CN111865963B - IP data packet processing method and system based on IP option - Google Patents
IP data packet processing method and system based on IP option Download PDFInfo
- Publication number
- CN111865963B CN111865963B CN202010684949.3A CN202010684949A CN111865963B CN 111865963 B CN111865963 B CN 111865963B CN 202010684949 A CN202010684949 A CN 202010684949A CN 111865963 B CN111865963 B CN 111865963B
- Authority
- CN
- China
- Prior art keywords
- data packet
- packet processing
- index
- index number
- processing strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 30
- 238000012545 processing Methods 0.000 claims abstract description 149
- 238000004891 communication Methods 0.000 claims abstract description 58
- 230000004044 response Effects 0.000 claims description 24
- 238000001514 detection method Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000017525 heat dissipation Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The invention provides an IP data packet processing method and system based on IP options, wherein a communication party stores an IP packet data processing strategy for each communication through an IP data packet processing strategy table, and uses an option area of an IP data packet header to bear index number information of an IP data packet processing strategy table item, so that when an IP data packet is received, the corresponding IP data packet processing strategy table item can be read directly according to the index number information of the IP data packet processing strategy table item in an IP option, the processing strategy of the received IP data packet is obtained, and the IP data packet is correspondingly processed. The technical scheme of the invention has low complexity, does not need additional hardware resources, and can achieve the aim of high-speed processing with low cost. Furthermore, the index table stores and manages the index number of the IP data packet processing strategy table entry to be distributed, so that a plurality of communication connections can be managed conveniently and flexibly.
Description
Technical Field
The invention relates to the field of network communication and network security, in particular to an IP data packet processing method and system based on IP options.
Background
With the development of information technology and the popularization of network application, virtual machines and virtualized networks are widely applied. On a communication terminal, there are often demands for multiple connections and high-speed communication, sometimes a plurality of virtual machines are configured according to actual needs of applications to improve network communication efficiency, and the virtual machines implement network communication between communication participants based on the physical basis of a host network card. When the number of communication connections is large, the amount of communication data is large, and the requirement for communication speed is high, the processing speed of the communication terminal on the IP data packet becomes a bottleneck of communication.
In the prior art, network communication of virtual machines is often realized through a virtual switch mode. The virtual switch is connected with the virtual network card and the physical network card, is connected with an external network by taking the physical network card on the physical host as an uplink, forwards the data message on the virtual machine from the physical network card, and forwards the received message from the physical network card to the corresponding virtual network card. A common virtual switch, such as an OpenFlow virtual switch, generally uses an address addressing memory, such as an SRAM and a DRAM, to store an OpenFlow flow table, and the efficiency of flow table lookup has a great influence on the speed of the virtual switch. The OpenFlow virtual switch adopts a tuple space search method (TSS), the virtual switch detects masks one by one according to flow identifiers formed by matching fields of the virtual switch, namely, the flow identifiers and the corresponding masks are subjected to AND operation, then matching flow table entries are searched in the corresponding flow tables, and the processing strategy of the IP data packet can be obtained through the flow table entries, so that the forwarding processing of the data packet is realized. The tuple space search method generally performs hash processing on tuple information, and constructs a hash table by using a hash operation result to realize a corresponding relationship between the tuple information and flow table information. The hash table is a main means in high-speed matching processing due to good hash performance and easy hardware implementation, but hash collision is often difficult to avoid, and the problem of hash collision needs to be solved, and high extra time and space overhead is needed, so that the hash table matching performance is seriously affected. The TCAM is widely applied to the field of high-speed message processing with higher matching performance, however, the high-performance parallel matching mechanism of the TCAM brings the problems of high energy consumption and heat dissipation, and meanwhile, the cost of the TCAM is very high and can reach 30 times of that of an SRAM.
Disclosure of Invention
The invention aims to provide an IP data packet processing method and system based on IP options aiming at the requirement of high-speed message processing of a communication terminal, which can process IP data packets at low cost and high speed and improve the message processing speed of the communication terminal at extremely low cost.
In order to achieve the above object, a first aspect of the present invention provides an IP packet processing method based on IP options, including the following steps:
establishing an IP data packet processing strategy table;
after the communication connection is successful, storing the processing mode of the IP data packet in the connection as the table item content into the IP data packet processing strategy table, and recording the index number of the corresponding table item;
when an IP data packet is sent, the index number is taken as a self-defined IP option parameter and is placed in an option area of the header of the IP data packet;
after receiving a response IP data packet, extracting an index number in an option area of the head of the response IP data packet, and then obtaining the table item content of the IP data packet processing strategy table through the index number; wherein, the content in the option area of the response IP data packet header is the content copy of the self-defined IP option;
and correspondingly processing the response IP data packet according to the processing mode of the IP data packet in the current connection recorded in the table item content.
Based on the above, an index table is established for storing and managing the index number of each IP data packet processing strategy table entry, and the index number is in one-to-one correspondence with the first address of the IP data packet processing strategy table entry;
after the communication connection is successful, an index number of an empty IP data packet processing strategy table entry is obtained through a first pointer of the index table, an IP data packet processing strategy is stored in an IP data packet processing strategy table entry address corresponding to the index number, and the first pointer of the index table points to the index number of the next IP data packet processing strategy table entry to be distributed.
Based on the above, the index table is of a fixed length, the first parameter of each index table entry is the index number of the IP data packet processing policy table entry corresponding to the index table entry, and the second parameter is the index number of the next IP data packet processing policy table entry linked; the first pointer of the index table points to the first index table item, and the tail pointer points to the last index table item.
Based on the above, after the communication connection is established, the two communication parties negotiate the processing mode of the IP data packet through the VPN tunnel communication mode.
Based on the above, the processing method for the IP data packet includes one or more of the following processing methods:
directly analyzing the IP data packet reading and using data;
encrypting the data of the IP data packet by using a key stored by the own party, and then sending the encrypted data;
decrypting the data of the IP data packet by using the key stored by the own party, and reading/using plaintext data;
and detecting the data packet, and respectively processing according to the corresponding processing modes recorded in the corresponding IP data packet processing strategy table when the detection result is correct or wrong.
The second aspect of the present invention provides an IP packet processing system based on IP options, comprising:
the policy table storage management unit is used for establishing an IP data packet processing policy table; after the communication connection is successful, storing the processing mode of the IP data packet in the connection as the table item content into the IP data packet processing strategy table, and recording the index number of the corresponding table item; the index number is used as a self-defined IP option parameter to be put into an option area of the IP data packet header when the IP data packet is sent;
the IP data packet processing unit is used for extracting the index number in the option area of the head of the response IP data packet after receiving the response IP data packet and obtaining the table item content of the IP data packet processing strategy table through the index number; wherein, the content in the option area of the response IP data packet header is the content copy of the self-defined IP option; and then, according to the processing mode of the IP data packet in the current connection recorded in the table item content, the response IP data packet is correspondingly processed.
Based on the above, the IP packet processing system based on the IP option further includes: the index table storage and management unit is used for establishing an index table, the index table is used for storing and managing the index number of each IP data packet processing strategy table entry, and the index number is in one-to-one correspondence with the head address of the IP data packet processing strategy table entry;
and the IP data packet processing method is also used for acquiring an index number of an empty IP data packet processing strategy table entry through a head pointer of the index table after the communication connection is successful, storing an IP data packet processing strategy in an IP data packet processing strategy table entry address corresponding to the index number, and pointing the head pointer of the index table to the index number of the next IP data packet processing strategy table entry to be distributed.
Based on the above, the index table is of a fixed length, the first parameter of each index table entry is the index number of the IP data packet processing policy table entry corresponding to the index table entry, and the second parameter is the index number of the next IP data packet processing policy table entry linked; the first pointer of the index table points to the first index table item, and the tail pointer points to the last index table item.
A third aspect of the present invention provides a communication terminal, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the IP packet processing method based on IP options when executing the program.
A fourth aspect of the present invention provides a computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, implement the steps of the IP packet processing method based on the IP option.
In the technical scheme of the invention, the communication terminal stores the IP data packet processing mode for each communication through the IP data packet processing strategy table, and the option area of the IP data packet header is used for bearing the IP data packet processing strategy table item index number information, so that when the IP data packet is received, the corresponding IP data packet processing strategy table item can be read directly according to the IP data packet processing strategy table item index number information in the IP option, the processing mode of the received IP data packet is obtained, and the IP data packet is correspondingly processed.
Compared with the prior art, the invention has prominent substantive characteristics and remarkable progress, in particular:
1. compared with the common virtual switch flow table searching mode, the technical scheme of the invention can directly read the content of the corresponding IP data packet processing strategy table entry according to the index number information of the IP data packet processing strategy table entry in the IP option when receiving the IP data packet, obtain the processing mode of the received IP data packet, and correspondingly process the IP data packet, thereby greatly reducing the complexity, achieving the aim of processing the IP data packet at high speed, needing no additional hardware resource and having low cost.
2. The technical scheme of the invention uses the index table to store and manage the index number of the IP data packet processing strategy table entry to be distributed, and can conveniently and flexibly manage the IP data packet processing strategy table entry, thereby simply and quickly carrying out service and management on a plurality of communication connections.
3. The technical scheme of the invention can be used in cooperation with the virtual switch, or can not be used through the virtual switch, and the IP data packet can be directly, conveniently and quickly processed by using the technical scheme of the invention.
Drawings
Fig. 1 is a schematic diagram of an initialized IP packet processing policy table and an index table in the IP packet processing method based on the IP option of the present invention.
Detailed Description
Example 1
The embodiment provides an IP data packet processing method based on IP options, which includes the following steps:
establishing an IP data packet processing strategy table;
after the communication connection is successful, storing the processing mode of the IP data packet in the connection as the table item content into the IP data packet processing strategy table, and recording the index number of the corresponding table item;
when an IP data packet is sent, the index number is taken as a self-defined IP option parameter and is placed in an option area of the header of the IP data packet;
after receiving a response IP data packet, extracting an index number in an option area of the head of the response IP data packet, and then obtaining the table item content of the IP data packet processing strategy table through the index number; wherein, the content in the option area of the response IP data packet header is the content copy of the self-defined IP option;
and correspondingly processing the response IP data packet according to the processing mode of the IP data packet in the current connection recorded in the table item content.
In this embodiment, the IP option refers to an option field or an option area of the IP packet header.
In this embodiment, the two communication parties may negotiate and agree on the processing mode of the IP option during communication negotiation. Both communication parties can establish a VPN tunnel communication mode, and the smooth and unobstructed IP data packets with the user-defined IP options can be ensured in the VPN tunnel communication mode.
In the embodiment, during the specific implementation, an index table is further established for storing and managing the index number of each IP packet processing policy entry, where the index number corresponds to the first address of the IP packet processing policy entry one to one; after the communication connection is successful, an index number of an empty IP data packet processing strategy table entry is obtained through a first pointer of the index table, an IP data packet processing strategy is stored in an IP data packet processing strategy table entry address corresponding to the index number, and the first pointer of the index table points to the index number of the next IP data packet processing strategy table entry to be distributed.
In this embodiment, the index table is of a fixed length, the first parameter of each index table entry is an IP data packet processing policy table entry index number corresponding to the index table entry, and the second parameter is a linked next IP data packet processing policy table entry index number; the first pointer of the index table points to the first index table entry storing the index number to be allocated, and the last pointer of the index table points to the last index table entry storing the index number to be allocated.
Specifically, the index table may be defined in a manner similar to that shown by the following code:
data structure defining the index table:
Typedef struct _IP_data_table
{
UINT16 block _ number, index number in the// index table from 0 to N-1,
// one-to-one correspondence with the first address of IP data processing policy table entry
UINT16 next block number// the next available index number for the index number link,
if it is the last index number or the index number is occupied, it is 0XFFF
} IP_data_table;
Defining a tablespace: UINT32 Table [ N ];
defining a header pointer: IP _ data _ Table _ Head = & Table [0];
defining a table tail pointer: IP _ data _ Table _ Tail = & Table [ N-1];
during initialization, when block _ number = M, next _ block _ number = M + 1; when block _ number = N-1, next _ block _ number =0 xFFFF. The number of the IP data packet processing strategy table entries and the maximum length of the IP data packet processing strategy index table are both N.
The initialized IP packet processing policy table and the index table are shown in fig. 1.
When the IP data packet to be allocated is required to process the policy table entry storage block, the index number corresponding to the storage block to be allocated is obtained through the index table head pointer, and the corresponding index number is deleted from the index table, that is, the index table head pointer points to the index table entry indicated by the next _ block _ number, and the next _ block _ number =0 xFFFF. Assuming that the storage block of the Xth IP data processing strategy table entry is occupied, the Xth index table entry data is organized as follows: IP _ data _ Table _ Head = & Table [ next _ block _ number ], block _ number remain unchanged, next _ block _ number =0 xFFFF.
If the IP data processing strategy table entry storage block of the Yth block is released, the index table entry data indicated by the IP _ data _ table _ Tail is as follows: block _ number remains unchanged, next _ block _ number = Y, IP _ data _ Table _ Tail = & Table [ Y ].
The process of occupying one index table entry is as follows:
and acquiring an index number block _ number from the IP _ data _ table _ Head, wherein the IP _ data _ table _ Head points to an index table entry indicated by the next _ block _ number, and the value of the next _ block _ number of the originally pointed index table entry is set to be 0 xFFFF. And the first address of the IP data packet processing strategy table entry can be obtained through the index number block _ number.
The process of releasing one index table entry is as follows:
obtaining the index number block _ number ' in the index table corresponding to the entry from the first address of the storage block of the IP data packet processing policy entry, keeping the block _ number of the index entry data originally indicated by the IP _ data _ table _ Tail unchanged, next _ block _ number = the index number block _ number ' in the index table corresponding to the entry, and then pointing the IP _ data _ table _ Tail pointer to the index entry corresponding to the entry, namely the index number block _ number ' corresponding to the entry.
The index table manages the storage space of the IP data packet processing strategy table to be allocated. When establishing communication connection, according to the index number pointed by the first pointer of the index table, occupying the index number and occupying the corresponding IP data packet processing strategy table entry storage block to store the IP data packet processing strategy in the communication connection; and simultaneously, the index table head pointer is pointed to the next unoccupied index table item, so that the index number to be distributed in the index table does not have the occupied index table item. When the communication is finished, the IP data processing strategy table entry storage block can be released, and the corresponding index number is added to the tail part of the index table to become the index number to be distributed. Namely, the corresponding IP data processing strategy table entry storage block also becomes a storage block to be allocated.
With the IP packet processing method of the present embodiment, each communication party can establish a plurality of communication connections at the same time, for example, each communication party uses a plurality of virtual machines, or uses a plurality of applications, and each virtual machine or each application establishes a different communication connection.
In this embodiment, the processing method for the IP packet includes one or more of the following processing methods:
directly analyzing the IP data packet reading and using data;
encrypting the data of the IP data packet by using a key stored by the own party, and then sending the data to the opposite party;
decrypting the data of the IP data packet by using the key stored by the own party, and reading/using plaintext data;
detecting the data packet, and respectively processing according to the corresponding processing methods recorded in the corresponding IP data packet processing strategies when the detection result is correct or wrong;
in this embodiment, when the specific implementation is performed, the entry content of the IP data processing policy table further includes one or more items of a selected cryptographic algorithm, an encryption/decryption operation mode, a generation manner of a session key, a master key, an IP data packet header data organization format, a data packet detection mode, and a related processing method, so as to implement processing of an IP data packet.
Example 2
Based on the same inventive concept as the method described above, this embodiment provides an IP packet processing system based on IP options, including:
the policy table storage management unit is used for establishing an IP data packet processing policy table; after the communication connection is successful, storing the processing mode of the IP data packet in the connection as the table item content into the IP data packet processing strategy table, and recording the index number of the corresponding table item; the index number is used as a self-defined IP option parameter to be put into an option area of the IP data packet header when the IP data packet is sent;
the IP data packet processing unit is used for extracting the index number in the option area of the head of the response IP data packet after receiving the response IP data packet and obtaining the table item content of the IP data packet processing strategy table through the index number; wherein, the content in the option area of the response IP data packet header is the content copy of the self-defined IP option; and then, according to the processing mode of the IP data packet in the current connection recorded in the table item content, the response IP data packet is correspondingly processed.
In this embodiment, the IP packet processing system based on the IP option further includes: the index table storage and management unit is used for establishing an index table, the index table is used for storing and managing the index number of each IP data packet processing strategy table entry, and the index number is in one-to-one correspondence with the head address of the IP data packet processing strategy table entry; and the IP data packet processing method is also used for acquiring an index number of an empty IP data packet processing strategy table entry through a head pointer of the index table after the communication connection is successful, storing an IP data packet processing strategy in an IP data packet processing strategy table entry address corresponding to the index number, and pointing the head pointer of the index table to the index number of the next IP data packet processing strategy table entry to be distributed.
In this embodiment, the index table is of a fixed length, the first parameter of each index table entry is an index number of an IP packet processing policy table entry corresponding to the index table entry, and the second parameter is an index number of a next IP packet processing policy table entry linked; the first pointer of the index table points to the first index table item, and the tail pointer points to the last index table item.
Example 3
The embodiment provides a communication terminal, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor implements the steps of the IP data packet processing method based on the IP option when executing the program.
A plurality of virtual machines can be configured on the communication terminal, and the virtual machines can utilize a host network card to carry out network communication. The IP data packet processing method based on the IP option can greatly improve the processing speed of the communication terminal on the IP data message, and can also ensure the communication quality when a plurality of virtual machines carry out network communication simultaneously.
Example 4
The present embodiment provides a computer readable storage medium, on which computer instructions are stored, which when executed by a processor implement the steps of the IP packet processing method based on IP options.
The above-mentioned contents are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modification made on the basis of the technical idea of the present invention falls within the protection scope of the claims of the present invention.
Claims (10)
1. An IP data packet processing method based on IP options is characterized by comprising the following steps:
establishing an IP data packet processing strategy table;
after the communication connection is successful, storing the processing mode of the IP data packet in the connection as the table item content into the IP data packet processing strategy table, and recording the index number of the corresponding table item;
when an IP data packet is sent, the index number is taken as a self-defined IP option parameter and is placed in an option area of the header of the IP data packet;
after receiving a response IP data packet, extracting an index number in an option area of the head of the response IP data packet, and then obtaining the table item content of the IP data packet processing strategy table through the index number; wherein, the content in the option area of the response IP data packet header is the content copy of the self-defined IP option;
and correspondingly processing the response IP data packet according to the processing mode of the IP data packet in the current connection recorded in the table item content.
2. The IP packet processing method according to claim 1, wherein:
establishing an index table for storing and managing the index number of each IP data packet processing strategy table entry, wherein the index number corresponds to the first address of each IP data packet processing strategy table entry one by one;
after the communication connection is successful, an index number of an empty IP data packet processing strategy table entry is obtained through a first pointer of the index table, an IP data packet processing strategy is stored in an IP data packet processing strategy table entry address corresponding to the index number, and the first pointer of the index table points to the index number of the next IP data packet processing strategy table entry to be distributed.
3. The IP packet processing method according to claim 2, wherein: the index table is of fixed length, the first parameter of each index table entry is the index number of the IP data packet processing strategy table entry corresponding to the index table entry, and the second parameter is the index number of the next IP data packet processing strategy table entry linked; the first pointer of the index table points to the first index table item, and the tail pointer points to the last index table item.
4. The IP packet processing method according to claim 1, wherein: after the communication connection is established, the two communication parties negotiate the processing mode of the IP data packet through the VPN tunnel communication mode.
5. The IP packet processing method according to claim 1, wherein: the processing mode for the IP data packet comprises one or more of the following processing modes:
directly analyzing the IP data packet reading and using data;
encrypting the data of the IP data packet by using a key stored by the own party, and then sending the encrypted data;
decrypting the data of the IP data packet by using the key stored by the own party, and reading/using plaintext data;
and detecting the data packet, and respectively processing according to the corresponding processing modes recorded in the corresponding IP data packet processing strategy table when the detection result is correct or wrong.
6. An IP packet processing system based on IP options, comprising:
the policy table storage management unit is used for establishing an IP data packet processing policy table; after the communication connection is successful, storing the processing mode of the IP data packet in the connection as the table item content into the IP data packet processing strategy table, and recording the index number of the corresponding table item; the index number is used as a self-defined IP option parameter to be put into an option area of the IP data packet header when the IP data packet is sent;
the IP data packet processing unit is used for extracting the index number in the option area of the head of the response IP data packet after receiving the response IP data packet and obtaining the table item content of the IP data packet processing strategy table through the index number; wherein, the content in the option area of the response IP data packet header is the content copy of the self-defined IP option; and then, according to the processing mode of the IP data packet in the current connection recorded in the table item content, the response IP data packet is correspondingly processed.
7. The IP option-based IP packet processing system of claim 6, further comprising: the index table storage and management unit is used for establishing an index table, the index table is used for storing and managing the index number of each IP data packet processing strategy table entry, and the index number is in one-to-one correspondence with the head address of the IP data packet processing strategy table entry;
and the IP data packet processing method is also used for acquiring an index number of an empty IP data packet processing strategy table entry through a head pointer of the index table after the communication connection is successful, storing an IP data packet processing strategy in an IP data packet processing strategy table entry address corresponding to the index number, and pointing the head pointer of the index table to the index number of the next IP data packet processing strategy table entry to be distributed.
8. The IP option-based IP packet processing system of claim 6, wherein: the index table is of fixed length, the first parameter of each index table entry is the index number of the IP data packet processing strategy table entry corresponding to the index table entry, and the second parameter is the index number of the next IP data packet processing strategy table entry linked; the first pointer of the index table points to the first index table item, and the tail pointer points to the last index table item.
9. A communication terminal comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the IP option based IP packet processing method of any of claims 1-5 when executing the program.
10. A computer readable storage medium having stored thereon computer instructions, which when executed by a processor, perform the steps of the IP option based IP packet processing method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010684949.3A CN111865963B (en) | 2020-07-16 | 2020-07-16 | IP data packet processing method and system based on IP option |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010684949.3A CN111865963B (en) | 2020-07-16 | 2020-07-16 | IP data packet processing method and system based on IP option |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111865963A CN111865963A (en) | 2020-10-30 |
| CN111865963B true CN111865963B (en) | 2022-02-25 |
Family
ID=72983614
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010684949.3A Active CN111865963B (en) | 2020-07-16 | 2020-07-16 | IP data packet processing method and system based on IP option |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111865963B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878194A (en) * | 2016-12-30 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
| CN110535747A (en) * | 2019-09-09 | 2019-12-03 | 杭州迪普信息技术有限公司 | Message processor and method |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3973986B2 (en) * | 2002-07-12 | 2007-09-12 | 株式会社エヌ・ティ・ティ・ドコモ | Node search method, node, communication system, and node search program |
| US20100202451A1 (en) * | 2008-10-31 | 2010-08-12 | Enfora, Inc. | Modified internet protocol (ip) data packet for asynchronous ip communications |
| US9088611B2 (en) * | 2009-11-25 | 2015-07-21 | Citrix Systems, Inc. | Systems and methods for client IP address insertion via TCP options |
| CN102612095B (en) * | 2012-03-05 | 2014-08-20 | 电信科学技术研究院 | Transmission method and equipment of IP data packet |
| CN105024985B (en) * | 2014-04-30 | 2019-04-02 | 深圳市中兴微电子技术有限公司 | A kind of message processing method and device |
| CN105429879B (en) * | 2014-08-26 | 2018-11-30 | 杭州华为数字技术有限公司 | Flow entry querying method, equipment and system |
| CN108696492B (en) * | 2017-04-12 | 2020-12-22 | 联芯科技有限公司 | Method and device for processing IP message |
| CN107483508B (en) * | 2017-09-30 | 2020-04-24 | 北京东土军悦科技有限公司 | Message filtering method, device, equipment and storage medium |
| CN111327532A (en) * | 2020-01-21 | 2020-06-23 | 南京贝伦思网络科技股份有限公司 | Method for realizing capacity of super-large forwarding policy table of network equipment |
-
2020
- 2020-07-16 CN CN202010684949.3A patent/CN111865963B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106878194A (en) * | 2016-12-30 | 2017-06-20 | 新华三技术有限公司 | A kind of message processing method and device |
| CN110535747A (en) * | 2019-09-09 | 2019-12-03 | 杭州迪普信息技术有限公司 | Message processor and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111865963A (en) | 2020-10-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100471196C (en) | Techniques for offloading cryptographic processing for multiple network traffic streams | |
| CN111512601B (en) | Segmented routing network processing of packets | |
| US7392241B2 (en) | Searching method for a security policy database | |
| US20180287942A1 (en) | Forwarding Data Packets | |
| US20230118375A1 (en) | Secure communication session resumption in a service function chain | |
| CN108173769B (en) | Message transmission method and device and computer readable storage medium | |
| CN111786869B (en) | Data transmission method between servers and server | |
| CN111181857B (en) | Message processing method and device, storage medium and optical network terminal | |
| EP1662700B1 (en) | Network communication security processor and data processing method | |
| US20200328914A1 (en) | Packet transmission | |
| CN102624611A (en) | Method, device, processor and network equipment for message dispersion | |
| CN111786867A (en) | Data transmission method and server | |
| CN111786868B (en) | Data transmission method between servers and strongswan server | |
| CN110336661B (en) | AES-GCM data processing method, device, electronic equipment and storage medium | |
| CN108259348B (en) | Message transmission method and device | |
| EP1673920A1 (en) | Method and apparatus for translating data packets from one network protocol to another | |
| WO2020258302A1 (en) | Method, switch, and sites for data transmission | |
| CN111641592B (en) | Data transmission method and device based on middleware and computer equipment | |
| CN102907040A (en) | Method, device and system for data transmission | |
| CN112636908B (en) | Key query method and device, encryption equipment and storage medium | |
| CN111865963B (en) | IP data packet processing method and system based on IP option | |
| CN116527405B (en) | SRV6 message encryption transmission method and device and electronic equipment | |
| CN114978676B (en) | Data packet encryption and decryption method and system based on FPGA and eBPF cooperation | |
| CN111786870A (en) | Data transmission method and strongswan server | |
| US20230208819A1 (en) | Inter-node privacy communication method and network node |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Method and System for IP Packet Processing Based on IP Options Granted publication date: 20220225 Pledgee: Bank of Zhengzhou Co.,Ltd. Zhongyuan Science and Technology City Sub branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2024980007004 |