CN106878308A - A kind of icmp packet matching system and method - Google Patents
A kind of icmp packet matching system and method Download PDFInfo
- Publication number
- CN106878308A CN106878308A CN201710093520.5A CN201710093520A CN106878308A CN 106878308 A CN106878308 A CN 106878308A CN 201710093520 A CN201710093520 A CN 201710093520A CN 106878308 A CN106878308 A CN 106878308A
- Authority
- CN
- China
- Prior art keywords
- module
- icmp packet
- address
- legal
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 12
- 238000011282 treatment Methods 0.000 claims abstract description 12
- 238000013500 data storage Methods 0.000 claims description 3
- 238000004080 punching Methods 0.000 claims description 3
- 238000011269 treatment regimen Methods 0.000 claims description 3
- 230000004913 activation Effects 0.000 claims description 2
- 238000003860 storage Methods 0.000 abstract description 5
- 230000014759 maintenance of location Effects 0.000 abstract description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The present invention provides a kind of icmp packet matching system and method, belongs to network data exchange field, and the present invention includes strategy analyzing module, packet parsing module, Hash operation module, clash handle module, policy store module and comparison match module.Hash treatment is carried out by using segment message parameter, segment message parameter storage, icmp packet only needs to compare TYPE types when matching.On the premise of the accuracy of strategy matching is ensured, message protocol policy store cost is reduced, improve message matching efficiency, be that other protocol strategy storages leave domain amount.
Description
Technical field
The present invention relates to network data exchange field, more particularly to a kind of icmp packet matching system and method.
Background technology
ICMP(Internet Control Message Protocol)Internet Control Message Protocol is TCP/IP associations
A sub-protocol of race is discussed, for transmitting control message between IP main frames, router.Including network it is unobstructed, main frame is reachable, road
Internet message is waited by available.Although not transmitting user data, the transmission for user data plays an important role.
In specific topological network, the treatment plan of possible in store thousands of each protocol massages of bar of switching equipment
Slightly.When specified packet is reached, it is necessary to carry out five-tuple matching so that it is determined that the port numbers position of the strategy taken, wherein ICMP becomes
Into TYPE types and CODE types, according to general TCP or udp protocol same strategy matching method, storage can be increased
Tactful bar number, so as to storage redundancy can be increased, reduces strategy matching efficiency.
The content of the invention
In order to solve the above technical problems, the present invention is for TYPE similar properties in ICMP strategies and message, it is proposed that one
Plant icmp packet matching system.
The technical solution adopted in the present invention is:
A kind of icmp packet matching system,
Including strategy analyzing module, packet parsing module, Hash operation module, clash handle module, policy store module and ratio
Compared with matching module;
Wherein,
Strategy analyzing module, processes strategy, by the strategy after parsing for receiving and parsing through the icmp packet that front stage circuits are issued
Data is activation is to the Hash operation module and policy store module;
Packet parsing module, the icmp packet of automatic network is carried out for receiving and parsing through, and the message data after parsing is sent to Kazakhstan
Uncommon computing module and comparison match module;
Hash operation module, policy data or message data for receiving input, Kazakhstan is mapped out by certain hash function
Uncommon result, through output end access interference processing module and the high address input of policy store module;
Clash handle module, for recording or inquiring about number of times and the corresponding policy store module that identical Hash output result occurs
Low order address;
Policy store module, exports public for policy data storage to be arrived by the output of Hash operation module and clash handle module
In the address specified;
Comparison match module, for message data and policy data to be carried out into matching comparing, and result is exported.
Policy data after parsing includes legal icmp packet source IP address, legal purpose IP address, legal
Icmp packet TYPE types, legal icmp packet direction, icmp packet processing mode.
Legal icmp packet TYPE types are represented that each position one represents bag in strategy by the bit data form of 11
Containing corresponding TYPE types.
Message data after parsing includes icmp packet source IP address, icmp packet purpose IP address, icmp packet TYPE
Type;
Icmp packet TYPE types after parsing are represented that a certain position one represents that the message is phase by the bit data form of 11
The TYPE types answered;
The invention also discloses a kind of icmp packet matching process, comprise the following steps,
(1)Front stage circuits issue legal icmp packet treatment strategy to strategy analyzing module;
(2)The legal icmp packet source IP address that to parse, legal purpose IP address, the icmp packet of 11 full zero setting
TYPE types carry out Hash operation, and result is carried out into clash handle;
(3)Legal icmp packet TYPE types, legal icmp packet direction, the icmp packet treatment that step 2 is parsed
Mode is stored in the policy store module's address constituted with Hash result and clash handle result;
(4)Icmp packet is reached, and is parsed through packet parsing module;
(5)The source IP address that parses, purpose IP address, the icmp packet TYPE types of 11 full zero setting are through Hash operation and punching
Prominent treatment obtains the policy store module's address that need to be inquired about;
(6)The TYPE types of the icmp packet of arrival are carried out into step-by-step and computing with the TYPE types for reading, if result is not 0,
Then show to have matched legal policy, and then carry out subsequent packet treatment;Otherwise show not matching legal policy, to message not
Deal with or carry out default process.
The beneficial effects of the invention are as follows
Hash treatment is carried out by using segment message parameter, segment message parameter is stored, and it is right that icmp packet is only needed when matching
TYPE types compare.On the premise of the accuracy of strategy matching is ensured, message protocol policy store cost is reduced, improve
Message matching efficiency, is that other protocol strategy storages leave domain amount.
Brief description of the drawings
Fig. 1 is electrical block diagram of the invention.
Specific embodiment
More detailed elaboration is carried out to present disclosure below:
As shown in figure 1, a kind of icmp packet match circuit of the invention, including:Strategy analyzing module, packet parsing module, Kazakhstan
Uncommon computing module, clash handle module, policy store module and comparison match module.
The strategy analyzing module, strategy is processed for receiving and parsing through the icmp packet that front stage circuits are issued, and will be parsed
Policy data afterwards is sent to the Hash operation module and the policy store module.The packet parsing module, for connecing
The icmp packet for carrying out automatic network is received and parsed, the message data after parsing is sent to the Hash operation module and the comparing
Matching module.
The Hash operation module, policy data or message data for receiving input, by certain hash function
Hash result is mapped out, according to preferred for this invention, Hash operation is carried out from CRC32 algorithms.Accessed through output end described
The 11 bit address input high of clash handle module and policy store module.
The clash handle module, for recording or inquiring about number of times that identical Hash output result occurs and corresponding described
Low four bit address of policy store module.The policy store module, for policy data storage to be arrived by Hash operation mould
Block is exported and clash handle module is exported in the public address specified.
The comparison match module, for message data and policy data to be carried out into matching comparing, and result is exported.If
The message of arrival policy store module's address after Hash operation and clash handle is effective, then the icmp packet that will be parsed
TYPE types carry out step-by-step with operation with the TYPE types of the corresponding positions read out from policy store module.If wrapped in strategy
Containing corresponding TYPE types, then corresponding positions can put one, and the two step-by-step has certain position one with operating result, then show to match
Legal strategy.
Policy data after the parsing includes legal icmp packet source IP address, legal purpose IP address, legal
Icmp packet TYPE types, legal icmp packet direction, icmp packet processing mode etc.;Message data bag after the parsing
Include icmp packet source IP address, icmp packet purpose IP address, icmp packet TYPE types etc..
The legal icmp packet TYPE types are represented that each position one represents strategy by the bit data form of 11
It is interior comprising corresponding TYPE types;Icmp packet TYPE types after the parsing represent by the bit data form of 11, certain
One position one represents that the message is corresponding TYPE types.
(1)Front stage circuits issue legal icmp packet treatment strategy to strategy analyzing module;
(2)The legal icmp packet source IP address that to parse, legal purpose IP address, the icmp packet of 11 full zero setting
TYPE types carry out Hash operation, and result is carried out into clash handle;
(3)Legal icmp packet TYPE types, legal icmp packet direction, the icmp packet treatment that step 2 is parsed
Mode etc. is stored in the policy store module's address constituted with Hash result and clash handle result;
(4)Icmp packet is reached, and is parsed through packet parsing module;
(5)The source IP address that parses, purpose IP address, the icmp packet TYPE types of 11 full zero setting are through Hash operation and punching
Prominent treatment obtains the policy store module's address that need to be inquired about;
(6)The TYPE types of the icmp packet of arrival are carried out into step-by-step and computing with the TYPE types for reading, if result is not 0,
Then show to have matched legal policy, and then carry out subsequent packet treatment;Otherwise show not matching legal policy, to message not
Deal with or carry out default process.
Claims (6)
1. a kind of icmp packet matching system, it is characterised in that
Including strategy analyzing module, packet parsing module, Hash operation module, clash handle module, policy store module and ratio
Compared with matching module;
Wherein,
Strategy analyzing module, processes strategy, by the strategy after parsing for receiving and parsing through the icmp packet that front stage circuits are issued
Data is activation is to the Hash operation module and policy store module;
Packet parsing module, the icmp packet of automatic network is carried out for receiving and parsing through, and the message data after parsing is sent to Kazakhstan
Uncommon computing module and comparison match module;
Hash operation module, policy data or message data for receiving input, Kazakhstan is mapped out by certain hash function
Uncommon result, through output end access interference processing module and the high address input of policy store module;
Clash handle module, for recording or inquiring about number of times and the corresponding policy store module that identical Hash output result occurs
Low order address;
Policy store module, exports public for policy data storage to be arrived by the output of Hash operation module and clash handle module
In the address specified;
Comparison match module, for message data and policy data to be carried out into matching comparing, and result is exported.
2. system according to claim 1, it is characterised in that
Policy data after parsing includes legal icmp packet source IP address, legal purpose IP address, legal ICMP reports
Literary TYPE types, legal icmp packet direction, icmp packet processing mode.
3. system according to claim 2, it is characterised in that
Legal icmp packet TYPE types are represented that each position one is represented in strategy comprising phase by the bit data form of 11
The TYPE types answered.
4. system according to claim 1, it is characterised in that
Message data after parsing includes icmp packet source IP address, icmp packet purpose IP address, icmp packet TYPE types.
5. system according to claim 4, it is characterised in that
Icmp packet TYPE types after parsing are represented by the bit data form of 11, wherein a position one represents that the message is
Corresponding TYPE types.
6. a kind of icmp packet matching process, it is characterised in that comprise the following steps,
(1)Front stage circuits issue legal icmp packet treatment strategy to strategy analyzing module;
(2)The legal icmp packet source IP address that to parse, legal purpose IP address, the icmp packet of 11 full zero setting
TYPE types carry out Hash operation, and result is carried out into clash handle;
(3)Legal icmp packet TYPE types, legal icmp packet direction, the icmp packet treatment that step 2 is parsed
Mode is stored in the policy store module's address constituted with Hash result and clash handle result;
(4)Icmp packet is reached, and is parsed through packet parsing module;
(5)The source IP address that parses, purpose IP address, the icmp packet TYPE types of 11 full zero setting are through Hash operation and punching
Prominent treatment obtains the policy store module's address that need to be inquired about;
(6)The TYPE types of the icmp packet of arrival are carried out into step-by-step and computing with the TYPE types for reading, if result is not 0,
Then show to have matched legal policy, and then carry out subsequent packet treatment;Otherwise show not matching legal policy, to message not
Deal with or carry out default process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710093520.5A CN106878308B (en) | 2017-02-21 | 2017-02-21 | ICMP message matching system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710093520.5A CN106878308B (en) | 2017-02-21 | 2017-02-21 | ICMP message matching system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106878308A true CN106878308A (en) | 2017-06-20 |
| CN106878308B CN106878308B (en) | 2020-06-19 |
Family
ID=59166332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710093520.5A Active CN106878308B (en) | 2017-02-21 | 2017-02-21 | ICMP message matching system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106878308B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108650181A (en) * | 2018-04-20 | 2018-10-12 | 济南浪潮高新科技投资发展有限公司 | A kind of IP packet strategy matching circuit and method |
| CN109768966A (en) * | 2018-12-17 | 2019-05-17 | 航天信息股份有限公司 | Icmp packet processing method and processing device based on terminal |
| CN111464444A (en) * | 2020-03-30 | 2020-07-28 | 中科九度(北京)空间信息技术有限责任公司 | Sensitive information distribution method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267437A (en) * | 2008-04-28 | 2008-09-17 | 杭州华三通信技术有限公司 | Packet access control method and system for network devices |
| CN101707617A (en) * | 2009-12-04 | 2010-05-12 | 福建星网锐捷网络有限公司 | Message filtering method, device and network device |
| CN103181129A (en) * | 2011-10-25 | 2013-06-26 | 华为技术有限公司 | Data message processing method and system, message forwarding device |
-
2017
- 2017-02-21 CN CN201710093520.5A patent/CN106878308B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267437A (en) * | 2008-04-28 | 2008-09-17 | 杭州华三通信技术有限公司 | Packet access control method and system for network devices |
| CN101707617A (en) * | 2009-12-04 | 2010-05-12 | 福建星网锐捷网络有限公司 | Message filtering method, device and network device |
| CN103181129A (en) * | 2011-10-25 | 2013-06-26 | 华为技术有限公司 | Data message processing method and system, message forwarding device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108650181A (en) * | 2018-04-20 | 2018-10-12 | 济南浪潮高新科技投资发展有限公司 | A kind of IP packet strategy matching circuit and method |
| CN109768966A (en) * | 2018-12-17 | 2019-05-17 | 航天信息股份有限公司 | Icmp packet processing method and processing device based on terminal |
| CN111464444A (en) * | 2020-03-30 | 2020-07-28 | 中科九度(北京)空间信息技术有限责任公司 | Sensitive information distribution method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106878308B (en) | 2020-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6892237B1 (en) | Method and apparatus for high-speed parsing of network messages | |
| CN104054068B (en) | Improved bandwidth optimization for RDP | |
| CN102104541B (en) | Header processing engine | |
| US7957378B2 (en) | Stateful flow of network packets within a packet parsing processor | |
| US20030037154A1 (en) | Protocol processor | |
| CN111181857B (en) | Message processing method and device, storage medium and optical network terminal | |
| US20140198793A1 (en) | Traffic forwarding in a point multi-point link aggregation using a link selector data table | |
| US20150003449A1 (en) | Path maximum transmission unit learning | |
| CN106973013A (en) | Method and apparatus for the content router of internet protocol-based | |
| US10791051B2 (en) | System and method to bypass the forwarding information base (FIB) for interest packet forwarding in an information-centric networking (ICN) environment | |
| US20030195973A1 (en) | Methods, systems, and computer program products for processing a packet with layered headers using a data structure that positionally relates the layered headers | |
| CN106878308A (en) | A kind of icmp packet matching system and method | |
| CN105939284B (en) | The matching process and device of message control strategy | |
| CN107707565B (en) | UDF message parsing chip | |
| US20070250640A1 (en) | Method and apparatus for assigning Ipv6 link state identifiers | |
| US8934489B2 (en) | Routing device and method for processing network packet thereof | |
| US9525661B2 (en) | Efficient method of NAT without reassemling IPV4 fragments | |
| KR20060096012A (en) | Method and apparatus for translating data packets from one network protocol to another | |
| CN103746768B (en) | A kind of recognition methods of packet and equipment | |
| US7529251B2 (en) | Data transfer device | |
| CN115174676A (en) | Convergence and shunt method and related equipment thereof | |
| US11281453B1 (en) | Methods and systems for a hitless rollback mechanism during software upgrade of a network appliance | |
| US9490939B2 (en) | Apparatus and method for calculating transmission control protocol checksum | |
| US11595502B2 (en) | Methods and systems for layer 7 hardware assist and CPU task offloads | |
| CN105515995A (en) | Message processing method and apparatus, and flow table generation method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200527 Address after: 250100 Ji'nan high tech Zone, Shandong, No. 1036 wave road Applicant after: INSPUR GROUP Co.,Ltd. Address before: 250100, Ji'nan province high tech Zone, Sun Village Branch Road, No. 2877, building, floor, building, on the first floor Applicant before: JINAN INSPUR HIGH-TECH TECHNOLOGY DEVELOPMENT Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230316 Address after: 250000 building S02, No. 1036, Langchao Road, high tech Zone, Jinan City, Shandong Province Patentee after: Shandong Inspur Scientific Research Institute Co.,Ltd. Address before: No. 1036, Shandong high tech Zone wave road, Ji'nan, Shandong Patentee before: INSPUR GROUP Co.,Ltd. |
|
| TR01 | Transfer of patent right |