CN115277036A - Communication method, network device, and computer-readable storage medium - Google Patents

Communication method, network device, and computer-readable storage medium Download PDF

Info

Publication number
CN115277036A
CN115277036A CN202110526497.0A CN202110526497A CN115277036A CN 115277036 A CN115277036 A CN 115277036A CN 202110526497 A CN202110526497 A CN 202110526497A CN 115277036 A CN115277036 A CN 115277036A
Authority
CN
China
Prior art keywords
network equipment
protocol layer
client
data
ssl
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110526497.0A
Other languages
Chinese (zh)
Inventor
周远德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongchuangwei Chengdu Quantum Communication Technology Co ltd
Original Assignee
Zhongchuangwei Chengdu Quantum Communication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongchuangwei Chengdu Quantum Communication Technology Co ltd filed Critical Zhongchuangwei Chengdu Quantum Communication Technology Co ltd
Publication of CN115277036A publication Critical patent/CN115277036A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a communication method, network equipment and a computer readable storage medium, which can solve the problem that when a multi-core system in the related art performs encryption and decryption processing on original data, the efficiency of the system for processing the data is low due to the fact that the original data enters and exits a kernel, and therefore the efficiency of the system for processing the original data is improved. The communication method comprises the following steps: the network equipment receives client data of a terminal; a data plane development kit DPDK of the network equipment maps client data to a TCP/IP protocol layer of the network equipment; the TCP/IP protocol layer of the network equipment sends the client data to the SSL/TLS protocol layer of the network equipment; the SSL/TLS protocol layer of the network equipment is the upper layer of the TCP/IP protocol layer of the network equipment; the SSL/TLS protocol layer of the network equipment decrypts the client data; the SSL/TLS protocol layer of the network appliance sends the decrypted client data to the application of the network appliance.

Description

Communication method, network device, and computer-readable storage medium
The present application claims priority from chinese patent application having the application number 2021104798237, the name of "communication method, network device and computer readable storage medium", filed on 30/5/2021 by the national intellectual property office, the entire contents of which are incorporated herein by reference.
Technical Field
The present application relates to the field of communications, and in particular, to a communication method, a network device, and a computer-readable storage medium.
Background
The development of the CPU (English: central processing Unit; chinese: central processing Unit) is from single core to multi-core, most hardware is composed of multi-core at present, and the processing capacity of the computer is stronger and stronger. The development of network cards is from 10M to 100M, further to 1000M until 10G now, the hardware is stronger and the demand of people on the network is greater and greater.
Since the birth of the internet, the relationship between a network protocol stack and a kernel is very close, in the traditional kernel protocol stack, the processing of a network packet has a plurality of performance bottlenecks, so that the receiving and sending of a data packet are seriously influenced, and the main influences are multi-core switching, CPU cache failure, interrupt processing, kernel copying and system calling. For example, the process of encrypting and decrypting the original data by SSL (english: secure sockets layer; chinese: secure socket protocol) is generally implemented in the user space, and although one copy can be avoided by a mapping file method such as mmap, the encrypted data is copied by going in and out of the kernel.
In summary, in the multi-core system, when the original data is encrypted and decrypted, the efficiency of the system processing the data is low because the original data enters and exits the kernel.
Disclosure of Invention
Embodiments of the present application provide a communication method, a network device, and a computer-readable storage medium, which can solve a problem in the related art that when a multi-core system encrypts and decrypts original data, the efficiency of processing the data by the system is low because the original data enters and exits from a kernel, so that the efficiency of processing the original data by the system is improved.
In order to achieve the purpose, the technical scheme is as follows:
in a first aspect, a method of communication is provided. The communication method comprises the following steps: the network equipment receives client data of a terminal; a data plane development kit DPDK of the network equipment maps client data to a TCP/IP protocol layer of the network equipment; a TCP/IP protocol layer of the network equipment sends client data to an SSL/TLS protocol layer of the network equipment; the SSL/TLS protocol layer of the network equipment is the upper layer of the TCP/IP protocol layer of the network equipment; the SSL/TLS protocol layer of the network equipment decrypts the client data; the SSL/TLS protocol layer of the network equipment sends the decrypted client data to the application program of the network equipment; the application corresponds to a client.
Based on the communication method, after receiving a data packet, a network device maps the data to a TCP/IP protocol layer through a data plane development kit DPDK, the TCP/IP protocol layer sends the data packet to an SSL/TLS protocol layer for decryption, the decrypted data is sent to an application program, and the application program performs corresponding processing according to own services, namely the original data packet does not need to enter and exit a kernel during processing, so that the problem of low data processing efficiency of a system due to the fact that the original data enters and exits the kernel when a multi-core system performs encryption and decryption processing on the original data in the related technology is solved, and the data processing efficiency of the multi-core system is greatly improved.
Optionally, the communication method further includes: an application program of the network equipment sends data to be sent to an SSL/TLS protocol layer of the network equipment; the SSL/TLS protocol layer of the network equipment encrypts data to be sent; an SSL/TLS protocol layer of the network equipment sends encrypted data to be sent to a TCP/IP protocol layer of the network equipment; the TCP/IP protocol layer of the network equipment sends the encrypted data to be sent to the DPDK of the network equipment; and the network equipment sends the encrypted data to be sent to the client.
Optionally, the communication method further includes: the network equipment receives a connection request of a client; the connection request of the client comprises a TCP/IP handshake operation request; the TCP/IP protocol layer of the network equipment completes handshake operation according to the TCP/IP handshake operation request; the network equipment receives an SSL/TLS session connection request of a client; an SSL/TLS protocol layer of the network equipment negotiates a key according to an SSL/TLS session connection request of a client; and the network equipment sends the negotiated key to the client.
Optionally, the network device receives client data of the terminal, and includes: a network card of the network equipment receives client data of a terminal; a network card of the network equipment sends client data of the terminal to a data plane development kit DPDK of the network equipment;
the method for sending the encrypted data to be sent to the client by the network equipment comprises the following steps: a data plane development kit DPDK of the network equipment sends encrypted data to be sent to a network card of the network equipment; and the network card of the network equipment sends the encrypted data to be sent to the client.
In a second aspect, a network device is provided. The network device includes: the device comprises a processing module and a transmitting-receiving module; the processing module comprises a data plane development suite DPDK, a TCP/IP protocol layer, an SSL/TLS protocol layer and an application program corresponding to the client of the network equipment; the receiving and sending module is used for receiving client data of the terminal; a data plane development kit DPDK of the network device, for mapping client data to a TCP/IP protocol layer of the network device; the TCP/IP protocol layer of the network equipment is used for sending client data to the SSL/TLS protocol layer; the SSL/TLS protocol layer of the network equipment is the upper layer of the TCP/IP protocol layer of the network equipment; the SSL/TLS protocol layer of the network equipment is used for decrypting the client data; and the SSL/TLS protocol layer of the network equipment is also used for sending the decrypted client data to the application program of the network equipment.
Optionally, the application program of the network device is configured to send data to an SSL/TLS protocol layer of the network device; the SSL/TLS protocol layer of the network equipment is also used for encrypting data to be sent; the SSL/TLS protocol layer of the network equipment is also used for sending the encrypted data to be sent to the TCP/IP protocol layer of the network equipment; the TCP/IP protocol layer of the network equipment is also used for sending the encrypted data to be sent to the DPDK of the network equipment; and the transceiving module is also used for sending the encrypted data to be sent to the client.
Optionally, the transceiver module is further configured to receive a connection request of the client; the connection request of the client comprises a TCP/IP handshake operation request; the TCP/IP protocol layer transceiving module of the network equipment is also used for finishing the handshake operation according to the TCP/IP handshake operation request; the receiving and sending module is also used for receiving an SSL/TLS session connection request of the client; the SSL/TLS protocol layer of the network equipment is also used for negotiating a key according to the SSL/TLS session connection request of the client; and the transceiver module is also used for sending the negotiated key to the client.
Optionally, the transceiver module is a network card.
Optionally, the network device according to the second aspect may further include a storage module, which stores the program or the instructions. The program or instructions, when executed by the processing module, enable the network device to perform the communication method of the first aspect.
It should be noted that the network device described in the second aspect may also be a chip (system) or other component or assembly that can be disposed in the network device, and may also be an apparatus including the network device, which is not limited in this application.
In addition, for technical effects of the communication apparatus according to the second aspect, reference may be made to technical effects of the communication method according to the first aspect, and details are not repeated here.
In a third aspect, a network device is provided. The network device is configured to perform the communication method according to any one of the implementation manners of the first aspect.
In this application, the network device according to the third aspect may be the network device according to any one of the first aspect or the second aspect, or a chip (system) or other component or assembly provided in the network device, or an apparatus including the network device.
It should be understood that the network device according to the third aspect includes corresponding modules, units, or means (means) for implementing the communication method according to any one of the above first aspects, and the modules, units, or means may be implemented by hardware, software, or by hardware executing corresponding software. The hardware or software includes one or more modules or units for performing the functions involved in the above-described communication method.
In addition, for technical effects of the communication apparatus according to the third aspect, reference may be made to technical effects of the communication method according to the first aspect, and details are not repeated here.
In a fourth aspect, a computer-readable storage medium is provided, comprising: computer programs or instructions; the computer program or the instructions, when executed on a computer, cause the computer to perform the communication method according to any one of the possible implementations of the first aspect to the fourth aspect.
Drawings
Fig. 1 is a schematic architecture diagram of a communication system according to an embodiment of the present application;
fig. 2 is a first flowchart of a communication method according to an embodiment of the present application;
fig. 3 is a second flowchart illustrating a communication method according to an embodiment of the present application;
fig. 4 is a first schematic structural diagram of a network device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a network device according to an embodiment of the present application.
Detailed Description
The technical solution in the present application will be described below with reference to the accompanying drawings.
The technical solution of the embodiment of the present application may be applied to various communication systems, for example, a wireless fidelity (WiFi) system, a vehicle-to-any object (V2X) communication system, a device-to-device (D2D) communication system, a vehicle networking communication system, a 4th generation (4 g) mobile communication system, such as a Long Term Evolution (LTE) system, a Worldwide Interoperability for Microwave Access (WiMAX) communication system, a fifth generation (5 g) mobile communication system, such as a new radio, NR) system, and a future communication system, such as a sixth generation (6 g) mobile communication system.
This application is intended to present various aspects, embodiments or features around a system that may include a number of devices, components, modules, and the like. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, a combination of these schemes may also be used.
In addition, in the embodiments of the present application, words such as "exemplarily", "for example", etc. are used for indicating as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the word using examples is intended to present concepts in a concrete fashion.
In the embodiment of the present invention, "information", "signal", "message", "channel", "signaling" may be used in combination, and it should be noted that the meaning to be expressed is consistent when the difference is not emphasized. "of", "corresponding", "canceling" and "corresponding" may sometimes be used in combination, and it should be noted that the intended meaning is consistent when differences are not emphasized.
The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.
To facilitate understanding of the embodiments of the present application, a communication system applicable to the embodiments of the present application will be first described in detail by taking the communication system shown in fig. 1 as an example. Fig. 1 is a schematic structural diagram of a communication system to which the communication method provided in the embodiment of the present application is applied.
As shown in fig. 1, the communication system includes a network device and a terminal device.
The network device is a device located on the network side of the communication system and having a wireless transceiving function or a chip system that can be installed on the device. The network devices include, but are not limited to: an Access Point (AP) in a wireless fidelity (WiFi) system, such as a home gateway, a router, a server, a switch, a bridge, etc., an evolved node B (eNB), a Radio Network Controller (RNC), a node B (NodeB, NB), a Base Station Controller (BSC), a Base Transceiver Station (BTS), a home base station (e.g., a homeevdnode, or homeNodeB, HNB), a baseband unit (BBU), a wireless relay node, a wireless backhaul node, a transmission point (TP, or transmission point, etc.), and may also be 5G, such as a new radio Network (NR) system, or a TP system, and may also be configured as a set of multiple antenna panels (rsb, NBs, or network nodes, such as a radio network panel (rsdu), or a set of multiple radio network nodes (rsb, NBs), or a radio network panel (rsdu), or a network panel (RSU) with multiple functions.
The terminal device is a terminal which is accessed to the communication system and has a wireless transceiving function or a chip system which can be arranged on the terminal. The terminal equipment can also be called a user device, access terminal, subscriber unit, subscriber station, mobile, remote station, remote terminal, mobile device, user terminal, wireless communication device, user agent, or user device. The terminal device in the embodiment of the present application may be a mobile phone (mobile phone), a tablet computer (Pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self), a wireless terminal in telemedicine (remote), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety (transportation safety), a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), a vehicle-mounted terminal, an RSU with a terminal function, and the like. The terminal device of the present application may also be an on-board module, an on-board component, an on-board chip, or an on-board unit that is built in the vehicle as one or more components or units, and the vehicle may implement the communication method provided by the present application through the built-in on-board module, the on-board component, the on-board chip, or the on-board unit.
It should be noted that the solutions in the embodiments of the present application may also be applied to other communication systems, and the corresponding names may also be replaced with names of corresponding functions in other communication systems.
It should be appreciated that fig. 1 is a simplified schematic diagram of an example for ease of understanding only, and that other network devices, and/or other terminal devices, not shown in fig. 1, may also be included in the communication system.
The communication method provided by the embodiment of the present application will be specifically described below with reference to fig. 2 to 3.
Exemplarily, fig. 2 is a first flowchart of a communication method provided in the embodiment of the present application. The communication method may be applied to communication between the network device and the terminal device shown in fig. 1.
As shown in fig. 2, the communication method includes the steps of:
s201, the network equipment receives client data of the terminal.
The client installed by the terminal corresponds to the application installed by the network equipment. I.e. the client can perform data interaction with the corresponding application. Optionally, the network device receives the client data of the terminal through the network card, and sends the received client data to a DPDK (data plane development kit, full name of chinese). The client can be an APP installed in the terminal, such as a browser; correspondingly, the application program can be a website, and the browser can log in the website to browse website contents.
Alternatively, the client may send a connection request to the network device before performing step S201. The connection request of the client includes a TCP/IP (transmission control protocol/internet protocol; chinese) handshake operation request. After the network device receives the connection request of the client through the network card, the TCP/IP protocol layer of the network device completes handshake operation according to the TCP/IP handshake operation request. After the handshake operation is completed, the network device may feed back completion information to the client. Passenger(s)
After finishing handshake operation, the client sends SSL/TLS session connection request to the network device. The SSL/TLS session connection request may include, among other things, a key negotiation request. After the network device receives the SSL/TLS session connection request of the client through the network card, an SSL/TLS protocol layer of the network device negotiates a key according to the SSL/TLS session connection request of the client. After the key is negotiated, the network device sends the negotiated key to the client through the network card.
After receiving the negotiated key, the client encrypts the client data by using the negotiated key and sends the encrypted client data to the network device.
S202, the DPDK of the network device maps the client data to the TCP/IP protocol layer of the network device.
S203, the TCP/IP protocol layer of the network device sends the client data to the SSL/TLS protocol layer of the network device.
The SSL/TLS protocol layer of the network equipment is an upper layer of a TCP/IP protocol layer of the network equipment.
S204, the SSL/TLS protocol layer of the network device decrypts the client data.
The SSL/TLS protocol layer of the network device may decrypt the client data according to the negotiated key.
S205, the SSL/TLS protocol layer of the network device sends the decrypted client data to the application program of the network device.
The application program of the network device can process the client data after receiving the decrypted client data.
Further, for the data to be sent that the application needs to return to the client, the application of the network device sends the data to be sent to an SSL/TLS protocol layer of the network device, the SSL/TLS protocol layer of the network device encrypts the data to be sent using the negotiated key and sends the encrypted data to a TCP/IP protocol layer of the network device, and the TCP/IP protocol layer of the network device sends the encrypted data to be sent to a DPDK of the network device. After receiving the encrypted data to be sent, the DPDK of the network device sends the encrypted data to be sent to a network card of the network device, and the network device sends the encrypted data to be sent to the client through the network card. And after receiving the encrypted data to be transmitted, the client decrypts the data to be transmitted by using the negotiated secret key.
Exemplarily, fig. 3 is a schematic flowchart diagram of a second communication method provided in the embodiment of the present application. The communication method may be applied to communication between the network device and the terminal device shown in fig. 1. As shown in fig. 3, the communication method includes the steps of:
s301, after receiving the connection request of the client, the network card of the network device sends the connection request of the client to the TCP/IP protocol layer.
The connection request of the client comprises a TCP/IP handshake operation request.
S302, the TCP/IP protocol layer of the network equipment completes the handshake operation according to the TCP/IP handshake operation request.
After the handshake operation is completed, the network device may feed back completion information to the client. After finishing the handshake operation, the client sends an SSL session connection request to the network equipment; the SSL session connection request may include a key negotiation request, among other things.
And S303, after receiving the SSL session connection request of the client through the network card, the network device sends the SSL session connection request of the client to an SSL/TLS protocol layer of the network device.
S304, the SSL protocol layer of the network device negotiates a key according to the SSL session connection request of the client.
S305, after negotiating the secret key, the SSL layer of the network device sends the negotiated secret key to the network card, and the network card sends the negotiated secret key to the client. After receiving the negotiated key, the client may encrypt the client data using the negotiated key and send the encrypted client data to the network device.
S306, the network device receives the encrypted client data through the network card, and sends the encrypted client data to the DPDK.
S307, the DPDK of the network device maps the encrypted client data to a TCP/IP protocol layer of the network device.
S308, the TCP/IP protocol layer of the network device sends the encrypted client data to the SSL protocol layer of the network device.
S309, the SSL layer of the network device decrypts the client data using the negotiated key.
S310, the SSL layer of the network device sends the decrypted client data to the application program of the network device.
And S311, the application program of the network equipment processes the decrypted client data to generate data to be sent.
S312, the application program of the network device sends the data to be sent to the SSL layer of the network device.
S313, the SSL layer of the network device encrypts the data to be sent using the negotiated key.
S314, the SSL protocol layer of the network device sends the encrypted data to be sent to the TCP/IP protocol layer of the network device, and the TCP/IP protocol layer of the network device sends the encrypted data to be sent to the DPDK of the network device. After receiving the encrypted data to be sent, the DPDK of the network device sends the encrypted data to be sent to a network card of the network device, and the network device sends the encrypted data to be sent to the client through the network card. And after receiving the encrypted data to be transmitted, the client decrypts the data to be transmitted by using the negotiated secret key.
Based on the communication method shown in any one of fig. 2 to fig. 3, the user mode protocol stack adopts a data packet directly shared between the network card and the application layer, and the application program directly reads the network card data packet and submits the original data to the service logic processing interface of the application layer through SSL/TLS encryption and decryption. The network card data is directly handed to application software for management, so that an original data packet is processed and bypasses a kernel, the processing capacity of the system is greatly improved, and the problem that the system has low data processing efficiency due to the fact that the original data enters and exits the kernel when the multi-core system in the related technology carries out encryption and decryption processing on the original data is solved, and the data processing efficiency of the multi-core system is greatly improved. In addition, the user mode protocol stack can well solve the problem of network delay by matching with the SSL/TLS protocol, so that the SSL handshaking and data receiving and transmitting speed is increased. In addition, in the multi-core system, the problems of cache invalidation and inconsistent memory access caused by the fact that a plurality of different CPUs are needed to be crossed during the processing of the data packet are solved.
The communication method provided by the embodiment of the present application is described in detail above with reference to fig. 2 to 3. A network device for performing the communication method provided by the embodiment of the present application is described in detail below with reference to fig. 4 to 5.
Exemplarily, fig. 4 is a schematic structural diagram one provided in the embodiment of the present application. As shown in fig. 4, the network device 400 includes: a processing module 401 and a transceiver module 402. For ease of illustration, fig. 4 shows only the major components of the network device.
In some embodiments, the network device 400 may be adapted in the communication system shown in fig. 1 to perform the function of processing client data in the communication method shown in fig. 2 or fig. 3.
The processing module 401 includes a data plane development kit DPDK, a TCP/IP protocol layer, and an SSL/TLS protocol layer of the network device 400, and an application program corresponding to the client.
A transceiver module 402, configured to receive client data of a terminal.
The data plane development kit DPDK of network device 400 is used to map client data to the TCP/IP protocol layers of network device 400.
A TCP/IP protocol layer of the network device 400, configured to send client data to the SSL/TLS protocol layer; the SSL/TLS protocol layer of the network device 400 is an upper layer of the TCP/IP protocol layer of the network device.
The SSL/TLS protocol layer of network device 400 is used to decrypt client data.
The SSL/TLS protocol layer of the network device 400 is also configured to send the decrypted client data to the application of the network device 400.
Optionally, the transceiver module 402 may include a receiving module and a transmitting module (not shown in fig. 4). The transceiver module is used to implement a sending function and a receiving function of the network device 400.
Optionally, network device 400 may also include a storage module (not shown in fig. 4) that stores programs or instructions. The program or instructions, when executed by the processing module 401, enable the network device 400 to perform the functions of processing client data in the communication method illustrated in any of fig. 2-3.
It is to be understood that the processing module 801 involved in the network device 400 may be implemented by a processor or processor-related circuit component, which may be a processor or a processing unit; the transceiver module 402 may be implemented by a transceiver or transceiver-related circuit component, and may be a transceiver or transceiver unit.
It should be noted that the network device 400 is a chip (system) or other component or assembly that can be disposed in the network device, and may also be an apparatus including the network device, which is not limited in this application.
Fig. 5 is a schematic structural diagram of a network device according to an embodiment of the present application. The network device may be a terminal device or a network device, or may be a chip (system) or other component or assembly that may be disposed on the terminal device or the network device. As shown in fig. 5, network device 500 may include a processor 501. Optionally, the network device 500 may also include a memory 502 and/or a transceiver 503. The processor 501 is coupled to the memory 502 and the transceiver 503, such as may be connected via a communication bus.
The following describes each component of the network device 500 in detail with reference to fig. 5:
the processor 501 is a control center of the network device 500, and may be a single processor or a collective term for multiple processing elements. For example, processor 501 is one or more Central Processing Units (CPUs), may be A Specific Integrated Circuit (ASIC), or may be one or more integrated circuits configured to implement embodiments of the present application, such as: one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs).
Alternatively, processor 501 may perform various functions of network device 500 by running or executing software programs stored in memory 502, as well as invoking data stored in memory 502.
In particular implementations, processor 501 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 5, as one embodiment.
In particular implementations, network device 500 may also include multiple processors, such as processor 501 and processor 504 shown in FIG. 2, for example, as an example. Each of these processors may be a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The memory 502 is configured to store a software program for executing the scheme of the present application, and is controlled by the processor 501 to execute the software program.
Alternatively, the memory 502 may be, but is not limited to, a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disc, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 502 may be integrated with the processor 501, or may be separate and coupled to the processor 501 through an interface circuit (not shown in fig. 5) of the network device 500, which is not specifically limited in this embodiment.
A transceiver 503 for communication with other network devices. For example, where the network device 500 is a terminal device, the transceiver 503 may be used to communicate with the network device or with another terminal device. As another example, where network device 500 is a network device, transceiver 503 may be used to communicate with a terminal device or with another network device.
Optionally, the transceiver 503 may include a receiver and a transmitter (not separately shown in fig. 5). Wherein the receiver is configured to perform a receiving function and the transmitter is configured to perform a transmitting function.
Alternatively, the transceiver 503 may be integrated with the processor 501, or may exist separately, and is coupled to the processor 501 through an interface circuit (not shown in fig. 5) of the network device 500, which is not specifically limited in this embodiment of the present application.
It should be noted that the structure of the network device 500 shown in fig. 5 does not constitute a limitation of the network device, and an actual network device may include more or less components than those shown, or combine some components, or arrange different components.
In addition, the technical effect of the network device 500 may refer to the technical effect of the communication method described in the above method embodiment, and is not described herein again.
An embodiment of the present application further provides a chip system, including: a processor coupled to a memory, the memory for storing a program or instructions, which when executed by the processor, causes the system-on-chip to implement the method in any of the method embodiments described above.
Optionally, the number of processors in the system on chip may be one or more. The processor may be implemented by hardware or by software. When implemented in hardware, the processor may be a logic circuit, an integrated circuit, or the like. When implemented in software, the processor may be a general-purpose processor implemented by reading software code stored in a memory.
Optionally, the memory in the system-on-chip may also be one or more. The memory may be integrated with the processor or may be separate from the processor, which is not limited in this application. For example, the memory may be a non-transitory processor, such as a read only memory ROM, which may be integrated on the same chip as the processor, or may be separately disposed on different chips, and the type of the memory and the arrangement of the memory and the processor are not particularly limited in this application.
The system on chip may be, for example, a Field Programmable Gate Array (FPGA), an Application Specific Integrated Chip (ASIC), a system on chip (SoC), a Central Processing Unit (CPU), a Network Processor (NP), a digital signal processing circuit (DSP), a Microcontroller (MCU), a Programmable Logic Device (PLD) or other integrated chips.
It should be understood that the processor in the embodiments of the present application may be a Central Processing Unit (CPU), and the processor may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will also be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of Random Access Memory (RAM) are available, such as Static RAM (SRAM), dynamic Random Access Memory (DRAM), synchronous Dynamic Random Access Memory (SDRAM), SDRAM (SDRAM), ddr (double data rate) SDRAM, edraws (DDRSDRAM), enhanced SDRAM (enhanced SDRAM, ESDRAM), SDRAM (synchronous DRAM), SDRAM (SLDRAM), and rdram (DRRAM).
The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. The procedures or functions described in accordance with the embodiments of the present application are produced in whole or in part when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. In addition, the "/" in this document generally indicates that the former and latter associated objects are in an "or" relationship, but may also indicate an "and/or" relationship, which may be understood with particular reference to the former and latter text.
In this application, "at least one" means one or more, "a plurality" means two or more. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.
It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method of communication, comprising:
the network equipment receives client data of a terminal;
mapping the client data to a TCP/IP protocol layer of the network equipment by a data plane development kit DPDK of the network equipment;
the TCP/IP protocol layer of the network equipment sends the client data to the SSL/TLS protocol layer of the network equipment; the SSL/TLS protocol layer of the network equipment is the upper layer of the TCP/IP protocol layer of the network equipment;
the SSL/TLS protocol layer of the network device decrypts the client data;
the SSL/TLS protocol layer of the network equipment sends the decrypted client data to an application program of the network equipment; the application corresponds to the client.
2. The communication method according to claim 1, further comprising:
the application program of the network equipment sends data to be sent to an SSL/TLS protocol layer of the network equipment;
the SSL/TLS protocol layer of the network equipment encrypts the data to be sent;
the SSL/TLS protocol layer of the network equipment sends the encrypted data to be sent to a TCP/IP protocol layer of the network equipment;
the TCP/IP protocol layer of the network equipment sends the encrypted data to be sent to a DPDK of the network equipment;
and the network equipment sends the encrypted data to be sent to the client.
3. The communication method according to claim 2, further comprising:
the network equipment receives a connection request of the client; the connection request of the client comprises a TCP/IP handshake operation request;
the TCP/IP protocol layer of the network equipment completes handshake operation according to the TCP/IP handshake operation request;
the network equipment receives an SSL/TLS session connection request of the client;
the SSL/TLS protocol layer of the network equipment negotiates a key according to the SSL/TLS session connection request of the client;
and the network equipment sends the negotiated key to the client.
4. The communication method according to claim 2,
the network equipment receives client data of a terminal, and the method comprises the following steps:
a network card of the network equipment receives client data of a terminal;
the network card of the network equipment sends client data of the terminal to a data plane development kit DPDK of the network equipment;
the network device sends the encrypted data to be sent to the client, and the sending comprises:
the data plane development kit DPDK of the network equipment sends the encrypted data to be sent to a network card of the network equipment;
and the network card of the network equipment sends the encrypted data to be sent to the client.
5. A network device, comprising: the device comprises a processing module and a transmitting-receiving module; the processing module comprises a data plane development suite DPDK, a TCP/IP protocol layer, an SSL/TLS protocol layer and an application program corresponding to a client of the network equipment; wherein the content of the first and second substances,
the receiving and sending module is used for receiving client data of the terminal;
a data plane development kit DPDK of the network device, configured to map the client data to a TCP/IP protocol layer of the network device;
the TCP/IP protocol layer of the network equipment is used for sending the client data to the SSL/TLS protocol layer; the SSL/TLS protocol layer of the network equipment is the upper layer of the TCP/IP protocol layer of the network equipment;
an SSL/TLS protocol layer of the network device for decrypting the client data;
and the SSL/TLS protocol layer of the network equipment is also used for sending the decrypted client data to the application program of the network equipment.
6. The network device of claim 5,
the application program of the network equipment is used for sending data to an SSL/TLS protocol layer of the network equipment;
the SSL/TLS protocol layer of the network equipment is also used for encrypting the data to be sent;
the SSL/TLS protocol layer of the network equipment is also used for sending the encrypted data to be sent to the TCP/IP protocol layer of the network equipment;
the TCP/IP protocol layer of the network equipment is also used for sending the encrypted data to be sent to the DPDK of the network equipment;
the transceiver module is further configured to send the encrypted data to be sent to the client.
7. The network device of claim 6,
the receiving and sending module is further used for receiving a connection request of the client; the connection request of the client comprises a TCP/IP handshake operation request;
the transmitting and receiving module of the TCP/IP protocol layer of the network equipment is also used for finishing handshake operation according to the TCP/IP handshake operation request;
the transceiver module is further configured to receive an SSL/TLS session connection request of the client;
the SSL/TLS protocol layer of the network equipment is also used for negotiating a key according to the SSL/TLS session connection request of the client;
the transceiver module is further configured to send the negotiated key to the client.
8. The network device of claim 6, wherein the transceiver module is a network card.
9. A network device, characterized in that the network device is configured to perform the communication method according to any one of claims 1-4.
10. A computer-readable storage medium, comprising a computer program or instructions which, when run on a computer, cause the computer to carry out the communication method according to any one of claims 1-4.
CN202110526497.0A 2021-04-30 2021-05-14 Communication method, network device, and computer-readable storage medium Pending CN115277036A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2021104798237 2021-04-30
CN202110479823 2021-04-30

Publications (1)

Publication Number Publication Date
CN115277036A true CN115277036A (en) 2022-11-01

Family

ID=83744877

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202110526544.1A Pending CN115277037A (en) 2021-04-30 2021-05-14 Communication method, network device, and computer-readable storage medium
CN202110526497.0A Pending CN115277036A (en) 2021-04-30 2021-05-14 Communication method, network device, and computer-readable storage medium

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202110526544.1A Pending CN115277037A (en) 2021-04-30 2021-05-14 Communication method, network device, and computer-readable storage medium

Country Status (1)

Country Link
CN (2) CN115277037A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955648A (en) * 2024-03-25 2024-04-30 山东航天人工智能安全芯片研究院 Key negotiation system and method based on DPDK architecture

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117955648A (en) * 2024-03-25 2024-04-30 山东航天人工智能安全芯片研究院 Key negotiation system and method based on DPDK architecture
CN117955648B (en) * 2024-03-25 2024-06-04 山东航天人工智能安全芯片研究院 Key negotiation system and method based on DPDK architecture

Also Published As

Publication number Publication date
CN115277037A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN109992405B (en) Method and network card for processing data message
BR112020015946A2 (en) SECURITY TRADING METHOD AND APPARATUS
CN110856220B (en) Data transmission method and terminal
CN110621016B (en) User identity protection method, user terminal and base station
CN114389794A (en) Quantum cloud key negotiation method, device and system, quantum and quantum cloud server
CN113556340B (en) Portable VPN terminal, data processing method and storage medium
CN110730447B (en) User identity protection method, user terminal and core network
CN110856153B (en) Data transmission method and terminal
CN115277036A (en) Communication method, network device, and computer-readable storage medium
CN108322464B (en) Key verification method and device
CN114095277A (en) Power distribution network secure communication method, secure access device and readable storage medium
EP4148606A1 (en) Data encryption or decryption method, apparatus and system
CN112771815A (en) Key processing method and device
CN113455032B (en) Communication method, communication device, and computer-readable medium
CN105939329B (en) Message is transmitted using intermittently available encrypted credentials
CN214281412U (en) Storage gateway and storage system
CN215990843U (en) VPN terminal communication system based on IPSec protocol
CN111526514A (en) Method and apparatus for multi-band communication
CN112004209B (en) Vehicle communication method and device based on V2X
CN114915635A (en) Data processing method and device and computer readable storage medium
CN110297687B (en) Data interaction method, device and system based on virtual host
CN113630393A (en) Information anti-leakage and anti-theft management method and device in computer network security
CN116866106A (en) Electronic device, communication system, communication method, and storage medium
CN114912123A (en) Data processing method and device and computer readable storage medium
CN118101350A (en) Wearable device for monitoring vital signs and control method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication