CN114006956A - Message data analysis method, device and equipment - Google Patents
Message data analysis method, device and equipment Download PDFInfo
- Publication number
- CN114006956A CN114006956A CN202111273061.1A CN202111273061A CN114006956A CN 114006956 A CN114006956 A CN 114006956A CN 202111273061 A CN202111273061 A CN 202111273061A CN 114006956 A CN114006956 A CN 114006956A
- Authority
- CN
- China
- Prior art keywords
- offset
- data
- message data
- address
- query
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000007405 data analysis Methods 0.000 title claims abstract description 21
- 238000004458 analytical method Methods 0.000 claims abstract description 43
- 238000012986 modification Methods 0.000 claims abstract description 13
- 230000004048 modification Effects 0.000 claims abstract description 13
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 14
- 238000012545 processing Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The disclosure relates to a message data parsing method, a message data parsing device, a message data parsing apparatus, an electronic device and a computer readable medium. The method comprises the following steps: identifying a first-layer protocol type of message data; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; and when the key field data meet a preset strategy, analyzing the message data based on the preset strategy to generate an analysis result. The message data analysis method, the message data analysis device, the message data analysis equipment, the electronic equipment and the computer readable medium can update the offset data query table and the protocol type data query table in real time, thereby realizing dynamic configuration of message analysis types, needing no modification of codes to rewrite programs and accelerating update iteration speed of products.
Description
Technical Field
The present disclosure relates to the field of computer information processing, and in particular, to a method, an apparatus, a device, an electronic device, and a computer-readable medium for parsing message data.
Background
A message is a data unit exchanged and transmitted in a network, i.e. a data block to be sent by a station at one time. These data blocks begin with some meta information in the form of text describing the content and meaning of the message, followed by an optional data portion. The message contains complete data information to be sent, and the message is very inconsistent in length, unlimited in length and variable. The message is organized based on a protocol defined by file transmission, and the message analysis means that file data in a specific format is analyzed into a desired result for convenient processing.
With the development of network communication technology and the emergence of new services such as 5G mobile internet, big data center, automatic driving and the like, the network communication equipment needs to update and iterate products according to the requirement of rapidly adapting to the new services, and a new message analysis scheme derived by flexibly using the characteristics of the FPGA.
The traditional analysis method has to determine all message type ranges capable of being analyzed, write logic codes according to the types needing to be analyzed, modify the codes and rewrite an FPGA program when a new message type is updated, and then test related functions.
Therefore, a new message data parsing method, device, equipment, electronic equipment and computer readable medium are needed.
The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosure and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present disclosure provides a message data parsing method, device, apparatus, electronic device, and computer readable medium, which can update an offset memory data lookup table and a protocol type memory data lookup table in real time, thereby implementing dynamic configuration of message parsing types, without modifying codes to rewrite an FPGA program, and accelerating product update iteration speed.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, a method for parsing message data is provided, where the method includes: identifying a first-layer protocol type of message data; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; and when the key field data meet a preset strategy, analyzing the message data based on the preset strategy to generate an analysis result.
In an exemplary embodiment of the present disclosure, further comprising: when the key field data do not meet a preset strategy, determining a lower layer protocol type based on the key field data; determining a lower layer offset inquiry address and a last layer protocol inquiry address based on the lower layer protocol type; and analyzing the message data based on the lower layer offset query address and the last layer protocol query address to generate an analysis result.
In an exemplary embodiment of the present disclosure, further comprising: storing a plurality of offset lookup addresses based on an offset memory; the protocol type-based querier stores a plurality of protocol query addresses.
In an exemplary embodiment of the present disclosure, includes: and modifying the plurality of offset inquiry addresses and the plurality of protocol inquiry addresses in real time according to the data modification instruction.
In an exemplary embodiment of the present disclosure, determining a top layer offset lookup address and a lower layer protocol lookup address based on the top layer protocol type includes: determining the first-layer offset inquiry address based on the data length information of the first-layer protocol type; and determining the lower-layer protocol inquiry address based on the data length information of the first-layer protocol type.
In an exemplary embodiment of the present disclosure, extracting the key field data of the packet data based on the first layer offset query address and the lower layer protocol query address includes: determining offset data based on the first-tier offset look-up address; determining a protocol type based on the lower layer protocol query address; and analyzing the message data based on the offset data and the protocol type to extract the key field data.
In an exemplary embodiment of the present disclosure, parsing the packet data based on the offset data and the protocol type to extract the key field data includes: offsetting the message data based on the offset data; and analyzing the message data after the offset according to the protocol type to extract the key field data.
In an exemplary embodiment of the present disclosure, when the key field data meets a preset policy, parsing the packet data based on the preset policy to generate a parsing result includes: and when the key field data is a TCP (transmission control protocol), analyzing the message data according to the TCP to generate an analysis result.
According to an aspect of the present disclosure, a message data parsing apparatus is provided, the apparatus including: the identification module is used for identifying the type of a first-layer protocol of the message data; the address module is used for determining a first-layer offset inquiry address and a lower-layer protocol inquiry address based on the first-layer protocol type; the data module is used for extracting the key field data of the message data based on the first-layer offset query address and the lower-layer protocol query address; and the analysis module is used for analyzing the message data based on a preset strategy to generate an analysis result when the key field data meets the preset strategy.
In an exemplary embodiment of the present disclosure, includes: and the instruction module is used for modifying the plurality of offset inquiry addresses and the plurality of protocol inquiry addresses in real time according to the data modification instruction.
According to an aspect of the present disclosure, a message data parsing device is provided, where the device includes: the message data analysis device is used for identifying the first layer protocol type of the message data; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; when the key field data meet a preset strategy, analyzing the message data based on the preset strategy to generate an analysis result; the offset memory is used for storing a plurality of offset query addresses so as to facilitate the message data analysis device to query; and the protocol type memory is used for storing a plurality of protocol query addresses so as to facilitate the message data analysis device to query.
According to an aspect of the present disclosure, an electronic device is provided, the electronic device including: one or more processors; storage means for storing one or more programs; when executed by one or more processors, cause the one or more processors to implement a method as above.
According to an aspect of the disclosure, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, carries out the method as above.
According to the message data analysis method, device, equipment, electronic equipment and computer readable medium disclosed by the invention, the type of a first-layer protocol of the message data is identified; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; when the key field data meet a preset strategy, the offset memory data query table and the protocol type memory data query table can be updated in real time in a mode of analyzing the message data based on the preset strategy to generate an analysis result, so that the dynamic configuration of the message analysis type is realized, codes do not need to be modified to rewrite an FPGA program, and the update iteration speed of products is accelerated.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely some embodiments of the present disclosure, and other drawings may be derived from those drawings by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic diagram of a message parsing method according to the prior art.
Fig. 2 is a flowchart illustrating a message data parsing method according to an example embodiment.
Fig. 3 is a flowchart illustrating a message data parsing method according to another exemplary embodiment.
Fig. 4 is a schematic diagram illustrating a message data parsing method according to another exemplary embodiment.
Fig. 5 is a schematic diagram illustrating a message data parsing method according to another exemplary embodiment.
Fig. 6 is a schematic diagram illustrating a message data parsing method according to another exemplary embodiment.
Fig. 7 is a block diagram illustrating a message data parsing apparatus according to an example embodiment.
Fig. 8 is a block diagram illustrating a message data parsing apparatus according to another example embodiment.
FIG. 9 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 10 is a block diagram illustrating a computer-readable medium in accordance with an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, apparatus, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the disclosed concept. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It is to be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present disclosure and are, therefore, not intended to limit the scope of the present disclosure.
The technical abbreviations are explained as follows:
FPGA: field Programmable Gate Array.
IPv 4: internet Protocol version 4 fourth edition of Internet Protocol.
IHL: internet Header Length IP Header Length, IPv4 Header Length information data.
TCP: the Transmission Control Protocol is a connection-oriented, reliable transport layer communication Protocol based on byte stream.
Fig. 1 is a schematic diagram of a message parsing method according to the prior art. As shown in fig. 1, the invention disclosed herein finds that, in the conventional packet parsing method, the protocol layer is identified as Ethernet according to the received protocol layer 1 data, then the next protocol layer is obtained as IPv4 according to the type information of the Ethernet layer, and the offset 1 of the protocol layer 1 is determined, so as to extract the IPv4 layer data, and then the next protocol layer is obtained as TCP according to the IPv4 layer data, and the offset 2 of the protocol layer 2 is determined, so that parsing of all protocol layers is completed layer by layer.
The traditional analysis method has to determine all message type ranges capable of being analyzed, write logic codes according to the types needing to be analyzed, modify the codes and rewrite an FPGA program when a new message type is updated, and then test related functions.
In view of the technical bottleneck in the prior art, in the message data analysis method, the device and the equipment, the memory is used for respectively storing the header offset and the protocol type which need to be inquired in the message analysis process, the memory is connected through the communication bus of the external processor, the offset value and the lower layer protocol type are modified in real time, the message analysis method is dynamically configured, and a code does not need to be modified to rewrite a program.
The present disclosure is described in detail below with reference to specific examples.
Fig. 2 is a flowchart illustrating a message data parsing method according to an example embodiment. The message data parsing method 20 at least includes steps S202 to S208.
As shown in fig. 2, in S202, the type of the first layer protocol of the message data is identified. The message data is obtained and identified according to the prior art, and the type of the first-layer protocol identified by the message data can be any type of data protocol in the prior art.
In S204, a top layer offset query address and a lower layer protocol query address are determined based on the top layer protocol type. The first layer offset lookup address may be determined based on data length information of the first layer protocol type; the lower layer protocol query address may also be determined based on data length information of the top layer protocol type.
In S206, the key field data of the packet data is extracted based on the first layer offset query address and the lower layer protocol query address. Determining offset data based on the first-tier offset look-up address; determining a protocol type based on the lower layer protocol query address; and analyzing the message data based on the offset data and the protocol type to extract the key field data.
In one embodiment, further comprising: storing a plurality of offset lookup addresses based on an offset memory; the protocol type-based querier stores a plurality of protocol query addresses.
More specifically, the offset memory stores a plurality of offset lookup addresses and corresponding relations of offsets through an offset lookup table, and the offset data is queried in the offset lookup table according to the first-layer offset lookup address.
More specifically, the protocol type querier stores the corresponding relation between a plurality of protocol query addresses and protocol types through a protocol query address table. And inquiring the protocol type in a protocol inquiry address table according to the lower protocol inquiry address.
In one embodiment, further comprising: and modifying the plurality of offset inquiry addresses and the plurality of protocol inquiry addresses in real time according to the data modification instruction. The protocol query address table and the offset query table can be reserved with vacant positions and can be modified in real time, and the corresponding relation between the offset query address and the offset and the corresponding relation between the protocol query address and the protocol type can be modified in real time according to the data modification instruction.
Analyzing the message data based on the offset data and the protocol type to extract the key field data, including: offsetting the message data based on the offset data; and analyzing the message data after the offset according to the protocol type to extract the key field data.
In S208, when the key field data meets a preset policy, the message data is analyzed based on the preset policy to generate an analysis result. And when the key field data is a TCP (transmission control protocol), analyzing the message data according to the TCP to generate an analysis result.
In one embodiment, further comprising: when the key field data do not meet a preset strategy, determining a lower layer protocol type based on the key field data; determining a lower layer offset inquiry address and a last layer protocol inquiry address based on the lower layer protocol type; and extracting key field data of the message data based on the lower layer offset query address and the last layer protocol query address, and analyzing the message data to generate an analysis result when the key field data is a TCP (transmission control protocol). And when the key field data is not the TCP protocol, extracting the lower-layer protocol address again to extract the key field data and analyzing.
According to the message data analysis method disclosed by the invention, the first-layer protocol type of the message data is identified; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; when the key field data meet a preset strategy, the offset memory data query table and the protocol type memory data query table can be updated in real time in a mode of analyzing the message data based on the preset strategy to generate an analysis result, so that the dynamic configuration of the message analysis type is realized, codes do not need to be modified to rewrite an FPGA program, and the update iteration speed of products is accelerated.
It should be clearly understood that this disclosure describes how to make and use particular examples, but the principles of this disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating a message data parsing method according to another exemplary embodiment. The process 30 shown in fig. 3 is a detailed description of the process shown in fig. 2.
As shown in fig. 3, in S302, message data is received.
In S304, a header protocol type is identified.
In S306, an offset lookup address is determined.
In S308, the lower layer protocol query address is determined.
In S310, the key field data is extracted.
In S312, whether the result is a preset parsing result.
In S314, the analysis result is output.
In S316, the lower layer data is parsed.
After receiving new message data, recognizing a first-layer protocol type, calculating an offset query address of the layer according to length information of the first-layer protocol data, outputting the offset query address to an offset memory, outputting an offset corresponding to the query address by the offset memory, calculating a lower-layer protocol query address according to lower-layer protocol data information, outputting the lower-layer protocol query address to a protocol type memory, outputting a protocol type corresponding to the query address by the protocol type memory, extracting key field data according to a current protocol type, judging whether the analysis is finished according to the received lower-layer protocol type, outputting a current analysis result if the analysis is finished, receiving new packet data, and skipping to a lower-layer protocol according to the received offset to continue the analysis if the analysis is not finished.
Fig. 4 is a schematic diagram illustrating a message data parsing method according to another exemplary embodiment. In a specific embodiment, as shown in fig. 5, the first layer protocol is identified as Ethernet, an offset lookup address 1 is generated and output to the offset lookup memory, and the return value is fixed 14, as shown in fig. 6, the protocol lookup address 1 is obtained according to the type information of the Ethernet layer and output to the protocol type lookup memory, and the return value is 2(IPv4 protocol).
The message data can be shifted by 14 bytes and then continue to be analyzed by the IPv4 layer data. And calculating an offset query address 2 according to the IHL information of the IPv4 layer, outputting the offset query address to an offset query memory, wherein the return value is 20, obtaining a Protocol query address 2 according to the Protocol information of the IPv4 layer, outputting the Protocol query address to a Protocol type query memory, and the return value is 4(TCP Protocol).
The message data can be shifted by 20 bytes and then the data of the TCP layer can be analyzed continuously. And generating analysis ending mark information when the current protocol layer is identified to be TCP, and receiving new packet data by the message analysis device after an analysis result is output.
And selecting and extracting key data of each layer according to actual project requirements in the analysis process.
More specifically, according to the message data parsing method disclosed by the present disclosure, the offset memory data lookup table and the protocol type memory data lookup table preset default data according to the type of the message to be parsed, and can be updated in real time through a processor (CPU, etc.), the type of the message to be parsed is increased, and the FPGA program does not need to be rewritten, thereby implementing a dynamic configuration function.
The message data analysis method disclosed by the invention can update the data query table of the offset memory and the data query table of the protocol type memory in real time through the external processor, thereby realizing the dynamic configuration of the message analysis types. And in the process of analyzing the message, an offset memory and a protocol type memory are used for realizing query allocation of the offset and the protocol type.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When executed by the CPU, performs the functions defined by the above-described methods provided by the present disclosure. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods. For details not disclosed in the embodiments of the apparatus of the present disclosure, refer to the embodiments of the method of the present disclosure.
Fig. 7 is a block diagram illustrating a message data parsing apparatus according to an example embodiment. As shown in fig. 7, the message data analysis device 70 includes: the identification module 702, the address module 704, the data module 706, and the parsing module 708, and the message data parsing apparatus 70 may further include: an instruction module 710.
The identifying module 702 is configured to identify a first layer protocol type of the message data;
the address module 704 is configured to determine a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type;
the data module 706 is configured to extract the key field data of the packet data based on the first layer offset query address and the lower layer protocol query address;
the parsing module 708 is configured to parse the packet data based on a preset policy to generate a parsing result when the key field data meets the preset policy.
The instruction module 710 is configured to modify the plurality of offset query addresses and the plurality of protocol query addresses in real time according to a data modification instruction.
The message data analysis device disclosed by the invention can be used for inquiring and allocating the offset and the protocol type by using the offset memory and the protocol type memory in the process of analyzing the message, and the data query table of the offset memory and the data query table of the protocol type memory can be updated in real time through the external processor, so that the dynamic configuration of the message analysis type is realized, codes do not need to be modified, an FPGA program is not required to be rewritten, and the update iteration speed of a product is accelerated.
Fig. 8 is a block diagram illustrating a message data parsing apparatus according to another example embodiment. As shown in fig. 8, the message data parsing device 80 includes: the message data parsing device 802, the offset memory 804, the protocol type memory 806, and the message data parsing apparatus 80 may further include: a processor 808.
The message data analysis device 802 is configured to identify a first layer protocol type of the message data; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; when the key field data meet a preset strategy, analyzing the message data based on the preset strategy to generate an analysis result; the specific internal module of the message data parsing apparatus 802 may be configured as the internal module of the message data parsing apparatus 70.
More specifically, the message data parsing apparatus 802 may be configured to identify a first layer protocol type of the message data, calculate an offset query address, calculate a lower layer protocol query address, extract key field data, and receive data matching switch information sent by the processor.
The offset memory 804 is used for storing a plurality of offset query addresses so that the message data analysis device can query the offset query addresses;
more specifically, offset memory 804 may be configured to output a corresponding offset based on a received query address, receiving a processor data modification instruction.
The protocol type memory 806 is used to store a plurality of protocol query addresses for the message data parsing apparatus to query.
More specifically, the protocol type memory 806 may be configured to output a corresponding protocol type, receiving a processor data modification instruction, based on the received query address.
The processor 808 is configured to modify the plurality of offset query addresses and the plurality of protocol query addresses in real time according to the data modification instruction.
According to the message data analysis equipment disclosed by the invention, the type of a first-layer protocol of the message data is identified; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; when the key field data meet a preset strategy, the offset memory data query table and the protocol type memory data query table can be updated in real time in a mode of analyzing the message data based on the preset strategy to generate an analysis result, so that the dynamic configuration of the message analysis type is realized, codes do not need to be modified to rewrite an FPGA program, and the update iteration speed of products is accelerated.
FIG. 9 is a block diagram illustrating an electronic device in accordance with an example embodiment.
An electronic device 900 according to this embodiment of the disclosure is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is only an example and should not bring any limitations to the functionality or scope of use of the embodiments of the present disclosure.
As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: at least one processing unit 910, at least one storage unit 920, a bus 930 connecting different system components (including the storage unit 920 and the processing unit 910), a display unit 940, and the like.
Wherein the storage unit stores program code that can be executed by the processing unit 910 such that the processing unit 910 performs the steps according to various exemplary embodiments of the present disclosure described in this specification. For example, the processing unit 910 may perform the steps shown in fig. 2 and fig. 3.
The storage unit 920 may include a readable medium in the form of a volatile storage unit, such as a random access memory unit (RAM)9201 and/or a cache memory unit 9202, and may further include a read only memory unit (ROM) 9203.
The memory unit 920 may also include a program/utility 9204 having a set (at least one) of program modules 9205, such program modules 9205 including but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 900 may also communicate with one or more external devices 900' (e.g., keyboard, pointing device, bluetooth device, etc.), such that a user can communicate with devices with which the electronic device 900 interacts, and/or any device (e.g., router, modem, etc.) with which the electronic device 900 can communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interface 950. Also, the electronic device 900 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via the network adapter 960. The network adapter 960 may communicate with other modules of the electronic device 900 via the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 900, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, as shown in fig. 10, the technical solution according to the embodiment of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiment of the present disclosure.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions of: identifying a first-layer protocol type of message data; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; and when the key field data meet a preset strategy, analyzing the message data based on the preset strategy to generate an analysis result. The computer readable medium may also implement the following functions: and modifying the plurality of offset inquiry addresses and the plurality of protocol inquiry addresses in real time according to the data modification instruction.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Exemplary embodiments of the present disclosure are specifically illustrated and described above. It is to be understood that the present disclosure is not limited to the precise arrangements, instrumentalities, or instrumentalities described herein; on the contrary, the disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (11)
1. A message data analysis method is characterized by comprising the following steps:
identifying a first-layer protocol type of message data;
determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type;
extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address;
and when the key field data meet a preset strategy, analyzing the message data based on the preset strategy to generate an analysis result.
2. The method of claim 1, further comprising:
when the key field data do not meet a preset strategy, determining a lower layer protocol type based on the key field data;
determining a lower layer offset inquiry address and a last layer protocol inquiry address based on the lower layer protocol type;
and analyzing the message data based on the lower layer offset query address and the last layer protocol query address to generate an analysis result.
3. The method of claim 2, further comprising:
storing a plurality of offset lookup addresses based on an offset memory;
the protocol type-based querier stores a plurality of protocol query addresses.
4. The method of claim 3, further comprising:
and modifying the plurality of offset inquiry addresses and the plurality of protocol inquiry addresses in real time according to the data modification instruction.
5. The method of claim 1, wherein determining a top layer offset lookup address and a lower layer protocol lookup address based on the top layer protocol type comprises:
determining the first-layer offset inquiry address based on the data length information of the first-layer protocol type;
and determining the lower-layer protocol inquiry address based on the data length information of the first-layer protocol type.
6. The method of claim 1, wherein extracting the key field data of the message data based on the top layer offset lookup address and the lower layer protocol lookup address comprises:
determining offset data based on the first-tier offset look-up address;
determining a protocol type based on the lower layer protocol query address;
and analyzing the message data based on the offset data and the protocol type to extract the key field data.
7. The method of claim 6, wherein parsing the packet data based on the offset data and the protocol type to extract the key field data comprises:
offsetting the message data based on the offset data;
and analyzing the message data after the offset according to the protocol type to extract the key field data.
8. The method of claim 1, wherein when the key field data meets a preset policy, parsing the packet data based on the preset policy to generate a parsing result comprises:
and when the key field data is a TCP (transmission control protocol), analyzing the message data according to the TCP to generate an analysis result.
9. A message data parsing apparatus, comprising:
the identification module is used for identifying the type of a first-layer protocol of the message data;
the address module is used for determining a first-layer offset inquiry address and a lower-layer protocol inquiry address based on the first-layer protocol type;
the data module is used for extracting the key field data of the message data based on the first-layer offset query address and the lower-layer protocol query address;
and the analysis module is used for analyzing the message data based on a preset strategy to generate an analysis result when the key field data meets the preset strategy.
10. The apparatus of claim 9, further comprising:
and the instruction module is used for modifying the plurality of offset inquiry addresses and the plurality of protocol inquiry addresses in real time according to the data modification instruction.
11. A message data parsing device, comprising:
the message data analysis device is used for identifying the first layer protocol type of the message data; determining a first-layer offset query address and a lower-layer protocol query address based on the first-layer protocol type; extracting key field data of the message data based on the first layer offset query address and the lower layer protocol query address; when the key field data meet a preset strategy, analyzing the message data based on the preset strategy to generate an analysis result;
the offset memory is used for storing a plurality of offset query addresses so as to facilitate the message data analysis device to query;
and the protocol type memory is used for storing a plurality of protocol query addresses so as to facilitate the message data analysis device to query.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111273061.1A CN114006956A (en) | 2021-10-29 | 2021-10-29 | Message data analysis method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111273061.1A CN114006956A (en) | 2021-10-29 | 2021-10-29 | Message data analysis method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114006956A true CN114006956A (en) | 2022-02-01 |
Family
ID=79925207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111273061.1A Pending CN114006956A (en) | 2021-10-29 | 2021-10-29 | Message data analysis method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006956A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150481A (en) * | 2022-09-02 | 2022-10-04 | 浙江工企信息技术股份有限公司 | Unknown communication protocol equipment-oriented code point address detection method and system |
| CN115767144A (en) * | 2022-10-26 | 2023-03-07 | 杭州迪普科技股份有限公司 | Target video uploading object determining method and device |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1585379A (en) * | 2004-05-25 | 2005-02-23 | 华中科技大学 | Rapid analyzing method for data pack |
| US20070058633A1 (en) * | 2005-09-13 | 2007-03-15 | Agere Systems Inc. | Configurable network connection address forming hardware |
| KR20070061315A (en) * | 2005-12-08 | 2007-06-13 | 한국전자통신연구원 | Method of providing qos using address system and address resolution protocol |
| CN103561130A (en) * | 2013-11-06 | 2014-02-05 | 北京神州绿盟信息安全科技股份有限公司 | Network address translation device and method suitable for multiple application layer protocols |
| US20160070758A1 (en) * | 2014-09-05 | 2016-03-10 | Medidata Solutions, Inc. | System and Method for Multi-Tiered, Rule-Based Data Sharing and Ontology Mapping |
| CN110381054A (en) * | 2019-07-16 | 2019-10-25 | 广东省新一代通信与网络创新研究院 | Message parsing method, device, equipment and computer readable storage medium |
| CN111030998A (en) * | 2019-11-15 | 2020-04-17 | 中国人民解放军战略支援部队信息工程大学 | Configurable protocol analysis method and system |
| US20200287996A1 (en) * | 2019-03-06 | 2020-09-10 | Parsons Corporation | Multi-tiered packet processing |
| CN111935081A (en) * | 2020-06-24 | 2020-11-13 | 武汉绿色网络信息服务有限责任公司 | Data packet desensitization method and device |
| CN112929281A (en) * | 2021-02-04 | 2021-06-08 | 恒安嘉新(北京)科技股份公司 | Message processing method, device and equipment of network equipment based on FPGA |
-
2021
- 2021-10-29 CN CN202111273061.1A patent/CN114006956A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1585379A (en) * | 2004-05-25 | 2005-02-23 | 华中科技大学 | Rapid analyzing method for data pack |
| US20070058633A1 (en) * | 2005-09-13 | 2007-03-15 | Agere Systems Inc. | Configurable network connection address forming hardware |
| KR20070061315A (en) * | 2005-12-08 | 2007-06-13 | 한국전자통신연구원 | Method of providing qos using address system and address resolution protocol |
| CN103561130A (en) * | 2013-11-06 | 2014-02-05 | 北京神州绿盟信息安全科技股份有限公司 | Network address translation device and method suitable for multiple application layer protocols |
| US20160070758A1 (en) * | 2014-09-05 | 2016-03-10 | Medidata Solutions, Inc. | System and Method for Multi-Tiered, Rule-Based Data Sharing and Ontology Mapping |
| US20200287996A1 (en) * | 2019-03-06 | 2020-09-10 | Parsons Corporation | Multi-tiered packet processing |
| CN110381054A (en) * | 2019-07-16 | 2019-10-25 | 广东省新一代通信与网络创新研究院 | Message parsing method, device, equipment and computer readable storage medium |
| CN111030998A (en) * | 2019-11-15 | 2020-04-17 | 中国人民解放军战略支援部队信息工程大学 | Configurable protocol analysis method and system |
| CN111935081A (en) * | 2020-06-24 | 2020-11-13 | 武汉绿色网络信息服务有限责任公司 | Data packet desensitization method and device |
| CN112929281A (en) * | 2021-02-04 | 2021-06-08 | 恒安嘉新(北京)科技股份公司 | Message processing method, device and equipment of network equipment based on FPGA |
Non-Patent Citations (4)
| Title |
|---|
| Q. WEN AND Y. HE: "An Efficient SENT Signal Parsing Method", 2020 INFORMATION COMMUNICATION TECHNOLOGIES CONFERENCE (ICTC), 23 June 2020 (2020-06-23), pages 250 - 254 * |
| 尖枫508: "使用wireshark抓网络报文(抓包)并分析其中数据", Retrieved from the Internet <URL:https://blog.csdn.net/LINZAI508/article/details/111039825> * |
| 罗毅;吴产乐;熊伟成;: "一种基于自解析报文协议的系统分层方法", 计算机工程, 20 February 2012 (2012-02-20), pages 79 - 81 * |
| 苗力心;刘勤让;汪欣;: "基于FPGA的软件定义协议无关解析器", 网络与信息安全学报, no. 01, 27 December 2019 (2019-12-27), pages 70 - 76 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150481A (en) * | 2022-09-02 | 2022-10-04 | 浙江工企信息技术股份有限公司 | Unknown communication protocol equipment-oriented code point address detection method and system |
| CN115150481B (en) * | 2022-09-02 | 2022-11-25 | 浙江工企信息技术股份有限公司 | Unknown communication protocol equipment-oriented code point address detection method and system |
| CN115767144A (en) * | 2022-10-26 | 2023-03-07 | 杭州迪普科技股份有限公司 | Target video uploading object determining method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7496497B2 (en) | Method and system for selecting web site home page by extracting site language cookie stored in an access device to identify directional information item | |
| CN114006956A (en) | Message data analysis method, device and equipment | |
| CN108040040A (en) | A kind of automation analysis method and device of application protocol message | |
| CN111817960B (en) | Message forwarding method and device of flow control equipment | |
| US7856415B2 (en) | System and method for mapping events into a data structure | |
| CN114285781B (en) | SRV6 service flow statistics method, device, electronic equipment and medium | |
| CN115242896B (en) | Dynamic message parsing method and device, electronic equipment and computer readable storage medium | |
| CN112905933A (en) | Page jump method and device, electronic equipment and storage medium | |
| CN110795181A (en) | Application program interface display method and device based on skip protocol and electronic equipment | |
| CN110888862A (en) | Data storage method, data query method, data storage device, data query device, server and storage medium | |
| CN112883031A (en) | Industrial control asset information acquisition method and device | |
| CN108153803A (en) | A kind of data capture method, device and electronic equipment | |
| CN114338498B (en) | SRv 6-based message processing method, SRv-based message processing system, electronic equipment and medium | |
| CN115712422A (en) | Form page generation method and device, computer equipment and storage medium | |
| CN111680288A (en) | Command execution method, device and equipment for container and storage medium | |
| CN114422164B (en) | Five-tuple table entry issuing device and method | |
| CN116032614A (en) | Container network micro-isolation method, device, equipment and medium | |
| CN112866294B (en) | Multi-protocol adaptation method, device and readable storage medium | |
| CN114124883A (en) | Data access method and device based on cloud storage address, computer equipment and medium | |
| CN113179317A (en) | Test system and method for content rewriting device | |
| CN113569929A (en) | Internet service providing method and device based on small sample expansion and electronic equipment | |
| CN110351350A (en) | Client request processing method, system and electronic equipment based on multiserver docking | |
| CN114363257B (en) | Five-tuple matching method and device for tunnel message | |
| US20080148293A1 (en) | Configurable event broker | |
| CN114650271B (en) | Global load DNS neighbor site learning method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |