CN111786905A - Message reassembly method and apparatus, processor, storage medium, and network device - Google Patents
Message reassembly method and apparatus, processor, storage medium, and network device Download PDFInfo
- Publication number
- CN111786905A CN111786905A CN202010623495.9A CN202010623495A CN111786905A CN 111786905 A CN111786905 A CN 111786905A CN 202010623495 A CN202010623495 A CN 202010623495A CN 111786905 A CN111786905 A CN 111786905A
- Authority
- CN
- China
- Prior art keywords
- message
- fragment
- processor core
- processor
- core
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/90—Buffering arrangements
- H04L49/9057—Arrangements for supporting packet reassembly or resequencing
Abstract
The application relates to the technical field of computer networks, and provides a message reassembly method and device, a processor, a storage medium and network equipment. The message recombination method comprises the following steps: the first processor core receives the fragment message from the network card and acquires message identification information in the fragment message; the first processor core judges whether the fragment message is the first fragment; if the message is the first fragment, the first processor core stores the message identification information and the identifier of the first processor core in a correlation manner, receives fragment messages from other processor cores, and recombines the fragment messages received from the network card and the other processor cores; if the fragment is not the first fragment, the first processor core searches the processor core identifier associated with the message identification information, and sends the fragment message to the processor core corresponding to the found identifier. The method fully utilizes the processing performance of the multi-core processor, remarkably improves the efficiency of message recombination, and meanwhile, the inter-core transmission times of the fragmented messages are less, and the system load is lighter.
Description
Technical Field
The present application relates to the field of data communication technologies, and in particular, to a method and an apparatus for packet reassembly, a processor, a storage medium, and a network device.
Background
At present, as network attacks are increasing, a large number of network security devices are developed and deployed in an actual network environment, and after receiving a message, the network security devices perform security detection on the content of the message, so as to discover a potential attack behavior in time. On the other hand, due to the popularization of network applications, the use of the fragmented messages in the network is more and more, and after the network security device receives the fragmented messages, the network security device needs to firstly recombine the fragmented messages into complete messages to be able to perform security detection.
Although a multi-core processor is generally adopted in the existing network security equipment, only one fixed processor core is usually allocated to be responsible for the recombination of all the fragmented messages, so that the message recombination efficiency is low, and the performance advantage of the multi-core processor cannot be fully exerted.
Disclosure of Invention
In view of this, embodiments of the present application provide a method and an apparatus for packet reassembly, a processor, a storage medium, and a network device, so as to solve the above technical problem.
In order to achieve the above purpose, the present application provides the following technical solutions:
in a first aspect, an embodiment of the present application provides a method for packet reassembly, including: the method comprises the steps that a first processor core receives a fragmentation message from a network card and obtains message identification information carried in the fragmentation message; the first processor core judges whether the fragment message is the first fragment in a complete message; if the fragment message is the first fragment, the first processor core stores the message identification information and the identifier of the first processor core in a correlation manner, receives fragment messages from other processor cores, and recombines the fragment messages received from the network card and the other processor cores; if the fragment message is not the first fragment, the first processor core searches for the processor core identifier associated with the message identification information, and sends the fragment message to the processor core corresponding to the found processor core identifier.
In the method, the processor core receiving the first fragment message is responsible for message reassembly, and after receiving the fragment message (other than the first fragment message), other processor cores transmit the received fragment message to the processor core receiving the first fragment message.
In the network equipment, the probability that each processor core receives the fragment message from the network card is basically the same, so that when a large number of messages are processed, the message recombination tasks are basically and uniformly distributed to each processor core, the processing performance of a multi-core processor of the network equipment is fully developed, the message recombination efficiency is obviously improved, and the performance bottleneck caused by only using a single processor core to recombine the messages is avoided.
In addition, when the processor core receiving the non-first fragment message forwards the fragment message, the fragment message can be sent to the processor core receiving the first fragment message only by one-time inter-core transmission, so that the performance overhead caused by a large amount of inter-core transmission is avoided, and the system load is effectively reduced.
In an implementation manner of the first aspect, the fragment packet is an Internet Protocol (IP) fragment packet, and the packet identification information includes a source IP address, a destination IP address, and a packet identifier.
The source IP address, the destination IP address and the message identification are contained in the header of the IP message, and one IP message can be uniquely identified by utilizing the three items of information.
In an implementation manner of the first aspect, the determining, by the first processor core, whether the fragment packet is a first fragment includes: the first processor core judges whether the fragment message carries quintuple information or not, if the fragment message carries the quintuple information, the first processor core determines that the fragment message is the first fragment, and if the fragment message does not carry the quintuple information, the first processor core determines that the fragment message is not the first fragment; or the first processor core obtains the slice offset carried in the slice message, if the value of the slice offset is 0, the first processor core determines that the slice message is the first slice, and if the value of the slice offset is greater than 0, the first processor core determines that the slice message is not the first slice.
For an IP packet, only the first fragment packet carries complete quintuple information, i.e., a source IP address, a destination IP address, a source port, a destination port, and a protocol type, and a subsequent fragment packet does not contain a header of a transport layer and therefore does not carry two items of information, i.e., the source port and the destination port, so that whether the fragment packet is the first fragment packet can be determined according to whether a certain fragment packet contains complete quintuple information. In addition, for the IP fragment messages, the header includes the offset of the current fragment in the complete message, referred to as fragment offset for short, the fragment offset of the first fragment message is 0, and the fragment offsets of the subsequent fragment messages are all greater than 0, so that whether a certain fragment message is the first fragment message can be determined according to the value of the fragment offset.
In an implementation manner of the first aspect, the reassembling, by the first processor core, the fragment messages received from the network card and the other processor cores includes: the first processor core caches the fragment messages received from the network card and the other processor cores; if the first processor core caches all the fragment messages of a complete message in a preset time period, the cached fragment messages of the complete message are recombined, and if the first processor core caches only part of the fragment messages of the complete message in the preset time period, the cached fragment messages of the complete message are discarded.
Due to the complexity of the network environment or the attack, the fragment message may be lost in the transmission process, so that the network device cannot receive all fragments of a certain complete message, and at this time, the received fragment message can be discarded. Certainly, before discarding the fragment message, the fragment message should be buffered for a period of time, and all fragments of the complete message should be waited for to be received as much as possible, so as to avoid the repeated transmission of the message in the network.
In a second aspect, an embodiment of the present application provides a packet reassembly method, including: the method comprises the steps that a first processor core receives a fragmentation message from a network card and obtains message identification information carried in the fragmentation message; the first processor core searches for a processor core identifier associated with the message identification information; if the search fails, the first processor core stores the message identification information and the identifier of the first processor core in a correlation manner, receives fragment messages from other processor cores, and recombines the fragment messages received from the network card and the other processor cores; and if the search is successful, the first processor core sends the fragment message to the processor core corresponding to the searched processor core identifier.
The message reassembly method provided in the second aspect is similar to the message reassembly method provided in the first aspect, and the difference is mainly that the processor core that receives the fragment message first (for a certain complete message, the fragment message received first is not necessarily the first fragment message) is responsible for message reassembly, and after receiving the fragment message, the other processor cores all transmit the received fragment message to the processor core that receives the fragment message first.
In the network equipment, the probability that each processor core receives the fragment message from the network card is basically the same, so that when a large number of messages are processed, the message recombination tasks are basically and uniformly distributed to each processor core, the processing performance of a multi-core processor of the network equipment is fully developed, the message recombination efficiency is obviously improved, and the performance bottleneck caused by only using a single processor core to recombine the messages is avoided.
In addition, when the processor core which does not receive the fragment message firstly forwards the fragment message, the fragment message can be sent to the processor core which receives the fragment message firstly only by one-time inter-core transmission, so that the performance overhead caused by a large amount of inter-core transmission is avoided, and the system load is effectively reduced.
In other words, if the fragmented packet received by the processor core is the first fragment, it is highly likely that the corresponding complete packet is a normal packet, and thus the complete packet is reassembled, which generally will not cause a problem.
In other words, if the fragment packet received by the processor core is not the first fragment, the fragment packet has a certain probability of being an abnormal packet, and if packet reassembly is attempted based on an abnormal packet, not only a complete packet may not be reassembled, but also an abnormality of the network device may be caused. For example, an attacker intentionally constructs a large amount of messages which are not the first fragment, so that a processor core is occupied in a large amount and cannot reconstruct an effective message, and further, a normal fragment message cannot obtain a recombination chance.
Especially for network security devices, the method for packet reassembly provided in the first aspect is more suitable.
In a third aspect, an embodiment of the present application provides a packet reassembly device, including: the first message receiving module is used for receiving the fragment message from the network card by using the first processor core and acquiring the message identification information carried in the fragment message; the message judgment module is used for judging whether the fragment message is the first fragment in a complete message by using the first processor core; the first message processing module is used for storing the message identification information and the identifier of the first processor core in a related manner by using the first processor core when the fragment message is the first fragment, receiving the fragment messages from other processor cores, and recombining the fragment messages received from the network card and the other processor cores; and the first processor is used for searching the processor core identifier associated with the message identification information when the fragment message is not the first fragment, and sending the fragment message to the processor core corresponding to the searched processor core identifier.
In a fourth aspect, an embodiment of the present application provides a packet reassembly device, including: the second message receiving module is used for receiving the fragment message from the network card by using the first processor core and acquiring message identification information carried in the fragment message; the information searching module is used for searching the processor core identifier associated with the message identification information by utilizing the first processor core; the second message processing module is used for storing the message identification information and the identifier of the first processor core in a related manner by using the first processor core when the search fails, receiving fragment messages from other processor cores, and recombining the fragment messages received from the network card and the other processor cores; and the first processor core is used for sending the fragment message to the processor core corresponding to the found processor core identifier when the search is successful.
In a fifth aspect, an embodiment of the present application provides a multi-core processor, where at least two processor cores in the multi-core processor are configured to execute the method provided in any one of the possible implementation manners of the first aspect, the second aspect, or both.
In a sixth aspect, an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium has stored thereon computer program instructions, and when the computer program instructions are read by a multi-core processor and executed, the computer program instructions perform the method provided in any one of the possible implementation manners of the first aspect, the second aspect, or both.
In a seventh aspect, an embodiment of the present application provides a network device, including a memory and a multi-core processor, where the memory stores computer program instructions, and the computer program instructions are read by the multi-core processor and executed to perform the method provided in any one of the first aspect, the second aspect, or any one of the two possible implementation manners.
In order to make the aforementioned objects, technical solutions and advantages of the present application more comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 shows a flowchart of a message reassembly method according to an embodiment of the present application;
fig. 2 is a flowchart illustrating another message reassembly method according to an embodiment of the present application;
fig. 3 is a functional block diagram of a message reassembly device according to an embodiment of the present application;
fig. 4 is a functional block diagram of another packet reassembly device according to an embodiment of the present application;
fig. 5 shows a structure diagram of a network device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The packet reassembly method (including the methods shown in fig. 1 and fig. 2) provided by the embodiment of the present application can be executed by processor cores in a multi-core processor, and at least two processor cores need to be allocated in one multi-core processor for executing the method. The logic of the method executed on each processor core is the same (for example, each processor core may run an identical process or thread), so that the method executed on only one processor core is selected for description hereinafter, and the processor core is referred to as a first processor core without loss of generality.
The multi-core processor may be configured in a network device, and fig. 5 shows a possible structure of the network device, which is described in detail with reference to fig. 5 later.
In addition, the present application does not limit what type of packet the fragmented packet needs to be reassembled, and various network protocols used at present support fragmentation of the packet, so the method proposed by the present application can be applied when packet reassembly is performed, and in the following, for simplicity, reassembly of IP fragmented packets is mainly taken as an example.
Fig. 1 shows a flowchart of a message reassembly method provided in an embodiment of the present application, and referring to fig. 1, the method includes:
step S110: and the first processor core receives the fragment message from the network card and acquires message identification information carried in the fragment message.
After receiving the fragment message, the network card of the network device distributes the fragment message to each processor core for continuous processing. Distribution strategies can be varied: such as random distribution, round robin distribution, or computing a hash value based on the message content and then distributing based on the computed hash value, etc. In a word, the probability that each processor core receives the fragment message from the network card is basically the same.
After receiving the fragment message, the first processor core analyzes the message to obtain message identification information contained in the message. The message identification information refers to information capable of distinguishing different messages, and for different fragmented messages obtained by splitting the same complete message, the message identification information is completely the same. For example, for an IP packet, the packet identification information at least includes a source IP address, a destination IP address, and a packet identifier, and an IP packet can be uniquely identified by using these three items of information. It should be noted that, for the IPv4 message, the message identifier is located in the message header, and for the IPv6 message, the message identifier is located in the extension header, and the slice offset mentioned later is similar and will not be described in detail.
It can be understood that, when the first processor core parses the fragment packet, other information besides the packet identification information may also be obtained, and the information will be used in the subsequent steps.
Step S120: and the first processor core judges whether the fragment message is the first fragment in the complete message.
The first processor core may determine whether the first fragment packet is the first fragment packet in the complete packet by using various methods, if the fragment packet is the first fragment, step S130 is executed, otherwise step S140 is executed. Taking the IP packet as an example:
the method comprises the following steps: after the complete IP packet is fragmented, only the first fragmented packet carries complete five-tuple information, i.e., the source IP address, the destination IP address, the source port, the destination port, and the protocol type, where the source IP address, the destination IP address, and the protocol type are carried in the IP header, and the source port and the destination port are carried in the transport layer header, but the non-first fragmented packet does not carry two items of information, i.e., the source port and the destination port, because it does not contain the transport layer header. Therefore, whether a certain fragment message is the first fragment message can be judged according to whether the fragment message contains complete quintuple information, if the fragment message contains the complete quintuple information, the fragment message is the first fragment in the complete message, and if not, the fragment message is not the first fragment.
The method 2 comprises the following steps: for the IP fragment messages, the IP header includes the offset of the current fragment message in the complete message, referred to as fragment offset for short, the fragment offset of the first fragment message is 0, and the fragment offsets of the subsequent fragment messages are all greater than 0, so that if the value of the fragment offset carried in a certain fragment message is 0, it indicates that the fragment message is the first fragment in the complete message, and if the value of the fragment offset is greater than 0, it indicates that the fragment message is not the first fragment.
Step S130: and if the fragment message is the first fragment, the first processor core stores the message identification information and the identifier of the first processor core in a correlation manner, receives the fragment message from other processor cores, and recombines the fragment message received from the network card and the other processor cores.
The message identification information has been introduced previously, and the processor core identifier is used to uniquely identify one processor core, in some systems, the identifier is called as a CPU _ ID, and the term of associative storage means that the message identification information and the processor core identifier are bound together, and after binding, the corresponding processor core identifier can be found and obtained through the given message identification information. Once the packet identification information of a complete packet is bound to the identifier of a processor core, it means that the fragments of the complete packet need to be reassembled at the processor core. In some implementations, the packet identification information and the processor core identifier may be stored in a pre-established table, which may be stored in a cache area convenient for the processor core to access quickly, for example, a memory of the network device or a cache of the processor itself. For example, for an IP packet, the table may include four fields, i.e., a source IP address, a destination IP address, a packet identifier, and a processor core identifier.
Since the first fragment of the complete message is already received by the first processor core, if other processor cores receive other fragments of the complete message from the network card, the first fragment is not necessarily the first fragment. Similar to step S110 and step S120, after receiving the fragment packet, the other processor cores may also first parse the packet identification information of the fragment packet and determine that the fragment packet is not the first fragment, and then the other processor cores may search for the processor core identifier associated with the packet identification information of the non-first fragment packet (for example, search from the above-mentioned table stored in the cache region), because each fragment packet obtained by splitting the same complete packet has the same packet identification information, and the first processor core has stored the packet identification information in association with the identifier of the first processor core, the other processor cores can successfully find the identifier of the first processor core, and further can send the non-first fragment packet received by themselves to the first processor core in an inter-core transmission manner, and the specific transmission manner is not limited, for example, the transfer may be performed by setting a shared queue.
It should be noted that, when other processor cores search for the processor core identifier associated with the packet identification information of the non-first fragmented packet, there is also a case of a search failure, for example, the first fragmented packet may be lost, or the received time is later, so that the corresponding packet identification information is not yet bound to the identifier of the processor core. At this time, the processor core that receives the non-first fragmented packet may adopt different processing strategies, for example, directly discard the fragmented packet, or cache the fragmented packet first, and then find the identifier of the non-first fragmented packet that should be sent to the reassembled processor core again after a period of time.
The first processor core may reassemble the fragment packet received from the other processor core and the fragment packet received by itself (including the first fragment packet and the non-first fragment packet received by the first processor core later), and in some implementation manners, the specific process of reassembling the packet may be:
first, the first processor core caches the fragment messages received from the network card and other processor cores.
Then, the first processor core may attempt to reassemble the fragmented packet within a preset time period (for example, the time period may be started from the first fragmented packet received by the first processor core): if all fragments of a certain complete message are cached by the first processor core within a preset time period, the cached fragments of the complete message are reassembled, and the successfully reassembled message can be subjected to subsequent processing, for example, for a security gateway device, the subsequent processing may be to perform security detection on the message. If the first processor core only caches a part of fragments of a certain complete message within a preset time period, which indicates that some fragments of the complete message are lost (for example, because of network congestion or attacks and the like), the first processor core continues to wait for the fact that the fragments are received with little meaning, and at this time, the cached fragments of the complete message can be discarded, and the storage space is released in time.
It should be understood that the above-mentioned caching of the fragment packet by the first processor core means that the packet is written into a certain cache region under the control of the first processor core and is stored, and does not mean that the fragment packet is cached inside the first processor core.
Step S140: if the fragment message is not the first fragment, the first processor core searches the processor core identifier associated with the message identification information, and sends the fragment message to the processor core corresponding to the found processor core identifier.
It will be appreciated that the behavior of the first processor core in step S140 is similar to the behavior of the other processor cores mentioned in the description of step S130. That is, if the first fragment packet is not received by the first processor core, the first processor core transmits the received fragment packet to the processor core that receives the first fragment packet, and the processor core is responsible for reassembly.
In summary, in the packet reassembly method shown in fig. 1, the processor core that receives the first fragment packet is responsible for packet reassembly, and after receiving the fragment packet (not the first fragment packet), other processor cores all transmit the received fragment packet to the processor core that receives the first fragment packet.
It has been mentioned previously that in the network device, the probabilities of each processor core receiving the fragment messages from the network card are substantially the same, so that when a large number of messages are processed, the message reassembly tasks are substantially and uniformly distributed to each processor core, so that the processing performance of the multi-core processor of the network device is fully developed, the message reassembly efficiency is significantly improved, and the performance bottleneck caused by only using a single processor core to reassemble the messages is avoided.
In addition, when the processor core receiving the non-first fragment message forwards the fragment message, the fragment message can be sent to the processor core receiving the first fragment message only by one-time inter-core transmission, so that the performance overhead caused by a large amount of inter-core transmission is avoided, and the system load is effectively reduced.
Fig. 2 is a flowchart illustrating another packet reassembly method according to an embodiment of the present application. Referring to fig. 2, the method includes:
step S210: and the first processor core receives the fragment message from the network card and acquires message identification information carried in the fragment message.
Step S210 is similar to step S110 and will not be repeated.
Step S220: the first processor core looks up a processor core identifier associated with the message identification information.
If the search fails, go to step S230; if the search is successful, go to step S240.
Step S230: and if the search fails, the first processor core stores the message identification information and the identifier of the first processor core in a correlation manner, receives the fragment messages from other processor cores, and recombines the fragment messages received from the network card and other processor cores.
The search failure indicates that the message identification information is not bound to any processor core identifier, or that the currently received fragment message is the fragment that is received by the multi-core processor first in all fragments of a certain complete message, it should be noted that the fragment message is not necessarily the first fragment of the complete message, although the probability of the fragment being the first fragment is high. At this time, the first processing core binds the message identification information with the own processor core identifier, informs other processor cores of being responsible for message recombination by the first processing core through the binding relationship, and if the other processors receive the fragment messages containing the same message identification information, the received fragment messages can be determined to be transmitted to the first processor core for recombination through searching the binding relationship.
Step S240: and if the search is successful, the first processor core sends the fragment message to the processor core corresponding to the searched processor core identifier.
The successful search indicates that the packet identification information is already bound to the identifier of a certain processor core (but not the first processor core), or that the currently received fragment packet is not the fragment received by the multi-core processor first among all fragments of a certain complete packet, but is a subsequently received fragment packet, according to step S230, the first processor core should transmit the fragment packet to the processor core that receives the fragment of the complete packet first to perform reassembly.
It can be seen that the packet reassembly method shown in fig. 2 is similar to the packet reassembly method shown in fig. 1, and the difference is mainly that the method in fig. 2 is that the processor core that receives the fragment packet first (instead of receiving the first fragment packet) is responsible for packet reassembly, and after receiving the fragment packet, other processor cores all transmit the received fragment packet to the processor core that receives the fragment packet first.
It has been mentioned previously that in the network device, the probabilities of each processor core receiving the fragment messages from the network card are substantially the same, so that when a large number of messages are processed, the message reassembly tasks are substantially and uniformly distributed to each processor core, so that the processing performance of the multi-core processor of the network device is fully developed, the message reassembly efficiency is significantly improved, and the performance bottleneck caused by only using a single processor core to reassemble the messages is avoided.
In addition, when the processor core which does not receive the fragment message firstly forwards the fragment message, the fragment message can be sent to the processor core which receives the fragment message firstly only by one-time inter-core transmission, so that the performance overhead caused by a large amount of inter-core transmission is avoided, and the system load is effectively reduced.
Compared with the above, the message reassembly method in fig. 2 is simpler in logic (for example, the message reassembly method in fig. 1 must determine whether each fragmented message is the first fragment), and has a wider application range (for example, the message reassembly method in fig. 1 may not process normally and only may choose to discard the message for the case that the first fragmented message is not received first).
However, the message reassembly method in fig. 1 is higher in security because normally, a complete header (included in the first fragment) is required to be constructed for a normal message, in other words, if the fragment message received by the processor core is the first fragment, it is indicated that the probability that the corresponding complete message is the normal message is higher, and there is generally no problem in reassembling such a complete message.
In other words, if the fragment packet received by the processor core is not the first fragment, the fragment packet has a certain probability of being an abnormal packet, and if packet reassembly is attempted based on an abnormal packet, not only a complete packet may not be reassembled, but also an abnormality of the network device may be caused. For example, an attacker intentionally constructs a large amount of messages which are not the first fragment, so that a processor core is occupied in a large amount and cannot reconstruct an effective message, and further, a normal fragment message cannot obtain a recombination chance.
Especially for network security devices, it is more suitable to adopt the message reassembly method provided in fig. 1.
Fig. 3 is a functional block diagram of a message reassembly device 300 according to an embodiment of the present application. Referring to fig. 3, the apparatus includes:
the first message receiving module 310 is configured to receive a fragment message from a network card by using a first processor core, and acquire message identification information carried in the fragment message;
a message determining module 320, configured to determine, by using the first processor core, whether the fragmented message is a first fragment in a complete message;
the first message processing module 330 is configured to, when the fragment message is the first fragment, associate and store the message identification information and the identifier of the first processor core by using the first processor core, receive fragment messages from other processor cores, and reassemble the fragment messages received from the network card and the other processor cores; and the first processor is used for searching the processor core identifier associated with the message identification information when the fragment message is not the first fragment, and sending the fragment message to the processor core corresponding to the searched processor core identifier.
In an implementation manner of the packet reassembly device 300, the fragment packet is an IP fragment packet, and the packet identification information includes a source IP address, a destination IP address, and a packet identifier.
In an implementation manner of the packet reassembly device 300, the determining, by the packet determining module 320, whether the fragment packet is a first fragment by using the first processor core includes: judging whether the fragment message carries quintuple information or not by using the first processor core, if the fragment message carries the quintuple information, determining that the fragment message is the first fragment by the first processor core, and if the fragment message does not carry the quintuple information, determining that the fragment message is not the first fragment by the first processor core; or, the first processor core is used for obtaining the slice offset carried in the slice message, if the value of the slice offset is 0, the first processor core determines that the slice message is the first slice, and if the value of the slice offset is greater than 0, the first processor core determines that the slice message is not the first slice.
In an implementation manner of the message reassembling apparatus 300, the reassembling, by the first message processing module 330, the fragment messages received from the network card and the other processor cores by using the first processor core includes: caching the fragment messages received from the network card and the other processor cores by using the first processor core; if the first processor core caches all the fragment messages of a complete message in a preset time period, the cached fragment messages of the complete message are recombined, and if the first processor core caches only part of the fragment messages of the complete message in the preset time period, the cached fragment messages of the complete message are discarded.
The message reassembly device 300 according to the embodiment of the present application, the implementation principle and the generated technical effects thereof have been introduced in the foregoing method embodiments, and for brief description, reference may be made to corresponding contents in the foregoing method embodiments for parts of the embodiment that are not mentioned in the foregoing.
Fig. 4 shows a functional block diagram of a message reassembly device 400 according to an embodiment of the present application. Referring to fig. 4, the apparatus includes:
a second message receiving module 410, configured to receive, by using the first processor core, a fragment message from a network card, and acquire message identification information carried in the fragment message;
an information search module 420, configured to search, by using the first processor core, a processor core identifier associated with the packet identification information;
the second message processing module 430 is configured to, when the lookup fails, store the message identification information and the identifier of the first processor core in an associated manner by using the first processor core, receive a fragment message from another processor core, and reassemble the fragment message received from the network card and the other processor core; and the first processor core is used for sending the fragment message to the processor core corresponding to the found processor core identifier when the search is successful.
The implementation principle and the generated technical effect of the message reassembly device 400 provided in the embodiment of the present application have been introduced in the foregoing method embodiment, and for brief description, no part of the embodiment of the device is mentioned, and reference may be made to the corresponding contents in the foregoing method embodiment.
Fig. 5 shows a possible structure of a network device 500 provided in an embodiment of the present application. Referring to fig. 5, the network device 500 includes: a processor 510, a memory 520, and a communication interface 530, which are interconnected and in communication with each other via a communication bus 540 and/or other form of connection mechanism (not shown).
The Memory 520 includes one or more (Only one is shown in the figure), which may be, but not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an electrically Erasable Programmable Read-Only Memory (EEPROM), and the like. The processor 510, as well as possibly other components, may access, read, and/or write data to the memory 520.
The processor 510 includes one or more (only one shown) which may be an integrated circuit chip having signal processing capabilities. The Processor 510 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Micro Control Unit (MCU), a Network Processor (NP), or other conventional processors; the Application-Specific Processor may also be a special-purpose Processor, including a Graphics Processing Unit (GPU), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, and discrete hardware components.
One or more computer program instructions may be stored in memory 520 and read and executed by processor 510 to implement the message reassembly methods provided by embodiments of the present application, as well as other desired functionality. It should be noted that, since the packet reassembly method provided by the embodiments of the present application involves multiple processor cores, the processor 510 is basically required to be a multi-core processor. However, it is not excluded that the packet reassembly method provided in the embodiments of the present application is applied to some systems including multiple processors 510, where each processor 510 may be regarded as a processor core, or a single-core processor may be used as the processor 510.
It will be appreciated that the configuration shown in fig. 5 is merely illustrative, and that network device 500 may include more or fewer components than shown in fig. 5, or have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof. The network device 500 may be a physical device, such as a dedicated device like a gateway, a router, a switch, or a general-purpose device like a server, a PC, or a virtual device, such as a virtual machine, a virtualized container, or the like.
The embodiment of the present application further provides a computer-readable storage medium, where computer program instructions are stored on the computer-readable storage medium, and when the computer program instructions are read by the multi-core processor and run, the message reassembly method provided in the embodiment of the present application is executed. For example, the computer-readable storage medium may be, but is not limited to, the memory 520 of the network device 500 in fig. 5.
The embodiment of the application also provides a multi-core processor, wherein at least two processor cores in the multi-core processor are configured to execute the message reassembly method provided by the embodiment of the application. The configuration described here includes a way of consolidating computer program instructions for implementing a message reassembly method in a chip of a multi-core processor, i.e., so that the multi-core processor can be used exclusively for message reassembly. For example, the processor may be, but is not limited to, the processor 510 of the network device 500 in fig. 5.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for packet reassembly, comprising:
the method comprises the steps that a first processor core receives a fragmentation message from a network card and obtains message identification information carried in the fragmentation message;
the first processor core judges whether the fragment message is the first fragment in a complete message;
if the fragment message is the first fragment, the first processor core stores the message identification information and the identifier of the first processor core in a correlation manner, receives fragment messages from other processor cores, and recombines the fragment messages received from the network card and the other processor cores;
if the fragment message is not the first fragment, the first processor core searches for the processor core identifier associated with the message identification information, and sends the fragment message to the processor core corresponding to the found processor core identifier.
2. The message reassembly method according to claim 1, wherein the fragmented message is an Internet Protocol (IP) fragmented message, and the message identification information comprises a source IP address, a destination IP address and a message identifier.
3. The message reassembly method of claim 2, wherein said first processor core determining whether said fragmented message is the first fragment in a complete message comprises:
the first processor core judges whether the fragment message carries quintuple information or not, if the fragment message carries the quintuple information, the first processor core determines that the fragment message is the first fragment, and if the fragment message does not carry the quintuple information, the first processor core determines that the fragment message is not the first fragment; alternatively, the first and second electrodes may be,
the first processor core obtains the slice offset carried in the slice message, if the value of the slice offset is 0, the first processor core determines that the slice message is the first slice, and if the value of the slice offset is greater than 0, the first processor core determines that the slice message is not the first slice.
4. The message reassembly method of claim 1, wherein the first processor core reassembles the fragment messages received from the network card and the other processor cores, comprising:
the first processor core caches the fragment messages received from the network card and the other processor cores;
if the first processor core caches all the fragment messages of a complete message in a preset time period, the cached fragment messages of the complete message are recombined, and if the first processor core caches only part of the fragment messages of the complete message in the preset time period, the cached fragment messages of the complete message are discarded.
5. A method for packet reassembly, comprising:
the method comprises the steps that a first processor core receives a fragmentation message from a network card and obtains message identification information carried in the fragmentation message;
the first processor core searches for a processor core identifier associated with the message identification information;
if the search fails, the first processor core stores the message identification information and the identifier of the first processor core in a correlation manner, receives fragment messages from other processor cores, and recombines the fragment messages received from the network card and the other processor cores;
and if the search is successful, the first processor core sends the fragment message to the processor core corresponding to the searched processor core identifier.
6. A packet reassembly device, comprising:
the first message receiving module is used for receiving the fragment message from the network card by using the first processor core and acquiring the message identification information carried in the fragment message;
the message judgment module is used for judging whether the fragment message is the first fragment in a complete message by using the first processor core;
the first message processing module is used for storing the message identification information and the identifier of the first processor core in a related manner by using the first processor core when the fragment message is the first fragment, receiving the fragment messages from other processor cores, and recombining the fragment messages received from the network card and the other processor cores; and the first processor is used for searching the processor core identifier associated with the message identification information when the fragment message is not the first fragment, and sending the fragment message to the processor core corresponding to the searched processor core identifier.
7. A packet reassembly device, comprising:
the second message receiving module is used for receiving the fragment message from the network card by using the first processor core and acquiring message identification information carried in the fragment message;
the information searching module is used for searching the processor core identifier associated with the message identification information by utilizing the first processor core;
the second message processing module is used for storing the message identification information and the identifier of the first processor core in a related manner by using the first processor core when the search fails, receiving fragment messages from other processor cores, and recombining the fragment messages received from the network card and the other processor cores; and the first processor core is used for sending the fragment message to the processor core corresponding to the found processor core identifier when the search is successful.
8. A multi-core processor, wherein at least two processor cores of the multi-core processor are configured to perform the method of any of claims 1-5.
9. A computer-readable storage medium having computer program instructions stored thereon that, when read and executed by a multi-core processor, perform the method of any of claims 1-5.
10. A network device comprising a memory and a multi-core processor, the memory having stored therein computer program instructions that, when read and executed by the multi-core processor, perform the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010623495.9A CN111786905A (en) | 2020-06-30 | 2020-06-30 | Message reassembly method and apparatus, processor, storage medium, and network device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010623495.9A CN111786905A (en) | 2020-06-30 | 2020-06-30 | Message reassembly method and apparatus, processor, storage medium, and network device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111786905A true CN111786905A (en) | 2020-10-16 |
Family
ID=72760615
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010623495.9A Pending CN111786905A (en) | 2020-06-30 | 2020-06-30 | Message reassembly method and apparatus, processor, storage medium, and network device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111786905A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113179219A (en) * | 2021-03-29 | 2021-07-27 | 新华三信息安全技术有限公司 | Message processing method, device, equipment and machine readable storage medium |
| CN113411341A (en) * | 2021-06-24 | 2021-09-17 | 成都卫士通信息产业股份有限公司 | Data processing method, device and equipment and readable storage medium |
| CN114070801A (en) * | 2021-11-23 | 2022-02-18 | 北京天融信网络安全技术有限公司 | Message processing method, message transmission method, device and electronic equipment |
| CN114553938A (en) * | 2022-02-25 | 2022-05-27 | 苏州浪潮智能科技有限公司 | Communication message processing method and device, electronic equipment and storage medium |
| CN115022423A (en) * | 2022-06-22 | 2022-09-06 | 上海弘积信息科技有限公司 | IPv4 identifier distribution method in load balancing equipment |
| CN116074253A (en) * | 2023-03-06 | 2023-05-05 | 中国人民解放军军事科学院系统工程研究院 | Message chained forwarding method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106941457A (en) * | 2016-01-04 | 2017-07-11 | 普天信息技术有限公司 | The method and device of IP message fragments restructuring based on polycaryon processor |
| CN107888710A (en) * | 2017-12-26 | 2018-04-06 | 新华三信息安全技术有限公司 | A kind of message forwarding method and device |
| CN109286584A (en) * | 2017-07-21 | 2019-01-29 | 东软集团股份有限公司 | Fragmentation and reassembly method, device and equipment in a kind of multiple nucleus system |
| CN110601990A (en) * | 2019-10-30 | 2019-12-20 | 杭州迪普科技股份有限公司 | Message distribution method and device |
| US20200128113A1 (en) * | 2018-10-23 | 2020-04-23 | Nxp Usa, Inc. | Efficient reassembly of internet protocol fragment packets |
-
2020
- 2020-06-30 CN CN202010623495.9A patent/CN111786905A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106941457A (en) * | 2016-01-04 | 2017-07-11 | 普天信息技术有限公司 | The method and device of IP message fragments restructuring based on polycaryon processor |
| CN109286584A (en) * | 2017-07-21 | 2019-01-29 | 东软集团股份有限公司 | Fragmentation and reassembly method, device and equipment in a kind of multiple nucleus system |
| CN107888710A (en) * | 2017-12-26 | 2018-04-06 | 新华三信息安全技术有限公司 | A kind of message forwarding method and device |
| US20200128113A1 (en) * | 2018-10-23 | 2020-04-23 | Nxp Usa, Inc. | Efficient reassembly of internet protocol fragment packets |
| CN110601990A (en) * | 2019-10-30 | 2019-12-20 | 杭州迪普科技股份有限公司 | Message distribution method and device |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113179219A (en) * | 2021-03-29 | 2021-07-27 | 新华三信息安全技术有限公司 | Message processing method, device, equipment and machine readable storage medium |
| CN113179219B (en) * | 2021-03-29 | 2022-05-27 | 新华三信息安全技术有限公司 | Message processing method, device, equipment and machine readable storage medium |
| CN113411341A (en) * | 2021-06-24 | 2021-09-17 | 成都卫士通信息产业股份有限公司 | Data processing method, device and equipment and readable storage medium |
| CN114070801A (en) * | 2021-11-23 | 2022-02-18 | 北京天融信网络安全技术有限公司 | Message processing method, message transmission method, device and electronic equipment |
| CN114553938A (en) * | 2022-02-25 | 2022-05-27 | 苏州浪潮智能科技有限公司 | Communication message processing method and device, electronic equipment and storage medium |
| CN114553938B (en) * | 2022-02-25 | 2023-08-15 | 苏州浪潮智能科技有限公司 | Communication message processing method and device, electronic equipment and storage medium |
| CN115022423A (en) * | 2022-06-22 | 2022-09-06 | 上海弘积信息科技有限公司 | IPv4 identifier distribution method in load balancing equipment |
| CN116074253A (en) * | 2023-03-06 | 2023-05-05 | 中国人民解放军军事科学院系统工程研究院 | Message chained forwarding method and device |
| CN116074253B (en) * | 2023-03-06 | 2023-06-02 | 中国人民解放军军事科学院系统工程研究院 | Message chained forwarding method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111786905A (en) | Message reassembly method and apparatus, processor, storage medium, and network device | |
| US10469532B2 (en) | Preventing DNS cache poisoning | |
| JP3717836B2 (en) | Dynamic load balancer | |
| US10491561B2 (en) | Equipment for offering domain-name resolution services | |
| US20070245417A1 (en) | Malicious Attack Detection System and An Associated Method of Use | |
| Shi et al. | NDN-DPDK: NDN forwarding at 100 Gbps on commodity hardware | |
| US20190222656A1 (en) | Communication Method and Apparatus | |
| US7623450B2 (en) | Methods and apparatus for improving security while transmitting a data packet | |
| US9843514B2 (en) | Packet processing method and background server | |
| WO2017050117A1 (en) | Network load balance processing system, method, and apparatus | |
| EP3633948B1 (en) | Anti-attack method and device for server | |
| EP3860096B1 (en) | Processing packets with returnable values | |
| CN113891396B (en) | Data packet processing method and device, computer equipment and storage medium | |
| CN111371920A (en) | DNS front-end analysis method and system | |
| CN111431871B (en) | Processing method and device of TCP (Transmission control protocol) semi-transparent proxy | |
| EP3742307A1 (en) | Managing network traffic flows | |
| CN112272164A (en) | Message processing method and device | |
| CN107749826B (en) | Data packet forwarding method and system | |
| CN110691139B (en) | Data transmission method, device, equipment and storage medium | |
| CN112104761A (en) | NAT address translation method | |
| US11658995B1 (en) | Methods for dynamically mitigating network attacks and devices thereof | |
| CN112383559A (en) | Protection method and device for address resolution protocol attack | |
| CN109818912B (en) | Method and device for preventing flooding attack, load balancing equipment and storage medium | |
| WO2018233844A1 (en) | Methods and apparatus for responding to a dns query and handling a connection request | |
| US11044197B2 (en) | System and method for protecting resources using network devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201016 |
|
| RJ01 | Rejection of invention patent application after publication |