CN111030980A - Linux transparent network equipment platform implementation method, device and storage medium - Google Patents

Linux transparent network equipment platform implementation method, device and storage medium Download PDF

Info

Publication number
CN111030980A
CN111030980A CN201910733631.7A CN201910733631A CN111030980A CN 111030980 A CN111030980 A CN 111030980A CN 201910733631 A CN201910733631 A CN 201910733631A CN 111030980 A CN111030980 A CN 111030980A
Authority
CN
China
Prior art keywords
network card
virtual network
virtual
tap
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910733631.7A
Other languages
Chinese (zh)
Inventor
陈震东
黄显澍
肖新光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Antian Science And Technology Group Co ltd
Harbin Antiy Technology Group Co Ltd
Original Assignee
Harbin Antian Science And Technology Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Antian Science And Technology Group Co ltd filed Critical Harbin Antian Science And Technology Group Co ltd
Priority to CN201910733631.7A priority Critical patent/CN111030980A/en
Publication of CN111030980A publication Critical patent/CN111030980A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/324Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the data link layer [OSI layer 2], e.g. HDLC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention discloses a method, a device and a storage medium for realizing a Linux transparent network equipment platform, which relate to the technical field of network transmission safety and can establish a transparent network equipment platform which is convenient for secondary development. The method comprises the following steps: deploying a preset number of physical network cards according to the requirement; constructing a preset number of virtual network cards Tap and virtual Bridge according to requirements; the physical network card and the virtual network card Tap are bridged one to one by using the virtual Bridge; presetting a function on a data transmission link between the virtual network cards Tap; and monitoring the virtual network card Tap, reading data if a trigger event exists, calling a preset function to process the data, and forwarding the processed data to other virtual network card taps.

Description

Linux transparent network equipment platform implementation method, device and storage medium
Technical Field
The invention relates to the technical field of network transmission safety, in particular to a method and a device for realizing a Linux transparent network equipment platform and a storage medium.
Background
The current society is an information-based society, networks participate in clothes and eating habits all the time, and the realization of the networks is dependent on the respective functions and stable operation of various network devices.
The network devices include routers, switches, firewalls, gatekeepers, and special purpose devices, which can typically perform routing, switching, and protection functions. However, most of the above devices are developed based on a dedicated SOC chip, and although the operating state and strategy thereof can be configured, it is difficult to implement secondary development and customized development.
For the field of network security, it is often necessary to inspect, protect, etc. packets over a link, not just on a host, server, etc. Then, by what method such a device disposed on a link can achieve rapid development, have corresponding functionality, operate efficiently, and have minimal impact? If the conventional method is based on the Linux system bottom layer, the function is difficult to develop directly, and the device is required to have an IP address and is a network node, transparent transmission cannot be achieved, and data can be processed at the same time. This form affects the network topology and increases deployment costs.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and a storage medium for implementing a Linux transparent network device platform, which utilize a physical network card, a virtual network card Tap, and a virtual network bridge Brigde to further construct a transparent platform device, thereby solving the problems that a conventional dedicated network device cannot be developed and customized, and is complex to develop based on an operating system bottom layer.
In a first aspect, an embodiment of the present invention provides a method for implementing a Linux transparent network device platform, including:
deploying a preset number of physical network cards according to the requirement;
constructing a preset number of virtual network cards Tap and virtual Bridge according to requirements;
the physical network card and the virtual network card Tap are bridged one to one by using the virtual Bridge;
presetting a function on a data transmission link between the virtual network cards Tap;
and monitoring the virtual network card Tap, reading data if a trigger event exists, calling a preset function to process the data, and forwarding the processed data to other virtual network card taps.
According to a specific implementation manner of the embodiment of the present invention, the deploying a preset number of physical network cards according to a requirement specifically includes: if encryption and decryption equipment is constructed, at least one input physical network card and one output physical network card are required to be deployed; or, if a forwarding device is constructed, at least one input physical network card and one output physical network card are required to be forwarded.
According to a specific implementation manner of the embodiment of the present invention, the constructing a preset number of virtual network cards Tap according to the requirement specifically includes: based on the Linux system, a virtual network card Tap is created using the virtual network card control tool tunctl or by program operation/dev/net/tun.
According to a specific implementation manner of the embodiment of the present invention, the constructing a preset number of virtual Bridge bridges according to the requirement specifically includes: based on the Linux system, a Bridge management tool brctl is used to create a virtual Bridge.
According to a specific implementation manner of the embodiment of the present invention, the one-to-one bridging between the physical network card and the virtual network card Tap by using the virtual Bridge specifically includes: based on the Linux system, a network bridge management tool brctl is used for appointing to add a physical network card and a virtual network card Tap.
According to a specific implementation manner of the embodiment of the present invention, the method further includes: and providing an interface for registering a callback function, pointing a preset function pointer to a user function of a platform user, and compiling the function in the user function according to the user requirement.
According to a specific implementation manner of the embodiment of the present invention, the monitoring virtual network card Tap reads data if there is a trigger event, calls a preset function to process the data, and forwards the processed data to other virtual network card taps, specifically: creating an epoll event, monitoring all virtual network card taps by using a preset function of the epoll event, positioning the virtual network card Tap for receiving data after traversing if a trigger event occurs, reading the data by using a Linux read method, calling the preset function for processing, and sending the processed data to other virtual network card taps by using a Linux write method.
In a second aspect, an embodiment of the present invention provides an apparatus for implementing a Linux transparent network device platform, including:
the physical network card deployment module is used for deploying a preset number of physical network cards according to the requirement;
the network card Bridge creation module is used for creating a preset number of virtual network cards Tap and virtual network bridges according to requirements;
the one-to-one bridging module is used for bridging the physical network card and the virtual network card Tap one to one by utilizing the virtual Bridge;
the preset function module is used for presetting functions on a data transmission link between the virtual network cards Tap;
and the monitoring and forwarding module is used for monitoring the virtual network card Tap, reading data if a trigger event exists, calling a preset function to process the data, and forwarding the processed data to other virtual network card taps.
According to a specific implementation manner of the embodiment of the present invention, the physical network card deployment module is specifically configured to: if encryption and decryption equipment is constructed, at least one input physical network card and one output physical network card are required to be deployed; or, if a forwarding device is constructed, at least one input physical network card and one output physical network card are required to be forwarded.
According to a specific implementation manner of the embodiment of the present invention, the network card bridge creation module creates a preset number of virtual network card taps according to requirements, and specifically includes: based on the Linux system, a virtual network card Tap is created using the virtual network card control tool tunctl or by program operation/dev/net/tun.
According to a specific implementation manner of the embodiment of the present invention, the network card Bridge creation module creates a preset number of virtual Bridge bridges according to a requirement, specifically: based on the Linux system, a Bridge management tool brctl is used to create a virtual Bridge.
According to a specific implementation manner of the embodiment of the present invention, the one-to-one bridge module is specifically configured to: based on the Linux system, a network bridge management tool brctl is used for appointing to add a physical network card and a virtual network card Tap.
According to a specific implementation manner of the embodiment of the present invention, the method further includes: and the interface setting module is used for providing an interface for registering the callback function, pointing the preset function pointer to the user function of the platform user, and compiling the function in the user function according to the user requirement.
According to a specific implementation manner of the embodiment of the present invention, the monitoring and forwarding module is specifically configured to: creating an epoll event, monitoring all virtual network card taps by using a preset function of the epoll event, positioning the virtual network card Tap for receiving data after traversing if a trigger event occurs, reading the data by using a Linux read method, calling the preset function for processing, and sending the processed data to other virtual network card taps by using a Linux write method.
In a third aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes the program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the method of any one of the foregoing implementation modes.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement a method as described in any of the preceding implementations.
The method, the device and the storage medium for realizing the Linux transparent network equipment platform provided by the embodiment of the invention are characterized in that firstly, a preset number of physical network cards are deployed according to needs, a preset number of virtual network cards Tap and a virtual Bridge are created simultaneously, and the physical network cards and the virtual network cards Tap are bridged by the virtual Bridge, so that the architecture foundation of the equipment platform is constructed; and presetting functions on a data transmission link between the virtual network cards Tap, and processing data according to needs by using the preset functions.
The embodiment of the invention can achieve the following technical effects: the equipment platform is transparent to the link, and does not influence the original network topological structure; the equipment platform is convenient to develop and can derive various equipment types; the device platform is a soft implementation mode based on a conventional Linux system, does not depend on traditional hardware equipment, and is low in cost and high in flexibility.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating an embodiment of a method for implementing a Linux transparent network device platform according to the present invention;
FIG. 2 is a schematic diagram of the Linux transparent network device platform according to the present invention;
FIG. 3 is a flowchart illustrating a method for implementing a Linux transparent network device platform according to another embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an embodiment of an apparatus for implementing a Linux transparent network device platform according to the present invention;
fig. 5 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to more clearly state the specific embodiments of the present invention, the following terms are to be interpreted:
a network equipment platform: refers to a basic platform that can provide secondary development and enable it to become a variety of network devices.
Transparent transmission: the method refers to certain software and hardware equipment, and for users at two ends of a network link, the link is straight-through and transparent, and the network topology structure is not influenced.
A Linux application layer: refers to the layer (relative to the kernel layer, driver layer) at which the application software runs.
In a first aspect, an embodiment of the present invention provides a method for implementing a Linux transparent network device platform, which can implement a function of a specific network device platform without affecting an original topology.
Fig. 1 is a flowchart of an embodiment of a method for implementing a Linux transparent network device platform according to the present invention, including:
s101: deploying a preset number of physical network cards according to the requirement;
specific implementations include, but are not limited to: if encryption and decryption equipment is constructed, at least one input physical network card and one output physical network card are required to be deployed; or, if a forwarding device is constructed, at least one input physical network card and one output physical network card are required to be forwarded. Other network device types will require a different number of physical network cards to be deployed.
S102: constructing a preset number of virtual network cards Tap and virtual Bridge according to requirements;
by setting the virtual network card Tap, direct reading and writing of the network data packet can be realized in the Linux application layer. The device platform itself does not have IP, so virtual network cards Tap with the same number as that of link nodes need to be constructed.
Specific implementations include, but are not limited to: based on a Linux system, a virtual network card control tool tunctl is used or a virtual network card Tap is created through program operation/dev/net/tun; based on the Linux system, a Bridge management tool brctl is used to create a virtual Bridge.
More specifically, in a Linux Terminal window, tunctl is input and returned, and one TAP can be created by inputting once, or Shell can be written to realize batch creation. The specific method II comprises the following steps: in the program code, the TAP is created by open ("/dev/net/tun", O _ RDWR). On a Linux system: the bridge is created using the bridge management tool, brctl, with the command "brctladdbr brname".
S103: the physical network card and the virtual network card Tap are bridged one to one by using the virtual Bridge; and further, reading and writing physical network card data on the virtual network card Tap is realized.
Specific implementations include, but are not limited to: based on the Linux system, a network bridge management tool brctl is used for appointing to add a physical network card and a virtual network card Tap.
More specifically, on a Linux system: the network card is added by using the bridge management tool brctl, and the command is 'brctl addif brname name'.
S104: presetting a function on a data transmission link between the virtual network cards Tap;
s105: and monitoring the virtual network card Tap, reading data if a trigger event exists, calling a preset function to process the data, and forwarding the processed data to other virtual network card taps. The data forwarding between the physical network cards is realized by the forwarding of the data between the virtual network cards Tap, the link data enters from one physical network card, and the link data is sent to the target physical network card after being processed as required in the middle.
Specific implementations include, but are not limited to: creating an epoll event, monitoring all virtual network card taps by using a preset function of the epoll event, positioning the virtual network card Tap for receiving data after traversing if a trigger event occurs, reading the data by using a Linux read method, calling the preset function for processing, and sending the processed data to other virtual network card taps by using a Linux write method. One of the architecture diagrams of the network device platform implemented by the present embodiment is shown in fig. 2.
The method of the embodiment can establish a network equipment platform with universality, can conveniently customize the type of the required platform equipment according to the requirement, and is simple and convenient for secondary development.
FIG. 3 is a flowchart of another embodiment of a method for implementing a Linux transparent network device platform according to the present invention, including:
s201: and deploying a preset number of physical network cards according to the requirement.
S202: and constructing a preset number of virtual network cards Tap and virtual Bridge bridges according to the requirements.
S203: the physical network card and the virtual network card Tap are bridged one to one by using the virtual Bridge.
S204: the functions are preset on the data transmission links between the virtual network cards Tap.
S205: and monitoring the virtual network card Tap, reading data if a trigger event exists, calling a preset function to process the data, and forwarding the processed data to other virtual network card taps.
S206: and providing an interface for registering a callback function, pointing a preset function pointer to a user function of a platform user, and compiling the function in the user function according to the user requirement. The final implementation platform calls a preset function, that is, to call a user function, a user can write related functions in the user function as required, including but not limited to: hub, encryption/decryption, forwarding, interception or routing, etc.
The method of the embodiment can establish a network equipment platform with universality, can conveniently customize the type of the required platform equipment according to the requirement, is simple and convenient for secondary development, and can realize the corresponding function only by compiling the user requirement into the user function.
The above embodiment will be described in detail below based on two scenarios, namely, encryption and decryption and forwarding, but is not limited to the following scenarios:
1. the device platform of the embodiment is utilized to realize encryption and decryption:
in a place with higher requirements on safety, a plaintext transmission of an application program on a network link has hidden danger of content leakage, and network link data needs to be encrypted, but a special line is required to be distributed as far as possible, and the topology is not changed.
By using the above embodiment of the present invention, two Linux hosts with dual network cards or embedded devices are selected, the method defaults to full-flow transparent forwarding, and an encryption program for an application (using quintuple 'source, destination IP, source, destination port, protocol' as a determination condition) is developed secondarily in the user function of the above embodiment of the present invention.
During development: and analyzing the data packet in the user function, modifying, namely encrypting the data packet which meets the condition by using the quintuple and the data packet direction as matching characteristics, and modifying, namely decrypting the data packet in the opposite direction.
When in deployment: two equipment platforms using the embodiment of the invention are respectively deployed at two ends of a link needing to be encrypted, two network ports of the equipment platform are input and output at one time, a PC port inputs a plaintext, and a link port outputs a ciphertext, otherwise, the link port inputs the ciphertext, and the PC port outputs the plaintext. Encryption and decryption can be realized.
2. The equipment platform of the embodiment is utilized to realize forwarding:
in some special application scenarios, a data packet sent by a to B needs to be forwarded to C, or the data packet is disguised as B by C to receive a data packet of a, where C may be various network detection and monitoring devices such as IDS, Traffic Analysis, and the like. The conventional network equipment and method are difficult to realize and often have influence on the original network of A \ B \ C.
With the above embodiment of the present invention, a Linux host with a dual network card or an embedded device is selected first, the embodiment defaults to full-traffic transparent forwarding, and in the user function provided by the present platform, an encryption program for an application (using quintuple 'source, destination IP, source, destination port, protocol' as a determination condition) is developed secondarily.
During development: and analyzing the data packet in the user function, modifying the information such as the IP of the data packet according with the conditions by using the quintuple and the direction of the data packet as matching characteristics, writing the information into the Tap connected with the C, and forwarding the information to the C through an interface.
When in deployment: the data packet forwarding method and the data packet forwarding device can realize the purpose that the data packet is forwarded to the node C by deploying the device platform using the embodiment of the invention on the links from A to B, wherein the inlet is connected with the node A, the outlet is connected with the node B, and the forwarding port is connected with the node C.
In a second aspect, an embodiment of the present invention provides an apparatus for implementing a Linux transparent network device platform, which is capable of implementing a function of a specific network device platform without affecting an original topology.
Fig. 4 is a schematic structural diagram of an embodiment of an apparatus for implementing a Linux transparent network device platform according to the present invention, where the apparatus of this embodiment may include:
a physical network card deployment module 301, configured to deploy a preset number of physical network cards according to a requirement;
a network card Bridge creation module 302, configured to create a preset number of virtual network cards Tap and virtual network bridges according to a requirement;
a one-to-one bridging module 303, configured to Bridge the physical network card and the virtual network card Tap one-to-one by using the virtual Bridge;
a preset function module 304, configured to preset a function on a data transmission link between the virtual network cards Tap;
the monitoring and forwarding module 305 is configured to monitor the virtual network card Tap, read data if a trigger event exists, call a preset function to process the data, and forward the processed data to another virtual network card Tap.
Preferably, the physical network card deployment module is specifically configured to: if encryption and decryption equipment is constructed, at least one input physical network card and one output physical network card are required to be deployed; or, if a forwarding device is constructed, at least one input physical network card and one output physical network card are required to be forwarded.
Preferably, the network card bridge creation module creates a preset number of virtual network cards Tap according to requirements, specifically: based on the Linux system, a virtual network card Tap is created using the virtual network card control tool tunctl or by program operation/dev/net/tun.
Preferably, the network card Bridge creating module creates a preset number of virtual bridges according to requirements, specifically: based on the Linux system, a Bridge management tool brctl is used to create a virtual Bridge.
Preferably, the one-to-one bridge module is specifically configured to: based on the Linux system, a network bridge management tool brctl is used for appointing to add a physical network card and a virtual network card Tap.
Preferably, the method further comprises the following steps: and the interface setting module is used for providing an interface for registering the callback function, pointing the preset function pointer to the user function of the platform user, and compiling the function in the user function according to the user requirement.
Preferably, the monitoring and forwarding module is specifically configured to: creating an epoll event, monitoring all virtual network card taps by using a preset function of the epoll event, positioning the virtual network card Tap for receiving data after traversing if a trigger event occurs, reading the data by using a Linux read method, calling the preset function for processing, and sending the processed data to other virtual network card taps by using a Linux write method.
The method of the embodiment can establish a network equipment platform with universality, can conveniently customize the type of the required platform equipment according to the requirement, and is simple and convenient for secondary development.
In a third aspect, an embodiment of the present invention further provides an electronic device, which can implement a function of a specific network device platform without affecting an original topology.
Fig. 5 is a schematic structural diagram of an embodiment of an electronic device of the present invention, where the electronic device may include: the device comprises a shell 51, a processor 52, a memory 53, a circuit board 54 and a power circuit 55, wherein the circuit board 54 is arranged inside a space enclosed by the shell 51, and the processor 52 and the memory 53 are arranged on the circuit board 54; a power supply circuit 55 for supplying power to each circuit or device of the electronic apparatus; the memory 53 is used to store executable program code; the processor 52 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 53, for executing the method according to any of the foregoing embodiments.
The specific execution process of the above steps by the processor 52 and the steps further executed by the processor 52 by running the executable program code may refer to the description of the embodiment shown in fig. 1 to 3 of the present invention, and are not described herein again.
The electronic device exists in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
In a fourth aspect, embodiments of the present invention also provide a computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement a method as described in any of the preceding implementations.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (16)

1. A method for realizing a Linux transparent network equipment platform is characterized by comprising the following steps:
deploying a preset number of physical network cards according to the requirement;
constructing a preset number of virtual network cards Tap and virtual Bridge according to requirements;
the physical network card and the virtual network card Tap are bridged one to one by using the virtual Bridge;
presetting a function on a data transmission link between the virtual network cards Tap;
and monitoring the virtual network card Tap, reading data if a trigger event exists, calling a preset function to process the data, and forwarding the processed data to other virtual network card taps.
2. The method of claim 1, wherein the deploying of the preset number of physical network cards according to the requirement specifically comprises: if encryption and decryption equipment is constructed, at least one input physical network card and one output physical network card are required to be deployed; or, if a forwarding device is constructed, at least one input physical network card and one output physical network card are required to be forwarded.
3. The method of claim 1, wherein the constructing a preset number of virtual network card taps according to the requirement specifically includes: based on the Linux system, a virtual network card Tap is created using the virtual network card control tool tunctl or by program operation/dev/net/tun.
4. The method of claim 1, wherein the constructing a preset number of virtual bridges on demand comprises: based on the Linux system, a Bridge management tool brctl is used to create a virtual Bridge.
5. The method of claim 1, wherein the physical network card and the virtual network card Tap are bridged one-to-one by using the virtual Bridge, specifically: based on the Linux system, a network bridge management tool brctl is used for appointing to add a physical network card and a virtual network card Tap.
6. The method of claim 1, further comprising: and providing an interface for registering a callback function, pointing a preset function pointer to a user function of a platform user, and compiling the function in the user function according to the user requirement.
7. The method according to claim 1, wherein the monitoring of the virtual network card Tap reads data if there is a trigger event, calls a preset function to process the data, and forwards the processed data to other virtual network card taps, specifically: creating an epoll event, monitoring all virtual network card taps by using a preset function of the epoll event, positioning the virtual network card Tap for receiving data after traversing if a trigger event occurs, reading the data by using a Linux read method, calling the preset function for processing, and sending the processed data to other virtual network card taps by using a Linux write method.
8. An apparatus for implementing a Linux transparent network device platform, comprising:
the physical network card deployment module is used for deploying a preset number of physical network cards according to the requirement;
the network card Bridge creation module is used for creating a preset number of virtual network cards Tap and virtual network bridges according to requirements;
the one-to-one bridging module is used for bridging the physical network card and the virtual network card Tap one to one by utilizing the virtual Bridge;
the preset function module is used for presetting functions on a data transmission link between the virtual network cards Tap;
and the monitoring and forwarding module is used for monitoring the virtual network card Tap, reading data if a trigger event exists, calling a preset function to process the data, and forwarding the processed data to other virtual network card taps.
9. The apparatus of claim 8, wherein the physical network card deployment module is specifically configured to: if encryption and decryption equipment is constructed, at least one input physical network card and one output physical network card are required to be deployed; or, if a forwarding device is constructed, at least one input physical network card and one output physical network card are required to be forwarded.
10. The apparatus according to claim 8, wherein the network card bridge creation module creates a preset number of virtual network cards Tap according to requirements, specifically: based on the Linux system, a virtual network card Tap is created using the virtual network card control tool tunctl or by program operation/dev/net/tun.
11. The apparatus of claim 8, wherein the network card Bridge creation module creates a preset number of virtual bridges according to requirements, specifically: based on the Linux system, a Bridge management tool brctl is used to create a virtual Bridge.
12. The apparatus of claim 8, wherein the one-to-one bridge module is specifically configured to: based on the Linux system, a network bridge management tool brctl is used for appointing to add a physical network card and a virtual network card Tap.
13. The apparatus of claim 8, further comprising: and the interface setting module is used for providing an interface for registering the callback function, pointing the preset function pointer to the user function of the platform user, and compiling the function in the user function according to the user requirement.
14. The apparatus of claim 8, wherein the snoop forwarding module is specifically configured to: creating an epoll event, monitoring all virtual network card taps by using a preset function of the epoll event, positioning the virtual network card Tap for receiving data after traversing if a trigger event occurs, reading the data by using a Linux read method, calling the preset function for processing, and sending the processed data to other virtual network card taps by using a Linux write method.
15. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method of any of the preceding claims.
16. A computer readable storage medium, characterized in that the computer readable storage medium stores one or more programs which are executable by one or more processors to implement the method of any preceding claim.
CN201910733631.7A 2019-08-09 2019-08-09 Linux transparent network equipment platform implementation method, device and storage medium Pending CN111030980A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910733631.7A CN111030980A (en) 2019-08-09 2019-08-09 Linux transparent network equipment platform implementation method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910733631.7A CN111030980A (en) 2019-08-09 2019-08-09 Linux transparent network equipment platform implementation method, device and storage medium

Publications (1)

Publication Number Publication Date
CN111030980A true CN111030980A (en) 2020-04-17

Family

ID=70203671

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910733631.7A Pending CN111030980A (en) 2019-08-09 2019-08-09 Linux transparent network equipment platform implementation method, device and storage medium

Country Status (1)

Country Link
CN (1) CN111030980A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113221147A (en) * 2021-05-27 2021-08-06 安天科技集团股份有限公司 Data packet processing method, device and storage medium
CN114050992A (en) * 2021-10-20 2022-02-15 北京鲸鲮信息系统技术有限公司 Data processing method, device and equipment of multi-domain system
US11368283B2 (en) * 2019-11-15 2022-06-21 Facebook Technologies, Llc Encryption and decryption engines with selective key expansion skipping
CN114697161A (en) * 2021-12-31 2022-07-01 网络通信与安全紫金山实验室 Semi-entity simulation system and simulation method for time-sensitive network
CN117793034A (en) * 2023-12-27 2024-03-29 北京天融信网络安全技术有限公司 Network card adding method, device, computing equipment and machine-readable storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480420A (en) * 2010-11-29 2012-05-30 北京系统工程研究所 Message sending method as well as message receiving method, device and system
CN103259735A (en) * 2013-05-15 2013-08-21 重庆邮电大学 Communication method of programmable virtualized router based on NetFPGA
CN105553889A (en) * 2015-12-21 2016-05-04 浪潮集团有限公司 Fast packet-receiving/packet-transmitting transferring method between physical network card and virtual network card under kernel network bridge
CN106953788A (en) * 2017-02-16 2017-07-14 北京西普阳光教育科技股份有限公司 A kind of Virtual Network Controller and control method
CN107294869A (en) * 2017-06-22 2017-10-24 郑州云海信息技术有限公司 A kind of method and system of Microsoft Loopback Adapter message crawl
CN107968849A (en) * 2017-11-28 2018-04-27 新浪网技术(中国)有限公司 The method and device that a kind of network special line is plugged into
CN108494679A (en) * 2018-06-01 2018-09-04 武汉绿色网络信息服务有限责任公司 A kind of SSH message forwarding methods and device for realizing router based on linux system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480420A (en) * 2010-11-29 2012-05-30 北京系统工程研究所 Message sending method as well as message receiving method, device and system
CN103259735A (en) * 2013-05-15 2013-08-21 重庆邮电大学 Communication method of programmable virtualized router based on NetFPGA
CN105553889A (en) * 2015-12-21 2016-05-04 浪潮集团有限公司 Fast packet-receiving/packet-transmitting transferring method between physical network card and virtual network card under kernel network bridge
CN106953788A (en) * 2017-02-16 2017-07-14 北京西普阳光教育科技股份有限公司 A kind of Virtual Network Controller and control method
CN107294869A (en) * 2017-06-22 2017-10-24 郑州云海信息技术有限公司 A kind of method and system of Microsoft Loopback Adapter message crawl
CN107968849A (en) * 2017-11-28 2018-04-27 新浪网技术(中国)有限公司 The method and device that a kind of network special line is plugged into
CN108494679A (en) * 2018-06-01 2018-09-04 武汉绿色网络信息服务有限责任公司 A kind of SSH message forwarding methods and device for realizing router based on linux system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ZHUO LI: "A Novel Hardware-Assisted Virtualization Approach for Network Interface Card", 《2009 INTERNATIONAL CONFERENCE ON RESEARCH CHALLENGES IN COMPUTER SCIENCE》 *
刘东: "基于虚拟机及开源路由技术的网络实验平台设计与实现", 《计算机光盘软件与应用》 *
曹志龙等: "嵌入式Linux虚拟网卡驱动中数据包的提取及转发技术", 《工业控制计算机》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11368283B2 (en) * 2019-11-15 2022-06-21 Facebook Technologies, Llc Encryption and decryption engines with selective key expansion skipping
US11777711B1 (en) 2019-11-15 2023-10-03 Meta Platforms Technologies, Llc Encryption and decryption engines with selective key expansion skipping
CN113221147A (en) * 2021-05-27 2021-08-06 安天科技集团股份有限公司 Data packet processing method, device and storage medium
CN114050992A (en) * 2021-10-20 2022-02-15 北京鲸鲮信息系统技术有限公司 Data processing method, device and equipment of multi-domain system
CN114050992B (en) * 2021-10-20 2023-08-29 北京字节跳动网络技术有限公司 Data processing method, device and equipment of multi-domain system
CN114697161A (en) * 2021-12-31 2022-07-01 网络通信与安全紫金山实验室 Semi-entity simulation system and simulation method for time-sensitive network
CN114697161B (en) * 2021-12-31 2023-10-13 网络通信与安全紫金山实验室 Semi-solid simulation system and simulation method for time-sensitive network
CN117793034A (en) * 2023-12-27 2024-03-29 北京天融信网络安全技术有限公司 Network card adding method, device, computing equipment and machine-readable storage medium

Similar Documents

Publication Publication Date Title
CN111030980A (en) Linux transparent network equipment platform implementation method, device and storage medium
US9021585B1 (en) JTAG fuse vulnerability determination and protection using a trusted execution environment
JP6193879B2 (en) Method for routing in a mobile terminal emulating a contactless payment card
CN111726399B (en) Docker container secure access method and device
KR101907486B1 (en) Mobile computing system for providing execution environment having high secure ability
US20180124118A1 (en) Flow Control Method and Device
CN112714158B (en) Transaction processing method, relay network, cross-link gateway, system, medium and equipment
CN108536480B (en) Input method configuration method and related product
CN109491723A (en) Application program running method, application program running device and mobile terminal
CN111147600B (en) Service execution method and terminal under cluster environment
CN112019545A (en) Honeypot network deployment method, device, equipment and medium
CN115865654A (en) Method for communicating with server, electronic device and storage medium
CN106681714A (en) Method and device for setting program environments and electronic equipment
US20170357593A1 (en) System and Method for Securing a Network Device
CN112311624B (en) Cloud host testing method and device, storage medium and electronic equipment
CN111614694B (en) Communication method, communication device, electronic equipment and computer-readable storage medium
CN111010346B (en) Message processing method, device, storage medium and device based on dynamic routing
CN115955360A (en) Privacy calculation method based on resource virtual domain name, electronic equipment and storage medium
CN115883390A (en) Network attack and defense combat scene virtualization simulation method and device and electronic equipment
CN113377430B (en) Configuration system of industrial plug-in
CN115269056A (en) Encryption module plug-in method and device based on class loader and related product
CN114172815A (en) Behavior traffic transmission method and device, computer equipment and computer readable storage medium
CN114285621A (en) Network threat monitoring method and device and electronic equipment
CN111970197A (en) Method, system, terminal and storage medium for improving read-write performance of network file system
CN102891888B (en) Data access method and related equipment and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road)

Applicant after: Antan Technology Group Co.,Ltd.

Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road)

Applicant before: Harbin Antian Science and Technology Group Co.,Ltd.