CN109618020A - A kind of method for network address translation and device of fragment message - Google Patents

A kind of method for network address translation and device of fragment message Download PDF

Info

Publication number
CN109618020A
CN109618020A CN201811594403.8A CN201811594403A CN109618020A CN 109618020 A CN109618020 A CN 109618020A CN 201811594403 A CN201811594403 A CN 201811594403A CN 109618020 A CN109618020 A CN 109618020A
Authority
CN
China
Prior art keywords
message
fragment message
fragment
target
attribute information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811594403.8A
Other languages
Chinese (zh)
Other versions
CN109618020B (en
Inventor
李文军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING CORE TECHNOLOGY Co Ltd
Original Assignee
BEIJING CORE TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING CORE TECHNOLOGY Co Ltd filed Critical BEIJING CORE TECHNOLOGY Co Ltd
Priority to CN201811594403.8A priority Critical patent/CN109618020B/en
Publication of CN109618020A publication Critical patent/CN109618020A/en
Application granted granted Critical
Publication of CN109618020B publication Critical patent/CN109618020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a kind of method for network address translation of fragment message and devices.The method is applied in programmable logic device, comprising: when receiving target fragment message, extracts the message attribute information of target fragment message;If determining that target fragment message is the non-first fragment message of object message according to message attribute information, basis determines that matched processing strategie carries out network address translation processing to target fragment message currently to the reception condition of the first fragment message of object message;After determining completion to the network address translation processing of target fragment message, forwarding is ranked up to the target fragment message after conversion.The technical solution of the embodiment of the present invention carries out network address translation processing to fragment message by FPGA, improves processing speed and versatility.

Description

A kind of method for network address translation and device of fragment message
Technical field
The present embodiments relate to network communication technology field more particularly to a kind of network address translation sides of fragment message Method and device.
Background technique
With the continuous development of the communication technology, the usage quantity of computer increases sharply, and IP address (Internet occurs Protocol Address, Internet protocol address) space failure the problem of.NAT technology is by using a small amount of Public ip address represents the mode of more private IP address, facilitates the failure for slowing down available IP address space.
When carrying out network address translation to fragment message, do not wrap since non-first fragment message only includes three layers of IP information and Containing four layers of port information, it is therefore desirable to carry out network address translation respectively to first fragment message and non-first fragment message.Current Processing mode is mainly: network address translation is carried out to first fragment message by searching for network address translation table, according to this first point The transitional information of piece message carries out network address translation, this scheme to the matched non-first fragment message of the head fragment message The shortcomings that be that, if non-head fragment message arrives prior to first fragment message, will select to abandon non-head fragment message.Another kind is Using special network processor (Network Processor, NP) and CPU (Central Processing Unit, centre Manage device) mode of host, non-first fragment message is first cached, after waiting first fragment message to complete network address translation, then to non-head The shortcomings that fragment message progress network address translation processing, this mode is to need dedicated network processing unit.For not including For the equipment of special network processor, the network address translation of message is realized usually using multi-core CPU, but this scheme Need to handle a large amount of instruction, it is not only relatively slow in processing speed, but also whole system processing can be made complex.
Summary of the invention
The present invention provides the method for network address translation and device of a kind of fragment message, to pass through programmable logic device FPGA (Field-Programmable Gate Array, field programmable gate array) is realized quickly and efficiently to fragment report Text carries out network address translation.
In a first aspect, the embodiment of the invention provides a kind of method for network address translation of fragment message, applied to can compile In journey logical device, comprising:
When receiving target fragment message, the message attribute information of the target fragment message is extracted;
If determining that the target fragment message is the non-first fragment message of object message according to the message attribute information, Then basis determines matched processing strategie to the target point currently to the reception condition of the first fragment message of the object message Piece message carries out network address translation processing;
After determining completion to the network address translation processing of the target fragment message, to the target after conversion point Piece message is ranked up forwarding.
Optionally, according to the reception condition currently to the first fragment message of the object message, matched processing plan is determined Network address translation processing slightly is carried out to the target fragment message, comprising:
Whether detection is currently successfully received the first fragment message;
If so, according to conversion message attribute information corresponding with the head fragment message, directly to the target fragment Message carries out network address translation processing;
If it is not, then the target fragment message is cached in packet buffer corresponding with object message area, and obtain Take the storage location information of the target fragment message;
It repeats when determining satisfaction testing conditions again, detects whether to be successfully received the first fragment message, The first fragment message is successfully received until determining;
According to the storage location information, obtain the target fragment message from the packet buffer area, and according to The corresponding conversion message attribute information of the head fragment message, to the target fragment message progress network address translation of acquisition Processing.
Optionally, whether the detection is currently successfully received the first fragment message, comprising:
It detects in Packet reassembling information table corresponding with the object message, if storage is corresponding with the first fragment message Conversion message attribute information;
The first fragment message is successfully received if so, determining;Otherwise, it determines being not successfully received the first fragment report Text.
Optionally, after the message attribute information for extracting the target fragment message, further includes:
If determining that the target fragment message is the first fragment message of object message according to the message attribute information, According to the message attribute information of the first fragment message, determining conversion message attribute information corresponding with the head fragment message;
The conversion message attribute information is stored in the Packet reassembling information table.
Optionally, it is cached in packet buffer corresponding with object message area by the target fragment message, and After the storage location information for obtaining the target fragment message, further includes:
The storage location information of the target fragment message is stored in the Packet reassembling information table.
Optionally, after the message attribute information for extracting the target fragment message, further includes:
If determining that the target fragment message is the tail fragment message of object message according to the message attribute information, According to the message attribute information of the tail fragment message, message total length corresponding with the object message is determined;
The message total length is stored in the receiving status information table, and according to the fragment of the tail fragment message Message length updates the fragment message length of reception in the receiving status information table.
Optionally, network address translation processing is carried out to the target fragment message in the determination matched processing strategie Later, further includes:
According to the message attribute information of the target fragment message, determine that the fragment message of the target fragment message is long Degree, and according to the fragment message length, update in the receiving status information table described has received fragment message length;
Match if it is determined that having received fragment message length described in updated with the message total length, it is determined that institute There is fragment message to receive.
Optionally, after the message attribute information for extracting the target fragment message, further includes:
According to the message attribute information of the target fragment message, storage Kazakhstan corresponding with the object message is searched whether Uncommon table and characteristic information storage table;
If not, it is determined that the target fragment message be the object message first reception fragment, and apply with it is described The corresponding packet buffer area of object message;
According to the message attribute information of the target fragment message, Hash table corresponding with the object message and spy are established Levy message store table.
Optionally, when receiving target fragment message, the message attribute information of the target fragment message is extracted, is wrapped It includes:
It is multiple cell units by the target fragment message cutting, packet parsing is carried out to first cell unit, obtains institute State the message attribute information of target fragment message;
Wherein, the message attribute information includes at least: length, the source IP information, destination IP of the target fragment message Information and id information.
Second aspect, the embodiment of the invention also provides a kind of network address conversion devices of fragment message, and being applied to can In programmed logic device, comprising:
Message information extraction module, for when receiving target fragment message, extracting the report of the target fragment message Literary attribute information;
Fragment message processing module, if for determining that the target fragment message is mesh according to the message attribute information The non-first fragment message of message is marked, then according to currently to the reception condition of the first fragment message of the object message, determining matching Processing strategie to the target fragment message carry out network address translation processing;
Fragment message sequence forwarding module, for determining at the network address translation completed to the target fragment message After reason, forwarding is ranked up to the target fragment message after conversion.
The embodiment of the present invention is by the programmable logic device, directly carrying out network to the first fragment message of object message Address conversion processing, and according to the reception condition currently to first fragment message, determine matched processing strategie to object message Non- head fragment message carries out network address translation processing, and is ranked up forwarding to the fragment message after conversion, by sufficiently opening The hardware capability for sending out programmable logic device solves existing multi -CPU processing technique and carries out network address turn to fragment message The problem of processing speed is slow when changing, poor universality realizes raising processing speed and general on the basis of reducing cost of implementation The effect of property.
Detailed description of the invention
A kind of flow chart of the method for network address translation for fragment message that Fig. 1 embodiment of the present invention one provides;
Fig. 2 a is a kind of flow chart of the method for network address translation of fragment message provided by Embodiment 2 of the present invention;
Fig. 2 b is the disposed of in its entirety flow chart for the fragment message that the method for the embodiment of the present invention is applicable in;
Fig. 2 c is the process flow diagram for the first fragment message that the method for the embodiment of the present invention is applicable in;
Fig. 2 d is the concrete function structure chart for the FPGA that the method for the embodiment of the present invention is applicable in;
Fig. 3 is a kind of structural schematic diagram of the network address conversion device for fragment message that the embodiment of the present invention three provides.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
Embodiment one
Fig. 1 is a kind of flow chart of the method for network address translation for fragment message that the embodiment of the present invention one provides, this reality It applies example and is applicable to the case where network address translation is carried out to fragment message by programmable logic device, this method can be by dividing The network address conversion device of piece message executes, which can be realized by the mode of hardware, and generally can be applied to In FPGA (Field-Programmable Gate Array, field programmable gate array).Specifically, with reference to Fig. 1, this method It may include steps of:
Step 110, when receiving target fragment message, extract target fragment message message attribute information.
Optionally, the programmable logic device in the embodiment of the present invention may include: on-site programmable gate array FPGA and EPLD (erasable programmable logic device, Erase Programmable LogicDevice) etc..
In embodiments of the present invention, the message pending network address translation handled is as object message, therefore, target Fragment message is currently received fragment message corresponding with object message.Optionally, after receiving target fragment message, Need to extract the message attribute information of target fragment message by packet parsing, to utilize message attribute information matches and target report Other corresponding fragment messages of text, so as to realize the network address to object message according to the first fragment message of object message Conversion process.
Wherein, the message attribute information of target fragment message at least may include: target fragment message length, source IP letter Breath, destination IP information and id information.
Optionally, after the message attribute information for extracting target fragment message, further includes: according to target fragment message Message attribute information searches whether storage Hash table corresponding with object message and characteristic information storage table;If not finding, It determines that target fragment message is the first reception fragment of object message, needs to apply for packet buffer corresponding with object message area, Fragment message for caching of target message;It is also desirable to according to the message attribute information of target fragment message, foundation and mesh Mark the corresponding Hash table of message and characteristic information storage table, in the fragment message to be used to match receipt of subsequent with object message pair The fragment message answered.
Optionally, it establishes Hash table corresponding with object message and characteristic information storage table may include: to obtain target point The source IP information and id information of piece message carry out Hash calculation to the source IP information and id information according to hash function and obtain Hash Value, is storage address by source IP information memory space corresponding with id information deposit using cryptographic Hash, foundation can be quickly found out source The Hash table of IP information and id information;If different source IP information and id information have obtained identical Hash by Hash calculation Value, then illustrate that two groups of source IP information are produced with id information and conflict, it is therefore desirable to establish a Hash bucket for the cryptographic Hash to solve Certainly hash-collision makes same memory space can store 6 groups of cryptographic Hash by establishing a collision table for each cryptographic Hash Identical source IP information and id information;If Hash bucket is also stored with the IP information and id information of conflict without space, will work as The IP information of preceding conflict and id information be stored in by 8 groups of register groups at CAM (Content Addressable Memory, Coment- Addressable Memory).The identical source IP information of the cryptographic Hash multiple records corresponding with id information constitute feature Message store table, i.e., complete source IP information and id information storage table, solve hash-collision.If step 120, according to message Attribute information determines that target fragment message is the non-first fragment message of object message, then according to currently to the first fragment of object message The reception condition of message determines that matched processing strategie carries out network address translation processing to target fragment message.
Due to only believing comprising target fragment message length, source IP information, destination IP in the non-first fragment message of object message Three layers of head information such as breath and id information, not comprising four layers of head information including TCP and udp port information, therefore, non-first point Piece message cannot directly carry out network address translation, need the net according to the first fragment message in object message including port information Network address conversion result carries out network address translation indirectly.
In embodiments of the present invention, after the message attribute information for extracting target fragment message, believed according to message attribute Breath judge target fragment message be first fragment message be also it is non-head fragment message, however, it is determined that target fragment message is first fragment report Text then directly carries out network address translation processing to first fragment message, obtains conversion message attribute information;If it is determined that target fragment Message is non-first fragment message, then basis determines matched processing currently to the reception condition of the first fragment message of object message Strategy carries out network address translation processing to target fragment message.
Optionally, according to the reception condition currently to the first fragment message of object message, matched processing strategie pair is determined Target fragment message carries out network address translation processing, comprising: whether detection is currently successfully received first fragment message;If It is, then according to conversion message attribute information corresponding with first fragment message, network address directly to be carried out to target fragment message and is turned Change processing;If it is not, then target fragment message is cached in packet buffer corresponding with object message area, and obtain target fragment The storage location information of message;It repeats when determining satisfaction testing conditions again, detects whether to be successfully received first point Piece message, until determination is successfully received first fragment message, at this point, according to the storage location information of target fragment message, from Target fragment message is obtained in packet buffer area, and according to conversion message attribute information corresponding with first fragment message, to acquisition Target fragment message carry out network address translation processing.
Optionally, whether detection is currently successfully received first fragment message, may include: that detection is corresponding with object message Packet reassembling information table in, if storage and the corresponding conversion message attribute information of head fragment message;If so, determining It is properly received first fragment message;Otherwise, it determines being not successfully received first fragment message.
Optionally, if determining that target fragment message is the first fragment message of object message according to message attribute information, It is determined and first corresponding turn of fragment message according to the message attribute information of first fragment message by inquiring network address translation table Message attribute information is changed, and conversion message attribute information is stored in Packet reassembling information table, so that non-head fragment message Query message shuffling information table obtains conversion message attribute information, and carries out network address according to conversion message attribute information and turn It changes.
Wherein, conversion message attribute information may include: new IP information, new TCP (Transmission Control Protocol, transmission control protocol) it is/UDP (User Datagram Protocol, User Datagram Protocol) port information, new IP verification and with new TCP/UDP verification and.
Optionally, target fragment message is being cached in packet buffer corresponding with object message area, and is obtaining target After the storage location information of fragment message, further includes: the storage location information of target fragment message is stored in Packet reassembling In information table.Since target fragment message is stored in packet buffer area in the form of chained list, storage location information is practical Refer to the pointer end to end of the storage chained list of target fragment message.The storage location information, which is stored in Packet reassembling information table, is In order to, in the conversion message attribute information returned packet shuffling information table of first fragment message after, can be believed according to storage location Breath finds the storage location of target fragment message, to quickly take out target fragment message from packet buffer area, carries out network Address conversion processing.
Optionally, after the message attribute information for extracting target fragment message, further includes: if believed according to message attribute The tail fragment message for determining that target fragment message is object message is ceased, then according to the message attribute information of tail fragment message, is determined Message total length corresponding with object message, and message total length is stored in receiving status information table, meanwhile, according to tail point The fragment message length of piece message updates the fragment message length of reception in receiving status information table.Wherein, the every reception of FPGA As soon as to a fragment message, the reception fragment message that the message length of the fragment message is added in receiving status information table In length, so that the update to fragment message length has been received is realized, then by the way that fragment message length and message will have been received Total length is compared, and judges whether to receive all fragment messages complete.
Optionally, after the message attribute information for extracting target fragment message, if determined according to message attribute information Target fragment message is the non-tail fragment message of object message, then directly according to the message attribute information of target fragment message, really Set the goal the fragment message length of fragment message, and according to fragment message length, updates the reception in receiving status information table Fragment message length is compared by will receive fragment message length with message total length, is judged whether to all Fragment message receives complete.Wherein, if message total length is not present in receiving status information table at this time, illustrate not yet to connect at this time The tail fragment message of object message is received, i.e., is not received all fragment messages complete.
Step 130, after determining and completing to the processing of the network address translation of target fragment message, to the target after conversion point Piece message is ranked up forwarding.
Optionally, target fragment message complete network address translation processing after, to the target fragment message after conversion into Target fragment message after conversion, i.e., be ranked up, according to sort order by row sequence forwarding according to the position in former message Successively it is forwarded.
For example, if the tail fragment message for being located at last in former message is received first fragment message, it is subsequent Received fragment message is centrally located in former message, and being located at primary first fragment message in former message is to receive The last one fragment message, then first fragment message complete network address translation after, first fragment message is added to total chained list In, tail fragment message is added in total chained list behind first fragment message, by intermediate fragment message according in former message Position is inserted on the corresponding position of total chained list, completes the sequence to fragment message, and according to the row of the fragment message in total chained list Column sequence, is successively forwarded each fragment message since first fragment message.
Optionally, in the message length for comparing received message length and complete message, whether judge whole fragment messages It is received it is complete after, further includes: if whole fragment messages receive complete and complete network address translation, discharge the Kazakhstan Uncommon table, characteristic information storage table and receiving status information table;If whole fragment messages do not receive completely, and receive two neighboring The time interval of fragment message is greater than preset time, then deletes the storage chained list of current slice message, discharge the Hash table, spy The corresponding information of fragment message described in message store table and receiving status information table is levied, to effectively prevent memory from being grown Phase occupies.
The embodiment of the present invention is by directly carrying out at network address translation the first fragment message of object message in FPGA Reason, and according to the reception condition currently to first fragment message, determine matched processing strategie to the non-first fragment report of object message Text carries out network address translation processing, and is ranked up forwarding to the fragment message after conversion, by sufficiently developing the hard of FPGA Part function, solves that processing speed when existing multi -CPU processing technique carries out network address translation to fragment message is slow, versatility The problem of difference realizes the effect for improving processing speed and versatility on the basis of reducing cost of implementation.
Embodiment two
Fig. 2 a is a kind of flow chart of the method for network address translation of fragment message provided by Embodiment 2 of the present invention, this reality Applying example can be in conjunction with each optinal plan in said one or multiple embodiments.Specifically, with reference to Fig. 2 a, this method can be with Include the following steps:
Step 210 receives fragment message, extracts the message attribute information of currently received fragment message, and update reception Status information table.
Optionally, after receiving fragment message, currently received fragment message is cut into multiple cell units by FPGA. In embodiments of the present invention, currently received fragment message is cut into multiple cell units may include: according to network address The working clock frequency of actual bandwidth and FPGA required for converting determine the size of each cell unit, from currently received The head of fragment message starts, and is the cell unit of multiple fixed sizes by currently received fragment message cutting, wherein each The size of cell unit should at least may include the three layers of head information and four layers of head of complete message corresponding to fragment message Information.
It wherein, include the message attribute information of the fragment message in the first cell unit of currently received fragment message.This In inventive embodiments, FPGA by currently received fragment message difference cutting be multiple cell units after, according to message format pair First cell unit carries out packet parsing, obtains the message attribute information for the fragment message that first cell unit includes.
Optionally, after getting the message attribute information of currently received fragment message, according to message attribute information The fragment message length of reception in receiving status information table is updated, judges whether currently received fragment message is the last one Fragment message receives complete all fragment messages to determine.
Step 220, according to message attribute information, judge currently received fragment message whether headed by fragment message, if so, Then follow the steps 230;Otherwise, step 240 is executed.
Optionally, since first fragment message is different from the non-first fragment progress mode of network address translation, therefore, it is necessary to roots The message attribute information of currently received fragment message is obtained according to packet parsing, currently received fragment message is distinguished, It determines that currently received fragment message is first fragment message, is also non-first fragment message.If first fragment message, thens follow the steps 230, network address translation is carried out according to the processing mode of first fragment message;If being non-first fragment message, 240 are thened follow the steps, Network address translation is carried out according to the processing mode of non-first fragment message.
Step 230 carries out network address translation processing to currently received fragment message, obtains conversion message attribute letter Breath, and store into Packet reassembling information table.
Optionally, if it is determined that fragment message headed by currently received fragment message then passes through inquiry network address translation Table, determining conversion message attribute information corresponding with first fragment message, and conversion message attribute information is stored in Packet reassembling In information table, so that non-head fragment message query message shuffling information table obtains conversion message attribute information, and according to conversion Message attribute information carries out network address translation.
Step 240 judges with the presence or absence of the conversion message attribute information of first fragment message in Packet reassembling information table, if depositing Thening follow the steps 250;Otherwise, step 260 is executed.
Optionally, since non-first fragment message needs the network address translation according to first fragment message as a result, carrying out indirectly Therefore network address translation after determining that currently received fragment message is non-first fragment message, needs query message to recombinate Information table judges in Packet reassembling information table with the presence or absence of the conversion message attribute information of first fragment message, and if it exists, then execute Step 250, network address translation is carried out to non-first fragment message;If it does not exist, 260 are thened follow the steps.
Step 250, according to the conversion message attribute information in Packet reassembling information table, to currently received non-first fragment report Text carries out network address translation processing.
Step 260 stores currently received non-first fragment message storage to report to packet buffer area, and by storage address In literary shuffling information table, waits and progress network address translation is believed according to the conversion message attribute of first fragment message.
It optionally, will be current if there is no the conversion message attribute information of first fragment message in Packet reassembling information table Received non-first fragment message is cached in packet buffer area corresponding with currently received non-first fragment message, and is obtained current The storage location information of received non-first fragment message;It repeats when determining satisfaction testing conditions again, detects whether It is properly received first fragment message, until determination is successfully received first fragment message, at this point, according to currently received non-first point The storage location information of piece message, obtains currently received non-first fragment message from packet buffer area, and according to first fragment The corresponding conversion message attribute information of message carries out at network address translation the currently received non-first fragment message of acquisition Reason.
Optionally, currently received non-first fragment message is cached in report corresponding with currently received non-first fragment message It in literary buffer area, specifically includes: according to the report of IP packet corresponding with the currently received non-first first cell unit of fragment message Literary attribute information carries out Hash calculation, obtains cryptographic Hash, searches Hash table using obtained cryptographic Hash, finds the head cell unit The storage location of corresponding ports in packet buffer area is right by the cell pointer chained list institute of first cell unit deposit corresponding ports The packet buffer region answered;After first cell unit is stored in packet buffer region, belongs to same IP with the head cell unit and report Other cell units of text are by being stored in the free pointer from free pointer chained list application free pointer, and by cell unit message It is connected in series to behind the cell unit pointer chained list of corresponding ports, realizes the storage to currently received non-first fragment message.
Step 270 is ranked up forwarding to the fragment message after conversion.
The embodiment of the present invention is by directly carrying out at network address translation the first fragment message of object message in FPGA Reason, and according to the reception condition currently to first fragment message, determine matched processing strategie to the non-first fragment report of object message Text carries out network address translation processing, and is ranked up forwarding to the fragment message after conversion, by sufficiently developing the hard of FPGA Part function, solves that processing speed when existing multi -CPU processing technique carries out network address translation to fragment message is slow, versatility The problem of difference realizes the effect for improving processing speed and versatility on the basis of reducing cost of implementation.
Based on the above technical solution, specific such as Fig. 2 b to the disposed of in its entirety process of currently received fragment message Shown, FPGA is cut into multiple cell units after receiving fragment message, by currently received fragment message, and is divided into head Cell unit, centre cell unit and tail cell unit, according to the classification of above-mentioned cell unit to different types of cell unit It is handled respectively.Specifically, head cell unit carries out Hash operation according to the source IP information and id information of extraction, Hash is obtained Value carries out Hash lookup according to the cryptographic Hash, if searching failure, illustrates that current slice message is complete corresponding to it First message fragment of message, it is therefore desirable to apply for new address space, establish Hash table corresponding with current slice message With complete source IP information and id information storage table;If searching successfully, first cell unit is linked at according to checking result and is worked as On the storage chained list of preceding received fragment message;Meanwhile first cell unit needs the message of the current slice message according to carrying Length updates the list item information of receiving status information table, for example, having received message length.Intermediate cell unit only needs to hang over point On the storage chained list of piece message.Tail cell unit needs to update the fragment message in receiving status information table and finishes receiving mark Deng, and hang on the storage chained list of fragment message.If fragment message headed by currently received fragment message, triggering following point The whole chained list that piece message and non-fragment message are linked to message is ranked up, if currently received fragment message is non-first point Piece message then stores currently received fragment message.
Based on the above technical solution, to the process flow of currently received first fragment message, specifically such as Fig. 2 c institute Show, after FPGA obtains the cell unit of fragment message, packet parsing is carried out to the first cell unit of fragment message, obtains fragment report Text message attribute information, according to message attribute information judge fragment message whether headed by fragment message.If first fragment message, Then judge current cell unit whether headed by cell unit;If head cell unit, then carry out Hash lookup;If search at Function then updates the list item information of receiving status information table, for example, received message length, and first cell unit is linked at On the storage chained list of fragment message, and the storage chains watch chain of fragment message is connected to and is ranked up into external total chained list; If first fragment message returns to network address translation as a result, also will be updated TCP/UDP port information, the conversion report that will be converted to Literary attribute information is stored to Packet reassembling information table;If searching failure, check whether the conflict space of Hash table does not take, If the conflict space of Hash table has taken, need to apply new address space, if it is possible to application to address space or The conflict space of person's Hash table is less than, then applies for the address of blank pointer storage fragment message, and is stored in Packet reassembling information table In;If applying for that the conflict space less than address space or Hash table all takes, and needs dropping packets.
For the intermediate cell unit of first fragment message, then intermediate cell unit is directly linked to the storage of fragment message On chained list.For the tail cell unit of first fragment message, need to come by comparing received message length and total message length Judge whether whole fragment messages have received, if received, prove that first fragment message finally reaches, waits net After network address conversion result returns, the storage chained list of all non-first fragment messages is linked on total chained list to be ranked up together to be turned Hair.
For searching the first fragment message of failure, need to update message weight after to Packet reassembling information table distribution address First fragment message in group information table reaches information, and after the return of network address translation result, updates Packet reassembling information table In network address translation complement mark and TCP/UDP port information, the fragment message of receipt of subsequent is directly carried TCP/UDP port information in Packet reassembling information table is linked to total chained list, and the storage without carrying out fragment message operates.
Based on the above technical solution, to the process flow of currently received intermediate fragment message, institute specific as follows It states: after the first cell of intermediate fragment message arrives, needing to carry out Hash lookup.If searched successfully, illustrate there are identical sources The fragment message of IP information and id information arrives, then whether the network address translation result for needing to check first fragment message has been returned It returns, network address translation is directly carried out if returning, and chaining is ranked up to external total chained list;If searching failure, Then need to apply new address space, and the head pointer of update fragment message storage chained list and tail refer in Packet reassembling information table Needle and non-empty mark.Other processing are similar with first fragment message.
Based on the above technical solution, described in detail below to the process flow of currently received tail fragment message: For the first cell unit of the tail fragment message of message, the entire message of message attribute information update according to tail fragment message is needed Total length, for and currently received message length comparison, determine whether message receives completely, if whole fragment message It receives completely, and network address translation result returns, all fragment messages are linked into total chained list and are ranked up forwarding.Other processing It is similar with the processing of intermediate fragment message.
Based on the above technical solution, Fig. 2 d is the concrete function of FPGA that is applicable in of method of the embodiment of the present invention Structure chart, specifically, as shown in Figure 2 d:
Packet parsing module mainly identifies fragment message, and extracts required information: such as message length, IP and id information Deng, and corresponding information is passed into subsequent module and is handled.
Hash lookup module and source IP+ID searching module mainly realize the matching between the same message difference fragment, make The available identical memory space of different fragments of the same message is obtained for storing shuffling information etc..
Lookup result parsing module and fragment message state information updating module are mainly taken according to the result of lookup and message The information of band carries out the maintenance of Packet reassembling information table and receiving status information table.
List item addition and removing module are mainly used for, and when new fragment message arrives, establish Hash table and complete IP+ID Storage table deletes list item after fragment message completes network address translation, while carrying out the Aging control of fragment message, so as to fast Quick-release puts memory headroom.
Embodiment three
Fig. 3 is a kind of structural schematic diagram of the network address conversion device for fragment message that the embodiment of the present invention three provides, The present embodiment is applicable to the case where carrying out network address translation to fragment message by FPGA, as shown in figure 3, the fragment message Network address conversion device, be applied to FPGA in, comprising:
Message information extraction module 310, for extracting the message of target fragment message when receiving target fragment message Attribute information;
Fragment message processing module 320, if for determining that target fragment message is target report according to message attribute information The non-first fragment message of text determines matched processing plan then according to currently to the reception condition of the first fragment message of object message Network address translation processing slightly is carried out to target fragment message;
Fragment message sequence forwarding module 330, for determining at the network address translation completed to target fragment message After reason, the target fragment message after conversion is ranked up.
The embodiment of the present invention is by directly carrying out at network address translation the first fragment message of object message in FPGA Reason, and according to the reception condition currently to first fragment message, determine matched processing strategie to the non-first fragment report of object message Text carries out network address translation processing, and is ranked up forwarding to the fragment message after conversion, by sufficiently developing the hard of FPGA Part function, solves that processing speed when existing multi -CPU processing technique carries out network address translation to fragment message is slow, versatility The problem of difference realizes the effect for improving processing speed and versatility on the basis of reducing cost of implementation.
On the basis of the various embodiments described above, fragment message processing module 320 may include: detection unit and execute list Member;
Whether detection unit is currently successfully received first fragment message for detecting;
Execution unit, if being currently successfully received first fragment message for detecting, according to corresponding with first fragment message Conversion message attribute information, directly to target fragment message carry out network address translation processing;If detection is current not yet It is properly received first fragment message, then target fragment message is cached in packet buffer corresponding with object message area, and obtain The storage location information of target fragment message;
Detection unit is also used to after the storage location information for obtaining target fragment message, is repeated and is being determined completely It when the new testing conditions of lumping weight, detects whether to be successfully received first fragment message, until determination is successfully received first fragment report Text;
Execution unit is also used to according to storage location information, the acquisition target fragment message from packet buffer area, and according to Conversion message attribute information corresponding with first fragment message carries out network address translation processing to the target fragment message of acquisition.
Detection unit can be specifically used for detecting in corresponding with object message Packet reassembling information table, if storage and The corresponding conversion message attribute information of first fragment message;If so, determination is successfully received first fragment message;Otherwise, it determines It is not successfully received first fragment message.
On the basis of the various embodiments described above, message information extraction module 310 may include: transitional information determination unit, For extract target fragment message message attribute information after, if determining target fragment message according to message attribute information It is for the first fragment message of object message, then determining corresponding with first fragment message according to the message attribute information of first fragment message Convert message attribute information;Transitional information storage unit is stored in Packet reassembling information table for that will convert message attribute information In.
On the basis of the various embodiments described above, fragment message processing module 320 can also include: that location information storage is single Member for being cached in target fragment message in packet buffer corresponding with object message area, and obtains target fragment message Storage location information after, the storage location information of target fragment message is stored in Packet reassembling information table.
On the basis of the various embodiments described above, message information extraction module 310 can also include: message total length confirmation form Member, for extract target fragment message message attribute information after, if determining target fragment according to message attribute information Message is the tail fragment message of object message, then according to the message attribute information of tail fragment message, determination is corresponding with object message Message total length;Message length updating unit is received, for message total length to be stored in receiving status information table, and root The fragment message length of reception in receiving status information table is updated according to the fragment message length of tail fragment message.
On the basis of the various embodiments described above, receiving message length updating unit can be also used for determining matched processing After strategy carries out network address translation processing to target fragment message, according to the message attribute information of target fragment message, really Set the goal the fragment message length of fragment message, and according to fragment message length, updates the reception in receiving status information table Fragment message length;Message receives confirmation unit, for if it is determined that updated to have received fragment message length total with message Length matches, it is determined that all fragment messages receive.
On the basis of the various embodiments described above, message information extraction module 310 can also include: lookup unit, be used for After the message attribute information for extracting target fragment message, according to the message attribute information of target fragment message, search whether to deposit Store up Hash table corresponding with object message and characteristic information storage table;If not, it is determined that target fragment message is object message First reception fragment, and apply for packet buffer corresponding with object message area;According to the message attribute information of target fragment message, Establish Hash table corresponding with object message and characteristic information storage table.
On the basis of the various embodiments described above, message information extraction module 310 can also include: that packet parsing parsing is single Member carries out packet parsing to first cell unit, obtains target fragment for being multiple cell units by target fragment message cutting The message attribute information of message;Wherein, message attribute information includes at least: length, the source IP information, purpose of target fragment message IP information and id information.
Device provided in this embodiment is applicable to the method that above-mentioned any embodiment provides, and has corresponding function and has Beneficial effect.
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation, It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.

Claims (10)

1. a kind of method for network address translation of fragment message is applied in programmable logic device characterized by comprising
When receiving target fragment message, the message attribute information of the target fragment message is extracted;
If determining that the target fragment message is the non-first fragment message of object message, root according to the message attribute information According to the reception condition currently to the first fragment message of the object message, determine matched processing strategie to the target fragment report Text carries out network address translation processing;
After determining completion to the network address translation processing of the target fragment message, to the target fragment report after conversion Text is ranked up forwarding.
2. the method according to claim 1, wherein according to currently to the first fragment message of the object message Reception condition determines that matched processing strategie carries out network address translation processing to the target fragment message, comprising:
Whether detection is currently successfully received the first fragment message;
If so, according to conversion message attribute information corresponding with the head fragment message, directly to the target fragment message Carry out network address translation processing;
If it is not, then the target fragment message is cached in packet buffer corresponding with object message area, and obtain institute State the storage location information of target fragment message;
It repeats when determining satisfaction testing conditions again, detects whether to be successfully received the first fragment message, until It determines and is successfully received the first fragment message;
According to the storage location information, obtain the target fragment message from the packet buffer area, and according to it is described The corresponding conversion message attribute information of first fragment message carries out at network address translation the target fragment message of acquisition Reason.
3. according to the method described in claim 2, it is characterized in that, whether the detection is currently successfully received described first point Piece message, comprising:
It detects in Packet reassembling information table corresponding with the object message, if store and first corresponding turn of the fragment message Change message attribute information;
The first fragment message is successfully received if so, determining;Otherwise, it determines being not successfully received the first fragment message.
4. the method according to claim 1, wherein in the message attribute information for extracting the target fragment message Later, further includes:
If determining that the target fragment message is the first fragment message of object message, basis according to the message attribute information The message attribute information of the head fragment message, determining conversion message attribute information corresponding with the head fragment message;
The conversion message attribute information is stored in the Packet reassembling information table.
5. according to the method described in claim 2, it is characterized in that, being cached in and the target by the target fragment message In the corresponding packet buffer area of message, and after obtaining the storage location information of the target fragment message, further includes:
The storage location information of the target fragment message is stored in the Packet reassembling information table.
6. the method according to claim 1, wherein in the message attribute information for extracting the target fragment message Later, further includes:
If determining that the target fragment message is the tail fragment message of object message, basis according to the message attribute information The message attribute information of the tail fragment message determines message total length corresponding with the object message;
The message total length is stored in the receiving status information table, and according to the fragment message of the tail fragment message Length updates the fragment message length of reception in the receiving status information table.
7. the method according to claim 1, wherein in the matched processing strategie of the determination to the target point Piece message carries out after network address translation processing, further includes:
According to the message attribute information of the target fragment message, the fragment message length of the target fragment message is determined, and According to the fragment message length, update in the receiving status information table described has received fragment message length;
Match if it is determined that having received fragment message length described in updated with the message total length, it is determined that Suo Youfen Piece message receives.
8. according to the method described in claim 2, it is characterized in that, in the message attribute information for extracting the target fragment message Later, further includes:
According to the message attribute information of the target fragment message, storage Hash table corresponding with the object message is searched whether With characteristic information storage table;
If not, it is determined that the target fragment message is the first reception fragment of the object message, and is applied and the target The corresponding packet buffer area of message;
According to the message attribute information of the target fragment message, Hash table corresponding with the object message and feature letter are established Cease storage table.
9. the method according to claim 1, wherein extracting the target when receiving target fragment message The message attribute information of fragment message, comprising:
It is multiple cell units by the target fragment message cutting, packet parsing is carried out to first cell unit, obtains the mesh Mark the message attribute information of fragment message;
Wherein, the message attribute information includes at least: length, source IP information, the destination IP information of the target fragment message And id information.
10. a kind of network address conversion device of fragment message is applied in programmable logic device characterized by comprising
Message information extraction module, for when receiving target fragment message, extracting the message category of the target fragment message Property information;
Fragment message processing module, if for determining that the target fragment message is target report according to the message attribute information The non-first fragment message of text determines matched place then according to currently to the reception condition of the first fragment message of the object message Reason strategy carries out network address translation processing to the target fragment message;
Fragment message sequence forwarding module, for determining the network address translation processing completed to the target fragment message Afterwards, forwarding is ranked up to the target fragment message after conversion.
CN201811594403.8A 2018-12-25 2018-12-25 Network address conversion method and device for fragmented messages Active CN109618020B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811594403.8A CN109618020B (en) 2018-12-25 2018-12-25 Network address conversion method and device for fragmented messages

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811594403.8A CN109618020B (en) 2018-12-25 2018-12-25 Network address conversion method and device for fragmented messages

Publications (2)

Publication Number Publication Date
CN109618020A true CN109618020A (en) 2019-04-12
CN109618020B CN109618020B (en) 2022-01-11

Family

ID=66012398

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811594403.8A Active CN109618020B (en) 2018-12-25 2018-12-25 Network address conversion method and device for fragmented messages

Country Status (1)

Country Link
CN (1) CN109618020B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300074A (en) * 2019-06-06 2019-10-01 北京左江科技股份有限公司 A kind of IP packet fragmentation and reassembly method
CN111432377A (en) * 2020-03-31 2020-07-17 北京东土军悦科技有限公司 Train load balancing system and method, train system and base system
CN111447110A (en) * 2020-03-24 2020-07-24 北京润科通用技术有限公司 Data monitoring method and system
CN113411341A (en) * 2021-06-24 2021-09-17 成都卫士通信息产业股份有限公司 Data processing method, device and equipment and readable storage medium
CN113542445A (en) * 2021-05-28 2021-10-22 新华三信息安全技术有限公司 Address translation method, device, equipment and machine readable storage medium
CN114465694A (en) * 2022-01-07 2022-05-10 锐捷网络股份有限公司 Message transmission method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494274A (en) * 2002-10-31 2004-05-05 ����ͨѶ�ɷ����޹�˾ Method of realizing IP message partition and recombination based on network processor
CN1585401A (en) * 2003-08-21 2005-02-23 华为技术有限公司 Network address converting method for zoned message
CN101087296A (en) * 2006-06-08 2007-12-12 上海亿人通信终端有限公司 Method for utilizing network processor to translate the IPv4/IPv6 network protocol
CN101605105A (en) * 2009-07-14 2009-12-16 中兴通讯股份有限公司 A kind of method and apparatus that fragment message is carried out network address translation
CN104579948A (en) * 2013-10-29 2015-04-29 国家计算机网络与信息安全管理中心 Method and device for fragmenting message
CN105162901A (en) * 2015-09-30 2015-12-16 北京特立信电子技术股份有限公司 Method and device for realizing NAT based on SOPC
US20160072767A1 (en) * 2014-09-05 2016-03-10 Alcatel-Lucent Canada Inc. Efficient method of nat without reassemling ipv4 fragments

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494274A (en) * 2002-10-31 2004-05-05 ����ͨѶ�ɷ����޹�˾ Method of realizing IP message partition and recombination based on network processor
CN1585401A (en) * 2003-08-21 2005-02-23 华为技术有限公司 Network address converting method for zoned message
CN101087296A (en) * 2006-06-08 2007-12-12 上海亿人通信终端有限公司 Method for utilizing network processor to translate the IPv4/IPv6 network protocol
CN101605105A (en) * 2009-07-14 2009-12-16 中兴通讯股份有限公司 A kind of method and apparatus that fragment message is carried out network address translation
CN104579948A (en) * 2013-10-29 2015-04-29 国家计算机网络与信息安全管理中心 Method and device for fragmenting message
US20160072767A1 (en) * 2014-09-05 2016-03-10 Alcatel-Lucent Canada Inc. Efficient method of nat without reassemling ipv4 fragments
CN105162901A (en) * 2015-09-30 2015-12-16 北京特立信电子技术股份有限公司 Method and device for realizing NAT based on SOPC

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300074A (en) * 2019-06-06 2019-10-01 北京左江科技股份有限公司 A kind of IP packet fragmentation and reassembly method
CN110300074B (en) * 2019-06-06 2021-08-06 北京左江科技股份有限公司 IP message fragment recombination method
CN111447110A (en) * 2020-03-24 2020-07-24 北京润科通用技术有限公司 Data monitoring method and system
CN111447110B (en) * 2020-03-24 2023-03-10 北京润科通用技术有限公司 Data monitoring method and system
CN111432377A (en) * 2020-03-31 2020-07-17 北京东土军悦科技有限公司 Train load balancing system and method, train system and base system
CN113542445A (en) * 2021-05-28 2021-10-22 新华三信息安全技术有限公司 Address translation method, device, equipment and machine readable storage medium
CN113411341A (en) * 2021-06-24 2021-09-17 成都卫士通信息产业股份有限公司 Data processing method, device and equipment and readable storage medium
CN114465694A (en) * 2022-01-07 2022-05-10 锐捷网络股份有限公司 Message transmission method and device
CN114465694B (en) * 2022-01-07 2024-02-23 锐捷网络股份有限公司 Message transmission method and device

Also Published As

Publication number Publication date
CN109618020B (en) 2022-01-11

Similar Documents

Publication Publication Date Title
CN109618020A (en) A kind of method for network address translation and device of fragment message
US11811660B2 (en) Flow classification apparatus, methods, and systems
US6651099B1 (en) Method and apparatus for monitoring traffic in a network
US7299282B2 (en) State processor for pattern matching in a network monitor device
CN104580027B (en) A kind of OpenFlow message forwarding methods and equipment
US6553002B1 (en) Apparatus and method for routing data packets through a communications network
EP2530874B1 (en) Method and apparatus for detecting network attacks using a flow based technique
US8599859B2 (en) Iterative parsing and classification
JP2001509978A (en) Fast Variable Length Best Match Lookup in Switching Devices
CN104104604A (en) Exact match hash lookup databases in network switch devices
CN108710629B (en) Top-k query method and system based on named data network
CN110912826B (en) Method and device for expanding IPFIX table items by using ACL
CN110061921B (en) Cloud platform data packet distribution method and system
CN111131084A (en) QoS-aware OpenFlow flow table hierarchical storage architecture and application
CN103888449A (en) Method and device for packet reassembly
US9485179B2 (en) Apparatus and method for scalable and flexible table search in a network switch
US7735135B1 (en) Hardware-based intrusion detection accelerator
US7653070B2 (en) Method and system for supporting efficient and cache-friendly TCP session lookup operations based on canonicalization tags
US7661138B1 (en) Finite state automaton compression
JP3837670B2 (en) Data relay apparatus, associative memory device, and associative memory device utilization information retrieval method
CN108063692B (en) Method for recognizing flux and device
CN105162901B (en) Method and device for realizing NAT based on SOPC
WO2017132073A1 (en) Signal matching for entity resolution
US20140321468A1 (en) Fast application recognition system and fast application processing method
CN114221849A (en) Method for realizing intelligent network card by combining FPGA with TCAM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant