CN116708607A - General analysis system and method for network protocol messages of ship information system - Google Patents

General analysis system and method for network protocol messages of ship information system Download PDF

Info

Publication number
CN116708607A
CN116708607A CN202310594578.3A CN202310594578A CN116708607A CN 116708607 A CN116708607 A CN 116708607A CN 202310594578 A CN202310594578 A CN 202310594578A CN 116708607 A CN116708607 A CN 116708607A
Authority
CN
China
Prior art keywords
message
field
protocol
information
analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310594578.3A
Other languages
Chinese (zh)
Inventor
朱忍胜
柳超
李金鹏
熊雄
余渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Ship Development and Design Centre
Original Assignee
China Ship Development and Design Centre
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Ship Development and Design Centre filed Critical China Ship Development and Design Centre
Priority to CN202310594578.3A priority Critical patent/CN116708607A/en
Publication of CN116708607A publication Critical patent/CN116708607A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0889Techniques to speed-up the configuration process
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/164Adaptation or special uses of UDP protocol

Abstract

The invention discloses a general analysis system and method for network protocol messages of a ship information system, wherein the system comprises the following steps: the message protocol information management module is used for reading the protocol configuration file and carrying out structuring caching on the self-defined message header structure information, the message structure information and the field attribute information of the messages of different types in the memory; the field analysis algorithm module is used for analyzing the text segment, automatically matching the algorithm according to the field attribute and analyzing the text segment; the message analysis module is used for automatically matching and identifying the message type according to different message structures after reading the message data; obtaining message protocol information, matching message data with the message protocol information, and determining message category; and finally, analyzing the message frame segment by segment. The invention provides a modularized system which can analyze messages of different categories, can analyze fixed-length messages and variable-length messages at the same time and can rapidly configure newly-added or changed message protocols.

Description

General analysis system and method for network protocol messages of ship information system
Technical Field
The invention relates to the field of integrated design test and post-delivery guarantee of ship information systems, in particular to a general analysis system and method for network protocol messages of a ship information system.
Background
The ship information system is a complex system and consists of a plurality of subsystems. The interaction relationship between all the subsystems and the external system is complex, and most of information interaction is transmitted through a network. One of the important contents of the integrated design of ship information systems is the design and definition of information interaction protocols between subsystems. The normal receiving and transmitting of the information between each subsystem and the external system is the basic condition for ensuring the normal operation of the system.
Before delivery, land joint debugging tests, mooring tests and sailing tests are carried out. The system functions and interfaces were checked by progressive testing. After delivery, after-market security is provided to the user. Various problems occur in the use process of users, and the problems need to be rapidly and accurately positioned. Meanwhile, the ship information system after delivery needs to continuously upgrade the software functions and interfaces according to the use requirements.
In the pre-delivery test and after-delivery sale guarantee process, the message is required to be recorded and analyzed from the information system network, firstly, the positioning of the abnormal receiving and transmitting is supported, and secondly, the further analysis of the data is supported.
In order to better meet the requirements of pre-delivery test and post-delivery guarantee, the network message analysis method needs to have the following characteristics:
first, the commonality. The network message types include UDP message and DDS message. The application data of the UDP message and the DDS message are generally divided into a custom message header and specific data. According to different services, the messages are divided into different message categories according to different custom message header structures. According to whether the message length is fixed, the network message is divided into a fixed-length message and a variable-length message. The analysis method has universality and can analyze messages of different types and different categories, fixed-length messages and variable-length messages according to unified analysis rules.
And secondly, expansibility. For the newly added or modified information interaction protocol, the analysis program can be rapidly configured by field testers or after-sale guarantees without the support of software developers, and the newly added or modified message can be recorded and analyzed.
The network protocol message analysis method aims to solve the following three problems:
firstly, the analysis of messages of different types and different categories can be supported. Different transmission protocols are used to define messages according to different transmission information contents and different transmission requirements. The custom message header structures of the application data of the messages of different categories are different according to different services.
Secondly, the analysis of the fixed-length message and the variable-length message can be supported simultaneously. According to the service requirement, variable-length messages widely exist between each subsystem and an external system.
Thirdly, the new or modified protocol message can be recorded and analyzed by on-site testers or after-sale security staff under the condition that no software developer supports the new or modified protocol message.
Disclosure of Invention
The invention aims to solve the technical problem of providing a general analysis system and method for network protocol messages of a ship information system aiming at the defects in the prior art.
The technical scheme adopted for solving the technical problems is as follows:
the invention provides a general analysis system for network protocol messages of a ship information system, which comprises: the system comprises a message protocol information management module, a field analysis algorithm module and a message analysis module; wherein:
the message protocol information management module is used for reading the protocol configuration file, and carrying out structured cache on the self-defined message header structure information, the message structure information and the field attribute information of different types of messages in the protocol configuration file so as to be conveniently called when the message analysis module analyzes the messages;
the field analysis algorithm module is used for analyzing the text segment, and the field analysis algorithm module automatically matches the algorithm according to the field attribute and analyzes the text segment;
the message analysis module is used for automatically matching and identifying the message type according to different message structures after reading the message data; the message analysis module automatically acquires the message protocol information from the message protocol information management module, matches the message data with the message protocol information and determines the message category; and finally, a field analysis algorithm module is called to analyze the message frame segment by segment.
Further, in the message protocol information management module of the invention, when a newly added message protocol appears or the message protocol changes, the newly added message protocol definition or the message protocol which changes is configured in a protocol configuration file; when the newly added field type appears, the field analysis algorithm module is added with the function of analyzing the newly added field type.
Furthermore, the protocol configuration file of the invention adopts a unified structure model to describe the structure, the attribute and the corresponding analysis requirement of the message, and converts the interface protocol document into a structured data structure which can be read, identified and processed by a computer program.
Further, the description of the unified structure model adopted by the protocol configuration file of the invention is specifically as follows:
1) Each project information interaction protocol corresponds to a protocol configuration file;
2) Each project information interaction protocol comprises message protocols of different types and different categories; for different types of messages, the message analysis module automatically identifies the type of the message according to the difference of the message structures of the messages; for messages of different categories, different custom message header structures are adopted; the protocol configuration file comprises header structure information of messages of different categories and is used for analyzing a program identification message Wen Leibie;
3) Each message protocol comprises message structure attribute and specific field attribute information;
4) The message structure attribute comprises a description message length and field combination information for forming a message, wherein the field combination comprises each field name, length and arrangement sequence;
5) The specific field attribute information includes: field name, field type, field category, field length, field unit, field scope attribute.
Further, the message structure in the message parsing module of the present invention includes:
for UDP type messages, the message structure is: ethernet header information, IP message header information, UDP message header information, custom message header information, several pieces of data information, ethernet trailer information;
for DDS type message, the DDS header is encapsulated before the application layer data of UDP type message, and the message structure is as follows: ethernet header information, IP message header information, UDP message header information, DDS message header information, custom message header information, several pieces of data information, ethernet trailer information;
the message analysis module automatically identifies the message type according to the difference of the message structures of the UDP type and the DDS type, strips the message application data content according to the structure corresponding to the message type, and analyzes the message application data according to the unified analysis rule.
Further, the message parsing module of the invention supports parsing of the variable-length message, specifically:
the parsing of the variable-length message includes two modes: a hard-coded message parsing mode and a descriptive message parsing mode; wherein:
the method comprises the steps that a hard parsing message parsing mode is used for developing a parser for each type of message, and each parser is responsible for parsing one type of message;
the description type message analysis mode is based on the protocol configuration file to uniformly structure and disassemble and describe the message, the metadata, the attribute and the analysis requirement of the description message are matched by the analyzer through identifying the description type protocol configuration file, the message flow is analyzed, and the analysis result is output; wherein:
the description type message analysis mode needs to define the metadata type of the optional field, and binds with field groups with different lengths, wherein the metadata type of the optional field can be defined as a continuous optional field and a mutually exclusive optional field;
for continuous optional fields, the message analysis is performed by the number of continuous optional field groups described by the field group number field, and the continuous field groups are defined as: "field group number field" +a number of fixed structure field groups arranged in sequence; the field group number field determines the number of field groups arranged in sequence;
for the mutually exclusive type optional field, the type or length of the field group is selected through the description of the field group type field, so that the analysis of the variable-length message is realized; the message comprises the following various structures:
(1) field group type field + field group a;
(2) field group type field + field group B;
...
the "field group type field" determines the content of the next text segment as "field group a" or "field group B".
The invention provides a general analysis method for a network protocol message of a ship information system, which comprises the following steps:
step 1, creating a message analysis module, wherein the message analysis module reads hexadecimal original message data in a DAT format, finds out the check bit of the head and the tail of each message according to the storage definition of the DAT data file, strips out single message content from the file according to the total length of the message, and analyzes the single message content;
step 2, creating a field analysis algorithm module for the message analysis module to call, wherein the field analysis algorithm module continues to analyze according to the description automatic matching algorithm of the protocol configuration file to the field attribute;
step 3, creating a message protocol information management module for the message analysis module to call, wherein the message protocol information management module reads the protocol configuration file, buffers protocol attribute information, structure information, field attribute information and the like in the protocol configuration file into a memory, and calls when the message analysis module analyzes the message;
step 4, creating a protocol configuration file according to the information interaction protocol defined by the project;
and 5, deploying an analysis program and a protocol configuration file formed by the message analysis module, the field analysis algorithm module and the message protocol information management module on a computer, recording network message data which are mutually transmitted between the information systems by the computer, reading the message data and the protocol configuration file by the analysis program, analyzing, and outputting an analysis result.
Further, the method for analyzing the single message content in the step 1 of the invention comprises the following steps:
performing data migration according to the set logic relationship and the Ethernet message length, and automatically identifying protocol type identifiers of different types of network message heads; after determining the protocol type, judging the integrity of the message, obtaining the source IP, the destination IP and the total length information of the message, and positioning the initial offset addresses of the data segments of the messages of different protocols according to the lengths of the messages of different types;
after the UDP header is stripped, the message analysis module offsets a certain length byte, reads fixed length data of a designated position, and if the data is a specific mark, the data is a DDS type message; otherwise, the message is a UDP type message;
for DDS type message, obtaining information source, information destination and theme information from DDS header, comparing and matching these information with protocol configuration file, and identifying specific message protocol corresponding to the message;
for UDP type messages, the UDP type messages are divided into custom message heads and specific data fields; according to different custom message header structures, the UDP type messages are divided into different message categories; acquiring a sender IP and a receiver IP from the UDP message header; reading fixed length data of a designated position according to the protocol configuration file, and obtaining a message category identifier; after determining the message type identifier, acquiring the message type identifier according to the protocol configuration file; then according to the sender IP, the receiver IP and the message type identification, matching with the protocol configuration file, and determining the specific message protocol corresponding to the message;
after determining the specific message protocol corresponding to the message, analyzing the custom message header and specific field information according to the unified analysis rule.
Further, the method for creating the protocol configuration file in the step 4 of the present invention is as follows:
step 4.1, according to the protocol specification, editing the header structure information of the message category for identifying the message Wen Leibie by the message analysis module;
step 4.2, editing the attribute of the specific message segment one by one and the analysis requirement of the specific message segment according to the specific message protocol for the messages of different categories; the field attributes include: value, field category, field type, field length, unit, field least significant bit, alias, field value range;
and 4.3, when the message protocol information is edited, copying the edited whole message protocol information or part of field information in the edited whole message protocol information, and modifying the copied whole message protocol information to obtain the created protocol configuration file.
Further, the field categories in step 4.2 of the present invention include:
common fields: the field carrying the specific service information is directly processed and analyzed conventionally according to the field type;
sequence number: representing the sending sequence number of the message, and distinguishing the accumulated times of the same kind of message sending;
length: representing the length of the message as the length for identifying the message;
time stamp: representing the time of generation of the message;
primary/secondary identification: the method is used for identifying the specific identity of the message, and each level of identification is gradually compared and identified according to the sequence from low to high, and the identification authority is primary-secondary-tertiary-quaternary;
standby: representing the field as a spare field, and directly omitting to do no analysis processing;
the parsing corresponding to the field type is as follows:
BCD code: directly resolving the digital code into 16-system numbers;
unsigned integer: analyzing the least significant bit of the matching field into an unsigned integer;
two's complement: firstly judging the highest bit of binary system, and directly analyzing the highest bit into an unsigned integer when the highest bit is 0; when the highest bit is 1, converting the numerical value of the field into binary, then reversely adding 1, then analyzing according to unsigned integers, and finally adding a negative sign to the numerical value;
discrete amounts: analyzing the definition of each bit interval in the protocol configuration file into text content;
coded value: the analysis processing mode is the same as the discrete quantity;
character string: analyzing and processing the fields into character strings;
IP address: analyzing and processing the fields into a string of IP addresses;
fixed value: directly taking the original 16-system number as an analysis result, wherein the content of the representing field is a fixed value and is generally used for the field types of length, identification and standby;
ASCII code: and analyzing and processing the fields according to an ASCII code value comparison table.
The invention has the beneficial effects that:
(1) A modular program architecture is employed. The main program is a message analysis module, reads message data and outputs analysis results. The message analysis module calls a message protocol information management module to acquire message protocol information and match the message protocol information; and correspondingly calling a field analysis algorithm module to analyze the field. And the message protocol information management module reads the protocol configuration file and caches the protocol configuration file. Under the condition of keeping the main program (message analysis module) unchanged, the newly added and modified protocol messages can be analyzed by editing the protocol configuration file. For the newly added field types, only the analysis function of the corresponding field types needs to be added in a field analysis algorithm module.
(2) The protocol configuration file describes the messages of different types and different categories by adopting a unified structure model, and analyzes the messages according to a unified rule. And the message analysis module automatically identifies the message type according to the different message type structures and strips out the message application data. The message analysis module calls the message protocol information management module to acquire the custom message header structure information of the messages of different categories, and judges the message category. After determining the message type and the message category, analyzing the message content according to the unified protocol analysis rule.
(3) The fixed-length message and the variable-length message can be analyzed at the same time. And widely using the variable-length message between each subsystem and an external system according to service requirements. The resolution difficulty of the variable-length message is greatly higher than that of the fixed-length message. In the protocol configuration file, the fields of the variable-length message are divided into mandatory fields and optional fields, and the type and the length of the optional fields are determined through the indication fields, so that unified analysis of the variable-length message is realized.
(4) Based on the structural disassembly of the message, the message protocol which is newly added or changed can be rapidly configured (the editing of the protocol configuration file is shown in fig. 6). The method can copy and modify the edited message protocol integrally, and can copy and modify single or multiple field attribute information in the message protocol, thereby greatly improving the editing efficiency of the protocol configuration file. For newly added or changed message protocols, the protocol configuration files can be conveniently, flexibly and rapidly configured, and the field work efficiency is greatly improved.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
FIG. 1 is a diagram of a modular parser architecture in accordance with an embodiment of the invention;
FIG. 2 is a message structured description of an embodiment of the present invention;
FIG. 3 is a protocol profile versus field attribute information description of an embodiment of the present invention;
FIG. 4 is a continuous field set definition of an embodiment of the present invention;
FIG. 5 is a mutex field set definition of an embodiment of the invention;
FIG. 6 is a protocol profile editing of an embodiment of the present invention;
FIG. 7 is a diagram of a UDP type message structure model according to an embodiment of the present invention;
fig. 8 is a DDS type message structure model according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The general analysis system for the network protocol message of the ship information system divides the analysis program of the network protocol message into three parts: the method comprises a message protocol information management module, a field analysis algorithm module and a message analysis module. The parsing program structure is shown in fig. 1.
The message protocol information management module mainly reads the protocol configuration file, and constructs and caches the custom message header structure information, the message structure information, the field attribute information and the like of different types of messages in the protocol configuration file in the memory so as to be conveniently called when the message analysis module analyzes the messages.
The field analysis algorithm module is mainly used for analyzing the message field. The message analysis module analyzes the message field by calling a field analysis algorithm module, and the field analysis algorithm module automatically matches the algorithm according to the field attribute and analyzes the message field.
The message analysis module is a main program. After the message analysis module reads the message data, the message type is automatically matched and identified according to the different message structures. The message analysis module automatically acquires the message protocol information from the message protocol information management module, and matches the message data with the message protocol information to determine the message category. And finally, a field analysis algorithm module is called to analyze the message frame segment by segment.
Through the design, the analysis program can realize good universality, and the analysis program is expressed in two aspects:
firstly, when a newly added message protocol or a message protocol changes, the newly added message protocol definition or the changed message protocol is only required to be configured in a protocol configuration file.
And secondly, when the newly added field type appears, only the function of analyzing the newly added field type is added in the field analysis algorithm module.
The fields are the basic building blocks of the message, and in total, how many field types are basically explicit. In developing the parsing program, the field parsing algorithm module will consider parsing all field types that may be used. Therefore, the first situation is usually encountered in practice, namely, a newly added message protocol or a message protocol is changed, and only the protocol configuration file is required to be configured under the situation, so that the analysis program is not required to be modified at all, namely, the support of a software developer is not required, the labor cost is reduced, and the field work efficiency is improved.
In a preferred embodiment of the present invention, a unified architecture model is used to describe network protocol messages
The protocol configuration file adopts a unified structure model to describe the structure, the attribute and the corresponding analysis requirement of the message, and converts the interface protocol document into a structured data structure which can be read, identified and processed by a computer program. Various types of messages can be described to support parsing of the various types of messages.
The protocol configuration file describes the message structure (as shown in fig. 2), specifically as follows:
1. each project information interaction protocol corresponds to a protocol configuration file.
2. Each project information interaction protocol comprises different types and different categories of message protocols. For different types of messages, the message analysis module automatically identifies the message type according to the difference of the message structures. For messages of different categories, different custom header structures are adopted. The protocol configuration file contains header structure information of messages of different categories and is used for identifying the message category by the analysis program.
3. Each message protocol contains message structure attributes and specific field attribute information.
4. The message structure attribute describes the message length, the field combination (each field name, length, arrangement order) and other information of the message.
5. Specific field attribute information contains (as shown in fig. 3): attributes such as field name, field type, field category, field length, field unit, field scope, etc.
In a preferred embodiment of the invention, parsing of different types, classes of network protocol messages is supported.
For UDP type messages, the message structure model is shown in fig. 7. The DDS type message encapsulates the DDS header before the application layer data of the UDP type message, and the message structure model thereof is shown in fig. 8. The message analysis module automatically identifies the message type according to the difference of the UDP type and DDS type message structures. And stripping the content of the message application data according to the structure corresponding to the message type, and analyzing the message application data according to the unified analysis rule.
For different types of messages, the difference is that the custom message header structures in the application data are different. The message analysis module calls the message protocol information management module to acquire the custom message header structures of the messages of different categories and match the custom message header structures, so that the message category is identified.
In a preferred embodiment of the invention, parsing of variable length network protocol messages is supported.
The variable length message protocol realizes the variability of message data through grammar. The message consists of mandatory fields and optional fields. In the message description, whether the field or the field group appears or not is determined by the indication field, so that the on-demand sending is realized, and a large amount of data redundancy brought in the transmission process is reduced. For example, a datalink message is a typical variable length message.
There are two ways to parse a variable-length message: a hard-coded message parsing mode and a descriptive message parsing mode.
The hard parsing method develops a parser for each type of message, and each parser is responsible for parsing one type of message, so that the coding complexity is increased, and the universality and adaptability are poor.
The description type message analysis mode is based on the protocol configuration file to uniformly structure and disassemble and describe the message, the metadata, the attribute and the analysis requirement of the description message are matched by the analyzer through identifying the description type protocol configuration file, the message flow is analyzed, and the analysis result is output. The method is characterized in that the analysis of the messages with different formats is realized through the message description information.
For a fixed-length message, the description type message analysis mode is easier to realize, but for a variable-length message, the metadata type of the optional field needs to be defined, and the metadata type is bound with field groups with different lengths. The metadata type of the optional field may be defined as a continuation type optional field and a mutex type optional field.
For the continuous optional fields, the message analysis is performed by the number of the continuous optional field groups described by the field group number field. The continuous field set definition is shown in fig. 4.
For the mutually exclusive type optional field, the field group type or length is selected through the description of the field group type field, so that the analysis of the variable-length message is realized. The mutex field set definition is shown in fig. 5.
The general analysis method for the network protocol message of the ship information system comprises the following steps:
1. creating message parsing module
The message analysis module is a main program of the analysis program. The message analysis module reads hexadecimal original message data in the DAT format. According to the storage definition of the DAT data file, finding the check bit of the head and tail of each message, and then stripping the single message content from the file according to the total length of the message.
The analysis flow of the single message is to automatically identify the protocol type identification of different kinds of network message heads according to the set logic relationship and the Ethernet message length by data migration; after determining the protocol type, judging the integrity of the message, obtaining the information of the source IP, the destination IP, the total length of the message and the like, and positioning the initial offset addresses of the data segments of the messages of different protocols according to the lengths of the messages of different types.
Taking a certain item as an example, a DDS type message and a UDP type message exist at the same time.
After the UDP header is stripped, the message analysis module offsets a certain length byte, reads fixed length data of a designated position, and if the data is a specific mark, the data is a DDS type message; otherwise, the message is a UDP type message.
And for the DDS type message, information such as a source, a destination, a theme and the like is acquired from a DDS header. And comparing and matching the information with the protocol configuration file, and identifying a specific message protocol corresponding to the message.
For UDP type messages, application data is generally divided into custom header and specific data fields. According to different custom header structures, UDP type messages can be divided into different message categories. And acquiring the sender IP and the receiver IP from the UDP message header. And reading the fixed length data of the designated position according to the protocol configuration file to obtain the message category identification. And after determining the message type identifier, acquiring the message type identifier according to the protocol configuration file. And then matching with the protocol configuration file according to the IP of the sender, the IP of the receiver and the message type identifier, and determining a specific message protocol corresponding to the message.
After determining the specific message protocol corresponding to the message, analyzing the custom message header and specific field information according to the unified analysis rule.
2. Creation of field parsing algorithm module
And creating a field analysis algorithm module for the message analysis module to call. And the field analysis algorithm module continuously analyzes the field attribute description according to the protocol configuration file by the automatic matching algorithm. The meaning and analysis requirements of different field categories and types are shown in '4', and a protocol configuration file is created.
3. Message protocol information management module
And creating a message protocol information management module for calling by the message analysis module. The message protocol information management module reads the protocol configuration file, and caches protocol attribute information, structure information, field attribute information and the like in the protocol configuration file in the memory so as to be called when the message analysis module analyzes.
4. Creating protocol configuration files
For an item, a protocol configuration file is created according to the information interaction protocol defined by the item.
1) Editing the header structure information of the message category according to the protocol specification, and identifying the message category by a message analysis module.
2) And editing the specific message segment attributes one by one and analyzing requirements of the messages of different categories according to specific message protocols. The field attributes include value, field category, field type, field length, unit, field least significant bit, alias, field value range, etc.
The common field categories and meanings are as follows:
common fields: and carrying the field of the specific service information, and directly carrying out conventional processing analysis according to the field type.
Sequence number: representing the sending sequence number of the message, the accumulated times of the same kind of message sending can be distinguished.
Length: the length of the message is represented as the length of the message (used in combination with the total length of data and the number of information units in the xxism xp header).
Time stamp: representing the time of generation of the message.
Primary/secondary identification: the method is used for identifying the specific identity of the message, and the identifiers of all levels are compared and identified step by step according to the sequence from low to high. The identification authority is one-level > two-level > three-level > four-level.
Standby: this field is represented as a spare field, and can be ignored directly without parsing.
Common field types and parsing requirements are as follows:
BCD code: directly resolving into 16-system numbers.
Unsigned integer: the least significant bits of the match field are parsed into unsigned integers.
Two's complement: firstly judging the highest bit of binary system, and directly analyzing the highest bit into an unsigned integer when the highest bit is 0; when the highest bit is 1, the numerical value of the field is converted into binary, then the value is reversely added with 1, then the value is analyzed according to unsigned integers, and finally the negative sign is added to the numerical value.
Discrete amounts: the definition of each bit interval in the protocol configuration file is analyzed into text content.
Coded value: the analysis processing mode is the same as the discrete quantity.
Character string: and analyzing and processing the fields into character strings.
IP address: the field parsing is processed into a string of IP addresses.
Fixed value: the original 16-system number is directly used as an analysis result, and the content of the representing field is a fixed value and is generally used for the field types such as length, identification, standby and the like.
ASCII code: and analyzing and processing the fields according to an ASCII code value comparison table.
3) When the message protocol information is edited, the edited whole message protocol information or part of field information in the edited whole message protocol information can be copied and then modified.
5. Running use
According to the analysis method provided by the invention, the developed analysis program and the edited protocol configuration file can be deployed on the portable computer. The portable computer accesses the information system network switch through the network port. Through configuration, the portable computer records the network message data which are mutually transmitted among the subsystems to which the information system belongs.
The analysis program reads the message data and the protocol configuration file, analyzes the message data and the protocol configuration file, outputs an analysis result and can be exported as a file.
It will be understood that modifications and variations will be apparent to those skilled in the art from the foregoing description, and it is intended that all such modifications and variations be included within the scope of the following claims.

Claims (10)

1. The utility model provides a general analytic system of boats and ships information system network protocol message which characterized in that, this system includes: the system comprises a message protocol information management module, a field analysis algorithm module and a message analysis module; wherein:
the message protocol information management module is used for reading the protocol configuration file, and carrying out structured cache on the self-defined message header structure information, the message structure information and the field attribute information of different types of messages in the protocol configuration file so as to be conveniently called when the message analysis module analyzes the messages;
the field analysis algorithm module is used for analyzing the text segment, and the field analysis algorithm module automatically matches the algorithm according to the field attribute and analyzes the text segment;
the message analysis module is used for automatically matching and identifying the message type according to different message structures after reading the message data; the message analysis module automatically acquires the message protocol information from the message protocol information management module, matches the message data with the message protocol information and determines the message category; and finally, a field analysis algorithm module is called to analyze the message frame segment by segment.
2. The general analysis system for network protocol messages of a ship information system according to claim 1, wherein in the message protocol information management module, when a newly added message protocol appears or the message protocol changes, the newly added message protocol definition or the message protocol changing is configured in a protocol configuration file; when the newly added field type appears, the field analysis algorithm module is added with the function of analyzing the newly added field type.
3. The general analysis system of network protocol messages of ship information system according to claim 1, wherein the protocol configuration file adopts a unified structure model to describe the structure, attribute and corresponding analysis requirements of the messages, and converts interface protocol documents into structured data structures which can be read, identified and processed by computer programs.
4. The general analysis system for network protocol messages of ship information system according to claim 3, wherein the description of the unified structure model adopted by the protocol configuration file is specifically:
1) Each project information interaction protocol corresponds to a protocol configuration file;
2) Each project information interaction protocol comprises message protocols of different types and different categories; for different types of messages, the message analysis module automatically identifies the type of the message according to the difference of the message structures of the messages; for messages of different categories, different custom message header structures are adopted; the protocol configuration file comprises header structure information of messages of different categories and is used for analyzing a program identification message Wen Leibie;
3) Each message protocol comprises message structure attribute and specific field attribute information;
4) The message structure attribute comprises a description message length and field combination information for forming a message, wherein the field combination comprises each field name, length and arrangement sequence;
5) The specific field attribute information includes: field name, field type, field category, field length, field unit, field scope attribute.
5. The universal parsing system for network protocol messages of a ship information system according to claim 1, wherein the message structure in the message parsing module comprises:
for UDP type messages, the message structure is: ethernet header information, IP message header information, UDP message header information, custom message header information, several pieces of data information, ethernet trailer information;
for DDS type message, the DDS header is encapsulated before the application layer data of UDP type message, and the message structure is as follows: ethernet header information, IP message header information, UDP message header information, DDS message header information, custom message header information, several pieces of data information, ethernet trailer information;
the message analysis module automatically identifies the message type according to the difference of the message structures of the UDP type and the DDS type, strips the message application data content according to the structure corresponding to the message type, and analyzes the message application data according to the unified analysis rule.
6. The general analysis system of network protocol messages of a ship information system according to claim 1, wherein the message analysis module supports analysis of a variable-length message, specifically:
the parsing of the variable-length message includes two modes: a hard-coded message parsing mode and a descriptive message parsing mode; wherein:
the method comprises the steps that a hard parsing message parsing mode is used for developing a parser for each type of message, and each parser is responsible for parsing one type of message;
the description type message analysis mode is based on the protocol configuration file to uniformly structure and disassemble and describe the message, the metadata, the attribute and the analysis requirement of the description message are matched by the analyzer through identifying the description type protocol configuration file, the message flow is analyzed, and the analysis result is output; wherein:
the description type message analysis mode needs to define the metadata type of the optional field, and binds with field groups with different lengths, wherein the metadata type of the optional field can be defined as a continuous optional field and a mutually exclusive optional field;
for continuous optional fields, the message analysis is performed by the number of continuous optional field groups described by the field group number field, and the continuous field groups are defined as: "field group number field" +a number of fixed structure field groups arranged in sequence; the field group number field determines the number of field groups arranged in sequence;
for the mutually exclusive type optional field, the type or length of the field group is selected through the description of the field group type field, so that the analysis of the variable-length message is realized; the message comprises the following various structures:
(1) field group type field + field group a;
(2) field group type field + field group B;
...
the "field group type field" determines the content of the next text segment as "field group a" or "field group B".
7. The general analysis method for the network protocol messages of the ship information system is characterized by comprising the following steps of:
step 1, creating a message analysis module, wherein the message analysis module reads hexadecimal original message data in a DAT format, finds out the check bit of the head and the tail of each message according to the storage definition of the DAT data file, strips out single message content from the file according to the total length of the message, and analyzes the single message content;
step 2, creating a field analysis algorithm module for the message analysis module to call, wherein the field analysis algorithm module continues to analyze according to the description automatic matching algorithm of the protocol configuration file to the field attribute;
step 3, creating a message protocol information management module for the message analysis module to call, wherein the message protocol information management module reads the protocol configuration file, buffers protocol attribute information, structure information, field attribute information and the like in the protocol configuration file into a memory, and calls when the message analysis module analyzes the message;
step 4, creating a protocol configuration file according to the information interaction protocol defined by the project;
and 5, deploying an analysis program and a protocol configuration file formed by the message analysis module, the field analysis algorithm module and the message protocol information management module on a computer, recording network message data which are mutually transmitted between the information systems by the computer, reading the message data and the protocol configuration file by the analysis program, analyzing, and outputting an analysis result.
8. The general analysis method for network protocol messages of ship information system according to claim 7, wherein the method for analyzing the content of the single message in the step 1 is as follows:
performing data migration according to the set logic relationship and the Ethernet message length, and automatically identifying protocol type identifiers of different types of network message heads; after determining the protocol type, judging the integrity of the message, obtaining the source IP, the destination IP and the total length information of the message, and positioning the initial offset addresses of the data segments of the messages of different protocols according to the lengths of the messages of different types;
after the UDP header is stripped, the message analysis module offsets a certain length byte, reads fixed length data of a designated position, and if the data is a specific mark, the data is a DDS type message; otherwise, the message is a UDP type message;
for DDS type message, obtaining information source, information destination and theme information from DDS header, comparing and matching these information with protocol configuration file, and identifying specific message protocol corresponding to the message;
for UDP type messages, the UDP type messages are divided into custom message heads and specific data fields; according to different custom message header structures, the UDP type messages are divided into different message categories; acquiring a sender IP and a receiver IP from the UDP message header; reading fixed length data of a designated position according to the protocol configuration file, and obtaining a message category identifier; after determining the message type identifier, acquiring the message type identifier according to the protocol configuration file; then according to the sender IP, the receiver IP and the message type identification, matching with the protocol configuration file, and determining the specific message protocol corresponding to the message;
after determining the specific message protocol corresponding to the message, analyzing the custom message header and specific field information according to the unified analysis rule.
9. The general analysis method for network protocol messages of ship information system according to claim 7, wherein the method for creating the protocol configuration file in the step 4 is as follows:
step 4.1, according to the protocol specification, editing the header structure information of the message category for identifying the message Wen Leibie by the message analysis module;
step 4.2, editing the attribute of the specific message segment one by one and the analysis requirement of the specific message segment according to the specific message protocol for the messages of different categories; the field attributes include: value, field category, field type, field length, unit, field least significant bit, alias, field value range;
and 4.3, when the message protocol information is edited, copying the edited whole message protocol information or part of field information in the edited whole message protocol information, and modifying the copied whole message protocol information to obtain the created protocol configuration file.
10. The general analysis method for the network protocol message of the ship information system according to claim 9, wherein the field categories in the step 4.2 include:
common fields: the field carrying the specific service information is directly processed and analyzed conventionally according to the field type;
sequence number: representing the sending sequence number of the message, and distinguishing the accumulated times of the same kind of message sending;
length: representing the length of the message as the length for identifying the message;
time stamp: representing the time of generation of the message;
primary/secondary identification: the method is used for identifying the specific identity of the message, and each level of identification is gradually compared and identified according to the sequence from low to high, and the identification authority is primary-secondary-tertiary-quaternary;
standby: representing the field as a spare field, and directly omitting to do no analysis processing;
the parsing corresponding to the field type is as follows:
BCD code: directly resolving the digital code into 16-system numbers;
unsigned integer: analyzing the least significant bit of the matching field into an unsigned integer;
two's complement: firstly judging the highest bit of binary system, and directly analyzing the highest bit into an unsigned integer when the highest bit is 0; when the highest bit is 1, converting the numerical value of the field into binary, then reversely adding 1, then analyzing according to unsigned integers, and finally adding a negative sign to the numerical value;
discrete amounts: analyzing the definition of each bit interval in the protocol configuration file into text content;
coded value: the analysis processing mode is the same as the discrete quantity;
character string: analyzing and processing the fields into character strings;
IP address: analyzing and processing the fields into a string of IP addresses;
fixed value: directly taking the original 16-system number as an analysis result, wherein the content of the representing field is a fixed value and is generally used for the field types of length, identification and standby;
ASCII code: and analyzing and processing the fields according to an ASCII code value comparison table.
CN202310594578.3A 2023-05-24 2023-05-24 General analysis system and method for network protocol messages of ship information system Pending CN116708607A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310594578.3A CN116708607A (en) 2023-05-24 2023-05-24 General analysis system and method for network protocol messages of ship information system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310594578.3A CN116708607A (en) 2023-05-24 2023-05-24 General analysis system and method for network protocol messages of ship information system

Publications (1)

Publication Number Publication Date
CN116708607A true CN116708607A (en) 2023-09-05

Family

ID=87824875

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310594578.3A Pending CN116708607A (en) 2023-05-24 2023-05-24 General analysis system and method for network protocol messages of ship information system

Country Status (1)

Country Link
CN (1) CN116708607A (en)

Similar Documents

Publication Publication Date Title
US6925467B2 (en) Byte-level file differencing and updating algorithms
US7689974B1 (en) Method and system for monitoring execution performance of software program product
US6560772B1 (en) Method, system, and program for accessing data in different environments
AU2002234715B2 (en) Method for compressing/decompressing a structured document
US8245203B2 (en) Logging system and method for computer software
US4965772A (en) Method and apparatus for communication network alert message construction
US6910183B2 (en) File tagging and automatic conversion of data or files
CN112540923B (en) Interface parameter checking and converting method, device, equipment and storage medium
CN110390082B (en) Communication matrix comparison method and system
CN113704790A (en) Abnormal log information summarizing method and computer equipment
CN115630343A (en) Electronic document information processing method, device and equipment
CN111414339B (en) File processing method, system, device, equipment and medium
CN116708607A (en) General analysis system and method for network protocol messages of ship information system
US6622239B1 (en) Method, system and computer program product for optimization of single byte character processing employed within a multibyte character encoding scheme
CN110839022A (en) Vehicle-mounted control software communication protocol analysis method based on xml language
CN115033451A (en) Data generation method, data processing device, electronic device, and medium
CN113779953B (en) Automatic document generation method and system
CN114154020A (en) Large-capacity data processing method and device based on dynamic label mapping
CN114741057A (en) Train control network data frame protocol analysis method
CN114491184A (en) Data processing method and device, storage medium and electronic equipment
CN111143450B (en) Method and device for importing data
CN111241096A (en) Text extraction method, system, terminal and storage medium for EXCEL document
CN111209128A (en) Embedded system and log management method thereof
CN116841777A (en) Log record processing method, fault positioning method and related device
CN112632109A (en) Information extraction method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination