CN113132419B - Message forwarding method and device, switch, router and server - Google Patents

Message forwarding method and device, switch, router and server Download PDF

Info

Publication number
CN113132419B
CN113132419B CN202110673814.1A CN202110673814A CN113132419B CN 113132419 B CN113132419 B CN 113132419B CN 202110673814 A CN202110673814 A CN 202110673814A CN 113132419 B CN113132419 B CN 113132419B
Authority
CN
China
Prior art keywords
field
protocol message
protocol
data
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110673814.1A
Other languages
Chinese (zh)
Other versions
CN113132419A (en
Inventor
王东升
赵立伟
王冬娟
阎博
张孝安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ziguang Hengyue Technology Co Ltd
Original Assignee
Ziguang Hengyue Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ziguang Hengyue Technology Co Ltd filed Critical Ziguang Hengyue Technology Co Ltd
Priority to CN202110673814.1A priority Critical patent/CN113132419B/en
Publication of CN113132419A publication Critical patent/CN113132419A/en
Application granted granted Critical
Publication of CN113132419B publication Critical patent/CN113132419B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Abstract

The embodiment of the application provides a protocol message forwarding method, and relates to the technical field of network communication. The method comprises the following steps: receiving a protocol message sent by a sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.

Description

Message forwarding method and device, switch, router and server
Technical Field
The present application relates to the field of network communication technologies, and in particular, to a message forwarding method, an apparatus, an electronic device, a switch, a router, and a server.
Background
With the continuous development of e-government construction, more and more data are exchanged between internal networks and external networks of many organizations, and in order to ensure that data exchanged between the internal networks and the external networks is safe, that is, not only data exchange is performed, but also the exchanged data is safe, unsafe data is isolated, and at this time, a network isolation technology is required.
The main goal of network isolation technology is to isolate harmful network security threats to ensure secure interaction of data within a trusted network. The gateway product applies the network isolation technology, has deep application layer protocol analysis and filtering capability, and can carry out deep analysis and formulate a corresponding security policy aiming at various application layer protocols such as HTTP protocol, FTP protocol, POP3 protocol, SMTP protocol, TNS protocol and the like.
However, the current gatekeeper product can deeply analyze the known protocol only by supporting the known protocol, and for the user-defined protocol or unknown protocol, the unknown protocol is directly forwarded mainly by using a transparent transmission or routing mode or a general TCP/UDP mode, and the user-defined protocol or unknown protocol cannot be deeply analyzed and a corresponding security policy cannot be formulated, so that a great potential safety hazard exists in the data ferrying process.
Disclosure of Invention
Embodiments of the present invention provide a message forwarding method, apparatus, electronic device, storage medium, and computer program that overcome the above-mentioned problems or at least partially solve the above-mentioned problems.
In a first aspect, a method for forwarding a packet is provided, where the method includes:
receiving a protocol message sent by a sending end;
extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message;
searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result;
if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message;
and taking the executable strategy as a target strategy, and sending a field corresponding to the target strategy in the protocol message to a receiving end according to the quadruple information.
In one possible implementation, determining an extension field and a data field in a protocol message according to a search result includes:
if the quadruple information is searched, acquiring the position information of the expansion field corresponding to the quadruple information in the protocol message and the position information of the data field in the protocol message in the protocol knowledge base;
and determining an extension field and a data field from the protocol message according to the position information.
In one possible implementation, determining an extension field and a data field in a protocol message according to a search result includes:
and if the quadruple information is not searched, taking the data except the general field in the protocol message as a data field.
In one possible implementation, determining the extension field and the data field from the protocol message further includes:
and defining the data field to obtain the defined data field, adding the defined data field to the expansion field to update the expansion field, and updating the position relation of the quadruple information in the protocol message and the corresponding relation of the expansion field in the protocol message in a protocol knowledge base.
In one possible implementation, the data in the protocol message except for the general field is used as a data field, and then the method further includes:
defining the data field to obtain a defined data field, and determining the defined data field as an expansion field;
and establishing a corresponding relation between the position information of the four-tuple information in the protocol message and the position information of the expansion field in the protocol message in a protocol database.
In one possible implementation manner, determining an extension field and a data field in a protocol message according to a search result, and then:
and if the switching to the second processing mode is determined, transmitting the extension field and the data field to a receiving end.
In a second aspect, a message conversion apparatus is provided, where the apparatus includes: the receiving module is used for receiving the protocol message sent by the sending end;
the quadruplet information extraction module is used for extracting a general field of the protocol message, and the general field comprises quadruplet information of the protocol message;
the expansion field and data field determining module is used for searching quadruplet information in a pre-established protocol knowledge base and determining an expansion field and a data field in a protocol message according to a search result;
the strategy acquisition module is used for acquiring a preconfigured strategy corresponding to at least one field of a general field, an expansion field and a data field in the protocol message if the switching to the first processing mode is determined;
and the sending module is used for sending the field corresponding to the target strategy in the protocol message to the receiving end according to the quadruple information by taking the executable strategy as the target strategy.
In one possible implementation, the extension field and data field determining module further includes:
the position information determining submodule is used for acquiring the position information of an expansion field corresponding to the quadruple information in the protocol message and the position information of a data field in the protocol message in the protocol knowledge base if the quadruple information is searched;
and the extension field and data field submodule determines an extension field and a data field from the protocol message according to the position information.
In one possible implementation manner, the extension field and data field determining module further includes:
and the data field determining submodule is used for taking the data except the general field in the protocol message as the data field if the quadruple information is not searched.
In one possible implementation, the extension field and data field determining module further includes:
and the expansion field updating submodule is used for defining the data field to obtain the defined data field, adding the defined data field to the expansion field to update the expansion field, and updating the position relationship of the quadruple information in the protocol message and the corresponding relationship between the position relationships of the expansion field in the protocol message in the protocol knowledge base.
In one possible implementation manner, the data in the protocol message except for the general field is used as a data field, and then the method further includes:
the extension field determining submodule is used for defining the data field to obtain a defined data field and determining the defined data field as an extension field;
and the corresponding relation creating module is used for creating the corresponding relation between the position information of the four-tuple information in the protocol message and the position information of the expansion field in the protocol message in the protocol database.
In one possible implementation manner, determining an extension field and a data field in a protocol message according to a search result, and then:
and the second sending module is used for sending the expansion field and the data field to the receiving end if the switching to the second processing mode is determined.
In a third aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the method provided in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a switch, configured to execute steps implementing the method provided in the first aspect.
In a fifth aspect, an embodiment of the present application provides a router, where the router is configured to implement the steps of the method provided in the first aspect.
In a sixth aspect, an embodiment of the present application provides a server, including a memory for storing a computer program; a processor for implementing the steps of the method as provided by the first aspect is also included.
The message forwarding method, the message forwarding device, the electronic equipment and the storage medium provided by the embodiment of the invention receive the protocol message sent by the sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic diagram of network organization branches at two ends of a gatekeeper according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a message forwarding method according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a process for determining a target policy according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of a process of determining an extension field and a data field in a protocol message according to a search result according to an embodiment of the present application;
fig. 5 is a schematic flowchart of a process of creating, in a protocol repository, a correspondence between quadruple information of a protocol packet and extended fields in position information of the protocol packet according to an embodiment of the present application;
fig. 6 is a schematic diagram illustrating a forwarding flow of another protocol packet according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a protocol packet forwarding apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The terms referred to in this application will first be introduced and explained:
the network communication protocol is a network general language, provides communication support for the internet connecting different operating systems and different hardware architectures, and is a network general language. The network communication protocol is a bridge for communication and exchange among networks, and only computers with the same network communication protocol can communicate and exchange information, the network communication protocol is an agreement that computers must obey when realizing communication in the network, and the network communication protocol mainly makes provisions and sets standards for information transmission rate, transmission codes, code structures, transmission control steps, error control and the like. A network communication protocol is a set of communication rules between all devices on a network (network servers, computers and switches, routers, firewalls, etc.) that specify the formats information must take and the meaning of those formats when communicating. Most networks employ a layered architecture, each layer built on top of its lower layers, providing certain services to its upper layers, while shielding the upper layers from the details of how this service is implemented. The rule for the nth layer on one device to communicate with the nth layer on another device is the nth layer communication protocol. There are many communication protocols in each layer of the network, and the protocols at the layers of the receiver and the sender must be identical, otherwise one party will not recognize the information sent by the other party. Network communication protocols enable various devices on a network to exchange information with one another. Common network communication protocols are: TCP/IP (Transmission Control Protocol/Internet Protocol, Transmission Control/network Protocol) Protocol, IPX/SPX (Internet Packet Exchange/sequence Packet Exchange) Protocol, NetBEUI (NetBios Enhanced User Interface, User extended Interface Protocol) Protocol, and the like.
The Network Isolation (Network Isolation) technology mainly refers to the Isolation purpose achieved by exchanging data between two or more routable Network protocols (such as TCP/IP) through non-routable protocols (such as IPX/SPX, NetBEUI and the like).
The network gate applies network isolation technology, takes access control thought as a strategy and takes physical isolation as a basis, defines related constraints and rules to ensure the safety intensity of the network, and uses a solid-state switch read-write medium with multiple control functions to connect information safety equipment of two independent host systems. As shown in fig. 1, which exemplarily shows a schematic diagram of network organization branches at two ends of a gatekeeper, one end of the gatekeeper 110 is connected to a client 120, the other end is connected to a server 130, and the server 130 and the client 120 are isolated by the gatekeeper 110, so that there are no physical connection, logical connection and information transmission protocol for communication between network organizations, no information exchange according to a protocol, and no protocol ferrying is performed only in the form of a data file. The current gatekeeper has the problem that data ferry can not be carried out to protocols which are not supported or self-defined, and deep analysis and strategy control can not be carried out.
The message (message) is a data unit exchanged and transmitted in the network, that is, a data block to be sent by a station at one time, the message is used for exchanging information when a request and a response are performed between systems, and also needs to comply with a specified format, the message is also a unit of network transmission, and is continuously encapsulated into packets, packets and frames for transmission in the transmission process, and the encapsulation mode is to add some information segments, that is, data in which a message header is organized in a certain format.
Protocol messages are all in a certain format, such as HTTP (HyperText Transfer Protocol), TCP (Transmission Control Protocol), UDP (User data Protocol), ICMP (Internet Control Message Protocol), etc. are all internationally known protocols, are common protocols, and messages HTTP, TCP, UDP, and ICMP (Internet Control Message Protocol) corresponding to these protocols are all default known formats, and when these messages are encoded, they are encoded according to a uniform format or rule, and when these messages are received, the gatekeeper can analyze these messages according to their encoding rules, however, for the protocols that are not self-defined by the gatekeeper or for the protocols that are not self-defined by the gatekeeper, the gatekeeper can not directly and deeply analyze these messages, in other existing schemes, a transparent transmission or routing mode or a general TCP/UDP mode is directly used to forward an unknown Protocol packet, control objects mainly include IP (Internet Protocol Address ), ports and the like, while control granularity of general Protocol objects such as IP addresses, ports and the like is relatively coarse, control of Protocol objects such as IP addresses, ports and the like is coarse, a Protocol is not deeply analyzed, and control of Protocol contents with deep fine granularity cannot be performed.
Certainly, some other schemes in the prior art can also perform deep analysis control on unknown protocol messages, but the deep analysis control is developed through customizing codes, namely one special analysis development code is customized for one unknown protocol message, and multiple analyses are customized for multiple unknown protocol messages to reuse the development codes, so that the consumption ratio of the mode to the manpower and material cost is higher, the analysis cannot be performed on the multiple protocol messages, and the applicability and the universality are not realized.
The application provides a message forwarding method, a message forwarding device, an electronic device and a computer-readable storage medium, which aim to solve the above technical problems in the prior art.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
An embodiment of the present application provides a packet forwarding method, as shown in fig. 2, the method includes:
step S201, receiving a protocol packet sent by a sending end.
The embodiment of the present application is applied to a network isolation device having a network isolation technology, and the embodiment of the present application does not limit a specific network isolation device.
The network brake of the embodiment of the application isolates an internal network from an external network, the network brake is provided with two ends, one end is connected with a message sending end, the other end is connected with a message receiving end, the two ends of the network brake exchange data parts of protocol messages instead of protocol messages, and one end of the network brake strips data out of the protocol messages and ferries the data to the other end of the network brake.
Step S202, extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message.
After receiving a protocol message sent by a sending end in a preset time period, the embodiment of the application can extract general fields of each protocol message received in the preset time period, wherein the general fields comprise four-tuple information of the protocol message, the four-tuple information comprises a source IP address, a destination IP address, a source port number and a target port, namely the general fields comprise information such as the source IP address, the destination IP address, the source port number and the target port number of the protocol message, and the access condition between a client and a server can be determined based on the four-tuple information.
Step S203, searching the quadruple information in a pre-established protocol knowledge base, and determining an expansion field and a data field in the protocol message according to the search result.
The protocol knowledge base of the embodiment of the application stores information of each field of a known protocol message, including a general field and an expansion field of the protocol message, wherein the general field information includes id of the protocol message, quadruple information, message direction and the like, the corresponding expansion field stored in the protocol knowledge base can be searched through the id or quadruple information of the protocol message, other fields except the general field and the expansion field are data fields, and the data fields are determined in a mode of excluding the general field and the expansion field.
In the embodiment of the application, for the gatekeeper, a common field and an extension field of a known protocol message are both known fields, the extension field exists in the known protocol message, the extension field is a defined field, the field meaning of the extension field is known for the gatekeeper, and the gatekeeper can directly acquire position information of the extension field of the known protocol message in the protocol message and directly determine each extension field in the protocol message according to quadruple information of the known protocol message. In contrast, a data field is an unknown field in the gatekeeper, the data field is not stored in the protocol repository, the gatekeeper cannot know the meaning of the data field, and the data field is defined to become a known field.
If the quadruple information of a plurality of protocol messages in the protocol messages received by the gatekeeper in a period of time is not changed, the messages are in the same session, and a data channel can be established based on the same field, so that clients and servers at two ends of the gatekeeper can access.
In fact, when a protocol message is analyzed, the main analysis is that the changed part of the protocol message, such as the unchanged fields of an IP address, a port number and the like, can be directly analyzed, and the changed part, including the expanded field and the data field, is the main focus place of the protocol message analysis.
The method comprises the steps that a general field and an expansion field are known fields, the general field and the expansion field are stored in a protocol knowledge base, after quadruple information in the general field of a known protocol message is extracted, the quadruple information is directly searched in the protocol knowledge base according to the corresponding relation between the quadruple information and the expansion field, so that the expansion field of the protocol message is determined, if the quadruple information of a certain protocol message is stored in the protocol knowledge base, the protocol message is the known protocol message in the gateway, and the general field, the expansion field and the data field of the protocol message can be obtained according to the protocol knowledge base; if the quadruple information of a certain protocol message is not stored in the protocol knowledge base, the protocol message is an unknown protocol message for the gatekeeper, and the unknown protocol message comprises a universal field quadruple and a data field quadruple after being primarily analyzed.
Step S204, if the switching to the first processing mode is determined, a pre-configured strategy corresponding to at least one field of the general field, the expansion field and the data field in the protocol message is obtained.
The first processing mode in the embodiment of the present application may be a network isolation mode, after the gatekeeper opens the network isolation mode, all the fields are not ferred to the other end of the gatekeeper, and data ferred by the gatekeeper is determined according to a policy corresponding to each field.
The policy corresponding to the field in the embodiment of the present application is set through a policy editor, which may be any message editing tool, and is not limited in the embodiment of the present application, and the policy includes: forwarding, alarming and logging, and policies can be set for general fields, extension fields and data fields by a policy editor.
Step S205, the executable strategy is taken as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
After the policies corresponding to the fields are obtained, all the fields are not ferried to the other end of the gatekeeper, but executable policies are determined from the policies corresponding to the fields to serve as target policies.
As shown in fig. 3, a schematic flowchart of determining a target policy is exemplarily shown, which includes:
step S301, setting a strategy for at least one field of a general field, an expansion field and a data field in a protocol message, wherein the strategy comprises one of forwarding, alarming, discarding and logging;
step S302, the strategies corresponding to the general fields, the extended fields and the data fields are placed in a white list or a black list according to a preset rule;
step S303, if the policy corresponding to the field is in the white list, determining that the policy corresponding to the field is an executable policy, and determining that the executable policy is a target policy.
The embodiment of the application can set the strategy for the general field, the expansion field and the data field, the set strategy comprises any one of forwarding, alarming, discarding and log recording, the user name is assumed to be one expansion field, the strategy can be set for forwarding for the user name 0001, and the strategy can be set for discarding for the user name 0002.
The preset rule in the embodiment of the application is determined according to an actual situation, and may be any rule set by a user, a policy corresponding to a field meeting the preset rule may be placed in a white list, a policy corresponding to a field not meeting the preset rule may be placed in a black list, and if the policy corresponding to a certain field is located in the white list, the policy corresponding to the field may be determined to be an executable policy, that is, the policy corresponding to the field is a target policy.
The general field in this embodiment of the application further includes a source port number and a destination port number, a policy may be set for the source port number, for example, the policy set for the source port number 8080 is forwarding, the policy set for the source port number 8080 is placed in a white list, then the policy corresponding to the source port number 8080 is an executable policy, the gatekeeper directly passes through the source port number 8080, for example, the policy set for the source port number 20 is discarding, and the policy corresponding to the source port number 20 is located in a black list, then the gatekeeper may directly block the source port number 20, and data in the protocol packet with the source port number 20 may not be ferreted to the other end of the gatekeeper.
The data channel of the embodiment of the application includes a first data channel, the first data channel is established in a first processing mode, that is, the first data channel is established after a network isolation mode is opened, the first data channel is established after a target policy is determined, a field corresponding to the target policy is ferred to the other end of a gatekeeper through the first data channel, that is, if a policy corresponding to a certain field is located in a white list, the gatekeeper can ferry the field to the other end of the gatekeeper through the first data channel, the first data channel allows the field corresponding to the target policy to pass through, similarly, if a policy corresponding to the certain field is located in a black list, the gatekeeper can block the field, the field cannot be ferred to the other end of the gatekeeper through the first data channel, and after the other end of the gatekeeper receives the field corresponding to the target policy, quadruple information of the protocol message and the field corresponding to the target policy are combined again And packaging, namely packaging into a protocol message, and sending the protocol message to a receiving end, namely to a server.
The embodiment of the application receives a protocol message sent by a sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
An embodiment of the present application provides a possible implementation manner, as shown in fig. 4, which exemplarily shows a flowchart for determining an extension field and a data field in a protocol message according to a search result, and determining the extension field and the data field in the protocol message according to the search result includes:
step S410, if the quadruple information is searched, acquiring the position information of the expansion field corresponding to the quadruple information in the protocol message and the position information of the data field in the protocol message in the protocol knowledge base.
The method includes the steps that position information of fields in a protocol message includes logical address information of the protocol message, if quadruple information of the protocol message is searched in a protocol knowledge base, the protocol message is a known message already stored in the protocol knowledge base, the position information of expansion fields and expansion fields corresponding to information corresponding to the quadruple information in the protocol message can be determined by searching the quadruple information, and the rest of the protocol message except general fields and the expansion fields is data fields.
Specifically, it is assumed that the quadruple information of a certain protocol packet includes: the source IP address is 192.168.1.0, the destination IP address is 192.168.250.9, the source port number is 12345, the destination port number is 54321, after searching in the protocol knowledge base, 3 records related to the quadruple information are searched, the first expansion field corresponding to the quadruple information is an expansion field with the address of 1-20 bytes and the field name of name, the second expansion field corresponding to the quadruple information is an expansion field with the address of 20-40 bytes and the field name of password, the content of the name field of the first expansion field of the 3 records is 00001, 00002 and 00003, and the content of the password field of the second expansion field is: zmj001, dwx038 and jdm520, it can be directly determined that the 1-20 bytes of data of the protocol message are the first extended field name, the 20-40 bytes of data are the second extended field name, and the fields from 40 bytes to the last byte address are data fields.
Step S411, according to the position information, determining an extension field and a data field from the protocol message.
After the position information of the quadruple information, the position information of the expanded fields and the position information of the data fields in the protocol message are determined, the expanded fields and the data fields can be determined, the expanded fields are already stored in a protocol knowledge base and can be directly determined by directly accessing the protocol database, and the data fields are other parts except the general fields and the expanded fields.
As shown in table 1, the protocol message includes a general field, an extension field, and a data field, the general field includes quadruplet information (including a source IP address, a destination IP address, a source port, and a destination port), a message id, a source MAC address, a destination MAC address, and a message direction, specifically, the message direction of the message 1 is from the client to the server, the source MAC address is XXXX-XXXX, the destination MAC address is yyyyy-yyyyy, the source IP address is a.a.a.a.a.a, the destination IP address is b.b.b, the source port number is aaaa, the destination port number is bbbb, the first extension field is an extension field with a field name of "field 1" having 1-20 bytes, the content is test1, the second extension field is an extension field with a field name of "field 2" having 20-40 bytes, the content is date1, the rest part except the general field and the extension field is a data field, the address bit of the data field in the protocol message is determined according to the actual situation, and the content of the data field is ASK (here, the example is taken, and the determination is specifically determined according to the specific situation); the message direction of the message 2 is from the server to the client, the source MAC address is YYYY-YYYY, the destination MAC address is XXXX-XXXX, the source IP address is b.b.b, the destination IP address is a.a.a.a.a.a, the source port number is bbbb, the destination port number is aaaa, the first extension field represents an extension field with a field name of "field 1" of 1-20 bytes, the content is test2, the second extension field address is an extension field with a field name of "field 2" of 20-40 bytes, the content is date2, the rest parts except the general field and the extension field are data fields, and the content of the data fields is ANW (which is exemplified here and determined specifically).
Figure 559272DEST_PATH_IMAGE001
TABLE 1
The embodiment of the present application provides a possible implementation manner, determining an extension field and a data field in a protocol message according to a search result, further including:
step S420, if no quadruple information is searched, using the data in the protocol message except the general field as an initial data field.
If the quadruple information of the protocol message is not searched in the protocol knowledge base, the protocol message is unknown to the gatekeeper, and other data except the general field in the protocol message is used as an initial data field.
As shown in table 2, a schematic diagram of each field of an unknown protocol message received by the gatekeeper is exemplarily shown, the protocol message includes a general field and a data field, the general field includes quadruplet information (including a source IP address, a destination IP address, a source port number and a destination port number), a message id, a source MAC address, a destination MAC address and a message direction, the other parts except the general field are data fields, specifically, the message direction of the message 1 is from the client to the server, the source MAC address is XXXX-XXXX, the destination MAC address is yyyyyyyy-yyyyyy, the source IP address is a.a.a.a, the destination IP address is b.b.b, the source port number is aaaa, the destination port number is bbb, the rest parts except the general field are data fields, address bits of the data fields in the protocol message are determined according to actual conditions, the content of the data fields is ASK (here is an example, determined according to specific conditions); the message direction of the message 2 is from the server to the client, the source MAC address is YYYY-yyy-YYYY, the destination MAC address is XXXX-XXXX, the source IP address is b.b.b.b, the destination IP address is a.a.a.a.a.a, the source port number is bbbb, the destination port number is aaaa, the other parts except the general field are data fields, and the content of the data fields is ANW (which is exemplified here and determined specifically according to the specific situation).
Figure 870168DEST_PATH_IMAGE002
TABLE 2
The embodiment of the present application provides a possible implementation manner, where an extension field and a data field are determined from a protocol packet, and then the method further includes:
and defining the data field to obtain the defined data field, adding the defined data field to the expansion field to update the expansion field, and updating the position relation of the quadruple information of the protocol message in the protocol message and the corresponding relation of the expansion field in the protocol message in a protocol knowledge base.
The definition of the data field in the embodiment of the application is determined based on the location information of the data field in the protocol packet, the field offset and the regular matching result of the protocol packet may be determined based on the location information of the data field in the protocol packet, and the data field of the protocol packet may be defined based on the field offset and the regular matching result of the data field, or of course, the data field may also be defined in combination with the specific content of the data field.
It should be emphasized that, in the embodiment of the present application, defining a data field is not to define the data field of a protocol packet when receiving a protocol packet, but to define a data portion of the protocol packet received within a preset time period, and if the number of protocol packets with the same quadruple information received within the preset time period is greater than the number of preset protocol packets, the data field may be defined by analyzing and comparing characteristics (field offset, regular matching result) of location information of the data fields of the several protocol packets and characteristics of data field content; if the number of protocol messages with the same quadruple information received in a preset time period is less than the preset number of protocol messages, the definition of the data field can be defined based on the setting of research personnel on the data field.
Specifically, for example, 4 protocol packets with the same quadruple information are received within a period of time, the quadruple information is as follows: the source IP address 192.168.2.1, the destination IP address 192.168.255.36, the source port number 6300, and the destination port number 9600, the addresses of the data fields of the 4 protocol messages are all 1-11 bytes, and the contents are respectively: 1827xxxxxxx, 1825xxxxxxx, 1832xxxxxxx and 1596xxxxxxx, it can be determined that the addresses of the data fields of the four protocol messages are all 1-11 bytes, and after the regular matching, it can be determined that the data fields are determined by 11-bit numbers and conform to the phone number naming rule, so that the data fields with 1-11 bytes of the address can be defined, the name of the data field is defined as telephone, and the data fields of the address satisfy the field content consisting of 11 digits and conform to the phone number naming rule (for example, the first 3 bits are area code, etc.).
After the data field is defined, the defined data field is obtained, and the data field can be controlled by defining the data field, for example, for a protocol message with the same quadruple information, if the content of the data field of a certain message does not conform to the characteristics of the defined data field, the content of the data field is not allowed to pass through a gatekeeper.
The data field defined by the embodiment of the application is a known field, and the defined data field is added into the expansion field, so that the expansion field is updated, the position relationship of the quadruple information of the protocol message in the protocol message and the corresponding relationship of the expansion field in the protocol message are updated in the protocol knowledge base, and when the quadruple information is searched next time, the expansion field in the quadruple information is the most complete expansion field information updated after the last search.
An embodiment of the present application provides a possible implementation manner, as shown in fig. 5, which exemplarily shows a flow diagram for creating a correspondence between quadruple information of a protocol packet and an extended field in a protocol repository and location information of the protocol packet, where data in the protocol packet except for a general field is used as an initial data field, and then the method further includes:
step S501, defining the data field to obtain a defined data field, and determining the defined data field as an expansion field.
In this embodiment of the present application, if the quadruple information of the protocol packet is not stored in the protocol knowledge base, it indicates that the protocol packet is an unknown protocol packet, a field offset or a regular matching result of the protocol packet is determined based on the location information of the data field in the protocol packet, and a data field portion of the protocol packet is defined based on the field offset or the regular matching result of the data field, for example, for packet 1 of unknown protocol X, the content of 1-20 bytes of the data field is: judy _ first, data field 1-20 bytes can be defined as user name field, and the content of data field 21-40 is: mzx092, the data field 21-40 bytes may be defined as the password field.
Step S502, a corresponding relation between the position information of the four-tuple information of the protocol message in the protocol message and the position information of the expansion field in the protocol message is established in a protocol database.
In the embodiment of the application, after the data field of the unknown protocol is defined, the defined data field is obtained, the defined data field is an expansion field, and is a known field, so that the gateway can quickly identify the protocol message when identifying the protocol message next time, and a corresponding relation between position information of quadruple information of the protocol message in the protocol message and position information of the expansion field needs to be created in a protocol knowledge base, so that when identifying the protocol message again, the expansion field of the protocol message can be directly determined.
As shown in table 3, the example shows the corresponding relationship between the position information of the quadruple information of the packet of the unknown protocol X stored in the protocol repository in the protocol packet and the position information of the extension field in the protocol packet (the unknown protocol is a known protocol after being stored in the protocol repository), and the protocol type of the protocol packet is stored in the protocol repository: protocol X, message direction: client > server, id is: 01, the source MAC address is YYYYY-YYYY-YYYY, the destination MAC address is XXXXXX-XXXX, the source IP address is B.B.B.B, the destination IP address is A.A.A.A, the source port number is bbbb, and the destination port number is aaaa.
Figure 796536DEST_PATH_IMAGE003
TABLE 3
By customizing the data field, the embodiment of the application enables the gatekeeper to control the data field in a fine granularity mode, and the safety of data ferry is enhanced.
The embodiment of the present application provides a possible implementation manner, and after determining an extension field and a data field in a protocol message according to a search result, the implementation manner further includes:
and if the switching to the second processing mode is determined, transmitting the extension field and the data field to a receiving end.
The second processing mode in the embodiment of the present application refers to a situation that the gatekeeper does not open the network isolation mode, and the gatekeeper allows all the extension fields and the data fields to pass through in the second processing mode, that is, when the gatekeeper does not open the network isolation mode, all the extension fields and the data fields can pass through, and one end of the gatekeeper can ferry all the fields to the other end.
The data channel in the embodiment of the application further includes a second data channel, the second data channel is established without starting a network isolation mode, all the fields are ferried to the other end of the gatekeeper through the second data channel, so that the clients and the servers on two sides of the gatekeeper can perform conversation, after all the fields are ferried to the other end of the gatekeeper, the extension fields and the data fields are encapsulated again according to the quadruple information of the protocol message to obtain a new protocol message, and the new protocol message is sent to the receiving end.
As shown in fig. 6, which exemplarily shows a flowchart of protocol packet forwarding, the whole process is as follows:
step S601, the gateway receives a protocol message sent by a sending end; step S602, extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; step S603, searching the quadruple information in a pre-established protocol knowledge base, and determining an expansion field and a data field of the protocol message according to a search result; step S604, judging whether to switch to a first processing mode (network isolation mode); step S605, if yes, acquiring a pre-configured strategy for at least one field of the general field, the expansion field and the data field in the protocol message; step S606, judging whether the strategies corresponding to the general field, the expansion field and the data field are positioned in a white list or not; step S607, if yes, the strategy is determined to be an executable target strategy, and the field corresponding to the target strategy in the protocol message is sent to the other end according to the quadruple information; step S607 ', if not, then directly discarding the field, step S605', if not (i.e. not switching to the network isolation mode, i.e. the second processing mode), then directly sending the data field and the expansion field to the other end; step S608, based on the quadruple information, performing message encapsulation on the data field and the expansion field sent to the other end, and sending the protocol message obtained after encapsulation to a receiving end; step S604', defining data fields of the protocol message to obtain defined data fields, adding the defined data fields into a protocol knowledge base to update the protocol knowledge base (if quadruple information of the protocol message is stored in the protocol knowledge base, adding the defined data fields into an expansion field, updating the position relation of the quadruple information of the protocol message in the protocol message and the corresponding relation of the expansion field in the protocol message in the protocol knowledge base; if the quadruple information of the protocol message is not stored in the protocol knowledge base, defining the data fields to obtain defined data fields, and determining the defined data fields as the expansion field to create the corresponding relation of the quadruple information of the protocol message in the protocol message and the position information of the expansion field in the protocol message in the protocol database); the detailed process of message forwarding is not described herein again, and is detailed in the foregoing specific forwarding process.
An embodiment of the present application provides a protocol packet forwarding apparatus 700, as shown in fig. 7, the apparatus may include:
a receiving module 710, configured to receive a protocol packet sent by a sending end;
a quadruplet information extraction module 720, configured to extract a general field of the protocol packet, where the general field includes quadruplet information of the protocol packet;
an expansion field and data field determining module 730, configured to search quadruple information in a pre-established protocol knowledge base, and determine an expansion field and a data field in a protocol message according to a search result;
a policy obtaining module 740, configured to obtain a preconfigured policy corresponding to at least one field of the general field, the extension field, and the data field in the protocol packet if it is determined to switch to the first processing mode;
and a sending module 750, configured to send a field corresponding to the target policy in the protocol message to the receiving end according to the quadruple information, with the executable policy as the target policy.
The embodiment of the present application provides a possible implementation manner, and the extended field and data field determining module further includes:
the position information determining submodule is used for acquiring the position information of an expansion field corresponding to the quadruple information in the protocol message and the position information of a data field in the protocol message in the protocol knowledge base if the quadruple information is searched;
and the extension field and data field submodule determines an extension field and a data field from the protocol message according to the position information.
The embodiment of the present application provides a possible implementation manner, and the module for determining the extension field and the data field further includes:
and the data field determining submodule is used for taking the data except the general field in the protocol message as the data field if the quadruple information is not searched.
The embodiment of the present application provides a possible implementation manner, where an extension field and a data field are determined from a protocol packet, and then the method further includes:
and the expansion field updating submodule is used for defining the data field to obtain the defined data field, adding the defined data field to the expansion field to update the expansion field, and updating the position relationship of the quadruple information in the protocol message and the corresponding relationship between the position relationships of the expansion field in the protocol message in the protocol knowledge base.
The embodiment of the present application provides a possible implementation manner, taking data except for a general field in a protocol message as a data field, and then further including:
the extension field determining submodule is used for defining the data field to obtain a defined data field and determining the defined data field as an extension field;
and the corresponding relation creating submodule is used for creating the corresponding relation between the position information of the four-tuple information in the protocol message and the position information of the expansion field in the protocol message in the protocol database.
The embodiment of the present application provides a possible implementation manner, determining an extension field and a data field in a protocol message according to a search result, and then further including:
and the second sending module is used for sending the expansion field and the data field to the receiving end if the switching to the second processing mode is determined.
The protocol packet forwarding apparatus provided in the embodiment of the present invention specifically executes the process of the foregoing method embodiment, and please refer to the contents of the foregoing protocol packet forwarding method embodiment in detail, which is not described herein again. The protocol message forwarding device provided by the embodiment of the invention receives the protocol message sent by the sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
An embodiment of the present application provides an electronic device, including: a memory and a processor; at least one program stored in the memory for execution by the processor, which when executed by the processor, implements: receiving a protocol message sent by a sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
In an alternative embodiment, an electronic device is provided, as shown in fig. 8, the electronic device 4000 shown in fig. 8 comprising: a processor 4001 and a memory 4003. Processor 4001 is coupled to memory 4003, such as via bus 4002. Optionally, the electronic device 4000 may further comprise a transceiver 4004. In addition, the transceiver 4004 is not limited to one in practical applications, and the structure of the electronic device 4000 is not limited to the embodiment of the present application.
The Processor 4001 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (field programmable Gate Array) or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 4001 may also be a combination that performs a computational function, including, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Bus 4002 may include a path that carries information between the aforementioned components. The bus 4002 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 4002 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 8, but this is not intended to represent only one bus or type of bus.
The Memory 4003 may be a ROM (Read Only Memory) or other types of static storage devices that can store static information and instructions, a RAM (Random Access Memory) or other types of dynamic storage devices that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
The memory 4003 is used for storing application codes for executing the scheme of the present application, and the execution is controlled by the processor 4001. Processor 4001 is configured to execute application code stored in memory 4003 to implement what is shown in the foregoing method embodiments.
The embodiment of the application provides a switch, and the switch can realize the content shown in the embodiment. Compared with the prior art, the method comprises the steps of receiving a protocol message sent by a sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
The embodiment of the present application provides a router, which can implement the content shown in the above embodiment. Compared with the prior art, the method comprises the steps of receiving a protocol message sent by a sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
The embodiment of the application provides a server, which comprises a memory and a processor, wherein the memory is used for storing computer programs, and the processor is used for realizing the contents shown in the embodiment. Compared with the prior art, the method comprises the steps of receiving a protocol message sent by a sending end; extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message; searching quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in a protocol message according to a search result; if the switching to the first processing mode is determined, acquiring a pre-configured strategy corresponding to at least one field of a general field, an extended field and a data field in the protocol message; the executable strategy is used as a target strategy, and the field corresponding to the target strategy in the protocol message is sent to the receiving end according to the quadruple information.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (11)

1. A message forwarding method is characterized by comprising the following steps:
receiving a protocol message sent by a sending end;
extracting a general field of the protocol message, wherein the general field comprises quadruple information of the protocol message;
searching the quadruplet information in a pre-established protocol knowledge base, and determining an expansion field and a data field in the protocol message according to a search result;
if the protocol message is determined to be switched to the first processing mode, acquiring a pre-configured strategy for at least one field of a general field, an extended field and a data field in the protocol message;
taking the executable strategy as a target strategy, and sending a field corresponding to the target strategy in the protocol message to a receiving end according to the quadruple information;
the first processing mode is a network isolation mode;
the taking the executable policy as a target policy includes:
setting a policy for at least one of the general field, the extension field, and the data field in the protocol message;
placing the general field, the expansion field and the strategy corresponding to the data field in a white list or a black list according to a preset rule;
and if the strategy corresponding to the field is positioned in the white list, determining that the strategy corresponding to the field is an executable strategy, and determining that the executable strategy is a target strategy.
2. The message forwarding method according to claim 1, wherein the determining an extension field and a data field in the protocol message according to the search result comprises:
if the quadruple information is searched, acquiring the position information of an expansion field corresponding to the quadruple information in the protocol message and the position information of a data field in the protocol message in the protocol knowledge base;
and determining the expansion field and the data field from the protocol message according to the position information.
3. The message forwarding method according to claim 1, wherein the determining an extension field and a data field in the protocol message according to the search result comprises:
and if the quadruple information is not searched, determining the data except the general field in the protocol message as a data field.
4. The message forwarding method according to claim 2, wherein the determining the extension field and the data field from the protocol message further comprises:
defining the data field to obtain a defined data field, adding the defined data field to the extension field to update the extension field, and updating the corresponding relationship between the position relationship of the quadruple information in the protocol message and the position relationship of the extension field in the protocol message in the protocol knowledge base.
5. The message forwarding method according to claim 3, wherein the step of using the data in the protocol message except the general field as a data field further comprises:
defining the data field to obtain a defined data field, and determining the defined data field as an expansion field;
and creating a corresponding relation between the position information of the four-tuple information in the protocol message and the position information of the expansion field in the protocol message in the protocol database.
6. The message forwarding method according to claim 1, wherein the determining an extension field and a data field in the protocol message according to the search result further comprises:
and if the switching to the second processing mode is determined, the extension field and the data field are sent to the receiving end.
7. A message forwarding apparatus, comprising:
the receiving module is used for receiving the protocol message sent by the sending end;
the quadruplet information extraction module is used for extracting a general field of the protocol message, wherein the general field comprises quadruplet information of the protocol message;
the expansion field and data field determining module is used for searching the quadruplet information in a pre-established protocol knowledge base and determining an expansion field and a data field in the protocol message according to a search result;
the strategy acquisition module is used for acquiring a preconfigured strategy corresponding to at least one field of a general field, an expansion field and a data field in the protocol message if the protocol message is determined to be switched to the first processing mode;
the sending module is used for sending the field corresponding to the target strategy in the protocol message to a receiving end according to the quadruple information by taking the executable strategy as the target strategy;
the first processing mode is a network isolation mode;
the taking the executable policy as a target policy includes:
setting a policy for at least one of the general field, the extension field, and the data field in the protocol message;
placing the general field, the expansion field and the strategy corresponding to the data field in a white list or a black list according to a preset rule;
and if the strategy corresponding to the field is positioned in the white list, determining that the strategy corresponding to the field is an executable strategy, and determining that the executable strategy is a target strategy.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the message forwarding method according to any one of claims 1 to 6 are implemented when the program is executed by the processor.
9. The electronic device of claim 8, wherein the electronic device is a switch.
10. The electronic device of claim 8, wherein the electronic device is a router.
11. A server, comprising:
a memory for storing a computer program;
processor for performing the steps of the message forwarding method according to any of claims 1-6.
CN202110673814.1A 2021-06-17 2021-06-17 Message forwarding method and device, switch, router and server Active CN113132419B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110673814.1A CN113132419B (en) 2021-06-17 2021-06-17 Message forwarding method and device, switch, router and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110673814.1A CN113132419B (en) 2021-06-17 2021-06-17 Message forwarding method and device, switch, router and server

Publications (2)

Publication Number Publication Date
CN113132419A CN113132419A (en) 2021-07-16
CN113132419B true CN113132419B (en) 2021-09-24

Family

ID=76783199

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110673814.1A Active CN113132419B (en) 2021-06-17 2021-06-17 Message forwarding method and device, switch, router and server

Country Status (1)

Country Link
CN (1) CN113132419B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113965386B (en) * 2021-10-25 2023-11-03 绿盟科技集团股份有限公司 Industrial control protocol message processing method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944915A (en) * 2014-04-29 2014-07-23 浙江大学 Threat detection and defense device, system and method for industrial control system
CN111277612A (en) * 2020-05-08 2020-06-12 常州楠菲微电子有限公司 Network message processing strategy generation method, system and medium
CN112565044A (en) * 2019-09-10 2021-03-26 华为技术有限公司 Message processing method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7664098B2 (en) * 2003-11-18 2010-02-16 Glowpoint, Inc. Systems and methods for gathering usage detail information for packet-based networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103944915A (en) * 2014-04-29 2014-07-23 浙江大学 Threat detection and defense device, system and method for industrial control system
CN112565044A (en) * 2019-09-10 2021-03-26 华为技术有限公司 Message processing method and device
CN111277612A (en) * 2020-05-08 2020-06-12 常州楠菲微电子有限公司 Network message processing strategy generation method, system and medium

Also Published As

Publication number Publication date
CN113132419A (en) 2021-07-16

Similar Documents

Publication Publication Date Title
US10158568B2 (en) Method and apparatus for service function forwarding in a service domain
US8584226B2 (en) Method and apparatus for geographically regulating inbound and outbound network communications
US7159109B2 (en) Method and apparatus to manage address translation for secure connections
JP4906504B2 (en) Intelligent integrated network security device
EP2057552B1 (en) System and method for distributed multi-processing security gateway
US8301771B2 (en) Methods, systems, and computer program products for transmission control of sensitive application-layer data
US6704866B1 (en) Compression and encryption protocol for controlling data flow in a network
EP2779588A2 (en) Methods and apparatus for hostname selective routing in dual-stack hosts
JP2009510815A (en) Method and system for reassembling packets before search
EP2768200B1 (en) Receiving data packets
US20080101222A1 (en) Lightweight, Time/Space Efficient Packet Filtering
US10826725B1 (en) System for scaling network address translation (NAT) and firewall functions
CN113132419B (en) Message forwarding method and device, switch, router and server
CN111049947B (en) Message forwarding method and device, electronic equipment and storage medium
EP1950917A1 (en) Methods for peer-to-peer application message identifying and operating realization and their corresponding devices
US20040076121A1 (en) Method for an internet communication
Uroz et al. Characterization and evaluation of IoT protocols for data exfiltration
CN114422160B (en) Virtual firewall setting method and device, electronic equipment and storage medium
CN116055586B (en) Fragment message matching method, router and storage medium
CN109547281B (en) Tor network tracing method
US20160112488A1 (en) Providing Information of Data Streams
CN116939035A (en) Data processing method, device, electronic equipment and storage medium
KR100562390B1 (en) Network Data Flow Identification Method and System Using Host Routing and IP Aliasing Technique
EP3253004B1 (en) Communication control device, communication control method, and communication control program
US11949593B2 (en) Stateless address translation at an autonomous system (AS) boundary for host privacy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant