CN116647504A - Data monitoring method, device, computer equipment and storage medium - Google Patents

Data monitoring method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN116647504A
CN116647504A CN202310483012.3A CN202310483012A CN116647504A CN 116647504 A CN116647504 A CN 116647504A CN 202310483012 A CN202310483012 A CN 202310483012A CN 116647504 A CN116647504 A CN 116647504A
Authority
CN
China
Prior art keywords
preset
target message
transmission
address
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310483012.3A
Other languages
Chinese (zh)
Inventor
周子贻
丁宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Lizhi Network Technology Co ltd
Original Assignee
Guangzhou Lizhi Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Lizhi Network Technology Co ltd filed Critical Guangzhou Lizhi Network Technology Co ltd
Priority to CN202310483012.3A priority Critical patent/CN116647504A/en
Publication of CN116647504A publication Critical patent/CN116647504A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/29Flow control; Congestion control using a combination of thresholds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/43Assembling or disassembling of packets, e.g. segmentation and reassembly [SAR]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a data monitoring method, a device, a computer device and a storage medium, comprising: acquiring an IP address and transmission path node information of a target message through a preset hook program, and determining a transmission rule of the target message; if the transmission rule belongs to a preset transmission rule, acquiring the number of the next transmission node of the target message and the number of the transmission path nodes; if the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold, acquiring a preset debugging verification code, a preset action code and a preset action code in an IPv6 address header of the last segment transmitted by the target message segment; and processing the target message according to the preset action code and the action instruction corresponding to the preset action code. The aim of directly intervening in a data protocol layer is fulfilled by adding the preset behavior code and the preset action code to the IPv6 address, and the problem that the monitoring and processing of network data generated by the current network packet capturing technology are low in efficiency and lack in programmability is solved.

Description

Data monitoring method, device, computer equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computer networks, in particular to a data monitoring method, a data monitoring device, computer equipment and a storage medium.
Background
The monitoring and processing of network data by utilizing packet capturing is always an indispensable ring in the data transmission network, and currently adopted network data packet capturing tools TCPDUMP (dump the traffic on a network, a packet analysis tool for capturing data packets on the network according to user definition) or central management issues tasks to each link node so as to realize the packet capturing of a monitoring program.
However, the above-mentioned network packet capturing method is generally cumbersome and inefficient in implementation process, lacks programmability, and cannot meet the customization demands such as the operability of accurate traffic monitoring and processing for a specific node.
Therefore, a mechanism needs to be established to solve the problem that the monitoring and processing of network data generated by the current network packet capturing technology is inefficient and lacks of programmability.
Disclosure of Invention
The embodiment of the invention provides a data monitoring method, a data monitoring device, computer equipment and a storage medium, which are used for solving the problems that the monitoring and processing of network data generated by the current network packet capturing technology are low in efficiency and lack in programmability.
In a first aspect, an embodiment of the present invention provides a data monitoring method, where the method includes:
acquiring transmission configuration information of a target message through a preset hook program; the transmission configuration information at least comprises an IP address of the target message and transmission path node information of the target message;
determining a transmission rule of the target message according to the IP address of the target message and the transmission path node information;
if the transmission rule of the target message belongs to a preset transmission rule, acquiring the number of the next transmission node of the target message and the number of the transmission path nodes; the preset transmission rule is an IPv6 segmented transmission rule combining an IPv6 address and segmented transmission;
if the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold, the IPv6 address of the last segment transmitted by the target message segment is obtained;
if the IPv6 header of the IPv6 address of the last segment contains a preset debugging verification code, acquiring a preset action code and a preset action code in the IPv6 header; the preset action code comprises a corresponding relation between a preset action number and a preset action instruction, and the preset action code comprises a corresponding relation between a preset action number and a preset action instruction;
and processing the target message according to the preset action code and the preset action code.
In a second aspect, an embodiment of the present invention further provides a data monitoring device, where the device includes:
the transmission configuration information acquisition module is used for acquiring the transmission configuration information of the target message through a preset hook program; the transmission configuration information at least comprises an IP address of the target message and transmission path node information of the target message;
the transmission rule determining module of the target message is used for determining the transmission rule of the target message according to the IP address of the target message and the node information of the transmission path;
the transmission information acquisition module is used for acquiring the number of the next transmission node and the number of the transmission path nodes of the target message if the transmission rule of the target message belongs to a preset transmission rule; the preset transmission rule is an IPv6 segmented transmission rule combining an IPv6 address and segmented transmission;
the segment address acquisition module is used for acquiring the IPv6 address of the last segment transmitted by the target message segment if the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold;
a preset instruction obtaining module, configured to obtain a preset action code and a preset behavior code in the IPv6 header if the IPv6 header of the IPv6 address of the last segment includes a preset debug verification code; the preset action code comprises a corresponding relation between a preset action number and a preset action instruction, and the preset action code comprises a corresponding relation between a preset action number and a preset action instruction;
and the processing module is used for processing the target message according to the preset action code and the preset behavior code.
In a third aspect, an embodiment of the present invention further provides a computer apparatus, including:
one or more processors;
a memory for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the data monitoring method of any of the first aspects.
In a fourth aspect, embodiments of the present invention also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a data monitoring method as in any of the first aspects.
In this embodiment, the transmission configuration information of the target message is obtained by presetting a hook program; determining the transmission rule of the target message according to the IP address and the transmission path node information of the target message in the transmission configuration information; if the transmission rule belongs to a preset transmission rule, acquiring the number of the next transmission node of the target message and the number of the transmission path nodes; the preset transmission rule is an IPv6 segmented transmission rule SRv6 combining an IPv6 address and segmented transmission; if the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold, the IPv6 address of the last segment transmitted by the target message segment is obtained, and a preset debugging verification code, a preset action code and a preset action code contained in an IPv6 header of the last segment are obtained; and processing the target message according to the preset action code and the action instruction corresponding to the preset action code. The 16 bytes of the IPv6 address occupy the space, so that the behavior programming of multiple purposes of the data packet is realized, namely, the added preset behavior code and preset action code are realized, compared with a common packet grabbing mode, the direct intervention data protocol layer is realized, and the purpose of flexibly monitoring all-link nodes is realized by utilizing a preset hook program XDP (eXpress Data Path, quick data path).
Drawings
Fig. 1 is a flowchart of a data monitoring method according to a first embodiment of the present invention;
fig. 2 is a diagram illustrating an example of a transport protocol format according to a first embodiment of the present invention;
FIG. 3 is a diagram illustrating a debug mode address code according to an embodiment of the present invention;
fig. 4 is an exemplary diagram of an XDP procedure processing flow of a node according to a first embodiment of the present invention;
fig. 5 is a schematic structural diagram of a data monitoring device according to a second embodiment of the present invention;
fig. 6 is a schematic structural diagram of a computer device according to a third embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Example 1
Fig. 1 is a flowchart of a data monitoring method according to a first embodiment of the present invention, where the method may be performed by a data monitoring device, and the data monitoring device may be implemented by software and/or hardware, and may be configured in a computer device, for example, a server, a workstation, a personal computer, etc., and specifically includes the following steps:
step 101, acquiring transmission configuration information of a target message through a preset hook program; the transmission configuration information at least comprises the IP address of the target message and the transmission path node information of the target message.
In the embodiment of the invention, in order to check and analyze network requests, network data is detected, and network data packet capturing is the most common mode, wherein a hook program is preset on a network transmission node to realize packet capturing is also the common method.
The XDP (eXpress Data Path, fast data path) is a high-performance programmable network packet processing framework provided in the Linux kernel, which is essentially a Hook program (Hook) in the Linux kernel network subsystem (Linux Kernel Network Subsystem), and can dynamically mount the program logic of the general execution engine eBPF, so that the system kernel can perform targeted high-speed processing on the data packet when the data packet reaches the network card driving layer.
The transmission configuration information of the target message, that is, the transmission configuration information containing the IP address of the target message and the transmission path node information is obtained through a preset hook program, that is, an XDP program.
Step 102, determining a transmission rule of the target message according to the IP address of the target message and the transmission path node information.
In the embodiment of the present invention, an XDP program is mounted on a Segment Routing (SR) transmission node to obtain a target packet in transmission, where the SR transmission mode is to cut a packet forwarding path into different segments, insert Segment information into a packet at a path start point, and an intermediate node only needs to forward the Segment information carried in the packet, where such a path Segment is called "Segment" and is identified by SID (Segment Identifier ).
Specifically, the IPv6 packet is composed of an IPv6 standard header+extension header (0 to n) +payload. The transmission rule of the packet can be judged by the standard header and the extension header in the IPv6 address of the target packet and the transmission path node information of the load therein, namely the transmission list of the packet.
Step 103, if the transmission rule of the target message belongs to a preset transmission rule, acquiring the number of the next transmission node of the target message and the number of the transmission path nodes; the preset transmission rule is an IPv6 segmented transmission rule combining an IPv6 address and segmented transmission.
In the embodiment of the invention, the transmission configuration information content of the SRv message adopts an SR transmission mode and combines an IPv6 coding structure to compile a message header. To implement Segment Routing IPv (SRv) based on the IPv6 forwarding plane, an IPv6 extension header, called SRH (Segment Routing Header) extension header, is newly added, which specifies an explicit path for IPv6, stores Segment List information for IPv6, which functions as Segment List in SR MPLS, and specifically as shown in fig. 2, the extension header SHR of the SRv packet contains a type nextHeader identifying the header immediately following the SRH, a length HdrLength of the index FirstSegmen, SRH header containing the first element of the Segment List in the Segment List, a type RoutingType identifying the route header, a number of intermediate segments SegLeft that should still be accessed before reaching the destination node, some identifiers Flags for the packets, and lists identifying the same group of packets Tag and Duan Liebiao Segment t.
The SRH extension header in the IP address can be obtained through the IP address of the message, so that the transmission rule of the message can be determined to be an IPv6 segmented transmission rule combining the IPv6 address and segmented transmission, and the next transmission node number and the number of transmission path nodes of the target message can be further obtained.
Step 104, if the number of the next transmission node of the target message and the number of the transmission path nodes meet a preset threshold, the IPv6 address of the last segment transmitted by the target message segment is obtained.
In the embodiment of the present invention, as shown in fig. 2, in the header of SRv, the first segment field is generally used to record the number of the next hop device of the device where Srv6 is configured, that is, the number of the next transmission node of the target packet, and may further obtain the address number, that is, the number of transmission path nodes, by resolving the HDR Length in the header of SRv by the XDP procedure of the data packet flow node, and determine whether the number of the next transmission node of the target packet and the number of the transmission path nodes meet a preset threshold, if so, obtain the IPv6 address of the last segment of the segmented transmission of the target packet.
Optionally, step 104 may include:
in the substep 1041, if the number value of the next transmission node of the target packet is equal to the difference between one half of the number of the transmission path nodes and two, the number of the next transmission node of the target packet and the number of the transmission path nodes conform to a preset threshold.
Specifically, the number of the next transmission node of the target packet, i.e., [ address Length-1 ], is always much greater than 1 for SRv, wherein the last address is used for the control instruction, i.e., modify the fisherstsegment=address number-1-1, the XDP program of the data packet flow node obtains the address number (HDRLength/2) by parsing the HDR Length in the SRv header, and the comparison results in [ first segment ]! If the current packet is already in debug mode, =hdrlength/2-1 ], the XDP procedure will read the last address for resolution.
Step 105, if the IPv6 header of the IPv6 address of the last segment includes a preset debug verification code, acquiring a preset action code and a preset action code in the IPv6 header; the preset action code comprises a corresponding relation between a preset action number and a preset action instruction, and the preset action code comprises a corresponding relation between a preset action number and a preset action instruction.
In the embodiment of the present invention, after the IPv6 address of the last segment of the target packet segment transmission is obtained, a preset debug verification code is obtained, that is, as shown in fig. 2, the SRv packet with the debug mode being started will have one more address than the normal packet, and only the 2 h length is modified to be 4, and the other contents are the same.
It can be appreciated that, in practical applications, the adjustment of the header parameters of the message does not affect the normal transmission of the message.
Specifically, as shown in fig. 3, in the case of debug mode address encoding, the first 2 bytes are the verification code fixed as FAFE, which indicates that the message has the debug mode turned on, the code is the preset debug verification code, and the next 2 bytes are the preset action code, followed by the preset action code.
In practical application, presetting a character number corresponding to an action code to form a corresponding relation with a preset action instruction, namely, presetting the action code to be 1, indicating normal processing, presetting the action code to be 2, indicating discarding a message and the like; likewise, the preset behavior codeword number also has a preset correspondence with the corresponding behavior operation.
And 106, processing the target message according to the preset action code and the preset behavior code.
In the embodiment of the invention, after the preset action code and the preset behavior code are acquired, the message is processed according to the corresponding relation between the preset action code and the preset behavior code and the preset action and the preset behavior.
Specifically, as shown in fig. 3, in the case of encoding the debug mode address, the first 2 bytes are the verification code fixed as FAFE, the second 2 bytes are the action code, which indicates what actions should be performed by the passing host, such as discarding the packet, normal processing, etc., and the second is the action code, which indicates the action of the debug mode, such as reporting the log, the machine receiving the packet needs to report, report the complete packet, and record the data content attached to the packet in addition to the report record. The last is a UUID of 8 bytes for one-to-one correspondence with the initiator at reporting time.
It can be understood that the setting mode and the coding type of the preset behavior code and the preset action code, the corresponding mode of the preset behavior and the action, and the types and the number of the preset behavior and the preset action are set by relevant technicians according to the actual application, which is not limited in the embodiment of the present invention.
Optionally, in another embodiment of the present invention, the method further includes:
a1, if the transmission rule of the target message does not belong to a preset transmission rule, acquiring a preset debugging instruction in the preset hook program; the preset debugging instruction at least comprises the preset debugging verification code, the preset action code and the preset behavior code.
In the embodiment of the invention, after the IP address and the transmission path node information of the target message are acquired, the fact that the target message is not in an IPv6 coding format is confirmed, and the target message is not in a preset transmission rule is indicated, at the moment, a preset debugging instruction is further acquired and stored in the target message, wherein the preset debugging instruction comprises a FAFE verification code, a preset action code and a preset behavior code.
And step A2, adding the preset debugging verification code, the preset action code and the preset action code in an IP address header of the target message according to the preset debugging instruction, and generating a new target message to be forwarded.
In the embodiment of the invention, according to the content in the preset debugging instruction, the target message needs to be modified through the node-mounted XDP program, namely the debugging instruction comprises a FAFE verification code, a preset action code and a preset behavior code, which are added into the header of the target message, and a new header is formed in an IPv6 message coding format, so that a new target message to be forwarded is generated, and the monitoring and processing of the message data are realized.
And step A3, according to the transmission path node information of the target message, acquiring the IP address of the next target node of the target message.
In the embodiment of the invention, the IP address of the next downstream target node in the transmission path of the target message is obtained.
And step A4, according to the IP address of the next target node, the target message to be forwarded is sent to the next target node.
In the embodiment of the invention, the newly generated target message to be transmitted is sent to the next target node according to the IP address of the next downstream target node.
Optionally, in another embodiment of the present invention, the method further includes:
and step A5, if the acquisition of the preset debugging instruction in the preset hook program fails, acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message.
In the embodiment of the invention, if the target message neither belongs to IPv6 format coding nor SR transmission mode and the message content does not contain a preset debugging instruction, the IP address of the next downstream target node in the transmission path of the target message is directly acquired.
And step A6, according to the IP address of the next target node, the target message is sent to the next target node.
In the embodiment of the invention, the target message is sent to the next target node according to the IP address of the next downstream target node.
Optionally, in another embodiment of the present invention, the method further includes:
and step B1, if the number of the next transmission node of the target message and the number of the transmission path nodes do not accord with a preset threshold, acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message.
In the embodiment of the invention, the number of the next transmission node of the target message, namely [ address Length-1 ], the address number of SRv6 is always far greater than 1, wherein the last address is used for a control instruction, namely, fistsegment=address number-1-1 is modified, the XDP program of the data packet flowing through the node obtains the address number (HDRLength/2) by analyzing HDR Length in the SRv head, and the address number is obtained by comparing [ first segment ]! If the condition of =hdrlength/2-1 ] is not satisfied, it is indicated that the number of the next transmission node of the target packet and the number of the transmission path nodes do not meet the preset threshold, and the IP address of the next target node of the target packet is obtained.
And B2, sending the target message to the next target node according to the IP address of the next target node.
In the embodiment of the invention, the target message is sent to the next target node according to the IP address of the next downstream target node.
Optionally, in another embodiment of the present invention, the method further includes:
and C1, if the IPv6 header of the IPv6 address of the last segment does not contain a preset debugging verification code, acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message.
In the embodiment of the invention, if the IPv6 header of the IPv6 address of the last segment does not contain a preset debugging verification code, that is, the header at the beginning of the FAFE does not exist in the data packet transmitted by the last segment, the IP address of the next target node of the target message is obtained.
And step C2, according to the IP address of the next target node, the target message is sent to the next target node.
In the embodiment of the invention, the target message is sent to the next target node according to the IP address of the next downstream target node.
Taking fig. 4 as an example, the XDP procedure processing flow of the target packet passing through the node is described:
firstly, when a target message passes through a node, determining whether the target message belongs to a SRv packet or not through header information of the target message, namely, whether SRv headers are stored in the headers of the target message (an IPv6 address is occupied by an XDP program as a control instruction set), if the target message does not exist, directly forwarding the target message to a next node, otherwise, acquiring the number (namely [ address length-1 ]) of next hop equipment of the equipment in which the target message is located in the SRv headers of the target message, wherein the address number of SRv6 is far more than 1 permanently, and the last address is used for a control instruction, namely, modifying FistSegment=address number-1-1; the XDP program of the packet flow node obtains the address number (HDRLength/2) by parsing the HDR Length in the header of SRv, and obtains the address number by comparison [ first segment ]! If the current packet is already in debug mode, =hdrlength/2-1 ], the XDP procedure will read the last address for resolution.
Secondly, when the last segment address is analyzed, if the segment address does not contain the FAFE verification code, the message is indicated to be not started in a modulation mode, so the message is directly sent to the next node, otherwise, the message is indicated to be started in a debugging instruction, a message header contains a preset action code and a preset action code, the preset action code and the preset action code are obtained, and the message is processed according to predefined logic of the preset action code and the preset action code.
Finally, the method in the embodiment of the invention realizes a debugging tracking method based on the XDP multiplexing SRv protocol, can realize behavior programming of multiple purposes through the occupation of an IPv6 address of 16 bytes, directly modifies SRv by utilizing the characteristics of XDP, can be compatible with non-XDP machines, does not influence network interoperability, has unique ID for each debugging packet, and can accurately find out a specific packet to be checked.
In this embodiment, the transmission configuration information of the target message is obtained by presetting a hook program; determining the transmission rule of the target message according to the IP address and the transmission path node information of the target message in the transmission configuration information; if the transmission rule belongs to a preset transmission rule, acquiring the number of the next transmission node of the target message and the number of the transmission path nodes; the preset transmission rule is an IPv6 segmented transmission rule SRv6 combining an IPv6 address and segmented transmission; if the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold, the IPv6 address of the last segment transmitted by the target message segment is obtained, and a preset debugging verification code, a preset action code and a preset action code contained in an IPv6 header of the last segment are obtained; and processing the target message according to the preset action code and the action instruction corresponding to the preset action code. The 16 bytes of the IPv6 address occupy the space, so that the behavior programming of multiple purposes of the data packet is realized, namely, the preset behavior code and the preset action code are added, compared with a common packet capturing mode, the direct intervention data protocol layer is realized, the purpose of flexible monitoring of all-link nodes is realized by utilizing a preset hook program fast data path XDP (eXpress Data Path), and the problem that the network data monitoring and processing generated by the current network packet capturing technology are low in efficiency and lack of programmability is solved.
It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.
Example two
Fig. 5 is a block diagram of a data monitoring device according to a second embodiment of the present invention, where the device may specifically include the following modules:
a transmission configuration information obtaining module 201, configured to obtain transmission configuration information of the target message through a preset hook program; the transmission configuration information at least comprises an IP address of the target message and transmission path node information of the target message;
a transmission rule determining module 202 of the target packet, configured to determine a transmission rule of the target packet according to an IP address of the target packet and the transmission path node information;
the transmission information obtaining module 203 is configured to obtain a next transmission node number and a transmission path node number of the target packet if the transmission rule of the target packet belongs to a preset transmission rule; the preset transmission rule is an IPv6 segmented transmission rule combining an IPv6 address and segmented transmission;
a segment address obtaining module 204, configured to obtain an IPv6 address of a last segment of the segment transmission of the target packet if the number of a next transmission node of the target packet and the number of nodes of the transmission path meet a preset threshold;
a preset instruction obtaining module 205, configured to obtain a preset action code and a preset action code in the IPv6 header if the IPv6 header of the IPv6 address of the last segment includes a preset debug verification code; the preset action code comprises a corresponding relation between a preset action number and a preset action instruction, and the preset action code comprises a corresponding relation between a preset action number and a preset action instruction;
and a processing module 206, configured to process the target packet according to the preset action code and the preset action code.
Preferably, in a further embodiment of the present invention, it may include:
the preset debugging instruction acquisition module is used for acquiring a preset debugging instruction in the preset hook program if the transmission rule of the target message does not belong to the preset transmission rule; the preset debugging instruction at least comprises the preset debugging verification code, the preset action code and the preset behavior code;
the new message generating module is used for adding the preset debugging verification code, the preset action code and the preset behavior code into the IP address header of the target message according to the preset debugging instruction to generate a new target message to be forwarded;
the first forwarding address acquisition module is used for acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message;
and the first sending module is used for sending the target message to be forwarded to the next target node according to the IP address of the next target node.
Preferably, in a further embodiment of the present invention, it may include:
the second forwarding address obtaining module is configured to obtain, if a preset debug instruction in the preset hook program fails, an IP address of a next target node of the target packet according to the transmission path node information of the target packet;
and the second sending module is used for sending the target message to the next target node according to the IP address of the next target node.
Preferably, in further embodiments of the present invention, the segment address acquisition module 204 may be further configured to:
and if the number value of the next transmission node of the target message is equal to the difference value of one half of the number of the transmission path nodes and two, the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold value.
Preferably, in another embodiment of the present invention, it may further include:
a third forwarding address obtaining module, configured to obtain, if the number of a next transmission node of the target packet and the number of transmission path nodes do not meet a preset threshold, an IP address of the next target node of the target packet according to the transmission path node information of the target packet;
and the third sending module is used for sending the target message to the next target node according to the IP address of the next target node.
Preferably, in another embodiment of the present invention, it may further include:
a fourth forwarding address obtaining module, configured to obtain, if an IPv6 header of the IPv6 address of the last segment does not include a preset debug verification code, an IP address of a next target node of the target packet according to the transmission path node information of the target packet;
and the fourth sending module is used for sending the target message to the next target node according to the IP address of the next target node.
The data monitoring device provided by the embodiment of the invention can execute the data monitoring method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example III
Fig. 6 is a schematic structural diagram of a computer device according to a third embodiment of the present invention. FIG. 6 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in fig. 5 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in FIG. 6, the computer device 12 is in the form of a general purpose computing device. Components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, commonly referred to as a "hard disk drive"). Although not shown in fig. 6, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the computer device 12, and/or any devices (e.g., network card, modem, etc.) that enable the computer device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. Moreover, computer device 12 may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 20. As shown, network adapter 20 communicates with other modules of computer device 12 via bus 18. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with computer device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processing unit 16 executes various functional applications and data processing, such as implementing the data monitoring method provided by the embodiments of the present invention, by running programs stored in the system memory 28.
Example IV
The fourth embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements each process of the data monitoring method described above, and the same technical effects can be achieved, so that repetition is avoided, and no further description is given here.
The computer readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.

Claims (10)

1. A method of data monitoring, the method comprising:
acquiring transmission configuration information of a target message through a preset hook program; the transmission configuration information at least comprises an IP address of the target message and transmission path node information of the target message;
determining a transmission rule of the target message according to the IP address of the target message and the transmission path node information;
if the transmission rule of the target message belongs to a preset transmission rule, acquiring the number of the next transmission node of the target message and the number of the transmission path nodes; the preset transmission rule is an IPv6 segmented transmission rule combining an IPv6 address and segmented transmission;
if the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold, the IPv6 address of the last segment transmitted by the target message segment is obtained;
if the IPv6 header of the IPv6 address of the last segment contains a preset debugging verification code, acquiring a preset action code and a preset action code in the IPv6 header; the preset action code comprises a corresponding relation between a preset action number and a preset action instruction, and the preset action code comprises a corresponding relation between a preset action number and a preset action instruction;
and processing the target message according to the preset action code and the preset action code.
2. The method as recited in claim 1, further comprising:
if the transmission rule of the target message does not belong to a preset transmission rule, acquiring a preset debugging instruction in the preset hook program; the preset debugging instruction at least comprises the preset debugging verification code, the preset action code and the preset behavior code;
according to the preset debugging instruction, adding the preset debugging verification code, the preset action code and the preset action code into an IP address header of the target message to generate a new target message to be forwarded;
acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message;
and sending the target message to be forwarded to the next target node according to the IP address of the next target node.
3. The method as recited in claim 2, further comprising:
if the preset debugging instruction in the preset hook program fails to be acquired, acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message;
and sending the target message to the next target node according to the IP address of the next target node.
4. The method of claim 1, wherein if the number of the next transmission node of the target packet and the number of the transmission path nodes meet a preset threshold value, the method comprises:
and if the number value of the next transmission node of the target message is equal to the difference value of one half of the number of the transmission path nodes and two, the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold value.
5. The method as recited in claim 1, further comprising:
if the number of the next transmission node of the target message and the number of the transmission path nodes do not accord with a preset threshold, acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message;
and sending the target message to the next target node according to the IP address of the next target node.
6. The method as recited in claim 1, further comprising:
if the IPv6 header of the IPv6 address of the last segment does not contain a preset debugging verification code, acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message;
and sending the target message to the next target node according to the IP address of the next target node.
7. A data monitoring device, the device comprising:
the transmission configuration information acquisition module is used for acquiring the transmission configuration information of the target message through a preset hook program; the transmission configuration information at least comprises an IP address of the target message and transmission path node information of the target message;
the transmission rule determining module of the target message is used for determining the transmission rule of the target message according to the IP address of the target message and the node information of the transmission path;
the transmission information acquisition module is used for acquiring the number of the next transmission node and the number of the transmission path nodes of the target message if the transmission rule of the target message belongs to a preset transmission rule; the preset transmission rule is an IPv6 segmented transmission rule combining an IPv6 address and segmented transmission;
the segment address acquisition module is used for acquiring the IPv6 address of the last segment transmitted by the target message segment if the number of the next transmission node of the target message and the number of the transmission path nodes accord with a preset threshold;
a preset instruction obtaining module, configured to obtain a preset action code and a preset behavior code in the IPv6 header if the IPv6 header of the IPv6 address of the last segment includes a preset debug verification code; the preset action code comprises a corresponding relation between a preset action number and a preset action instruction, and the preset action code comprises a corresponding relation between a preset action number and a preset action instruction;
and the processing module is used for processing the target message according to the preset action code and the preset behavior code.
8. The apparatus as recited in claim 7, further comprising:
the preset debugging instruction acquisition module is used for acquiring a preset debugging instruction in the preset hook program if the transmission rule of the target message does not belong to the preset transmission rule; the preset debugging instruction at least comprises the preset debugging verification code, the preset action code and the preset behavior code;
the new message generating module is used for adding the preset debugging verification code, the preset action code and the preset behavior code into the IP address header of the target message according to the preset debugging instruction to generate a new target message to be forwarded;
the first forwarding address acquisition module is used for acquiring the IP address of the next target node of the target message according to the transmission path node information of the target message;
and the first sending module is used for sending the target message to be forwarded to the next target node according to the IP address of the next target node.
9. A computer device, the computer device comprising:
one or more processors;
a memory for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the data monitoring method of any of claims 1-6.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements the data monitoring method according to any of claims 1-6.
CN202310483012.3A 2023-04-28 2023-04-28 Data monitoring method, device, computer equipment and storage medium Pending CN116647504A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310483012.3A CN116647504A (en) 2023-04-28 2023-04-28 Data monitoring method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310483012.3A CN116647504A (en) 2023-04-28 2023-04-28 Data monitoring method, device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116647504A true CN116647504A (en) 2023-08-25

Family

ID=87617888

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310483012.3A Pending CN116647504A (en) 2023-04-28 2023-04-28 Data monitoring method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116647504A (en)

Similar Documents

Publication Publication Date Title
US11372669B2 (en) System and method of cross-silo discovery and mapping of storage, hypervisors and other network objects
JP3734704B2 (en) Packet classification engine
US20210044524A1 (en) Packet edit processing method and related device
US8209747B2 (en) Methods and systems for correlating rules with corresponding event log entries
US10694006B1 (en) Generation of descriptive data for packet fields
US20100229182A1 (en) Log information issuing device, log information issuing method, and program
US9509627B2 (en) Resource over-subscription
CN111049765B (en) Aggregation port switching method, device, chip, switch and storage medium
CN112887229B (en) Session information synchronization method and device
CN113422707B (en) In-band network remote measuring method and equipment
CN113132257B (en) Message processing method and device
US9270605B2 (en) Method and system of setting network traffic flow quality of service by modifying port numbers
CN115913937B (en) Container multi-network card network configuration method, device, equipment and storage medium
CN112751772A (en) Data transmission method and system
US10237148B2 (en) Providing a data set for tracking and diagnosing datacenter issues
CN114465956B (en) Method and device for limiting flow rate of virtual machine, electronic equipment and storage medium
US7735128B2 (en) Method of storing pattern matching policy and method of controlling alert message
US10659310B1 (en) Discovering and mapping the relationships between macro-clusters of a computer network topology for an executing application
CN112019604A (en) Edge data transmission method and system
CN116647504A (en) Data monitoring method, device, computer equipment and storage medium
CN115495023B (en) Data request method, device, equipment and storage medium
CN112351050A (en) Method, device, communication equipment and storage medium for mirroring data stream
WO2021128936A1 (en) Message processing method and apparatus
CN113055493B (en) Data packet processing method, device, system, scheduling device and storage medium
CN112291212B (en) Static rule management method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination