CN106453022A - Network device and data packet sending method - Google Patents

Network device and data packet sending method Download PDF

Info

Publication number
CN106453022A
CN106453022A CN201610826351.7A CN201610826351A CN106453022A CN 106453022 A CN106453022 A CN 106453022A CN 201610826351 A CN201610826351 A CN 201610826351A CN 106453022 A CN106453022 A CN 106453022A
Authority
CN
China
Prior art keywords
data
packet
described data
port
receive port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610826351.7A
Other languages
Chinese (zh)
Inventor
吴涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Feixun Data Communication Technology Co Ltd
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201610826351.7A priority Critical patent/CN106453022A/en
Publication of CN106453022A publication Critical patent/CN106453022A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4604LAN interconnection over a backbone network, e.g. Internet, Frame Relay
    • H04L12/462LAN interconnection over a bridge based backbone
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a data packet sending method. A network device for data packet sending comprises at least two data transceiver ports, a data judging module, and a data processing module. The method comprises the following steps: S100, one data transceiver port receives a data packet; S200, when the data judging module judges that the data packet needs to forwarded via the data transceiver port, the data processing module correspondingly modifies an skb message in the data packet; S300, the data processing module clones the modified skb message, and the data judging module loops through all the data transceiver ports; and S400, the data packet is forwarded via the data transceiver port meeting data packet forwarding conditions.

Description

A kind of network equipment data packet transmission method
Technical field
The application is related to internetworking technologies field, and under more particularly, to a kind of (SuSE) Linux OS, bridge carries out data Forward the technical problem that network interface is circulated with traversal.
Background technology
Whether allow this data during mobile data on network it is thus necessary to determine that on network, if it is allowed, then needing Where data to be determined will be sent to.When data is sent to destination from source, network can determine transmitting terminal and Whether whether receiving terminal be all effectively and to allow using this network, and will how processing data.Transmission control protocol/Yin Te FidonetFido (TCP/IP) data is typically transmitted in the form of frames, and described frame includes at least two parts, address header sum According to load.Can find from the address header of quintuple form and be generally used for the letter to destination transmission data by network Breath, described five-tuple includes following fields:Source address, destination address, source port, destination interface and agreement.
In general gateway device, be divided into WAN-side and LAN side, WAN-side be incoming end, be responsible for link internet or Communication network, LAN side be user's incoming end, generally, LAN side can exist multiple Ethernet interfaces link respectively various Gateway terminal equipment.In home network environment, general terminal device has the nets such as PC, Set Top Box, the networking telephone or global eyes Network equipment, in enterprise's application, networking is increasingly complex, and all of network equipment is all accessed by gateway device, including each Plant application server, network terminal etc., species complexity is various, once loop problem occurs in certain network, or ring Road occurs in inside access gateway, all can directly affect gateway work and the normal access of other network equipments.But due to net Tube terminal equipment is excessive, and wiring is numerous and diverse, cannot quickly know again and specifically break down at which, can only do comprehensive carpet Formula checks, so not only wastes time and energy, is also not easily found accurate certain faults, or even thinks that comprehensive inspection causes new Fault.
Used packet in Linux bridge forwards function to be broadly divided into two kinds at present, and one kind is that data is forwarded to Specific port, another kind is data diffusion, and searching loop forwards and is diffused into all of the port.For the former, functional realiey is main It is embodied in two aspects:The data forwarding that inlet flow rate and rate of discharge are carried out respectively.Wherein, data is carried out to inlet flow rate Forwarding is exactly that one of bridge group bridge port receives to packet in fact, after trawl performance, calls netif_ The functions such as receive_skb, handle_bridge, br_handle_frame, last call function br_forward is realizing Data forwarding.Rate of discharge is carried out first have to during data forwarding setting up route wan and connects, if the data of outer net want and When the terminal of lan carries out data transmission, outer network data can be set up with wan interface first and be connected, and then wan interface passes through road By rule and arp, the network data of needs can be sent from bridge, last bridge will call br->netdev_ ops->Ndo_start_xmit, i.e. br_dev_xmit, can call br_deliver, br_flood_ in br_dev_xmit Deliver, carries out the forwarding of rate of discharge.Data diffusion is equally divided into the diffusion of inlet flow rate and the diffusion of rate of discharge, needs Call an important function br_flood, the mainly already present all of the port of searching loop, for meeting data forwarding The port of condition, call function _ _ packet_hook carries out subsequent treatment.
Address resolution protocol, i.e. ARP (Address Resolution Protocol), is to obtain physics according to IP address One ICP/IP protocol of address.Main frame sends the institute being broadcast to, during information, the ARP request comprising target ip address on network There is main frame, and receive return message, the physical address of target is determined with this;Receive after return message by this IP address and physically Location is stored in the machine arp cache and retains certain time, directly inquires about arp cache to economize on resources during request next time.Address solves Analysis agreement is built upon on the basis of in network, each main frame trusts each other, and the main frame on network can independently send ARP should Answer message, other main frames receive and will not detect during response message that the authenticity of this message will be logged into the machine arp cache;By This attacker just can send pseudo- arp reply message to a certain main frame so as to the information that sends cannot reach expected main frame or Reach the main frame of mistake, this just constitutes an ARP deception.ARP order can be used for inquire about the machine arp cache in IP address and The corresponding relation of MAC Address, interpolation or the static corresponding relation of deletion etc..Related protocol has RARP, proxy ARP.NDP is used for Address resolution protocol is replaced in IPv6.
Chinese Patent Application No. is CN201210525155.8, this invention the present invention relates to network communication technology field, especially It is related to the method for the detection of gateway device dynamically loop, protection and static loop detection.The effect of the present invention is:When confirmation is deposited In loop, the reception immediately closing off loop interface is interrupted, and protects gateway device not under fire, and opens loop warning light, tells There are loop situations in user, then whether detection loop releases, once loop releases, just reopens in the reception of loop interface Disconnected, close closed-loop warning light, once from the above, it is seen that loop situations in equipment, gateway device can find and adopt Safeguard measure is so that other non-loop link energy normal works, and the interface that there is loop is monitored, when loop releases Afterwards at once just can be with normal work.
Chinese Patent Application No. is CN200510018238.8, the invention provides a kind of MAC bridge coil, such as ether Net, the method and apparatus of loop discovery, space reuse and pretection switch.The Topology Discovery controlling bridge periodically transmission of loop Message returns through whole loop and controls bridge, records the bridge in loop and link condition.Bridge is controlled to indicate by topology Topology information is noticed other bridges of loop, and specify protection bridge and protection port.Protection bridge blocks protection port, keeps away Exempt from data to circulate in the loop.Bridge selects shortest path according to topology information, realizes space reuse, simultaneously using heartbeat message The connectedness of detection link, and when finding link failure, notify protection bridge to realize quick protective switch.The present invention can be Comprise in the complex topology structure network of multiple loops, find loop topology or by Spanning-Tree Protocol cluster by configuring Agreement finds loop topology automatically, improves loop space utilization ratio, realizes the quick protective switch within 50ms.
Patent disclosed above, the meeting that unresolved modification skb message leads to affects the realization of vlan function, also can affect end The realization of end subscriber isolation features.Currently solution to the problems described above mainly can again add an entrance function to realize Data receiver and the function of forwarding.The shortcoming of this method is increased workload, the serious time taking product development, also Other unknown defects may be introduced, there is very big uncertainty.
Content of the invention the invention provides under a kind of (SuSE) Linux OS bridge data forwarding traversal is circulated to network interface New solution.It is sometimes desirable to be communicated between different network interfaces in network data transmission, meeting during communication Searching loop successively is carried out to the network interface of all presence, is operated accordingly to meeting the network interface requiring, behaviour mentioned here Make the most basic ping that is just by operate, when a network interface removes ping another one network interface, no matter transmitting message is carried out What kind of construction, all without the specific function of impact.The present invention is achieved by the following technical solutions:
A kind of data packet sending method, the network equipment that described packet sends includes:At least two data sending and receiving end mouths, Data judge module, data processing module, methods described comprises the steps:
S100:One described data transmit-receive port accepts described packet;
S200:When described data judge module judges that described packets need passes through described data transmit-receive port forwarding, Described data processing module is accordingly changed to the skb message in described packet;
S300:Described data processing module clones amended described skb message, and described data judge module is to all institutes State data transmit-receive port and be circulated traversal;
S400:For the described data transmit-receive port meeting described packet forwarding condition, realize described packet and forward.
Clone amended described skb message, specifically refer to, skb_clone is that linux kernel operates to SKB Function.If a SKB can be by different user's independent operations, and these users may simply change certain in SKB descriptor A little field values, then kernel need not be a complete SKB description of each user duplication and its corresponding data buffer area, in order to Improve performance, only make clone operations.
Mentioning in literary composition is exactly to use skb_clone function by amended SKB clone, simply replicates sk_buff Structure, does not replicate the data buffer zone of skb.Sk_buff structure after Clone points to same data with original sk_buff Buffering area.The cloned value of the skb descriptor after original and clone all can be set to the users of the skb descriptor of 1, clone Value puts 1, and the reference count dataref of data buffer zone increases by 1 simultaneously, in order to avoid shared data is discharged in advance.
Further, described data packet sending method, being accordingly revised as in described S200 step adds to described packet Plus v l an head.
Further, described data packet sending method, described S200 step includes S210 step:
S210:When described data judges that mould judges described network device state for forword, allow forwarded to enter one Step operation.The message that above-mentioned forward state refers to meets the state forwarding requirement and being forwarded, and specifically can be divided into Local forwarding (local in) and concentration forward (forwarding).Local forwarding refers to be sent to native protocol stack, collects transfer Send out is then forwarding between port and port.
Further, described data packet sending method, described S200 step includes S220 step:
S220:When described data judges that mould judges that the capacity of packet is less than the mtu value of the described network equipment, and support Gso, allows the operation further being forwarded.
Above-mentioned mtu value, the maximum data packet size referring to pass through above a kind of a certain layer of communication protocol (with byte is Unit).Suitable MTU value is set, communication efficiency can be improved.
Above-mentioned GSO, process is delayed in as general segmentation.Refer to network interface card when supporting GSO function, (big for super large packet In MTU value), kernel can be by the delays in work of segmentation to the eve giving driving.If network interface card does not support this function, kernel With the mode of software, burst is carried out to packet.
Further, described data packet sending method, described S400 step includes S410 step:
S410:Described packet carries out processing in accordance with code, and described code includes rule on forword chain, bridge is prevented The rule in out chain is called in rule in post chain in wall with flues or bridging firewall.
Further, described data packet sending method, described S400 step includes S420 step:
S420:When described data judge module judges that described packet meets respective rule, change described skb message and refer to To net dev.
Above-mentioned net dev be net device write a Chinese character in simplified form it is simply that the meaning of " network equipment ".Corresponding to the number in linux According to structure net_device structure, major function is the unification realizing multiple hardwares on software level.Net_device ties Structure is divided into five parts such as overall member, hardware associated member, interface associated member, device, method member and public member.
Further, described data packet sending method, described S400 step includes S430 step:
S430:For the described data transmit-receive port meeting described packet forwarding condition, call function _ packet_ Hook carries out the process of described packet forwarding.
Present invention also offers a kind of network equipment, including at least two data sending and receiving end mouths, data judge module, data Processing module,
Described data transmit-receive port, for accepting or sending packet;
Described data processing module, for changing the skb message in described packet;
Described data judge module, for judging to the forwarding condition of described packet, and to described data transmit-receive Port is circulated traversal, finds the described data transmit-receive port of the forwarding condition meeting described packet.
Further, the described network equipment, after arbitrary described data transmit-receive port accepts described packet, calls network interface card to drive Dynamic function processes described packet.
Further, the described network equipment, the described data transmit-receive port meeting the forwarding condition of described packet is institute State at least one non-described data transmit-receive port accepting described packet of the network equipment.
Further, the described network equipment, described data judge module judges that described forwarding condition includes:Bridge port State be whether forword, described data package size whether less than the described network equipment mtu value, whether support gso, described Packet whether meet respective rule, send the described data transmit-receive port of described packet whether with accept described packet Described data transmit-receive port is identical.
Further, the described network equipment, described data processing module is judged as not according to described data judge module Meet described forwarding condition, described packet is carried out with burst or abandons operation.
Above-mentioned Fragmentation, refers to that link layer has this characteristic of MTU MTU, it limits Frame Long length, different network types has a higher limit.If the length of transmission packet has exceeded MTU value and can be with burst Transmission, will carry out Fragmentation to packet, make often a piece of length both less than or be equal to MTU value.Thus can will need Data message to be transmitted is divided into some bursts to be transmitted, and is recombinated in goal systems.
The present invention one of at least has the advantages that:
1., instant invention overcomes original packet forwards, if modification message, not only can affect the realization of vlan function, also can The technical problem of the realization of impact terminal use's isolation features.
2. the present invention gives the network equipment and forwards the ability carrying out automatic detection and modification message according to packet.
3. the present invention greatly facilitates bridge class network equipment erection work.
4. the present invention can accomplish automatically, efficiently and conveniently complete the forwarding work of packet in internet.
5th, the automatic modification message of present invention offer, copy packet, the network interface searching loop of the network equipment send corresponding number According to bag method, reliability is high, simultaneously execution efficiency height, applied range.
Brief description
With reference to the accompanying drawings and detailed description the present invention is described in further detail:
Fig. 1 is first embodiment of the invention schematic flow sheet;
Fig. 2 is first embodiment of the invention module diagram;
Fig. 3 is third embodiment of the invention schematic flow sheet.
Description of reference numerals
The 1000- network equipment;100- data transmit-receive port;200- data judge module;300- data processing module.
Specific embodiment
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing Have technology description in required use accompanying drawing be briefly described it should be apparent that, below explanation and accompanying drawing for the present invention It is exemplary, and be understood not to limit the present invention.Following description describe numerous details to facilitate to this Sensible solution.However, in some instances, details that know or routine does not simultaneously specify, the requirement succinct to meet specification.
In one typical computing hardware configuration of the application, client/terminal, the network equipment and trusted party all include one Individual or multiple processor (CPU), input/output interface, network interface and internal memory.
Client in the present invention, mobile terminal or the network equipment include processor, process containing single core processor or multinuclear Device.Processor is alternatively referred to as one or more microprocessors, CPU (CPU) etc..More specifically, processor can be Complicated instruction set calculates (CISC) microprocessor, Jing Ke Cao Neng (RISC) microprocessor, very long instruction word (VLIW) Microprocessor, realize the processor of other instruction set, or realize the processor of instruction set combination.Processor also can be one or many Individual application specific processor, such as special IC (ASIC), field programmable gate array (FPGA), digital signal processor (DSP), network processing unit, graphic process unit, network processing unit, communication processor, cipher processor, coprocessor, embedded Processor or be capable of process instruction any other type logical block.Processor is used for executing the behaviour that the present invention is discussed Make the instruction with step.
Client in the present invention, mobile terminal or the network equipment include memory, for storing big data, it may include one Individual or multiple volatile storage devices, such as random access memory (RAM), dynamic ram (DRAM), synchronous dram (SDRAM), quiet State RAM (SRAM) or other kinds of storage device.Memory can store including being executed by processor or any other equipment The information of command sequence.For example, several operation systems, device driver, firmware (for example, input and output fundamental system or ) and/or the executable code of application program and/or data can be loaded in memory and by computing device BIOS.
The operating system of the client in the present invention, mobile terminal or the network equipment can be any kind of operating system, Windows, Windows Phone of such as Microsoft, Apple IOS, the Android of Google, and Linux, Unix operating system or other in real time or embedded OS VxWorks etc..
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing Have technology description in required use accompanying drawing be briefly described it should be apparent that, below explanation and accompanying drawing for the present invention It is exemplary, and be understood not to limit the present invention.Following description describe numerous details to facilitate to this Sensible solution.However, in some instances, details that know or routine does not simultaneously specify, the requirement succinct to meet specification.This The concrete Apparatus and method for of invention is referring to following embodiments:
The code block mainly realizing function br_flood in existing solution is as follows:
Can be seen that from code:The logic of this function is all of the port under first searching loop bridge, for meeting number According to the port of the condition of forwarding, after replicating a skb, call function _ packet_hook carries out subsequent treatment.In addition, from code In it can be seen that the process of function loops, always delayed p port numbers are (such as prev port numbers:When p is ath31, prev is When NULL, p are ath30, when prev is ath29 for ath31, p, prev is ath30, traverses eth0 end by that analogy always Mouthful).The benefit of this logic implementations is the order that can ensure searching loop network interface well, but this method is necessary There is individual premise, skb can not be changed accordingly during data forwarding, if having modified (such as:Add corresponding Heading) carry out network interface searching loop again it may appear that some port identification not corresponding message, lead between port and port Can not be communicated, and then be affected the realization of concrete function.
The eth0 being previously mentioned in literary composition is the Ethernet access mouth of wireless aps, and ath0, ath1, ath2 etc. refer to The radio network interface that Atheros chip is comprised.Typically, access in radio mouth is eth0 mouth, and wireless network access port is athx Mouth (x is 0~31)
During product development, when adding concrete New function according to demand, can be in function should_deliver Add the process function to data message, and manage the operation often having in function to skb modification in this place, such as add industry During business vlan function, VLAN head can be added when sending port is for eth0 to skb.At this moment, when the terminal being connected to ath0 port During going ping to be connected to the terminal on other ports, traversal can be circulated to port, when p traverses ath0, meeting The situation skipping transmission processe, because when searching loop is to ath0, should_deliver in br_flood in function occur (p, skb) is not true (reason:The message of a duplication itself will not be sent toward inbound port), so not executing if (should_ Deliver (p, skb)) internal code, and now prev is ath1.When traversing eth0, as described above Vlan head can be added to message, this leads to ensuing skb_clone to replicate one in should_deliver processing procedure Message with VLAN head sends from ath1 interface.And the message of the terminal nonrecognition band vlan information of connectivity port ath1, so Ping obstructed situation occurs.
In addition, when the terminal being connected to athx (x is not equal to 0) interface goes ping to be connected to the terminal on other interfaces, When port p traverses eth0, prev is port ath0, simultaneously again because can be to message in should_deliver processing procedure Add vlan head, so occurring that the message that ping sends adds the situation of vlan information.So no matter be attached to which end Mouth (except ath0), goes ping to be connected to the terminal of ath0, the obstructed situation of ping all can.
By above description, not only can affect the realization of vlan function, also can affect the realization of terminal use's isolation features, institute The flow process of data is forwarded to improve so that searching loop network interface should be changed.
First embodiment
The present embodiment provides a kind of data packet sending method, in order to solve the above problems, the network that described packet sends Equipment includes:At least two data sending and receiving end mouths, data judge module, data processing modules, methods described comprises the steps:
S100:One described data transmit-receive port accepts described packet;
S200:When described data judge module judges that described packets need passes through described data transmit-receive port forwarding, Described data processing module is accordingly changed to the skb message in described packet;
S300:Described data processing module clones amended described skb message, and described data judge module is to all institutes State data transmit-receive port and be circulated traversal;
S400:For the described data transmit-receive port meeting described packet forwarding condition, realize described packet and forward.
Clone amended described skb message, specifically refer to, skb_clone is that linux kernel operates to SKB Function.If a SKB can be by different user's independent operations, and these users may simply change certain in SKB descriptor A little field values, then kernel need not be a complete SKB description of each user duplication and its corresponding data buffer area, in order to Improve performance, only make clone operations.
Mentioning in literary composition is exactly to use skb_clone function by amended SKB clone, simply replicates sk_buff Structure, does not replicate the data buffer zone of skb.Sk_buff structure after Clone points to same data with original sk_buff Buffering area.The cloned value of the skb descriptor after original and clone all can be set to the users of the skb descriptor of 1, clone Value puts 1, and the reference count dataref of data buffer zone increases by 1 simultaneously, in order to avoid shared data is discharged in advance.
Preferably, described data packet sending method, being accordingly revised as in described S200 step adds to described packet Plus vlan head.
The present embodiment also provides a kind of network equipment, including at least two data sending and receiving end mouths, data judge module, data Processing module,
Described data transmit-receive port, for accepting or sending packet;
Described data processing module, for changing the skb message in described packet;
Described data judge module, for judging to the forwarding condition of described packet, and to described data transmit-receive Port is circulated traversal, finds the described data transmit-receive port of the forwarding condition meeting described packet.
Second embodiment
On the basis of embodiment one, preferably described data packet sending method, described S200 step includes S210 Step:
S210:When described data judges that mould judges described network device state for forword, allow forwarded to enter one Step operation.The message that above-mentioned forward state refers to meets the state forwarding requirement and being forwarded, and specifically can be divided into Local forwarding (local in) and concentration forward (forwarding).Local forwarding refers to be sent to native protocol stack, collects transfer Send out is then forwarding between port and port.
It is further preferred that described data packet sending method, described S200 step includes S220 step:
S220:When described data judges that mould judges that the capacity of packet is less than the mtu value of the described network equipment, and support Gso, allows the operation further being forwarded.
Above-mentioned mtu value, the maximum data packet size referring to pass through above a kind of a certain layer of communication protocol (with byte is Unit).Suitable MTU value is set, communication efficiency can be improved.
Above-mentioned GSO, process is delayed in as general segmentation.Refer to network interface card when supporting GSO function, (big for super large packet In MTU value), kernel can be by the delays in work of segmentation to the eve giving driving.If network interface card does not support this function, kernel With the mode of software, burst is carried out to packet.
Preferably, described data packet sending method, described S400 step includes S410 step:
S410:Described packet carries out processing in accordance with code, and described code includes rule on forword chain, bridge is prevented The rule in out chain is called in rule in post chain in wall with flues or bridging firewall.
Preferably, described data packet sending method, described S400 step includes S420 step:
S420:When described data judge module judges that described packet meets respective rule, change described skb message and refer to To net dev.
Above-mentioned net dev be net device write a Chinese character in simplified form it is simply that the meaning of " network equipment ".Corresponding to the number in linux According to structure net_device structure, major function is the unification realizing multiple hardwares on software level.Net_device ties Structure is divided into five parts such as overall member, hardware associated member, interface associated member, device, method member and public member.
Preferably, described data packet sending method, described S400 step includes S430 step:
S430:For the described data transmit-receive port meeting described packet forwarding condition, call function _ packet_ Hook carries out the process of described packet forwarding.
On the basis of the network equipment that embodiment one provides, the preferably described network equipment, arbitrary described data transmit-receive After port accepts described packet, trawl performance function is called to process described packet.
Preferably, the described network equipment, the described data transmit-receive port meeting the forwarding condition of described packet is institute State at least one non-described data transmit-receive port accepting described packet of the network equipment.
Preferably, the described network equipment, described data judge module judges that described forwarding condition includes:Bridge port State be whether forword, described data package size whether less than the described network equipment mtu value, whether support gso, described Packet whether meet respective rule, send the described data transmit-receive port of described packet whether with accept described packet Described data transmit-receive port is identical.
It is further preferred that the described network equipment, described data processing module judges according to described data judge module For not meeting described forwarding condition, described packet is carried out with burst or abandons operation.
Above-mentioned Fragmentation, refers to that link layer has this characteristic of MTU MTU, it limits Frame Long length, different network types has a higher limit.If the length of transmission packet has exceeded MTU value and can be with burst Transmission, will carry out Fragmentation to packet, make often a piece of length both less than or be equal to MTU value.Thus can will need Data message to be transmitted is divided into some bursts to be transmitted, and is recombinated in goal systems.
3rd embodiment
The present embodiment mainly optimizes the flow process of Linux bridge data forwarding.As Fig. 3 third embodiment of the invention flow process Shown in schematic diagram, comprise the following steps that:
(a) bridge port receiving data bag, after trawl performance, call function br_forward, realize data forwarding.
B (), in function br_forward, can be judged to port accordingly, if meet packet forwarding capability. And needing whether the state judging bridge port is forword, if all met, carrying out next step forwarding process.
Need in (c) repeating process to judge the mtu value whether data package size is less than equipment, support gso, if set up, Then calling dev_queue_xmit, transmission packet, if be false, discharging.
If d () conditions above is set up, skb accordingly can be changed, mainly in should_deliver function In carry out, and judging whether to meet forwarding condition, if met, illustrating that packet ingress port is different with outlet port, and net Bridge port state is forward, then carry out next step forwarding process.
E () is called br_flood function to realize packet and is forwarded, mainly carry out corresponding operating to skb and forwarding process, Concrete grammar is first to clone modified skb, after to forward port be circulated traversal, it is to avoid packet receiving port identify The not message of modification.For the port meeting forwarding condition, call function _ packet_hook carries out subsequent treatment.
F (), before packet is to the forwarding of other ports, needs to judge whether port meets in function br_deliver Forward the specific rules of packet.
G (), in above operation, needs to call NF_HOOK to process respective rule, such as:Rule on forword chain, Rule in post chain in bridging firewall carries out calling the rule in out chain, here in matching treatment and bridging firewall On the basis of modification skb point to net dev, call br_forward_finish subsequently to be located the packet allowing to pass through Reason.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie In the case of the spirit or essential attributes of the present invention, the present invention can be realized in other specific forms.Therefore, no matter From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling Change is included in the present invention.Any reference in claim should not be considered as limiting involved claim.This Outward it is clear that " inclusion " one word is not excluded for other units or step, odd number is not excluded for plural number.In device claim, statement is multiple Unit or device can also be realized by software or hardware by a unit or device.The first, the second grade word is used for table Show title, and be not offered as any specific order.

Claims (12)

1. a kind of data packet sending method is it is characterised in that the network equipment that described packet sends includes:At least two data Transmitting-receiving port, data judge module, data processing module, methods described comprises the steps:
S100:One described data transmit-receive port accepts described packet;
S200:When described data judge module judges that described packets need passes through described data transmit-receive port forwarding, described Data processing module is accordingly changed to the skb message in described packet;
S300:Described data processing module clones amended described skb message, and described data judge module is to all described numbers It is circulated traversal according to transmitting-receiving port;
S400:For the described data transmit-receive port meeting described packet forwarding condition, realize described packet and forward.
2. data packet sending method according to claim 1 is it is characterised in that being accordingly revised as in described S200 step Add vlan head to described packet.
3. data packet sending method according to claim 1 is it is characterised in that described S200 step includes S210 step Suddenly:
S210:When described data judges that mould judges described network device state for forward, allow the behaviour further being forwarded Make.
4. data packet sending method according to claim 1 is it is characterised in that described S200 step includes S220 step Suddenly:
S220:When described data judges that mould judges that the capacity of packet is less than the mtu value of the described network equipment, and support gso, permit Permitted the operation further being forwarded.
5. data packet sending method according to claim 1 is it is characterised in that described S400 step includes S410 step:
S410:Described packet carries out processing in accordance with code, and described code includes rule on forword chain, bridging firewall The rule in out chain is called in rule in middle post chain or bridging firewall.
6. data packet sending method according to claim 1 is it is characterised in that described S400 step includes S420 step:
S420:When described data judge module judges that described packet meets respective rule, the described skb message of modification points to net dev.
7. data packet sending method according to claim 1 is it is characterised in that described S400 step includes S430 step:
S430:For the described data transmit-receive port meeting described packet forwarding condition, call function _ packet_hook enters The process that the described packet of row forwards.
8. a kind of network equipment, including at least two data sending and receiving end mouths, data judge module, data processing modules, its feature It is,
Described data transmit-receive port, for accepting or sending packet;
Described data processing module, for changing the skb message in described packet;
Described data judge module, for judging to the forwarding condition of described packet, and to described data transmit-receive port It is circulated traversal, find the described data transmit-receive port of the forwarding condition meeting described packet.
9. the network equipment according to claim 8 is it is characterised in that arbitrary described data transmit-receive port accepts described data Bao Hou, calls trawl performance function to process described packet.
10. the network equipment according to claim 8 is it is characterised in that meet the described of the forwarding condition of described packet Data transmit-receive port is at least one non-described data transmit-receive port accepting described packet of the described network equipment.
11. network equipments according to claim 8 are it is characterised in that described data judge module judges described forwarding bar Part includes:The state of bridge port be whether forword, described data package size whether less than the described network equipment mtu value, Whether support gso, described packet whether meet respective rule, send the described data transmit-receive port of described packet whether with The described data transmit-receive port accepting described packet is identical.
12. network equipments according to claim 11 are it is characterised in that described data processing module is sentenced according to described data Disconnected module is judged as not meeting described forwarding condition, described packet is carried out with burst or abandons operation.
CN201610826351.7A 2016-09-14 2016-09-14 Network device and data packet sending method Pending CN106453022A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610826351.7A CN106453022A (en) 2016-09-14 2016-09-14 Network device and data packet sending method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610826351.7A CN106453022A (en) 2016-09-14 2016-09-14 Network device and data packet sending method

Publications (1)

Publication Number Publication Date
CN106453022A true CN106453022A (en) 2017-02-22

Family

ID=58167882

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610826351.7A Pending CN106453022A (en) 2016-09-14 2016-09-14 Network device and data packet sending method

Country Status (1)

Country Link
CN (1) CN106453022A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109697034A (en) * 2018-12-19 2019-04-30 北京字节跳动网络技术有限公司 A kind of method for writing data, device, electronic equipment and storage medium
CN109803244A (en) * 2017-11-17 2019-05-24 华为技术有限公司 The method and apparatus of data transmission
CN114007242A (en) * 2021-09-24 2022-02-01 中盈优创资讯科技有限公司 Method for positioning obstructed fault of 5G special line service
CN114090095A (en) * 2022-01-19 2022-02-25 苏州浪潮智能科技有限公司 BIOS loading method and related components of CPU in multi-path server

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101385284A (en) * 2006-02-16 2009-03-11 日本电气株式会社 Node, network system, frame transfer method, and frame transfer program
CN101789959A (en) * 2009-12-30 2010-07-28 北京天融信科技有限公司 SKB reusing method and device in multinuclear system
CN102508783A (en) * 2011-10-18 2012-06-20 深圳市共进电子股份有限公司 Memory recovery method for avoiding data chaos
CN102833155A (en) * 2012-08-03 2012-12-19 中兴通讯股份有限公司 Method and device for realizing three-layer communication on two-layer single board
CN104168186A (en) * 2014-07-01 2014-11-26 汉柏科技有限公司 Message forwarding method and system based on network bridge

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101385284A (en) * 2006-02-16 2009-03-11 日本电气株式会社 Node, network system, frame transfer method, and frame transfer program
CN101789959A (en) * 2009-12-30 2010-07-28 北京天融信科技有限公司 SKB reusing method and device in multinuclear system
CN102508783A (en) * 2011-10-18 2012-06-20 深圳市共进电子股份有限公司 Memory recovery method for avoiding data chaos
CN102833155A (en) * 2012-08-03 2012-12-19 中兴通讯股份有限公司 Method and device for realizing three-layer communication on two-layer single board
CN104168186A (en) * 2014-07-01 2014-11-26 汉柏科技有限公司 Message forwarding method and system based on network bridge

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109803244A (en) * 2017-11-17 2019-05-24 华为技术有限公司 The method and apparatus of data transmission
CN109697034A (en) * 2018-12-19 2019-04-30 北京字节跳动网络技术有限公司 A kind of method for writing data, device, electronic equipment and storage medium
CN109697034B (en) * 2018-12-19 2022-04-29 北京字节跳动网络技术有限公司 Data writing method and device, electronic equipment and storage medium
CN114007242A (en) * 2021-09-24 2022-02-01 中盈优创资讯科技有限公司 Method for positioning obstructed fault of 5G special line service
CN114007242B (en) * 2021-09-24 2023-09-29 中盈优创资讯科技有限公司 Method for locating failure of 5G private line service
CN114090095A (en) * 2022-01-19 2022-02-25 苏州浪潮智能科技有限公司 BIOS loading method and related components of CPU in multi-path server

Similar Documents

Publication Publication Date Title
CN107948076B (en) Method and device for forwarding message
KR101010465B1 (en) Network security elements using endpoint resources
JP3123467B2 (en) bridge
US7839848B2 (en) Method, device and system for message transmission
CN106453022A (en) Network device and data packet sending method
KR100708428B1 (en) Selective address table aging in a network switch
US11165693B2 (en) Packet forwarding
US10205788B2 (en) Run-time actionable information exchange system in a secure environment
US10944667B2 (en) Loop check packets
WO2023024416A1 (en) Data transmission method, apparatus and device based on load balancing, and storage medium
US11522792B2 (en) Method for discovering forwarding path and related device thereof
CN104852855A (en) Congestion control method, device and equipment
JP3214454B2 (en) Packet processing device with built-in program
CN106105098A (en) Switch and the processing method of service request message
JP4022017B2 (en) LAN relay device
CN100550829C (en) By the monitoring link status port re-enabling
CN114598570B (en) Multicast data message forwarding method and device
JP2003244223A (en) Congestion control method, edge type packet transfer device and network
WO2022143597A1 (en) Method for determining forwarding path of service chain and communication apparatus
US20220141153A1 (en) Server communication method, broadband access server, and system
CN112637705B (en) Method and device for forwarding in-band remote measurement message
CN111885068B (en) Bypass deployment traffic distribution method and system
KR102412933B1 (en) System and method for providing network separation service based on software-defined network
CN112840623B (en) Data message transmission method and node
CN112152854A (en) Information processing method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222

RJ01 Rejection of invention patent application after publication