CN113114571A - Data packet processing method and device, electronic equipment and storage medium - Google Patents
Data packet processing method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113114571A CN113114571A CN202110327784.9A CN202110327784A CN113114571A CN 113114571 A CN113114571 A CN 113114571A CN 202110327784 A CN202110327784 A CN 202110327784A CN 113114571 A CN113114571 A CN 113114571A
- Authority
- CN
- China
- Prior art keywords
- host
- mac address
- container
- virtual network
- network card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 30
- 238000000034 method Methods 0.000 claims abstract description 24
- 238000001914 filtration Methods 0.000 claims abstract description 23
- 230000008859 change Effects 0.000 claims abstract description 12
- 238000012545 processing Methods 0.000 claims abstract description 11
- 238000004590 computer program Methods 0.000 claims description 10
- 238000013507 mapping Methods 0.000 claims description 8
- 230000004083 survival effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 description 13
- 101100059544 Arabidopsis thaliana CDC5 gene Proteins 0.000 description 4
- 101100244969 Arabidopsis thaliana PRL1 gene Proteins 0.000 description 4
- 102100039558 Galectin-3 Human genes 0.000 description 4
- 101100454448 Homo sapiens LGALS3 gene Proteins 0.000 description 4
- 101150115300 MAC1 gene Proteins 0.000 description 4
- 101150051246 MAC2 gene Proteins 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a data packet processing method, a data packet processing device, electronic equipment and a storage medium; the method comprises the following steps: receiving a data packet; filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card. According to the invention, the MAC address list is dynamically updated according to the change condition of the state of the container in the first host, so that the network card of the first host can accurately intercept invalid MAC address data packets, and the accuracy of data packet filtering is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a data packet, an electronic device, and a storage medium.
Background
Docker is an open source application container engine. Based on Docker, developers can package their applications and dependency packages into a portable container and then publish them on any popular Linux machine or Windows machine.
A Docker cluster is a collection of multiple machines running Docker and in the same group. The machines in the cluster may be physical or virtual. The machines in a cluster are all referred to as nodes.
In the existing Docker cluster environment, when a physical network card of a host starts a hybrid mode, the network card receives all data packets, which causes a heavy system load, affects bandwidth, and occupies resources.
Disclosure of Invention
The invention provides a data packet processing method, a data packet processing device, an electronic device and a storage medium, aiming at the problems in the prior art.
In a first aspect, the present invention provides a data packet processing method, including:
receiving a data packet;
filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
According to a data packet processing method provided by the invention, the method further comprises the following steps:
when the change of the virtual network card contained in the first host is monitored, updating the MAC address currently contained in the first host according to the changed MAC address of the virtual network card in the first host.
According to a data packet processing method provided by the present invention, when it is monitored that a virtual network card included in the first host changes, updating a MAC address currently included in the first host according to a changed MAC address of the virtual network card in the first host, including:
when it is monitored that a first container is added to the first host, updating the MAC address currently contained in the first host according to the MAC address of the virtual network card of the first container; the MAC address of the virtual network card of the first container is selected from the unallocated MAC addresses of the first MAC address field and allocated to the virtual network card of the first container; the first MAC address field is a MAC address field assigned to the first host;
or the like, or, alternatively,
and when the state of the second container in the first host is monitored to be changed from the survival state to the non-survival state, deleting the MAC address of the virtual network card of the second container from the MAC address currently contained in the first host.
According to the data packet processing method provided by the present invention, the first MAC address field is a MAC address field allocated to the first host when the first host is registered in a cluster environment.
According to a data packet processing method provided by the present invention, the first MAC address field is a MAC address field allocated to the first host when the first host is registered in a cluster environment, and the method includes:
when the first host is registered in the cluster environment for the first time, the first MAC address field is a MAC address field which is distributed to the first host and is different from a second MAC address field; wherein the second MAC address field is the MAC address field of any registered host in the cluster environment;
when the first host is registered in the cluster environment again, the first MAC address field is obtained according to the mapping relation between the first host and the first MAC address field which is stored in advance.
According to the data packet processing method provided by the invention, the MAC address currently contained in the first host is stored in a mode of an MAC address list.
According to a data packet processing method provided by the present invention, before the step of receiving a data packet, the method further comprises:
creating a character device; wherein the character device is used for storing a MAC address list and refreshing the MAC address list.
In a second aspect, the present invention provides a packet processing apparatus, including:
the data packet receiving module is used for receiving data packets;
the data packet filtering module is used for filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
In a third aspect, the present invention provides an electronic device, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of the packet processing method according to the first aspect.
In a fourth aspect, the present invention provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the packet processing method according to the first aspect.
According to the data packet processing method, the data packet processing device, the electronic equipment and the storage medium, the MAC address list is dynamically updated according to the state change condition of the container in the first host, so that the network card of the first host can accurately intercept invalid MAC address data packets, and the accuracy of data packet filtering is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of a packet processing method according to the present invention;
FIG. 2 is a second flowchart of a data packet processing method according to the present invention;
FIG. 3 is a schematic diagram of a packet processing apparatus according to the present invention;
fig. 4 is a schematic physical structure diagram of an electronic device according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a data packet processing method provided by the present invention, and as shown in fig. 1, the data packet processing method provided by the present invention includes:
In the present invention, a first host refers to any host that has registered in the clustered environment. There may be one or more first hosts, and the number of the first hosts is not limited in the present invention.
In this embodiment, the cluster environment is a Docker cluster environment, and in other embodiments, the cluster environment may also be other types of cluster environments, which is not limited in the present invention.
In this embodiment, the data packet processing method of the present invention can be applied to a network card of a first host. The network card of the first host is an interface for the first host to perform network communication with the outside. The network card of the first host is typically a physical network card. The network card of the first host mainly has the functions of data receiving and transmitting, data filtering and the like. In other embodiments, the packet processing method of the present invention may also be applied to other devices, such as a device for managing the first host network card. This is not a limitation in the present invention.
In the present invention, the MAC address currently included in the first host includes: MAC addresses of all virtual network cards currently contained in the first host; and the MAC addresses of the virtual network cards in the cluster environment are different from each other. The virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
The virtual network card is an interface for data communication between the container and the outside, and the virtual network card and a network card of a first host where the container is located are connected to the same bridge. Generally, the virtual network card may be implemented by program code.
In the prior art, when the network card of the first host starts the promiscuous mode, the network card of the first host receives all data packets, which increases the system load, affects the bandwidth, and occupies resources.
In the invention, all MAC addresses currently contained by the first host are stored in advance at one side of the network card of the first host, and specifically, the MAC addresses at least contain all the MAC addresses of the virtual network cards currently contained by the first host. And may also contain the MAC addresses of all network devices of the first host itself.
In this embodiment, the MAC address list may be used to store all MAC addresses currently contained by the first host.
In this embodiment, the data structure of the MAC address list is as follows:
[MAC1,MAC2,MAC3,……,MACN]
each MAC address in the MAC address list is an element and unique.
In other embodiments, the data structure of the MAC address list may be in other ways known to those skilled in the art.
In order to avoid the situation that the network card of the first host receives the data packets which should be received by other hosts in the cluster environment in the hybrid mode, in the invention, the MAC addresses of the virtual network cards in the cluster environment should be different from each other. Specifically, different MAC address segments can be allocated to different hosts in the cluster environment, and different MAC addresses can be allocated to different individuals (virtual network cards or network devices of the hosts) in the same host. In other embodiments of the present invention, the MAC address field and the allocation of MAC addresses will be further explained.
Based on the MAC address list, filtering the received data packet according to the MAC address currently included in the first host, specifically including:
after receiving the data packet, the network card driver calls the MAC address list, the MAC address contained in the received data packet is compared with the MAC address in the MAC address list, and if the MAC address contained in the data packet is not in the MAC address list, the data packet is discarded, so that filtering of the non-local MAC address is realized. If the MAC address contained in the packet is in the MAC address list, the packet is released.
The data packet processing method provided by the invention can filter the data packet according to the MAC address currently contained in the first host when the network card of the first host is in the hybrid mode, can effectively filter the invalid MAC address data packet, reduces the burden and reduces the useless resource occupation.
Based on any one of the above embodiments, in this embodiment, the method further includes:
when the change of the virtual network card contained in the first host is monitored, updating the MAC address currently contained in the first host according to the changed MAC address of the virtual network card in the first host.
Since the state of the container in the first host changes over time, such as adding a container, reducing a container (i.e., the container changes from an alive state to a non-alive state), etc., the MAC address currently included in the first host needs to be updated according to the change of the container (i.e., the virtual network card). In this embodiment, the step of storing the MAC address currently included in the first host by using the MAC address list includes:
when it is monitored that a first container is added to the first host, updating the MAC address list according to the MAC address of the virtual network card of the first container; the MAC address of the virtual network card of the first container is selected from the unallocated MAC addresses of the first MAC address field and is allocated; the first MAC address segment is a MAC address segment assigned to the first host.
In the invention, each host in the cluster environment is respectively allocated with a corresponding MAC address field.
The MAC address field is a set of consecutive multiple MAC addresses. For example, 48-5B-39-5F-6C-Dx (x represents any number from 0-F in the 16-ary) is a MAC address field that contains 16 MAC addresses from 48-5B-39-5F-6C-D0 to 48-5B-39-5F-6C-DF. It should be noted that the MAC address field listed herein is for illustration purpose only, and the number of the MAC addresses included in the MAC address field may not be limited to 16, and the specific number may be determined according to actual situations.
In this embodiment, the MAC address allocated to the first host is recorded as a first MAC address segment. For example, host A corresponds to a first MAC address segment of 48-5B-39-5F-6C-Dx.
In this embodiment, the assignment of MAC addresses may be recorded by using a correspondence table between containers and MAC addresses.
As in one embodiment, the data structure of the container-to-MAC address correspondence table is as follows:
the relationship table adopts a data structure of Key Value. Wherein, Key in item [ MAC1, MAC2 … MACN ] is recorded as base, and Value records MAC address of all network devices of the first host. Key in the continueX ID [ MAC21, MAC22 … MAC2N ] item is ID of the container, and Value is MAC address of all virtual network cards in the Xth container.
When a first container is newly added to the first host, according to the number of the virtual network cards contained in the first container, selecting a corresponding number of unallocated MAC addresses from the MAC address field corresponding to the first host, and then allocating the MAC addresses to each virtual network card in the first container respectively. And recording the corresponding relation between the virtual network card in the first container and the newly allocated MAC address into a corresponding relation table of the container and the MAC address. The first container is a newly added container in the first host.
For example, there are 3 containers in the host a, and a new container needs to be created for the host a currently, which is denoted as container d, and the container d includes three virtual network cards, which are denoted as virtual network card d1, virtual network card d2, and virtual network card d3, respectively. The MAC address segment corresponding to host A is 48-5B-39-5F-6C-Dx, and the MAC addresses from 48-5B-39-5F-6C-D0 to 48-5B-39-5F-6C-D9 in the MAC address segment have been previously assigned to other containers of host A. In creating container d, MAC address 48-5B-39-5F-6C-DA may be assigned to virtual network card d1, MAC address 48-5B-39-5F-6C-DB may be assigned to virtual network card d2, and MAC address 48-5B-39-5F-6C-DC may be assigned to virtual network card d 3. Meanwhile, the above-mentioned MAC address assignment is recorded in the correspondence table between the host a container and the MAC address.
And updating the MAC address list according to the latest corresponding relation table of the container and the MAC address once the change of the corresponding relation table of the container and the MAC address is monitored.
Another situation where the virtual network card included in the first host changes is where the state of the second container in the first host transitions from an alive state to a non-alive state. Wherein the second container is a container that is transformed from a viable state to a non-viable state.
For such cases, in this embodiment, it may be periodically checked whether each container in the container-MAC address correspondence table is in a live state, and if the second container in the container-MAC address correspondence table is not in a live state, the ID of the second container and the MAC address of the virtual network card corresponding to the second container are deleted from the container-MAC address correspondence table. The checking of whether the container is in a live state may be performed by checking state information of the corresponding container in a container list according to the ID of the container in the correspondence table between the container and the MAC address, and determining whether the container is in a live state according to the state information. The container list is an existing data structure in Docker, and the data structure is not further described in this embodiment.
In this period, if the survival status of each container in the container-MAC address correspondence table has been checked and the container-MAC address correspondence table changes, the MAC address currently included in the first host may be updated according to the latest container-MAC address correspondence table, that is, the MAC address list is updated.
The data packet processing method provided by the invention can dynamically update the MAC address currently contained in the first host according to the change condition of the state of the container in the first host, so that the network card of the first host can accurately intercept invalid MAC address data packets, and the accuracy of data packet filtering is improved.
Based on any one of the foregoing embodiments, in this embodiment, the first MAC address segment is a MAC address segment allocated to the first host when the first host is registered in a cluster environment.
In the previous embodiments, it has been mentioned that the MAC addresses of the virtual network cards in the cluster environment should be different from each other. In this embodiment, a description is given of a generation process of the first MAC address segment. How to set the first MAC address segment plays an important role in ensuring that the MAC addresses of the virtual network cards in the cluster environment are different from each other.
Upon registration of a first host with a clustered environment, the first host is assigned a first MAC address segment. In this embodiment, allocating the first MAC address segment to the first host may be implemented by a host registration list. For example, a host registration list may be maintained at a management node in the clustered environment, the list including MAC address fields corresponding to each host. In one embodiment, the structure of the host registration list is as follows:
in the list, a Key, Value structure is used for storing data, and the MAC address field corresponding to each host is unique.
Two situations may be involved with the registration of the first host into the clustered environment.
When the host A is registered in the cluster environment B for the first time, a host registration list in the cluster environment B is inquired, and the mapping relation between the host A and the MAC address field is not included. Therefore, a new MAC address field C (i.e. a first MAC address field different from the MAC address field of any registered host in the cluster environment) needs to be added, the newly added MAC address field is used as the MAC address field corresponding to the host a, and the mapping relationship between the host a and the MAC address field C is added in the host registration list.
When the host a registers in the cluster environment B again (for example, the host a registers in the cluster environment B again due to a reboot), the host registration list in the cluster environment B is queried, and the mapping relationship between the host a and the first MAC address field is found in the list. At this time, the first MAC address field corresponding to the host a may be acquired from the list.
The data packet processing method provided by the invention allocates the MAC address field different from the registered host to the first host when the first host is registered in the cluster environment, thereby providing important guarantee for the difference of the MAC addresses of the virtual network cards in the cluster environment, and further enabling the possibility of filtering invalid MAC address data packets according to the MAC address currently contained by the first host when the network card of the first host is in a mixed mode.
Based on any one of the foregoing embodiments, in this embodiment, before the step of receiving the data packet, the method further includes:
creating a character device; wherein the character device is used for storing a MAC address list and refreshing the MAC address list.
In the prior art, the network card of the first host does not have the MAC address list, and the MAC address list cannot be refreshed in a user mode. The functions of storing the MAC address list and refreshing the MAC address list are realized by a character device in this embodiment, a description is given of a creation process of the character device.
In this embodiment, the MAC address list and the file node for refreshing the MAC address list in a user mode are created by means of creating a character device.
Specifically, the character creating device comprises a MAC address list, a network card driver and a file node.
Setting the MAC address list includes initializing the MAC address list, which includes writing all current MAC addresses of the first host into the MAC address list.
And the network card driver is used for receiving and transmitting data and filtering the received data according to the MAC address list. How to set up the network card driver is common knowledge of those skilled in the art, and therefore, the description is not repeated here.
The file node provides an interface for the user to dynamically refresh the list of MAC addresses in the user mode. For example, a file node/dev/charDev may be created under the/dev directory of the operating system, and the file node may be invoked by a user to realize interaction with a kernel. When the MAC address list is updated, the updating of the MAC address list can be realized through the file node.
The data packet processing method provided by the invention realizes the MAC address list by establishing character equipment for the network card of the first host and the file node for refreshing the MAC address list in a user mode, so that when the network card of the first host is in a hybrid mode, the data packet can be filtered according to the MAC address currently contained in the first host, invalid MAC address data packets can be effectively filtered, the burden is reduced, and unnecessary resource occupation is reduced.
Based on any of the above embodiments, fig. 2 is a second flowchart of the packet processing method provided by the present invention, as shown in fig. 2, in another embodiment, the packet processing method provided by the present invention includes:
The network card of the first host is an interface for the first host to perform network communication with the outside. The network card of the first host is typically a physical network card. The network card of the first host mainly has the functions of data receiving and transmitting, data filtering and the like.
In this embodiment, the MAC address list is used to store all MAC addresses currently contained in the first host.
The data structure of the MAC address list is as follows:
[MAC1,MAC2,MAC3,……,MACN]
each MAC address in the MAC address list is an element and unique.
In other embodiments, the data structure of the MAC address list may be in other ways known to those skilled in the art.
The file node provides an interface for the user to dynamically refresh the list of MAC addresses in the user mode. For example, a file node/dev/charDev may be created under the/dev directory of the operating system, and the file node may be invoked by a user to realize interaction with a kernel. When the MAC address list is updated, the updating of the MAC address list can be realized through the file node.
In this embodiment, the cluster environment is a Docker cluster environment, and in other embodiments, the cluster environment may also be other types of cluster environments, which is not limited in the present invention.
In this embodiment, allocating the independent MAC address field to the first host may be implemented by a host registration list. For example, a host registration list may be maintained at a management node in the clustered environment, the list including MAC address fields corresponding to each host. In one embodiment, the structure of the host registration list is as follows:
in the list, a Key, Value structure is used for storing data, and the MAC address field corresponding to each host is unique.
Two situations may be involved with the registration of the first host into the clustered environment.
When the host A is registered in the cluster environment B for the first time, a host registration list in the cluster environment B is inquired, and the mapping relation between the host A and the MAC address is not included. Therefore, a new MAC address field C needs to be added, the newly added MAC address field is used as the MAC address field corresponding to the host a, and the mapping relationship between the host a and the MAC address field C is added in the host registration list.
When the host a registers to the cluster environment B again (for example, the host a registers to the cluster environment B again due to a reboot), the host registration list in the cluster environment B is queried, and the list includes the mapping relationship between the host a and the MAC address. At this time, the MAC address field corresponding to the host a may be acquired from the list.
In this embodiment, the assignment of MAC addresses may be recorded by using a correspondence table between containers and MAC addresses.
In one embodiment, the data structure of the container-to-MAC address correspondence table is as follows:
the relationship table adopts a data structure of Key Value. Wherein, Key in item [ MAC1, MAC2 … MACN ] is recorded as base, and Value records MAC address of all network devices of the first host. Key in the continueXid [ MAC21, MAC22 … MAC2N ] item is ID of the container, and Value is MAC address of all virtual network cards in the Xth container.
When the first host adds a new container, according to the number of network cards contained in the container, selecting a corresponding number of unallocated MAC addresses from the MAC address field corresponding to the first host, and then allocating the MAC addresses to each virtual network card in the newly added container. And recording the corresponding relation between the virtual network card in the newly added container and the newly allocated MAC address into a corresponding relation table of the container and the MAC address.
And step 204, updating the MAC address list in the character equipment according to the change condition of the container in the first host.
The change of containers in the first host is divided into two cases, the first case is to newly add a container, and the second case is to change the container from a surviving state to a non-surviving state.
When a container is newly added in the first host, the corresponding relation table of the container and the MAC address changes, that is, the MAC address allocated to the network card in the newly added container is added to the corresponding relation table of the container and the MAC address. Therefore, once the change of the corresponding relation table between the container and the MAC address is monitored, a file node in the character equipment can be called, and the file node updates the MAC address list in the character equipment according to the latest corresponding relation table between the container and the MAC address.
For the case that the container is changed from the alive state to the non-alive state, in this embodiment, it may be periodically checked whether each container in the container and MAC address correspondence table is in the alive state, and if the second container in the container and MAC address correspondence table is not in the alive state, the ID of the second container and the MAC address corresponding to the second container are deleted in the container and MAC address correspondence table. The checking of whether the container is in a live state may be performed by checking state information of the corresponding container in a container list according to the ID of the container in the correspondence table between the container and the MAC address, and determining whether the container is in a live state according to the state information. The container list is an existing data structure in Docker, and the data structure is not further described in this embodiment.
In this period, if the survival status of each container in the correspondence table of the container and the MAC address has been checked and the correspondence table of the container and the MAC address changes, the MAC address list may be updated according to the latest correspondence table of the container and the MAC address.
And step 205, after the network card of the first host receives the data packet, filtering the data packet according to the MAC address list in the character device.
After the network card of the first host receives the data packet, the network card drives the MAC address list to be called, the MAC address contained in the received data packet is compared with the MAC address in the MAC address list, and if the MAC address contained in the data packet is not in the MAC address list, the data packet is discarded, so that the filtering of the non-local MAC address is realized. If the MAC address contained in the packet is in the MAC address list, the packet is released.
The data packet processing method provided by the invention can filter the data packet according to the MAC address currently contained in the first host when the network card of the first host is in the hybrid mode, can effectively filter the invalid MAC address data packet, reduces the burden and reduces the useless resource occupation.
Based on any of the above embodiments, fig. 3 is a schematic diagram of a packet processing apparatus provided by the present invention, and as shown in fig. 3, the packet processing apparatus provided by the present invention includes:
a data packet receiving module 301, configured to receive a data packet;
a packet filtering module 302, configured to filter the received packet according to the MAC address currently included in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
The data packet processing device provided by the invention can filter the data packet according to the MAC address currently contained in the first host when the network card of the first host is in the hybrid mode, can effectively filter the invalid MAC address data packet, reduces the burden and reduces the useless resource occupation.
Fig. 4 is a schematic physical structure diagram of an electronic device according to the present invention, and as shown in fig. 4, the electronic device may include: a processor (processor)410, a communication Interface 420, a memory (memory)430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. The processor 410 may call logic instructions in the memory 430 to perform the following method:
receiving a data packet;
filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
It should be noted that, when being implemented specifically, the electronic device in this embodiment may be a server, a PC, or other devices, as long as the structure includes the processor 410, the communication interface 420, the memory 430, and the communication bus 440 shown in fig. 4, where the processor 410, the communication interface 420, and the memory 430 complete mutual communication through the communication bus 440, and the processor 410 may call the logic instruction in the memory 430 to execute the above method. The embodiment does not limit the specific implementation form of the electronic device.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Further, embodiments of the present invention disclose a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, which when executed by a computer, the computer is capable of performing the methods provided by the above-mentioned method embodiments, for example, comprising:
receiving a data packet;
filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
In another aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to perform the method provided by the foregoing embodiments, for example, including:
receiving a data packet;
filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for processing a data packet, comprising:
receiving a data packet;
filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
2. The method of claim 1, further comprising:
when the change of the virtual network card contained in the first host is monitored, updating the MAC address currently contained in the first host according to the changed MAC address of the virtual network card in the first host.
3. The method according to claim 2, wherein when it is monitored that the virtual network card included in the first host changes, the updating of the MAC address currently included in the first host according to the changed MAC address of the virtual network card in the first host includes:
when it is monitored that a first container is added to the first host, updating the MAC address currently contained in the first host according to the MAC address of the virtual network card of the first container; the MAC address of the virtual network card of the first container is selected from the unallocated MAC addresses of the first MAC address field and allocated to the virtual network card of the first container; the first MAC address field is a MAC address field assigned to the first host;
or the like, or, alternatively,
and when the state of the second container in the first host is monitored to be changed from the survival state to the non-survival state, deleting the MAC address of the virtual network card of the second container from the MAC address currently contained in the first host.
4. The method of claim 3, wherein the first MAC address field is a MAC address field allocated to the first host when the first host is registered in a cluster environment.
5. The method of claim 4, wherein the first MAC address field is a MAC address field allocated to the first host when the first host is registered in a cluster environment, and the method comprises:
when the first host is registered in the cluster environment for the first time, the first MAC address field is a MAC address field which is distributed to the first host and is different from a second MAC address field; wherein the second MAC address field is the MAC address field of any registered host in the cluster environment;
when the first host is registered in the cluster environment again, the first MAC address field is obtained according to the mapping relation between the first host and the first MAC address field which is stored in advance.
6. The method according to claim 1, wherein the MAC address currently included in the first host is stored in a MAC address list.
7. The packet processing method according to any one of claims 1 to 6, wherein, before the step of receiving the packet, the method further comprises:
creating a character device; wherein the character device is used for storing a MAC address list and refreshing the MAC address list.
8. A packet processing apparatus, comprising:
the data packet receiving module is used for receiving data packets;
the data packet filtering module is used for filtering the received data packet according to the MAC address currently contained in the first host; the first host is any host registered to the cluster environment; the MAC address currently contained by the first host includes: MAC addresses of all virtual network cards currently contained in the first host; MAC addresses of all virtual network cards in the cluster environment are different from each other; the virtual network card is located in a container of the first host, and any container in the first host comprises at least one virtual network card.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the packet processing method according to any of claims 1 to 7 are implemented when the processor executes the program.
10. A non-transitory computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the data packet processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110327784.9A CN113114571A (en) | 2021-03-26 | 2021-03-26 | Data packet processing method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110327784.9A CN113114571A (en) | 2021-03-26 | 2021-03-26 | Data packet processing method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113114571A true CN113114571A (en) | 2021-07-13 |
Family
ID=76712362
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110327784.9A Pending CN113114571A (en) | 2021-03-26 | 2021-03-26 | Data packet processing method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113114571A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113904857A (en) * | 2021-10-17 | 2022-01-07 | 济南浪潮数据技术有限公司 | Method, device and equipment for filtering data packets in local area network and readable medium |
| CN115086208A (en) * | 2022-06-14 | 2022-09-20 | 深信服科技股份有限公司 | Network card detection method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1462131A (en) * | 2002-05-30 | 2003-12-17 | 深圳市中兴通讯股份有限公司 | Broad-band insertion service apparatus dialing testing method |
| US20160378518A1 (en) * | 2015-06-29 | 2016-12-29 | Vmware, Inc. | Policy based provisioning of containers |
| CN110520843A (en) * | 2017-03-23 | 2019-11-29 | Dh2I公司 | Highly usable stateful container in cluster environment |
| CN111694639A (en) * | 2020-05-28 | 2020-09-22 | 新浪网技术(中国)有限公司 | Method and device for updating address of process container and electronic equipment |
| CN112398688A (en) * | 2020-11-13 | 2021-02-23 | 广东省华南技术转移中心有限公司 | Container network configuration method, container network system, and storage medium |
-
2021
- 2021-03-26 CN CN202110327784.9A patent/CN113114571A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1462131A (en) * | 2002-05-30 | 2003-12-17 | 深圳市中兴通讯股份有限公司 | Broad-band insertion service apparatus dialing testing method |
| US20160378518A1 (en) * | 2015-06-29 | 2016-12-29 | Vmware, Inc. | Policy based provisioning of containers |
| CN110520843A (en) * | 2017-03-23 | 2019-11-29 | Dh2I公司 | Highly usable stateful container in cluster environment |
| CN111694639A (en) * | 2020-05-28 | 2020-09-22 | 新浪网技术(中国)有限公司 | Method and device for updating address of process container and electronic equipment |
| CN112398688A (en) * | 2020-11-13 | 2021-02-23 | 广东省华南技术转移中心有限公司 | Container network configuration method, container network system, and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113904857A (en) * | 2021-10-17 | 2022-01-07 | 济南浪潮数据技术有限公司 | Method, device and equipment for filtering data packets in local area network and readable medium |
| CN115086208A (en) * | 2022-06-14 | 2022-09-20 | 深信服科技股份有限公司 | Network card detection method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11586673B2 (en) | Data writing and reading method and apparatus, and cloud storage system | |
| CN109981493B (en) | Method and device for configuring virtual machine network | |
| US9448901B1 (en) | Remote direct memory access for high availability nodes using a coherent accelerator processor interface | |
| CN113037794B (en) | Method, device and system for computing resource allocation scheduling | |
| CN108322325B (en) | Virtual machine management method and device | |
| US20070083748A1 (en) | Determining a boot image based on a requesting client address | |
| US10361995B2 (en) | Management of clustered and replicated systems in dynamic computing environments | |
| US11036535B2 (en) | Data storage method and apparatus | |
| CN113114571A (en) | Data packet processing method and device, electronic equipment and storage medium | |
| US20180188990A1 (en) | Method, apparatus and system for inserting disk | |
| CN108073423A (en) | A kind of accelerator loading method, system and accelerator loading device | |
| CN111327509B (en) | Information updating method and device | |
| CN118043784A (en) | Distributed data processing application services in provider networks | |
| CN113438295A (en) | Container group address allocation method, device, equipment and storage medium | |
| CN112035244A (en) | Deployment of virtual node clusters in a multi-tenant environment | |
| CN108062239B (en) | Accelerator loading method and system and accelerator loading device | |
| US10931581B2 (en) | MAC learning in a multiple virtual switch environment | |
| CN114640678A (en) | Pod management method, device and medium based on SR-IOV | |
| CN106302075B (en) | A kind of method and device creating logical volume | |
| CN112367256B (en) | Creation method, device and storage medium | |
| US8972604B1 (en) | Network address retention and assignment | |
| CN116436968A (en) | Service grid communication method, system, device and storage medium | |
| CN115801733A (en) | Network address allocation method and device, electronic equipment and readable medium | |
| US11907075B2 (en) | Method and system for continuous mapping of protection policies to data cluster components | |
| CN114417069A (en) | Page data interaction method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210713 |
|
| RJ01 | Rejection of invention patent application after publication |