Verification and computational methods belong to the technology of the general maturation of industry, have multiple implementation, for example can utilize calculating message checking that existing Linux increases income and mode, the use of concrete checking algorithm is not the emphasis that the present invention pays close attention to, and at this, does not repeat.In preferred mode, whole message checking and take 2 bytes, can be added on the stem verification of message and afterwards, i.e. two last bytes of heading can certainly be placed on other field, according to the actual service condition of user, carry out different settings.The application only illustrates at this.
Equipment for receiving terminal, need to increase a message reconstruction unit, the basic hardware environment of this device is identical with message fragment device, CPU, internal memory, nonvolatile memory and other hardware have been comprised, logically comprise: judge module, correction verification module and processing module, these modules are actually computer program and by CPU, are loaded into internal memory and call and form, and please also refer to Fig. 4, described device is carried out following flow process when computer calls:
Whether the message that the judgement of step 21 judge module is received is fragment message, if so, proceeds to step 22, otherwise, according to the protocol fields of IP heading, protocol stack corresponding to message up sending processed.
The whole message checking that the characteristic information that step 22 processing module is carried according to the stem of fragment message and this fragment message carry and, this fragment message is joined in corresponding restructuring queue.
Wherein, the characteristic information that described fragment message stem is carried comprises as source address, destination address, MIC message identification code, protocol number etc.For fragment message, the information such as source IP, the object IP in the IP heading of all fragment messages, ID sign, upper-layer protocol are all the same, different places is burst flag bit and burst side-play amount, and recipient recombinates to the fragment message receiving according to source IP, object IP, ID sign, burst flag bit, the burst side-play amount of the fragment message receiving just.
In using in reality, segmental identification is 16 bits, maximum segmental identification is 65535, that is to say, when message transmitting party sends after the fragment message that a segmental identification is N, after sending again 65536 messages, the segmental identification of new message is again from N, if the quantity of message waiting for transmission is huge, recipient may be at one time receives the message that belongs to different in section but source IP, object IP, ID sign, burst flag bits etc. are the same fragment message all, can cause like this fragment message of former and later two different messages can be considered to the different bursts of same message, now, utilize the application's technical scheme, can well address this problem, the application's whole message checking and the effect that can play the different messages of differentiation, the whole message checking that all fragment messages that belong to same IP message carry be all the same, recipient according to described whole message checking and by have same whole message checking and fragment message join in the restructuring queue of same message.
Step 23 judge module judges whether fragment message is collected completely, when all fragment messages, collects when complete, and notification handler module is recombinated to message, and calculate whole message checking after restructuring and.
If received last fragment message in official hour, illustrate that message fragment collection is complete, can recombinate to message, otherwise, if surpassed official hour, also there is no to collect neat all message fragments, all bursts are abandoned, and end process flow process.
The whole message checking that step 24 correction verification module carries by the verification of calculating with heading and comparing, if consistent, confirms that the message after restructuring is correct, if inconsistent, prove that these message fragments are not same messages, recombinate wrong, by packet loss.
In actual use, the fragment message of supposing have assailant to intercept and capture and transmitting in network, and forged same fragment message as attack message according to fragment message, above, in several steps, be very difficult identified, and then the attack message of forging adds restructuring with regard to being likely taken as normal fragment message, thereby cause the message after restructuring wrong, and in this application, the whole message checking adding in IP stem and, having arrived receiving terminal can recalculate according to the message after assembling, if the verification after calculating and the verification with carrying in IP fragmentation stem and consistent, illustrate that message restructuring is correct, if the verification of carrying in the result after calculating and IP fragmentation stem and inconsistent, illustrate that deviation has appearred in IP fragmentation and reassembly process, message after restructuring is incorrect.
The application by burst, carry can verify verification that whether restructuring correct and, not only increased the sign of a same message fragment of identification, the more important thing is, verification and can recalculating at receiving terminal, according to the result after calculating and verification and the comparison of carrying, like this, even if there is having people's malice forged fragment message, even the fragment message of forging seems very consistent with other fragment messages, also cannot verify by the verification of receiving terminal, and due to verification and computational methods be all general, sending and receiving end is all without doing larger change, only need to add verification at transmitting terminal, at receiving terminal, carry out verification and calculate, implementation method is simple, and implementation result is good.
The foregoing is only the application's preferred embodiment, not in order to limit the application, all within the application's spirit and principle, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of the application's protection.
Claims (10)
1. a message fragment device, at transmitting terminal, message being carried out to burst processing, is characterized in that, comprising: computing module and processing module,
Described computing module judges whether pending IP message size has surpassed the MTU of interface, if so, calculate whole message checking and, be added on the stem of IP message, for opposite end, carry out calculation check;
When described processing mould carries out burst to pending IP message, in the IP stem in each fragment message forming at this IP message fragment, carry this whole message checking and and send.
2. device as claimed in claim 1, is characterized in that, described whole message checking and identical in each fragment message, be carried at IP heading latter two byte.
3. a message reconstruction unit, is characterized in that, comprising: judge module, correction verification module and processing module,
The information that described processing module is carried according to the stem of message, adds restructuring queue by message;
Described judge module judges whether fragment message is collected completely, when all fragment messages, collects when complete, and notification handler module is recombinated to message, and calculate whole message checking after restructuring and;
The whole message checking that described correction verification module carries by the verification of calculating with heading and comparing, if consistent, determine that the message after restructuring is correct, if inconsistent, determines that these message fragments are not same messages, by packet loss.
4. device as claimed in claim 3, is characterized in that, described judge module is further used for:
Whether the message that judgement is received is fragment message, if not fragment message, according to the protocol fields of IP heading, protocol stack corresponding to message up sending is processed.
5. device as claimed in claim 3, is characterized in that, the information that described heading is carried specifically comprise source address, destination address, MIC message identification code, protocol number and whole message checking and at least one.
6. a method for message fragment, for message being carried out to burst processing at transmitting terminal, described method comprises:
Judge whether pending IP message size has surpassed the MTU of interface, if so, calculate whole message checking and, be added on the stem of IP message, for opposite end, carry out calculation check;
When pending IP message is carried out to burst, in the IP stem in each fragment message forming at this IP message fragment, carry this whole message checking and and send.
7. method as claimed in claim 6, is characterized in that, described whole message checking and identical in each fragment message, be carried at IP heading latter two byte.
8. the method for a message restructuring, is characterized in that, described method comprises:
The information of carrying according to the stem of message, adds restructuring queue by message;
Judge whether fragment message is collected completely, when all fragment messages, collects when complete, and message is recombinated, and calculate whole message checking after restructuring and;
The whole message checking carrying by the verification of calculating with heading and comparing, if consistent, the message after proof restructuring is correct, if inconsistent, proves that these message fragments are not same messages, by packet loss.
9. method as claimed in claim 8, is characterized in that, described method further comprises:
Whether the message that judgement is received is fragment message, if not fragment message, according to the protocol fields of IP heading, protocol stack corresponding to message up sending is processed.
10. method as claimed in claim 8, is characterized in that, the information that described heading is carried specifically comprise source address, destination address, MIC message identification code, protocol number and whole message checking and at least one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310624643.9A CN103595661B (en) | 2013-11-28 | 2013-11-28 | Message fragmentation restructuring method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310624643.9A CN103595661B (en) | 2013-11-28 | 2013-11-28 | Message fragmentation restructuring method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103595661A true CN103595661A (en) | 2014-02-19 |
| CN103595661B CN103595661B (en) | 2017-05-10 |
Family
ID=50085649
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310624643.9A Active CN103595661B (en) | 2013-11-28 | 2013-11-28 | Message fragmentation restructuring method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103595661B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763328A (en) * | 2014-12-16 | 2016-07-13 | 中兴通讯股份有限公司 | Fragmented message transmission method and network equipment |
| CN106656848A (en) * | 2017-03-01 | 2017-05-10 | 迈普通信技术股份有限公司 | Method and device for determining MTU (Maximum Transmission Unit) of path, and communication system |
| CN107172174A (en) * | 2017-06-01 | 2017-09-15 | 重庆高略启达智慧城市信息技术有限公司 | The quick upload of file is realized between clients and servers |
| CN111163022A (en) * | 2018-11-08 | 2020-05-15 | 深圳市中兴微电子技术有限公司 | Message transmission method and device and computer readable storage medium |
| CN112241328A (en) * | 2020-09-10 | 2021-01-19 | 长沙市到家悠享网络科技有限公司 | Data processing method, device and system |
| CN112600816A (en) * | 2020-12-08 | 2021-04-02 | 深信服科技股份有限公司 | Intrusion prevention method, system and related equipment |
| CN114039749A (en) * | 2021-10-26 | 2022-02-11 | 中国银联股份有限公司 | Attack detection method, device, equipment and storage medium |
| CN114499757A (en) * | 2022-01-07 | 2022-05-13 | 锐捷网络股份有限公司 | Method and device for generating checksum and electronic equipment |
| CN115052055A (en) * | 2022-08-17 | 2022-09-13 | 北京左江科技股份有限公司 | Network message checksum unloading method based on FPGA |
| CN115396344A (en) * | 2021-05-08 | 2022-11-25 | 华为技术有限公司 | Method, device and equipment for detecting link |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1874301A (en) * | 2006-01-24 | 2006-12-06 | 华为技术有限公司 | Method and system for quick responding IP banding message |
| CN1889575A (en) * | 2006-07-18 | 2007-01-03 | 华为技术有限公司 | Method for realizing head compressing and multiplexing method at IP layer |
| CN101567852A (en) * | 2009-05-20 | 2009-10-28 | 中兴通讯股份有限公司 | Method and device for switching the network address of IP message |
| CN102387151A (en) * | 2011-11-01 | 2012-03-21 | 天津大学 | Block-based virus detection method in P2P (peer-to-peer) network |
-
2013
- 2013-11-28 CN CN201310624643.9A patent/CN103595661B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1874301A (en) * | 2006-01-24 | 2006-12-06 | 华为技术有限公司 | Method and system for quick responding IP banding message |
| CN1889575A (en) * | 2006-07-18 | 2007-01-03 | 华为技术有限公司 | Method for realizing head compressing and multiplexing method at IP layer |
| CN101567852A (en) * | 2009-05-20 | 2009-10-28 | 中兴通讯股份有限公司 | Method and device for switching the network address of IP message |
| CN102387151A (en) * | 2011-11-01 | 2012-03-21 | 天津大学 | Block-based virus detection method in P2P (peer-to-peer) network |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763328A (en) * | 2014-12-16 | 2016-07-13 | 中兴通讯股份有限公司 | Fragmented message transmission method and network equipment |
| CN106656848A (en) * | 2017-03-01 | 2017-05-10 | 迈普通信技术股份有限公司 | Method and device for determining MTU (Maximum Transmission Unit) of path, and communication system |
| CN107172174A (en) * | 2017-06-01 | 2017-09-15 | 重庆高略启达智慧城市信息技术有限公司 | The quick upload of file is realized between clients and servers |
| CN111163022A (en) * | 2018-11-08 | 2020-05-15 | 深圳市中兴微电子技术有限公司 | Message transmission method and device and computer readable storage medium |
| CN112241328A (en) * | 2020-09-10 | 2021-01-19 | 长沙市到家悠享网络科技有限公司 | Data processing method, device and system |
| CN112241328B (en) * | 2020-09-10 | 2024-01-23 | 长沙市到家悠享网络科技有限公司 | Data processing method, device and system |
| CN112600816B (en) * | 2020-12-08 | 2022-09-30 | 深信服科技股份有限公司 | Intrusion prevention method, system and related equipment |
| CN112600816A (en) * | 2020-12-08 | 2021-04-02 | 深信服科技股份有限公司 | Intrusion prevention method, system and related equipment |
| CN115396344A (en) * | 2021-05-08 | 2022-11-25 | 华为技术有限公司 | Method, device and equipment for detecting link |
| CN115396344B (en) * | 2021-05-08 | 2024-06-25 | 华为技术有限公司 | Link detection method, device and equipment |
| CN114039749A (en) * | 2021-10-26 | 2022-02-11 | 中国银联股份有限公司 | Attack detection method, device, equipment and storage medium |
| CN114499757A (en) * | 2022-01-07 | 2022-05-13 | 锐捷网络股份有限公司 | Method and device for generating checksum and electronic equipment |
| CN115052055A (en) * | 2022-08-17 | 2022-09-13 | 北京左江科技股份有限公司 | Network message checksum unloading method based on FPGA |
| CN115052055B (en) * | 2022-08-17 | 2022-11-11 | 北京左江科技股份有限公司 | Network message checksum unloading method based on FPGA |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103595661B (en) | 2017-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103595661A (en) | Message fragmentation restructuring method and device | |
| CN101009607B (en) | Systems and methods for detecting and preventing flooding attacks in a network environment | |
| CN104539739B (en) | A kind of system, method and device that file uploads | |
| US9130991B2 (en) | Processing data packets in performance enhancing proxy (PEP) environment | |
| US8976814B2 (en) | Method of transporting data from sending node to destination node | |
| CN101729513A (en) | Network authentication method and device | |
| Law et al. | Secure rateless deluge: Pollution-resistant reprogramming and data dissemination for wireless sensor networks | |
| CN104025550B (en) | The method and device of information is obtained from data item | |
| CN106452688A (en) | Beidou data lost message retransmission method and system | |
| US10505677B2 (en) | Fast detection and retransmission of dropped last packet in a flow | |
| CN104717105A (en) | Industrial sensor network data repeated detecting method based on standard ISA 100.11a | |
| CN109257143A (en) | Method for there is sliced transmission data packet in the network transmission protocol of length limitation | |
| CN110380842B (en) | CAN bus message signature method, device and system suitable for intelligent network-connected automobile | |
| CN104348578B (en) | The method and device of data processing | |
| CN1913531B (en) | Transmission method, compression method and device of TCP/IP packet | |
| US9667650B2 (en) | Anti-replay checking with multiple sequence number spaces | |
| US10200154B2 (en) | System and method for early packet header verification | |
| CN109286472B (en) | Concurrent data asynchronous transmission method based on Beidou satellite navigation system | |
| US8565229B2 (en) | Systems and methods for data packet transmission | |
| EP3606007B1 (en) | Data verification method, data transmission method, related devices, system and storage medium | |
| CN114785805B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN108429700A (en) | A kind of method and device sending message | |
| EP1838038A1 (en) | Method for transfering network event protocol messages | |
| CN114979172B (en) | Data transmission method, device, equipment and storage medium | |
| CN104363248B (en) | Radio data transmission method and user terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |