CN106453022A - Network device and data packet sending method - Google Patents
Network device and data packet sending method Download PDFInfo
- Publication number
- CN106453022A CN106453022A CN201610826351.7A CN201610826351A CN106453022A CN 106453022 A CN106453022 A CN 106453022A CN 201610826351 A CN201610826351 A CN 201610826351A CN 106453022 A CN106453022 A CN 106453022A
- Authority
- CN
- China
- Prior art keywords
- data
- packet
- described data
- port
- receive port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4604—LAN interconnection over a backbone network, e.g. Internet, Frame Relay
- H04L12/462—LAN interconnection over a bridge based backbone
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data packet sending method. A network device for data packet sending comprises at least two data transceiver ports, a data judging module, and a data processing module. The method comprises the following steps: S100, one data transceiver port receives a data packet; S200, when the data judging module judges that the data packet needs to forwarded via the data transceiver port, the data processing module correspondingly modifies an skb message in the data packet; S300, the data processing module clones the modified skb message, and the data judging module loops through all the data transceiver ports; and S400, the data packet is forwarded via the data transceiver port meeting data packet forwarding conditions.
Description
Technical field
The application is related to internetworking technologies field, and under more particularly, to a kind of (SuSE) Linux OS, bridge carries out data
Forward the technical problem that network interface is circulated with traversal.
Background technology
Whether allow this data during mobile data on network it is thus necessary to determine that on network, if it is allowed, then needing
Where data to be determined will be sent to.When data is sent to destination from source, network can determine transmitting terminal and
Whether whether receiving terminal be all effectively and to allow using this network, and will how processing data.Transmission control protocol/Yin Te
FidonetFido (TCP/IP) data is typically transmitted in the form of frames, and described frame includes at least two parts, address header sum
According to load.Can find from the address header of quintuple form and be generally used for the letter to destination transmission data by network
Breath, described five-tuple includes following fields:Source address, destination address, source port, destination interface and agreement.
In general gateway device, be divided into WAN-side and LAN side, WAN-side be incoming end, be responsible for link internet or
Communication network, LAN side be user's incoming end, generally, LAN side can exist multiple Ethernet interfaces link respectively various
Gateway terminal equipment.In home network environment, general terminal device has the nets such as PC, Set Top Box, the networking telephone or global eyes
Network equipment, in enterprise's application, networking is increasingly complex, and all of network equipment is all accessed by gateway device, including each
Plant application server, network terminal etc., species complexity is various, once loop problem occurs in certain network, or ring
Road occurs in inside access gateway, all can directly affect gateway work and the normal access of other network equipments.But due to net
Tube terminal equipment is excessive, and wiring is numerous and diverse, cannot quickly know again and specifically break down at which, can only do comprehensive carpet
Formula checks, so not only wastes time and energy, is also not easily found accurate certain faults, or even thinks that comprehensive inspection causes new
Fault.
Used packet in Linux bridge forwards function to be broadly divided into two kinds at present, and one kind is that data is forwarded to
Specific port, another kind is data diffusion, and searching loop forwards and is diffused into all of the port.For the former, functional realiey is main
It is embodied in two aspects:The data forwarding that inlet flow rate and rate of discharge are carried out respectively.Wherein, data is carried out to inlet flow rate
Forwarding is exactly that one of bridge group bridge port receives to packet in fact, after trawl performance, calls netif_
The functions such as receive_skb, handle_bridge, br_handle_frame, last call function br_forward is realizing
Data forwarding.Rate of discharge is carried out first have to during data forwarding setting up route wan and connects, if the data of outer net want and
When the terminal of lan carries out data transmission, outer network data can be set up with wan interface first and be connected, and then wan interface passes through road
By rule and arp, the network data of needs can be sent from bridge, last bridge will call br->netdev_
ops->Ndo_start_xmit, i.e. br_dev_xmit, can call br_deliver, br_flood_ in br_dev_xmit
Deliver, carries out the forwarding of rate of discharge.Data diffusion is equally divided into the diffusion of inlet flow rate and the diffusion of rate of discharge, needs
Call an important function br_flood, the mainly already present all of the port of searching loop, for meeting data forwarding
The port of condition, call function _ _ packet_hook carries out subsequent treatment.
Address resolution protocol, i.e. ARP (Address Resolution Protocol), is to obtain physics according to IP address
One ICP/IP protocol of address.Main frame sends the institute being broadcast to, during information, the ARP request comprising target ip address on network
There is main frame, and receive return message, the physical address of target is determined with this;Receive after return message by this IP address and physically
Location is stored in the machine arp cache and retains certain time, directly inquires about arp cache to economize on resources during request next time.Address solves
Analysis agreement is built upon on the basis of in network, each main frame trusts each other, and the main frame on network can independently send ARP should
Answer message, other main frames receive and will not detect during response message that the authenticity of this message will be logged into the machine arp cache;By
This attacker just can send pseudo- arp reply message to a certain main frame so as to the information that sends cannot reach expected main frame or
Reach the main frame of mistake, this just constitutes an ARP deception.ARP order can be used for inquire about the machine arp cache in IP address and
The corresponding relation of MAC Address, interpolation or the static corresponding relation of deletion etc..Related protocol has RARP, proxy ARP.NDP is used for
Address resolution protocol is replaced in IPv6.
Chinese Patent Application No. is CN201210525155.8, this invention the present invention relates to network communication technology field, especially
It is related to the method for the detection of gateway device dynamically loop, protection and static loop detection.The effect of the present invention is:When confirmation is deposited
In loop, the reception immediately closing off loop interface is interrupted, and protects gateway device not under fire, and opens loop warning light, tells
There are loop situations in user, then whether detection loop releases, once loop releases, just reopens in the reception of loop interface
Disconnected, close closed-loop warning light, once from the above, it is seen that loop situations in equipment, gateway device can find and adopt
Safeguard measure is so that other non-loop link energy normal works, and the interface that there is loop is monitored, when loop releases
Afterwards at once just can be with normal work.
Chinese Patent Application No. is CN200510018238.8, the invention provides a kind of MAC bridge coil, such as ether
Net, the method and apparatus of loop discovery, space reuse and pretection switch.The Topology Discovery controlling bridge periodically transmission of loop
Message returns through whole loop and controls bridge, records the bridge in loop and link condition.Bridge is controlled to indicate by topology
Topology information is noticed other bridges of loop, and specify protection bridge and protection port.Protection bridge blocks protection port, keeps away
Exempt from data to circulate in the loop.Bridge selects shortest path according to topology information, realizes space reuse, simultaneously using heartbeat message
The connectedness of detection link, and when finding link failure, notify protection bridge to realize quick protective switch.The present invention can be
Comprise in the complex topology structure network of multiple loops, find loop topology or by Spanning-Tree Protocol cluster by configuring
Agreement finds loop topology automatically, improves loop space utilization ratio, realizes the quick protective switch within 50ms.
Patent disclosed above, the meeting that unresolved modification skb message leads to affects the realization of vlan function, also can affect end
The realization of end subscriber isolation features.Currently solution to the problems described above mainly can again add an entrance function to realize
Data receiver and the function of forwarding.The shortcoming of this method is increased workload, the serious time taking product development, also
Other unknown defects may be introduced, there is very big uncertainty.
Content of the invention the invention provides under a kind of (SuSE) Linux OS bridge data forwarding traversal is circulated to network interface
New solution.It is sometimes desirable to be communicated between different network interfaces in network data transmission, meeting during communication
Searching loop successively is carried out to the network interface of all presence, is operated accordingly to meeting the network interface requiring, behaviour mentioned here
Make the most basic ping that is just by operate, when a network interface removes ping another one network interface, no matter transmitting message is carried out
What kind of construction, all without the specific function of impact.The present invention is achieved by the following technical solutions:
A kind of data packet sending method, the network equipment that described packet sends includes:At least two data sending and receiving end mouths,
Data judge module, data processing module, methods described comprises the steps:
S100:One described data transmit-receive port accepts described packet;
S200:When described data judge module judges that described packets need passes through described data transmit-receive port forwarding,
Described data processing module is accordingly changed to the skb message in described packet;
S300:Described data processing module clones amended described skb message, and described data judge module is to all institutes
State data transmit-receive port and be circulated traversal;
S400:For the described data transmit-receive port meeting described packet forwarding condition, realize described packet and forward.
Clone amended described skb message, specifically refer to, skb_clone is that linux kernel operates to SKB
Function.If a SKB can be by different user's independent operations, and these users may simply change certain in SKB descriptor
A little field values, then kernel need not be a complete SKB description of each user duplication and its corresponding data buffer area, in order to
Improve performance, only make clone operations.
Mentioning in literary composition is exactly to use skb_clone function by amended SKB clone, simply replicates sk_buff
Structure, does not replicate the data buffer zone of skb.Sk_buff structure after Clone points to same data with original sk_buff
Buffering area.The cloned value of the skb descriptor after original and clone all can be set to the users of the skb descriptor of 1, clone
Value puts 1, and the reference count dataref of data buffer zone increases by 1 simultaneously, in order to avoid shared data is discharged in advance.
Further, described data packet sending method, being accordingly revised as in described S200 step adds to described packet
Plus v l an head.
Further, described data packet sending method, described S200 step includes S210 step:
S210:When described data judges that mould judges described network device state for forword, allow forwarded to enter one
Step operation.The message that above-mentioned forward state refers to meets the state forwarding requirement and being forwarded, and specifically can be divided into
Local forwarding (local in) and concentration forward (forwarding).Local forwarding refers to be sent to native protocol stack, collects transfer
Send out is then forwarding between port and port.
Further, described data packet sending method, described S200 step includes S220 step:
S220:When described data judges that mould judges that the capacity of packet is less than the mtu value of the described network equipment, and support
Gso, allows the operation further being forwarded.
Above-mentioned mtu value, the maximum data packet size referring to pass through above a kind of a certain layer of communication protocol (with byte is
Unit).Suitable MTU value is set, communication efficiency can be improved.
Above-mentioned GSO, process is delayed in as general segmentation.Refer to network interface card when supporting GSO function, (big for super large packet
In MTU value), kernel can be by the delays in work of segmentation to the eve giving driving.If network interface card does not support this function, kernel
With the mode of software, burst is carried out to packet.
Further, described data packet sending method, described S400 step includes S410 step:
S410:Described packet carries out processing in accordance with code, and described code includes rule on forword chain, bridge is prevented
The rule in out chain is called in rule in post chain in wall with flues or bridging firewall.
Further, described data packet sending method, described S400 step includes S420 step:
S420:When described data judge module judges that described packet meets respective rule, change described skb message and refer to
To net dev.
Above-mentioned net dev be net device write a Chinese character in simplified form it is simply that the meaning of " network equipment ".Corresponding to the number in linux
According to structure net_device structure, major function is the unification realizing multiple hardwares on software level.Net_device ties
Structure is divided into five parts such as overall member, hardware associated member, interface associated member, device, method member and public member.
Further, described data packet sending method, described S400 step includes S430 step:
S430:For the described data transmit-receive port meeting described packet forwarding condition, call function _ packet_
Hook carries out the process of described packet forwarding.
Present invention also offers a kind of network equipment, including at least two data sending and receiving end mouths, data judge module, data
Processing module,
Described data transmit-receive port, for accepting or sending packet;
Described data processing module, for changing the skb message in described packet;
Described data judge module, for judging to the forwarding condition of described packet, and to described data transmit-receive
Port is circulated traversal, finds the described data transmit-receive port of the forwarding condition meeting described packet.
Further, the described network equipment, after arbitrary described data transmit-receive port accepts described packet, calls network interface card to drive
Dynamic function processes described packet.
Further, the described network equipment, the described data transmit-receive port meeting the forwarding condition of described packet is institute
State at least one non-described data transmit-receive port accepting described packet of the network equipment.
Further, the described network equipment, described data judge module judges that described forwarding condition includes:Bridge port
State be whether forword, described data package size whether less than the described network equipment mtu value, whether support gso, described
Packet whether meet respective rule, send the described data transmit-receive port of described packet whether with accept described packet
Described data transmit-receive port is identical.
Further, the described network equipment, described data processing module is judged as not according to described data judge module
Meet described forwarding condition, described packet is carried out with burst or abandons operation.
Above-mentioned Fragmentation, refers to that link layer has this characteristic of MTU MTU, it limits Frame
Long length, different network types has a higher limit.If the length of transmission packet has exceeded MTU value and can be with burst
Transmission, will carry out Fragmentation to packet, make often a piece of length both less than or be equal to MTU value.Thus can will need
Data message to be transmitted is divided into some bursts to be transmitted, and is recombinated in goal systems.
The present invention one of at least has the advantages that:
1., instant invention overcomes original packet forwards, if modification message, not only can affect the realization of vlan function, also can
The technical problem of the realization of impact terminal use's isolation features.
2. the present invention gives the network equipment and forwards the ability carrying out automatic detection and modification message according to packet.
3. the present invention greatly facilitates bridge class network equipment erection work.
4. the present invention can accomplish automatically, efficiently and conveniently complete the forwarding work of packet in internet.
5th, the automatic modification message of present invention offer, copy packet, the network interface searching loop of the network equipment send corresponding number
According to bag method, reliability is high, simultaneously execution efficiency height, applied range.
Brief description
With reference to the accompanying drawings and detailed description the present invention is described in further detail:
Fig. 1 is first embodiment of the invention schematic flow sheet;
Fig. 2 is first embodiment of the invention module diagram;
Fig. 3 is third embodiment of the invention schematic flow sheet.
Description of reference numerals
The 1000- network equipment;100- data transmit-receive port;200- data judge module;300- data processing module.
Specific embodiment
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Have technology description in required use accompanying drawing be briefly described it should be apparent that, below explanation and accompanying drawing for the present invention
It is exemplary, and be understood not to limit the present invention.Following description describe numerous details to facilitate to this
Sensible solution.However, in some instances, details that know or routine does not simultaneously specify, the requirement succinct to meet specification.
In one typical computing hardware configuration of the application, client/terminal, the network equipment and trusted party all include one
Individual or multiple processor (CPU), input/output interface, network interface and internal memory.
Client in the present invention, mobile terminal or the network equipment include processor, process containing single core processor or multinuclear
Device.Processor is alternatively referred to as one or more microprocessors, CPU (CPU) etc..More specifically, processor can be
Complicated instruction set calculates (CISC) microprocessor, Jing Ke Cao Neng (RISC) microprocessor, very long instruction word (VLIW)
Microprocessor, realize the processor of other instruction set, or realize the processor of instruction set combination.Processor also can be one or many
Individual application specific processor, such as special IC (ASIC), field programmable gate array (FPGA), digital signal processor
(DSP), network processing unit, graphic process unit, network processing unit, communication processor, cipher processor, coprocessor, embedded
Processor or be capable of process instruction any other type logical block.Processor is used for executing the behaviour that the present invention is discussed
Make the instruction with step.
Client in the present invention, mobile terminal or the network equipment include memory, for storing big data, it may include one
Individual or multiple volatile storage devices, such as random access memory (RAM), dynamic ram (DRAM), synchronous dram (SDRAM), quiet
State RAM (SRAM) or other kinds of storage device.Memory can store including being executed by processor or any other equipment
The information of command sequence.For example, several operation systems, device driver, firmware (for example, input and output fundamental system or
) and/or the executable code of application program and/or data can be loaded in memory and by computing device BIOS.
The operating system of the client in the present invention, mobile terminal or the network equipment can be any kind of operating system,
Windows, Windows Phone of such as Microsoft, Apple IOS, the Android of Google, and Linux,
Unix operating system or other in real time or embedded OS VxWorks etc..
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
Have technology description in required use accompanying drawing be briefly described it should be apparent that, below explanation and accompanying drawing for the present invention
It is exemplary, and be understood not to limit the present invention.Following description describe numerous details to facilitate to this
Sensible solution.However, in some instances, details that know or routine does not simultaneously specify, the requirement succinct to meet specification.This
The concrete Apparatus and method for of invention is referring to following embodiments:
The code block mainly realizing function br_flood in existing solution is as follows:
Can be seen that from code:The logic of this function is all of the port under first searching loop bridge, for meeting number
According to the port of the condition of forwarding, after replicating a skb, call function _ packet_hook carries out subsequent treatment.In addition, from code
In it can be seen that the process of function loops, always delayed p port numbers are (such as prev port numbers:When p is ath31, prev is
When NULL, p are ath30, when prev is ath29 for ath31, p, prev is ath30, traverses eth0 end by that analogy always
Mouthful).The benefit of this logic implementations is the order that can ensure searching loop network interface well, but this method is necessary
There is individual premise, skb can not be changed accordingly during data forwarding, if having modified (such as:Add corresponding
Heading) carry out network interface searching loop again it may appear that some port identification not corresponding message, lead between port and port
Can not be communicated, and then be affected the realization of concrete function.
The eth0 being previously mentioned in literary composition is the Ethernet access mouth of wireless aps, and ath0, ath1, ath2 etc. refer to
The radio network interface that Atheros chip is comprised.Typically, access in radio mouth is eth0 mouth, and wireless network access port is athx
Mouth (x is 0~31)
During product development, when adding concrete New function according to demand, can be in function should_deliver
Add the process function to data message, and manage the operation often having in function to skb modification in this place, such as add industry
During business vlan function, VLAN head can be added when sending port is for eth0 to skb.At this moment, when the terminal being connected to ath0 port
During going ping to be connected to the terminal on other ports, traversal can be circulated to port, when p traverses ath0, meeting
The situation skipping transmission processe, because when searching loop is to ath0, should_deliver in br_flood in function occur
(p, skb) is not true (reason:The message of a duplication itself will not be sent toward inbound port), so not executing if (should_
Deliver (p, skb)) internal code, and now prev is ath1.When traversing eth0, as described above
Vlan head can be added to message, this leads to ensuing skb_clone to replicate one in should_deliver processing procedure
Message with VLAN head sends from ath1 interface.And the message of the terminal nonrecognition band vlan information of connectivity port ath1, so
Ping obstructed situation occurs.
In addition, when the terminal being connected to athx (x is not equal to 0) interface goes ping to be connected to the terminal on other interfaces,
When port p traverses eth0, prev is port ath0, simultaneously again because can be to message in should_deliver processing procedure
Add vlan head, so occurring that the message that ping sends adds the situation of vlan information.So no matter be attached to which end
Mouth (except ath0), goes ping to be connected to the terminal of ath0, the obstructed situation of ping all can.
By above description, not only can affect the realization of vlan function, also can affect the realization of terminal use's isolation features, institute
The flow process of data is forwarded to improve so that searching loop network interface should be changed.
First embodiment
The present embodiment provides a kind of data packet sending method, in order to solve the above problems, the network that described packet sends
Equipment includes:At least two data sending and receiving end mouths, data judge module, data processing modules, methods described comprises the steps:
S100:One described data transmit-receive port accepts described packet;
S200:When described data judge module judges that described packets need passes through described data transmit-receive port forwarding,
Described data processing module is accordingly changed to the skb message in described packet;
S300:Described data processing module clones amended described skb message, and described data judge module is to all institutes
State data transmit-receive port and be circulated traversal;
S400:For the described data transmit-receive port meeting described packet forwarding condition, realize described packet and forward.
Clone amended described skb message, specifically refer to, skb_clone is that linux kernel operates to SKB
Function.If a SKB can be by different user's independent operations, and these users may simply change certain in SKB descriptor
A little field values, then kernel need not be a complete SKB description of each user duplication and its corresponding data buffer area, in order to
Improve performance, only make clone operations.
Mentioning in literary composition is exactly to use skb_clone function by amended SKB clone, simply replicates sk_buff
Structure, does not replicate the data buffer zone of skb.Sk_buff structure after Clone points to same data with original sk_buff
Buffering area.The cloned value of the skb descriptor after original and clone all can be set to the users of the skb descriptor of 1, clone
Value puts 1, and the reference count dataref of data buffer zone increases by 1 simultaneously, in order to avoid shared data is discharged in advance.
Preferably, described data packet sending method, being accordingly revised as in described S200 step adds to described packet
Plus vlan head.
The present embodiment also provides a kind of network equipment, including at least two data sending and receiving end mouths, data judge module, data
Processing module,
Described data transmit-receive port, for accepting or sending packet;
Described data processing module, for changing the skb message in described packet;
Described data judge module, for judging to the forwarding condition of described packet, and to described data transmit-receive
Port is circulated traversal, finds the described data transmit-receive port of the forwarding condition meeting described packet.
Second embodiment
On the basis of embodiment one, preferably described data packet sending method, described S200 step includes S210
Step:
S210:When described data judges that mould judges described network device state for forword, allow forwarded to enter one
Step operation.The message that above-mentioned forward state refers to meets the state forwarding requirement and being forwarded, and specifically can be divided into
Local forwarding (local in) and concentration forward (forwarding).Local forwarding refers to be sent to native protocol stack, collects transfer
Send out is then forwarding between port and port.
It is further preferred that described data packet sending method, described S200 step includes S220 step:
S220:When described data judges that mould judges that the capacity of packet is less than the mtu value of the described network equipment, and support
Gso, allows the operation further being forwarded.
Above-mentioned mtu value, the maximum data packet size referring to pass through above a kind of a certain layer of communication protocol (with byte is
Unit).Suitable MTU value is set, communication efficiency can be improved.
Above-mentioned GSO, process is delayed in as general segmentation.Refer to network interface card when supporting GSO function, (big for super large packet
In MTU value), kernel can be by the delays in work of segmentation to the eve giving driving.If network interface card does not support this function, kernel
With the mode of software, burst is carried out to packet.
Preferably, described data packet sending method, described S400 step includes S410 step:
S410:Described packet carries out processing in accordance with code, and described code includes rule on forword chain, bridge is prevented
The rule in out chain is called in rule in post chain in wall with flues or bridging firewall.
Preferably, described data packet sending method, described S400 step includes S420 step:
S420:When described data judge module judges that described packet meets respective rule, change described skb message and refer to
To net dev.
Above-mentioned net dev be net device write a Chinese character in simplified form it is simply that the meaning of " network equipment ".Corresponding to the number in linux
According to structure net_device structure, major function is the unification realizing multiple hardwares on software level.Net_device ties
Structure is divided into five parts such as overall member, hardware associated member, interface associated member, device, method member and public member.
Preferably, described data packet sending method, described S400 step includes S430 step:
S430:For the described data transmit-receive port meeting described packet forwarding condition, call function _ packet_
Hook carries out the process of described packet forwarding.
On the basis of the network equipment that embodiment one provides, the preferably described network equipment, arbitrary described data transmit-receive
After port accepts described packet, trawl performance function is called to process described packet.
Preferably, the described network equipment, the described data transmit-receive port meeting the forwarding condition of described packet is institute
State at least one non-described data transmit-receive port accepting described packet of the network equipment.
Preferably, the described network equipment, described data judge module judges that described forwarding condition includes:Bridge port
State be whether forword, described data package size whether less than the described network equipment mtu value, whether support gso, described
Packet whether meet respective rule, send the described data transmit-receive port of described packet whether with accept described packet
Described data transmit-receive port is identical.
It is further preferred that the described network equipment, described data processing module judges according to described data judge module
For not meeting described forwarding condition, described packet is carried out with burst or abandons operation.
Above-mentioned Fragmentation, refers to that link layer has this characteristic of MTU MTU, it limits Frame
Long length, different network types has a higher limit.If the length of transmission packet has exceeded MTU value and can be with burst
Transmission, will carry out Fragmentation to packet, make often a piece of length both less than or be equal to MTU value.Thus can will need
Data message to be transmitted is divided into some bursts to be transmitted, and is recombinated in goal systems.
3rd embodiment
The present embodiment mainly optimizes the flow process of Linux bridge data forwarding.As Fig. 3 third embodiment of the invention flow process
Shown in schematic diagram, comprise the following steps that:
(a) bridge port receiving data bag, after trawl performance, call function br_forward, realize data forwarding.
B (), in function br_forward, can be judged to port accordingly, if meet packet forwarding capability.
And needing whether the state judging bridge port is forword, if all met, carrying out next step forwarding process.
Need in (c) repeating process to judge the mtu value whether data package size is less than equipment, support gso, if set up,
Then calling dev_queue_xmit, transmission packet, if be false, discharging.
If d () conditions above is set up, skb accordingly can be changed, mainly in should_deliver function
In carry out, and judging whether to meet forwarding condition, if met, illustrating that packet ingress port is different with outlet port, and net
Bridge port state is forward, then carry out next step forwarding process.
E () is called br_flood function to realize packet and is forwarded, mainly carry out corresponding operating to skb and forwarding process,
Concrete grammar is first to clone modified skb, after to forward port be circulated traversal, it is to avoid packet receiving port identify
The not message of modification.For the port meeting forwarding condition, call function _ packet_hook carries out subsequent treatment.
F (), before packet is to the forwarding of other ports, needs to judge whether port meets in function br_deliver
Forward the specific rules of packet.
G (), in above operation, needs to call NF_HOOK to process respective rule, such as:Rule on forword chain,
Rule in post chain in bridging firewall carries out calling the rule in out chain, here in matching treatment and bridging firewall
On the basis of modification skb point to net dev, call br_forward_finish subsequently to be located the packet allowing to pass through
Reason.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of the spirit or essential attributes of the present invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Any reference in claim should not be considered as limiting involved claim.This
Outward it is clear that " inclusion " one word is not excluded for other units or step, odd number is not excluded for plural number.In device claim, statement is multiple
Unit or device can also be realized by software or hardware by a unit or device.The first, the second grade word is used for table
Show title, and be not offered as any specific order.
Claims (12)
1. a kind of data packet sending method is it is characterised in that the network equipment that described packet sends includes:At least two data
Transmitting-receiving port, data judge module, data processing module, methods described comprises the steps:
S100:One described data transmit-receive port accepts described packet;
S200:When described data judge module judges that described packets need passes through described data transmit-receive port forwarding, described
Data processing module is accordingly changed to the skb message in described packet;
S300:Described data processing module clones amended described skb message, and described data judge module is to all described numbers
It is circulated traversal according to transmitting-receiving port;
S400:For the described data transmit-receive port meeting described packet forwarding condition, realize described packet and forward.
2. data packet sending method according to claim 1 is it is characterised in that being accordingly revised as in described S200 step
Add vlan head to described packet.
3. data packet sending method according to claim 1 is it is characterised in that described S200 step includes S210 step
Suddenly:
S210:When described data judges that mould judges described network device state for forward, allow the behaviour further being forwarded
Make.
4. data packet sending method according to claim 1 is it is characterised in that described S200 step includes S220 step
Suddenly:
S220:When described data judges that mould judges that the capacity of packet is less than the mtu value of the described network equipment, and support gso, permit
Permitted the operation further being forwarded.
5. data packet sending method according to claim 1 is it is characterised in that described S400 step includes S410 step:
S410:Described packet carries out processing in accordance with code, and described code includes rule on forword chain, bridging firewall
The rule in out chain is called in rule in middle post chain or bridging firewall.
6. data packet sending method according to claim 1 is it is characterised in that described S400 step includes S420 step:
S420:When described data judge module judges that described packet meets respective rule, the described skb message of modification points to
net dev.
7. data packet sending method according to claim 1 is it is characterised in that described S400 step includes S430 step:
S430:For the described data transmit-receive port meeting described packet forwarding condition, call function _ packet_hook enters
The process that the described packet of row forwards.
8. a kind of network equipment, including at least two data sending and receiving end mouths, data judge module, data processing modules, its feature
It is,
Described data transmit-receive port, for accepting or sending packet;
Described data processing module, for changing the skb message in described packet;
Described data judge module, for judging to the forwarding condition of described packet, and to described data transmit-receive port
It is circulated traversal, find the described data transmit-receive port of the forwarding condition meeting described packet.
9. the network equipment according to claim 8 is it is characterised in that arbitrary described data transmit-receive port accepts described data
Bao Hou, calls trawl performance function to process described packet.
10. the network equipment according to claim 8 is it is characterised in that meet the described of the forwarding condition of described packet
Data transmit-receive port is at least one non-described data transmit-receive port accepting described packet of the described network equipment.
11. network equipments according to claim 8 are it is characterised in that described data judge module judges described forwarding bar
Part includes:The state of bridge port be whether forword, described data package size whether less than the described network equipment mtu value,
Whether support gso, described packet whether meet respective rule, send the described data transmit-receive port of described packet whether with
The described data transmit-receive port accepting described packet is identical.
12. network equipments according to claim 11 are it is characterised in that described data processing module is sentenced according to described data
Disconnected module is judged as not meeting described forwarding condition, described packet is carried out with burst or abandons operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610826351.7A CN106453022A (en) | 2016-09-14 | 2016-09-14 | Network device and data packet sending method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610826351.7A CN106453022A (en) | 2016-09-14 | 2016-09-14 | Network device and data packet sending method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106453022A true CN106453022A (en) | 2017-02-22 |
Family
ID=58167882
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610826351.7A Pending CN106453022A (en) | 2016-09-14 | 2016-09-14 | Network device and data packet sending method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106453022A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109697034A (en) * | 2018-12-19 | 2019-04-30 | 北京字节跳动网络技术有限公司 | A kind of method for writing data, device, electronic equipment and storage medium |
CN109803244A (en) * | 2017-11-17 | 2019-05-24 | 华为技术有限公司 | The method and apparatus of data transmission |
CN114007242A (en) * | 2021-09-24 | 2022-02-01 | 中盈优创资讯科技有限公司 | Method for positioning obstructed fault of 5G special line service |
CN114090095A (en) * | 2022-01-19 | 2022-02-25 | 苏州浪潮智能科技有限公司 | BIOS loading method and related components of CPU in multi-path server |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101385284A (en) * | 2006-02-16 | 2009-03-11 | 日本电气株式会社 | Node, network system, frame transfer method, and frame transfer program |
CN101789959A (en) * | 2009-12-30 | 2010-07-28 | 北京天融信科技有限公司 | SKB reusing method and device in multinuclear system |
CN102508783A (en) * | 2011-10-18 | 2012-06-20 | 深圳市共进电子股份有限公司 | Memory recovery method for avoiding data chaos |
CN102833155A (en) * | 2012-08-03 | 2012-12-19 | 中兴通讯股份有限公司 | Method and device for realizing three-layer communication on two-layer single board |
CN104168186A (en) * | 2014-07-01 | 2014-11-26 | 汉柏科技有限公司 | Message forwarding method and system based on network bridge |
-
2016
- 2016-09-14 CN CN201610826351.7A patent/CN106453022A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101385284A (en) * | 2006-02-16 | 2009-03-11 | 日本电气株式会社 | Node, network system, frame transfer method, and frame transfer program |
CN101789959A (en) * | 2009-12-30 | 2010-07-28 | 北京天融信科技有限公司 | SKB reusing method and device in multinuclear system |
CN102508783A (en) * | 2011-10-18 | 2012-06-20 | 深圳市共进电子股份有限公司 | Memory recovery method for avoiding data chaos |
CN102833155A (en) * | 2012-08-03 | 2012-12-19 | 中兴通讯股份有限公司 | Method and device for realizing three-layer communication on two-layer single board |
CN104168186A (en) * | 2014-07-01 | 2014-11-26 | 汉柏科技有限公司 | Message forwarding method and system based on network bridge |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109803244A (en) * | 2017-11-17 | 2019-05-24 | 华为技术有限公司 | The method and apparatus of data transmission |
CN109697034A (en) * | 2018-12-19 | 2019-04-30 | 北京字节跳动网络技术有限公司 | A kind of method for writing data, device, electronic equipment and storage medium |
CN109697034B (en) * | 2018-12-19 | 2022-04-29 | 北京字节跳动网络技术有限公司 | Data writing method and device, electronic equipment and storage medium |
CN114007242A (en) * | 2021-09-24 | 2022-02-01 | 中盈优创资讯科技有限公司 | Method for positioning obstructed fault of 5G special line service |
CN114007242B (en) * | 2021-09-24 | 2023-09-29 | 中盈优创资讯科技有限公司 | Method for locating failure of 5G private line service |
CN114090095A (en) * | 2022-01-19 | 2022-02-25 | 苏州浪潮智能科技有限公司 | BIOS loading method and related components of CPU in multi-path server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107948076B (en) | Method and device for forwarding message | |
KR101010465B1 (en) | Network security elements using endpoint resources | |
JP3123467B2 (en) | bridge | |
US7839848B2 (en) | Method, device and system for message transmission | |
CN106453022A (en) | Network device and data packet sending method | |
KR100708428B1 (en) | Selective address table aging in a network switch | |
US11165693B2 (en) | Packet forwarding | |
US10205788B2 (en) | Run-time actionable information exchange system in a secure environment | |
US10944667B2 (en) | Loop check packets | |
WO2023024416A1 (en) | Data transmission method, apparatus and device based on load balancing, and storage medium | |
US11522792B2 (en) | Method for discovering forwarding path and related device thereof | |
CN104852855A (en) | Congestion control method, device and equipment | |
JP3214454B2 (en) | Packet processing device with built-in program | |
CN106105098A (en) | Switch and the processing method of service request message | |
JP4022017B2 (en) | LAN relay device | |
CN100550829C (en) | By the monitoring link status port re-enabling | |
CN114598570B (en) | Multicast data message forwarding method and device | |
JP2003244223A (en) | Congestion control method, edge type packet transfer device and network | |
WO2022143597A1 (en) | Method for determining forwarding path of service chain and communication apparatus | |
US20220141153A1 (en) | Server communication method, broadband access server, and system | |
CN112637705B (en) | Method and device for forwarding in-band remote measurement message | |
CN111885068B (en) | Bypass deployment traffic distribution method and system | |
KR102412933B1 (en) | System and method for providing network separation service based on software-defined network | |
CN112840623B (en) | Data message transmission method and node | |
CN112152854A (en) | Information processing method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
RJ01 | Rejection of invention patent application after publication |