CN112511506A - Control message transmission method, device and equipment - Google Patents
Control message transmission method, device and equipment Download PDFInfo
- Publication number
- CN112511506A CN112511506A CN202011280487.5A CN202011280487A CN112511506A CN 112511506 A CN112511506 A CN 112511506A CN 202011280487 A CN202011280487 A CN 202011280487A CN 112511506 A CN112511506 A CN 112511506A
- Authority
- CN
- China
- Prior art keywords
- control message
- message
- data
- type
- header
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000005540 biological transmission Effects 0.000 title claims abstract description 28
- 238000004891 communication Methods 0.000 claims abstract description 19
- 230000004048 modification Effects 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 12
- 238000012795 verification Methods 0.000 description 7
- 238000001514 detection method Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/0078—Avoidance of errors by organising the transmitted data in a format specifically designed to deal with errors, e.g. location
- H04L1/0079—Formats for control data
Abstract
The disclosure provides a transmission method, a device and equipment of a control message. The method of the present disclosure: the method comprises the steps that a first device sends a first control message to a second device, the first control message comprises a header and a data area, the edge device receives the first control message, the edge device determines the message type of the first control message, if the first control message is a first type message used for detecting whether a communication link between the first device and the second device is communicated, the first data in the data area are modified, and a second control message with the data in the data area modified is obtained, so that the method has a better effect of preventing transmission of malicious data in the control message.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a method, an apparatus, and a device for transmitting a control message.
Background
Currently, security applications or devices in a network, such as a firewall, allow transmission of Control messages of some known protocols, such as Internet Control Message Protocol (ICMP) messages, and a data area exists in the Control Message, which may be used to store data, and if malicious data is stored in the data area in the Control Message, a threat may be brought to network devices.
For such communication using control messages, in the prior art, a detection mechanism for the control messages is added in an operating system kernel of the network device, and whether the control messages carry malicious data is determined by detecting whether a data area in the control messages has a preset character string, so that an alarm is initiated, and the data area is replaced by 0.
However, this detection mechanism is not effective in preventing malicious data from being carried in the control message.
Disclosure of Invention
In order to solve the technical problem, the present disclosure provides a method, an apparatus, and a device for transmitting a control message.
In a first aspect, the present disclosure provides a method for transmitting a control message, including:
receiving a first control message sent by a first device, wherein the first control message comprises a header and a data area, and the header contains an address of a second device;
determining the message type of the first control message, and if the first control message is a first type message, modifying first data in a data area of the first control message to obtain a second control message, wherein the first type message is used for detecting whether a communication link between the first device and the second device is communicated;
sending the second control message to the second device.
Optionally, the determining the message type of the first control message includes:
and determining the message type of the first control message according to the message type identifier contained in the header of the first control message.
Optionally, the first control message is an internet control message protocol ICMP message;
the determining the message type of the first control message according to the message type identifier included in the header of the first control message includes:
and if the message type identifier contained in the header of the first control message is 0 or 8, determining that the first control message is a first type message.
Optionally, the first control message is an internet packet explorer PING message.
Optionally, the modifying data in the data area of the first control message to obtain a modified second control message includes:
acquiring the length of first data in the data area;
and replacing the first data with second data to obtain a second control message, wherein the length of the second data is the same as that of the first data.
Optionally, the header contains first check data;
after the modifying the first data in the first control message to obtain the modified second control message, the method further includes:
determining second check data according to the check content of the second control message, wherein the check content of the second control message is the rest content of the second control message after the first check data is removed;
replacing the first check data in the second control message with the second check data to obtain a third control message;
correspondingly, the sending the second control message to the second device includes:
transmitting the third control message to the second device.
In a second aspect, the present disclosure provides an apparatus for transmitting a control message, including:
a receiving module, configured to receive a first control message sent by a first device, where the first control message includes a header and a data area, and the header includes an address of a second device;
a determining module, configured to determine a message type of the first control message, where the first type message is used to detect whether a communication link between the first device and a second device is connected;
the modification module is used for modifying the first data in the data area of the first control message to obtain a second control message if the first control message is a first type message;
a sending module, configured to send the second control message to the second device.
Optionally, the determining module is specifically configured to:
and determining the message type of the first control message according to the message type identifier contained in the header of the first control message.
Optionally, the first control message is an internet control message protocol ICMP message;
the determining module is specifically configured to:
and if the message type identifier contained in the header of the first control message is 0 or 8, determining that the first control message is a first type message.
Optionally, the first control message is an internet packet explorer PING message.
Optionally, the modification module is specifically configured to:
acquiring the length of first data in the data area;
and replacing the first data with second data to obtain a second control message, wherein the length of the second data is the same as that of the first data.
Optionally, the header contains first check data;
the determination module is further configured to: determining second check data according to the check content of the second control message, wherein the check content of the second control message is obtained by replacing the first check data with 0 in the second control message;
the device further comprises:
the replacing module is used for replacing the first check data in the second control message with the second check data to obtain a third control message;
correspondingly, the sending module is specifically configured to:
transmitting the third control message to the second device.
In a third aspect, the present disclosure provides a transmission apparatus for a control message, including:
a memory for storing processor-executable instructions;
a processor for implementing the method according to the first aspect as described above when the computer program is executed.
In a fourth aspect, the present disclosure provides a computer-readable storage medium having stored therein computer-executable instructions for implementing the method for transmitting a control message according to the first aspect when the computer-executable instructions are executed by a processor.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
the method comprises the steps that a first device sends a first control message to a second device, the first control message comprises a header and a data area, the edge device receives the first control message, the edge device determines the message type of the first control message, and if the first control message is a first type message used for detecting whether a communication link between the first device and the second device is communicated, the first data in the data area are modified to obtain a second control message, so that the method has a better effect of preventing transmission of malicious data in the control message.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic diagram of a network system architecture provided in the present disclosure;
fig. 2 is a flowchart illustrating a method for transmitting a control message according to an embodiment of the present disclosure;
fig. 3A is a schematic diagram of a format of a control message provided by the present disclosure;
fig. 3B is a schematic diagram of an ICMP message format provided by the present disclosure;
fig. 4 is a flowchart illustrating another transmission method of a control message according to an embodiment of the present disclosure;
fig. 5 is a flowchart illustrating a transmission method of a control message according to another embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a transmission apparatus for a control message according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of a control message transmission device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
The control message refers to a message of the network itself, such as network failure, whether a host is reachable, whether a route is available, etc., but the control message does not transmit actual user data and plays an important role in the delivery of the user data, for example, an ICMP message.
In view of the above-described nature of control messages, security applications or devices in existing networks, such as firewalls, allow the transmission of control messages of some known protocols. However, Echo request (Echo request) messages and Echo Reply (Echo Reply) messages, such as those in ICMP messages, are control messages for detecting whether a communication link between two devices is connected, and there is a data area that can be used to store data. Such a control message is easily utilized maliciously, and transmission of malicious data (communication is performed by establishing a tunnel using the control message) is realized by carrying malicious data in the control message, that is, default transmission data in the control message is replaced by data to be transmitted, and then the data is sent to a receiving party, which brings threat to network equipment.
In some scenarios, a detection mechanism for the control message may be added in an operating system kernel of the network device, and whether the control message carries malicious data is determined by detecting whether a data area in the control message has a preset character string, so as to initiate an alarm, and replace the data area with "0".
However, the character strings preset in such a detection mechanism cannot cover all the characteristics of malicious data, which is not effective in preventing the control message from carrying the malicious data.
Fig. 1 is a schematic architecture diagram of a network system provided by the present disclosure, and as shown in fig. 1, the network system includes a device 101, an edge device 102, and a device 103.
Where device 101 and edge device 102 are located in a first network zone and device 103 is located in a second network zone. The first network area may be a protected network such as a deployed private network, the first network area includes one or more devices 101, the second network area is an external network other than the first network area, the second network area may be the internet, the second network area includes one or more devices 103, and the device 101 may be any network element in the first network area. The device 101 is connected to the device 103 through the edge device 102, the communication between the device 101 and the device 103 needs to pass through the edge device 102, and the edge device 102 may be a firewall device, a gateway, a switch, a router, a server, or the like connected to the first network area, which is not limited in this disclosure, and it is understood that the communication between the multiple devices 101 in the first network area may not pass through the edge device 102, or may pass through the edge device 102, which is not limited in this disclosure.
The method includes that the device 101 sends a control message to the device 103, or the device 103 sends the control message to the device 101 through the edge device 102, a transmission module of the control message is deployed in the edge device 102, the control message transmitted through the edge device 102 is detected, and data carried in a data area in the control message for detecting whether a communication link between two devices is connected is modified, so that transmission of malicious data in the control message is prevented.
The following describes the technical solutions of the present disclosure and how to solve the above technical problems with specific examples.
Fig. 2 is a schematic flow diagram of a transmission method of a control message according to an embodiment of the present disclosure, as shown in fig. 2, the method of this embodiment is executed by the edge device 102 shown in fig. 1, where the edge device may be a firewall device, a gateway, a switch, a router, and the like, and the present disclosure is not limited thereto, and the method of this embodiment is as follows:
s201, receiving a first control message sent by first equipment.
Wherein the first control message includes a header and a data area, the header containing an address of the second device.
Since the edge device is located at the edge of the first network area, communication of messages across the network area needs to pass through the edge device, and the first device sends the first control message to the second device, which is actually the edge device that receives the first control message. In this embodiment, a message sent to a network (e.g., a first network area in the system shown in fig. 1) where the edge device is located and a message sent from a device in the network where the edge device is located are both processed and/or forwarded by the edge device, and a control message passing through the edge device is detected and processed, so that the first device and the second device are located in different network areas, where the first device may be the device 101 or the device 103 shown in fig. 1, and if the first device is the device 101, the second device is the device 103, and if the first device is the device 103, the second device is the device 101.
Fig. 3A is a schematic format diagram of a control message provided by the present disclosure, as shown in fig. 3, the control message includes a header 301 and a data area 302, where the header 301 includes, but is not limited to: the destination address is an address to which the control message is to be sent, for example, if the header of the first control message includes an address of the second device, the destination address of the first control message is an address of the second device, that is, the first control message is a control message sent to the second device. Alternatively, the destination address may be an IP address. The header 301 may further include control message information in a format specified by a control protocol to which the control message belongs, and the header 301 does not carry user data, for example, the header 301 may further include a check bit, a type identifier, and the like. The data field 302 is data of the control message, which may be randomly defined by the user, or may be data having a meaning related to the control message.
Optionally, the first control message is an ICMP message.
S202, determining the message type of the first control message.
The first control message may be control messages of different protocol formats, that is, multiple message types, where a control message of one protocol format may also include multiple message types. Thereby requiring the determination of the message type of the first control message.
In one possible implementation, the message type of the first control message is determined by the format of the first control message. It is to be understood that the control messages of different protocols may have different formats, and the message type of the first control message may be determined by the format of the first control message.
In another possible implementation manner, the message type of the first control message is determined according to a message type identifier included in a header of the first control message.
The header of the first control message contains a message type identifier, and the message type of the first control message can be determined through the message type identifier.
For example, the first control message is an ICMP message, fig. 3B is a schematic diagram of a format of an ICMP message provided by the present disclosure, and fig. 3B is a diagram of fig. 3A, further, as shown in fig. 3B, the ICMP message includes a header and a data area, where the header includes an address header and the ICMP header, the address header includes a destination address, for example, the ICMP message is transmitted by an IP protocol, and the address may be an IP header. The ICMP header includes: type identification (Type), Code (Code), Checksum (Checksum), Identifier (Identifier), Sequence Number (Sequence Number). The data of the data area, which is not used for transmitting user data, may also be called a payload. The numbers shown above the ICMP message in fig. 3B represent a few bit characters, e.g., 0-7 bit characters represent a type identifier, which takes one byte. The length of the data area is not limited.
S203, judging whether the first control message is a first type message.
The first type of message is used for detecting whether a communication link between the first device and the second device is connected.
The first type of message is used for detecting whether a communication link between the first device and the second device is connected, even if the data area carries data, the first type of message is not user data, the first device sends a message to the second device in a preset format through the first device, the second device sends a response to the first device in the preset format, and the first device can determine that at least one communication link exists between the first device and the second device and the communication link between the first device and the second device is connected after receiving the response message.
Optionally, the first control message is an ICMP message, where the ICMP specifies that the message type identifier "8" represents an Echo request message, and "0" represents an Echo response message, and may determine whether the message type identifier of the ICMP message is 0 or 8, and if the message type identifier included in the header of the first control message is 0 or 8, determine that the first control message is the first type message. Accordingly, if the message type identifier included in the header of the first control message is not 0 and is not 8, it is determined that the first control message is not the first type message.
Further, the first control message is an Internet Packet explorer (Packet Internet Groper, PING for short) message, that is, the first control message is a PING request message or a PING response message.
If the first control message is the first type message, S204 is executed continuously. If the first control message is not the first type message, the first control message is processed according to the existing mode, for example, the first control message may be directly sent to the second device without being processed.
S204, modifying the first data in the data area of the first control message to obtain a second control message.
The first data in the data area of the first control message may be modified to obtain the second control message. For example, all data in the data area of the first control message may be replaced with "0", a character string may be preset, the data in the data area of the first control message may be replaced with the preset character string, and a byte unit may be provided, and the data in the data area may be replaced with a plurality of byte units.
Optionally, the header and the data area of the first control message may be obtained, the first data in the data area is discarded, the second data in the data area is reconstructed, and the second control message is obtained after the second data is spliced to the header.
And S205, sending a second control message to the second device.
And sending the modified second control message to the second equipment.
In this embodiment, a first device sends a first control message to a second device, where the first control message includes a header and a data area, and an edge device receives the first control message, and determines a message type of the first control message, and if the first control message is a first type of message used for detecting whether a communication link between the first device and the second device is connected, modifies first data in the data area to obtain a second control message, so as to have a better effect on preventing transmission of malicious data in the control message. In addition, after the first type of message is determined, the method of the embodiment does not need to detect the data content of the data area, and directly modifies the first data in the data area no matter whether the data in the data area is malicious data or not, so that the method of the embodiment is easy to implement, has high feasibility and short processing time, and ensures the transmission efficiency of the first control message.
In addition, in the prior art, it is necessary to modify the os kernels of all the devices in the first network area, but some os kernels cannot be modified, for example, a windows system, the method of this embodiment is executed by the edge device located in the first network area, and it is not necessary to change the os kernels of all the devices in the first network area, and the data of the devices in the first network area is more than the number of the edge devices.
Fig. 4 is a schematic flow chart of another control message transmission method according to an embodiment of the present disclosure, and fig. 4 is a flowchart of the embodiment shown in fig. 2, further, as shown in fig. 4, S204 may include S2041 and S2042:
s2041, acquiring the length of the first data in the data area.
The data area is not used for transmitting user data, but the length of the data in the data area can be used to verify the maximum transmission unit of the first device, i.e. the maximum length of the data in a data packet sent by the first device, which can also be measured in bytes. Therefore, when modifying the data in the data area, the length of the first data needs to be obtained first.
S2042, replacing the first data with the second data to obtain a second control message.
Wherein the length of the second data is the same as the length of the first data.
And according to the length of the first data, obtaining second data with the same length as the first data, and replacing the first data with the second data to obtain a second control message.
The second data may be a combination of characters or character strings by a rule such as repetition. Alternatively, the second data may be repeated by "0" or "1", for example, the second data is repeated by "1", the first data is "0100011111111101", and the second data is "1111111111111111111". It can also be obtained by repeating a predetermined byte unit, for example, the predetermined byte unit is "10000001", the first data is "0100011111111101", the length of the first data is 2 bytes, and the byte unit is repeated 2 times, so that the second data is "1000000110000001".
In this embodiment, the second control message is obtained by obtaining the length of the first data in the data area and replacing the first data with the second data having the same length as the first data, so that the length of the data in the data area carried in the second control message is the same as that of the first control message, and the length of the data in the data area is not changed by modifying the first control message, thereby preventing transmission of malicious data in the control message and enabling the length of the data in the data area to verify the maximum transmission unit of the first device.
Fig. 5 is a schematic flowchart of a transmission method of a further control message according to an embodiment of the present disclosure, where fig. 5 is based on the embodiment shown in fig. 2 or fig. 4, and further, as shown in fig. 5, the header includes the first check data, and S204 may include S204a and S204b after S204, and accordingly, S205 includes S205 a:
s204a, determining the second check data according to the check content of the second control message.
And the verification content of the second control message is obtained by replacing the first verification data with 0 in the second control message.
If the header of the first control message contains the first check data, the check data should be changed correspondingly after the first data in the data area of the first control message is modified to obtain the second control message, otherwise, errors may occur when the second device uses the check data to check after receiving the second control message. Thus, after the second control message is obtained, the second check data is determined according to the check content of the second control message.
Optionally, the header of the first control message may include an address header and a control protocol header, wherein the control protocol header includes the first check data. For example, as shown in fig. 3B, for the ICMP message, the first check data is a checksum, all the first check data in the second control message may be set to "0", and the other contents in the second control message are not changed, so that the check content of the second control message is obtained, and the second check data is determined according to the check content. The data in the address header may not be changed, and it can be understood that if the address header includes the check data, the check data may not be modified.
S204b, replacing the first check data in the second control message with the second check data to obtain a third control message.
S205a, sending a third control message to the second device.
In this embodiment, according to the verification content of the second control message, the second verification data is determined, the second verification data is used to replace the first verification data in the second control message, so as to obtain a third control message, and the third control message is sent to the second device, so that the second device uses the verification data to verify the third control message correctly, and therefore, correct transmission of the control message is ensured.
Fig. 6 is a schematic structural diagram of a transmission apparatus for a control message according to an embodiment of the present disclosure, and as shown in fig. 6, the apparatus according to the embodiment of the present disclosure includes:
a receiving module 601, configured to receive a first control message sent by a first device, where the first control message includes a header and a data area, and the header includes an address of a second device;
a determining module 602, configured to determine a message type of a first control message, where the first control message is used to detect whether a communication link between a first device and a second device is connected;
a modifying module 603, configured to modify first data in a data area of the first control message to obtain a second control message if the first control message is a first type of message;
a sending module 604, configured to send a second control message to the second device.
Optionally, the determining module 602 is specifically configured to:
and determining the message type of the first control message according to the message type identifier contained in the header of the first control message.
Optionally, the first control message is an internet control message protocol ICMP message;
the determining module 602 is specifically configured to:
and if the message type identifier contained in the header of the first control message is 0 or 8, determining that the first control message is the first type message.
Optionally, the first control message is an internet packet explorer PING message.
Optionally, the modifying module 603 is specifically configured to:
acquiring the length of first data in the data area;
and replacing the first data with the second data to obtain a second control message, wherein the length of the second data is the same as that of the first data.
Optionally, the header contains first parity data;
the determining module 602 is further configured to: determining second check data according to the check content of the second control message, wherein the check content of the second control message is obtained by replacing the first check data with 0 in the second control message;
the device still includes:
the replacing module is used for replacing the first check data in the second control message with the second check data to obtain a third control message;
correspondingly, the sending module 604 is specifically configured to:
and transmitting a third control message to the second device.
The apparatus of the foregoing embodiment may be configured to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 7 is a schematic structural diagram of a control message transmission device according to an embodiment of the present disclosure, and as shown in fig. 7, the device according to the embodiment of the present disclosure includes:
a memory 701, a memory for storing instructions executable by the processor 702;
a processor 702 for implementing the method as described in any of fig. 2, fig. 4 or fig. 5 above when the computer program is executed.
The apparatus of the foregoing embodiment may be configured to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
The present disclosure provides a computer-readable storage medium having stored therein computer-executable instructions for implementing a method of transmitting a control message as shown in any one of fig. 2, fig. 4 or fig. 5 as described above when the computer-executable instructions are executed by a processor.
The computer-readable storage medium of the above embodiment may be used to implement the technical solutions of the above method embodiments, and the implementation principles and technical effects are similar, and are not described herein again.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for transmitting a control message, comprising:
receiving a first control message sent by a first device, wherein the first control message comprises a header and a data area, and the header contains an address of a second device;
determining the message type of the first control message, and if the first control message is a first type message, modifying first data in a data area of the first control message to obtain a second control message, wherein the first type message is used for detecting whether a communication link between the first device and the second device is communicated;
sending the second control message to the second device.
2. The method of claim 1, wherein the determining the message type of the first control message comprises:
and determining the message type of the first control message according to the message type identifier contained in the header of the first control message.
3. The method of claim 2, wherein the first control message is an Internet Control Message Protocol (ICMP) message;
the determining the message type of the first control message according to the message type identifier included in the header of the first control message includes:
and if the message type identifier contained in the header of the first control message is 0 or 8, determining that the first control message is a first type message.
4. The method of claim 3, wherein the first control message is an Internet packet explorer (PING) message.
5. The method according to any of claims 1-4, wherein said modifying data in the data area of the first control message to obtain a modified second control message comprises:
acquiring the length of first data in the data area;
and replacing the first data with second data to obtain a second control message, wherein the length of the second data is the same as that of the first data.
6. The method of claim 5, wherein the header contains first parity data;
after the modifying the first data in the first control message to obtain the modified second control message, the method further includes:
determining second check data according to the check content of the second control message, wherein the check content of the second control message is obtained by replacing the first check data with 0 in the second control message;
replacing the first check data in the second control message with the second check data to obtain a third control message;
correspondingly, the sending the second control message to the second device includes:
transmitting the third control message to the second device.
7. An apparatus for transmitting a control message, comprising:
a receiving module, configured to receive a first control message sent by a first device, where the first control message includes a header and a data area, and the header includes an address of a second device;
a determining module, configured to determine a message type of the first control message, where the first type message is used to detect whether a communication link between the first device and a second device is connected;
the modification module is used for modifying the first data in the data area of the first control message to obtain a second control message if the first control message is a first type message;
a sending module, configured to send the second control message to the second device.
8. The apparatus of claim 7, wherein the determining module is specifically configured to:
and determining the message type of the first control message according to the message type identifier contained in the header of the first control message.
9. A transmission apparatus of a control message, comprising:
a memory for storing processor-executable instructions;
a processor for implementing the method of any one of claims 1 to 6 when the computer program is executed.
10. A computer-readable storage medium having computer-executable instructions stored therein, which when executed by a processor, are configured to implement the method of transmitting a control message according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011280487.5A CN112511506A (en) | 2020-11-16 | 2020-11-16 | Control message transmission method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011280487.5A CN112511506A (en) | 2020-11-16 | 2020-11-16 | Control message transmission method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112511506A true CN112511506A (en) | 2021-03-16 |
Family
ID=74956340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011280487.5A Pending CN112511506A (en) | 2020-11-16 | 2020-11-16 | Control message transmission method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112511506A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090083406A1 (en) * | 2007-09-21 | 2009-03-26 | Harrington Kendra S | Dynamic host configuration protocol (dhcp) message interception and modification |
| CN102428677A (en) * | 2009-05-08 | 2012-04-25 | 微软公司 | Sanitization of packets |
| CN108886515A (en) * | 2016-01-08 | 2018-11-23 | 百通股份有限公司 | Pass through the method and protective device for preventing the fallacious message in IP network from communicating using benign networking protocol |
| CN111756751A (en) * | 2020-06-28 | 2020-10-09 | 杭州迪普科技股份有限公司 | Message transmission method and device and electronic equipment |
-
2020
- 2020-11-16 CN CN202011280487.5A patent/CN112511506A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090083406A1 (en) * | 2007-09-21 | 2009-03-26 | Harrington Kendra S | Dynamic host configuration protocol (dhcp) message interception and modification |
| CN102428677A (en) * | 2009-05-08 | 2012-04-25 | 微软公司 | Sanitization of packets |
| CN108886515A (en) * | 2016-01-08 | 2018-11-23 | 百通股份有限公司 | Pass through the method and protective device for preventing the fallacious message in IP network from communicating using benign networking protocol |
| CN111756751A (en) * | 2020-06-28 | 2020-10-09 | 杭州迪普科技股份有限公司 | Message transmission method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101253390B1 (en) | Router detection | |
| US7436833B2 (en) | Communication system, router, method of communication, method of routing, and computer program product | |
| Carpenter et al. | Design considerations for protocol extensions | |
| US9712559B2 (en) | Identifying frames | |
| CN108809890B (en) | Vulnerability detection method, test server and client | |
| CN110519265B (en) | Method and device for defending attack | |
| CN110191066B (en) | Method, equipment and system for determining maximum transmission unit (PMTU) | |
| EP2469787A1 (en) | Method and device for preventing network attacks | |
| US20130263268A1 (en) | Method for blocking a denial-of-service attack | |
| CN112383559B (en) | Address resolution protocol attack protection method and device | |
| CN111641545B (en) | Tunnel detection method and device, equipment and storage medium | |
| CN111131548B (en) | Information processing method, apparatus and computer readable storage medium | |
| US10225174B2 (en) | Apparatus and method to hide transit only multi-access networks in OSPF | |
| RU2358395C2 (en) | Method of reducing transmission time of run file through test point | |
| CN112511506A (en) | Control message transmission method, device and equipment | |
| CN115314319A (en) | Network asset identification method and device, electronic equipment and storage medium | |
| CN113872949A (en) | Response method of address resolution protocol and related device | |
| US9912557B2 (en) | Node information detection apparatus, node information detection method, and program | |
| CN112202776A (en) | Source station protection method and network equipment | |
| CN114826634A (en) | Message detection method, electronic equipment and storage medium | |
| KR101231620B1 (en) | Defense method against arp offense for node of the network | |
| CN113645133B (en) | Message forwarding method, device, network equipment and computer readable storage medium | |
| JP7232121B2 (en) | Monitoring device and monitoring method | |
| KR100457825B1 (en) | Early warning and alerts-based automated software installation and patch management system, its implementation methods, and the storage media containing the aforementioned program codes and the methods thereof | |
| Hinden et al. | RFC 9268: IPv6 Minimum Path MTU Hop-by-Hop Option |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210316 |
|
| RJ01 | Rejection of invention patent application after publication |