ICMP message matching system and method
Technical Field
The invention relates to the field of network data exchange, in particular to an ICMP message matching system and method.
Background
Icmp (Internet Control Message protocol) Internet Control Message protocol is a subprotocol of the TCP/IP protocol family, and is used to transmit Control messages between IP hosts and routers. Including network messages such as network traffic, host reachability, routing availability, etc. Although the user data is not transmitted, it plays an important role in the transfer of the user data.
Within a particular topology network, a switching device may maintain thousands of processing strategies for each protocol packet. When a specific packet arrives, quintuple matching is required to determine the adopted strategy, wherein the port number position of ICMP is changed into a TYPE TYPE and a CODE TYPE, and if the same strategy matching method as that of a common TCP or UDP protocol is adopted, the number of stored strategies can be increased, so that the storage redundancy can be increased, and the strategy matching efficiency can be reduced.
Disclosure of Invention
In order to solve the technical problems, the invention provides an ICMP message matching system aiming at ICMP strategies and TYPE TYPE characteristics in messages.
The technical scheme adopted by the invention is as follows:
an ICMP message matching system is provided,
the system comprises a strategy analysis module, a message analysis module, a Hash operation module, a conflict processing module, a strategy storage module and a comparison and matching module;
wherein,
the strategy analysis module is used for receiving and analyzing an ICMP message processing strategy issued by a preceding stage circuit and sending analyzed strategy data to the Hash operation module and the strategy storage module;
the message analysis module is used for receiving and analyzing the ICMP message from the network and sending the analyzed message data to the Hash operation module and the comparison and matching module;
the hash operation module is used for receiving input strategy data or message data, mapping a hash result through a certain hash function, and accessing the hash result to the high-order address input ends of the conflict processing module and the strategy storage module through the output end;
the conflict processing module is used for recording or inquiring the times of the same Hash output result and the corresponding low-order address of the strategy storage module;
the strategy storage module is used for storing the strategy data into the address which is output by the Hash operation module and is output by the conflict processing module and is commonly specified;
and the comparison and matching module is used for performing matching and comparison on the message data and the strategy data and outputting the result.
The analyzed strategy data comprises a legal ICMP message source IP address, a legal destination IP address, a legal ICMP message TYPE TYPE, a legal ICMP message direction and an ICMP message processing mode.
Legal ICMP message TYPE TYPEs are represented by 11-bit data forms, and one representation at each position comprises a corresponding TYPE TYPE in the strategy.
The analyzed message data comprises an ICMP message source IP address, an ICMP message destination IP address and an ICMP message TYPE TYPE;
the TYPE of the analyzed ICMP message is represented by a 11-bit data form, and a position I represents that the message is of a corresponding TYPE;
the invention also discloses an ICMP message matching method, which comprises the following steps,
(1) the front-stage circuit issues a legal ICMP message processing strategy to a strategy analysis module;
(2) carrying out Hash operation on the analyzed legal ICMP message source IP address, the legal destination IP address and the TYPE of the ICMP message with 11-bit all-zero, and carrying out conflict processing on the result;
(3) storing the legal ICMP message TYPE TYPE, the legal ICMP message direction and the ICMP message processing mode analyzed in the step 2 into a strategy storage module address formed by a Hash result and a conflict processing result;
(4) when ICMP message arrives, the message is analyzed by the message analysis module;
(5) the analyzed source IP address, the analyzed target IP address and the TYPE of the ICMP message with 11 bits being all zero are subjected to Hash operation and conflict processing to obtain the address of a strategy storage module to be inquired;
(6) carrying out bitwise AND operation on the TYPE TYPE of the arrived ICMP message and the read TYPE TYPE, if the result is not 0, indicating that a legal strategy is matched, and further carrying out subsequent message processing; otherwise, it indicates that the legal strategy is not matched, and the message is not processed or is processed by default.
The invention has the advantages that
By adopting the partial message parameters to carry out hash processing and partial message parameter storage, the TYPE only needs to be compared when ICMP messages are matched. On the premise of ensuring the accuracy of strategy matching, the storage cost of the message protocol strategy is reduced, the message matching efficiency is improved, and the domain size is reserved for other protocol strategy storage.
Drawings
Fig. 1 is a schematic diagram of the circuit structure of the present invention.
Detailed Description
The invention is explained in more detail below:
as shown in fig. 1, an ICMP message matching circuit of the present invention includes: the system comprises a strategy analysis module, a message analysis module, a hash operation module, a conflict processing module, a strategy storage module and a comparison and matching module.
The strategy analysis module is used for receiving and analyzing an ICMP message processing strategy issued by a preceding stage circuit and sending the analyzed strategy data to the Hash operation module and the strategy storage module. The message analysis module is used for receiving and analyzing the ICMP message from the network and sending the analyzed message data to the Hash operation module and the comparison matching module.
The hash operation module is configured to receive input policy data or message data, map a hash result through a certain hash function, and perform hash operation by using a CRC32 algorithm according to an embodiment of the present invention. And the high-order eleven-bit address input ends of the conflict processing module and the strategy storage module are accessed through the output ends.
And the conflict processing module is used for recording or inquiring the occurrence times of the same Hash output result and the corresponding low four-bit address of the strategy storage module. The strategy storage module is used for storing the strategy data into the address which is output by the Hash operation module and output by the conflict processing module and is commonly designated.
And the comparison and matching module is used for performing matching and comparison on the message data and the strategy data and outputting the result. And if the address of the strategy storage module is effective after the incoming message is subjected to Hash operation and conflict processing, carrying out bitwise AND operation on the TYPE of the analyzed ICMP message and the TYPE of the corresponding bit read from the strategy storage module. If the strategy contains the corresponding TYPE TYPE, the corresponding position is set to be one, and the two positions have a certain position to be one according to the bit and the operation result, which indicates that the legal strategy is matched.
The analyzed strategy data comprises a legal ICMP message source IP address, a legal destination IP address, a legal ICMP message TYPE TYPE, a legal ICMP message direction, an ICMP message processing mode and the like; the analyzed message data comprises an ICMP message source IP address, an ICMP message destination IP address, an ICMP message TYPE TYPE and the like.
The legal ICMP message TYPE TYPE is represented by a 11-bit data form, and each position one represents that a strategy contains a corresponding TYPE TYPE; the TYPE of the analyzed ICMP message is represented by a 11-bit data form, and a position I represents that the message is of a corresponding TYPE.
(1) The front-stage circuit issues a legal ICMP message processing strategy to a strategy analysis module;
(2) carrying out Hash operation on the analyzed legal ICMP message source IP address, the legal destination IP address and the TYPE of the ICMP message with 11-bit all-zero, and carrying out conflict processing on the result;
(3) storing the legal ICMP message TYPE TYPE, the legal ICMP message direction, the ICMP message processing mode and the like analyzed in the step 2 into a strategy storage module address formed by a Hash result and a conflict processing result;
(4) when ICMP message arrives, the message is analyzed by the message analysis module;
(5) the analyzed source IP address, the analyzed target IP address and the TYPE of the ICMP message with 11 bits being all zero are subjected to Hash operation and conflict processing to obtain the address of a strategy storage module to be inquired;
(6) carrying out bitwise AND operation on the TYPE TYPE of the arrived ICMP message and the read TYPE TYPE, if the result is not 0, indicating that a legal strategy is matched, and further carrying out subsequent message processing; otherwise, it indicates that the legal strategy is not matched, and the message is not processed or is processed by default.