CN117692222A - Method and device for processing message - Google Patents

Method and device for processing message Download PDF

Info

Publication number
CN117692222A
CN117692222A CN202311720618.0A CN202311720618A CN117692222A CN 117692222 A CN117692222 A CN 117692222A CN 202311720618 A CN202311720618 A CN 202311720618A CN 117692222 A CN117692222 A CN 117692222A
Authority
CN
China
Prior art keywords
message
sequence number
sender
task
communication connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311720618.0A
Other languages
Chinese (zh)
Inventor
李越华
梁琼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Hirain Tech Co Ltd
Original Assignee
Beijing Jingwei Hirain Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Hirain Tech Co Ltd filed Critical Beijing Jingwei Hirain Tech Co Ltd
Priority to CN202311720618.0A priority Critical patent/CN117692222A/en
Publication of CN117692222A publication Critical patent/CN117692222A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/142Managing session states for stateless protocols; Signalling session states; State transitions; Keeping-state mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a method and a device for processing a message, wherein the method comprises the steps of obtaining a first message; discarding the first message and feeding back a second message to the sender of the first message under the condition that the first message is determined to be an unsafe message, wherein the second message Wen Biaozheng is determined to be the basis of the unsafe message; under the condition that the first message is determined to be a safety message, the first message is sent to a receiver of the first message; further, after determining that the first message is an unsafe message, under the condition that the transport layer protocol of the first message is a target communication protocol, the communication connection between the two parties of the first message transceiver may be forcibly closed, or the communication connection may not be closed, and the message interacted subsequently by the two parties may be adjusted to maintain the communication connection.

Description

Method and device for processing message
Technical Field
The present invention relates to the field of vehicle communications technologies, and in particular, to a method and an apparatus for processing a message.
Background
Diagnostic communication (Diagnostic communication over Internet Protocol, doIP) protocol based on internet protocol is a communication protocol commonly used in on-board ethernet. The current security filtering function for the DoIP protocol messages is implemented based on the extended berkeley packet filter (Extended Berkeley Packet Filter, eBPF) technology. The realization method comprises the following steps: every time a DoIP protocol message passes through a vehicle-mounted network card, the eBPF program detects the DoIP protocol message and carries out security check on the message according to rules configured by a user, and finally the message passing the security check is allowed to pass through the network card, and the message not passing the security check is directly discarded.
The problem with the above solution is that when some messages (such as messages based on TCP) are discarded, the sender of the message will continuously retransmit the discarded message, which results in that the sender cannot perform the next operation for a long time.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method and a device for processing a message, which are used for solving the problem that a sender continuously retransmits the discarded message in the DoIP protocol.
The first aspect of the present application provides a method for processing a packet, including:
obtaining a first message;
discarding the first message and feeding back a second message to the sender of the first message under the condition that the first message is determined to be an unsafe message, wherein the second message characterizes the basis that the first message is determined to be the unsafe message;
after discarding the first message, closing the communication connection between the sender and the receiver under the condition that the transmission layer protocol of the first message is determined to be the target communication protocol, or adjusting a third message to maintain the communication connection between the sender and the receiver, wherein the third message is a message received after feeding back the second message;
And under the condition that the first message is determined to be a safety message, the first message is sent to a receiving party of the first message.
In the case that the first message is an unsafe message, the first message may be a second request message in the first embodiment, or may be a third request message in the second embodiment, and correspondingly, the sender of the first message may be a client of the first embodiment or the second embodiment, and the second message may be a negative response message of the first embodiment or the second embodiment;
in the case that the first message is a secure message, the first message may be the first request message in the first or second embodiment, and the receiver may be the client in the first or second embodiment.
Discarding the first message and feeding back a second message to the sender of the first message, which corresponds to steps S206 and S207 of the first embodiment or corresponds to steps S302 and S303 of the second embodiment.
As an example, the target communication protocol may be the TCP protocol.
The procedure of closing the communication connection of the sender and the receiver can be seen from steps S209 and S210 of the first embodiment.
The process of adjusting the third message to maintain the communication connection can be referred to in steps S304 to S309 of the second embodiment, where the third message may be the fourth request message or the fourth response message of the second embodiment.
In some alternative embodiments, before the closing the communication connection between the sender and the receiver, the method further includes:
after the second message is sent, recording a first sequence number expected value of a feedback message corresponding to the second message;
receiving a feedback message sent by the sender in response to the second message;
and after the first sequence number carried by the feedback message is consistent with the first sequence number expected value, executing the step of closing the communication connection between the sender and the receiver.
The content of this embodiment may refer to the content of the fourth embodiment regarding the record diagnosis forced closing state, where determining that the first sequence number is consistent with the expected value of the first sequence number is equivalent to determining that the sequence number carried in the response message is consistent with the expected sequence number recorded in the session table.
The feedback message may be a response message that the client responds to the negative response message in the first or second embodiment; the first expected sequence number value may be an expected sequence number recorded in the session table in the fourth embodiment, for example, an expected sequence number value of a response message from the client; the first sequence number may be a sequence number carried in a response message, for example, an ACK number of the response message.
In some alternative embodiments, the closing the communication connection between the sender and the receiver includes:
determining diagnosis task information of a total task for closing communication connection, wherein the diagnosis task information comprises a single task number forming the total task, a currently executed single task index number, a serial number and a bit-by-bit identification of each single task forming the total task, and the initial value of the currently executed single task index number is 0;
and according to the serial numbers and the bit marks of the single tasks, the single tasks forming the total tasks are sequentially executed so as to close the communication connection between the sender and the receiver.
A specific implementation of this embodiment can be seen in embodiment five, wherein the total task for closing the communication connection can be wait_ack_and_send_reset of embodiment five.
In some optional embodiments, the adjusting the third packet includes:
determining a sequence number offset according to the data quantity of the first message and the data quantity of the second message;
adjusting the sequence number of a third message received after feeding back the second message according to the sequence number offset to obtain the adjusted sequence number of the third message;
When the third message is sent by the sender, the sequence number of the third message after adjustment is obtained by subtracting the sequence number offset from the sequence number of the third message;
and under the condition that the third message is the message sent by the receiver, the adjusted sequence number of the third message is obtained by adding the sequence number offset to the sequence number of the third message.
In this embodiment, the manner of adjusting the third message under the condition that the third message comes from the sender may refer to step S307 of the second embodiment, where the third message corresponds to the fourth request message of the second embodiment; the manner of adjusting the third message in the case that the third message is from the receiving party can be seen in step S309 of the second embodiment, where the third message corresponds to the fourth response message of the second embodiment.
For determining the sequence number offset, refer to the related content of step S304 in the second embodiment.
In some alternative embodiments, the method may further comprise:
after the second message is sent, an expected sequence number is recorded in a session table, and after a feedback message sent by the sender in response to the second message is received, the feedback message is checked according to the expected sequence number, and the expected sequence number represents a sequence number value carried by the expected feedback message.
The above can be seen from case two of embodiment four.
In some alternative embodiments, the method may further comprise:
and after the second message is sent, recording a sequence number offset determined according to the data quantity of the first message and the data quantity of the second message in a session table.
The above can be referred to in the third case of the fourth embodiment, and the above of the present embodiment can be applied to a processing manner of forcibly closing the communication connection, or can be applied to a processing manner of smoothly rejecting the communication request.
In some alternative embodiments, the method may further comprise:
detecting an entry of a session table, and deleting an invalid entry, wherein the time difference between the core time recorded by the invalid entry and the current core time is larger than a preset time difference threshold value.
The above can be seen in case four of embodiment four.
In some alternative embodiments, the method may further comprise:
and closing the communication connection between the sender and the receiver under the condition that the second message is sent and the response message corresponding to the second message is not received after the preset time length.
The above can be seen from case five of embodiment four.
Optionally, the adjusting the sequence number of the third message received after feeding back the second message according to the sequence number offset to obtain the adjusted sequence number of the third message includes:
determining diagnosis task information of a total task for adjusting a message sequence number, wherein the diagnosis task information comprises a single task number for forming the total task, a currently executed single task index number, a serial number and a bit-by-bit identification of each single task for forming the total task, and the initial value of the currently executed single task index number is 0;
and sequentially executing the single tasks forming the total task according to the serial numbers and the bit-by-bit identifiers of the single tasks so as to adjust the serial numbers of the obtained third messages and obtain the serial numbers of the adjusted third messages.
The specific implementation of this embodiment may refer to embodiment five, where the total task for adjusting the sequence number of the packet may be adjust_tcp_seq of embodiment five.
A second aspect of the present application provides an apparatus for processing a packet, including:
the obtaining unit is used for obtaining the first message;
a processing unit for:
discarding the first message and feeding back a second message to the sender of the first message under the condition that the first message is determined to be an unsafe message, wherein the second message characterizes the basis that the first message is determined to be the unsafe message;
After discarding the first message, closing the communication connection between the sender and the receiver under the condition that the transmission layer protocol of the first message is determined to be the target communication protocol, or adjusting a third message to maintain the communication connection between the sender and the receiver, wherein the third message is a message received after feeding back the second message;
and the sending unit is used for sending the first message to a receiving party of the first message under the condition that the first message is determined to be the safety message.
The beneficial effects of this application lie in:
and under the condition that the first message is determined to be the unsafe message and is discarded, providing a basis for determining the first message to be the unsafe message for the sender of the first message, so that the sender can execute corresponding operation based on the basis, and the sender is prevented from repeatedly sending the discarded message due to the fact that the sender is uncertain that the message is discarded.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a diagnostic agent module according to an embodiment of the present application;
FIG. 2 is a timing diagram of a method for a diagnostic agent module to forcibly close a communication connection according to an embodiment of the present application;
FIG. 3 is a timing chart of a method for smoothly rejecting a communication request by a diagnostic agent module according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a session management principle of a diagnostic agent module according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a task execution principle of a diagnostic agent module according to an embodiment of the present disclosure;
fig. 6 is a flowchart of a method for processing a message according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a device for processing a message according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The following are some of the terms and their corresponding abbreviations that may be involved in the embodiments of the present application.
Extended berkeley pack filter, extendedBerkeleyPacketFilter, eBPF.
Diagnostic communications based on IP protocol Diagnostic communication over Internet Protocol, doIP.
Unified diagnostic services, unified Diagnostic Services, UDS.
Flow Control, traffic Control, TC.
Transmission control protocol, transmission Control Protocol, TCP.
Electronic control unit, electronic Control Unit, ECU.
Unified diagnostic services, unified Diagnostic Services, UDS.
According to the method provided by any embodiment of the application, related steps can be formed by the security filtering module, the security filtering module can be internally provided with the diagnosis agent module or can be connected with the diagnosis agent module, and the security filtering module can be mounted to the TC inlet mounting point and the TC outlet mounting point, so that the security filtering module can intercept messages sent by both communication parties of the DoIP protocol and conduct security check on the intercepted messages, and when the intercepted messages are detected to be discarded, the discarded messages can be processed by the diagnosis agent module in a corresponding mode.
In this embodiment, the security filtering module and the diagnostic agent module may be regarded as software modules installed on the vehicle-mounted computer device.
Referring to fig. 1, a schematic structural diagram of a diagnostic agent module according to the present embodiment is provided.
It can be seen that, in this embodiment, the diagnostic agent module has functions of session management, task management, and response model, and through these functions, when the security filter module determines that the received DoIP packet is an unsafe packet and discards the packet, the diagnostic agent module may process the unsafe packet by forcibly closing the communication connection, or by smoothly rejecting the communication request, so that the sender of the packet may obtain the reason that the packet is discarded, so as to avoid the problem of system blocking caused by that the sender repeatedly sends the discarded packet after the sender is discarded.
When the processing is performed in a mode of forcibly closing the communication connection, the diagnosis agent module can forcibly close the communication connection between the two parties based on the DoIP protocol communication, and can inform the reason that the message is discarded to the sender of the message.
When the message is processed in a mode of forcibly closing the communication connection, the diagnosis agent module can send a DoIP negative response to the sender of the message or send a DoIP positive response and a UDS negative response at the same time after the message is found to pass through the security check (namely to belong to an unsafe message), and further, if the transmission layer protocol of the unsafe message is a TCP protocol, the diagnosis agent module can also send a TCP Reset message to both the sender and the receiver of the message, so that the communication connection of the two parties is forcibly closed.
The specific processing of the message according to the mode of forcibly closing the communication connection can be determined according to the configuration command input by the user in advance.
Illustratively, if the user inputs the following configuration commands:
ebpftables-A-i eth1-p doip--type 0x0005-j REJECT--reject-with negative-response-and-reset。
the diagnostic agent module may add the following rule for identifying the unsafe message and forcibly closing the communication connection to the ingress interface of the network card eth1 according to the configuration command: for the DoIP Payload type 0005 (16) That is, a message of the route activation request type, performs a rejection process (equivalent to identifying it as an unsafe message) and performs a forced closing operation of the communication connection. Wherein the subscript (16) represents hexadecimal.
The content specified after the option-j in the configuration command is the behavior configured by the user, -j REJECT-REJECT-withnegtive-response-and-response represents forced closing of the communication connection.
The communication request is smoothly rejected. In the processing mode, the diagnosis agent module can inform the reason that the message is discarded by the sender of the message and maintain the communication connection (such as TCP connection) of the two communication parties, thereby ensuring the normal operation of the subsequent communication flow.
In the case that the DoIP message fails the security check, i.e. is identified as an unsafe message, the diagnostic proxy module may send a DoIP negative response to the sender of the message, or may send a DoIP positive response and a UDS negative response simultaneously, and if the transport layer protocol of the DoIP message is the TCP protocol, all subsequent messages in the communication connection need to be modified to maintain the communication connection.
The specific processing of which message is processed in a mode of smoothly rejecting the communication request can be determined according to the configuration command input by the user in advance.
By way of example, the user-entered configuration command may be:
for example, the user configures the following commands:
ebpftables-A-i eth1-p doip–uds-si 0x2E-j REJECT--reject-with negative-response。
in this case, the diagnostic agent module may add a rule to the ingress interface of the network card eth1 based on the configuration command as follows:
ID 2E for UDS service (16) And (3) carrying out rejection processing on the message of the request, and executing smooth rejection communication request operation.
Wherein the specified content after the option-j is the behavior configured by the user, -j REJECT-with-response indicates smooth rejection of the communication request.
When the transport layer protocol of the unsafe message is the TCP protocol, the two processing modes are different in that: forced closing of the communication connection requires sending a TCP Reset message to force closing of the communication connection; the smooth refusing of the communication request needs to modify all subsequent messages of the communication connection so as to maintain the communication connection and ensure the normal operation of the subsequent communication flow. A user may specify one of the two actions for a DoIP security rule when configuring the rule as desired.
The specific content of the negative response message may be determined by the answer model shown in fig. 1 when a DoIP negative response is sent, or a DoIP positive response and a UDS negative response are sent simultaneously.
Example 1
In this embodiment, the diagnostic agent module may process the discarded unsafe message by forcibly closing the communication connection, and the timing chart of the processing procedure may be referred to in fig. 2.
S201, the client sends a first request message to the server.
In some embodiments, the tester outside the vehicle may be used as a DoIP client to send a request message to a communication terminal inside the vehicle and access a response message fed back by the communication terminal, where the communication terminal inside the vehicle is used as a DoIP server.
In some embodiments, the communication terminal in the vehicle may be used as a DoIP client, and send a request message to the ECU in the vehicle and receive a response message fed back by the ECU, where the ECU in the vehicle is used as a DoIP server.
S202, after the diagnostic agent module performs security check on the first request message, the first request message is sent to the server.
As described above, the message sent by the client may be intercepted by the diagnostic agent module and security checked, and after the checking, it is determined that the first request message belongs to the security message, and then the first request message is sent to the server.
S203, the server responds to the first request message and sends a first response message to the client.
S204, the diagnosis agent module sends the first response message to the client after performing security check on the first response message.
The message sent by the server can also be intercepted by the diagnosis agent module and subjected to security check, and after the check, the first response message is determined to belong to the security message, so that the first response message is allowed to reach the client through the network card of the client.
Steps S201 to S204 are processes for processing the security message capable of passing the security check by the diagnostic agent module, and specific implementation manners of each step in the processes can refer to technical documents in related fields, and are not described in detail.
S205, the client sends a second request message to the server.
S206, the diagnosis agent module performs security check on the second request message and intercepts the second request message.
After the second request message is subjected to the security check, the diagnostic agent module determines that the second request message does not pass the security check, that is, determines that the second request message belongs to an unsafe message, and then the diagnostic agent module intercepts the message and does not send the message to a server serving as a receiving party.
The diagnostic agent module may identify whether the message belongs to a secure message or an unsafe message according to whether the related information of the message accords with a corresponding filtering rule, and the related information of the message may include at least one of the following:
The message header includes a version number field, an inverse version number field, a Payload type field, a length field, a source IP address field, a source logical address field, a destination IP address field, a destination logical address field, and a UDS service ID field.
Alternatively, when a message does not hit the DoIP security filtering rule, the message may also be identified as an unsafe message.
The specific content of the filtering rule may be referred to the relevant industry standard, or may be determined according to the configuration of the user, without limitation.
S207, the diagnosis agent module sends a negative response message to the client with the identity of the server.
The negative response message may include a DoIP negative response message, or may include a DoIP positive response message and a UDS negative response message.
The format of the response message sent by the diagnostic agent module may be determined according to the Payload type field of the received second request message by using a pre-configured response model. The response model can be seen in example three.
After executing S207, if the transport layer protocol of the second request packet is the preset target communication protocol, the diagnostic agent module may further execute steps S208 to S210, and if it is not the target communication protocol, the processing method of the present embodiment ends.
The target communication protocol here may be a TCP protocol or other communication protocols, and may specifically be determined according to the type of communication connection established between the client and the server.
The diagnostic agent simulates the DoIP server responding to an illegal request received from the DoIP client and carrying a corresponding negative response code to inform the DoIP client of the reason why the message was rejected.
The method for sending the negative response message by the identity of the server may be that the diagnostic agent module generates the negative response message according to the IP address, the port number and the logical address of the DoIP server, so that the client identifies the negative response message as a response message sent by the server.
In the negative response message, a response code determined by the diagnosis agent module through a response model can be carried, so that the sender of the discarded unsafe message is informed of the reason that the message is refused.
S208, the diagnosis agent module receives the response message of the client.
The response message indicates that the client successfully receives a negative response message of the diagnostic agent module.
The type of the reply message depends on the target communication protocol, and when the target communication protocol is a TCP protocol, the reply message may be a TCP ACK message.
After receiving the response message, the diagnostic agent module can intercept the response message and does not send the response message to the server.
Optionally, after sending a negative response message to the client, the diagnostic agent module may discard any message from the client except the response message.
S209, the diagnosis agent module sends a first interrupt connection message to the client by the identity of the server.
The first interrupt connection message is used for interrupting a target communication connection established between the client and the server through a target communication protocol. The type of the first interrupt connection message depends on the target communication protocol.
For example, when the target communication protocol is a TCP protocol, the first interrupt connection packet may be a TCP Reset packet, and after receiving the packet, the client disconnects the TCP communication connection between itself and the server.
S210, the diagnosis agent module sends a second interrupt connection message to the server according to the identity of the client.
The second interrupt connection message is used for interrupting a target communication connection established between the client and the server through a target communication protocol. The type of the second interrupt connection message depends on the target communication protocol.
For example, when the target communication protocol is a TCP protocol, the second interrupt connection packet may be a TCP Reset packet, and after the server receives the packet, the server disconnects the TCP communication connection between itself and the client.
The order of execution of steps S209 and S210 is not limited, and S209 may be executed first, S210 may be executed first, or both may be executed simultaneously.
The client and the server respectively respond to the interrupt connection message of the diagnosis agent module so as to disconnect the target communication connection between the client and the opposite party.
Steps S207 to S210 may be performed by the diagnostic agent calling the diagnostic agent, in other words, the diagnostic agent may give a second request message to the diagnostic agent that fails the security check, causing the diagnostic agent to perform steps S207 to S210.
In this embodiment, after intercepting the unsafe message, the diagnostic agent module may send a negative response message to the sender of the message (for example, the client in the foregoing embodiment), so that the sender may obtain the reason why the message is identified as the unsafe message, and further execute corresponding processing logic based on the reason, so as to avoid the sender from repeatedly sending the discarded message to a certain extent.
On the other hand, under the condition that the unsafe message is based on the target communication protocol, the diagnosis agent module can forcedly disconnect the target communication connection established between the two communication parties based on the target communication protocol, thereby avoiding the situation that the sender repeatedly sends the discarded message.
Example two
In this embodiment, the diagnostic agent module may process the discarded unsafe message by smoothly rejecting the communication request, and the timing chart of the processing procedure may be referred to fig. 3.
S201, the client sends a first request message to the server.
S202, after the diagnostic agent module performs security check on the first request message, the first request message is sent to the server.
S203, the server responds to the first request message and sends a first response message to the client.
S204, the diagnosis agent module sends the first response message to the client after performing security check on the first response message.
S301, the client sends a third request message to the server.
S302, the diagnostic agent module performs security check on the third request message and intercepts the third request message.
S303, the diagnosis agent module sends a negative response message to the client with the identity of the server.
The negative response message may include a DoIP negative response message, or may include a DoIP positive response message and a UDS negative response message.
The implementation of steps S302 and S303 can be referred to steps S206 and S207 of the first embodiment, and will not be described again.
After executing S303, if the transport layer protocol of the third request packet is the preset target communication protocol, the diagnostic agent module may further execute the subsequent steps, and if the third request packet is not the target communication protocol, the processing method of the present embodiment ends.
Illustratively, if the transport layer protocol of the third request packet is the TCP protocol, the subsequent steps are performed, and if the third request packet is the UDP protocol, the subsequent steps are not performed, and this embodiment ends.
S304, the diagnostic agent module records the sequence number offset caused by the third request message.
The sequence number offset may be recorded in a session table of the diagnostic agent module, which may be maintained by the diagnostic agent module through the session management function shown in fig. 1.
For example, when the target communication protocol is a TCP protocol, the sequence number offset recorded by the diagnostic agent module may include an offset of the SEQ number in the TCP connection and an offset of the ACK number.
The TCP connection refers to a TCP communication connection established between a client and a server.
SEQ number (Sequence number) in the TCP connection is used to characterize the order of the messages sent by the sender during transmission.
And the ACK number (Acknowledgmentnumber) is used for informing the receiving party that the sequence number of the data byte successfully received by the sending party, namely the ACK number carried in the message of the receiving party is equal to the sum of the SEQ number carried in the last message sent by the sending party and the payload length of the last message sent by the sending party.
The sequence number offset comprises an offset of SEQ number and an offset of ACK number, wherein the offset of SEQ number is related to the data volume of the third request message received by the diagnostic agent module, and the offset of ACK number is related to the data volume of the negative response message sent to the client by the diagnostic agent module.
Specifically, the diagnostic agent module may use the payload length of the third request packet, that is, the data amount of the payload in the third request packet, as the offset of the SEQ number, and use the payload length of the negative response packet, that is, the data amount of the payload in the negative response packet, as the offset of the ACK number.
S305, the diagnosis agent module discards the response message of the client.
In this embodiment, after receiving the response message of the client, the diagnostic agent module discards the response message.
S306, the client sends a fourth request message to the server.
In this embodiment, the fourth request message is a security message capable of passing the security check.
S307, the diagnostic agent module sends the adjusted fourth request message to the server.
The adjusted fourth request message is a message obtained after the diagnostic agent module adjusts the sequence number carried by the fourth request message according to the sequence number offset.
The adjustment mode may be that the diagnostic agent module replaces the first sequence number originally carried by the fourth request message with the second sequence number obtained by subtracting the sequence number offset from the first sequence number, and adjusts information related to the sequence number, for example, adjusts a checksum of the header of the message.
In combination with the foregoing example, the diagnostic agent module may subtract the offset of the first SEQ number from the first SEQ number originally carried by the fourth request packet to obtain a second SEQ number, subtract the offset of the ACK number from the first ACK number originally carried by the fourth request packet to obtain a second ACK number, and then replace the first SEQ number and the first ACK number carried by the fourth request packet with the second SEQ number and the second ACK number respectively, and recalculate the checksum of the header of the fourth request packet according to the second SEQ number and the second ACK number and replace the original checksum, where the message after completing the replacement is the fourth request packet after adjustment.
S308, the server sends a fourth response message to the client.
And the fourth response message is sent by the server in response to the fourth request message of the client.
The fourth response message is a security message capable of passing the security check.
S309, the diagnostic agent module sends the adjusted fourth response message to the client.
The adjusted fourth response message is a message obtained after the diagnostic agent module adjusts the sequence number carried by the fourth response message according to the sequence number offset.
The adjustment mode may be that the diagnostic agent module replaces the third sequence number originally carried by the fourth response message with the fourth sequence number obtained by adding the sequence number offset to the third sequence number, and adjusts information related to the sequence number, for example, adjusts a checksum of the message header.
In combination with the foregoing example, the diagnostic agent module may add the offset of the first SEQ number to the third SEQ number carried by the fourth response packet to obtain the first SEQ number, add the offset of the second ACK number to the third ACK number carried by the fourth response packet to obtain the second ACK number, and then replace the third SEQ number and the third ACK number carried by the fourth response packet with the first SEQ number and the second ACK number, respectively, and recalculate the checksum of the header of the fourth response packet according to the first SEQ number and the first ACK number and replace the original checksum, where the message after the replacement is the fourth response packet after the completion of the adjustment.
The processes described in S303 to S309 may be performed by the diagnostic agent module calling the diagnostic agent module.
It should be noted that, as long as an unsafe request message appears in the communication connection between the client and the server, and after the diagnostic agent module performs the operation of smoothly rejecting the communication request, any subsequent safe message is processed in the manner of S306 to S309, and any unsafe message is processed in the manner of S301 to S305 until the communication connection is disconnected.
It should be added that, in the process of smoothly rejecting the communication request in this embodiment, the offset of the sequence number is accumulated, that is, when the diagnostic agent module receives multiple unsafe messages in sequence, the offset used when the diagnostic agent module adjusts the sequence number of the safe message may be the sum of the offset of the sequence numbers caused by the multiple unsafe messages.
Taking the offset of the SEQ number and the offset of the ACK number as examples, if the offsets of the SEQ and the ACK recorded by the diagnostic agent module are x1 and y1 respectively when the unsafe message is received for the first time, the offsets used in S307 and S309 are x1 and y1; when the unsafe message is received for the second time, the offset of the SEQ and the ACK recorded by the unsafe message received by the diagnosis agent module is x2 and y2 respectively, the offset is accumulated, and when S307 and S309 are executed again, the offset of the SEQ number used by the diagnosis agent module is x1+x2, the offset of the ACK used is y1+y2, and so on.
The second embodiment has the beneficial effects that, on the one hand, a negative response message can be sent to the sender of the message (for example, the client in the above embodiment), so that the sender can obtain the reason that the message is identified as an unsafe message, and further execute corresponding processing logic based on the reason, so that the sender is prevented from repeatedly sending the discarded message to a certain extent.
On the other hand, under the condition that the unsafe message is based on the target communication protocol, the diagnosis agent module can ensure that the communication parties can continue to communicate by recording the offset of the sequence numbers and adjusting the sequence numbers of the subsequent safe messages according to the offset without disconnecting the communication connection and establishing new communication connection.
Example III
When the diagnosis agent module transmits the negative response message, the pre-configured response model can be utilized to process the received unsafe message so as to determine the content of the transmitted negative response message.
The method for determining the negative response message by the diagnosis agent module through the response model can specifically comprise any one or more of the following steps:
when the version number field or the reverse version number field of the header of the DoIP message of any Payload type does not meet the relevant industry standard, the determined negative response message can contain 1 data packet, and the Payload type of the data packet is 0000 (16) This type represents a general DoIP header negative response, and the negative response code carried in the packet may be 00 (16) Representing a header version number or an inverse version number error;
in addition, according to the relevant industry standard, if the transport layer protocol of the DoIP message is TCP, the socket is closed after the negative response of the type is sent, so the diagnostic agent module also sends TCP Reset messages to the DoIP client and the DoIP server respectively, and the TCP connection is closed;
when the Payload type field of the header of any Payload type DoIP message does not meet the relevant industry standard, the negative response message may include 1 data packet with Payload type of 0000 (16) This type represents a general DoIP header negative response, carried negative response generationThe code may be 01 (16) Representing an unknown Payload type;
when the length field of the header of the DoIP message of any Payload type does not meet the relevant industry standard, the negative response message can contain 1 data packet, wherein the Payload type is 0000 (16) Representing a general DoIP header negative response, the carried negative response code may be 04 (16) Representing the unknown illegal Payload length; in addition, according to ISO13400, if the transport layer protocol is TCP, the socket needs to be closed after the type of negative response message is sent, so the diagnostic agent module may additionally send TCP Reset messages to the DoIP client and the DoIP server respectively according to the identity of the other party, and close the TCP connection;
When Payload type is 0005 (16) The source IP address and the source logic address of the DoIP message (i.e. the route activation request) do not accord with the IP address and logic address binding rule of the DoIP security filtering rule, and the negative response message can comprise 1 data packet with Payload type of 0006 (16) Indicating a routing activation response, the routing activation response code carried by the packet may be 00 (16) Indicating that route activation is denied due to the unknown source logical address; in addition, according to ISO13400, if the transport layer protocol is TCP, the socket is closed after the type of negative response is sent, so the diagnostic agent module may additionally send TCP Reset messages to the DoIP client and the DoIP server respectively according to the identity of the other party, and close the TCP connection;
when Payload type is 8001 (16) The source IP address and the source logic address of the DoIP message (namely the diagnosis message) do not accord with the IP address and logic address binding rule of the DoIP security filtering rule, and the negative response message can comprise 1 data packet with the Payload type of 8003 (16) Indicating a negative response to the diagnostic message, the data packet may carry a negative response code of 02 (16) I.e. illegal source logical addresses; in addition, according to ISO13400, if the transport layer protocol is TCP, the socket is closed after sending the negative response of this type, so the diagnostic agent module additionally sends TCP Reset messages to the DoIP client and the DoIP server respectively according to the identity of the other party, and closes A TCP connection;
when Payload type is 8001 (16) The source logical address of the DoIP message (i.e., diagnostic message) does not conform to the source logical address-related UDS filtering rules of the DoIP security filtering rules, and the negative response message may include 1 packet with Payload type 8003 (16) Indicating a negative response of the diagnostic message, wherein the negative response code of the diagnostic message carried by the data packet is 02 (16) I.e. illegal source logical addresses; in addition, according to the ISO13400-2, if the transport layer protocol is TCP, the socket is closed after the type of negative response is sent, so the diagnostic agent can send TCP Reset messages to the DoIP client and the DoIP server respectively with the identity of the other party, and close the TCP connection;
when Payload type is 8001 (16) The destination IP address and the destination logical address of the DoIP message (i.e. the diagnostic message) do not conform to the IP address and logical address binding rule of the DoIP security filtering rule, and the negative response message can comprise 1 data packet with Payload type of 8003 (16) Indicating a negative response of the diagnostic message, wherein the negative response code of the diagnostic message carried by the data packet is 06 (16) I.e. the entity corresponding to the destination logical address is not reachable;
when Payload type is 8001 (16) The destination logical address of the DoIP packet (i.e., diagnostic message) does not conform to the UDS filtering rule associated with the destination logical address of the DoIP security filtering rule, and the negative response packet may include 1 packet with Payload type 8003 (16) Indicating a negative response of the diagnostic message, wherein the data packet carries a negative response code of the diagnostic message of 06 (16) I.e. the entity corresponding to the destination logical address is not reachable;
when Payload type is 8001 (16) The DoIP packet (i.e., diagnostic message) does not conform to UDS service ID related UDS filtering rules of the DoIP security filtering rules, and the negative response packet may contain 2 packets, wherein the Payload type of the 1 st DoIP packet is 8002 (16) Indicating a diagnostic message acknowledgement indicating receipt of the diagnostic request; payload type of the 2 nd DoIP packet is 8001 (16) Represents a diagnostic message, the diagnostic message being a UDS negative response, data 2The UDS error return code of the packet may be 11 (16) Indicating that the UDS service ID is not supported;
when Payload type is 8001 (16) If the DoIP packet miss (i.e. diagnostic message) does not hit the DoIP security filtering rule and the default action execution is denied, the negative response packet may contain 2 packets, wherein the Payload type of the 1 st DoIP packet is 8002 (16) I.e., a diagnostic message acknowledgement, indicating receipt of the diagnostic request; payload type of the 2 nd DoIP packet is 8001 (16) I.e. a diagnostic message, the content of which is UDS negative response, the 2 nd data packet may carry a UDS error return code of 10 (16) Representing a generic rejection response.
In this embodiment, the relevant industry standard refers to the ISO13400 standard.
The format of the corresponding negative response message in the above-mentioned different cases can be seen in table 1.
TABLE 1
/>
/>
In the message format column of table 1, XX represents the logical address of the DoIP client, two bytes are occupied, YY represents the logical address of the DoIP server, two bytes are occupied, ZZ represents the UDS service ID of the message to be processed, and 1 byte is occupied.
The above-mentioned contents cover all security check contents supported by the existing DoIP security filtering function, namely, it is realized that any DoIP message which does not pass the security check can be negatively responded by the diagnostic agent in a manner conforming to the relevant industry standard and specification.
Example IV
As described above, the diagnostic agent module may record the offset of the sequence number caused by the unsafe message in the session table.
The session table and some related data generated during the execution of the processing method provided in the foregoing embodiment may be stored and maintained in various manners.
In this embodiment, considering that the amount of information that can be stored in the eBPF stack space is small, the diagnostic agent module may store the session table and related data in a preset block of memory space eBPF Map in the kernel, and both the eBPF kernel program and the eBPF user mode program may access the data in the eBPF Map, so that session management of the diagnostic agent module is implemented by using an eBPF Map mechanism.
The principle of session management implemented by the eBPF Map mechanism can be seen in fig. 4.
The eBPF kernel program can access the session table stored in the eBPF Map when any one of the following occurs.
In case one, a diagnostic forced off state is recorded. When the diagnostic agent module processes the unsafe message in a manner of forcibly closing the communication connection, in executing step S207, that is, after sending the negative response message, the diagnostic agent module may create an entry in the session table, record the state information, specifically, may record a sequence number value of the expected response message from the client, for example, record a value of an ACK number of the expected response message from the client, the expected value may refer to the specification of the SEQ number and the ACK number in the TCP protocol, when the diagnostic agent module receives the response message sent by the client and determines that the response message carries the corresponding sequence number, the diagnostic agent module may compare the sequence number carried in the response message with the expected sequence number recorded in the session table, if the response message and the expected sequence number are matched, delete the record in the session table, and execute the step after receiving the response message in embodiment one, if the response message is not matched, may discard the received message, and continue to wait for the step after receiving the response message in embodiment one.
For example, if the response message is a response message based on the TCP protocol, the diagnostic agent module may identify whether the ACK flag is 1, if it is 1, which indicates that the response message has an ACK number, and then the diagnostic agent module may compare whether the ACK number carried by the response message and the ACK number recorded in the session table are identical.
The advantage of this embodiment is that the diagnostic agent module is prevented from recognizing other messages as response messages of the client side by mistake.
Recording a diagnosis smooth reject state: when the diagnostic agent module acts in the manner of smoothly rejecting the communication request to process the unsafe message, after executing step S303, an entry may be created in the session table, the status information is recorded, that is, the sequence number value of the expected response message from the client is recorded, for example, the value of the ACK number of the expected response message from the client is recorded, the expected value may be determined by referring to the specification about the SEQ number and the ACK number in the TCP protocol, when the diagnostic agent module receives the response message sent by the client and determines that the response message carries the corresponding sequence number, the sequence number carried in the response message may be compared with the expected sequence number recorded in the session table, if the sequence number and the sequence number are matched, the record in the session table is deleted, and the step after receiving the response message in the second embodiment is executed, if the sequence number and the sequence number are not matched, the received message may be discarded, and the step after receiving the response message in the second embodiment is executed after continuing to wait for the response message with the sequence number matched.
For example, if the response message is a response message based on the TCP protocol, the diagnostic agent module may identify whether the ACK flag is 1, if it is 1, which indicates that the response message has an ACK number, and then the diagnostic agent module may compare whether the ACK number carried by the response message and the ACK number recorded in the session table are identical.
Further, in this case, the diagnostic agent module may further determine whether the transmission layer of the response message carries a payload after comparing and determining that the two match, if the transmission layer does not carry a payload, discard the received response message, and continue to execute the subsequent steps after receiving the response message in the second embodiment, and if the transmission layer carries a payload, the diagnostic agent module may skip step S305.
The beneficial effects of the embodiment are consistent with those of the first case, and will not be described again.
And thirdly, recording the offset of the serial number caused by the unsafe message. In this case, the recording manner of the diagnostic agent module may refer to step S304 in the second embodiment, which is not described in detail.
After the communication connection established by the client and the server is disconnected, the diagnostic agent module can delete the offsets of the serial numbers recorded in the connection process.
Because the eBPF kernel program does not support traversing the entries of the session table, the session table cannot be monitored and the invalid entries can be deleted, the monitoring of the session table can be realized by the eBPF user mode program. The eBPF user mode program can access the session table stored in the eBPF Map when any one of the following conditions occurs:
and fourthly, monitoring a failure entry of the session table. The user mode program can traverse all the entries of the session table at intervals of 0.1 second (or other time intervals), and when the time difference between the current kernel time and the kernel time recorded by one entry in the previous session table is greater than a certain time difference threshold, the entry is judged to be an invalid entry, the deletion operation is executed on the entry.
And fifthly, actively interrupting the communication connection. When the diagnostic agent module processes the unsafe message according to the forced closing communication connection mode, it is assumed that the expected response message is not received, for example, the TCP ACK message is not received, the relevant entry recorded in the session table will fail after a preset time (for example, 1 second) of sending the negative response message, at this time, after the user mode program deletes the failed entry according to the fourth condition, because the client and the server are still in the semi-connected state, the diagnostic agent module needs to send a first interrupt connection message to the client by the identity of the server at this time, and send a second interrupt connection message to the server by the identity of the client, so as to disconnect the communication connection of the two parties, in this case, the eBPF user mode program needs to create a socket, so as to send the interrupt connection message instead of the kernel program, and actively disconnect.
Further, after the diagnostic agent module processes the message in a manner of smoothly rejecting the communication request and performs step S304 in the second embodiment, if no message is sent by both parties of the communication connection within a preset time period (for example, 299 seconds), it may be determined that the entry for recording the offset in the session table is invalid and deleted, and the diagnostic agent module may send the first interrupt connection message and the second interrupt connection message respectively to disconnect the communication connection of both parties.
Example five
The present embodiment defines two concepts in diagnostic task management: total tasks and single tasks. The total task consists of one or more single tasks according to a certain sequence, and one total task can finish a series of operations aiming at a specific data packet so as to achieve a specific purpose; the single task is a basic component unit of the total task, can not be split, and a plurality of single tasks forming the total task are sequentially executed strictly according to the execution sequence by utilizing a tail call mechanism of the eBPF.
By introducing a task management mechanism, the diagnostic agent module can execute the relevant steps in the first and second embodiments by executing the corresponding task.
In this embodiment, after detecting the unsafe message, the diagnostic agent module may store diagnostic task information in the eBPF Map, where the information includes the number of single tasks that form the total task, the currently executed single task index number (initial 0), and for each single task that forms the total task, the serial number and the bit-by-bit identifier of the single task, and after storing the information, call the diagnostic agent program;
after the current single task is finished, if the single task is not the last single task of the total tasks, the total task execution progress in the eBPF Map is updated, and the diagnostic agent is called by itself to continue to execute the next single task.
As shown in the task execution principle of the diagnostic agent module in fig. 5, assuming that a total task of a diagnostic agent is composed of N single tasks, a currently executed single task index is an initial value of 0 and points to a 1 st single task constituting the total task, the diagnostic agent will execute the single task according to a single task number and a bit identifier thereof, then add 1 to the currently executed single task index, and finally, call the diagnostic agent program itself to execute the next single task until all the single tasks constituting the total task are sequentially executed.
In this embodiment, the total tasks stored in the eBPF Map by the diagnostic agent module may include any one or more of the total tasks shown in table 2.
TABLE 2
/>
/>
The overall tasks in table 2 are described below.
1, del_ipv4_reserved_flag, the total task consists of 1 single task, by executing the total task, the diagnostic agent module can clear header identification field reserved bit identification of the IPv 4-based message, where the identification is added when the eBPF kernel of the diagnostic agent module adjusts the sequence number of the message, that is, when S307 is executed, the purpose of adding the identification is to redirect the adjusted message and skip detection of the vehicle-mounted ethernet deep packet implemented based on the eBPF.
2, the DEL_USER_RST_FLAG, the total task is composed of 1 single task, by executing the total task, the diagnosis agent module can clear the special mark of the interrupt connection message of the user mode program, the mark is created by the eBPF user mode program when the interrupt connection message is sent, and the purpose of creating the interrupt connection message is to enable the interrupt connection message to skip the detection of the vehicle-mounted Ethernet deep data packet realized based on the eBPF.
3, send_tcp_reset_and_reject_reach, the total task is composed of 2 single tasks, and by executing the total task, the diagnostic agent module can send an interrupt connection message to the message receiver and send a negative response message to the message sender, in other words, execute the total task, which is equivalent to executing steps S207 and S210 of the first embodiment.
4, wait_ack_and_send_reset, the total task is composed of 2 single tasks, and functions to send an interrupt connection message to the sender of the message after waiting for the desired response message, in other words, executing the total task is equivalent to executing steps S208 and S209 of the first embodiment.
5, send_reject_reach, the total task is composed of 1 single task, and the function is to send a negative response message to the sender of the message, and executing the total task is equivalent to executing step S207 of the first embodiment or step S303 of the second embodiment.
6, send_reject_read_and_keep_connection, the total task is composed of 2 single tasks, and the function is to send a negative response message to the sender of the message, record the related information (such as the offset of the sequence number) of the received unsafe message in the session table, and execute the total task, which is equivalent to executing steps S303 and S304 of the second embodiment.
And 7, an overall task of Adjust_TCP_SEQ is composed of 1 single task, and the function is to adjust the sequence number of the received security message to obtain an adjusted message, and the overall task is executed, which is equivalent to executing steps S307 and S309 of the second embodiment.
The partial singlets that the overall task may include and their functions are shown in table 3 below.
TABLE 3 Table 3
The diagnostic agent single task also needs to work together with the bit-by-bit identification of the diagnostic agent task when in use, and the bit-by-bit identification has the following functions:
after the bit-by-bit identification is set for the single task, the same single task can meet the requirements of different total tasks to be used in the different total tasks, the multiplexing rate of the program codes is improved, and certain unnecessary specific steps can be skipped in the process of executing the total tasks so as to improve the execution efficiency of the program.
The bitwise identification of a portion of the single task and its function are shown in table 4.
TABLE 4 Table 4
/>
Example six
In combination with the foregoing embodiments, the present embodiment provides a method for processing a message, and please refer to fig. 6, which is a flowchart of the method, the method may include the following steps.
The method of the present embodiment may be performed by the diagnostic agent module and the diagnostic agent module of the foregoing embodiments.
S601, obtaining a first message.
If the first message is an unsafe message, step S602 is executed, and if the first message is a safe message, step S603 is executed.
S602, discarding the first message and feeding back a second message to the sender of the first message under the condition that the first message is determined to be an unsafe message, wherein the first message of the second message Wen Biaozheng is determined to be the basis of the unsafe message.
S603, under the condition that the first message is determined to be the safety message, the first message is sent to a receiving party of the first message.
Optionally, after determining that the first packet is an unsafe packet, the method of this embodiment may further include the following steps.
S604, under the condition that the transmission layer protocol of the first message is the target communication protocol, the communication connection between the two parties of the first message is forcibly closed, or the message which is interacted subsequently by the two parties is adjusted to maintain the communication connection.
According to the method for processing a message provided in this embodiment, the embodiment further provides a device for processing a message, please refer to fig. 7, which is a schematic structural diagram of the device.
An obtaining unit 701, configured to obtain a first packet;
the processing unit 702 is configured to discard the first message and feed back a second message to a sender of the first message when the first message is determined to be an unsafe message, where the second message Wen Biaozheng is determined to be a basis of the unsafe message;
the sending unit 703 is configured to send the first message to a receiver of the first message if it is determined that the first message is a secure message.
In some alternative embodiments, after the processing unit 702 feeds back the second message to the sender of the first message, the processing unit is further configured to:
And closing the communication connection between the sender and the receiver under the condition that the transmission layer protocol of the first message is determined to be the target communication protocol.
In some alternative embodiments, before the processing unit 702 closes the communication connection between the sender and the receiver, it is further configured to:
after the second message is sent, recording a first sequence number expected value of a feedback message corresponding to the second message;
receiving a feedback message sent by the sender in response to the second message;
and after the first sequence number carried by the feedback message is consistent with the expected value of the first sequence number, executing the step of closing the communication connection between the sender and the receiver.
In some alternative embodiments, after the processing unit 702 feeds back the second message to the sender of the first message, the processing unit is further configured to:
determining a sequence number offset according to the data quantity of the first message and the data quantity of the second message;
subtracting the sequence number offset from the sequence number of the third message to obtain the sequence number of the adjusted third message under the condition that the third message is the message sent by the sender;
and adding the sequence number offset to the sequence number of the third message to obtain the sequence number of the adjusted third message under the condition that the third message is the message sent by the receiver.
In some alternative embodiments, the processing unit 702 is further configured to perform:
after the second message is sent, the expected sequence number is recorded in the session table, and after the feedback message sent by the sender in response to the second message is received, the feedback message is checked according to the expected sequence number, and the expected sequence number represents the sequence number value carried by the expected feedback message.
In some alternative embodiments, the processing unit 702 is further configured to perform:
after the second message is sent, the sequence number offset determined according to the data quantity of the first message and the data quantity of the second message is recorded in a session table.
In some alternative embodiments, the processing unit 702 is further configured to perform:
detecting an entry of a session table, deleting an invalid entry, wherein the time difference between the core time recorded by the invalid entry and the current core time is larger than a preset time difference threshold value.
In some alternative embodiments, the processing unit 702 is further configured to perform:
and closing the communication connection between the sender and the receiver under the condition that the second message is sent and the response message corresponding to the second message is not received after the preset time length.
In some alternative embodiments, the processing unit 702 is specifically configured to, when closing a communication connection between a sender and a receiver:
Determining diagnosis task information of a total task for closing communication connection, wherein the diagnosis task information comprises a single task number forming the total task, a currently executed single task index number, a serial number and a bit-by-bit identification of each single task forming the total task, and the initial value of the currently executed single task index number is 0;
and according to the serial numbers and the bit marks of the single tasks, the single tasks forming the total tasks are sequentially executed to close the communication connection between the sender and the receiver.
The specific working principle and beneficial effects of the device for processing a message in this embodiment can be referred to the relevant steps and beneficial effects of the method for processing a message provided in any embodiment of the present application, which are not described herein again.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
It should be noted that the terms "first," "second," and the like herein are merely used for distinguishing between different devices, modules, or units and not for limiting the order or interdependence of the functions performed by such devices, modules, or units.
Those skilled in the art can make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method for processing a message, comprising:
obtaining a first message;
discarding the first message and feeding back a second message to the sender of the first message under the condition that the first message is determined to be an unsafe message, wherein the second message characterizes the basis that the first message is determined to be the unsafe message;
after discarding the first message, closing the communication connection between the sender and the receiver under the condition that the transmission layer protocol of the first message is determined to be the target communication protocol, or adjusting a third message to maintain the communication connection between the sender and the receiver, wherein the third message is a message received after feeding back the second message;
And under the condition that the first message is determined to be a safety message, the first message is sent to a receiving party of the first message.
2. The method of claim 1, wherein prior to the closing the communication connection between the sender and the receiver, further comprising:
after the second message is sent, recording a first sequence number expected value of a feedback message corresponding to the second message;
receiving a feedback message sent by the sender in response to the second message;
and after the first sequence number carried by the feedback message is consistent with the first sequence number expected value, executing the step of closing the communication connection between the sender and the receiver.
3. The method of claim 1, wherein the closing the communication connection between the sender and the receiver comprises:
determining diagnosis task information of a total task for closing communication connection, wherein the diagnosis task information comprises a single task number forming the total task, a currently executed single task index number, a serial number and a bit-by-bit identification of each single task forming the total task, and the initial value of the currently executed single task index number is 0;
And according to the serial numbers and the bit marks of the single tasks, the single tasks forming the total tasks are sequentially executed so as to close the communication connection between the sender and the receiver.
4. The method of claim 1, wherein the adjusting the third message comprises:
determining a sequence number offset according to the data quantity of the first message and the data quantity of the second message;
adjusting the sequence number of a third message received after feeding back the second message according to the sequence number offset to obtain the adjusted sequence number of the third message;
when the third message is sent by the sender, the sequence number of the third message after adjustment is obtained by subtracting the sequence number offset from the sequence number of the third message;
and under the condition that the third message is the message sent by the receiver, the adjusted sequence number of the third message is obtained by adding the sequence number offset to the sequence number of the third message.
5. The method as recited in claim 4, further comprising:
after the second message is sent, an expected sequence number is recorded in a session table, and after a feedback message sent by the sender in response to the second message is received, the feedback message is checked according to the expected sequence number, and the expected sequence number represents a sequence number value carried by the expected feedback message.
6. The method as recited in claim 4, further comprising:
and after the second message is sent, recording a sequence number offset determined according to the data quantity of the first message and the data quantity of the second message in a session table.
7. The method as recited in claim 4, further comprising:
detecting an entry of a session table, and deleting an invalid entry, wherein the time difference between the core time recorded by the invalid entry and the current core time is larger than a preset time difference threshold value.
8. The method as recited in claim 4, further comprising:
and closing the communication connection between the sender and the receiver under the condition that the second message is sent and the response message corresponding to the second message is not received after the preset time length.
9. The method of claim 4, wherein adjusting the sequence number of the third message received after feeding back the second message according to the sequence number offset to obtain the adjusted sequence number of the third message, comprises:
determining diagnosis task information of a total task for adjusting a message sequence number, wherein the diagnosis task information comprises a single task number for forming the total task, a currently executed single task index number, a serial number and a bit-by-bit identification of each single task for forming the total task, and the initial value of the currently executed single task index number is 0;
And sequentially executing the single tasks forming the total task according to the serial numbers and the bit-by-bit identifiers of the single tasks so as to adjust the serial numbers of the obtained third messages and obtain the serial numbers of the adjusted third messages.
10. An apparatus for processing a message, comprising:
the obtaining unit is used for obtaining the first message;
a processing unit for:
discarding the first message and feeding back a second message to the sender of the first message under the condition that the first message is determined to be an unsafe message, wherein the second message characterizes the basis that the first message is determined to be the unsafe message;
after discarding the first message, closing the communication connection between the sender and the receiver under the condition that the transmission layer protocol of the first message is determined to be the target communication protocol, or adjusting a third message to maintain the communication connection between the sender and the receiver, wherein the third message is a message received after feeding back the second message;
and the sending unit is used for sending the first message to a receiving party of the first message under the condition that the first message is determined to be the safety message.
CN202311720618.0A 2023-12-14 2023-12-14 Method and device for processing message Pending CN117692222A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311720618.0A CN117692222A (en) 2023-12-14 2023-12-14 Method and device for processing message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311720618.0A CN117692222A (en) 2023-12-14 2023-12-14 Method and device for processing message

Publications (1)

Publication Number Publication Date
CN117692222A true CN117692222A (en) 2024-03-12

Family

ID=90126138

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311720618.0A Pending CN117692222A (en) 2023-12-14 2023-12-14 Method and device for processing message

Country Status (1)

Country Link
CN (1) CN117692222A (en)

Similar Documents

Publication Publication Date Title
US9923984B2 (en) Methods, systems, and computer readable media for remote authentication dial in user service (RADIUS) message loop detection and mitigation
US8155137B2 (en) Method and system for transmitting a multicast stream over a data exchange network
US7472411B2 (en) Method for stateful firewall inspection of ICE messages
CN1938982B (en) Method and apparatus for preventing network attacks by authenticating internet control message protocol packets
US6415313B1 (en) Communication quality control system
US7107609B2 (en) Stateful packet forwarding in a firewall cluster
US20080250496A1 (en) Frame Relay Device
US8732817B2 (en) Switching hub, a system, a method of the switching hub and a program thereof
CN110191066B (en) Method, equipment and system for determining maximum transmission unit (PMTU)
CN108881328B (en) Data packet filtering method and device, gateway equipment and storage medium
US20130294449A1 (en) Efficient application recognition in network traffic
CN106576108B (en) Communication method, equipment and system in communication system
US10834052B2 (en) Monitoring device and method implemented by an access point for a telecommunications network
US8739270B1 (en) Trusted, cross domain information sharing between multiple legacy and IP based devices
US20060013221A1 (en) Method for securing communication in a local area network switch
CN101227287B (en) Data message processing method and data message processing equipment
CN102045307B (en) Method for managing network equipment and corresponding network system
CN108064441B (en) Method and system for accelerating network transmission optimization
JP2003179647A (en) Packet transfer device and packet transfer method
CN117692222A (en) Method and device for processing message
CN113472736B (en) Method, device, equipment and readable medium for transmitting data of internal and external networks
CN1822565A (en) Network with MAC table overflow protection
US20040230830A1 (en) Receiver, connection controller, transmitter, method, and program
CN110809033B (en) Message forwarding method and device and switching server
US20040228357A1 (en) Receiver, connection controller, transmitter, method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination