CN116170198A - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
CN116170198A
CN116170198A CN202310112229.3A CN202310112229A CN116170198A CN 116170198 A CN116170198 A CN 116170198A CN 202310112229 A CN202310112229 A CN 202310112229A CN 116170198 A CN116170198 A CN 116170198A
Authority
CN
China
Prior art keywords
mac address
message
source mac
flow characteristic
abnormal flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310112229.3A
Other languages
Chinese (zh)
Inventor
肖海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN202310112229.3A priority Critical patent/CN116170198A/en
Publication of CN116170198A publication Critical patent/CN116170198A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a message processing method and device. The method is applied to the network equipment and comprises the following steps: acquiring a source MAC address carried in the received message; inquiring whether the source MAC address exists in a preset abnormal flow characteristic table; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication; discarding the message under the condition that the query result shows that the source MAC address exists in the abnormal flow characteristic table; and under the condition that the source MAC address is not queried in the abnormal flow characteristic table, carrying out MAC authentication on the message. By directly discarding the message which does not pass the MAC authentication, the message with the same source MAC address is prevented from being repeatedly authenticated due to continuous access of abnormal traffic, the resource waste is reduced, and the bandwidth occupying normal traffic is avoided.

Description

Message processing method and device
Technical Field
One or more embodiments of the present application relate to the field of network communications technologies, and in particular, to a method and an apparatus for processing a message.
Background
The MAC address (Media Access Control Address) serves as an address identifier for the data link device for uniquely identifying a network card in the network, and is used in conjunction with the IP address to enable communication between the network devices. Communication between computers in both local area and wide area networks ultimately appears as packets from an initial node on some form of link, from one node to another, and ultimately to a destination node, with IP addresses used for locating and reaching the final destination, and MAC addresses used for inter-node verification and forwarding. The MAC authentication is an authentication method for controlling the network access authority of the user based on the port and the MAC address, and the network device may record the MAC address of the network card allowed to access by creating a whitelist of the MAC authentication system, and if the message source MAC address is not in the address range allowed to access (i.e. is not in the whitelist), the message source MAC address may be discarded due to authentication failure.
On the basis that the network equipment has the MAC authentication function, if a certain user is not in the authentication system white list, a large number of messages are continuously sent to the authentication system, the authentication system can only repeatedly check the messages with the same source MAC address, and discard the messages one by one after authentication failure, the process can continuously occupy the flow bandwidth of the authentication system, the performance of the network equipment is continuously consumed, and normal access of other users can be possibly influenced. To avoid this problem, it is desirable to provide a more convenient and feasible message processing scheme.
Disclosure of Invention
The application provides a message processing method and device for solving the defects in the related art.
According to a first aspect of one or more embodiments of the present application, there is provided a method for processing a message, where the method is applied to a network device, and includes:
acquiring a source MAC address carried in a received message;
inquiring whether the source MAC address exists in a preset abnormal flow characteristic table; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication;
discarding the message under the condition that the query result shows that the source MAC address exists in the abnormal flow characteristic table;
and under the condition that the source MAC address is not queried in the abnormal flow characteristic table, carrying out MAC authentication on the message.
Optionally, the network device comprises a field programmable gate array FPGA chip and a CPU chip, and the abnormal flow characteristic table is stored in the FPGA chip;
the querying whether the source MAC address exists in the preset abnormal traffic feature table includes: the FPGA chip inquires whether the source MAC address exists in an abnormal flow characteristic table stored by the FPGA chip;
and performing MAC authentication on the message under the condition that the source MAC address is not queried in the abnormal traffic feature table, where the performing MAC authentication includes: and the CPU chip performs MAC authentication on the message sent by the FPGA chip, and the message is sent by the FPGA chip under the condition that the source MAC address is not inquired in the abnormal flow characteristic table.
Optionally, the MAC authentication of the message sent by the FPGA chip by the CPU chip includes: the CPU chip performs MAC authentication through a MAC authentication system white list;
the method further comprises the steps of: and the CPU chip discards the message and sends a notification message to the FPGA chip under the condition that the source MAC address is not queried in the MAC authentication system white list, wherein the notification message contains the source MAC address so as to instruct the FPGA chip to add the source MAC address to the abnormal flow characteristic table according to the notification message.
Optionally, the method further comprises:
according to the update period set for the abnormal flow characteristic table, acquiring a history source MAC address in a white list of the MAC authentication system at the end of each update period, inquiring in the abnormal flow characteristic table according to the history source MAC address, and deleting a table entry containing any history source MAC address from the abnormal flow characteristic table when the inquiry result shows that any history source MAC address exists in the abnormal flow characteristic table.
Optionally, the abnormal traffic feature table is stored in a hash table created by the FPGA chip, where the hash table includes a hash value of the MAC address that fails to pass authentication and a corresponding entry.
Optionally, the method further comprises:
and deleting the list items with the existence time period exceeding the preset aging time period from the abnormal flow characteristic list when each update period is finished according to the update period set for the abnormal flow characteristic list.
According to a second aspect of one or more embodiments of the present application, there is provided a message processing apparatus, the apparatus comprising:
an acquiring unit, configured to acquire a source MAC address carried in the received packet;
the query unit is used for querying whether the source MAC address exists in a preset abnormal flow characteristic table; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication;
a discarding unit, configured to discard the packet when the query result indicates that the source MAC address exists in the abnormal traffic feature table;
and the authentication unit is used for carrying out MAC authentication on the message under the condition that the source MAC address is not inquired in the abnormal flow characteristic table.
According to a third aspect of one or more embodiments of the present application, there is provided an electronic device comprising: the system comprises a network card chip, a CPU chip and an FPGA chip; wherein,,
the network card chip is used for receiving the message sent by the client device and forwarding the message to the FPGA chip;
the FPGA chip is used for receiving the message sent by the network card chip, acquiring a source MAC address carried by the message, and inquiring whether the source MAC address exists in an abnormal flow characteristic table stored by the FPGA chip; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication; discarding the message under the condition that the query result shows that the source MAC address exists in the abnormal flow characteristic table; under the condition that the source MAC address is not queried in the abnormal flow characteristic table, the message is sent to a CPU chip for MAC authentication;
the CPU chip is used for carrying out MAC authentication on the message sent by the FPGA chip, and the message is sent up by the FPGA chip under the condition that the source MAC address is not inquired in the abnormal flow characteristic table.
According to a fourth aspect of one or more embodiments of the present application, there is provided an electronic device comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any of the first aspects by executing the executable instructions.
According to a fifth aspect of one or more embodiments of the present application, there is provided a computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the method according to any of the first aspects.
In the embodiment provided by the application, by establishing the abnormal flow characteristic table and storing the MAC address which fails to pass authentication historically in the table, after the network equipment acquires the source MAC address carried in the received message, the network equipment can quickly determine that the message cannot pass authentication and directly discard the message under the condition that the query result is present by querying whether the source MAC address exists in the abnormal flow characteristic table, and MAC authentication is not required for the message, so that repeated authentication of the message with the same source MAC address caused by continuous access of the abnormal flow is avoided, further resource waste can be reduced, and the bandwidth occupying normal flow is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following description will briefly introduce the drawings that are required to be used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments described in the embodiments of the present application, and other drawings may also be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a diagram of a network architecture shown in an exemplary embodiment of the present application;
FIG. 2 is a flow chart of a message processing method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a message processing apparatus according to an exemplary embodiment of the present application;
FIG. 4 is a flow chart illustrating another message processing method according to one embodiment of the present application;
FIG. 5 is a schematic block diagram of an apparatus provided in an exemplary embodiment of the present application;
FIG. 6 is a block diagram of a message processing apparatus according to an exemplary embodiment of the present application;
fig. 7 is a simplified schematic diagram of a message processing electronic device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first message may also be referred to as a second message, and similarly, a second message may also be referred to as a first message, without departing from the scope of the present application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
As shown in fig. 1, fig. 1 is a network architecture diagram shown in accordance with an exemplary embodiment of the present application. The network architecture includes a network device and a client establishing a network connection with the network device. The network device according to the embodiment of the present application may include a switch, a router, a firewall, a server device, and the like having a MAC authentication function. The client related to the embodiment of the application may include intelligent electronic devices with network functions, such as a computer, a mobile phone, a tablet, and the like, or may be other network devices capable of sending and forwarding a message, and because the network devices related to the application may establish a network connection with the client, the network devices may be used as a network member to receive a message sent by the client and implement various service functions, for example, a firewall may perform a print or copy task sent by the client, a switch may receive a message sent by the client and perform a task of connecting to a device, a router may receive a message sent by the client and perform a task of connecting to a network, and a firewall may receive a message sent by the client and perform a task of network access restriction. In an embodiment, the network connection is established between the client and a server maintained by the network device, where the network device is configured to receive and process a packet sent by the client device when any one of the client devices accesses the network, record an MAC address of a network card allowed to access by creating a white list of an MAC authentication system, and allow the client device to access the network after the packet passes the MAC authentication, so as to implement various service functions.
The processing chip of the network device can only comprise a CPU chip, can also comprise a CPU chip and a field programmable gate array FPGA chip, can also comprise a CPU chip, an FPGA chip, a network card chip and the like, or can also comprise chips such as a CPU chip, an FPGA chip, a forwarding chip and the like. The CPU chip generally processes software, and the CPU chip can process the software by calling data from the memory, so that the CPU chip has the advantage of being capable of conveniently generating and modifying programs in a general-purpose machine. While FPGA chips use a hardware description language (Hardware Description Language) to achieve specific goals through built-in logic. Other chips such as network card chips and forwarding chips may be used to perform certain intended functions. Other components in the network device are used to cooperate with the processing chip to implement the network device function, which will not be described in detail in this application.
In the related art, on the basis that the network device has the MAC authentication function, if a certain user is not in the authentication system white list, but continuously sends a large number of messages to the authentication system, the authentication system can only repeatedly check the messages with the same source MAC address, and discard the messages one by one after authentication failure, and the process can continuously occupy the traffic bandwidth of the authentication system, continuously consume the performance of the network device, and possibly influence the normal access of other users.
In order to solve the above technical problems, the embodiments of the present application provide a message processing scheme. As shown in fig. 2, fig. 2 is a flowchart of a message processing method according to an exemplary embodiment of the present application, where the method is applied to a network device, and includes:
step S201: and acquiring a source MAC address carried in the received message.
In the embodiment of the application, the network device receives the message sent from the client, and decapsulates the message, so as to obtain the two-layer or three-layer message header information including the source MAC address. The process of receiving and decapsulating messages specifically refers to the process of receiving and decapsulating messages transmitted over a communication cable in optical/electrical signals (corresponding to the bit stream of the physical layer), such as routers, where the network device senses the optical/electrical signals via a physical interface card-PIC (Physical Interface Controller) card in the network interface, converts the signals into data frames (e.g., ethernet frames, PPP frames, ATM cells), performs a "validity" check on the data frames, and sends the contents of the data frames to the Bao Zhuaifa engine PFE. The packet forwarding engine PFE analyzes the two-layer frame header of the message and acquires the source MAC address of the message.
In the embodiment of the application, a forwarding chip or a network card chip can be utilized to receive a message sent by a client device and forward the message to an FPGA chip, where the FPGA chip is configured to receive the message sent by the forwarding chip and obtain a source MAC address carried by the message; the programmable characteristic of the FPGA chip can also be utilized to enable the FPGA chip to receive the message sent by the client device and acquire the source MAC address carried by the message. The main two-layer forwarding functions, such as updating the MAC address table for two-layer forwarding and the three-layer forwarding table for IP forwarding, are finished by the forwarding chip, the network card chip, the FPGA chip and the like, so that the data forwarding with high throughput can be realized, and the message receiving and forwarding efficiency is improved by specially processing the network transmission data.
Step S202: inquiring whether the source MAC address exists in a preset abnormal flow characteristic table; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication.
In this application, the abnormal traffic feature table may be created and maintained by an FPGA chip, and the querying whether the source MAC address exists in the preset abnormal traffic feature table includes: the FPGA chip inquires whether the source MAC address exists in an abnormal flow characteristic table stored by the FPGA chip; the abnormal flow characteristic table can be stored in a memory such as a RAM, a ROM or a hard disk, a flash memory and the like, and is called by the CPU chip and inquired according to the source MAC address of the message, but generally, because all the messages with the destination address of the current network equipment need to be sent to the CPU chip for processing, and the CPU chip also bears the task of MAC authentication, in order to lighten the load of the CPU chip, the processing performance of the CPU chip is improved, and the abnormal flow characteristic table is stored in the FPGA chip, so that the rapid screening of the messages is more beneficial.
In a specific embodiment, the FPGA chip may create and maintain an abnormal traffic profile table composed of a plurality of profile entries, where the profile entries in the table correspond to different MAC addresses, respectively. The data structure of the abnormal flow feature table is not particularly limited in the present application, and any data structure may be adopted based on actual requirements. For example, in practical application, in order to improve the efficiency of table lookup, the abnormal flow feature table may include a plurality of feature table entries, and a query index corresponding to the feature table entries; the query index may specifically be an index established according to a source MAC address carried in the received packet.
In one embodiment shown, as shown in fig. 3, the abnormal flow feature table may be a table created by initializing an FPGA chip; in the table, a plurality of characteristic table items and index items of the query index corresponding to the characteristic table items can be included; the index item may specifically be the source MAC address feature information included in the corresponding feature table item. Specifically, the abnormal flow characteristic table may be a hash table created by initializing an FPGA chip; in the hash table, a plurality of characteristic table items and hash values (i.e. query index items) corresponding to the characteristic table items can be included; the hash value (i.e., the query index item) stored in the hash table may be a hash value of the feature information included in each feature table.
In the maintenance process, after the FPGA chip creates the hash table in an initialization manner, the historical source MAC address which fails the MAC authentication may be added to the corresponding feature table according to the CPU chip notification message. After the characteristic table item is added, the hash value of the history source MAC address information in the newly-built characteristic table item can be further calculated, and then the calculated hash value is associated with the newly-built characteristic table item and stored as a query index item of the history source MAC address information; subsequently, the corresponding feature table item can be queried through the query index item. After acquiring the source MAC address of the received message, the FPGA chip calculates the source MAC address as a hash value and queries the hash table of the abnormal flow characteristic table according to the hash value.
Step S203: and discarding the message under the condition that the query result shows that the source MAC address exists in the abnormal flow characteristic table.
As can be seen from the above embodiments, when the source MAC address is queried in the abnormal traffic feature table, or when the corresponding feature table entry is found in the abnormal traffic feature table according to the feature value of the source MAC address, or when the hash value of the source MAC address is calculated, and the characteristic table entry is queried according to the relationship between the hash value and the query index entry, it is described that the source MAC address is already listed in the abnormal traffic feature table, that is, it has been previously subjected to MAC authentication and failed in authentication, so, in order to block the message continuously sent by the client device that fails to pass the MAC address authentication, especially, the traffic attack from the illegal client device directly discards the message, thereby avoiding repeated authentication, saving network device resources, and reducing consumption of overall performance of the network device.
Step S204: and under the condition that the source MAC address is not queried in the abnormal flow characteristic table, carrying out MAC authentication on the message.
As can be seen from the above embodiments, when the source MAC address is not found in the abnormal traffic feature table, or when the corresponding feature table entry is not found in the abnormal traffic feature table according to the feature value of the source MAC address, or when the hash value of the source MAC address is calculated, and when the corresponding feature table entry is not found according to the relationship between the hash value and the query index entry, the above cases all indicate that the source MAC address is not in the abnormal traffic feature table, that is, it can pass or not pass the MAC authentication, so that the above packet can be subjected to the MAC authentication. The MAC authentication may be implemented by a network device having a MAC authentication function, in a specific embodiment, the CPU chip is used to perform MAC authentication on the packet sent by the FPGA chip, where the packet is sent by the FPGA chip under the condition that the source MAC address is not queried in the abnormal traffic feature table.
In this embodiment of the present application, the MAC authentication performed by the CPU chip on the packet sent by the FPGA chip includes: the CPU chip performs MAC authentication through a MAC authentication system white list; the method further comprises the steps of: and the CPU chip discards the message and sends a notification message to the FPGA chip under the condition that the source MAC address is not queried in the MAC authentication system white list, wherein the notification message contains the source MAC address so as to instruct the FPGA chip to add the source MAC address to the abnormal flow characteristic table according to the notification message. The MAC authentication system white list can be stored in a RAM, a ROM or a hard disk, a flash memory and other memories, is called by a CPU chip and inquired according to the source MAC address of the message, namely the MAC authentication system creates and maintains the authentication system white list and is used for recording the MAC addresses which are allowed to be on line, and characteristic table entries in the list respectively correspond to different MAC addresses. The data structure of the authentication system whitelist is not particularly limited in the present application, and any data structure may be adopted based on actual requirements. For example, in practical application, in order to improve the efficiency of table lookup, the authentication system white list may include a plurality of authentication entries, and a query index corresponding to the authentication entries; the query index may specifically be an index established according to a pre-stored user MAC address.
Referring to fig. 4, fig. 4 is a flowchart of another method for processing a message according to an embodiment of the present application, and in a specific embodiment, the method may be implemented by the steps shown in fig. 4:
step S401: the FPGA chip acquires a source MAC address carried in the received message.
Step S402: the FPGA chip queries whether the source MAC address of the message exists in the own stored abnormal traffic profile, if yes, step S403 is executed, and if no, step S404 is executed.
Step S403: and the FPGA chip discards the message.
Step S404: and the FPGA chip sends the message to the CPU chip.
Step S405: the CPU chip inquires whether the source MAC address of the message exists in the MAC authentication system whitelist, if yes, step S406 is executed, otherwise step S407 is executed (step S407 includes steps S407a and S407 b).
Step S406: the CPU chip service system processes the corresponding service.
Step S407a: the CPU chip discards the message.
Step S407b: and the CPU chip sends a notification message to the FPGA chip, wherein the notification message comprises the source MAC address.
Step S408: and the FPGA chip adds the source MAC address to the abnormal flow characteristic table according to the notification message.
In this embodiment of the present application, the periodic inspection of the abnormal traffic feature table may be implemented according to the update period set by the abnormal traffic feature table, and the IP address recorded by the abnormal traffic feature table stored on the FPGA chip should be completely different by the MAC authentication system whitelist maintained by the CPU chip, so when any historical source MAC address table entry in the MAC authentication system whitelist is deleted due to aging or manual configuration, the message carrying the source MAC address will not pass the MAC authentication, and the CPU chip may send a notification message to the FPGA chip to instruct the FPGA chip to add any historical source MAC address to the abnormal traffic feature table stored by itself. In addition, this embodiment also shows a method for updating the abnormal traffic feature table by the network device according to the table entry of the authentication system white list: according to the update period set for the abnormal flow characteristic table, acquiring a history source MAC address in a white list of the MAC authentication system at the end of each update period, inquiring in the abnormal flow characteristic table according to the history source MAC address, and deleting a table entry containing any history source MAC address from the abnormal flow characteristic table when the inquiry result shows that any history source MAC address exists in the abnormal flow characteristic table.
The application proposes another method for updating the abnormal flow characteristic table: and deleting the list items with the existence time period exceeding the preset aging time period from the abnormal flow characteristic list when each update period is finished according to the update period set for the abnormal flow characteristic list. Assuming that the update period set for the abnormal flow characteristic table is 2 days, the aging time of the preset table entry is 10 days, namely, the characteristic table entry with more than 10 days is considered to have no blocking meaning any more, and the characteristic table entry is deleted from the abnormal flow characteristic table in order to reduce the storage pressure. In a specific embodiment, when the abnormal flow characteristic table is stored in the FPGA chip, the FPGA chip presets the aging time period by programming, and when the update period is finished, the FPGA chip traverses the abnormal flow characteristic table stored by itself, and deletes the table entry with the time period exceeding the preset aging time period. In another embodiment, when the abnormal flow characteristic table is stored in the memory, the CPU chip programs a preset aging period, and when the update period is finished, the CPU chip traverses the abnormal flow characteristic table in the memory, and deletes the table entry with the existence period exceeding the preset aging period.
The above specific manner of storing the abnormal traffic feature table by the FPGA chip to record the MAC address that fails to pass the authentication is merely exemplary, and the storing, searching and updating manner of the abnormal traffic feature table according to the embodiments of the present application may also be other manners commonly used in the art, which is not limited in any way.
Corresponding to the embodiments of the foregoing method, the present application further provides embodiments of an apparatus, an electronic device, and a storage medium.
Fig. 5 is a schematic block diagram of an apparatus according to an exemplary embodiment of the present application. Referring to fig. 5, at the hardware level, the device includes a processor 502, an internal bus 504, a network interface 506, a memory 508, and a nonvolatile memory 510, although other hardware may be included as needed for other services. One or more embodiments of the present application may be implemented in a software-based manner, such as by the processor 502 reading a corresponding computer program from the non-volatile storage 510 into the memory 508 and then running. Of course, in addition to software implementation, one or more embodiments of the present application do not exclude other implementation, such as a logic device or a combination of software and hardware, etc., that is, the execution subject of the following process flows is not limited to each logic unit, but may also be hardware or a logic device. The processor 502 may be a CPU chip, an FPGA chip, a network card chip, or a combination thereof. The abnormal flow characteristic table may be stored in the FPGA chip or may be stored in the nonvolatile memory 510.
As shown in fig. 6, fig. 6 is a block diagram of a packet processing apparatus according to an exemplary embodiment of the present application, where the apparatus may be applied to a device shown in fig. 5 to implement a technical solution of packet processing of the present application, where the apparatus is applied to a network device, and includes:
an obtaining unit 61, configured to obtain a source MAC address carried in the received packet.
A query unit 62, configured to query whether the source MAC address exists in a preset abnormal traffic feature table; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication.
And the discarding unit 63 is configured to discard the packet when the query result indicates that the source MAC address exists in the abnormal traffic feature table.
And an authentication unit 64, configured to perform MAC authentication on the packet when the source MAC address is not queried in the abnormal traffic feature table.
In an exemplary embodiment, the querying unit 62 is further configured to query, through the FPGA chip, whether the source MAC address exists in the abnormal traffic feature table stored in the FPGA chip.
In another exemplary embodiment, the querying unit 62 is further configured to store the abnormal traffic feature table in a hash table created by the FPGA chip, where the hash table includes a hash value of the MAC address that fails authentication and a corresponding entry.
In an exemplary embodiment, the authentication unit 64 is further configured to perform MAC authentication on the packet sent by the FPGA chip through the CPU chip, where the packet is sent by the FPGA chip without querying the source MAC address in the abnormal traffic feature table.
The authentication unit 64 is further configured to discard, by the CPU chip, the message and send a notification message to the FPGA chip, where the notification message includes the source MAC address, where the notification message indicates that the FPGA chip adds the source MAC address to the abnormal traffic feature table according to the notification message, where the source MAC address is not found in the MAC authentication system whitelist.
In addition, the message processing apparatus of the embodiment of the present application further includes: an updating unit (not shown in fig. 6). And the updating unit is used for acquiring the historical source MAC address in the MAC authentication system white list at the end of each updating period according to the updating period set for the abnormal flow characteristic table, inquiring in the abnormal flow characteristic table according to the historical source MAC address, and deleting the table entry containing any historical source MAC address from the abnormal flow characteristic table when the inquiring result shows that any historical source MAC address exists in the abnormal flow characteristic table.
Optionally, the updating unit is further configured to delete, from the abnormal flow feature table, an entry whose existing duration exceeds a preset aging duration at the end of each update period according to the update period set for the abnormal flow feature table.
The implementation process of the functions and roles of each unit in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.
Fig. 7 is a schematic diagram of still another packet processing electronic device according to an exemplary embodiment of the present application, and as shown in fig. 7, the electronic device 7 includes a network card chip 71, an FPGA chip 72, and a CPU chip 73; the network card chip 71 is configured to receive a message sent by a client device, and forward the message to the FPGA chip 72; the FPGA chip 72 is configured to receive the packet sent by the network card chip 71, obtain a source MAC address carried by the packet, and query whether the source MAC address exists in an abnormal traffic feature table stored in the FPGA chip itself; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication; discarding the message under the condition that the query result shows that the source MAC address exists in the abnormal flow characteristic table; in the case that the source MAC address is not found in the abnormal traffic feature table, the message is sent to the CPU chip 73 for MAC authentication; the CPU chip 73 is configured to perform MAC authentication on the message sent by the FPGA chip 72, where the message is sent by the FPGA chip 72 without querying the source MAC address in the abnormal traffic feature table.
Optionally, the CPU chip 73 performs MAC authentication through a MAC authentication system white list; the CPU chip 73 discards the message and sends a notification message to the FPGA chip 72 when the source MAC address is not found in the MAC authentication system whitelist, where the notification message includes the source MAC address to instruct the FPGA chip 72 to add the source MAC address to the abnormal traffic feature table according to the notification message.
In a specific embodiment, according to the update period set for the abnormal traffic feature table, the CPU chip 73 acquires the historical source MAC address in the MAC authentication system white list at the end of each update period, and sends a notification message to the FPGA chip 72 to instruct it to query in the abnormal traffic feature table according to the historical source MAC address, where the query result indicates that any historical source MAC address exists in the abnormal traffic feature table, the FPGA chip 72 deletes the table entry containing any historical source MAC address from the abnormal traffic feature table.
Optionally, the abnormal traffic feature table is stored in a hash table created by the FPGA chip 72, wherein the hash table includes a hash value of the MAC address that fails authentication and a corresponding entry.
Optionally, the FPGA chip 72 deletes entries whose existing duration exceeds a preset aging duration from the abnormal traffic profile at the end of each update period according to the update period set for the abnormal traffic profile.
Correspondingly, the specification also provides electronic equipment, and the device comprises a processor; a memory for storing processor-executable instructions; the processor is configured to implement the steps of the message processing method provided by all the method embodiments.
Accordingly, the present application also provides a computer-readable storage medium having stored thereon executable instructions; when the instruction is executed by the processor, the steps of the message processing method provided by all the method embodiments are realized.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present application. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
The foregoing describes specific embodiments of the present application. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It is to be understood that the present application is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the application is limited only by the appended claims.
The foregoing description of the preferred embodiments of the present invention is not intended to limit the invention to the precise form disclosed, and any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. The message processing method is characterized by being applied to network equipment and comprising the following steps:
acquiring a source MAC address carried in a received message;
inquiring whether the source MAC address exists in a preset abnormal flow characteristic table; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication;
discarding the message under the condition that the query result shows that the source MAC address exists in the abnormal flow characteristic table;
and under the condition that the source MAC address is not queried in the abnormal flow characteristic table, carrying out MAC authentication on the message.
2. The method of claim 1, wherein the network device comprises a field programmable gate array, FPGA, chip and a CPU chip, the abnormal traffic profile being stored in the FPGA chip;
the querying whether the source MAC address exists in the preset abnormal traffic feature table includes: the FPGA chip inquires whether the source MAC address exists in an abnormal flow characteristic table stored by the FPGA chip;
and performing MAC authentication on the message under the condition that the source MAC address is not queried in the abnormal traffic feature table, where the performing MAC authentication includes: and the CPU chip performs MAC authentication on the message sent by the FPGA chip, and the message is sent by the FPGA chip under the condition that the source MAC address is not inquired in the abnormal flow characteristic table.
3. The method of claim 2, wherein the step of determining the position of the substrate comprises,
the CPU chip performs MAC authentication on the message sent by the FPGA chip, and the method comprises the following steps: the CPU chip performs MAC authentication through a MAC authentication system white list;
the method further comprises the steps of: and the CPU chip discards the message and sends a notification message to the FPGA chip under the condition that the source MAC address is not queried in the MAC authentication system white list, wherein the notification message contains the source MAC address so as to instruct the FPGA chip to add the source MAC address to the abnormal flow characteristic table according to the notification message.
4. A method according to claim 3, characterized in that the method further comprises:
according to the update period set for the abnormal flow characteristic table, acquiring a history source MAC address in a white list of the MAC authentication system at the end of each update period, inquiring in the abnormal flow characteristic table according to the history source MAC address, and deleting a table entry containing any history source MAC address from the abnormal flow characteristic table when the inquiry result shows that any history source MAC address exists in the abnormal flow characteristic table.
5. The method of claim 2, wherein the abnormal traffic feature table is stored in a hash table created by the FPGA chip, wherein the hash table includes a hash value of the MAC address that failed authentication and a corresponding entry.
6. The method according to claim 1, wherein the method further comprises:
and deleting the list items with the existence time period exceeding the preset aging time period from the abnormal flow characteristic list when each update period is finished according to the update period set for the abnormal flow characteristic list.
7. A message processing apparatus, applied to a network device, comprising:
an acquiring unit, configured to acquire a source MAC address carried in the received packet;
the query unit is used for querying whether the source MAC address exists in a preset abnormal flow characteristic table; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication;
a discarding unit, configured to discard the packet when the query result indicates that the source MAC address exists in the abnormal traffic feature table;
and the authentication unit is used for carrying out MAC authentication on the message under the condition that the source MAC address is not inquired in the abnormal flow characteristic table.
8. An electronic device, comprising: the system comprises a network card chip, a CPU chip and an FPGA chip; wherein,,
the network card chip is used for receiving the message sent by the client device and forwarding the message to the FPGA chip;
the FPGA chip is used for receiving the message sent by the network card chip, acquiring a source MAC address carried by the message, and inquiring whether the source MAC address exists in an abnormal flow characteristic table stored by the FPGA chip; the abnormal flow characteristic table is used for storing MAC addresses which fail to pass authentication; discarding the message under the condition that the query result shows that the source MAC address exists in the abnormal flow characteristic table; under the condition that the source MAC address is not queried in the abnormal flow characteristic table, the message is sent to a CPU chip for MAC authentication;
the CPU chip is used for carrying out MAC authentication on the message sent by the FPGA chip, and the message is sent up by the FPGA chip under the condition that the source MAC address is not inquired in the abnormal flow characteristic table.
9. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to implement the method of message processing according to any of claims 1-6 by executing the executable instructions.
10. A computer readable storage medium having stored thereon computer instructions which when executed by a processor perform the steps of the message processing method according to any of claims 1-6.
CN202310112229.3A 2023-01-31 2023-01-31 Message processing method and device Pending CN116170198A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310112229.3A CN116170198A (en) 2023-01-31 2023-01-31 Message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310112229.3A CN116170198A (en) 2023-01-31 2023-01-31 Message processing method and device

Publications (1)

Publication Number Publication Date
CN116170198A true CN116170198A (en) 2023-05-26

Family

ID=86421518

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310112229.3A Pending CN116170198A (en) 2023-01-31 2023-01-31 Message processing method and device

Country Status (1)

Country Link
CN (1) CN116170198A (en)

Similar Documents

Publication Publication Date Title
CN113812126B (en) Message transmission method, device and system, and readable storage medium
JP3717836B2 (en) Dynamic load balancer
CN106412142B (en) Resource equipment address obtaining method and device
US10819659B2 (en) Direct replying actions in SDN switches
US11019026B2 (en) Method for applying TCP/IP protocol in mesh network
US20200252291A1 (en) Method and system for consistent policy enforcement through fabric offloading
US7451203B2 (en) Method and system for communicating between a management station and at least two networks having duplicate internet protocol addresses
CN109428780B (en) Traffic monitoring scheduling method and device, server and storage medium
WO2014114196A1 (en) Keeping a terminal access location record alive
CA2774281C (en) User access method, system, access server, and access device
CN110278152B (en) Method and device for establishing fast forwarding table
US20220286409A1 (en) Method and apparatus for configuring quality of service policy for service, and computing device
US20240106751A1 (en) Method and apparatus for processing detnet data packet
CN112887229A (en) Session information synchronization method and device
EP4366264A1 (en) Communication method based on segment routing over internet protocol version 6 (srv6)
US10805202B1 (en) Control plane compression of next hop information
US9270593B2 (en) Prediction based methods for fast routing of IP flows using communication/network processors
US7181567B2 (en) Hitless restart of access control module
CN112769694B (en) Address checking method and device
CN114025000A (en) Method, device, equipment and storage medium for establishing network access relationship
US20100023620A1 (en) Access controller
US8305918B2 (en) Method of configuring the quality-of-service profile of a given stream at an access node of a packet communications network
CN116170198A (en) Message processing method and device
US20090323548A1 (en) Method, system and terminal for determining qos level
CN111614791B (en) Access device for entity link analysis and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination