CN114520790A - Message filtering method and device - Google Patents
Message filtering method and device Download PDFInfo
- Publication number
- CN114520790A CN114520790A CN202111566282.8A CN202111566282A CN114520790A CN 114520790 A CN114520790 A CN 114520790A CN 202111566282 A CN202111566282 A CN 202111566282A CN 114520790 A CN114520790 A CN 114520790A
- Authority
- CN
- China
- Prior art keywords
- destination
- flow
- filtering
- stored
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001914 filtration Methods 0.000 title claims abstract description 188
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000011664 signaling Effects 0.000 claims description 36
- 230000004044 response Effects 0.000 claims description 23
- 238000004458 analytical method Methods 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 3
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/32—Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
Abstract
The embodiment of the disclosure provides a method and a device for filtering a message, wherein the method for filtering the message comprises the following steps: responding to the received message as a data message, and analyzing the data message to obtain a source IP and a destination IP of the data message; matching the source IP and the destination IP of the data message with the source IP and the destination IP stored in a pre-established flow table; responding to a flow table matched with the stored source IP and the stored destination IP which are the same as the source IP and the destination IP of the data message, and reading a flow filtering strategy stored in the flow table; and filtering the data message according to the flow filtering strategy. Through the technical scheme of the embodiment of the disclosure, the problem that repeated matching needs to be carried out on the filtering device for multiple times due to the fact that each received data message needs to be matched with the association table and the flow filtering strategy table in the prior art is solved, and the matching efficiency is improved.
Description
Technical Field
The technical scheme of the disclosure relates to the technical field of internet, in particular to a method and a device for filtering messages.
Background
The 5G core network is composed of a plurality of network elements that are logically independent from each other, and is a generic term for a network that manages 5G user equipment and transmits service data of the user equipment. However, the data message that the user needs to obtain at a certain time is only a part of the data message generated by the 5G core network, and therefore, the data message that the user does not need needs to be filtered by using the relevant filtering device.
The existing method for filtering data messages is performed according to an association table and a flow filtering policy table, and after receiving each data message, a filtering device needs to match a destination IP and a tunnel endpoint identifier of the data message with a destination IP and a tunnel endpoint identifier stored in the association table according to the destination IP and the tunnel endpoint identifier of the data message, and then match with a flow characteristic in a pre-created flow filtering policy table according to signaling information in the matched association table. In practical application, a filtering device usually receives a plurality of messages with the same destination IP and tunnel endpoint identifier, the messages with the same destination IP and tunnel endpoint identifier are always matched to the same association table, the same signaling information is stored in the same association table, and the traffic filtering policy table matched according to the same signaling information is also the same, so that the filtering device needs to perform repeated matching for many times, and matching efficiency is affected.
Disclosure of Invention
In view of this, the present disclosure provides a method and an apparatus for filtering a packet.
Specifically, the embodiment of the present disclosure is implemented by the following technical solutions:
according to a first aspect of the present disclosure, a method for packet filtering is provided, where the method for packet filtering includes:
responding to the received message as a data message, and analyzing the data message to obtain a source IP and a destination IP of the data message;
matching the source IP and the destination IP of the data message with the source IP and the destination IP stored in a pre-established flow table;
responding to a flow table matched with the stored source IP and the stored destination IP which are the same as the source IP and the destination IP of the data message, and reading a flow filtering strategy stored in the flow table;
and filtering the data message according to the flow filtering strategy.
According to a second aspect of the present disclosure, an apparatus for message filtering is provided, where the apparatus for message filtering includes:
the analysis module is used for responding to the received message as a data message, and analyzing the data message to obtain a source IP and a destination IP of the data message;
the matching module is used for matching the source IP and the destination IP of the data message with the source IP and the destination IP stored in a pre-established flow table;
the reading module is used for responding to a flow table which is matched with the stored source IP and the stored destination IP and is the same as the source IP and the destination IP of the data message, and reading a flow filtering strategy stored in the flow table;
and the filtering module is used for carrying out filtering operation on the data message according to the flow filtering strategy.
According to a third aspect of the present disclosure, there is provided a computer readable storage medium storing machine readable instructions which, when invoked and executed by a processor, cause the processor to implement the method of message filtering of any of the embodiments of the present disclosure.
According to a fourth aspect of the present disclosure, there is provided an electronic device comprising a communication interface, a processor, a memory, and a bus, wherein the communication interface, the processor, and the memory are connected to each other through the bus; the memory stores machine readable instructions, and the processor executes the message filtering method of any embodiment of the disclosure by calling the machine readable instructions.
According to the message filtering method provided by the embodiment of the disclosure, after the filtering device receives the data message, the source IP and the destination IP of the data message are matched with the source IP and the destination IP stored in the flow table, and after the data message is successfully matched with the source IP and the destination IP, the flow filtering strategy stored in the flow table is read to perform corresponding operation on the data message, so that the problem that each received data message needs to be matched with the association table and the flow filtering strategy table repeatedly in the prior art is solved, and the matching efficiency is improved.
The embodiments of the present disclosure are described in further detail below with reference to the accompanying drawings and embodiments.
Drawings
In order to more clearly illustrate one or more embodiments of the present disclosure or technical solutions in related arts, reference will be made to the following briefly introduced drawings which are used in the description of the embodiments or related arts, and obviously, the drawings in the following description are only some embodiments described in one or more embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to the drawings without inventive exercise:
fig. 1 is a system architecture diagram of a shunt system provided in accordance with an exemplary embodiment of the present disclosure;
FIG. 2 is a flowchart of a method for message filtering provided in accordance with an exemplary embodiment of the present disclosure;
FIG. 3 is a flow chart of yet another method of message filtering provided in accordance with an exemplary embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a message filtering apparatus according to an exemplary embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a message filtering apparatus according to yet another exemplary embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the disclosure, as detailed in the appended claims.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The terminology used in the disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if," as used herein, may be interpreted as "at … …" or "when … …" or "in response to a determination," depending on the context.
The embodiment of the disclosure provides a message filtering method, which solves the problem that a filtering device needs to repeatedly match for many times because each received data message needs to be matched with an association table and a flow filtering policy table in the related art.
The method of the embodiments of the present disclosure is described in detail below with reference to the accompanying drawings.
Fig. 1 is a system architecture diagram of a offloading system according to an exemplary embodiment of the present disclosure, and as shown in fig. 1, the offloading system may include an SGSN (Serving GPRS Support Node) 11, a GGSN (Gateway GPRS Support Node) 12, an offloading device 13, a service system 14, a service system 15, a service system 16, an analysis system 17, an analysis system 18, and an analysis system 19.
The SGSN and the GGSN use messages for data communication, small black dots in fig. 1 indicate bypass light distribution points, the bypass light distribution points are used for copying messages communicated between the SGSN and the GGSN, and inputting the copied messages into the distribution equipment, so that normal data communication between the SGSN and the GGSN is not affected by distribution operations performed by the distribution equipment.
In practical applications, each business system corresponds to its analysis system. As shown in fig. 1, the business system 14 may correspond to the analysis system 17, the business system 15 may correspond to the analysis system 18, and the business system 16 may correspond to the analysis system 19. When a user issues a traffic characteristic through a service system, a corresponding output port is filled in the traffic characteristic, a server connected with the corresponding output port is an analysis system corresponding to the service system, and when signaling information in a message input into the shunting equipment hits the traffic characteristic, the shunting equipment can output the message to the corresponding analysis system through the output port carried in the traffic characteristic.
For example, when it is desired to view the internet access information of a certain user, the traffic characteristics and the traffic filtering policy may be issued by the service system 14: "the mobile phone number of the user is output to the port 20", where the port 20 is connected to the analysis system 17, and when the packet of the cell of the user enters the shunting device, the packet of the user hits the traffic feature, and then is forwarded to the corresponding analysis system 17 through the port 20 to perform subsequent data analysis.
Of course, other traffic characteristics and traffic filtering policies may also be issued through the service system 15 and the service system 16, and this example will not be described in detail here.
The present disclosure describes a process of splitting a packet input to the splitting device according to a traffic feature and a traffic filtering policy issued by one of the service systems, and in a scenario of splitting according to the traffic feature and the traffic filtering policy issued by one of the service systems, only a packet that hits the traffic feature needs to be output, and a traffic that does not hit the traffic feature needs to be discarded.
Fig. 2 is a flowchart of a method for filtering a packet according to an exemplary embodiment of the present disclosure. As shown in fig. 2, the exemplary embodiment method may include the following processes:
step S201, responding to the received message as a data message, analyzing the data message to obtain a source IP and a destination IP of the data message.
In this example, the messages received by the filtering device may be signaling messages or data messages, where the signaling messages include N1 messages, N2 messages, N4 messages, and N11 messages, where IP header protocol numbers of the N1 messages and the N2 messages are SCTP, a UDP default port number of the N4 message is 8805, a port number of the N11 message is 80, and a payload starting 24 byte is 505249202a20485454502f322e300 d0a0d0a534d 0a 0. Besides the messages with the above characteristics, the other messages received by the filtering device are data messages.
Step S202, matching the source IP and the destination IP of the data message with the source IP and the destination IP stored in a pre-established flow table.
In an optional example, the pre-created flow table uses hash values calculated according to the source IP and the destination IP of the flow table as storage addresses, so that the hash values may be calculated according to the source IP and the destination IP of the data packet, and the pre-created flow table is read by using the hash values as addresses, after reading, since different flow tables may calculate the same hash value according to different source IPs and destination IPs, the same hash value may correspond to multiple flow tables, and therefore, the source IP and the destination IP of the data packet may be further matched with the source IP and the destination IP stored in the read flow table, so as to obtain a flow table in which the stored source IP and the stored destination IP are the same as the source IP and the destination IP of the data packet.
By reading the flow table with the hash value calculated by the source IP and the destination IP of the data message as the storage address, the range of matching the source IP and the destination IP of the data message with the source IP and the destination IP of the pre-created flow table can be reduced, and the matching efficiency is improved.
Step S203, responding to the flow table matched with the stored source IP and the destination IP which are the same as the source IP and the destination IP of the data message, and reading the flow filtering strategy stored in the flow table.
The flow table stores a source IP, a destination IP and a flow filtering strategy, and the flow filtering strategy is used for indicating the operation which needs to be carried out next on the message with the source IP and the destination IP.
And step S204, filtering the data message according to the flow filtering strategy.
In an optional example, the traffic filtering policy may be output, and the filtering device performs an output operation on the data packet having the source IP and the destination IP.
In an optional example, the traffic filtering policy may be discarding, and the filtering device performs a discarding operation on the data packet having the source IP and the destination IP.
According to the message filtering method, after the filtering device receives the data message, the source IP and the destination IP of the data message are matched with the source IP and the destination IP stored in the flow table, and after the data message is successfully matched with the source IP and the destination IP, the flow filtering strategy stored in the flow table is read to perform corresponding operation on the data message, so that the problem that in the prior art, each received data message needs to be matched with the association table and the flow filtering strategy table, so that repeated matching of a filtering device needs to be performed for many times is solved, and the matching efficiency is improved.
Fig. 3 is a flowchart of another method for filtering a packet according to an exemplary embodiment of the present disclosure. In the description of the present embodiment, the same steps as those in any of the foregoing embodiments will be briefly described, and detailed descriptions thereof will be omitted, so that reference may be made to any of the foregoing embodiments. As shown in fig. 3, the embodiment method may include the following processes:
step S301, in response to the received first message being a data message, analyzing the first message to obtain a source IP, a destination IP and a tunnel endpoint identifier of the first message.
The message received before the flow table is created may be referred to as the first message.
The data packet may be divided into a TCP packet and a UDP packet, and both the TCP packet and the UDP packet carry the source IP, the destination IP, and the tunnel endpoint identifier.
Step S302, matching the source IP and the destination IP of the first message with the source IP and the destination IP stored in a pre-established flow table, and judging whether the flow table with the same source IP and destination IP can be matched.
If the stored source IP and the destination IP are matched with the flow tables of the first message, the step S307 is executed;
if not, go on to step S303.
Step S303, a flow table is created, and the source IP and the destination IP of the first packet are stored in the flow table.
For the TCP packet, based on three handshakes of the TCP protocol, the forward and reverse bidirectional packets may be constructed as the same flow table, and for the UDP packet, the UDP packet having the same source IP and destination IP may be constructed as the same flow table.
In an optional example, a hash value may be calculated according to the source IP and the destination IP of the first packet, a flow table may be created by using the hash value as an address, and then the source IP and the destination IP of the first packet may be stored in the flow table.
Step S304, matching the destination IP and the tunnel endpoint identification of the first message with the destination IP and the tunnel endpoint identification stored in a pre-established association table.
In the foregoing embodiment, the message received by the filtering device may be a data message or a signaling message. The signaling message is stored with signaling information, and when receiving the signaling message, the filtering device can perform signaling message parsing operation on the signaling message, and store the parsed signaling information contained in the signaling message, the destination IP of the signaling message, and the tunnel endpoint identifier in the association table.
The association table may also store the hash value calculated by the destination IP and the tunnel endpoint identifier stored in the association table as an address.
As in the foregoing embodiment, when the destination IP and the tunnel endpoint identifier stored in the pre-created association table are matched, a hash value may be calculated according to the destination IP and the tunnel endpoint identifier of the first packet, the pre-created association table is read with the hash value as an address, and then the destination IP and the tunnel endpoint identifier of the first packet are matched with the destination IP and the tunnel endpoint identifier stored in the read association table with the hash value as a storage address, so as to improve matching efficiency.
Step S305, responding to the correlation table matched with the stored destination IP and the tunnel endpoint identification which are the same as the destination IP and the tunnel endpoint identification of the first message, and matching the traffic characteristics in the pre-established traffic filtering policy table according to the signaling information stored in the correlation table.
The flow filtering policy table is set by a user according to the current stage requirement, and the user inputs the flow filtering policy table through a user interface of the filtering device. The flow filtering strategy table stores flow characteristics and flow filtering strategies.
The traffic characteristics refer to the same type of information as the signaling information stored in the association table described above. The traffic filtering policy refers to an operation that a user wants the filtering device to perform on the message with the traffic characteristics.
For example, the traffic characteristics may be a mobile phone number of a certain user, and the corresponding traffic filtering policy may be output. The corresponding meanings are: and when the filtering equipment receives a data message containing the information of the mobile phone number of the user, outputting the data message.
According to the above, after the stored association table in which the destination IP and the tunnel endpoint identifier are the same as the destination IP and the tunnel endpoint identifier of the first packet is matched, a hash value may be calculated according to the signaling information stored in the association table, the hash value is matched with the traffic filtering policy table created in advance, and then the specific signaling information stored in the association table is used to match with the traffic characteristics stored in the matched traffic filtering policy table.
In this example, by using the traffic characteristics in the traffic filtering policy table and the method for filtering the data packet by using the traffic characteristics and the traffic filtering policy, the data packet may be further filtered based on the traffic characteristics in the traffic filtering policy table on the basis of the existing method for filtering the data packet based on only the source IP and the destination IP, so that the filtering device filters the data packet more finely.
Step S306, in response to acquiring the matched flow filtering policy table, where the flow characteristics in the matched flow filtering policy table are at least a part of the signaling information stored in the corresponding association table, storing the flow filtering policy in the flow filtering policy table into the flow table.
In practical applications, there may be only one traffic feature input by the user into the traffic filtering policy table, and there may be multiple signaling information stored in the association table, but as long as the traffic feature in the traffic filtering policy table is at least a part of the signaling information stored in the corresponding association table, that is, as long as the signaling information stored in the association table contains the traffic feature in the traffic filtering policy table, the traffic filtering policy in the traffic filtering policy table is stored in the flow table.
In an alternative example, after storing the traffic filtering policy in the traffic filtering policy table into the flow table, a write flag may be written in the flow table.
When a data message is subsequently received and the flow table is matched according to the source IP and the destination IP of the data message, the write-in mark can be read first, and the data message is filtered in response to the read write-in mark, namely according to the read flow filtering strategy.
And when the write-in mark cannot be read, operating the data message according to the mode of firstly matching the association table and then matching the flow filtering policy table.
In this example, the method for writing the write flag into the flow table avoids that, in a specific implementation process, when a first data packet is still in a stage of matching a traffic filtering policy table, the filtering device receives a second data packet having a source IP and a destination IP that are the same as those of the first data packet, and the filtering device determines that the second data packet is "discarded" because an empty result is obtained when an operation of matching the flow table is performed according to the source IP and the destination IP of the second data packet.
Step S307, filtering the data message according to the flow filtering strategy in the flow table.
The method for filtering the packet in this embodiment only needs to perform an operation of matching the association table and the flow filtering policy table once for the data packet having the same source IP and the same destination IP, and only needs to perform an operation of matching the flow table for the subsequent packet, which is simple to operate. Moreover, because the association table needs to carry a large amount of signaling information, a large amount of time needs to be consumed in the matching process of the data message, the association table needs to be matched only once based on the flow table, the subsequent performance depends on the performance of the flow table, and because the flow characteristics stored in the flow table are less, the time needed in the process of matching the flow table is less, so the overall performance of the filtering device can be improved.
Fig. 4 is a schematic structural diagram of an apparatus for message filtering in an exemplary embodiment of the present disclosure, and as shown in fig. 4, the apparatus for message filtering may include:
the analysis module 41 is configured to, in response to a received packet being a data packet, analyze the data packet to obtain a source IP and a destination IP of the data packet;
a matching module 42, configured to match a source IP and a destination IP of the data packet with a source IP and a destination IP stored in a pre-created flow table;
a reading module 43, configured to read a traffic filtering policy stored in a flow table in response to the flow table matching the stored source IP and destination IP and being the same as the source IP and destination IP of the data packet;
and the filtering module 44 is configured to perform a filtering operation on the data packet according to the traffic filtering policy.
Optionally, when the filtering module 44 is configured to perform the filtering operation on the data packet according to the traffic filtering policy, the method specifically includes:
responding to the flow filtering strategy as output, and outputting the data message;
or, in response to the traffic filtering policy being discard, discarding the data packet.
Optionally, the filtering apparatus further includes as shown in fig. 5:
a first parsing module 51, configured to parse, in response to a received first packet being a data packet, the first packet to obtain a source IP, a destination IP, and a tunnel endpoint identifier of the first packet;
a creating module 52, configured to create a flow table, and store the source IP and the destination IP of the first packet in the flow table;
a first matching module 53, configured to match a destination IP and a tunnel endpoint identifier of the first packet with a destination IP and a tunnel endpoint identifier stored in a pre-created association table;
a second matching module 54, configured to, in response to a correlation table in which a stored destination IP and a stored tunnel endpoint identifier are the same as a destination IP and a tunnel endpoint identifier of the first packet, match a traffic feature in a pre-created traffic filtering policy table according to signaling information stored in the correlation table, where the traffic feature and the traffic filtering policy are stored in the traffic filtering policy table;
the storage module 55 is configured to, in response to acquiring the matched flow filtering policy table, and in response to that the flow characteristics in the matched flow filtering policy table are at least a part of the signaling information stored in the corresponding association table, store the flow filtering policy in the flow filtering policy table into the flow table.
Optionally, the creating module 52, when configured to create a flow table, specifically includes:
matching the source IP and the destination IP of the first message with the source IP and the destination IP stored in a pre-established flow table;
and creating a flow table in response to the fact that the flow table in which the source IP and the destination IP which are not matched and stored are the same as the source IP and the destination IP of the first message is not matched.
Optionally, after the reading module 43 is configured to respond to the flow table in which the stored source IP and destination IP are the same as the source IP and destination IP of the data packet, the reading and writing module 43 is further configured to: reading a write flag of the flow table;
optionally, when the filtering module 44 is configured to perform a filtering operation on the data packet according to the traffic filtering policy, the filtering module specifically includes:
in response to reading the write-in mark, filtering the data message according to the read flow filtering strategy;
the filtering module 44 is further configured to:
in response to that the write-in mark cannot be read, matching the destination IP and the tunnel endpoint identification of the data message with the destination IP and the tunnel endpoint identification stored in a pre-established association table;
responding to an association table in which the stored destination IP and tunnel endpoint identification are matched with the same destination IP and tunnel endpoint identification of the data message, and matching the traffic characteristics in a pre-established traffic filtering policy table according to the signaling information stored in the association table, wherein the traffic characteristics and the traffic filtering policy are stored in the traffic filtering policy table;
and in response to the fact that the matched flow filtering policy table is obtained, and the flow characteristics in the matched flow filtering policy table are at least one part of the signaling information stored in the corresponding association table, filtering the data message according to the flow filtering policy in the flow filtering policy table.
Optionally, the apparatus further comprises:
in response to the fact that the matched flow filtering policy table is obtained and the flow characteristics in the matched flow filtering policy table are at least one part of the signaling information stored in the corresponding association table, storing the flow filtering policy in the flow filtering policy table to the flow table;
and writes a write flag in the flow table.
The implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the technical solution of the present disclosure. One of ordinary skill in the art can understand and implement it without inventive effort.
Embodiments of the subject matter and the functional operations described in this specification can be implemented in: digital electronic circuitry, tangibly embodied computer software or firmware, computer hardware including the structures disclosed in this specification and their structural equivalents, or a combination of one or more of them. Embodiments of the subject matter described in this specification can be implemented as one or more computer programs, i.e., one or more modules of computer program instructions, encoded on a tangible, non-transitory program carrier for execution by, or to control the operation of, data processing apparatus. Alternatively or additionally, the program instructions may be encoded on an artificially generated propagated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode and transmit information to suitable receiver apparatus for execution by the data processing apparatus. The computer storage medium may be a machine-readable storage device, a machine-readable storage substrate, a random or serial access memory device, or a combination of one or more of them.
Computer-readable media suitable for storing computer program instructions and data include all forms of non-volatile memory, media and memory devices, including by way of example semiconductor memory devices (e.g., EPROM, EEPROM, and flash memory devices), magnetic disks (e.g., an internal hard disk or a removable disk), magneto-optical disks, and CD ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments.
While this specification contains many specific implementation details, these should not be construed as limitations on the scope of any invention or of what may be claimed, but rather as descriptions of features specific to particular embodiments of particular inventions. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. In other instances, features described in connection with one embodiment may be implemented as discrete components or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a subcombination or variation of a subcombination.
Thus, particular embodiments of the subject matter have been described. Other embodiments are within the scope of the following claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desirable results. Further, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some implementations, multitasking and parallel processing may be advantageous.
The above description is only exemplary of the present disclosure and should not be taken as limiting the disclosure, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (10)
1. A method for filtering a packet, the method comprising:
responding to the received message as a data message, and analyzing the data message to obtain a source IP and a destination IP of the data message;
matching the source IP and the destination IP of the data message with the source IP and the destination IP stored in a pre-established flow table;
responding to a flow table matched with the stored source IP and the stored destination IP which are the same as the source IP and the destination IP of the data message, and reading a flow filtering strategy stored in the flow table;
and filtering the data message according to the flow filtering strategy.
2. The method of claim 1, wherein the filtering the data packet according to the traffic filtering policy comprises:
responding to the flow filtering strategy as output, and outputting the data message;
or, in response to the traffic filtering policy being discard, discarding the data packet.
3. The method according to claim 1, wherein before the responding that the received packet is a data packet and analyzing the data packet to obtain a source IP and a destination IP of the data packet, the method further comprises:
responding to a received first message as a data message, and analyzing the first message to obtain a source IP, a destination IP and a tunnel endpoint identifier of the first message;
creating a flow table, and storing a source IP and a destination IP of the first message into the flow table;
matching the destination IP and the tunnel endpoint identification of the first message with the destination IP and the tunnel endpoint identification stored in a pre-established association table;
responding to an association table in which the stored destination IP and tunnel endpoint identification are matched with the same destination IP and tunnel endpoint identification of the first message, and matching the traffic characteristics in a pre-established traffic filtering policy table according to the signaling information stored in the association table, wherein the traffic characteristics and the traffic filtering policy are stored in the traffic filtering policy table;
and in response to the fact that the matched flow filtering policy table is obtained and the flow characteristics in the matched flow filtering policy table are at least one part of the signaling information stored in the corresponding association table, storing the flow filtering policy in the flow filtering policy table into the flow table.
4. The method of claim 3, wherein creating the flow table comprises:
matching the source IP and the destination IP of the first message with the source IP and the destination IP stored in a pre-established flow table;
and creating a flow table in response to the fact that the flow table in which the source IP and the destination IP which are not matched and stored are the same as the source IP and the destination IP of the first message is not matched.
5. The method of claim 1, wherein after matching to stored flow tables having source and destination IPs that are the same as the source and destination IPs of the datagram, the method further comprises: reading a write flag of the flow table;
and performing filtering operation on the data message according to the flow filtering strategy, wherein the filtering operation comprises:
in response to reading the write-in mark, filtering the data message according to the read flow filtering strategy;
the method further comprises the following steps:
in response to that the write-in mark cannot be read, matching the destination IP and the tunnel endpoint identification of the data message with the destination IP and the tunnel endpoint identification stored in a pre-established association table;
responding to an association table in which the stored destination IP and tunnel endpoint identification are matched with the same destination IP and tunnel endpoint identification of the data message, and matching the traffic characteristics in a pre-established traffic filtering policy table according to the signaling information stored in the association table, wherein the traffic characteristics and the traffic filtering policy are stored in the traffic filtering policy table;
and in response to the fact that the matched flow filtering policy table is obtained, and the flow characteristics in the matched flow filtering policy table are at least one part of the signaling information stored in the corresponding association table, filtering the data message according to the flow filtering policy in the flow filtering policy table.
6. The method of claim 5, wherein after obtaining the matching traffic filtering policy table and the traffic characteristics in the matching traffic filtering policy table are at least a portion of the signaling information stored in the corresponding association table, the method further comprises:
storing the flow filtering strategies in the flow filtering strategy table to the flow table;
and writes a write flag in the flow table.
7. An apparatus for message filtering, the apparatus comprising:
the analysis module is used for responding to the received message as a data message, and analyzing the data message to obtain a source IP and a destination IP of the data message;
the matching module is used for matching the source IP and the destination IP of the data message with the source IP and the destination IP stored in a pre-established flow table;
the reading module is used for responding to a flow table which is matched with the stored source IP and the stored destination IP and is the same as the source IP and the destination IP of the data message, and reading a flow filtering strategy stored in the flow table;
and the filtering module is used for filtering the data message according to the flow filtering strategy.
8. The apparatus of claim 7, further comprising:
the first analysis module is used for responding to the fact that the received first message is a data message, and analyzing the first message to obtain a source IP, a destination IP and a tunnel endpoint identifier of the first message;
the creating module is used for creating a flow table and storing a source IP and a destination IP of the first message into the flow table;
the first matching module is used for matching the destination IP and the tunnel endpoint identification of the first message with the destination IP and the tunnel endpoint identification stored in a pre-established association table;
a second matching module, configured to match traffic characteristics in a pre-created traffic filtering policy table according to signaling information stored in an association table in response to the association table in which a stored destination IP and a stored tunnel endpoint identifier are the same as the destination IP and the tunnel endpoint identifier of the first packet, where the traffic filtering policy table stores traffic characteristics and a traffic filtering policy;
and the storage module is used for responding to the acquired matched flow filtering strategy table, wherein the flow characteristics in the matched flow filtering strategy table are at least one part of the signaling information stored in the corresponding association table, and storing the flow filtering strategy in the flow filtering strategy table into the flow table.
9. A computer readable storage medium having stored thereon machine readable instructions which, when invoked and executed by a processor, cause the processor to carry out the method of any of claims 1 to 6.
10. An electronic device is characterized by comprising a communication interface, a processor, a memory and a bus, wherein the communication interface, the processor and the memory are connected with each other through the bus; the memory has stored therein machine-readable instructions, the processor executing the method of any of claims 1 to 6 by calling the machine-readable instructions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111566282.8A CN114520790B (en) | 2021-12-20 | 2021-12-20 | Message filtering method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111566282.8A CN114520790B (en) | 2021-12-20 | 2021-12-20 | Message filtering method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114520790A true CN114520790A (en) | 2022-05-20 |
| CN114520790B CN114520790B (en) | 2024-03-22 |
Family
ID=81596739
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111566282.8A Active CN114520790B (en) | 2021-12-20 | 2021-12-20 | Message filtering method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114520790B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090172800A1 (en) * | 2007-12-26 | 2009-07-02 | Avishai Wool | Reordering a firewall rule base according to usage statistics |
| CN101707619A (en) * | 2009-12-10 | 2010-05-12 | 福建星网锐捷网络有限公司 | Message filtering method, device and network device |
| CN103281246A (en) * | 2013-05-20 | 2013-09-04 | 华为技术有限公司 | Message processing method and network equipment |
| WO2015032333A1 (en) * | 2013-09-05 | 2015-03-12 | 华为技术有限公司 | Data packet forwarding method and device |
| US20160072717A1 (en) * | 2014-09-09 | 2016-03-10 | Shad I. Ansari | Reducing packet reordering in flow-based networks |
| US20160142301A1 (en) * | 2014-11-17 | 2016-05-19 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for virtualizing flow tables in a software-defined networking (sdn) system |
| US20160261492A1 (en) * | 2013-11-14 | 2016-09-08 | Zte Corporation | Method and System for Encapsulating Flow Identifier |
| CN110167076A (en) * | 2019-06-20 | 2019-08-23 | 杭州迪普信息技术有限公司 | A kind of flow shunt method, device and equipment of 4G network |
| CN111328108A (en) * | 2020-02-21 | 2020-06-23 | 杭州迪普信息技术有限公司 | 5G service data processing method and device and shunting equipment |
| CN111447233A (en) * | 2020-03-31 | 2020-07-24 | 国家计算机网络与信息安全管理中心 | Message filtering method and device based on VX L AN |
| CN111770023A (en) * | 2020-06-28 | 2020-10-13 | 湖南有马信息技术有限公司 | Message duplicate removal method and device based on FPGA and FPGA chip |
| CN112565262A (en) * | 2020-12-03 | 2021-03-26 | 恒安嘉新(北京)科技股份公司 | Flow data processing method, system, network equipment and storage medium |
| CN113438642A (en) * | 2021-05-27 | 2021-09-24 | 湖南戎腾网络科技有限公司 | 5G-oriented user traceability association method and system |
| CN113765798A (en) * | 2021-11-09 | 2021-12-07 | 广东睿江云计算股份有限公司 | QoS method, device, computer equipment and medium using external filter |
-
2021
- 2021-12-20 CN CN202111566282.8A patent/CN114520790B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090172800A1 (en) * | 2007-12-26 | 2009-07-02 | Avishai Wool | Reordering a firewall rule base according to usage statistics |
| CN101707619A (en) * | 2009-12-10 | 2010-05-12 | 福建星网锐捷网络有限公司 | Message filtering method, device and network device |
| CN103281246A (en) * | 2013-05-20 | 2013-09-04 | 华为技术有限公司 | Message processing method and network equipment |
| WO2015032333A1 (en) * | 2013-09-05 | 2015-03-12 | 华为技术有限公司 | Data packet forwarding method and device |
| US20160261492A1 (en) * | 2013-11-14 | 2016-09-08 | Zte Corporation | Method and System for Encapsulating Flow Identifier |
| US20160072717A1 (en) * | 2014-09-09 | 2016-03-10 | Shad I. Ansari | Reducing packet reordering in flow-based networks |
| US20160142301A1 (en) * | 2014-11-17 | 2016-05-19 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for virtualizing flow tables in a software-defined networking (sdn) system |
| CN110167076A (en) * | 2019-06-20 | 2019-08-23 | 杭州迪普信息技术有限公司 | A kind of flow shunt method, device and equipment of 4G network |
| CN111328108A (en) * | 2020-02-21 | 2020-06-23 | 杭州迪普信息技术有限公司 | 5G service data processing method and device and shunting equipment |
| CN111447233A (en) * | 2020-03-31 | 2020-07-24 | 国家计算机网络与信息安全管理中心 | Message filtering method and device based on VX L AN |
| CN111770023A (en) * | 2020-06-28 | 2020-10-13 | 湖南有马信息技术有限公司 | Message duplicate removal method and device based on FPGA and FPGA chip |
| CN112565262A (en) * | 2020-12-03 | 2021-03-26 | 恒安嘉新(北京)科技股份公司 | Flow data processing method, system, network equipment and storage medium |
| CN113438642A (en) * | 2021-05-27 | 2021-09-24 | 湖南戎腾网络科技有限公司 | 5G-oriented user traceability association method and system |
| CN113765798A (en) * | 2021-11-09 | 2021-12-07 | 广东睿江云计算股份有限公司 | QoS method, device, computer equipment and medium using external filter |
Non-Patent Citations (5)
| Title |
|---|
| MINSEOK KWON等: "CuVPP: Filter-based Longest Prefix Matching in Software Data Planes", 《2020 IEEE INTERNATIONAL CONFERENCE ON CLUSTER COMPUTING (CLUSTER)》 * |
| 张家华;杨种学;王江平;史煜凯;魏亮;: "融合DDoS威胁过滤与路由优化的SDN通信质量保障策略", 电信科学, no. 04, 20 April 2015 (2015-04-20) * |
| 王雪荣;王素彬;: "5G时代汇聚分流技术及其设备的演进变化", 广东通信技术, no. 05 * |
| 王鹏;余庆丰;: "基于NetMagic的IP报文过滤器实验", 网络安全技术与应用, no. 11 * |
| 高海源;: "在网络分流器中利用TCAM用户空间实现组合规则的算法", 科技创新导报, no. 07 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114520790B (en) | 2024-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110071878B (en) | Message flow statistical method and device and electronic equipment | |
| CN108337699B (en) | Internet surfing method and device, mobile terminal and storage medium | |
| US9590922B2 (en) | Programmable and high performance switch for data center networks | |
| CN104348740A (en) | Data package processing method and system | |
| CN103188042B (en) | A kind of matching process of IP packet and coupling accelerator | |
| WO2021128927A1 (en) | Message processing method and apparatus, storage medium, and electronic apparatus | |
| US20240106751A1 (en) | Method and apparatus for processing detnet data packet | |
| CN109391522B (en) | RDMA-based network traffic determination method, forwarding device, analysis server, and storage medium | |
| CN113037681B (en) | ACL rule management method, ACL rule management device, computer equipment and computer readable medium | |
| CN113132257A (en) | Message processing method and device | |
| CN108259348B (en) | Message transmission method and device | |
| CN107896196B (en) | Method and device for distributing messages | |
| CN112398754B (en) | Data transmission method, device, medium, electronic equipment and network access equipment | |
| CN103685062A (en) | Cache management method and device | |
| CN109361749A (en) | Message processing method, relevant device and computer storage medium | |
| CN111404839B (en) | Message processing method and device | |
| CN114520790B (en) | Message filtering method and device | |
| CN114885045B (en) | Method and device for saving DMA channel resources in high-speed intelligent network card/DPU | |
| CN112422485A (en) | Communication method and device of transmission control protocol | |
| US7414991B2 (en) | Computing system and method to select data packet | |
| CN113206794B (en) | Forwarding speed limiting method and device | |
| CN114125078A (en) | MAC address learning method and device | |
| WO2021109851A1 (en) | Network communication method, apparatus and device, and storage medium | |
| CN113132273B (en) | Data forwarding method and device | |
| CN104243395B (en) | A kind of high frequency time write operation method, interface message processor (IMP) and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |