CN114285805A - QUIC message filtering method, system, equipment and medium - Google Patents
QUIC message filtering method, system, equipment and medium Download PDFInfo
- Publication number
- CN114285805A CN114285805A CN202111623272.3A CN202111623272A CN114285805A CN 114285805 A CN114285805 A CN 114285805A CN 202111623272 A CN202111623272 A CN 202111623272A CN 114285805 A CN114285805 A CN 114285805A
- Authority
- CN
- China
- Prior art keywords
- quic
- message
- data
- quintuple information
- list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a QUIC message filtering method, a system, equipment and a medium, wherein the QUIC message filtering method comprises the following steps: acquiring QUIC message data; acquiring a handshake message, and extracting first quintuple information of the handshake message and application of the corresponding handshake message; establishing a QUIC message list based on second quintuple information of the QUIC message data; using the QUIC message with consistent second quintuple information in the QUIC message list as a QUIC data flow; matching the second quintuple information and the first quintuple information of the QUIC data stream, and if the matching is successful, taking the application of the corresponding handshake message as the application of the QUIC data stream; and outputting the QUIC data stream according to the application and the second quintuple information. The invention realizes the filtering and identification of the QUIC message and promotes the adjustment and upgrading of network construction by acquiring the QUIC message data and matching the QUIC data stream with the handshake message based on the QUIC transmission protocol and the IPv6 message characteristics.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a QUIC message filtering method, a system, equipment and a medium.
Background
QUIC is a new UDP-based communication protocol proposed by Google, and aims to reduce the delay of network communication and provide better user interaction experience. Especially more and more online streaming applications are beginning to use the QUIC/UDP transport mode for better user experience. However, since the QUIC protocol is applied for a short time, its characteristics are not thoroughly studied, and data transmitted using the QUIC protocol for encryption cannot be recognized. This causes trouble for the operation and maintenance personnel to know the daily behavior and activity of the user in the network.
Disclosure of Invention
In view of this, the first aspect of the present invention provides a method for filtering a QUIC packet, including: acquiring QUIC message data; acquiring a handshake message, and extracting first quintuple information of the handshake message and application of the corresponding handshake message; establishing a QUIC message list based on second quintuple information of the QUIC message data; using the QUIC message with consistent second quintuple information in the QUIC message list as a QUIC data flow; matching the second quintuple information and the first quintuple information of the QUIC data stream, and if the matching is successful, taking the application of the corresponding handshake message as the application of the QUIC data stream; and outputting the QUIC data stream according to the application and the second quintuple information.
In an embodiment of the present invention, the acquiring the QUIC message data includes: extracting data in IPv6Netflow flow by adopting an HTTPS protocol in an application layer and a UDP protocol in a transmission layer; and filtering non-zero data in the data to obtain QUIC message data.
In an embodiment of the present invention, extracting data in an IPv6Netflow traffic port by using an HTTPS protocol in an application layer and using a UDP protocol in a transport layer includes: the port of the HTTPS protocol is 443, the protocol number of the UDP protocol is 17, and data with the port 443 and the protocol number 17 in IPv6Netflow traffic is extracted.
In an embodiment of the present invention, the establishing the QUIC message list based on the second quintuple information of the QUIC message data includes: traversing the QUIC message data and acquiring second quintuple information of all the QUIC message data; and generating a QUIC data flow list according to the second quintuple information.
In an embodiment of the present invention, the using, as the QUIC data flow, the QUIC packet in which the second quintuple information in the QUIC packet list is consistent includes: traversing second quintuple information of the QUIC message list by using the data flow pointer, and writing the QUIC message with consistent second quintuple information into the QUIC data flow list as a QUIC data flow.
In an embodiment of the present invention, traversing the second quintuple information of the QUIC message list using the data flow pointer, and writing the QUIC message consistent with the second quintuple information into the QUIC data flow list as the QUIC data flow includes: acquiring second quintuple information of the QUIC message by adopting a data flow pointer; comparing whether the QUIC data flow list contains second quintuple information of the QUIC message, and if not, adding the second quintuple information of the QUIC message to the QUIC data flow list; and moving the data flow pointer, and repeating the steps to enable the data flow pointer to traverse the QUIC message list to obtain the QUIC data flow list.
A second aspect of the present invention provides a quac message filtering system, comprising: the acquisition module is used for acquiring QUIC message data; the acquisition module is used for acquiring the handshake message and extracting the first quintuple information of the handshake message and the application of the corresponding handshake message; the message list module is used for establishing a QUIC message list based on second quintuple information of the QUIC message data; the data flow module is used for taking the QUIC message with consistent second quintuple information in the QUIC message list as a QUIC data flow; the matching module is used for matching the second quintuple information and the first quintuple information of the QUIC data stream, and if the matching is successful, the application of the corresponding handshake message is used as the application of the QUIC data stream; and the output module is used for outputting the QUIC data stream according to the application and the second quintuple information.
A third aspect of the present invention provides an electronic device comprising: one or more processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the QUIC message filtering method described above.
The fourth aspect of the present invention also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described QUIC message filtering method.
The fifth aspect of the present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the QUIC message filtering method described above.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following description of embodiments of the invention, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a QUIC message filtering method, system, device, medium, and program product according to embodiments of the present invention;
FIG. 2 is a flow diagram that schematically illustrates a QUIC message filtering methodology, in accordance with an embodiment of the present invention;
FIG. 3 schematically illustrates a flow diagram of a QUIC data flow list building method according to an embodiment of the present invention;
FIG. 4 is a block diagram schematically illustrating the structure of a QUIC message filtering system according to an embodiment of the present invention; and
fig. 5 schematically shows a block diagram of an electronic device adapted to implement the QUIC message filtering method according to an embodiment of the present invention.
Detailed Description
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. It is to be understood that such description is merely illustrative and not intended to limit the scope of the present invention. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the invention. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the invention provides a QUIC message filtering method, which is applied to the field of data transmission in the Internet technology, is a method provided aiming at the difficulty that data transmitted by QUIC protocol encryption cannot be identified, and popularizes the research on the application and the characteristics of a QUIC protocol.
FIG. 1 schematically illustrates a diagram of application scenarios for a QUIC message filtering method, system, device, medium, and program product according to embodiments of the present invention.
As shown in fig. 1, an application scenario 100 according to this embodiment may include that a terminal device 101 connects to a server 103 through a network 102, and performs filtering identification on data transmitted by the terminal device by using a QUIC message filtering method provided by the server 103, so as to complete its forwarding application, thereby implementing interaction between the terminal device 101 and other terminal devices. Network 102 is the medium used to provide communication links between terminal devices 101 and server 103. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user can use the terminal device 101 to interact with the server 103 through the network 102, so as to utilize the server to identify the forwarded data and forward the data according to the application route of the data, and achieve the interaction between the terminal devices 101. The terminal device 101 may be installed with various communication client applications for transmitting data containing various information at various terminal devices.
The terminal device 101 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 103 may be a server providing at least a QUIC message filtering method, for example, filtering and identifying data transmitted by the user using the terminal device 101 to complete its forwarding application, so as to realize interaction between the terminal device 101 and other terminal devices. The background management server may analyze and otherwise process the received data such as the user interaction, and feed back the processed filtering recognition result to the terminal device 101 and other terminal devices.
It should be noted that the QUIC message filtering method provided by the embodiment of the present invention may be generally executed by the server 103. Accordingly, the QUIC message filtering apparatus provided by the embodiment of the present invention may be generally disposed in the server 103. The QUIC message filtering method provided by the embodiment of the invention can also be executed by a server or a server cluster which is different from the server 103 and can communicate with the terminal equipment 101 and/or the server 103. Correspondingly, the QUIC message filtering apparatus provided in the embodiment of the present invention may also be disposed in a server or a server cluster different from the server 103 and capable of communicating with the terminal device 101 and/or the server 103.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The detailed description of the QUIC message filtering method according to the embodiment of the present invention will be described below with reference to fig. 2 to 3 based on the scenario described in fig. 1.
FIG. 2 is a flow chart that schematically illustrates a QUIC message filtering method, in accordance with an embodiment of the present invention.
As shown in fig. 2, the QUIC message filtering method of this embodiment includes operations S201 to S206.
In operation S201, QUIC message data is collected.
In operation S202, a handshake message is acquired, and the first quintuple information of the handshake message and the application of the corresponding handshake message are extracted.
In operation S203, establishing a QUIC message list based on second quintuple information of the QUIC message data;
in operation S204, the QUIC packet in the QUIC packet list with the second quintuple information consistent is used as the QUIC data stream.
In operation S205, the second quintuple information of the QUIC data stream is matched with the first quintuple information, and if the matching is successful, the application of the corresponding handshake packet is used as the application of the QUIC data stream.
In operation S206, the QUIC data stream is output according to the application, the second quintuple information.
The QUIC message filtering method provided by the invention is a method for filtering and processing messages based on a QUIC protocol, so as to achieve the purpose of identifying the QUIC message and solve the difficulty that the existing QUIC message can not be identified. QUIC (quick UDP Internet connection) is a UDP-based low-latency Internet transport layer protocol developed by Google. The TCP/IP suite of protocols is the foundation of the internet. Wherein the transport layer protocols include TCP and UDP protocols. UDP is more lightweight than TCP, but error checking is much less. This means that UDP tends to be more efficient (not always communicating with the server side to see if packets are delivered or in order), but less reliable than TCP. The QUIC well solves various requirements faced by the current transmission layer and application layer, including more connection processing, security and low delay, and is more suitable for long-distance transmission, mobile phone network, more requested page resources, more concurrent connections, encrypted transmission requirement and the like.
In an embodiment of the present invention, step S201 includes: extracting data in IPv6Netflow flow by adopting an HTTPS protocol in an application layer and a UDP protocol in a transmission layer; and filtering non-zero data in the data to obtain QUIC message data. Here, the port of the HTTPS protocol is 443, the protocol number of the UDP protocol is 17, and data with the port 443 and the protocol number 17 in IPv6Netflow traffic is extracted. The NetFlow is a network monitoring function module, which can collect the number and information of IP packets entering and leaving a network interface, and is applied to products such as routers and switches. IPv6 is an abbreviation of "Internet Protocol Version 6" (Internet Protocol Version 6) in english, and is a next-generation IP Protocol designed by the Internet Engineering Task Force (IETF) to replace IPv4, wherein the address length of IPv6 is 128 bits, which is 4 times the address length of IPv 4. The overall structure of the QUIC message data extracted based on IPv6 is divided into IPv6 header, extended header and upper layer protocol data 3 part. Port 443 is a Web browsing port, primarily used for HTTPS services, which provides encryption and transport services through a secure port. The method is more suitable for some situations with high requirements on safety, such as banks, securities, shopping and the like, and uses HTTPS service.
In another embodiment of the present invention, step S203 includes: traversing the QUIC message data and acquiring second quintuple information of all the QUIC message data; and generating a QUIC data flow list according to the second quintuple information. Referring to fig. 3, screening the QUIC messages with the consistent second quintuple information in the QUIC message list as the QUIC data flow includes:
traversing second quintuple information of the QUIC message list by using the data flow pointer, and writing the QUIC message with consistent second quintuple information into the QUIC data flow list as a QUIC data flow. Specifically, the method includes steps S301 to S306 shown in fig. 3:
in step S301, the data flow pointer is used to obtain the second quintuple information of the QUIC message.
In step S302: and comparing whether the QUIC data flow list contains second quintuple information of the QUIC message.
In step S303, if not, the second quintuple information of the QUIC message is added to the QUIC data flow list.
In step S304, the data stream pointer is moved.
In step S305, the above steps are repeated to make the data flow pointer traverse the QUIC message list.
In step S306, a QUIC data stream list is obtained.
According to the invention, QUIC message data acquired by IPv6Netflow are matched and identified based on a QUIC transmission protocol and IPv6 message characteristics, identification information is output according to matched application if matching application is successful, otherwise data mismatching information is given, and further daily behavior and activity conditions of a user in a network are obtained to promote adjustment and upgrading of network construction.
Based on the QUIC message filtering method, the invention also provides a QUIC message filtering system. This system will be described in detail below in conjunction with fig. 4.
FIG. 4 is a block diagram schematically illustrating the structure of a QUIC message filtering system according to an embodiment of the present invention.
As shown in fig. 4, the QUIC message filtering system 400 of this embodiment includes an acquisition module 401, an acquisition module 402, a message list module 403, a data flow module 404, a matching module 405, and an output module 406.
And the acquisition module 401 is used for acquiring QUIC message data. In an embodiment, the acquisition module 401 may be configured to perform the operation S201 described above, which is not described herein again.
The obtaining module 402 is configured to obtain a handshake message, and extract first quintuple information of the handshake message and an application of the corresponding handshake message. In an embodiment, the obtaining module 402 may be configured to perform the operation S202 described above, which is not described herein again.
And a message list module 403, configured to establish a QUIC message list based on the second quintuple information of the QUIC message data. In an embodiment, the message list module 403 may be configured to perform the operation S203 described above, which is not described herein again.
And the data flow module 404 is configured to use the QUIC message in which the second quintuple information in the QUIC message list is consistent as the QUIC data flow. In an embodiment, the data flow module 404 may be configured to perform the operation S204 described above, which is not described herein again.
And the matching module 405 is configured to match the second quintuple information with the first quintuple information of the QUIC data stream, and if matching is successful, use the application of the corresponding handshake packet as the application of the QUIC data stream. In an embodiment, the matching module 405 may be configured to perform the operation S205 described above, which is not described herein again.
And an output module 406, configured to output the QUIC data stream according to the application and the second quintuple information. In an embodiment, the output module 406 may be configured to perform the operation S206 described above, and is not described herein again.
According to the embodiment of the present invention, any multiple modules of the acquisition module 401, the acquisition module 402, the message list module 403, the data stream module 404, the matching module 405, and the output module 406 may be combined into one module to be implemented, or any one module thereof may be split into multiple modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to the embodiment of the present invention, at least one of the acquisition module 401, the acquisition module 402, the message list module 403, the data flow module 404, the matching module 405, and the output module 406 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementation manners of software, hardware, and firmware, or implemented by a suitable combination of any several of them. Alternatively, at least one of the collecting module 401, the obtaining module 402, the message list module 403, the data flow module 404, the matching module 405 and the output module 406 may be at least partially implemented as a computer program module, which may perform a corresponding function when executed.
Fig. 5 schematically shows a block diagram of an electronic device adapted to implement the QUIC message filtering method according to an embodiment of the present invention.
As shown in fig. 5, an electronic device 500 according to an embodiment of the present invention includes a processor 501 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. The processor 501 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 501 may also include onboard memory for caching purposes. Processor 501 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present invention.
In the RAM503, various programs and data necessary for the operation of the electronic apparatus 500 are stored. The processor 501, the ROM 502, and the RAM503 are connected to each other by a bus 504. The processor 501 performs various operations of the method flow according to the embodiments of the present invention by executing programs in the ROM 502 and/or the RAM 503. Note that the programs may also be stored in one or more memories other than the ROM 502 and the RAM 503. The processor 501 may also perform various operations of method flows according to embodiments of the present invention by executing programs stored in the one or more memories.
According to an embodiment of the present invention, electronic device 500 may also include an input/output (I/O) interface 505, input/output (I/O) interface 505 also being connected to bus 504. The electronic device 500 may also include one or more of the following components connected to the I/O interface 505: an input portion 506 including a keyboard, a mouse, and the like; an output portion 507 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The driver 510 is also connected to the I/O interface 505 as necessary. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as necessary, so that a computer program read out therefrom is mounted into the storage section 508 as necessary.
The present invention also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the present invention.
According to embodiments of the present invention, the computer readable storage medium may be a non-volatile computer readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the invention, a computer-readable storage medium may include ROM 502 and/or RAM503 and/or one or more memories other than ROM 502 and RAM503 as described above.
Embodiments of the invention also include a computer program product comprising a computer program comprising program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the QUIC message filtering method provided by the embodiment of the invention.
Which when executed by the processor 501 performs the above-described functions defined in the system/apparatus of an embodiment of the invention. The above described systems, devices, modules, units, etc. may be implemented by computer program modules according to embodiments of the invention.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed in the form of a signal on a network medium, downloaded and installed through the communication section 509, and/or installed from the removable medium 511. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 509, and/or installed from the removable medium 511. The computer program, when executed by the processor 501, performs the above-described functions defined in the system of the embodiment of the present invention. The above described systems, devices, apparatuses, modules, units, etc. may be implemented by computer program modules according to embodiments of the present invention.
According to embodiments of the present invention, program code for executing a computer program provided by embodiments of the present invention may be written in any combination of one or more programming languages, and in particular, the computer program may be implemented using a high level procedural and/or object oriented programming language, and/or an assembly/machine language. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be appreciated by a person skilled in the art that various combinations and/or combinations of features described in the various embodiments and/or in the claims of the invention are possible, even if such combinations or combinations are not explicitly described in the invention. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present invention may be made without departing from the spirit or teaching of the invention. All such combinations and/or associations fall within the scope of the present invention.
The embodiments of the present invention have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the invention is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the invention, and these alternatives and modifications are intended to fall within the scope of the invention.
Claims (10)
1. A QUIC message filtering method comprises the following steps:
acquiring QUIC message data;
acquiring a handshake message, and extracting first quintuple information of the handshake message and application of the handshake message;
establishing a QUIC message list based on second quintuple information of the QUIC message data;
using the QUIC message with consistent second quintuple information in the QUIC message list as a QUIC data flow;
matching second quintuple information of the QUIC data stream with the first quintuple information, and if the matching is successful, taking the application of the corresponding handshake message as the application of the QUIC data stream;
and outputting the QUIC data stream according to the application and the second quintuple information.
2. The message filtering method of claim 1, wherein collecting QUIC message data comprises:
extracting data in IPv6Netflow flow by adopting an HTTPS protocol in an application layer and a UDP protocol in a transmission layer;
and filtering non-zero data in the data to obtain the QUIC message data.
3. The message filtering method according to claim 2, wherein the extracting data in the IPv6Netflow traffic port by using an HTTPS protocol in the application layer and using a UDP protocol in the transport layer comprises:
setting 443 to the port of the HTTPS protocol, 17 to the protocol number of the UDP protocol, and extracting 443 to the port and 17 to the protocol number in the IPv6Netflow traffic.
4. The message filtering method according to claim 1, wherein the building a QUIC message list based on the second quintuple information of the QUIC message data comprises:
traversing the QUIC message data to acquire second quintuple information of all the QUIC message data;
and generating the QUIC data flow list according to the second quintuple information.
5. The message filtering method according to claim 1, wherein the step of using the QUIC message in the QUIC message list, in which the second quintuple information is consistent, as a QUIC data flow comprises:
traversing the second quintuple information of the QUIC message list by using a data flow pointer, and writing the QUIC message consistent with the second quintuple information into a QUIC data flow list as a QUIC data flow.
6. The packet filtering method according to claim 5, wherein traversing the second quintuple information of the QUIC packet list using a flow pointer, and writing the QUIC packet in accordance with the second quintuple information as a QUIC flow into a QUIC flow list comprises:
acquiring the second quintuple information of the QUIC message by adopting the data flow pointer;
comparing whether the QUIC data flow list contains the second quintuple information of the QUIC message or not, and if not, adding the second quintuple information of the QUIC message to the QUIC data flow list;
and moving the data flow pointer, and repeating the steps to enable the data flow pointer to traverse the QUIC message list to obtain the QUIC data flow list.
7. A QUIC message filtering system comprising:
the acquisition module is used for acquiring QUIC message data;
the acquisition module is used for acquiring a handshake message and extracting first quintuple information of the handshake message and application of the corresponding handshake message;
the message list module is used for establishing a QUIC message list based on second quintuple information of the QUIC message data;
the data flow module is used for taking the QUIC message with the consistent second quintuple information in the QUIC message list as a QUIC data flow;
the matching module is used for matching second quintuple information of the QUIC data stream with the first quintuple information, and if the matching is successful, the application of the corresponding handshake message is used as the application of the QUIC data stream;
and the output module is used for outputting the QUIC data stream according to the application and the second quintuple information.
8. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-6.
9. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 6.
10. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111623272.3A CN114285805A (en) | 2021-12-28 | 2021-12-28 | QUIC message filtering method, system, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111623272.3A CN114285805A (en) | 2021-12-28 | 2021-12-28 | QUIC message filtering method, system, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114285805A true CN114285805A (en) | 2022-04-05 |
Family
ID=80876930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111623272.3A Pending CN114285805A (en) | 2021-12-28 | 2021-12-28 | QUIC message filtering method, system, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285805A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101909077A (en) * | 2010-07-09 | 2010-12-08 | 北京邮电大学 | Method and device for identifying peer-to-peer services and access network |
| CN110062255A (en) * | 2019-03-27 | 2019-07-26 | 东南大学 | A method of the YouTube DASH video of identification QUIC agreement encrypted transmission |
| CN110691007A (en) * | 2019-09-19 | 2020-01-14 | 东南大学 | Method for accurately measuring QUIC connection packet loss rate |
| CN113824642A (en) * | 2018-03-09 | 2021-12-21 | 华为技术有限公司 | Method for sending message, network equipment and computer readable storage medium |
-
2021
- 2021-12-28 CN CN202111623272.3A patent/CN114285805A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101909077A (en) * | 2010-07-09 | 2010-12-08 | 北京邮电大学 | Method and device for identifying peer-to-peer services and access network |
| CN113824642A (en) * | 2018-03-09 | 2021-12-21 | 华为技术有限公司 | Method for sending message, network equipment and computer readable storage medium |
| CN110062255A (en) * | 2019-03-27 | 2019-07-26 | 东南大学 | A method of the YouTube DASH video of identification QUIC agreement encrypted transmission |
| CN110691007A (en) * | 2019-09-19 | 2020-01-14 | 东南大学 | Method for accurately measuring QUIC connection packet loss rate |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20160371178A1 (en) | Method and system for testing cloud based applications in a production environment using fabricated user data | |
| CN111131320B (en) | Asset identification method, device, system and medium | |
| US20100050229A1 (en) | Validating network security policy compliance | |
| US9350825B2 (en) | Optimizing network communications | |
| US20150278523A1 (en) | Method and system for testing cloud based applications and services in a production environment using segregated backend systems | |
| CN110719215B (en) | Flow information acquisition method and device of virtual network | |
| CN111800423A (en) | Method, system, computing device and medium for processing IP address | |
| US9917747B2 (en) | Problem detection in a distributed digital network through distributed packet analysis | |
| CN113364804A (en) | Method and device for processing flow data | |
| RU2668394C2 (en) | Packet collection method and system, network device and network management centre | |
| US20130219021A1 (en) | Predictive caching for telecommunication towers using propagation of identification of items of high demand data at a geographic level | |
| CN113612800A (en) | Network attack processing method, device, system, device, medium and program product | |
| CN114285805A (en) | QUIC message filtering method, system, equipment and medium | |
| CN111181967A (en) | Data stream identification method and device, electronic equipment and medium | |
| CN111163102A (en) | Data processing method and device, network equipment and readable storage medium | |
| CN114143079B (en) | Verification device and method for packet filtering strategy | |
| US10291697B2 (en) | Decentralized discovery across different networks | |
| CN113014610B (en) | Remote access method, device and system | |
| CN113542431A (en) | Information processing method, information processing device, electronic equipment and storage medium | |
| CN115514670B (en) | Data capturing method, device, electronic equipment and storage medium | |
| CN114745144A (en) | Access control method and apparatus, electronic device, storage medium, and program | |
| CN115525362B (en) | Parameter changing method and device based on kernel parameter adjusting platform of operating system | |
| US11888823B2 (en) | Secured in-tunnel messages and access control | |
| CN113703880B (en) | Application program starting method and device, electronic equipment and readable storage medium | |
| CN112887213B (en) | Message cleaning method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |