CN116527529A - Data communication method, device, electronic equipment and medium - Google Patents

Data communication method, device, electronic equipment and medium Download PDF

Info

Publication number
CN116527529A
CN116527529A CN202310436388.9A CN202310436388A CN116527529A CN 116527529 A CN116527529 A CN 116527529A CN 202310436388 A CN202310436388 A CN 202310436388A CN 116527529 A CN116527529 A CN 116527529A
Authority
CN
China
Prior art keywords
data packet
network domain
network
field
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310436388.9A
Other languages
Chinese (zh)
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nfs China Software Co ltd
Original Assignee
Nfs China Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nfs China Software Co ltd filed Critical Nfs China Software Co ltd
Priority to CN202310436388.9A priority Critical patent/CN116527529A/en
Publication of CN116527529A publication Critical patent/CN116527529A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session

Abstract

The embodiment of the application provides a data communication method, a device, electronic equipment and a medium, wherein the method specifically comprises the following steps: creating at least one virtual network card; creating a network domain according to a target virtual network card in at least one virtual network card, and generating configuration information of the network domain; receiving a data packet; analyzing the data packet to obtain field content corresponding to a preset field in the data packet; detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first equipment so as to obtain a corresponding detection result; the detection comprises the following steps: detecting crossing network domains, wherein the detection result characterizes the data packet to the data transmission crossing the network domains under the condition that the data packet crosses the network domains; and refusing the sending operation of the data packet under the condition that the detection result characterizes the data packet to be transmitted across the network domain. The embodiment of the application can reduce the occurrence probability of the data leakage behavior between different network domains.

Description

Data communication method, device, electronic equipment and medium
Technical Field
The embodiment of the application relates to the technical field of communication, in particular to a data communication method, a data communication device, electronic equipment and a medium.
Background
With the development of communication technology, many organizations build their own network domains. Common network domains include campus networks, enterprise intranets, and the like. For example, a network domain within an enterprise may include: network domain 1 and network domain 2, etc. to satisfy the data access request inside the enterprise.
In practical applications, computers in different network domains can perform data interaction, which easily causes data leakage between different network domains. For example, in the case where the computer 2 in the network domain 2 accesses important data in the computer 1 in the network domain 1, leakage of the important data in the network domain 1 is easily caused.
Disclosure of Invention
The embodiment of the application provides a data communication method which can reduce the occurrence probability of data leakage behaviors among different network domains.
Correspondingly, the embodiment of the application also provides a data communication device, electronic equipment and a machine-readable medium, which are used for guaranteeing the implementation and application of the method.
To solve the above problems, an embodiment of the present application discloses a data communication method, where the method is applied to a first device, and includes:
creating at least one virtual network card;
Creating a network domain according to a target virtual network card in the at least one virtual network card, and generating configuration information of the network domain;
receiving a data packet;
analyzing the data packet to obtain field content corresponding to a preset field in the data packet; the preset field includes at least one of the following fields: a source address field, a destination address field, and a custom field;
detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first device so as to obtain a corresponding detection result; the detecting includes: detecting crossing network domains, wherein the detection result characterizes the data packet to be transmitted by crossing network domains under the condition that the data packet crosses the network domains;
and refusing the sending operation of the data packet under the condition that the detection result characterizes the data packet to be transmitted in a cross-network domain data transmission mode.
To solve the above problems, an embodiment of the present application discloses a data communication method, where the method is applied to a first device, and includes:
the virtual network card creation module is used for creating at least one virtual network card;
the network domain creation configuration module is used for creating a network domain according to a target virtual network card in the at least one virtual network card and generating configuration information of the network domain;
The receiving module is used for receiving the data packet;
the analysis module is used for analyzing the data packet to obtain field content corresponding to a preset field in the data packet; the preset field includes at least one of the following fields: a source address field, a destination address field, and a custom field;
the detection module is used for detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first equipment so as to obtain a corresponding detection result; the detecting includes: detecting crossing network domains, wherein the detection result characterizes the data packet to be transmitted by crossing network domains under the condition that the data packet crosses the network domains;
and the decision module is used for rejecting the sending operation of the data packet under the condition that the detection result characterizes the data packet to be transmitted across the network domain.
Optionally, the detection module includes:
the first matching module is used for carrying out first matching on the field content corresponding to the source address field and the field content corresponding to the target address field so as to obtain a corresponding first matching result;
and the first judging module is used for judging whether the data packet spans a network domain according to the first matching result.
Optionally, the detection module includes:
the second matching module is used for carrying out second matching on field content corresponding to the source address field and the local network domain information contained in the configuration information so as to obtain a corresponding second matching result;
and the second judging module is used for judging whether the data packet spans the network domain according to the second matching result.
Optionally, the detection module includes:
the third matching module is used for carrying out third matching on field content corresponding to the target address field and the local network domain information contained in the configuration information so as to obtain a corresponding third matching result;
and the third judging module is used for judging whether the data packet spans the network domain according to the third matching result.
Optionally, the detection module includes:
the fourth matching module is used for carrying out fourth matching on the field content corresponding to the custom field and the custom field information contained in the configuration information so as to obtain a corresponding fourth matching result;
and the fourth judging module is used for judging whether the data packet relates to cross-network domain data transmission or not according to the fourth matching result.
Optionally, during the installation of the operating system, at least one virtual network card is created:
The network domain creation configuration module includes:
the option providing module is used for providing at least one network domain option after the installation of the operating system is completed, so that a user can select a target network domain option from the at least one network domain option;
and the network establishing module is used for establishing network connection according to the target virtual network card corresponding to the target network domain option so that the target virtual network card bears the network domain.
Optionally, the configuration information includes at least one of the following information: local network domain information and custom field information.
The embodiment of the application also discloses electronic equipment, which comprises: a processor; and a memory having executable code stored thereon that, when executed, causes the processor to perform the method as described in embodiments of the present application.
Also disclosed are machine-readable media having stored thereon executable code that, when executed, causes a processor to perform a method as described in embodiments of the present application.
Embodiments of the present application include the following advantages:
in the technical scheme of the embodiment of the application, the first equipment creates at least one virtual network card; creating a network domain according to a target virtual network card in the at least one virtual network card, and generating configuration information of the network domain; after receiving the data packet, analyzing to obtain field content corresponding to a preset field in the data packet, and detecting the data packet according to the field content and/or configuration information of a network domain corresponding to the first device.
Detection of embodiments of the present application may include: cross-domain detection, which may refer to different network domains for data packets. In the embodiment of the application, under the condition that the data packet spans a network domain, the obtained detection result represents that the data packet has a data leakage risk of the data packet spans the network domain, and the sending operation of the data packet is refused; in this way, the embodiment of the application can reject the sending operation of the data packet crossing the network domains (related to different network domains), so the embodiment of the application can reduce the data interaction condition among different network domains to a certain extent, therefore, the embodiment of the application can reduce the risk of data leakage crossing the network domains, and can reduce the occurrence probability of the data leakage behavior among different network domains.
Drawings
FIG. 1 is a flow chart illustrating steps of a data communication method according to one embodiment of the present application;
FIG. 2 is a schematic diagram of a data communication scenario of one embodiment of the present application;
FIG. 3 is a schematic diagram of a data communication scenario of one embodiment of the present application;
FIG. 4 is a schematic diagram of a data communication scenario of one embodiment of the present application;
FIG. 5 is a flow chart illustrating steps of a method of data communication according to one embodiment of the present application;
FIG. 6 is a schematic diagram of a data communication apparatus according to one embodiment of the present application;
fig. 7 is a schematic structural view of an apparatus according to an embodiment of the present application.
Detailed Description
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings.
The embodiment of the application can be applied to network domain communication scenes corresponding to organizations such as schools and enterprises. For example, a network domain within an enterprise may include: network domain 1 and network domain 2, etc. to satisfy the data access request inside the enterprise.
In the embodiment of the application, the network domain may be a node set with a network security boundary. Nodes within the network domain typically use the same IP (internet protocol ) address. There may be a correspondence between network domain information and IP addresses. Based on the IP address of the node, corresponding network domain information may be determined. The network domain information may include: network domain identification, etc. can identify information of the network domain. The network domain identification may include information such as a network domain name.
In practical applications, computers in different network domains can perform data interaction, which easily causes data leakage between different network domains. For example, in the case where the computer 2 in the network domain 2 accesses important data in the computer 1 in the network domain 1, leakage of the important data in the network domain 1 is easily caused.
Aiming at the technical problem that data interaction between different network domains causes data leakage between different network domains in the related art, the embodiment of the application provides a data communication method, which can be applied to a first device and specifically comprises the following steps: creating at least one virtual network card; creating a network domain according to a target virtual network card in the at least one virtual network card, and generating configuration information of the network domain; receiving a data packet; analyzing the data packet to obtain field content corresponding to a preset field in the data packet; the preset field specifically comprises at least one of the following fields: a source address field, a destination address field, and a custom field; detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first device so as to obtain a corresponding detection result; the detection specifically comprises the following steps: detecting crossing network domains, wherein in the case that the data packet crosses the network domains, the detection result characterizes the data packet to be transmitted by crossing the network domains; and rejecting the sending operation of the data packet in case the detection result characterizes the data packet to be transmitted across the network domain.
In the technical solution of the embodiment of the present application, the data packet may originate from the second device, and the first device may be an intermediate node or a destination node of the data packet. After receiving the data packet, the first device analyzes to obtain field content corresponding to a preset field in the data packet, and detects the data packet according to the field content and/or configuration information of a network domain corresponding to the first device, wherein the detection is used for detecting whether the data packet has a risk of data leakage across the network domain, and the sending operation of the data packet is refused under the condition that the detection result represents that the data packet has the risk of data leakage across the network domain.
Detection of embodiments of the present application may include: cross-domain detection, which may refer to different network domains for data packets. In the embodiment of the application, under the condition that the data packet spans a network domain, the obtained detection result represents that the data packet has a data leakage risk of the data packet spans the network domain, and the sending operation of the data packet is refused; in this way, the embodiment of the application can reject the sending operation of the data packet crossing the network domains (related to different network domains), so that the embodiment of the application can reduce the data interaction condition among different network domains to a certain extent, and therefore, the embodiment of the application can reduce the occurrence probability of the data leakage behavior among different network domains.
Method embodiment one
Referring to fig. 1, there is shown a schematic flow chart of steps of a data communication method according to an embodiment of the present application, where the method may be applied to a first device, and the method may specifically include the following steps:
step 101, receiving a data packet;
step 102, analyzing the data packet to obtain field content corresponding to a preset field in the data packet; the preset field may specifically include at least one of the following fields: a source address field, a destination address field, and a custom field;
step 103, detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first device, so as to obtain a corresponding detection result; the detecting may include: detecting across network domains, wherein the detection result represents that the data packet relates to data transmission across network domains under the condition that the data packet spans the network domains, so as to further illustrate that the data packet has the risk of data leakage across the network domains;
step 104, refusing the sending operation of the data packet in the case that the detection result characterizes the data packet to be transmitted across the network domain.
In practical applications, the first device may be a device in an organization such as a school, an enterprise, or the like, and of course, the embodiment of the present application is not limited to a specific first device.
In step 101, a data packet may originate from a second device, which may be different from the first device. The first device may be an intermediate node or a destination node of the data packet. The second device may be a source node of the data packet, and may route the data packet for transmission to a destination node. And the intermediate node may be a pathway node of the data packet.
In step 102, the data packet may be parsed according to the structure information of the data packet, so as to obtain field contents corresponding to the preset field in the data packet.
The structure information may include: a field included in the data packet, and location information of the field in the data packet. The location information may include: position number or position order, etc.
In one example, the data packet may be an IP data packet; the data packets may include, in order from front to back: a header portion and a data portion; wherein the header portion may include, in order from front to back: source address field, destination address field, custom field, length field, IP version field, etc. According to the embodiment of the application, the header part can be firstly obtained from the data packet, and then the field contents respectively corresponding to preset fields such as the source address field, the target address field, the custom field and the like are obtained from the header part according to the position numbers or the position sequences of the source address field, the target address field and the custom field in the header part.
The source address field may characterize an address corresponding to a starting node of the data packet, e.g., the source address field may include: the source IP address corresponding to the start node of the packet. The destination address field may characterize an address corresponding to a destination node of the data packet, e.g., the destination address field may include: the destination IP address corresponding to the destination node of the data packet. Custom fields may be determined by one skilled in the art based on the actual application requirements. For example, the custom field may include a device identification corresponding to the originating node. The device identification may uniquely identify the originating node, e.g., the device identification may include: information such as MAC (media access control, media Access Control Address) address, or device serial number, it is to be understood that embodiments of the present application are not limited to specific device identifications.
In step 103, the data packet is detected according to the field content and/or the configuration information of the network domain corresponding to the first device, so as to determine whether the data packet relates to cross-network domain data transmission, and further determine whether the data packet has a risk of cross-network domain data leakage.
Detection of embodiments of the present application may include: cross-domain detection, which may refer to different network domains for data packets. For cross-network domain detection, the embodiment of the application can provide the following technical scheme for detecting the data packet:
Technical proposal 1,
In the technical scheme 1, the process of detecting the data packet specifically may include: performing first matching on field contents corresponding to the source address field and field contents corresponding to the target address field to obtain a corresponding first matching result; and judging whether the data packet spans a network domain according to the first matching result.
In practical application, the field content corresponding to the source address field may be a source IP address, and the field content corresponding to the destination address field may be a destination IP address.
According to the technical scheme 1, first matching is conducted on field contents corresponding to a source address field of a data packet and field contents corresponding to a target address field of the data packet. Because the network domain information and the IP address can have a corresponding relation, the field content corresponding to the source address field can represent the network domain information of the initial node, and the field content corresponding to the destination address field can represent the network domain information of the destination node; in this way, the first matching result can reflect whether the start node and the destination node corresponding to the data packet relate to the same network domain.
Specifically, in the case that the first matching result is that the matching is successful, it may be explained that the start node and the destination node corresponding to the data packet relate to the same network domain, that is, the data packet does not cross the network domain; or, in the case that the first matching result is that the matching fails, it may be stated that the source node and the destination node corresponding to the data packet relate to different network domains, that is, the data packet spans the network domains.
Referring to fig. 2, a schematic diagram of a data communication scenario of an embodiment of the present application is shown, where a second device is located in network domain 1, and attempts to send a data packet to a third device in network domain 2, so a field content of a source address field of the data packet is a second IP address corresponding to the second device, and a field content of a destination address field of the data packet is a third IP address corresponding to the third device. Assuming that the data packet passes through the first device, whether the first device is in the network domain 1 or the network domain 2, the first device can determine whether the data packet spans the network domain, and adopts a corresponding processing means.
Taking the example of the first device in network domain 1 in fig. 2, the first device may determine that the field content of the source address field of the data packet does not match the field content of the destination address field of the data packet based on the first match, and determine that the data packet attempts to cross-domain from network domain 1 to network domain 2. Therefore, the sending operation of the data packet can be refused, and the data interaction condition between different network domains can be reduced.
Technical proposal 2,
In the technical scheme 2, the process of detecting the data packet may specifically include: performing second matching on field content corresponding to the source address field and local network domain information contained in the configuration information to obtain a corresponding second matching result; and judging whether the data packet spans a network domain according to the second matching result.
The local network domain information may characterize network domain information corresponding to the first device. The local network domain information may be a network domain identification corresponding to the first device. According to the embodiment of the application, according to the corresponding relation between the network domain information and the IP address, the field content corresponding to the source address field and the local network domain information contained in the configuration information can be subjected to second matching. For example, according to the field content corresponding to the source address field, searching in the corresponding relation, and comparing the target network domain information obtained by searching with the local network domain information; if the comparison results are different, the second matching result is a matching failure, or if the comparison results are the same, the second matching result is a matching success. Or, according to the local network domain information, searching in the corresponding relation, and comparing the searched target IP address with the field content corresponding to the source address field; if the comparison results are different, the second matching result is a matching failure, or if the comparison results are the same, the second matching result is a matching success.
The second matching result can reflect whether the initial node corresponding to the data packet and the first device relate to the same network domain. Specifically, in the case that the second matching result is that the matching is successful, it may be stated that the starting node corresponding to the data packet and the first device relate to the same network domain, that is, the data packet does not cross the network domain; or, in the case that the second matching result is that the matching fails, it may be stated that the start node corresponding to the data packet and the first device relate to different network domains, that is, the data packet spans the network domains.
Referring to fig. 3, a schematic diagram of a data communication scenario of an embodiment of the present application is shown, where a second device is located in network domain 1, and attempts to send a data packet to a third device in network domain 2, so a field content of a source address field of the data packet is a second IP address corresponding to the second device, and a field content of a destination address field of the data packet is a third IP address corresponding to the third device. Assuming that the data packet passes through the first device, whether the first device is in the network domain 1 or the network domain 2, the first device can determine whether the data packet spans the network domain, and adopts a corresponding processing means.
In fig. 3, taking the case that the first device is in the network domain 2 as an example, the first device may determine, based on the second match, that the field content of the source address field of the data packet does not match with the local network domain information of the first device, and determine that the data packet spans from the network domain 1 to the network domain 2, so that the sending operation of the data packet may be refused, and further, the data interaction situation between different network domains may be reduced.
Technical proposal 3,
In the technical solution 3, the process of detecting the data packet may specifically include: performing third matching on field content corresponding to the target address field and local network domain information contained in the configuration information to obtain a corresponding third matching result; and judging whether the data packet spans a network domain according to the third matching result.
According to the embodiment of the application, according to the corresponding relation between the network domain information and the IP address, the field content corresponding to the destination address field and the local network domain information contained in the configuration information can be subjected to third matching. For example, according to the field content corresponding to the destination address field, searching in the corresponding relationship, and comparing the target network domain information obtained by searching with the local network domain information; if the comparison results are different, the third matching result is a matching failure, or if the comparison results are the same, the third matching result is a matching success. Or, according to the local network domain information, searching in the corresponding relation, and comparing the searched target IP address with the field content corresponding to the field of the target address; if the comparison results are different, the third matching result is a matching failure, or if the comparison results are the same, the third matching result is a matching success.
The third matching result can reflect whether the destination node corresponding to the data packet and the first device relate to the same network domain. Specifically, in the case that the third matching result is that the matching is successful, it may be stated that the destination node corresponding to the data packet and the first device relate to the same network domain, that is, the data packet does not cross the network domain; or, in the case that the third matching result is that the matching fails, it may be stated that the destination node corresponding to the data packet and the first device relate to different network domains, that is, the data packet spans the network domains.
Referring to fig. 4, a schematic diagram of a data communication scenario of an embodiment of the present application is shown, where a second device is located in network domain 1, and attempts to send a data packet to a third device in network domain 2, so a field content of a source address field of the data packet is a second IP address corresponding to the second device, and a field content of a destination address field of the data packet is a third IP address corresponding to the third device. Assuming that the data packet passes through the first device, whether the first device is in the network domain 1 or the network domain 2, the first device can determine whether the data packet spans the network domain, and adopts a corresponding processing means.
In fig. 4, taking the first device in the network domain 1 as an example, the first device may determine, based on the third match, that the field content of the destination address field of the data packet does not match with the local network domain information of the first device, and determine that the data packet attempts to cross-domain from the network domain 1 to the network domain 2, so that the sending operation of the data packet may be refused, and further, the data interaction situation between different network domains may be reduced.
Technical solution 4
In the technical solution 4, the above process of detecting the data packet may specifically include: performing fourth matching on field content corresponding to the custom field and custom field information contained in the configuration information to obtain a corresponding fourth matching result; and judging whether the data packet relates to cross-network domain data transmission or has risk of cross-network domain data leakage according to the fourth matching result.
The embodiment of the application can set custom field information in the configuration information of the network domain corresponding to the first device. The custom field information may include: and allowing the sending operation of the data packet or the first custom field information corresponding to the node without the risk of cross-network domain data leakage, and/or refusing the sending operation of the data packet or the second custom field information corresponding to the node with the risk of cross-network domain data leakage.
In a specific implementation, field content corresponding to a custom field in a data packet can be matched with first custom field information in configuration information; if the matching is successful, it may be indicated that the data packet does not have a risk of data leakage across the network domain, or if the matching is failed, it may be indicated that the data packet has a risk of data leakage across the network domain. Or, field content corresponding to the custom field in the data packet can be matched with second custom field information in the configuration information; if the matching is successful, it may be indicated that the data packet does not have a risk of data leakage across the network domain, or if the matching is failed, it may be indicated that the data packet has a risk of data leakage across the network domain.
In one example, the custom field may include a device identifier corresponding to the starting node, and the first custom field information may include: the device identifier corresponding to the node without risk of data leakage across the network domain, or the second custom field information may include: and the device identification corresponding to the node with the risk of data leakage across the network domain is provided. The first custom field information or the second custom field information may be determined by a person skilled in the art or a user according to actual application requirements, and the embodiment of the present application does not limit the specific first custom field information or the second custom field information.
In step 104, if the detection result indicates that the data packet has a risk of data leakage across network domains, the sending operation of the data packet may be refused, so as to reduce the occurrence probability of data leakage behavior between different network domains.
It will be appreciated that the sending operation of the data packet may be allowed in case the detection result characterizes that the data packet does not have a risk of data leakage across the network domain. For example, in the case where the first device is an intermediate node, the data packet may be sent to the next node of the route. Alternatively, in the case where the first device is the destination node, the data packet may be sent to the destination application corresponding to the data packet.
In the embodiment of the present application, the network domain may be a network domain created based on a physical network card or a virtual network card. The process of creating a network domain based on a virtual network card is provided herein: creating at least one virtual network card; and creating a network domain according to the target virtual network card in the at least one virtual network card, and generating configuration information of the network domain.
In practical applications, a virtual network card may be created for connecting to a network domain. For example, a network device configuration file in a preset directory may be used to define a name of the virtual network card and node information corresponding to the local network card. The node information corresponding to the local machine may include: IP address, or MAC address.
The at least one virtual network card created by the embodiment of the application can be selected by a user, so that the user can select a target virtual network card from the at least one virtual network card according to actual requirements, and a network domain is created according to the target virtual network card.
The virtual network card of the embodiment of the application can be used for establishing a local area network between remote computers, and can simulate the function of a hub and realize the function of VPN (virtual private network ). According to the embodiment of the application, one computer can be connected to the virtual hub according to the virtual network card to form a virtual private network where the network domain is located with other computers. Computers within the virtual private network may access each other.
The process of creating the network domain according to the target virtual network card may include: at least one network domain option is provided to enable the user to select a target network domain option from the at least one network domain option. For example, the at least one network domain option may include: network domain option 1, network domain option 2, etc., different users may select different network domain options according to different needs, e.g., users with different needs within an enterprise may select different network domain options. The network domain option may have a mapping relationship with the IP address corresponding to the virtual network card, so the selection of the network domain option may be equivalent to the selection of the virtual network card. For example, if network domain option 1 corresponds to virtual network card 1 and network domain option 2 corresponds to virtual network card 2, selecting network domain option 1 may correspond to selecting virtual network card 1 or selecting network domain option 2 may correspond to selecting virtual network card 2. After the user selects the target network domain option, the embodiment of the application may use the target virtual network card corresponding to the target network domain option to establish a network connection, such as a VPN connection, so that the target virtual network card carries the network domain.
After the network domain is created, configuration information for the network domain may also be generated. Specifically, the IP address and the MAC address corresponding to the target virtual network card may be used as first configuration information of the network domain, where the first configuration information may include: the aforementioned local network domain information. Further, configuration options corresponding to the second configuration information of the network domain may also be provided. For example, the second configuration information may include: user characteristic information, custom field information, and the like. The user characteristic information may be a characteristic corresponding to a user of the network domain, such as a user identity characteristic. The custom field information may be the first custom field information or the second custom field information described above. The embodiment of the application can also save the configuration information of the network domain.
In an optional implementation manner of the application, at least one virtual network card may be created during the process of installing the operating system, so as to obtain information such as an IP address and the like corresponding to the at least one virtual network card respectively. And, after the operating system installation is completed, a selection interface may be provided, which may include: at least one network domain option may correspond to the aforementioned at least one virtual network card, such that selection of the network domain option may correspond to selection of the virtual network card. Assuming that the selected network domain option corresponds to the target virtual network card, the IP address and the MAC address corresponding to the target virtual network card can be used as first configuration information of the network domain; and, configuration options corresponding to the second configuration information of the network domain can also be provided. For example, the second configuration information may include: user characteristic information, custom field information, and the like. The user characteristic information may be a characteristic corresponding to a user of the network domain, such as a user identity characteristic. The embodiment of the application can also save the configuration information of the network domain. According to the method and the device for creating the network domain, the network domain is created in the installation process of the operating system and after the installation is completed, the creation of the network domain can be achieved at the operating system level, and further support can be provided for the application program. Of course, the creation of the network domain is implemented at the operating system level, which is just an alternative implementation of the application, and in fact, the embodiment of the application may also implement the creation of the network domain at the application level.
In summary, in the data communication method of the embodiment of the present application, after receiving a data packet, a first device analyzes and obtains field content corresponding to a preset field in the data packet, and detects the data packet according to the field content and/or configuration information of a network domain corresponding to the first device, where the detection is used to detect whether the data packet has security, and if the detection result indicates that the data packet has a risk of data leakage across the network domain, the sending operation of the data packet is refused.
Detection of embodiments of the present application may include: cross-domain detection, which may refer to different network domains for data packets. In the embodiment of the application, under the condition that the data packet spans a network domain, the obtained detection result represents that the data packet has a data leakage risk of the data packet spans the network domain, and the sending operation of the data packet is refused; in this way, the embodiment of the application can reject the sending operation of the data packet crossing the network domains (related to different network domains), so that the embodiment of the application can reduce the data interaction condition among different network domains to a certain extent, and therefore, the embodiment of the application can reduce the occurrence probability of the data leakage behavior among different network domains.
In addition, the embodiment of the application creates the network domain by using the software method corresponding to the virtual network card, so that the creation cost of the network domain can be reduced.
In addition, in the process of creating the network domain, the embodiment of the application provides at least one network domain option, so that the user can select the target network domain option from the at least one network domain option, different users can select different network domain options according to different requirements, and different network domain requirements of different users are met.
Method embodiment II
Referring to fig. 5, there is shown a schematic step flow diagram of a data communication method according to an embodiment of the present application, where the method may be applied to a first device, and the method may specifically include the following steps:
step 501, creating at least one virtual network card;
step 502, creating a network domain according to a target virtual network card in the at least one virtual network card, and generating configuration information of the network domain;
step 503, receiving a data packet;
step 504, analyzing the data packet to obtain the field content corresponding to the preset field in the data packet; the preset field may specifically include at least one of the following fields: a source address field, a destination address field, and a custom field;
Step 505, detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first device, so as to obtain a corresponding detection result; the detecting may include: detecting crossing network domains, wherein the detection result represents that the data packet relates to data transmission crossing network domains or has risk of data leakage crossing network domains under the condition that the data packet crosses the network domains;
step 506, refusing the sending operation of the data packet in the case that the detection result characterizes the data packet to be transmitted across the network domain.
In summary, according to the data communication method of the embodiment of the application, at least one virtual network card is provided, so that a network domain corresponding to one target virtual network card is selected according to actual requirements, and configuration information of the network domain is generated and stored. Further, in the case that the received data packet spans network domains, the embodiment of the application refuses the sending operation of the data packet, so that the occurrence probability of data leakage behaviors between different network domains can be reduced.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments and that the acts referred to are not necessarily required by the embodiments of the present application.
On the basis of the above embodiment, the present embodiment further provides a data communication apparatus, which may be applied to the application first device; referring to fig. 6, the apparatus may specifically include: a virtual network card creation module 601, a network domain creation configuration module 602, a receiving module 603, a parsing module 604, a detecting module 605 and a decision module 606.
Wherein, the virtual network card creation module 601 is configured to create at least one virtual network card;
a network domain creation configuration module 602, configured to create a network domain according to a target virtual network card in the at least one virtual network card, and generate configuration information of the network domain;
a receiving module 603, configured to receive a data packet;
the parsing module 604 is configured to parse the data packet to obtain field content corresponding to a preset field in the data packet; the preset field may include at least one of the following fields: a source address field, a destination address field, and a custom field;
the detection module 605 is configured to detect the data packet according to the field content and/or configuration information of a network domain corresponding to the first device, so as to obtain a corresponding detection result; the detecting may include: detecting crossing network domains, wherein in the case that the data packet crosses the network domains, the detection result characterizes that the data packet relates to data transmission crossing the network domains or has risk of data leakage crossing the network domains;
A decision module 606, configured to reject the sending operation of the data packet if the detection result characterizes that the data packet involves cross-network domain data transmission or has risk of cross-network domain data leakage.
Optionally, the detection module 605 may include:
the first matching module is used for carrying out first matching on the field content corresponding to the source address field and the field content corresponding to the target address field so as to obtain a corresponding first matching result;
and the first judging module is used for judging whether the data packet spans a network domain according to the first matching result.
Optionally, the detection module 605 may include:
the second matching module is used for carrying out second matching on field content corresponding to the source address field and the local network domain information contained in the configuration information so as to obtain a corresponding second matching result;
and the second judging module is used for judging whether the data packet spans the network domain according to the second matching result.
Optionally, the detection module 605 may include:
the third matching module is used for carrying out third matching on field content corresponding to the target address field and the local network domain information contained in the configuration information so as to obtain a corresponding third matching result;
And the third judging module is used for judging whether the data packet spans the network domain according to the third matching result.
Optionally, the detection module 605 may include:
the fourth matching module is used for carrying out fourth matching on the field content corresponding to the custom field and the custom field information contained in the configuration information so as to obtain a corresponding fourth matching result;
and the fourth judging module is used for judging whether the data packet has the risk of cross-network domain data leakage or not according to the fourth matching result.
Optionally, during the installation of the operating system, at least one virtual network card is created:
the network domain creation configuration module 602 may specifically include:
the option providing module is used for providing at least one network domain option after the installation of the operating system is completed, so that a user can select a target network domain option from the at least one network domain option;
and the network establishing module is used for establishing network connection according to the target virtual network card corresponding to the target network domain option so that the target virtual network card bears the network domain.
Optionally, the configuration information may include at least one of the following information: local network domain information and custom field information.
In summary, in the data communication apparatus according to the embodiment of the present application, after receiving a data packet, a first device analyzes and obtains field content corresponding to a preset field in the data packet, and detects the data packet according to the field content and/or configuration information of a network domain corresponding to the first device, where the detection is used to detect whether the data packet has a risk of data leakage across a network domain, and if the detection result indicates that the data packet has a risk of data leakage across a network domain, the sending operation of the data packet is refused.
Detection of embodiments of the present application may include: cross-domain detection, which may refer to different network domains for data packets. In the embodiment of the application, under the condition that the data packet spans a network domain, the obtained detection result represents that the data packet has a data leakage risk of the data packet spans the network domain, and the sending operation of the data packet is refused; in this way, the embodiment of the application can reject the sending operation of the data packet crossing the network domains (related to different network domains), so that the embodiment of the application can reduce the data interaction condition among different network domains to a certain extent, and therefore, the embodiment of the application can reduce the occurrence probability of the data leakage behavior among different network domains.
The embodiments of the present application provide a non-volatile readable storage medium, where one or more modules (programs) are stored, where the one or more modules are applied to a device, and the device may be caused to execute instructions (instructions) of each method step in the embodiments of the present application.
Embodiments of the present application provide one or more machine-readable media having instructions stored thereon that, when executed by one or more processors, cause an electronic device to perform a method as described in one or more of the above embodiments. In this embodiment of the present application, the electronic device includes various types of devices such as a terminal device, a server (a cluster), and the like.
Embodiments of the present disclosure may be implemented as an apparatus for performing a desired configuration using any suitable hardware, firmware, software, or any combination thereof, which may include: terminal equipment, servers (clusters), and other electronic devices. Fig. 7 schematically illustrates an example apparatus 1100 that may be used to implement various embodiments described herein.
For one embodiment, fig. 7 illustrates an example apparatus 1100 having one or more processors 1102, a control module (chipset) 1104 coupled to at least one of the processor(s) 1102, a memory 1106 coupled to the control module 1104, a non-volatile memory (NVM)/storage 1108 coupled to the control module 1104, one or more input/output devices 1110 coupled to the control module 1104, and a network interface 1112 coupled to the control module 1104.
The processor 1102 may include one or more single-core or multi-core processors, and the processor 1102 may include any combination of general-purpose or special-purpose processors (e.g., graphics processors, application processors, baseband processors, etc.). In some embodiments, the apparatus 1100 can be used as a terminal device, a server (cluster), or the like in the embodiments of the present application.
In some embodiments, apparatus 1100 may include one or more computer-readable media (e.g., memory 1106 or NVM/storage 1108) having instructions 1114 and one or more processors 1102 combined with the one or more computer-readable media configured to execute instructions 1114 to implement modules to perform the actions described in this disclosure.
For one embodiment, the control module 1104 may include any suitable interface controller to provide any suitable interface to at least one of the processor(s) 1102 and/or any suitable device or component in communication with the control module 1104.
The control module 1104 may include a memory controller module to provide an interface to the memory 1106. The memory controller modules may be hardware modules, software modules, and/or firmware modules.
Memory 1106 may be used to load and store data and/or instructions 1114 for device 1100, for example. For one embodiment, memory 1106 may comprise any suitable volatile memory, such as, for example, a suitable DRAM. In some embodiments, memory 1106 may comprise double data rate type four synchronous dynamic random access memory (DDR 4 SDRAM).
For one embodiment, the control module 1104 may include one or more input/output controllers to provide interfaces to the NVM/storage 1108 and the input/output device(s) 1110.
For example, NVM/storage 1108 may be used to store data and/or instructions 1114. NVM/storage 1108 may include any suitable nonvolatile memory (e.g., flash memory) and/or may include any suitable nonvolatile storage device(s) (e.g., one or more Hard Disk Drives (HDDs), one or more Compact Disc (CD) drives, and/or one or more Digital Versatile Disc (DVD) drives).
NVM/storage 1108 may include storage resources that are physically part of the device on which apparatus 1100 is installed or may be accessible by the device without necessarily being part of the device. For example, NVM/storage 1108 may be accessed over a network via input/output device(s) 1110.
Input/output device(s) 1110 may provide an interface for apparatus 1100 to communicate with any other suitable device, input/output device 1110 may include communication components, audio components, sensor components, and the like. Network interface 1112 may provide an interface for device 1100 to communicate over one or more networks, and device 1100 may communicate wirelessly with one or more components of a wireless network in accordance with any of one or more wireless network standards and/or protocols, such as accessing a wireless network based on a communication standard, such as WiFi, 2G, 3G, 4G, 5G, etc., or a combination thereof.
For one embodiment, at least one of the processor(s) 1102 may be packaged together with logic of one or more controllers (e.g., memory controller modules) of the control module 1104. For one embodiment, at least one of the processor(s) 1102 may be packaged together with logic of one or more controllers of the control module 1104 to form a System In Package (SiP). For one embodiment, at least one of the processor(s) 1102 may be integrated on the same mold as logic of one or more controllers of the control module 1104. For one embodiment, at least one of the processor(s) 1102 may be integrated on the same die as logic of one or more controllers of the control module 1104 to form a system on chip (SoC).
In various embodiments, apparatus 1100 may be, but is not limited to being: a server, a desktop computing device, or a mobile computing device (e.g., a laptop computing device, a handheld computing device, a tablet, a netbook, etc.), among other terminal devices. In various embodiments, device 1100 may have more or fewer components and/or different architectures. For example, in some embodiments, the apparatus 1100 includes one or more cameras, keyboards, liquid Crystal Display (LCD) screens (including touch screen displays), non-volatile memory ports, multiple antennas, graphics chips, application Specific Integrated Circuits (ASICs), and speakers.
The detection device can adopt a main control chip as a processor or a control module, sensor data, position information and the like are stored in a memory or an NVM/storage device, a sensor group can be used as an input/output device, and a communication interface can comprise a network interface.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present embodiments have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the present application.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The foregoing has outlined some of the more detailed description of a data communication method and apparatus, an electronic device and a machine readable medium in which the principles and embodiments of the present application have been presented for purposes of providing a detailed description of the invention, the above examples being provided only to facilitate an understanding of the method and core concepts of the present application; meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (10)

1. A method of data communication, applied to a first device, the method comprising:
creating at least one virtual network card;
creating a network domain according to a target virtual network card in the at least one virtual network card, and generating configuration information of the network domain;
receiving a data packet;
analyzing the data packet to obtain field content corresponding to a preset field in the data packet; the preset field includes at least one of the following fields: a source address field, a destination address field, and a custom field;
detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first device so as to obtain a corresponding detection result; the detecting includes: detecting crossing network domains, wherein the detection result characterizes the data packet to be transmitted by crossing network domains under the condition that the data packet crosses the network domains;
And refusing the sending operation of the data packet under the condition that the detection result characterizes the data packet to be transmitted in a cross-network domain data transmission mode.
2. The method of claim 1, wherein said detecting said data packet comprises:
performing first matching on field contents corresponding to the source address field and field contents corresponding to the target address field to obtain a corresponding first matching result;
and judging whether the data packet spans a network domain according to the first matching result.
3. The method of claim 1, wherein said detecting said data packet comprises:
performing second matching on field content corresponding to the source address field and local network domain information contained in the configuration information to obtain a corresponding second matching result;
and judging whether the data packet spans a network domain according to the second matching result.
4. The method of claim 1, wherein said detecting said data packet comprises:
performing third matching on field content corresponding to the target address field and local network domain information contained in the configuration information to obtain a corresponding third matching result;
And judging whether the data packet spans a network domain according to the third matching result.
5. The method of claim 1, wherein said detecting said data packet comprises:
performing fourth matching on field content corresponding to the custom field and custom field information contained in the configuration information to obtain a corresponding fourth matching result;
and judging whether the data packet relates to data transmission crossing network domains or not according to the fourth matching result.
6. The method according to any one of claims 1 to 5, characterized in that during the installation of the operating system at least one virtual network card is created:
the creating a network domain includes:
providing at least one network domain option after the operating system is installed, so that a user selects a target network domain option from the at least one network domain option;
and establishing network connection according to the target virtual network card corresponding to the target network domain option so that the target virtual network card bears a network domain.
7. The method according to any one of claims 1 to 5, wherein the configuration information comprises at least one of the following information: local network domain information and custom field information.
8. A data communication apparatus, the apparatus being applied to a first device, comprising:
the virtual network card creation module is used for creating at least one virtual network card;
the network domain creation configuration module is used for creating a network domain according to a target virtual network card in the at least one virtual network card and generating configuration information of the network domain;
the receiving module is used for receiving the data packet;
the analysis module is used for analyzing the data packet to obtain field content corresponding to a preset field in the data packet; the preset field includes at least one of the following fields: a source address field, a destination address field, and a custom field;
the detection module is used for detecting the data packet according to the field content and/or the configuration information of the network domain corresponding to the first equipment so as to obtain a corresponding detection result; the detecting includes: detecting crossing network domains, wherein the detection result characterizes the data packet to be transmitted by crossing network domains under the condition that the data packet crosses the network domains;
and the decision module is used for rejecting the sending operation of the data packet under the condition that the detection result characterizes the data packet to be transmitted across the network domain.
9. An electronic device, comprising: a processor; and
a memory having executable code stored thereon that, when executed, causes the processor to perform the method of any of claims 1-7.
10. A machine readable medium having stored thereon executable code which when executed causes a processor to perform the method of any of claims 1-7.
CN202310436388.9A 2023-04-21 2023-04-21 Data communication method, device, electronic equipment and medium Pending CN116527529A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310436388.9A CN116527529A (en) 2023-04-21 2023-04-21 Data communication method, device, electronic equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310436388.9A CN116527529A (en) 2023-04-21 2023-04-21 Data communication method, device, electronic equipment and medium

Publications (1)

Publication Number Publication Date
CN116527529A true CN116527529A (en) 2023-08-01

Family

ID=87398795

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310436388.9A Pending CN116527529A (en) 2023-04-21 2023-04-21 Data communication method, device, electronic equipment and medium

Country Status (1)

Country Link
CN (1) CN116527529A (en)

Similar Documents

Publication Publication Date Title
CN107948135B (en) Data processing method and device supporting multiple API protocols
US9432358B2 (en) System and method of authenticating user account login request messages
US10516666B2 (en) Authentication method, apparatus, and system
US20170272499A1 (en) Method and device for loading webpage
US9686139B2 (en) Method and networking device for setting network connection parameters
TW201738746A (en) Methods and systems for analyzing record and usage in post package repair
EP2924947B1 (en) Method and apparatus for controlling access
US20210314156A1 (en) Authentication method, content delivery network cdn, and content server
JP2019530089A (en) Method and apparatus for realizing communication between web page and native application, and electronic apparatus
CN111064804B (en) Network access method and device
WO2020119310A1 (en) Lookup table storage method and device, and computer readable storage medium
CN114221955B (en) Device cross-region access method and device, electronic device and storage medium
CN113242331B (en) Different types of address conversion method, device, computer equipment and storage medium
CN112261094A (en) Message processing method and proxy server
US20140337536A1 (en) Method and apparatus for data communication
CN110830527A (en) Method and device for data communication between networks and data communication system
CN105144073A (en) Removable storage device identity and configuration information
CN116527529A (en) Data communication method, device, electronic equipment and medium
CN114726822B (en) Method and equipment for generating email address
US10742802B2 (en) Methods and devices for verifying a communication number
CN111355716B (en) Method, system, equipment and medium for determining unique identifier of virtual machine
CN114301872A (en) Domain name based access method and device, electronic equipment and storage medium
CN109327517B (en) Method and equipment for acquiring network state of wireless access point
CN107566211B (en) Method, device and system for accessing test equipment
CN112215593A (en) Payment method, payment device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination