CN116455795A - Network message packet capturing method - Google Patents
Network message packet capturing method Download PDFInfo
- Publication number
- CN116455795A CN116455795A CN202310439528.8A CN202310439528A CN116455795A CN 116455795 A CN116455795 A CN 116455795A CN 202310439528 A CN202310439528 A CN 202310439528A CN 116455795 A CN116455795 A CN 116455795A
- Authority
- CN
- China
- Prior art keywords
- message
- network
- special
- splitter
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000004891 communication Methods 0.000 claims abstract description 6
- 238000012545 processing Methods 0.000 claims description 37
- 238000005516 engineering process Methods 0.000 claims description 5
- 238000007781 pre-processing Methods 0.000 claims description 3
- 238000012827 research and development Methods 0.000 abstract description 4
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009933 burial Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/12—Protocol engines
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/14—Multichannel or multilink protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a network message packet capturing method, and belongs to the technical field of communication. The method is convenient for a developer to process special network messages in a user mode, can also process common network protocol messages by utilizing an operating system network protocol stack, is easy to debug programs, reduces the research and development cost of special network equipment, and shortens the project period. Therefore, the method for capturing the packets of the application program has the characteristics of high efficiency, low time delay, autonomy and controllability and the like, and can fully utilize the network protocol stack of the operating system to process some common messages. The method is suitable for being applied to various network devices and has good market prospect.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a network message packet grabbing method.
Background
With the development of information technology, the kinds of network devices are new every day and every month, and the functions of the network devices are continuously enhanced. The main network device message processing software technologies in the market in the past mainly include two types:
(1) network message processing based on netfilter framework, which is developed in kernel state, has high requirement on technical storage of researchers, is not easy to debug and position, has high research and development cost and long project period;
(2) the technology is mainly developed in a user mode based on network message processing of a virtual network card, but a network protocol stack of an operating system cannot be used, and common messages of the technology need to be processed by themselves (such as ARP, RARP, neighbor discovery, IGMP and the like), so that a certain technical reserve is needed for researchers, and the research and development cost is high.
Disclosure of Invention
First, the technical problem to be solved
The invention aims to solve the technical problems that: how to design a method for autonomously controlling and grabbing any needed message without affecting the work of the network protocol stack itself and other application programs.
(II) technical scheme
In order to solve the technical problems, the invention provides a network message packet capturing method, which comprises the following steps:
the first step: creating a virtual network bridge, adding a network card for receiving special messages to the virtual network bridge, switching the network card to a hybrid mode, receiving all messages passing through the network card, and handing the messages to the bound virtual network bridge for processing;
and a second step of: registering a message splitter at a buried point for preprocessing a message on a virtual network bridge, wherein the message splitter is a specific kernel module, and the virtual network bridge can give the message to the message splitter for processing after receiving the message;
and a third step of: two channels are established between the special message processing application program and the message splitter, wherein one channel is used for sending a control command, the other channel is used for transmitting a special message, when the special message processing application program starts to work, the control command is sent to the message splitter, and after the message splitter receives the starting command, the updating state is started and the special message parameters are updated;
fourth step: the message received by the network card is delivered to the virtual network bridge for processing, the message received by the virtual network bridge is delivered to the message splitter for processing, and the message splitter judges whether the message is a special message according to the received control command: if the message is a special message, the message is transmitted to a special message application program for processing through a special channel, and if the message is not the special message, the message is returned to a system network protocol stack for processing;
fifth step: the special message processing application program reads the special message belonging to the application program and carries out service processing; the system network protocol stack continues to process the non-special message;
sixth step: when the special message processing application program stops working, a stop command is sent to the message splitter, and the message splitter updates the state to stop after receiving the stop command.
Preferably, one virtual bridge may add multiple network cards.
Preferably, for the linux operating system, the burial point is located at nf_br_pre_routing hook point of netfilter.
Preferably, the control command includes a special message parameter and a start command.
The invention also provides network equipment applying the method.
Preferably, the network device is a special network device.
Preferably, the special network device is a network crypto-engine.
Preferably, the special network device is a network tester.
The invention also provides application of the method in the technical field of communication.
The invention also provides application of the network equipment in the technical field of communication.
(III) beneficial effects
The invention provides a network message grabbing method, which is a method that an application program based on an operating system network protocol stack frame can autonomously control and grab any required message, and does not influence the work of the network protocol stack and other application programs. The method is convenient for a developer to process special network messages in a user mode, can also process common network protocol messages by utilizing an operating system network protocol stack, is easy to debug programs, reduces the research and development cost of special network equipment, and shortens the project period. Therefore, the method for capturing the packets of the application program has the characteristics of high efficiency, low time delay, autonomy and controllability and the like, and can fully utilize the network protocol stack of the operating system to process some common messages. The method is suitable for being applied to various network devices (especially special network devices such as a network cipher machine, a network tester and the like), and has good market prospect.
Drawings
FIG. 1 is a schematic diagram of a method design of the present invention;
fig. 2 is a flow chart of the message splitter process in the present invention.
Detailed Description
To make the objects, contents and advantages of the present invention more apparent, the following detailed description of the present invention will be given with reference to the accompanying drawings and examples.
Referring to fig. 1 and 2, the method for capturing packets of network messages provided by the invention comprises the following steps:
the first step: creating a virtual network bridge, adding a network card for receiving special messages to the virtual network bridge, wherein one bridge can add a plurality of network cards. Then the network card will switch to PromiscuousMode (promiscuous mode) to receive all the messages passing through it and deliver the messages to the binding virtual network bridge for processing;
and a second step of: the message splitter (nf_br_pre_routing hook point of the linux operating system at the embedded point of the netfilter) is registered at the embedded point of the virtual bridge for preprocessing the message, and is a specific kernel module. The virtual network bridge receives the message and then gives the message to the message splitter for processing.
And a third step of: two channels are established between the special message processing application program and the message splitter, wherein one channel is used for sending a control command, the other channel is used for transmitting a special message, when the special message processing application program starts to work, the control command (comprising a special message parameter, a starting command and the like) is sent to the message splitter, and the message splitter updates the state to be started after receiving the starting command and updates the special message parameter;
fourth step: the message received by the network card is delivered to the virtual network bridge for processing, and the message received by the virtual network bridge is delivered to the message splitter for processing. The message splitter judges whether the message is a special message according to the received control command: if the message is a special message, the message is transmitted to a special message application program for processing through a special channel, and if the message is not the special message, the message is returned to a system network protocol stack for processing;
fifth step: the special message processing application program reads the special message belonging to the application program and carries out service processing; the system network protocol stack continues to process the non-special message;
sixth step: when the special message processing application program stops working, a stop command is sent to the message splitter, and the message splitter updates the state to stop after receiving the stop command.
It can be seen that the present invention adds the network card for receiving the special message to the virtual network bridge, registers the message splitter in the virtual network bridge, establishes two channels between the special message processing application program and the message splitter for respectively transmitting the control command and the special message, and the message splitter directly transmits the special message to the application program through the special channel according to the received control command, and returns other messages to the system network protocol stack for continuous processing, thereby realizing autonomous control and grasping of any required message.
The foregoing is merely a preferred embodiment of the present invention, and it should be noted that modifications and variations could be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.
Claims (10)
1. The network message packet grabbing method is characterized by comprising the following steps of:
the first step: creating a virtual network bridge, adding a network card for receiving special messages to the virtual network bridge, switching the network card to a hybrid mode, receiving all messages passing through the network card, and handing the messages to the bound virtual network bridge for processing;
and a second step of: registering a message splitter at a buried point for preprocessing a message on a virtual network bridge, wherein the message splitter is a specific kernel module, and the virtual network bridge can give the message to the message splitter for processing after receiving the message;
and a third step of: two channels are established between the special message processing application program and the message splitter, wherein one channel is used for sending a control command, the other channel is used for transmitting a special message, when the special message processing application program starts to work, the control command is sent to the message splitter, and after the message splitter receives the starting command, the updating state is started and the special message parameters are updated;
fourth step: the message received by the network card is delivered to the virtual network bridge for processing, the message received by the virtual network bridge is delivered to the message splitter for processing, and the message splitter judges whether the message is a special message according to the received control command: if the message is a special message, the message is transmitted to a special message application program for processing through a special channel, and if the message is not the special message, the message is returned to a system network protocol stack for processing;
fifth step: the special message processing application program reads the special message belonging to the application program and carries out service processing; the system network protocol stack continues to process the non-special message;
sixth step: when the special message processing application program stops working, a stop command is sent to the message splitter, and the message splitter updates the state to stop after receiving the stop command.
2. The method of claim 1, wherein a virtual bridge may add multiple network cards.
3. The method of claim 1, wherein for a linux operating system, the embedded point is located at nf_br_pre_routing hook point of netfilter.
4. The method of claim 1, wherein the control command comprises a special message parameter, a start command.
5. A network device applying the method of any one of claims 1 to 4.
6. The network device of claim 5, wherein the network device is a specialty network device.
7. The network device of claim 6, wherein the special network device is a network crypto-engine.
8. The network device of claim 6, wherein the special network device is a network tester.
9. Use of a method according to any one of claims 1 to 4 in the field of communication technology.
10. Use of a network device according to any of claims 5 to 8 in the field of communication technology.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310439528.8A CN116455795A (en) | 2023-04-23 | 2023-04-23 | Network message packet capturing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310439528.8A CN116455795A (en) | 2023-04-23 | 2023-04-23 | Network message packet capturing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116455795A true CN116455795A (en) | 2023-07-18 |
Family
ID=87127174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310439528.8A Pending CN116455795A (en) | 2023-04-23 | 2023-04-23 | Network message packet capturing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116455795A (en) |
-
2023
- 2023-04-23 CN CN202310439528.8A patent/CN116455795A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101442513B (en) | Method for implementing various service treatment function and multi-nuclear processor equipment | |
| CN102025616B (en) | Method, device and switch for realizing BFD (Bidirectional Forwarding Detection) | |
| CN103139157B (en) | A kind of based on the network communication method of socket, Apparatus and system | |
| CN111614631B (en) | User mode assembly line framework firewall system | |
| CN104158868B (en) | A kind of document transmission method and management server | |
| CN102892089A (en) | Message pushing method, device and system | |
| EP2883123B1 (en) | Forwarding packet in stacking system | |
| WO2022032984A1 (en) | Mqtt protocol simulation method and simulation device | |
| CN105162702A (en) | AC current guide method and device | |
| CN106302536B (en) | The method and apparatus communicated between all-in-one machine multisystem based on interchanger | |
| CN103517164B (en) | A kind of optical network unit data configuration control method | |
| CN102307141B (en) | Message forwarding method and device | |
| CN113315665B (en) | Message sending method, device, equipment and medium of dual-network-card terminal equipment | |
| EP3989386A1 (en) | Communication and interaction method and system | |
| CN105049162A (en) | Public network information high-efficiency transmission method based on Epoll model | |
| CN102752188A (en) | Transmission control protocol connection migratory method and system | |
| CN110213320A (en) | Method, apparatus, electronic equipment and the computer readable storage medium of communication connection | |
| CA2413509A1 (en) | Architecture and run-time environment for network filter drivers | |
| CN107682384A (en) | Virtual desktop multicast control method, terminal, proxy terminal and cloud desktop server | |
| CN101184032B (en) | Stacked system equipment communication method | |
| CN116455795A (en) | Network message packet capturing method | |
| CN102681969B (en) | Based on the long frame data transmission method of CAN | |
| CN103379130A (en) | Network access system and method based on application layer data | |
| CN105471718B (en) | A kind of implementation method of full duplex message queue | |
| CN101335610B (en) | ARP synchronization method in high-side Ethernet network switch |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |