CN115002242A - Method for implementing Ethernet message analyzer - Google Patents
Method for implementing Ethernet message analyzer Download PDFInfo
- Publication number
- CN115002242A CN115002242A CN202210609834.7A CN202210609834A CN115002242A CN 115002242 A CN115002242 A CN 115002242A CN 202210609834 A CN202210609834 A CN 202210609834A CN 115002242 A CN115002242 A CN 115002242A
- Authority
- CN
- China
- Prior art keywords
- message
- ethernet
- layer
- pkt
- header
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for realizing an Ethernet message analyzer, the analyzer can analyze the corresponding message only by giving out the specific message type by a user, the method is suitable for the frame format of the Ethernet message, can cover most of the commonly used messages at present, can be called at any place of a platform, and can also be transplanted to various verification platforms, the universality and the practicability are strong, the printing information after the message analysis can ensure that a verifier can clearly see the fields of the message, and can be used as a reference for comparing with a code result, thereby greatly improving the verification efficiency.
Description
Technical Field
The invention relates to the technical field of Ethernet chip verification, in particular to a method for realizing an Ethernet message analyzer.
Background
Ethernet is the most widely used network transmission method, has gained general acceptance by enterprises and users, and becomes the preferred technology for broadband access. When a computer network transmits data, in order to ensure that all computers sharing network resources can use the network fairly and quickly, the data is usually divided into a plurality of small blocks as transmission units to be transmitted, and the transmission units are generally called packets and also called data packets. An ethernet packet is a packet transmitted in an ethernet network. Ethernet packets have four classifications: ethernet II protocol, Ethernet 802.2 protocol, Ethernet 802.3 protocol, Ethernet SNAP protocol.
Capturing data packets from the network is a very important ring in the implementation of all network security products, and is the basis of other functions of the security products, and one of the most important conditions for implementing network capturing is to be able to receive all data packets on the network. Each network card communicating over the ethernet network has a globally unique physical address, also called the MAC address, which is a 48-bit binary number. The Ethernet card is internally provided with a data packet filter which is used for retaining data packets and broadcast data packets which take the MAC address of the Ethernet card as the communication purpose and discarding all other irrelevant data packets so as to prevent the CPU from performing useless processing on the irrelevant data packets. This is the way ethernet cards typically work. The conventional transmission path of the data packet is sequentially a network card, a device driver layer, a data link layer, a network layer, a transmission layer and finally reaches an application program.
The data packets on the ethernet link are referred to as ethernet frames. The ethernet frame start consists of a preamble and a start of frame followed by an ethernet header specifying the destination address and the source address with the MAC address. In the middle of the frame is the data packet (e.g., IP protocol) that the frame carries, including other protocol headers. The ethernet frame is terminated by a 32-bit redundancy check code. It is used to check whether the data transmission is corrupted.
In the Ethernet chip verification, the message interface verification process needs to construct the excitation for receiving various Ethernet protocol messages, and in the traditional excitation construction mode, the analysis of the received messages is not flexible enough, only one type of messages can be analyzed at a time, and the messages need to be manually analyzed according to specific messages.
In order to solve the defects of the prior art, the invention provides a method for realizing an Ethernet message parser, the parser can parse corresponding messages only by giving specific message types, most of the common messages at present can be covered, the method has the characteristics of high universality, strong practicability and the like, and the verification efficiency can be greatly improved.
Disclosure of Invention
In order to solve the deficiency in the prior art, the invention has proposed the implement method of a message resolver of Ethernet, users only need to give the concrete message type, the resolver can analyze the corresponding message, is suitable for the message frame format of Ethernet, can cover most common messages at present, can call in the platform in the arbitrary place, can also transplant to many verification platforms, commonality and practicability are strong, the printing information after the message is parsed can let the verifier see the field of the message clearly, can be regarded as the reference compared with code result, has greatly raised the efficiency verified.
In order to achieve the purpose, the invention adopts the following technical scheme.
In the embodiment of the invention, an implementation method of an Ethernet message parser is provided, which comprises the following steps:
s1, the message reaches the Ethernet chip verification platform; the message analyzer analyzes the message according to the Ethernet frame format of the Ethernet data frame;
s2 message head is analyzed layer by layer according to Ethernet data frame format head;
s3, analyzing the message load according to the protocol type of the message header analysis;
s4, according to the message header and the content of message load analysis, the message verification code is checked.
Further, the message parser completes parsing of the frame format according to the ethernet ii format of the ethernet data frame in the form of a message header pkt _ head, a message load pkt _ payload, and a message verification code check pkt _ fsc.
Furthermore, the message 4B verification code fcs is verified through the crc _32 algorithm according to information such as pkt _ head, pkt _ payload, and the like, and the fcs is put at the tail of the message to verify whether the message is damaged.
Furthermore, the message header pkt _ head is analyzed layer by layer according to the architecture of the two-layer, three-layer and four-layer messages, the information carried by the messages is automatically printed after the analysis, and the information can be called at any place in the verification platform to check the information of the messages.
The invention has the advantages that aiming at the problems in the existing Ethernet chip verification system, the invention provides the implementation method of the Ethernet message analyzer, the user only needs to give out a specific message type, the analyzer can analyze the corresponding message, the invention is suitable for the Ethernet message frame format, can cover most of the common messages at present, can be called at any place of a platform, and can also be transplanted to various verification platforms, the universality and the practicability are strong, the printing information after the message analysis can enable a verifier to clearly see the fields of the message, and can be used as a reference for comparing with the code result, thereby greatly improving the verification efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
fig. 1 is a schematic flow chart of the implementation of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The following embodiments are only used to more clearly illustrate the system method and technical solution of the present invention, and the protection scope of the present application is not limited thereby.
According to the implementation mode of the invention, the invention provides the implementation method of the Ethernet message analyzer, a user only needs to give a specific message type, the analyzer can analyze a corresponding message, the method is suitable for the Ethernet message frame format, can cover most of the commonly used messages at present, can be called at any place of a platform, and can also be transplanted to various verification platforms, the universality and the practicability are strong, the printing information after the message analysis can enable a verifier to clearly see the fields of the message, can be used as a reference for comparing with a code result, and the verification efficiency is greatly improved.
The principles and spirit of the present invention are explained in detail below with reference to several exemplary embodiments of the present invention.
Fig. 1 is a process flow diagram of an implementation method of an ethernet message parser. As shown in fig. 1, the method comprises the steps of:
s1, the message reaches the Ethernet chip verification platform; the message analyzer analyzes the message according to the Ethernet frame format of the Ethernet data frame;
the message analyzer completes the analysis of the frame format in the form of a message header pkt _ head, a message load pkt _ payload and a message verification code check pkt _ fsc according to the Ethernet II format of the Ethernet data frame.
S2 message header analysis;
the message header pkt _ head is analyzed layer by layer according to the architecture of the two-layer, three-layer and four-layer messages, and the information carried by the messages is automatically printed after the analysis, so that the message header pkt _ head can be called at any place in the verification platform to check the information of the messages.
S3 message load analysis;
and analyzing information such as a source port sport _ id, a stream number stream _ id, a sequence number sequence, a check sum check _ sum and the like according to the length of the payload.
And S4 checking the message verification code.
And checking a message 4B verification code fcs through an algorithm of crc _32 according to information such as pkt _ head and pkt _ payload, and putting the fcs at the tail to check whether the message is damaged.
It should be noted that although the operations of the method of the present invention have been described in the above embodiments and the accompanying drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the operations shown must be performed, to achieve the desired results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
In order to clearly explain the implementation method of the ethernet packet parser, a specific embodiment is described below, but it should be noted that the embodiment is only for better explaining the present invention and is not to be construed as an undue limitation to the present invention.
The first embodiment is as follows:
in this embodiment, an ethernet packet parser completes parsing of a frame format according to an ethernet data frame ethernet ii format, which is divided into a pkt _ head, a pkt _ payload, and a pkt _ fsc format, where the pkt _ head parses layer by layer according to an architecture of a two-layer, a three-layer, or a four-layer packet, and after parsing, information carried by the packet is automatically printed, and the information can be called at any place in a verification platform to check the information of the packet. The analytic flow text is expressed as follows:
1. the message reaches an Ethernet chip verification platform; the message analyzer analyzes the message according to the Ethernet format of the Ethernet data frame according to the calling message analysis function
2. Parsing of header pkt _ head
Layer 2: all data link layer protocols such as Ethernet head, Ethernet MPLS head, Ethernet Vxlan, etc. are analyzed.
The layer mainly analyzes 2 layers of the Ethernet, such as DA, SA, VLAN and ETH _ head, analyzes the next layer protocol type according to the length and the offset of the message header, and transmits the offset message header to the next layer for analysis.
Layer 3: resolving protocols such as 802.1x, IP and the like;
the layer mainly analyzes the Ethernet three-layer protocol including IPV4/IPV6, 802.1x and the like by depending on the protocol analyzed by the layer2 layer and the transmitted message header, analyzes the field of the corresponding protocol, and also needs to modify the protocol type pointed by the next layer and transmits the offset message header to the layer 4.
Layer 4: analyzing hundreds of protocols such as TCP, UDP and the like which are distinguished by depending on protocol fields in the IP protocol;
the layer mainly resolves the rest message header into the field of the corresponding protocol aiming at the protocol carried by layer3 layer, such as TCP, UDP, ICMP, IGMP, etc
The list of algorithms involved in the header parsing is shown in table 1:
| name of algorithm | Means of |
| head_parse(utype pkt_list[$]) | According to pkt _ list [ $]Analyzing out protocol field of message |
| len_type_parse() | Calling the layer protocol transmitted after the upper layer of the message is analyzed |
| get_layer_protocol() | Acquiring a protocol corresponding to a lower layer after upper layer analysis of a message |
| pkt_header_check(utype pkt[$]) | Protocol for calculating message lower layer correspondence |
TABLE 1
3. Parsing of message payload pkt _ payload
Analyzing information such as sport _ id, stream _ id, sequence, check _ sum and the like according to the length of the payload;
the list of algorithms involved in the message load analysis is shown in table 2:
TABLE 2
4. Analysis of message check code pkt _ fcs
In order to ensure the correctness of data, the message 4B verification code fcs is verified through the algorithm of crc _32 according to information such as pkt _ head, pkt _ payload, and the like, and the fcs is put at the tail to verify whether the message is damaged.
The list of algorithms involved in the message check code parsing is shown in table 3:
TABLE 3
The invention has the advantages that the invention provides the realization method of the Ethernet message analyzer aiming at the problems in the prior Ethernet chip verification system, the user only needs to give out specific message types, the analyzer can analyze the corresponding messages, the invention is suitable for the Ethernet message frame format, can cover most of the prior common messages, can be called at any place of the platform and can also be transplanted to a plurality of verification platforms, the universality and the practicability are strong, the printing information after the message analysis can lead the verification personnel to clearly see the fields of the messages, and can be used as the reference for comparing with the code result, thereby greatly improving the verification efficiency.
The applicant of the present invention has made detailed description and description of the embodiments of the present invention with reference to the drawings, which are included in the specification, the embodiments of the present invention are merely preferred embodiments of the present invention, and the detailed description is only for the purpose of helping the reader to better understand the spirit of the present invention, and not for limiting the scope of the present invention, but rather, any improvement or modification made based on the spirit of the present invention should fall within the scope of the present invention.
Claims (4)
1. A method for realizing an Ethernet message parser is characterized by comprising the following steps:
s1, the message reaches the Ethernet chip verification platform; the message analyzer analyzes the message according to the Ethernet frame format of the Ethernet data frame;
s2 message header is analyzed layer by layer according to Ethernet data frame Ethernet II format header;
s3, analyzing the message load according to the protocol type of the message header analysis;
s4, according to the message header and the content of message load analysis, the message verification code is checked.
2. The method according to claim 1, wherein the method comprises: the message analyzer is divided into a message header pkt _ head, a message load pkt _ payload and a message verification code check pkt _ fsc to complete the analysis of the frame format according to the Ethernet II format of the Ethernet data frame.
3. The method according to claim 1, wherein the method comprises: and checking the message 4B verification code fcs through an algorithm of crc _32 according to the pkt _ head and pkt _ payload information, and putting the fcs at the tail to check whether the message is damaged.
4. The method according to claim 1, wherein the method comprises: the message header pkt _ head is analyzed layer by layer according to the architecture of the two-layer, three-layer and four-layer messages, and the information carried by the messages is automatically printed after the analysis, so that the message header pkt _ head can be called at any place in the verification platform to check the information of the messages.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210609834.7A CN115002242A (en) | 2022-05-31 | 2022-05-31 | Method for implementing Ethernet message analyzer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210609834.7A CN115002242A (en) | 2022-05-31 | 2022-05-31 | Method for implementing Ethernet message analyzer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115002242A true CN115002242A (en) | 2022-09-02 |
Family
ID=83030377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210609834.7A Pending CN115002242A (en) | 2022-05-31 | 2022-05-31 | Method for implementing Ethernet message analyzer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115002242A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664749A (en) * | 2012-04-09 | 2012-09-12 | 北京航空航天大学 | Monitoring system capable of configuring telemetering data |
| CN113114706A (en) * | 2021-06-15 | 2021-07-13 | 南方电网数字电网研究院有限公司 | Multichannel Ethernet message processing method based on power chip |
-
2022
- 2022-05-31 CN CN202210609834.7A patent/CN115002242A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664749A (en) * | 2012-04-09 | 2012-09-12 | 北京航空航天大学 | Monitoring system capable of configuring telemetering data |
| CN113114706A (en) * | 2021-06-15 | 2021-07-13 | 南方电网数字电网研究院有限公司 | Multichannel Ethernet message processing method based on power chip |
Non-Patent Citations (1)
| Title |
|---|
| 赵宇 等: "一种可重构以太网数据包解析器中可重构单元的设计", 计算机工程与科学 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8219675B2 (en) | System and method for correlating IP flows across network address translation firewalls | |
| US8614955B2 (en) | Misdirected packet detection apparatus and method | |
| CN112311789B (en) | Deep packet processing method and device, electronic device and storage medium | |
| US7062680B2 (en) | Expert system for protocols analysis | |
| US11075980B2 (en) | Method for operating a node cluster system in a network and node cluster system | |
| US5406555A (en) | Charging in LAN for only packets used by subscribers | |
| US20120281714A1 (en) | Packet processing accelerator and method thereof | |
| CN108881328B (en) | Data packet filtering method and device, gateway equipment and storage medium | |
| CN110708250A (en) | Method for improving data forwarding performance, electronic equipment and storage medium | |
| US7373412B2 (en) | Apparatus for selecting and sorting packets from a packet data transmission network | |
| CN109246189B (en) | Network data distribution method and device, storage medium and server | |
| WO2020206849A1 (en) | Method and system for processing dhcp data with vlan tag | |
| US8260906B1 (en) | System and method for heuristic determination of network protocols | |
| CN112003816B (en) | Data transmission method, device, equipment and storage medium | |
| CN115002242A (en) | Method for implementing Ethernet message analyzer | |
| US9577669B2 (en) | Methods, systems, and computer readable media for optimized message decoding | |
| CN114679309B (en) | Message detection method and device | |
| CN113422714B (en) | Module for supporting high-integrity redundancy management on AFDX terminal | |
| CN110493057B (en) | Wireless access equipment and forwarding control method thereof | |
| WO2021128936A1 (en) | Message processing method and apparatus | |
| CN113608741B (en) | Network security service integration method and device | |
| CN114301960B (en) | Processing method and device for cluster asymmetric traffic, electronic equipment and storage medium | |
| US20170277612A1 (en) | Methods, systems, and computer readable media for providing an anticipated data integrity check | |
| KR102536841B1 (en) | Lightweight Ethernet frame processing device and method for redundant communication | |
| CN117692222A (en) | Method and device for processing message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |