WO2017118428A1 - Method and apparatus for realizing message error detection - Google Patents

Method and apparatus for realizing message error detection Download PDF

Info

Publication number
WO2017118428A1
WO2017118428A1 PCT/CN2017/070505 CN2017070505W WO2017118428A1 WO 2017118428 A1 WO2017118428 A1 WO 2017118428A1 CN 2017070505 W CN2017070505 W CN 2017070505W WO 2017118428 A1 WO2017118428 A1 WO 2017118428A1
Authority
WO
WIPO (PCT)
Prior art keywords
packet
message
outgoing
specific part
inbound
Prior art date
Application number
PCT/CN2017/070505
Other languages
French (fr)
Chinese (zh)
Inventor
王艺霖
刘娟
骆文
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017118428A1 publication Critical patent/WO2017118428A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/80Actions related to the user profile or the type of traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0823Errors, e.g. transmission errors

Definitions

  • the present disclosure relates to the field of data communications, for example, to a method and apparatus for implementing message error detection.
  • Network devices such as the Broadband Remote Access Server (BRAS) device, the core router device, the core switch device, and the third are widely used in networks such as the carrier network, the enterprise network, and the Internet network.
  • Layer switch devices and various optical network devices operate an Internet Protocol (IP) that interconnects networks and build a world based on IP network protocols by interconnecting them.
  • IP Internet Protocol
  • Some message fields should not change when the message is transmitted through the network device, but a packet error may occur during the message transmission.
  • IP Internet Protocol
  • IP Internet Protocol
  • the IP link problem causes the packet field that should not be changed to change between the area A and the area B, causing packet errors and affecting normal communication.
  • the above system problem may be caused by the failure of the system software or hardware, or the external environment affecting the system performance (such as electromagnetic interference) and other factors affecting the normal transmission of the message. If the message field that should not be changed is changed, for example, the IP address field is modified, the message will be delivered to the wrong destination address, and finally discarded as a bad packet, affecting the normal communication of the network.
  • the present disclosure provides a method and apparatus for implementing packet error detection, which can determine whether an error occurs in a packet and determine whether a network device is normal when the network size is increased.
  • the present disclosure provides a method for implementing packet error detection, including:
  • the detected network is a network composed of one or more network devices.
  • the obtaining and distinguishing the inbound packet and the outgoing packet transmitted by the detected network includes:
  • obtaining and distinguishing between the inbound packet and the outgoing packet transmitted by the detected network includes:
  • the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
  • the network device is an optical port device
  • the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
  • the method further includes:
  • the inbound packet and the outgoing packet to which the flow direction information is added are encapsulated;
  • the method further includes: encapsulating the inbound packet containing the flow direction information and encapsulating the flow direction information The outgoing message is decapsulated.
  • the encapsulating the inbound packet and the outbound packet that respectively add the corresponding flow direction information includes: performing a universal routing encapsulation GRE or a user on the inbound packet and the outgoing packet respectively respectively adding the corresponding flow direction information.
  • Datagram Protocol UDP encapsulation includes: performing a universal routing encapsulation GRE or a user on the inbound packet and the outgoing packet respectively respectively adding the corresponding flow direction information.
  • the matching by the specific part of the inbound message with the specific part of the outgoing message, includes:
  • the feature values of the content of the specific part of the outgoing message are matched.
  • the method before the matching the specific part of the inbound message with the specific part of the outgoing message, the method further includes:
  • the method before the matching the specific part of the inbound message with the specific part of the outgoing message, the method further includes at least one of the following:
  • the matching by the specific part of the inbound message with the specific part of the outgoing message, includes:
  • the specific part of the inbound message that is at least one of the source address and the destination address is matched with the specific part of the outgoing message;
  • the source address of the incoming packet When in the NAT scenario, the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, and the local address in the NAT scenario. And the global address mapping entry, determining the source address and the destination address of the obtained inbound packet and the outgoing packet, and selecting the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. And matching a specific part of the incoming message with a specific part of the outgoing message.
  • the method further includes: a content of a distinguishing field included in a specific part of the incoming packet and a specific part of the outgoing packet Contains the content of the distinguishing field to learn the message;
  • the packet does not have an error; if the incoming report is in the result of the packet learning If the distinguishing field included in the specific part of the text does not match the distinguishing field included in the specific part of the outgoing message, the specific part of the incoming message is matched with the specific part of the outgoing message, and the packet is determined. Is it wrong?
  • the distinguishing field includes at least one of the following: a protocol, a message length, and a flag bit.
  • the method further includes: adjusting, according to the packet that determines the error, the network device involved in the error message.
  • the application also provides an apparatus for implementing packet error detection, including:
  • An obtaining unit configured to acquire and distinguish between an inbound message and an outgoing message transmitted by the detected network
  • the matching analysis unit is configured to match a specific part of the inbound message with a specific part of the outgoing message to determine whether the message is in error;
  • the detected network is a network composed of one or more network devices.
  • the obtaining unit is configured to
  • the obtaining unit is configured to
  • the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
  • the network device is an optical port device
  • the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
  • the device further includes an encapsulating unit, configured to add an inbound message and an outgoing message to the flow direction information when the corresponding inbound message is added to the inbound message and the outgoing message respectively.
  • an encapsulating unit configured to add an inbound message and an outgoing message to the flow direction information when the corresponding inbound message is added to the inbound message and the outgoing message respectively.
  • a decapsulation unit configured to: before the matching the specific part of the inbound message with the specific part of the outgoing message, the inbound message containing the flow direction information and the encapsulated outgoing direction including the flow direction information The message is decapsulated.
  • the matching analysis unit is set to,
  • the extracted feature value of the content of the specific portion of the incoming message is matched with the extracted feature value of the content of the specific portion of the outgoing message.
  • the device further includes a first filtering unit, configured to filter the outgoing report that is sent by the detected network before the specific part of the incoming packet is matched with the specific part of the outgoing packet. And an inbound message sent to the detected network.
  • a first filtering unit configured to filter the outgoing report that is sent by the detected network before the specific part of the incoming packet is matched with the specific part of the outgoing packet. And an inbound message sent to the detected network.
  • the apparatus further includes: a second filtering unit, configured to filter the reported network multicast transmission report before the specific part of the inbound message is matched with the specific part of the outgoing message And at least one of the messages transmitted by the detected network broadcast.
  • a second filtering unit configured to filter the reported network multicast transmission report before the specific part of the inbound message is matched with the specific part of the outgoing message And at least one of the messages transmitted by the detected network broadcast.
  • the matching analysis unit is set to,
  • the specific part of the inbound message that is at least one of the source address and the destination address is matched with the specific part of the outgoing message;
  • the global address mapping entry determines the source address and the destination address of the obtained inbound packet and the outgoing packet, and selects the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. Performing a match between a specific portion of the incoming message and a specific portion of the outgoing message.
  • the device further includes a message learning unit, configured to: when the message transmitted by the detected network is a common message, the content of the distinguishing field included in the specific part of the incoming message and the The message learning is performed on the content of the distinguishing field included in the specific part of the outgoing message;
  • the matching analysis unit is further configured to determine that the packet does not have an error if the distinguishing field included in the specific part of the incoming packet and the distinguishing field included in the specific part of the outgoing packet are matched in the result of the packet learning; In the result of the packet learning, the distinguishing field included in the specific part of the incoming message and the distinguishing field included in the specific part of the outgoing message do not match, and the specific part of the incoming message and the outgoing report are A specific part of the text is matched to determine if the message is in error.
  • the device further includes an adjusting unit, configured to determine, according to the matching analysis unit, an error message, and adjust the network device involved in the error message.
  • an adjusting unit configured to determine, according to the matching analysis unit, an error message, and adjust the network device involved in the error message.
  • the present disclosure provides a non-transitory computer readable storage medium storing computer executable instructions, the computer executable instructions being set to any of the above methods for implementing message error detection.
  • the disclosure also provides a network device, including:
  • At least one processor At least one processor
  • the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform any of the methods described above for implementing message error detection.
  • the technical solution of the present application includes: obtaining and distinguishing between an inbound packet and an outgoing packet transmitted by the detected network; matching a specific part of the inbound packet with a specific part of the outgoing packet to determine whether the packet is in error, wherein
  • the detection network is a network of one or more network devices.
  • the method of the present disclosure determines whether the message is erroneous by matching a specific part of the incoming message and a specific part of the outgoing message, thereby realizing error detection of the message of the error-detected network.
  • the network device is adjusted, and the communication of the network to be detected is timely adjusted to ensure the normal communication of the network.
  • FIG. 1 is a flowchart of a method for implementing packet error detection according to the present disclosure
  • FIG. 2 is a structural diagram of an apparatus for implementing packet error detection according to the present disclosure.
  • FIG. 3 is a flow chart of a method according to a first embodiment of the present disclosure
  • FIG. 4 is a flow chart of a method according to a second embodiment of the present disclosure.
  • FIG. 5 is a schematic diagram of a network topology of a packet passing through a detected network according to a third embodiment of the present disclosure
  • Figure 6 is a flow chart of a method according to a fourth embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of hardware of an electronic device according to the present disclosure.
  • FIG. 1 is a flowchart of a method for implementing packet error detection according to the present disclosure.
  • step 100 the inbound packet and the outgoing packet transmitted by the detected network are obtained and distinguished.
  • the detected network is a network composed of one or more network devices.
  • the inbound packet may be a packet received by the detected network, and the outgoing packet may be a packet sent by the detected network.
  • Obtaining and distinguishing between the inbound and outbound packets transmitted by the detected network may include:
  • the corresponding inbound and outbound packets are added to the inbound and outbound packets to distinguish between the inbound and outbound packets.
  • the disclosed method can also include:
  • the inbound packet and the outgoing packet are added to the flow direction information.
  • the method further includes: decapsulating the encapsulated inbound packet containing the flow direction information and the encapsulated outgoing packet containing the flow direction information.
  • the specific part of the inbound packet is a packet field that should not change in the incoming packet.
  • the specific part of the outgoing packet is a packet field that should not change in the outgoing packet.
  • the message field that should not change can be the source address, the destination address, or the packet length.
  • the encapsulation of the inbound and outbound packets respectively adding the corresponding flow information includes: performing Generic Routing Encapsulation on the inbound and outbound packets respectively adding the corresponding flow information.
  • GRE Generic Routing Encapsulation
  • UDP User Datagram Protocol
  • obtaining and distinguishing between the inbound packet and the outgoing packet transmitted by the detected network includes:
  • the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
  • the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
  • the electrical interface is a network cable interface
  • the optical interface is a fiber interface
  • step 110 a specific part of the incoming message is matched with a specific part of the outgoing message to determine whether the message is in error.
  • the matching may be that each field of a specific part of the inbound packet of the same network device is compared with each field of the specific part of the outgoing message, and each field of the specific part of the incoming message of the same network device and The match is successful if each field of the specific part of the outgoing message is the same.
  • the method of the present disclosure further includes: adjusting, according to the packet that determines the error, the network device involved in the error message.
  • the inbound packet and the outgoing packet are obtained by using the inbound interface and the outgoing interface to distinguish the inbound packet from the outgoing packet.
  • Matching a particular portion of the incoming message with a particular portion of the outgoing message may include:
  • the feature value of the content of the extracted specific portion of the incoming message is matched with the feature value of the content of the extracted specific portion of the outgoing message.
  • the method of the disclosure may further include:
  • the method of the present disclosure further includes at least one of the following before matching a particular portion of the incoming message with a particular portion of the outgoing message:
  • the outgoing packets sent by the detected network and the incoming packets sent to the detected network can be differentiated and identified by the following methods:
  • the destination address is used to determine whether it is an inbound message sent to the detected network.
  • Matching a specific part of the incoming message with a specific part of the outgoing message includes:
  • NAT non-network address translation
  • the address mapping entry determines the source address and the destination address of the obtained inbound packet and the outgoing packet, and selects the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. A match between a particular portion of the message and a particular portion of the outgoing message.
  • the method of the disclosure may further include: performing packet learning on the content of the distinguishing field included in the specific part of the incoming packet and the content of the distinguishing field included in the specific part of the outgoing packet. ;
  • the distinguishing field included in the specific part of the incoming packet and the distinguishing field included in the specific part of the outgoing packet match in the result of the packet learning, it is determined that the packet does not have an error; if the result of the packet learning is Determining that the distinguishing field included in the specific part of the packet does not match the distinguishing field included in the specific part of the outgoing message, and matching the specific part of the incoming message with the specific part of the outgoing message , to determine if the message is wrong.
  • the common packets include the address resolution protocol (ARP) packet, the IP packet, the PING protocol packet, the transmission control protocol (TCP) packet, and the UDP packet.
  • ARP address resolution protocol
  • IP IP packet
  • PING protocol PING protocol packet
  • TCP transmission control protocol
  • UDP UDP packet
  • the distinguishing field may include at least one of the following: a protocol, a message length, and a flag bit.
  • the method of the present disclosure determines whether the message is erroneous by matching a specific part of the incoming message and a specific part of the outgoing message, thereby realizing error detection of the message of the error-detected network.
  • the network device is adjusted, and the communication of the network to be detected is timely adjusted to ensure the normal communication of the network.
  • the apparatus includes: an obtaining unit and a matching analyzing unit.
  • the obtaining unit is configured to acquire and distinguish the inbound packet and the outgoing packet transmitted by the detected network.
  • the acquisition unit can also be set to,
  • the corresponding inbound and outbound packets are added to the inbound and outbound packets to distinguish between the inbound and outbound packets.
  • the acquisition unit can also be set to,
  • the network device of the detected network is configured to copy the inbound packet and the outgoing packet transmitted by the detected network.
  • the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
  • the disclosed apparatus also includes a package unit and a decapsulation unit.
  • the encapsulation unit When the encapsulation unit is configured to add the corresponding flow direction information to the incoming inbound packet and the outgoing packet respectively, the encapsulation packet and the outgoing packet are added to the flow direction information.
  • the decapsulation unit is configured to decapsulate the encapsulated inbound packet containing the flow direction information and the encapsulated outgoing message including the flow direction information before the specific part of the incoming packet is matched with the specific part of the outgoing packet. .
  • the detected network is a network composed of one or more network devices.
  • the matching analysis unit is configured to match the inbound and outgoing messages in the incoming message to determine whether the packet is in error.
  • the matching analysis unit may be further configured to match the content of the specific part of the incoming message with the content of the specific part of the outgoing message;
  • the feature value of the content of the extracted specific portion of the incoming message is matched with the feature value of the content of the extracted specific portion of the outgoing message.
  • the matching analysis unit may be further configured to: when in a non-network address translation (NAT) scenario, match a specific portion of the same incoming message with at least one of the source address and the destination address with a specific portion of the outgoing message ;as well as
  • NAT non-network address translation
  • the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, and the local address and global address mapping in the NAT scenario determines the source address and the destination address of the inbound packet and the destination packet, and selects the inbound and outbound packets corresponding to the source and destination addresses of the mapping. Partial match to a specific part of the outgoing message.
  • the disclosed apparatus may also include a first filtration unit.
  • the first filtering unit is configured to filter the outgoing message actively sent by the detected network and the incoming message sent to the detected network before the specific part of the incoming message matches the specific part of the outgoing message.
  • the disclosed apparatus may also include a second filter unit.
  • the second filtering unit is configured to filter at least one of the packet transmitted by the detected network multicast and the packet transmitted by the detected network before the matching of the specific part of the incoming message with the specific part of the outgoing message.
  • Kind of message is configured to filter at least one of the packet transmitted by the detected network multicast and the packet transmitted by the detected network before the matching of the specific part of the incoming message with the specific part of the outgoing message.
  • the disclosed apparatus may also include a message learning unit.
  • the packet learning unit is configured to perform packet learning on the content of the distinguishing field included in the specific part of the incoming packet and the content of the distinguishing field included in the specific part of the outgoing packet when the packet transmitted by the detected network is a common packet.
  • the matching analysis unit may be further configured to determine that the packet does not have an error if the distinguishing field included in the specific part of the incoming packet and the specific part included in the specific part of the outgoing packet are matched in the result of the packet learning;
  • the distinguishing field included in the specific part of the incoming message and the distinguishing field included in the specific part of the outgoing message do not match, and the specific part of the incoming message and the specific part of the outgoing message Partially match to determine if the message is in error.
  • the disclosed apparatus may also include an adjustment unit.
  • the adjusting unit is configured to determine an error message according to the matching analysis unit, and adjust the network device involved in the error message.
  • the detected network when the packet is detected, may be a network composed of one or more network devices, and the network device may be a router or a switch.
  • the detected network is a network composed of a single network device, and the network device includes a first interface and a second interface.
  • the inbound and outbound packets of the first interface and the second interface of the network device are distinguished.
  • the packet entering the network device may be copied from the first interface and the second interface, and the packet transmitted through the network device is copied from the first interface and the second interface.
  • the corresponding inbound interface and the outgoing interface may be set on the device that detects the error in the disclosure packet, and the copied inbound packet and the outgoing packet are separated and transmitted to the incoming interface through the set inbound interface and the outgoing interface.
  • the device for detecting errors In this embodiment, the network device can also be set on the device for error detection of the message.
  • the corresponding inbound interface and the outgoing interface of the different interfaces that is, the first inbound interface that receives the inbound packet and the inbound packet copied from the first interface and the packet that is copied out from the first interface are received on the packet error detecting device.
  • An outgoing interface configured to receive a second incoming interface that receives the inbound packet copied from the second interface, and receives the second outgoing interface that is copied from the second interface to the second interface; when the interface of the network device increases, the packet is detected incorrectly.
  • the inbound interface and the outbound interface that are set to correspond to the network device interface on the device are also correspondingly increased.
  • 3 is a flow chart of a method of the first embodiment of the present disclosure.
  • step 300 the inbound message received by the network device and the outgoing outgoing message are copied.
  • the network device can be configured to copy the inbound packets flowing into the first interface and the second interface, and the outgoing packets from the first interface and the second interface.
  • the network device is an optical interface device, the inbound packets that flow into the first interface and the second interface are split and replicated on the optical splitter, and the outgoing packets of the first interface and the second interface are split and copied.
  • the inbound packet and the outgoing packet may be distinguished by adding the flow direction information to the transmitted packet. For example, You can add a flow label, a flow direction identifier, or a flow direction attribute field to the transmitted message.
  • the method in this embodiment may further include: encapsulating an inbound packet and an outgoing packet to which the flow direction information is added, and encapsulating the inbound packet, when the corresponding inbound packet is added to the inbound packet and the outgoing packet.
  • the encapsulated incoming message containing the flow direction information and the encapsulated outgoing message containing the flow direction information are decapsulated.
  • the encapsulation method in this embodiment may be a GRE or UDP encapsulation or the like.
  • step 310 a specific part of the incoming message is matched with a specific part of the outgoing message to determine whether the message is in error.
  • the specific part of the incoming packet and the specific part of the outgoing packet are from the inflow network device to the outgoing network device, and the content of the specific part and the content of the specific part are not allowed. Changed. If there is no link problem in the network, the content of the specific part of the incoming message is the same as the content of the specific part of the outgoing message. If the content of a specific part is consistent with the content of a specific part, the match is passed, and it is determined that no error has occurred in the message.
  • the content of a specific part of the incoming message transmitted by the network device and the content of the specific part of the outgoing message should be [0x10, 0x20, 0x30], and the device that detects the error of the packet obtains the specificity of an incoming message.
  • the content of the part is [0x10, 0x20, 0x30]
  • the device that detects the error of the packet cannot match the outgoing packet with the same part of the incoming packet, and determines that the packet has an error.
  • Different types of packets may be different in the specific part of the packet when the network device transmits.
  • the changed part refers to the content of the packet except the specific part, such as the time-to-live value (TTL) field of the IP packet.
  • TTL time-to-live value
  • Matching a particular portion of the incoming message with a particular portion of the outgoing message may be a comparison of the content of the particular portion of the incoming message with the content of the particular portion of the outgoing message. For example, loading the content of a particular portion of the incoming message into the first list loads the content of the particular portion of the outgoing message into the second list.
  • the content of a specific part and the content of a specific part may be loaded into the list according to time sorting, and when the specific part of the same time is compared with the specific part, the content of the specific part of the outgoing message in the second list is extracted one by one.
  • the content of a specific part of the inbound message in a list is matched, and if the matching is successful, it is determined that the message does not have an error. If the specific part of the outgoing message in the second list does not match the content of the specific part of the inbound message that is the same as the specific part of the outgoing message, the packet is determined to have an error.
  • the method in this embodiment may also perform matching by extracting content of a specific part of the incoming message in the first list and a specific part of the second list.
  • the matching of the specific part of the incoming message with the specific part of the outgoing message may also be performed by extracting the feature value separately from the content of the specific part of the incoming message and the content of the specific part of the outgoing message, and then extracting the incoming direction
  • the feature value of the content of the specific part of the message is matched with the feature value of the content of the outgoing message part, and the matching of the feature value is determined to determine whether the specific part of the incoming message is the same as the specific part of the outgoing message, and the feature value is adopted.
  • the method of matching can improve the efficiency of the matching process.
  • the eigenvalues of the packets and the packets are in the matching process.
  • the hash calculation is used as an example.
  • the eigenvalues corresponding to the packets and packets can pass the VALUE and KEY values of the packets in the hash table.
  • the storage is performed separately, and the VALUE value is successfully matched according to the matching of the KEY value, thereby determining that the message is successfully matched.
  • the method of extracting the feature value may be implemented by calculating a hash value.
  • the eigenvalues of the packets transmitted by the detected network are extracted, and the inbound packets and the outgoing packets are distinguished by the eigenvalues, and the eigenvalues are matched to determine whether the packets have errors.
  • the method in this embodiment further includes:
  • At least one of the packet length, the source address, the destination address, the source port, and the destination port is matched as a feature value.
  • At least one of the packet length, the source address, the destination address, the source port, and the destination port is used as the feature value for matching.
  • the transmission control protocol (TCP) packet or the user datagram protocol (UDP) packet can be matched by using at least one of the source port and the destination port as the feature value.
  • TCP transmission control protocol
  • UDP user datagram protocol
  • the packet may be segmented and hashed, and the hash value calculated by the segmentation may be used as the feature value of the packet, and may be performed according to the feature value. A match between a specific part of the incoming message and a specific part of the outgoing message.
  • the obtained outgoing packet and the incoming packet may be delayed.
  • the time of the obtained outgoing packet may be earlier than the time when the incoming packet is obtained.
  • the method of the disclosure may further include: after the preset duration, re-entry the incoming packet. A match between a particular part of the text and a particular part of the outgoing message.
  • the method in this embodiment may further include sending the outgoing packet sent by the network device and the incoming report sent to the network device.
  • the text is distinguished by exclusion.
  • the outbound packet sent by the network device can be an administrative maintenance packet.
  • the IP address can be used as the management system address to determine whether the outgoing packet is an administrative maintenance packet.
  • the inbound packet sent to the detected device itself may be a packet sent by the management system to the network device. At this time, it is determined whether the incoming packet is a packet sent by the management system to the network device according to the destination address, for example, the IP address is an IP address of the network device itself.
  • the apparatus for error detection of the message in this embodiment includes an obtaining unit and a matching analyzing unit, and the obtaining unit is connected to each interface of the detected network.
  • the detected network may be a network device or a network composed of two or more network devices. 4 is a flow chart of a method of a second embodiment of the present disclosure.
  • step 400 the acquiring unit acquires and distinguishes the inbound packet and the outgoing packet transmitted by the detected network.
  • step 410 the acquiring unit performs feature value extraction on the specific part of the obtained inbound message and the specific part of the outgoing message.
  • step 420 the acquiring unit extracts the feature value and the outgoing message extracted from the specific part of the incoming message.
  • the feature values extracted by the specific part are sent to the matching analysis unit.
  • the acquiring unit may obtain the feature value of the packet of each interface, and extract the feature value of the content of the specific part of the incoming message and the feature value of the content of the specific part of the outgoing message. The value is sent to the matching analysis unit.
  • the flow direction information may be added to the message.
  • the attribute data is added to the packet to identify the flow direction, and the packet after the identifier is added is encapsulated and transmitted.
  • step 430 the analysis matching unit matches the feature value of the content of the specific part of the received incoming message with the feature value extracted by the content of the specific part of the outgoing message to determine whether the message has an error.
  • FIG. 5 is a schematic diagram of a network topology of a packet passing through a detected network according to a third embodiment of the present disclosure.
  • the packet flow direction includes the area A to the area B, the area A to the area C, the area B to the area A, and the area C to the area A.
  • the packet needs to match when the packet flows to the source and destination addresses as an example to match the specific part of the incoming packet with the specific part of the outgoing packet.
  • the incoming packet is filtered according to the source address and the destination address of the outgoing packet, and the inbound packet with the same source address and destination address is obtained after the outgoing packet is sent to the specific part of the incoming packet.
  • the source address and destination address are copied to the inbound interface and the outbound interface of the analysis matching unit.
  • the local address and global address mapping entries in the NAT scenario are modified. Therefore, the source address and destination address cannot be passed. Filtering in the same way. If you need to perform filtering, you can obtain the local address and global address mapping entries in the NAT scenario to obtain the inbound packets based on the mapping entries. Source and destination addresses before or after copying.
  • the message learning may learn a special distinguishing field in a specific part of the incoming message and a special distinguishing field in a specific part of the outgoing message.
  • the special distinguishing field may include at least one of a protocol, a message length, and a flag bit.
  • a large number of TCP SYN packets carry almost the same parameters, such as packet length and SYN flag.
  • SYN is the flag field of the TCP layer
  • SYN is the flag for establishing a connection.
  • the acquiring unit extracts at least one of the protocol, the packet length, and the flag bit; and extracts the specific part of the incoming message.
  • the distinguishing field and the distinguishing field extracted from the specific part of the outgoing packet are matched after the packet learning; the matching is successful, and the packet is not found to have an error; if the matching fails, the packet is not a common packet, and the first embodiment is used.
  • the method matches a specific part of the incoming message with a specific part of the outgoing message to determine whether the packet has an error.
  • Whether the packet learning of distinguishing fields can be determined according to the frequency and quantity of occurrence of such packets.
  • the message learning is automatically triggered once the part of the message is detected.
  • FIG. 6 is a flowchart of a method according to a fourth embodiment of the present disclosure. As shown in FIG. 6, the method includes:
  • step 600 the inbound packet and the outgoing packet transmitted by the detected network are obtained and distinguished.
  • the obtaining of the inbound message and the outgoing message may further include: acquiring the feature value of the incoming message and the feature value of the outgoing message, or copying the specific part of the incoming message and the specific part of the outgoing message.
  • the method of distinguishing the inbound and outbound packets can be implemented by using the inbound and outbound interfaces respectively through the corresponding inbound interface and the outgoing interface, or by adding flow information to the packet, for example, adding a differentiated flow. Property information is implemented.
  • step 610 a distinguishing field in a specific part of the incoming message and a specific part of the outgoing message is extracted, and packet learning is performed on the distinguished field.
  • step 620 the distinguishing fields of the packet learning are matched. If the matching is successful, step 630 is performed; if the matching fails, step 640 is performed.
  • step 630 it is determined that no error has occurred in the message.
  • step 640 a specific part of the incoming message and a specific part of the outgoing message are matched to determine whether the message has an error.
  • the inbound packet and the outgoing packet of the packet detection in this embodiment do not include the packet sent to the detected network and the packet sent by the detected network.
  • packet error detection processing is performed on a packet that is multicast-transmitted during the matching process or a packet that is transmitted by the broadcast. If the incoming packet and the outgoing packet are not multicast packets or broadcast packets, the network device will cause the outgoing packets of the multiple interfaces to be the same as the incoming packets. System network resources cause a lot of waste, and it is also easy to cause network congestion. Therefore, the case where the incoming message and the outgoing message are multicast-transmitted messages or broadcast-transmitted messages need to be distinguished from the case where the packets are erroneous.
  • the destination address and the mask information can be used to determine whether the inbound packet and the outgoing packet are multicast transmission packets or broadcast transmission packets.
  • the inbound packet and the outgoing packet are determined to be multicast, When a transmitted message or a broadcasted message is received, it is determined that the message is not error.
  • Mask information can be obtained through a configuration file. If it is determined that the inbound packet and the outgoing packet are neither the multicast transmission nor the broadcast transmission, the packet detection may be performed according to the technical solution of the disclosure, and the specific part of the incoming packet is When a specific part of the outgoing packet matches, the packet can be judged to be an error message.
  • the present disclosure also provides a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of implementing message error detection in any of the above embodiments.
  • the present disclosure also provides a hardware structure diagram of an electronic device.
  • the electronic device includes:
  • the processor 701, the communication interface 704, and the memory 703 can complete communication with each other through the bus 703.
  • Communication interface 704 can be used for information transfer.
  • the processor 701 can call logic instructions in the memory 702 to perform the above method.
  • logic instructions in the memory 702 described above may be implemented in the form of software functional units and sold or used as separate products, and may be stored in a computer readable storage medium.
  • the memory 702 is a computer readable storage medium that can be configured to store software programs, calculations The machine executable program, such as the program instruction or module corresponding to the method in the embodiment of the present disclosure.
  • the processor 701 performs a function application and data processing by executing a software program, an instruction, or a module stored in the memory 702, that is, a method of implementing message error detection.
  • the memory 702 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal device, and the like. Further, the memory 702 may include a high speed random access memory, and may also include a nonvolatile memory.
  • the technical solution of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) Performing all or part of the steps of the method of the embodiments of the present disclosure.
  • the foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read only memory (Read Only Memory ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
  • the method and device for implementing packet error detection determine whether a packet is in error by matching a specific part of an incoming message with a specific part of an outgoing message, and realizing error detection of a packet of the error-detected network. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed are a method and apparatus for realizing message error detection. The method comprises: acquiring and distinguishing an inbound message and an outbound message transmitted by a detected network; and matching a specific part of the inbound message with a specific part of the outbound message, so as to determine whether the messages have an error, wherein the detected network is a network composed of one or more network devices.

Description

实现报文检错的方法及装置Method and device for realizing message error detection 技术领域Technical field
本公开涉及数据通信领域,例如涉及一种实现报文检错的方法及装置。The present disclosure relates to the field of data communications, for example, to a method and apparatus for implementing message error detection.
背景技术Background technique
在运行商网络、企业网络以及互联网网络等网络中涉及种类和数量都十分庞大的网络设备,例如:宽带远程接入服务器(Broadband Remote Access Server,BRAS)设备、核心路由器设备、核心交换机设备、三层交换机设备和多种光网络设备等。这些网络设备运行网络之间互连的协议(Internet Protocol,IP),通过相互连接构建了一个基于IP网络协议的世界。报文经过网络设备传输时部分报文字段是不应发生变化的,而在报文传输过程中则可能发生报文错误的情况。以企业网络为例,假设存在区域A与区域B的通信链路,和,区域A与区域C的通信链路,区域A和区域B之间的通信链路由于路由器或交换机的丢包率高、系统问题等IP链路问题使不应发生变化的报文字段在区域A和区域B之间传输时发生了变化,造成报文错误,影响正常通信。上述系统问题可能是系统软件或硬件存在故障、或外部环境影响系统工作性能(比如电磁干扰)等影响报文正常传输。如果不应发生变化的报文字段被改变,例如IP地址字段被修改,则报文会被投递到错误的目的地址,最终作为坏包丢弃,影响网络的正常通信。Network devices such as the Broadband Remote Access Server (BRAS) device, the core router device, the core switch device, and the third are widely used in networks such as the carrier network, the enterprise network, and the Internet network. Layer switch devices and various optical network devices. These network devices operate an Internet Protocol (IP) that interconnects networks and build a world based on IP network protocols by interconnecting them. Some message fields should not change when the message is transmitted through the network device, but a packet error may occur during the message transmission. Taking the enterprise network as an example, it is assumed that there is a communication link between area A and area B, and a communication link between area A and area C, and the communication link between area A and area B has a high packet loss rate due to the router or the switch. The IP link problem, such as the system problem, causes the packet field that should not be changed to change between the area A and the area B, causing packet errors and affecting normal communication. The above system problem may be caused by the failure of the system software or hardware, or the external environment affecting the system performance (such as electromagnetic interference) and other factors affecting the normal transmission of the message. If the message field that should not be changed is changed, for example, the IP address field is modified, the message will be delivered to the wrong destination address, and finally discarded as a bad packet, affecting the normal communication of the network.
当网络规模不大时,发现错误报文后,可以由经验丰富的技术人员根据经验判断网络设备可能存在的问题,通过重启可能存在问题的网络设备、重新进行网络连接、或更换网络设备等方法解决报文出错问题。当网络规模增大到一定程度时,发现错误报文和基于错误报文依据经验判断网络设备是否存在问题的准确程度将大大降低,解决错误报文问题需要进行多次尝试,而每次尝试都可能造成网络彻底中断,影响网络的正常通信。对于规模庞大的互联网网络,发现错误报文和依据经验确定出现问题的网络设备更为困难。When the network size is small, after an error packet is found, an experienced technician can judge the possible problems of the network device based on experience, restart the network device that may have problems, re-connect the network, or replace the network device. Solve the problem of message errors. When the network size increases to a certain extent, the accuracy of the error message and the error message based on experience to determine whether the network device has a problem will be greatly reduced. The problem of solving the error message needs to be tried multiple times, and each attempt is made. It may cause the network to be completely interrupted and affect the normal communication of the network. For large-scale Internet networks, it is more difficult to find error messages and determine network devices that have problems based on experience.
发明内容Summary of the invention
本公开提供一种实现报文检错的方法及装置,能够在网络规模增大的情况下,确定报文是否发生错误和判断网络设备是否正常。 The present disclosure provides a method and apparatus for implementing packet error detection, which can determine whether an error occurs in a packet and determine whether a network device is normal when the network size is increased.
本公开提供了一种实现报文检错的方法,包括:The present disclosure provides a method for implementing packet error detection, including:
获取并区分被检测网络传输的入向报文和出向报文;以及Obtaining and distinguishing between the inbound packet and the outgoing packet transmitted by the detected network;
将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错;Matching a specific part of the inbound message with a specific part of the outgoing message to determine whether the message is in error;
其中,所述被检测网络为由一个或一个以上网络设备构成的网络。The detected network is a network composed of one or more network devices.
可选的,所述获取并区分被检测网络传输的入向报文和出向报文包括:Optionally, the obtaining and distinguishing the inbound packet and the outgoing packet transmitted by the detected network includes:
通过预先设置的入向接口接收从传输接口复制的所述入向报文,通过预先设置的出向接口接收从传输接口复制的所述出向报文;或,Receiving, by the preset inbound interface, the inbound packet copied from the transmission interface, and receiving the outgoing packet copied from the transmission interface by using a preset outgoing interface; or
获取从传输接口复制的所述入向报文和从传输接口复制的所述出向报文时,对获取的所述入向报文和所述出向报文分别添加相应的流向信息,以区分所述入向报文和所述出向报文。And obtaining, when the inbound packet copied from the transmission interface and the outgoing packet copied from the transmission interface, adding corresponding flow direction information to the obtained incoming packet and the outgoing packet, respectively, to distinguish Describe the incoming message and the outgoing message.
可选的,获取并区分被检测网络传输的入向报文和出向报文包括:Optionally, obtaining and distinguishing between the inbound packet and the outgoing packet transmitted by the detected network includes:
当所述网络设备为电口设备时,通过对所述被检测网络的网络设备进行配置,复制所述被检测网络传输的入向报文和出向报文;When the network device is an electrical interface device, the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
当所述网络设备为光口设备时,通过所述被检测网络的分光器,对所述被检测网络传输的入向报文和出向报文进行分光复制。And when the network device is an optical port device, the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
可选的,所述方法还包括:Optionally, the method further includes:
对获取的所述入向报文和所述出向报文分别添加相应的流向信息时,对添加所述流向信息的入向报文和出向报文进行封装;以及When the corresponding flow direction information is added to the obtained inbound packet and the outgoing packet respectively, the inbound packet and the outgoing packet to which the flow direction information is added are encapsulated;
所述对入向报文的特定部分与所述出向报文的特定部分进行匹配前,所述方法还包括:对封装的包含所述流向信息的入向报文和封装的包含所述流向信息的出向报文进行解封装。Before the matching of the specific part of the inbound packet with the specific part of the outgoing message, the method further includes: encapsulating the inbound packet containing the flow direction information and encapsulating the flow direction information The outgoing message is decapsulated.
可选的,所述对分别添加相应的流向信息的入向报文和出向报文进行封装包括:对分别添加相应的流向信息的入向报文和出向报文分别进行通用路由封装GRE或用户数据报协议UDP封装。Optionally, the encapsulating the inbound packet and the outbound packet that respectively add the corresponding flow direction information includes: performing a universal routing encapsulation GRE or a user on the inbound packet and the outgoing packet respectively respectively adding the corresponding flow direction information. Datagram Protocol UDP encapsulation.
可选的,所述将所述入向报文的特定部分与所述出向报文的特定部分进行匹配包括:Optionally, the matching, by the specific part of the inbound message with the specific part of the outgoing message, includes:
将所述入向报文的特定部分的内容与所述出向报文的特定部分的内容进行 匹配;或,Performing content of a specific portion of the incoming message with content of a specific portion of the outgoing message Match; or,
提取所述入向报文的特定部分的内容的特征值和所述出向报文的特定部分的内容的特征值;以及将提取的所述入向报文的特定部分的内容的特征值与提取的所述出向报文的特定部分的内容的特征值进行匹配。Extracting a feature value of the content of the specific portion of the incoming message and a feature value of the content of the specific portion of the outgoing message; and extracting the extracted feature value of the content of the specific portion of the incoming message The feature values of the content of the specific part of the outgoing message are matched.
可选的,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,所述方法还包括:Optionally, before the matching the specific part of the inbound message with the specific part of the outgoing message, the method further includes:
过滤所述被检测网络主动发出的出向报文和发送给所述被检测网络的入向报文。And filtering an outgoing packet sent by the detected network and an incoming packet sent to the detected network.
可选的,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,该方法还包括以下至少之一:Optionally, before the matching the specific part of the inbound message with the specific part of the outgoing message, the method further includes at least one of the following:
过滤所述被检测网络组播传输的报文;以及Filtering the packet transmitted by the detected network multicast; and
过滤所述被检测网络广播传输的报文。Filtering the message transmitted by the detected network broadcast.
可选的,所述将所述入向报文的特定部分与所述出向报文的特定部分进行匹配包括:Optionally, the matching, by the specific part of the inbound message with the specific part of the outgoing message, includes:
当处于非网络地址转换NAT场景时,对源地址和目的地址中至少一个相同的所述入向报文的特定部分与所述出向报文的特定部分进行匹配;When the non-network address translation NAT scenario is performed, the specific part of the inbound message that is at least one of the source address and the destination address is matched with the specific part of the outgoing message;
当处于NAT场景时,根据所述入向报文的源地址、所述入向报文的目的地址、所述出向报文的源地址、所述出向报文的目的地址、NAT场景中本地地址和全局地址映射条目,确定获取的所述入向报文和所述出向报文映射后的源地址和目的地址,选择确定的映射的源地址和目的地址对应的入向报文和出向报文,进行所述入向报文的特定部分与出向报文的特定部分的匹配。When in the NAT scenario, the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, and the local address in the NAT scenario. And the global address mapping entry, determining the source address and the destination address of the obtained inbound packet and the outgoing packet, and selecting the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. And matching a specific part of the incoming message with a specific part of the outgoing message.
可选的,当所述被检测网络传输的报文为常见报文时,所述方法还包括:对所述入向报文的特定部分包含的区分字段内容和所述出向报文的特定部分包含的区分字段内容进行报文学习;Optionally, when the packet transmitted by the detected network is a common packet, the method further includes: a content of a distinguishing field included in a specific part of the incoming packet and a specific part of the outgoing packet Contains the content of the distinguishing field to learn the message;
如果报文学习的结果中入向报文的特定部分包含的区分字段和出向报文的特定部分包含的区分字段匹配,确定报文未发生错误;如果报文学习的结果中所述入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段不匹配的,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错。 If the distinguishing field included in the specific part of the inbound packet and the distinguishing field included in the specific part of the outgoing packet match in the result of the packet learning, it is determined that the packet does not have an error; if the incoming report is in the result of the packet learning If the distinguishing field included in the specific part of the text does not match the distinguishing field included in the specific part of the outgoing message, the specific part of the incoming message is matched with the specific part of the outgoing message, and the packet is determined. Is it wrong?
可选的,所述区分字段包括以下至少之一:协议、报文长度和标志位。Optionally, the distinguishing field includes at least one of the following: a protocol, a message length, and a flag bit.
可选的,所述方法还包括:根据确定出错的报文,对错误报文涉及的网络设备进行调整。Optionally, the method further includes: adjusting, according to the packet that determines the error, the network device involved in the error message.
本申请还提供一种实现报文检错的装置,包括:The application also provides an apparatus for implementing packet error detection, including:
获取单元,设置为获取并区分被检测网络传输的入向报文和出向报文;以及An obtaining unit, configured to acquire and distinguish between an inbound message and an outgoing message transmitted by the detected network;
匹配分析单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错;The matching analysis unit is configured to match a specific part of the inbound message with a specific part of the outgoing message to determine whether the message is in error;
其中,所述被检测网络为由一个或一个以上网络设备构成的网络。The detected network is a network composed of one or more network devices.
可选的,所述获取单元设置为,Optionally, the obtaining unit is configured to
通过预先设置的入向接口接收从传输接口复制的所述入向报文,通过预先设置的出向接口接收从传输接口复制的所述出向报文;或,Receiving, by the preset inbound interface, the inbound packet copied from the transmission interface, and receiving the outgoing packet copied from the transmission interface by using a preset outgoing interface; or
获取从传输接口复制的所述入向报文和从传输接口复制的所述出向报文时,对获取的所述入向报文和所述出向报文分别添加相应的流向信息,以区分所述入向报文和所述出向报文。And obtaining, when the inbound packet copied from the transmission interface and the outgoing packet copied from the transmission interface, adding corresponding flow direction information to the obtained incoming packet and the outgoing packet, respectively, to distinguish Describe the incoming message and the outgoing message.
可选的,所述获取单元设置为,Optionally, the obtaining unit is configured to
当所述网络设备为电口设备时,通过对所述被检测网络的网络设备进行配置,复制所述被检测网络传输的入向报文和出向报文;以及When the network device is an electrical interface device, the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
当所述网络设备为光口设备时,通过所述被检测网络的分光器,对所述被检测网络传输的入向报文和出向报文进行分光复制。And when the network device is an optical port device, the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
可选的,多数装置还包括封装单元,设置为对获取的所述入向报文和所述出向报文分别添加相应的流向信息时,对添加流向信息的入向报文和出向报文进行封装;以及Optionally, the device further includes an encapsulating unit, configured to add an inbound message and an outgoing message to the flow direction information when the corresponding inbound message is added to the inbound message and the outgoing message respectively. Package;
解封装单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,对封装的包含流向信息的入向报文和封装的包含所述流向信息的出向报文进行解封装。And a decapsulation unit, configured to: before the matching the specific part of the inbound message with the specific part of the outgoing message, the inbound message containing the flow direction information and the encapsulated outgoing direction including the flow direction information The message is decapsulated.
可选的,匹配分析单元设置为,Optionally, the matching analysis unit is set to,
将所述入向报文的特定部分的内容与所述出向报文的特定部分的内容进行 匹配;或,Performing content of a specific portion of the incoming message with content of a specific portion of the outgoing message Match; or,
提取所述入向报文的特定部分的内容的特征值和所述出向报文的特定部分的内容的特征值;Extracting a feature value of the content of the specific part of the incoming message and a feature value of the content of the specific part of the outgoing message;
将提取的所述入向报文的特定部分的内容的特征值与提取的所述出向报文的特定部分的内容的特征值进行匹配。The extracted feature value of the content of the specific portion of the incoming message is matched with the extracted feature value of the content of the specific portion of the outgoing message.
可选的,所述装置还包括第一过滤单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,过滤所述被检测网络主动发出的出向报文和发送给所述被检测网络的入向报文。Optionally, the device further includes a first filtering unit, configured to filter the outgoing report that is sent by the detected network before the specific part of the incoming packet is matched with the specific part of the outgoing packet. And an inbound message sent to the detected network.
可选的,所述装置还包括第二过滤单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,过滤所述被检测网络组播传输的报文以及所述被检测网络广播传输的报文中的至少一种报文。Optionally, the apparatus further includes: a second filtering unit, configured to filter the reported network multicast transmission report before the specific part of the inbound message is matched with the specific part of the outgoing message And at least one of the messages transmitted by the detected network broadcast.
可选的,匹配分析单元设置为,Optionally, the matching analysis unit is set to,
当处于非网络地址转换NAT场景时,对源地址和目的地址中至少一个相同的所述入向报文的特定部分与所述出向报文的特定部分进行匹配;When the non-network address translation NAT scenario is performed, the specific part of the inbound message that is at least one of the source address and the destination address is matched with the specific part of the outgoing message;
处于NAT场景时,根据所述入向报文的源地址、所述入向报文的目的地址、所述出向报文的源地址、所述出向报文的目的地址、NAT场景中本地地址和全局地址映射条目,确定获取的所述入向报文和所述出向报文映射后的源地址和目的地址,选择确定的映射的源地址和目的地址对应的入向报文和出向报文,进行所述入向报文的特定部分与所述出向报文的特定部分的匹配。When the NAT is in the NAT scenario, the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, and the local address in the NAT scenario. The global address mapping entry determines the source address and the destination address of the obtained inbound packet and the outgoing packet, and selects the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. Performing a match between a specific portion of the incoming message and a specific portion of the outgoing message.
可选的,所述装置还包括报文学习单元,设置为当所述被检测网络传输的报文为常见报文时,对所述入向报文的特定部分包含的区分字段内容和所述出向报文的特定部分包含的区分字段内容进行报文学习;Optionally, the device further includes a message learning unit, configured to: when the message transmitted by the detected network is a common message, the content of the distinguishing field included in the specific part of the incoming message and the The message learning is performed on the content of the distinguishing field included in the specific part of the outgoing message;
所述匹配分析单元还设置为,如果报文学习的结果中入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段匹配,确定报文未发生错误;如果报文学习的结果中所述入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段不匹配,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错。The matching analysis unit is further configured to determine that the packet does not have an error if the distinguishing field included in the specific part of the incoming packet and the distinguishing field included in the specific part of the outgoing packet are matched in the result of the packet learning; In the result of the packet learning, the distinguishing field included in the specific part of the incoming message and the distinguishing field included in the specific part of the outgoing message do not match, and the specific part of the incoming message and the outgoing report are A specific part of the text is matched to determine if the message is in error.
可选的,所述装置还包括调整单元,设置为根据所述匹配分析单元确定出错的报文,对错误报文涉及的网络设备进行调整。 Optionally, the device further includes an adjusting unit, configured to determine, according to the matching analysis unit, an error message, and adjust the network device involved in the error message.
本公开提供一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为上述任一实现报文检错的方法。The present disclosure provides a non-transitory computer readable storage medium storing computer executable instructions, the computer executable instructions being set to any of the above methods for implementing message error detection.
本公开还提供了一种网络设备,包括:The disclosure also provides a network device, including:
至少一个处理器;以及At least one processor;
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein
所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行上述任一实现报文检错的方法。本申请技术方案包括:获取并区分被检测网络传输的入向报文和出向报文;将入向报文的特定部分与出向报文的特定部分进行匹配,确定报文是否出错,其中,被检测网络为由一个或一个以上网络设备构成的网络。本公开方法通过对入向报文的特定部分和出向报文的特定部分进行匹配,确定报文是否出错,实现对被检错网络的报文检错。同时,根据报文检错的结果,对网络设备进行调整,及时调整被检错网络的通信,保证了网络的正常通信。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform any of the methods described above for implementing message error detection. The technical solution of the present application includes: obtaining and distinguishing between an inbound packet and an outgoing packet transmitted by the detected network; matching a specific part of the inbound packet with a specific part of the outgoing packet to determine whether the packet is in error, wherein The detection network is a network of one or more network devices. The method of the present disclosure determines whether the message is erroneous by matching a specific part of the incoming message and a specific part of the outgoing message, thereby realizing error detection of the message of the error-detected network. At the same time, according to the result of the error detection of the message, the network device is adjusted, and the communication of the network to be detected is timely adjusted to ensure the normal communication of the network.
附图说明DRAWINGS
此处所说明的附图可以提供对本公开的理解,构成本申请的一部分,本公开的示意性实施例及其说明用于解释本公开,并不构成对本公开的限定。The accompanying drawings, which are set forth in the claims of the claims
图1为本公开实现报文检错的方法的流程图;1 is a flowchart of a method for implementing packet error detection according to the present disclosure;
图2为本公开实现报文检错的装置的结构程图。FIG. 2 is a structural diagram of an apparatus for implementing packet error detection according to the present disclosure.
图3为本公开第一实施例的方法流程图;3 is a flow chart of a method according to a first embodiment of the present disclosure;
图4为本公开第二实施例的方法流程图;4 is a flow chart of a method according to a second embodiment of the present disclosure;
图5为本公开第三实施例报文经过被检测网络的网络拓扑示意图;5 is a schematic diagram of a network topology of a packet passing through a detected network according to a third embodiment of the present disclosure;
图6为本公开第四实施例的方法流程图;以及Figure 6 is a flow chart of a method according to a fourth embodiment of the present disclosure;
图7为本公开电子设备的硬件结构示意图。FIG. 7 is a schematic structural diagram of hardware of an electronic device according to the present disclosure.
具体实施方式detailed description
为使本公开技术方案更加清楚明白,下文中将结合附图对本公开的实施例 进行说明。在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。In order to make the technical solutions of the present disclosure more clear, embodiments of the present disclosure will be hereinafter described with reference to the accompanying drawings. Be explained. The embodiments in the present application and the features in the embodiments may be arbitrarily combined with each other without conflict.
图1为本公开实现报文检错的方法的流程图。FIG. 1 is a flowchart of a method for implementing packet error detection according to the present disclosure.
在步骤100中,获取并区分被检测网络传输的入向报文和出向报文。其中,被检测网络为由一个或一个以上网络设备构成的网络。In step 100, the inbound packet and the outgoing packet transmitted by the detected network are obtained and distinguished. The detected network is a network composed of one or more network devices.
其中,入向报文可以是被检测网络接收的报文,出向报文可以是被检测网络发送的报文。The inbound packet may be a packet received by the detected network, and the outgoing packet may be a packet sent by the detected network.
获取并区分被检测网络传输的入向报文和出向报文可以包括:Obtaining and distinguishing between the inbound and outbound packets transmitted by the detected network may include:
通过预先设置的入向接口接收从传输接口复制的入向报文,通过预先设置的出向接口接收从传输接口复制的出向报文;或,Receiving the inbound packet copied from the transmission interface through the preset inbound interface, and receiving the outgoing packet copied from the transmission interface through the preset outgoing interface; or
获取从传输接口复制的入向报文和从传输接口复制的出向报文时,对获取的入向报文和出向报文分别添加相应的流向信息,以区分入向报文和出向报文。When the inbound packet is copied from the transmission interface and the outgoing packet is copied from the transmission interface, the corresponding inbound and outbound packets are added to the inbound and outbound packets to distinguish between the inbound and outbound packets.
本公开方法还可以包括:The disclosed method can also include:
对获取的所述入向报文和所述出向报文分别添加相应的流向信息时,对添加流向信息的入向报文和出向报文进行封装。When the corresponding flow direction information is added to the obtained inbound packet and the outgoing packet, the inbound packet and the outgoing packet are added to the flow direction information.
对入向报文的特定部分与出向报文的特定部分进行匹配前,所述方法还包括:对封装的包含流向信息的入向报文和封装的包含流向信息的出向报文进行解封装。Before the matching of the specific part of the inbound packet with the specific part of the outgoing packet, the method further includes: decapsulating the encapsulated inbound packet containing the flow direction information and the encapsulated outgoing packet containing the flow direction information.
其中,入向报文的特定部分为入向报文中不应该发生变化的报文字段;出向报文的特定部分为出向报文中不应该发生变化的报文字段。不应发生变化的报文字段可以是源地址、目的地址或者报文长度。The specific part of the inbound packet is a packet field that should not change in the incoming packet. The specific part of the outgoing packet is a packet field that should not change in the outgoing packet. The message field that should not change can be the source address, the destination address, or the packet length.
可选的,对分别添加相应的流向信息的入向报文和出向报文进行封装包括:对分别添加相应的流向信息的入向报文和出向报文分别进行通用路由封装(Generic Routing Encapsulation,GRE)或用户数据报协议(User Datagram Protocol,UDP)封装。Optionally, the encapsulation of the inbound and outbound packets respectively adding the corresponding flow information includes: performing Generic Routing Encapsulation on the inbound and outbound packets respectively adding the corresponding flow information. GRE) or User Datagram Protocol (UDP) encapsulation.
可选的,获取并区分被检测网络传输的入向报文和出向报文包括:Optionally, obtaining and distinguishing between the inbound packet and the outgoing packet transmitted by the detected network includes:
当网络设备为电口设备时,通过对被检测网络的网络设备进行配置,复制被检测网络传输的入向报文和出向报文;以及 When the network device is an electrical device, the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
当网络设备为光口设备时,通过被检测网络的分光器,对被检测网络传输的入向报文和出向报文进行分光复制。When the network device is an optical interface device, the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
其中,电口为网线接口,光口为光纤接口。The electrical interface is a network cable interface, and the optical interface is a fiber interface.
在步骤110中,将入向报文的特定部分与出向报文的特定部分进行匹配,确定报文是否出错。In step 110, a specific part of the incoming message is matched with a specific part of the outgoing message to determine whether the message is in error.
其中,匹配可以是同一网络设备的入向报文的特定部分的每个字段和出向报文的特定部分的每个字段进行比较,同一网络设备的入向报文的特定部分的每个字段和出向报文的特定部分的每个字段都相同,则匹配成功。The matching may be that each field of a specific part of the inbound packet of the same network device is compared with each field of the specific part of the outgoing message, and each field of the specific part of the incoming message of the same network device and The match is successful if each field of the specific part of the outgoing message is the same.
本公开方法还包括:根据确定出错的报文,对错误报文涉及的网络设备进行调整。The method of the present disclosure further includes: adjusting, according to the packet that determines the error, the network device involved in the error message.
所述方法中,通过复制的方式获取入向报文和出向报文,采用入向接口和出向接口对入向报文和出向报文进行区分。In the method, the inbound packet and the outgoing packet are obtained by using the inbound interface and the outgoing interface to distinguish the inbound packet from the outgoing packet.
将入向报文的特定部分与出向报文的特定部分进行匹配可以包括:Matching a particular portion of the incoming message with a particular portion of the outgoing message may include:
将入向报文的特定部分的内容与出向报文的特定部分的内容进行匹配;或,Matching the content of a particular part of the incoming message with the content of a particular part of the outgoing message; or,
提取入向报文的特定部分的内容的特征值和出向报文的特定部分的内容的特征值;Extracting feature values of the content of the specific part of the incoming message and the feature value of the content of the specific part of the outgoing message;
将提取的入向报文的特定部分的内容的特征值与提取的出向报文的特定部分的内容的特征值进行匹配。The feature value of the content of the extracted specific portion of the incoming message is matched with the feature value of the content of the extracted specific portion of the outgoing message.
对入向报文的特定部分与出向报文的特定部分进行匹配前,本公开的方法还可以包括:Before the matching of the specific part of the incoming message with the specific part of the outgoing message, the method of the disclosure may further include:
过滤被检测网络主动发出的出向报文和发送给被检测网络的入向报文。Filtering outgoing packets sent by the detected network and incoming packets sent to the detected network.
在对入向报文的特定部分与出向报文的特定部分进行匹配前,本公开方法还包括以下至少之一:The method of the present disclosure further includes at least one of the following before matching a particular portion of the incoming message with a particular portion of the outgoing message:
过滤被检测网络组播传输的报文;以及Filtering packets transmitted by the detected network multicast; and
过滤所述被检测网络广播传输的报文。Filtering the message transmitted by the detected network broadcast.
被检测网络主动发出的出向报文和发送给被检测网络的入向报文可以通过以下方法进行区分识别: The outgoing packets sent by the detected network and the incoming packets sent to the detected network can be differentiated and identified by the following methods:
通过源地址确定是否是被检测网络主动发出的出向报文;以及Determining, by the source address, whether an outgoing message is actively sent by the detected network;
通过目的地址确定是否是发送给被检测网络的入向报文。The destination address is used to determine whether it is an inbound message sent to the detected network.
对入向报文的特定部分与出向报文的特定部分进行匹配包括:Matching a specific part of the incoming message with a specific part of the outgoing message includes:
当处于非网络地址转换(NAT)场景时,对源地址和目的地址中的至少一个相同的入向报文的特定部分与所述出向报文的特定部分进行匹配;以及When in a non-network address translation (NAT) scenario, a specific portion of the same incoming message of at least one of the source address and the destination address is matched with a specific portion of the outgoing message;
当处于NAT场景时,根据入向报文的源地址、所述入向报文的目的地址、所述出向报文的源地址、所述出向报文的目的地址、NAT场景中本地地址和全局地址映射条目,确定获取的入向报文和出向报文映射后的源地址和目的地址,选择确定的映射的源地址和目的地址对应的入向报文和出向报文,进行所述入向报文的特定部分与所述出向报文的特定部分的匹配。When in the NAT scenario, the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, the local address in the NAT scenario, and the global The address mapping entry determines the source address and the destination address of the obtained inbound packet and the outgoing packet, and selects the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. A match between a particular portion of the message and a particular portion of the outgoing message.
当被检测网络传输的报文为常见报文时,本公开方法还可以包括:对入向报文的特定部分包含的区分字段内容和出向报文的特定部分包含的区分字段内容进行报文学习;When the packet transmitted by the detected network is a common packet, the method of the disclosure may further include: performing packet learning on the content of the distinguishing field included in the specific part of the incoming packet and the content of the distinguishing field included in the specific part of the outgoing packet. ;
如果报文学习的结果中所述入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段匹配,确定报文未发生错误;如果报文学习的结果中所述入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段不匹配,将所述入向报文的特定部份与所述出向报文的特定部分进行匹配,确定报文是否出错。If the distinguishing field included in the specific part of the incoming packet and the distinguishing field included in the specific part of the outgoing packet match in the result of the packet learning, it is determined that the packet does not have an error; if the result of the packet learning is Determining that the distinguishing field included in the specific part of the packet does not match the distinguishing field included in the specific part of the outgoing message, and matching the specific part of the incoming message with the specific part of the outgoing message , to determine if the message is wrong.
其中,常见报文包括地址解析协议(Address Resolution Protocol,ARP)报文、IP报文、PING协议报文、传输控制协议(Transmission Control Protocol)TCP报文、UDP报文。The common packets include the address resolution protocol (ARP) packet, the IP packet, the PING protocol packet, the transmission control protocol (TCP) packet, and the UDP packet.
可选的,区分字段可以包括以下至少之一:协议、报文长度和标志位。Optionally, the distinguishing field may include at least one of the following: a protocol, a message length, and a flag bit.
本公开方法通过对入向报文的特定部分和出向报文的特定部分进行匹配,确定报文是否出错,实现对被检错网络的报文检错。同时,根据报文检错的结果,对网络设备进行调整,及时调整被检错网络的通信,保证了网络的正常通信。The method of the present disclosure determines whether the message is erroneous by matching a specific part of the incoming message and a specific part of the outgoing message, thereby realizing error detection of the message of the error-detected network. At the same time, according to the result of the error detection of the message, the network device is adjusted, and the communication of the network to be detected is timely adjusted to ensure the normal communication of the network.
图2为本公开实现报文检错的装置的结构程图,如图2所示,所述装置包括:获取单元和匹配分析单元。2 is a structural diagram of an apparatus for implementing packet error detection according to the present disclosure. As shown in FIG. 2, the apparatus includes: an obtaining unit and a matching analyzing unit.
获取单元,设置为获取并区分被检测网络传输的入向报文和出向报文。 The obtaining unit is configured to acquire and distinguish the inbound packet and the outgoing packet transmitted by the detected network.
获取单元还可以设置为,The acquisition unit can also be set to,
通过预先设置的入向接口接收从传输接口复制的入向报文,通过预先设置的出向接口接收从传输接口复制的出向报文;或,Receiving the inbound packet copied from the transmission interface through the preset inbound interface, and receiving the outgoing packet copied from the transmission interface through the preset outgoing interface; or
获取从传输接口复制的入向报文和从传输接口复制的出向报文时,对获取的入向报文和出向报文分别添加相应的流向信息,以区分入向报文和出向报文。When the inbound packet is copied from the transmission interface and the outgoing packet is copied from the transmission interface, the corresponding inbound and outbound packets are added to the inbound and outbound packets to distinguish between the inbound and outbound packets.
获取单元还可以设置为,The acquisition unit can also be set to,
当网络设备为电口设备时,通过对被检测网络的网络设备进行配置,复制被检测网络传输的入向报文和出向报文;When the network device is an electrical device, the network device of the detected network is configured to copy the inbound packet and the outgoing packet transmitted by the detected network.
当网络设备为光口设备时,通过被检测网络的分光器,对被检测网络传输的入向报文和出向报文进行分光复制。When the network device is an optical interface device, the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
本公开装置还包括封装单元和解封装单元。The disclosed apparatus also includes a package unit and a decapsulation unit.
封装单元设置为对获取的入向报文和出向报文分别添加相应的流向信息时,对添加流向信息的入向报文和出向报文进行封装。When the encapsulation unit is configured to add the corresponding flow direction information to the incoming inbound packet and the outgoing packet respectively, the encapsulation packet and the outgoing packet are added to the flow direction information.
解封装单元设置为对入向报文的特定部分与出向报文的特定部分进行匹配前,对封装的包含流向信息的入向报文和封装的包含所述流向信息的出向报文进行解封装。The decapsulation unit is configured to decapsulate the encapsulated inbound packet containing the flow direction information and the encapsulated outgoing message including the flow direction information before the specific part of the incoming packet is matched with the specific part of the outgoing packet. .
其中,被检测网络为由一个或一个以上网络设备构成的网络。The detected network is a network composed of one or more network devices.
匹配分析单元设置为对入向报文与出向报文中不应发生变化部分进行匹配,确定报文是否出错。The matching analysis unit is configured to match the inbound and outgoing messages in the incoming message to determine whether the packet is in error.
匹配分析单元还可以设置为将入向报文的特定部分的内容与出向报文的特定部分的内容进行匹配;或,The matching analysis unit may be further configured to match the content of the specific part of the incoming message with the content of the specific part of the outgoing message; or
提取入向报文的特定部分的内容的特征值和出向报文的特定部分的内容的特征值;Extracting feature values of the content of the specific part of the incoming message and the feature value of the content of the specific part of the outgoing message;
将提取的入向报文的特定部分的内容的特征值与提取的出向报文的特定部分的内容的特征值进行匹配。The feature value of the content of the extracted specific portion of the incoming message is matched with the feature value of the content of the extracted specific portion of the outgoing message.
匹配分析单元还可以设置为当处于非网络地址转换(NAT)场景时,对源地址和目的地址中的至少一个相同的入向报文的特定部分与所述出向报文中的特定部分进行匹配;以及 The matching analysis unit may be further configured to: when in a non-network address translation (NAT) scenario, match a specific portion of the same incoming message with at least one of the source address and the destination address with a specific portion of the outgoing message ;as well as
当处于NAT场景时,根据入向报文的源地址、所述入向报文的目的地址、出向报文的源地址、所述出向报文的目的地址、NAT场景中本地地址和全局地址映射条目,确定获取的入向报文和出向报文映射后的源地址和目的地址,选择确定的映射的源地址和目的地址对应的入向报文和出向报文,进行入向报文的特定部分与出向报文的特定部分的匹配。When in the NAT scenario, the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, and the local address and global address mapping in the NAT scenario. The entry determines the source address and the destination address of the inbound packet and the destination packet, and selects the inbound and outbound packets corresponding to the source and destination addresses of the mapping. Partial match to a specific part of the outgoing message.
本公开装置还可以包括第一过滤单元。第一过滤单元设置为对入向报文的特定部分与出向报文的特定部分进行匹配前,过滤被检测网络主动发出的出向报文和发送给被检测网络的入向报文。The disclosed apparatus may also include a first filtration unit. The first filtering unit is configured to filter the outgoing message actively sent by the detected network and the incoming message sent to the detected network before the specific part of the incoming message matches the specific part of the outgoing message.
本公开装置还可以包括第二过滤单元。第二过滤单元设置为对入向报文的特定部分与出向报文的特定部分进行匹配前,过滤被检测网络组播传输的报文以及所述被检测网络广播传输的报文中的至少一种报文。The disclosed apparatus may also include a second filter unit. The second filtering unit is configured to filter at least one of the packet transmitted by the detected network multicast and the packet transmitted by the detected network before the matching of the specific part of the incoming message with the specific part of the outgoing message. Kind of message.
本公开装置还可以包括报文学习单元。报文学习单元设置为当被检测网络传输的报文为常见报文时,对入向报文的特定部分包含的区分字段内容和出向报文的特定部分包含的区分字段内容进行报文学习。The disclosed apparatus may also include a message learning unit. The packet learning unit is configured to perform packet learning on the content of the distinguishing field included in the specific part of the incoming packet and the content of the distinguishing field included in the specific part of the outgoing packet when the packet transmitted by the detected network is a common packet.
匹配分析单元还可以设置为,如果报文学习的结果中入向报文的特定部分包含的区分字段和出向报文的特定部分包含的区分字段匹配,确定报文未发生错误;如果报文学习的结果中所述入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段不匹配,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错。The matching analysis unit may be further configured to determine that the packet does not have an error if the distinguishing field included in the specific part of the incoming packet and the specific part included in the specific part of the outgoing packet are matched in the result of the packet learning; The distinguishing field included in the specific part of the incoming message and the distinguishing field included in the specific part of the outgoing message do not match, and the specific part of the incoming message and the specific part of the outgoing message Partially match to determine if the message is in error.
本公开装置还可以包括调整单元。调整单元设置为根据匹配分析单元确定出错的报文,对错误报文涉及的网络设备进行调整。The disclosed apparatus may also include an adjustment unit. The adjusting unit is configured to determine an error message according to the matching analysis unit, and adjust the network device involved in the error message.
第一实施例First embodiment
本实施例进行报文检错时,被检测网络可以是一个或一个以上网络设备构成的网络,网络设备可以是路由器或交换机等。本实施例以被检测网络为由单一的网络设备构成的网络为例,网络设备包含第一接口和第二接口。本实施例区分网络设备第一接口和第二接口的入向报文和出向报文。可以从第一接口和第二接口复制进入网络设备的报文,从第一接口和第二接口复制通过网络设备传输的报文。可选的,可以在本公开报文检错的装置上设置相应的入向接口和出向接口,将复制的入向报文和出向报文通过设置的入向接口和出向接口区分并传输至报文检错的装置。本实施例还可以在报文检错的装置上设置网络设备 不同接口相应的入向接口和出向接口,即在报文检错装置上设置接收从第一接口复制的入向报文和的第一入向接口和接收从第一接口复制出向报文的第一出向接口,设置接收从第二接口复制的入向报文的第二入向接口和接收从第二接口复制出向报文第二出向接口;当网络设备的接口增加时,报文检错的装置上设置与网络设备接口成对应关系的入向接口和出向接口也相应增加。图3为本公开第一实施例的方法流程图。In this embodiment, when the packet is detected, the detected network may be a network composed of one or more network devices, and the network device may be a router or a switch. In this embodiment, the detected network is a network composed of a single network device, and the network device includes a first interface and a second interface. In this embodiment, the inbound and outbound packets of the first interface and the second interface of the network device are distinguished. The packet entering the network device may be copied from the first interface and the second interface, and the packet transmitted through the network device is copied from the first interface and the second interface. Optionally, the corresponding inbound interface and the outgoing interface may be set on the device that detects the error in the disclosure packet, and the copied inbound packet and the outgoing packet are separated and transmitted to the incoming interface through the set inbound interface and the outgoing interface. The device for detecting errors. In this embodiment, the network device can also be set on the device for error detection of the message. The corresponding inbound interface and the outgoing interface of the different interfaces, that is, the first inbound interface that receives the inbound packet and the inbound packet copied from the first interface and the packet that is copied out from the first interface are received on the packet error detecting device. An outgoing interface, configured to receive a second incoming interface that receives the inbound packet copied from the second interface, and receives the second outgoing interface that is copied from the second interface to the second interface; when the interface of the network device increases, the packet is detected incorrectly. The inbound interface and the outbound interface that are set to correspond to the network device interface on the device are also correspondingly increased. 3 is a flow chart of a method of the first embodiment of the present disclosure.
在步骤300中,复制网络设备接收的入向报文和传输的出向报文。In step 300, the inbound message received by the network device and the outgoing outgoing message are copied.
本步骤中,如果网络设备是电口设备,可以在网络设备上进行配置,以复制流入第一接口和第二接口的入向报文、和流出第一接口和第二接口的出向报文。如果网络设备时光口设备,则在分光器上通过对流入第一接口和第二接口的入向报文进行分光复制,对流出第一接口和第二接口的出向报文进行分光复制。In this step, if the network device is an electrical interface device, the network device can be configured to copy the inbound packets flowing into the first interface and the second interface, and the outgoing packets from the first interface and the second interface. If the network device is an optical interface device, the inbound packets that flow into the first interface and the second interface are split and replicated on the optical splitter, and the outgoing packets of the first interface and the second interface are split and copied.
本实施例,入向报文和出向报文如果不采用入向接口和出向接口进行区分,还可以通过在传输的报文中添加流向信息对入向报文和出向报文进行区分,例如,可以在传输的报文中添加流向标签、流向标识或流向属性的字段等。In this embodiment, if the inbound packet and the outgoing packet are not distinguished by the inbound interface and the outgoing interface, the inbound packet and the outgoing packet may be distinguished by adding the flow direction information to the transmitted packet. For example, You can add a flow label, a flow direction identifier, or a flow direction attribute field to the transmitted message.
当对入向报文和出向报文分别添加相应的流向信息时,本实施例中的方法还可以包括:对添加流向信息的入向报文和出向报文进行封装;以及将入向报文的特定部分与出向报文的特定部分进行匹配之前,对封装的包含流向信息的入向报文和封装的包含流向信息的出向报文进行解封装。The method in this embodiment may further include: encapsulating an inbound packet and an outgoing packet to which the flow direction information is added, and encapsulating the inbound packet, when the corresponding inbound packet is added to the inbound packet and the outgoing packet. Before the specific part of the packet is matched with the specific part of the outgoing message, the encapsulated incoming message containing the flow direction information and the encapsulated outgoing message containing the flow direction information are decapsulated.
本实施例封装方法可以是GRE或UDP封装等。The encapsulation method in this embodiment may be a GRE or UDP encapsulation or the like.
在步骤310中,对入向报文的特定部分与出向报文的特定部分进行匹配,确定报文是否出错。In step 310, a specific part of the incoming message is matched with a specific part of the outgoing message to determine whether the message is in error.
入向报文和出向报文经过网络设备传输时,入向报文的特定部分和与出向报文的特定部分从流入网络设备到流出网络设备,特定部分的内容与特定部分的内容是不允许发生变化的。如果网络未出现链路问题,则入向报文的特定部分的内容和出向报文的特定部分的内容是一样的。如果特定部分的内容与特定部分的内容一致,匹配通过,确定报文没有发生错误。例如,假设网络设备传输的入向报文的特定部分的内容与出向报文的特定部分的内容应该是[0x10,0x20,0x30],报文检错的装置获取到一个入向报文的特定部分的内容是[0x10,0x20,0x30]时,确定入向报文的特定部分包含内容和出向报文的特定部分包含 内容一致,从而确定报文未发生错误。如果获取的出向报文的特定部分变成[0x10,0x20,0x31],此时,报文检错的装置无法匹配与入向报文的特定部分相同的出向报文,确定报文发生了错误。不同种类的报文,在网络设备传输时报文的特定部分可能是不同的,发生变化的部分是指除特定部分之外的报文内容,如IP报文的生存时间值(TTL)字段,在传输过程中会被网络设备做合法修改(此时网络设备可以是一个路由器)。When the inbound packet and the outgoing packet are transmitted through the network device, the specific part of the incoming packet and the specific part of the outgoing packet are from the inflow network device to the outgoing network device, and the content of the specific part and the content of the specific part are not allowed. Changed. If there is no link problem in the network, the content of the specific part of the incoming message is the same as the content of the specific part of the outgoing message. If the content of a specific part is consistent with the content of a specific part, the match is passed, and it is determined that no error has occurred in the message. For example, suppose that the content of a specific part of the incoming message transmitted by the network device and the content of the specific part of the outgoing message should be [0x10, 0x20, 0x30], and the device that detects the error of the packet obtains the specificity of an incoming message. When the content of the part is [0x10, 0x20, 0x30], it is determined that the specific part of the incoming message contains the content and the specific part of the outgoing message contains The content is consistent, so that the message does not have an error. If the specific part of the obtained outgoing message becomes [0x10, 0x20, 0x31], the device that detects the error of the packet cannot match the outgoing packet with the same part of the incoming packet, and determines that the packet has an error. . Different types of packets may be different in the specific part of the packet when the network device transmits. The changed part refers to the content of the packet except the specific part, such as the time-to-live value (TTL) field of the IP packet. The network device will be legally modified during transmission (the network device can be a router at this time).
对入向报文的特定部分与出向报文的特定部分进行匹配可以是对入向报文的特定部分的内容与出向报文的特定部分的内容进行对比。例如,将入向报文的特定部分的内容加载到第一列表中,将出向报文中的特定部分的内容加载到第二列表中。可以按照时间排序将特定部分的内容和特定部分的内容加载到列表中,将同一时间的特定部分和特定部分进行内容对比时,逐个提取第二列表中的出向报文的特定部分的内容与第一列表中的入向报文的特定部分的内容进行匹配,匹配成功则确定报文没有发生错误。若第二列表中的出向报文的特定部分未从第一列表中匹配到与出向报文的特定部分相同的入向报文的特定部分的内容时,确定报文发生错误。本实施例方法还可以采用提取第一列表中入向报文的特定部分和第二列表中的特定部分的内容进行匹配。Matching a particular portion of the incoming message with a particular portion of the outgoing message may be a comparison of the content of the particular portion of the incoming message with the content of the particular portion of the outgoing message. For example, loading the content of a particular portion of the incoming message into the first list loads the content of the particular portion of the outgoing message into the second list. The content of a specific part and the content of a specific part may be loaded into the list according to time sorting, and when the specific part of the same time is compared with the specific part, the content of the specific part of the outgoing message in the second list is extracted one by one. The content of a specific part of the inbound message in a list is matched, and if the matching is successful, it is determined that the message does not have an error. If the specific part of the outgoing message in the second list does not match the content of the specific part of the inbound message that is the same as the specific part of the outgoing message, the packet is determined to have an error. The method in this embodiment may also perform matching by extracting content of a specific part of the incoming message in the first list and a specific part of the second list.
对入向报文的特定部分与出向报文的特定部分进行匹配还可以通过对入向报文的特定部分的内容和出向报文的特定部分的内容分别提取特征值后,将提取的入向报文的特定部分的内容的特征值与出向报文部分的内容的特征值进行匹配,通过提取特征值的匹配确定入向报文的特定部分与出向报文的特定部分是否相同,采用特征值进行匹配的方法可以提高匹配过程的工作效率。报文的特征值与报文在匹配过程中存在映射关系,以哈希计算进行匹配为例,报文及报文对应的特征值可以通过哈希表中该报文对应的VALUE值和KEY值分别进行存储,根据KEY值的匹配成功确定VALUE值匹配成功,从而确定报文匹配成功。The matching of the specific part of the incoming message with the specific part of the outgoing message may also be performed by extracting the feature value separately from the content of the specific part of the incoming message and the content of the specific part of the outgoing message, and then extracting the incoming direction The feature value of the content of the specific part of the message is matched with the feature value of the content of the outgoing message part, and the matching of the feature value is determined to determine whether the specific part of the incoming message is the same as the specific part of the outgoing message, and the feature value is adopted. The method of matching can improve the efficiency of the matching process. The eigenvalues of the packets and the packets are in the matching process. The hash calculation is used as an example. The eigenvalues corresponding to the packets and packets can pass the VALUE and KEY values of the packets in the hash table. The storage is performed separately, and the VALUE value is successfully matched according to the matching of the KEY value, thereby determining that the message is successfully matched.
可选的,提取特征值的方法可以通过计算哈希值的方法实现。Optionally, the method of extracting the feature value may be implemented by calculating a hash value.
本实施例还可以对被检测网络传输的报文进行特征值提取,通过特征值对入向报文和出向报文进行区分,并通过特征值的匹配确定报文是否发生错误。In this embodiment, the eigenvalues of the packets transmitted by the detected network are extracted, and the inbound packets and the outgoing packets are distinguished by the eigenvalues, and the eigenvalues are matched to determine whether the packets have errors.
当采用计算哈希值的方法进行入向报文的特定部分与出向报文的特定部分的匹配时,本实施例方法还包括: When the method of calculating the hash value is used to match the specific part of the inbound packet with the specific part of the outgoing packet, the method in this embodiment further includes:
将报文长度、源地址、目的地址、源端口以及目的端口中的至少一个作为特征值进行匹配。At least one of the packet length, the source address, the destination address, the source port, and the destination port is matched as a feature value.
采用报文长度、源地址、目的地址、源端口以及目的端口中的至少一个作为特征值进行匹配,在不同报文进行哈希计算时,可以减少获得的哈希值相同的情况。其中,传输控制协议(Transmission Control Protocol,TCP)报文或用户数据报协议(User Datagram Protocol,UDP)报文可以采用源端口和目的端口中的至少一个作为特征值进行匹配。另外,对报文进行哈希计算时,如果报文较长,可以将报文分段后进行哈希计算、将分段计算的哈希值作为报文的特征值,可以根据该特征值进行入向报文的特定部分和出向报文的特定部分的匹配。At least one of the packet length, the source address, the destination address, the source port, and the destination port is used as the feature value for matching. When the hash calculation is performed on different packets, the obtained hash value can be reduced. The transmission control protocol (TCP) packet or the user datagram protocol (UDP) packet can be matched by using at least one of the source port and the destination port as the feature value. In addition, when the packet is hashed, if the packet is long, the packet may be segmented and hashed, and the hash value calculated by the segmentation may be used as the feature value of the packet, and may be performed according to the feature value. A match between a specific part of the incoming message and a specific part of the outgoing message.
获取的出向报文和入向报文可能存在延迟,即获取的出向报文的时间可能先于获取入向报文的时间,本公开方法还可以包括:预设时长后,重新进行入向报文的特定部分和出向报文的特定部分的匹配。The obtained outgoing packet and the incoming packet may be delayed. The time of the obtained outgoing packet may be earlier than the time when the incoming packet is obtained. The method of the disclosure may further include: after the preset duration, re-entry the incoming packet. A match between a particular part of the text and a particular part of the outgoing message.
本实施例中,进行入向报文的特定部分和出向报文的特定部分的匹配之前,本实施例的方法还可以包括将网络设备主动发出的出向报文和发送给网络设备的入向报文进行区分排除。In this embodiment, before performing the matching between the specific part of the incoming packet and the specific part of the outgoing packet, the method in this embodiment may further include sending the outgoing packet sent by the network device and the incoming report sent to the network device. The text is distinguished by exclusion.
网络设备主动发出的出向报文可以是管理维护报文,可以通过IP地址是否为管理系统地址确定出向报文是否为管理维护报文。发送给被检测设备本身的入向报文可以是管理系统发送给网络设备的报文。此时,可以根据目的地址确定入向报文是否是管理系统发送给网络设备的报文,如该IP地址是网络设备本身的IP地址。The outbound packet sent by the network device can be an administrative maintenance packet. The IP address can be used as the management system address to determine whether the outgoing packet is an administrative maintenance packet. The inbound packet sent to the detected device itself may be a packet sent by the management system to the network device. At this time, it is determined whether the incoming packet is a packet sent by the management system to the network device according to the destination address, for example, the IP address is an IP address of the network device itself.
第二实施例Second embodiment
本实施例报文检错的装置包括获取单元和匹配分析单元,获取单元与被检测网络的每个接口连接。被检测网络可以是一个网络设备、或由两个或两个以上网络设备构成的网络。图4为本公开第二实施例的方法流程图。The apparatus for error detection of the message in this embodiment includes an obtaining unit and a matching analyzing unit, and the obtaining unit is connected to each interface of the detected network. The detected network may be a network device or a network composed of two or more network devices. 4 is a flow chart of a method of a second embodiment of the present disclosure.
在步骤400中,获取单元获取并区分被检测网络传输的入向报文和出向报文。In step 400, the acquiring unit acquires and distinguishes the inbound packet and the outgoing packet transmitted by the detected network.
在步骤410中,获取单元对获取的入向报文的特定部分和出向报文的特定部分进行特征值提取。In step 410, the acquiring unit performs feature value extraction on the specific part of the obtained inbound message and the specific part of the outgoing message.
在步骤420中,获取单元将入向报文的特定部分提取的特征值和出向报文 的特定部分提取的特征值发往匹配分析单元。In step 420, the acquiring unit extracts the feature value and the outgoing message extracted from the specific part of the incoming message. The feature values extracted by the specific part are sent to the matching analysis unit.
本实施例获取单元可以获取每个接口的报文的特征值,即将入向报文的特定部分的内容的特征值和出向报文的特定部分的内容的特征值进行提取后,将提取的特征值发往匹配分析单元。In this embodiment, the acquiring unit may obtain the feature value of the packet of each interface, and extract the feature value of the content of the specific part of the incoming message and the feature value of the content of the specific part of the outgoing message. The value is sent to the matching analysis unit.
可选的,发送特征值时,可以在报文中添加流向信息。例如,在报文中添加属性数据,用于标识流向,对添加标识后的报文进行封装和传输。Optionally, when sending the feature value, the flow direction information may be added to the message. For example, the attribute data is added to the packet to identify the flow direction, and the packet after the identifier is added is encapsulated and transmitted.
在步骤430中,分析匹配单元对接收的入向报文的特定部分的内容的特征值和出向报文的特定部分的内容提取的特征值进行匹配,确定报文是否发生错误。In step 430, the analysis matching unit matches the feature value of the content of the specific part of the received incoming message with the feature value extracted by the content of the specific part of the outgoing message to determine whether the message has an error.
第三实施例Third embodiment
本实施例以区域A、区域B和区域C通过被检测网络进行报文传输为例对本公开方法进行说明。图5为本公开第三实施例报文经过被检测网络的网络拓扑示意图。如图5所示,对于区域A而言,报文流向包括区域A到区域B、区域A到区域C、区域B到区域A和区域C到区域A。通过对入向报文和出向报文的报文流向进行定位,可以缩小报文检测时匹配的范围,提高报文检错的工作效率。报文流向可以通过源地址和目的地址、或配置信息确定。In this embodiment, the method of the present disclosure is described by taking the case where the area A, the area B, and the area C transmit the message through the detected network. FIG. 5 is a schematic diagram of a network topology of a packet passing through a detected network according to a third embodiment of the present disclosure. As shown in FIG. 5, for the area A, the packet flow direction includes the area A to the area B, the area A to the area C, the area B to the area A, and the area C to the area A. By locating the flow of incoming packets and outgoing packets, the range of matching during packet detection can be reduced, and the efficiency of packet error detection can be improved. The packet flow direction can be determined by the source address and destination address, or configuration information.
在非网络地址转换(Network Address Translation,NAT)场景下,以报文流向包含源地址和目的地址为例,进行入向报文的特定部分和出向报文的特定部分的匹配时,提取需要匹配的出向报文后,根据出向报文的源地址和目的地址对入向报文进行筛选,获得和出向报文源地址和目的地址相同的入向报文后,进行入向报文的特定部分和出向报文的特定部分的匹配。如果提取需要匹配的是入向报文,根据入向报文的源地址和目的地址对出向报文进行筛选,获得和入向报文源地址和目的地址相同的出向报文,进行出向报文的特定部分和入向报文的特定部分的匹配。如果采用提取特征值进行匹配的方法,则对入向报文和出向报文的源地址和目的地址等字段的进行特征值计算和通过计算的源地址和目的地址的特征值对入向报文或出向报文进行筛选。In the case of a network address translation (NAT) scenario, the packet needs to match when the packet flows to the source and destination addresses as an example to match the specific part of the incoming packet with the specific part of the outgoing packet. After the outgoing packet, the incoming packet is filtered according to the source address and the destination address of the outgoing packet, and the inbound packet with the same source address and destination address is obtained after the outgoing packet is sent to the specific part of the incoming packet. Matches to a specific part of the outgoing message. If the inbound packet is to be matched, the outbound packet is filtered according to the source and destination addresses of the incoming packet, and the outgoing packet with the same source address and destination address is obtained. The match between a particular part and a specific part of the incoming message. If the matching feature value is used for matching, the eigenvalue calculation is performed on the source address and the destination address of the incoming packet and the outgoing packet, and the eigenvalue pair of the source address and the destination address are calculated. Or filter out the message.
在NAT场景下,由于获取源地址和目的地址在复制到分析匹配单元的入向接口和出向接口时,通过NAT场景中本地地址和全局地址映射条目进行了修改,因此无法通过源地址和目的地址相同的方式进行筛选,如果需要进行筛选,则可以获取NAT场景中本地地址和全局地址映射条目根据映射条目获得入向报文 复制前或复制后的源地址和目的地址。In the NAT scenario, the source address and destination address are copied to the inbound interface and the outbound interface of the analysis matching unit. The local address and global address mapping entries in the NAT scenario are modified. Therefore, the source address and destination address cannot be passed. Filtering in the same way. If you need to perform filtering, you can obtain the local address and global address mapping entries in the NAT scenario to obtain the inbound packets based on the mapping entries. Source and destination addresses before or after copying.
第四实施例Fourth embodiment
在进行报文匹配时,如果报文数量过多会使得匹配效率过低。可以通过对常见报文进行学习的方法提高匹配效率。常见报文数量多、内容比较固定、报文发生异常的可能性低。When matching packets, if the number of packets is too large, the matching efficiency is too low. You can improve the matching efficiency by learning common messages. The number of common packets is large, the content is relatively fixed, and the probability of abnormal packets is low.
在本实施例中,报文学习可以对入向报文的特定部分中特殊的区分字段和出向报文的特定部分中特殊的区分字段进行学习。特殊的区分字段可以包括协议、报文长度和标志位中的至少一个。例如,大量的TCP SYN报文携带的参数几乎一样,比如报文长度、SYN标志位等。其中,SYN为TCP层的标志字段,SYN为建立连接的标志。本实施例中,获取单元获取入向报文的特定部分和出向报文的特定部分后,提取协议、报文长度和标志位中的至少一个区分字段;对从入向报文的特定部分提取的区分字段和出向报文的特定部分提取的区分字段进行报文学习后进行匹配;匹配成功,确定报文未发生错误;匹配失败,则该报文不是常见报文,采用实施例一中的方法对入向报文的特定部分和出向报文的特定部分进行匹配,确定报文是否发生错误。In this embodiment, the message learning may learn a special distinguishing field in a specific part of the incoming message and a special distinguishing field in a specific part of the outgoing message. The special distinguishing field may include at least one of a protocol, a message length, and a flag bit. For example, a large number of TCP SYN packets carry almost the same parameters, such as packet length and SYN flag. Among them, SYN is the flag field of the TCP layer, and SYN is the flag for establishing a connection. In this embodiment, after acquiring the specific part of the incoming message and the specific part of the outgoing message, the acquiring unit extracts at least one of the protocol, the packet length, and the flag bit; and extracts the specific part of the incoming message. The distinguishing field and the distinguishing field extracted from the specific part of the outgoing packet are matched after the packet learning; the matching is successful, and the packet is not found to have an error; if the matching fails, the packet is not a common packet, and the first embodiment is used. The method matches a specific part of the incoming message with a specific part of the outgoing message to determine whether the packet has an error.
是否进行区分字段的报文学习可以根据该类报文出现的频率和数量进行确定。进行报文学习时,一旦监测到该部分报文出现时,自动触发报文学习。Whether the packet learning of distinguishing fields can be determined according to the frequency and quantity of occurrence of such packets. When the message learning is performed, the message learning is automatically triggered once the part of the message is detected.
图6为本公开第四实施例的方法流程图,如图6所示,包括:FIG. 6 is a flowchart of a method according to a fourth embodiment of the present disclosure. As shown in FIG. 6, the method includes:
在步骤600中,获取并区分被检测网络传输的入向报文和出向报文。In step 600, the inbound packet and the outgoing packet transmitted by the detected network are obtained and distinguished.
本实施例获取入向报文和出向报文还可以包括:获取入向报文的特征值和出向报文的特征值,或,复制入向报文的特定部分和出向报文的特定部分。The obtaining of the inbound message and the outgoing message may further include: acquiring the feature value of the incoming message and the feature value of the outgoing message, or copying the specific part of the incoming message and the specific part of the outgoing message.
区分入向报文和出向报文的方法可以通过将入向报文和出向报文分别通过相应的入向接口和出向接口实现,也可以通过在报文中添加流向信息,例如添加区分流向的属性信息实现。The method of distinguishing the inbound and outbound packets can be implemented by using the inbound and outbound interfaces respectively through the corresponding inbound interface and the outgoing interface, or by adding flow information to the packet, for example, adding a differentiated flow. Property information is implemented.
在步骤610中,提取入向报文的特定部分和出向报文的特定部分中的区分字段,对区分字段进行报文学习。In step 610, a distinguishing field in a specific part of the incoming message and a specific part of the outgoing message is extracted, and packet learning is performed on the distinguished field.
在步骤620中,对报文学习的区分字段进行匹配,如果匹配成功,执行步骤630;如果匹配失败,则执行步骤640。In step 620, the distinguishing fields of the packet learning are matched. If the matching is successful, step 630 is performed; if the matching fails, step 640 is performed.
在步骤630中,确定报文未发生错误。 In step 630, it is determined that no error has occurred in the message.
在步骤640中,对入向报文的特定部分和出向报文的特定部分进行匹配,确定报文是否发生错误。In step 640, a specific part of the incoming message and a specific part of the outgoing message are matched to determine whether the message has an error.
本实施例进行报文检错的入向报文和出向报文不包括发送给被检测网络的报文和被检测网络主动发出的报文。The inbound packet and the outgoing packet of the packet detection in this embodiment do not include the packet sent to the detected network and the packet sent by the detected network.
第五实施例Fifth embodiment
本实施例对匹配过程中出现组播传输的报文或广播传输的报文进行报文检错处理。如果定入向报文和出向报文即不是组播传输的报文也不是广播传输的报文,网络设备出现系统问题将导致多个接口输出的出向报文与入向报文相同,会对系统网络资源造成较大浪费,也容易造成网络拥塞。因此定入向报文和出向报文是组播传输的报文或广播传输的报文的情况,需要和报文发生错误的情况进行区分。In this embodiment, packet error detection processing is performed on a packet that is multicast-transmitted during the matching process or a packet that is transmitted by the broadcast. If the incoming packet and the outgoing packet are not multicast packets or broadcast packets, the network device will cause the outgoing packets of the multiple interfaces to be the same as the incoming packets. System network resources cause a lot of waste, and it is also easy to cause network congestion. Therefore, the case where the incoming message and the outgoing message are multicast-transmitted messages or broadcast-transmitted messages need to be distinguished from the case where the packets are erroneous.
本实施例中,可以通过目的地址及掩码信息确定入向报文和出向报文是否是组播传输的报文或广播传输的报文,当确定入向报文和出向报文是组播传输的报文或广播传输的报文时,确定该报文为未发生错误。掩码信息可以通过配置文件获得。如果确定入向报文和出向报文既不是组播传输的报文也不是广播传输的报文,则可以根据本公开的技术方案进行报文检错,在进行入向报文的特定部分和出向报文的特定部分匹配时,可以判断报文为错误报文。In this embodiment, the destination address and the mask information can be used to determine whether the inbound packet and the outgoing packet are multicast transmission packets or broadcast transmission packets. When the inbound packet and the outgoing packet are determined to be multicast, When a transmitted message or a broadcasted message is received, it is determined that the message is not error. Mask information can be obtained through a configuration file. If it is determined that the inbound packet and the outgoing packet are neither the multicast transmission nor the broadcast transmission, the packet detection may be performed according to the technical solution of the disclosure, and the specific part of the incoming packet is When a specific part of the outgoing packet matches, the packet can be judged to be an error message.
本公开还提供一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述任一实施例中的实现报文检错的方法。The present disclosure also provides a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of implementing message error detection in any of the above embodiments.
本公开还提供了一种电子设备的硬件结构示意图,参见图7,该电子设备包括:The present disclosure also provides a hardware structure diagram of an electronic device. Referring to FIG. 7, the electronic device includes:
至少一个处理器(Processor)701,图7中以一个处理器701为例;和存储器(Memory)702,还可以包括通信接口(Communications Interface)704和总线703。其中,处理器701、通信接口704、存储器703可以通过总线703完成相互间的通信。通信接口704可以用于信息传输。处理器701可以调用存储器702中的逻辑指令,以执行上述方法。At least one processor 701, which is exemplified by a processor 701 in FIG. 7; and a memory 702, may further include a communications interface 704 and a bus 703. The processor 701, the communication interface 704, and the memory 703 can complete communication with each other through the bus 703. Communication interface 704 can be used for information transfer. The processor 701 can call logic instructions in the memory 702 to perform the above method.
此外,上述的存储器702中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。Moreover, the logic instructions in the memory 702 described above may be implemented in the form of software functional units and sold or used as separate products, and may be stored in a computer readable storage medium.
存储器702作为一种计算机可读存储介质,可设置为存储软件程序、计算 机可执行程序,如本公开实施例中的方法对应的程序指令或模块。处理器701通过运行存储在存储器702中的软件程序、指令或模块,从而执行功能应用以及数据处理,即实现报文检错的方法。The memory 702 is a computer readable storage medium that can be configured to store software programs, calculations The machine executable program, such as the program instruction or module corresponding to the method in the embodiment of the present disclosure. The processor 701 performs a function application and data processing by executing a software program, an instruction, or a module stored in the memory 702, that is, a method of implementing message error detection.
存储器702可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序;存储数据区可存储根据终端设备的使用所创建的数据等。此外,存储器702可以包括高速随机存取存储器,还可以包括非易失性存储器。The memory 702 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal device, and the like. Further, the memory 702 may include a high speed random access memory, and may also include a nonvolatile memory.
本公开的技术方案可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括一个或多个指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开实施例所述方法的全部或部分步骤。而前述的存储介质可以是非暂态存储介质,包括:U盘、移动硬盘、只读存储器(Read Only Memory ROM)、随机存取存储器(Random-Access Memory,RAM)、磁碟或者光盘等多种可以存储程序代码的介质,也可以是暂态存储介质。The technical solution of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) Performing all or part of the steps of the method of the embodiments of the present disclosure. The foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read only memory (Read Only Memory ROM), a random access memory (RAM), a magnetic disk, or an optical disk. A medium that can store program code or a transient storage medium.
工业实用性Industrial applicability
本公开提供的实现报文检错的方法和装置,通过对入向报文的特定部分和出向报文的特定部分进行匹配,确定报文是否出错,实现对被检错网络的报文检错。 The method and device for implementing packet error detection provided by the present disclosure determine whether a packet is in error by matching a specific part of an incoming message with a specific part of an outgoing message, and realizing error detection of a packet of the error-detected network. .

Claims (23)

  1. 一种实现报文检错的方法,包括:A method for implementing packet error detection, including:
    获取并区分被检测网络传输的入向报文和出向报文;以及Obtaining and distinguishing between the inbound packet and the outgoing packet transmitted by the detected network;
    将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错;Matching a specific part of the inbound message with a specific part of the outgoing message to determine whether the message is in error;
    其中,所述被检测网络为由一个或一个以上网络设备构成的网络。The detected network is a network composed of one or more network devices.
  2. 根据权利要求1所述的方法,其中,所述获取并区分被检测网络传输的入向报文和出向报文包括:The method according to claim 1, wherein the obtaining and distinguishing between the inbound message and the outgoing message transmitted by the detected network comprises:
    通过预先设置的入向接口接收从传输接口复制的所述入向报文,通过预先设置的出向接口接收从传输接口复制的所述出向报文;或,Receiving, by the preset inbound interface, the inbound packet copied from the transmission interface, and receiving the outgoing packet copied from the transmission interface by using a preset outgoing interface; or
    获取从传输接口复制的所述入向报文和从传输接口复制的所述出向报文时,对获取的所述入向报文和所述出向报文分别添加相应的流向信息,以区分所述入向报文和所述出向报文。And obtaining, when the inbound packet copied from the transmission interface and the outgoing packet copied from the transmission interface, adding corresponding flow direction information to the obtained incoming packet and the outgoing packet, respectively, to distinguish Describe the incoming message and the outgoing message.
  3. 根据权利要求1所述的方法,其中,所述获取并区分被检测网络传输的入向报文和出向报文包括:The method according to claim 1, wherein the obtaining and distinguishing between the inbound message and the outgoing message transmitted by the detected network comprises:
    当所述网络设备为电口设备时,通过对所述被检测网络的网络设备进行配置,复制所述被检测网络传输的所述入向报文和所述出向报文;以及When the network device is an electrical interface device, the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
    当所述网络设备为光口设备时,通过所述被检测网络的分光器,对所述被检测网络传输的入向报文和出向报文进行分光复制。And when the network device is an optical port device, the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
  4. 根据权利要求2所述的方法,其中,所述方法还包括:The method of claim 2, wherein the method further comprises:
    对获取的所述入向报文和所述出向报文分别添加相应的流向信息时,对添加所述流向信息的入向报文和出向报文进行封装;以及When the corresponding flow direction information is added to the obtained inbound packet and the outgoing packet respectively, the inbound packet and the outgoing packet to which the flow direction information is added are encapsulated;
    所述对入向报文的特定部分与所述出向报文的特定部分进行匹配前,所述方法还包括:对封装的包含所述流向信息的入向报文和封装的包含所述流向信 息的出向报文进行解封装。Before the matching the specific part of the inbound packet with the specific part of the outgoing packet, the method further includes: encapsulating the inbound packet containing the flow direction information and encapsulating the flow direction message The outbound message of the message is decapsulated.
  5. 根据权利要求4所述的方法,其中,所述对分别添加相应的流向信息的入向报文和出向报文进行封装包括:The method of claim 4, wherein the encapsulating the inbound packet and the outgoing packet respectively adding the corresponding flow direction information comprises:
    对分别添加相应的流向信息的入向报文和出向报文分别进行通用路由封装GRE或用户数据报协议UDP封装。The inbound and outgoing packets of the respective flow direction information are respectively encapsulated into a general route encapsulation GRE or a user datagram protocol UDP encapsulation.
  6. 根据权利要求1~5任一项所述的方法,其中,所述将所述入向报文的特定部分与所述出向报文的特定部分进行匹配包括:The method according to any one of claims 1 to 5, wherein the matching the specific part of the incoming message with the specific part of the outgoing message comprises:
    将所述入向报文的特定部分的内容与所述出向报文的特定部分的内容进行匹配;或,Matching the content of the specific portion of the incoming message with the content of the specific portion of the outgoing message; or
    提取所述入向报文的特定部分的内容的特征值和所述出向报文的特定部分的内容的特征值;以及将提取的所述入向报文的特定部分的内容的特征值与提取的所述出向报文的特定部分的内容的特征值进行匹配。Extracting a feature value of the content of the specific portion of the incoming message and a feature value of the content of the specific portion of the outgoing message; and extracting the extracted feature value of the content of the specific portion of the incoming message The feature values of the content of the specific part of the outgoing message are matched.
  7. 根据权利要求1~5任一项所述的方法,将所述入向报文的特定部分与所述出向报文中的特定部分进行匹配前,所述方法还包括:The method according to any one of claims 1 to 5, before the matching of the specific part of the incoming message with the specific part of the outgoing message, the method further includes:
    过滤所述被检测网络主动发出的出向报文和发送给所述被检测网络的入向报文。And filtering an outgoing packet sent by the detected network and an incoming packet sent to the detected network.
  8. 根据权利要求1~5任一项所述的方法,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,该方法还包括以下至少之一:The method according to any one of claims 1 to 5, before the matching of the specific part of the incoming message with the specific part of the outgoing message, the method further comprising at least one of the following:
    过滤所述被检测网络组播传输的报文;以及Filtering the packet transmitted by the detected network multicast; and
    过滤所述被检测网络广播传输的报文。Filtering the message transmitted by the detected network broadcast.
  9. 根据权利要求1~5任一项所述的方法,其中,所述将所述入向报文的特定部分与所述出向报文的特定部分进行匹配包括:The method according to any one of claims 1 to 5, wherein the matching the specific part of the incoming message with the specific part of the outgoing message comprises:
    当处于非网络地址转换NAT场景时,对源地址和目的地址中至少一个相同 的所述入向报文的特定部分与所述出向报文的特定部分进行匹配;以及When in a non-network address translation NAT scenario, at least one of the source address and the destination address is the same. Matching a particular portion of the incoming message with a particular portion of the outgoing message;
    当处于NAT场景时,根据所述入向报文的源地址、所述入向报文的目的地址、所述出向报文的源地址、所述出向报文的目的地址、NAT场景中本地地址和全局地址映射条目,确定获取的所述入向报文和所述出向报文映射后的源地址和目的地址,选择确定的映射的源地址和目的地址对应的入向报文和出向报文,进行所述入向报文的特定部分与出向报文的特定部分的匹配。When in the NAT scenario, the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, and the local address in the NAT scenario. And the global address mapping entry, determining the source address and the destination address of the obtained inbound packet and the outgoing packet, and selecting the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. And matching a specific part of the incoming message with a specific part of the outgoing message.
  10. 根据权利要求1~5任一项所述的方法,当所述被检测网络传输的报文为常见报文时,所述方法还包括:对所述入向报文的特定部分包含的区分字段内容和所述出向报文的特定部分包含的区分字段内容进行报文学习;The method according to any one of claims 1 to 5, when the packet transmitted by the detected network is a common packet, the method further includes: a distinguishing field included in a specific part of the incoming packet The content and the content of the distinguishing field included in the specific part of the outgoing message are used for message learning;
    如果报文学习的结果中所述入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段匹配,确定报文未发生错误;如果报文学习的结果中所述入向报文的特定部分包含的区分字段和所述出向报文的特定部分包含的区分字段不匹配,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错。If the distinguishing field included in the specific part of the incoming packet and the distinguishing field included in the specific part of the outgoing packet match in the result of the packet learning, it is determined that the packet does not have an error; if the result of the packet learning is Determining that the distinguishing field included in the specific part of the packet does not match the distinguishing field included in the specific part of the outgoing message, and matching the specific part of the incoming message with the specific part of the outgoing message, Determine if the message is in error.
  11. 根据权利要求10所述的方法,其中,所述区分字段包括以下至少之一:协议、报文长度和标志位。The method of claim 10, wherein the distinguishing field comprises at least one of: a protocol, a message length, and a flag bit.
  12. 根据权利要求1~5任一项所述的方法,所述方法还包括:根据确定出错的报文,对错误报文涉及的网络设备进行调整。The method according to any one of claims 1 to 5, further comprising: adjusting a network device involved in the error message according to the packet determining the error.
  13. 一种实现报文检错的装置,包括:A device for implementing message error detection, comprising:
    获取单元,设置为获取并区分被检测网络传输的入向报文和出向报文;以及An obtaining unit, configured to acquire and distinguish between an inbound message and an outgoing message transmitted by the detected network;
    匹配分析单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错; The matching analysis unit is configured to match a specific part of the inbound message with a specific part of the outgoing message to determine whether the message is in error;
    其中,所述被检测网络为由一个或一个以上网络设备构成的网络。The detected network is a network composed of one or more network devices.
  14. 根据权利要求13所述的装置,其中,所述获取单元设置为,The apparatus according to claim 13, wherein said acquisition unit is configured to
    通过预先设置的入向接口接收复制的所述入向报文,通过预先设置的出向接口接收复制的所述出向报文;或,Receiving the copied incoming message through a preset inbound interface, and receiving the copied outgoing message through a preset outgoing interface; or
    获取所述入向报文和所述出向报文时,对获取的所述入向报文和所述出向报文分别添加相应的流向信息,以区分所述入向报文和所述出向报文。When the inbound packet and the outgoing packet are obtained, corresponding flow direction information is added to the obtained inbound packet and the outgoing packet to distinguish the inbound packet from the outbound packet. Text.
  15. 根据权利要求13所述的装置,其中,所述获取单元设置为,The apparatus according to claim 13, wherein said acquisition unit is configured to
    当所述网络设备为电口设备时,通过对所述被检测网络的网络设备进行配置,复制所述被检测网络传输的入向报文和出向报文;以及When the network device is an electrical interface device, the inbound packet and the outgoing packet transmitted by the detected network are copied by configuring the network device of the detected network;
    当所述网络设备为光口设备时,通过所述被检测网络的分光器,对所述被检测网络传输的入向报文和出向报文进行分光复制。And when the network device is an optical port device, the inbound packet and the outgoing packet transmitted by the detected network are split and replicated by the optical splitter of the detected network.
  16. 根据权利要求14所述的装置,所述装置还包括:The device of claim 14, the device further comprising:
    封装单元,设置为对获取的所述入向报文和所述出向报文分别添加相应的流向信息时,对添加流向信息的入向报文和出向报文进行封装;以及The encapsulating unit is configured to, when adding the corresponding flow direction information to the obtained inbound packet and the outgoing packet respectively, encapsulating the inbound packet and the outgoing packet to which the flow direction information is added;
    解封装单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,对封装的包含流向信息的入向报文和封装的包含所述流向信息的出向报文进行解封装。And a decapsulation unit, configured to: before the matching the specific part of the inbound message with the specific part of the outgoing message, the inbound message containing the flow direction information and the encapsulated outgoing direction including the flow direction information The message is decapsulated.
  17. 根据权利要求13~16任一项所述的装置,其中,所述匹配分析单元设置为,The apparatus according to any one of claims 13 to 16, wherein the matching analysis unit is configured to
    将所述入向报文的特定部分的内容与所述出向报文的特定部分的内容进行匹配;或,Matching the content of the specific portion of the incoming message with the content of the specific portion of the outgoing message; or
    提取所述入向报文的特定部分的内容的特征值和所述出向报文的特定部分的内容的特征值;以及将提取的所述入向报文的特定部分的内容的特征值与提 取的所述出向报文的特定部分的内容的特征值进行匹配。Extracting a feature value of the content of the specific portion of the incoming message and a feature value of the content of the specific portion of the outgoing message; and extracting the feature value of the content of the extracted specific portion of the incoming message The feature values of the content of the specific part of the outgoing message are matched.
  18. 根据权利要求13~16任一项所述的装置,所述装置还包括第一过滤单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,过滤所述被检测网络主动发出的出向报文和发送给所述被检测网络的入向报文。The apparatus according to any one of claims 13 to 16, further comprising a first filtering unit configured to filter a specific portion of the incoming message before matching with a specific portion of the outgoing message An outgoing packet actively sent by the detected network and an incoming packet sent to the detected network.
  19. 根据权利要求13~16任一项所述的装置,所述装置还包括第二过滤单元,设置为将所述入向报文的特定部分与所述出向报文的特定部分进行匹配前,过滤所述被检测网络组播传输的报文以及所述被检测网络广播传输的报文中的至少一种报文。The apparatus according to any one of claims 13 to 16, further comprising a second filtering unit configured to filter a specific portion of the incoming message before matching with a specific portion of the outgoing message At least one of the packet transmitted by the detected network multicast and the packet transmitted by the detected network broadcast.
  20. 根据权利要求13~16任一项所述的装置,其中,所述匹配分析单元设置为,The apparatus according to any one of claims 13 to 16, wherein the matching analysis unit is configured to
    当处于非网络地址转换NAT场景时,对源地址和目的地址中至少一个相同的所述入向报文的特定部分与所述出向报文的特定部分进行匹配;When the non-network address translation NAT scenario is performed, the specific part of the inbound message that is at least one of the source address and the destination address is matched with the specific part of the outgoing message;
    处于NAT场景时,根据所述入向报文的源地址、所述入向报文的目的地址、所述出向报文的源地址、所述出向报文的目的地址、NAT场景中本地地址和全局地址映射条目,确定获取的所述入向报文和所述出向报文映射后的源地址和目的地址,选择确定的映射的源地址和目的地址对应的入向报文和出向报文,进行所述入向报文的特定部分与所述出向报文的特定部分的匹配。When the NAT is in the NAT scenario, the source address of the incoming packet, the destination address of the incoming packet, the source address of the outgoing packet, the destination address of the outgoing packet, and the local address in the NAT scenario. The global address mapping entry determines the source address and the destination address of the obtained inbound packet and the outgoing packet, and selects the inbound packet and the outgoing packet corresponding to the source address and the destination address of the mapping. Performing a match between a specific portion of the incoming message and a specific portion of the outgoing message.
  21. 根据权利要求13~16任一项所述的装置,所述装置还包括报文学习单元,设置为当所述被检测网络传输的报文为常见报文时,对所述入向报文的特定部分包含的区分字段内容和所述出向报文的特定部分包含的区分字段内容进行报文学习;The device according to any one of claims 13 to 16, further comprising a message learning unit, configured to: when the message transmitted by the detected network is a common message, to the incoming message The content of the distinguishing field included in the specific part and the content of the distinguishing field included in the specific part of the outgoing message are used for message learning;
    所述匹配分析单元还设置为,如果报文学习的结果中入向报文的特定部分 包含的区分字段和所述出向报文的特定部分包含的区分字段匹配,确定报文未发生错误;如果报文学习的结果中所述入向报文的特定部分包含的区分字段和出向报文的特定部分包含的区分字段不匹配,将所述入向报文的特定部分与所述出向报文的特定部分进行匹配,确定报文是否出错。The matching analysis unit is further configured to: if the result of the message learning enters a specific part of the message The included distinguishing field matches the distinguishing field included in the specific part of the outgoing message, and determines that the packet does not have an error; if the packet learning result includes the distinguishing field and the outgoing message included in the specific part of the incoming message The specific part of the specific part does not match, and the specific part of the inbound message is matched with the specific part of the outgoing message to determine whether the message is in error.
  22. 根据权利要求13~16任一项所述的装置,所述装置还包括调整单元,设置为根据所述匹配分析单元确定出错的报文,对错误报文涉及的网络设备进行调整。The apparatus according to any one of claims 13 to 16, further comprising an adjustment unit configured to determine an error message according to the matching analysis unit to adjust a network device involved in the error message.
  23. 一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行权利要求1-12中任一项的方法。 A non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of claims 1-12.
PCT/CN2017/070505 2016-01-06 2017-01-06 Method and apparatus for realizing message error detection WO2017118428A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610006121.6A CN106953773A (en) 2016-01-06 2016-01-06 A kind of method and device for realizing message error detection
CN201610006121.6 2016-01-06

Publications (1)

Publication Number Publication Date
WO2017118428A1 true WO2017118428A1 (en) 2017-07-13

Family

ID=59273312

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/070505 WO2017118428A1 (en) 2016-01-06 2017-01-06 Method and apparatus for realizing message error detection

Country Status (2)

Country Link
CN (1) CN106953773A (en)
WO (1) WO2017118428A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756401B (en) * 2019-03-25 2020-11-27 新华三信息安全技术有限公司 Test method, test device, electronic equipment and storage medium
CN110505248B (en) * 2019-09-29 2022-05-24 国家计算机网络与信息安全管理中心 Method and system for positioning intranet NAT flow

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070097872A1 (en) * 2005-10-27 2007-05-03 Inventec Corporation Network connection apparatus testing method
CN203027498U (en) * 2012-11-27 2013-06-26 北京交控科技有限公司 Testing device
CN103746868A (en) * 2013-12-23 2014-04-23 普联技术有限公司 Methods and apparatuses for sending and receiving testing messages, and testing equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070032887A1 (en) * 2005-07-26 2007-02-08 Brother Kogyo Kabushiki Kaisha Information management system, information processing device, and program
CN101572584B (en) * 2008-04-30 2012-01-04 华为技术有限公司 Error detection method, equipment and system for message

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070097872A1 (en) * 2005-10-27 2007-05-03 Inventec Corporation Network connection apparatus testing method
CN203027498U (en) * 2012-11-27 2013-06-26 北京交控科技有限公司 Testing device
CN103746868A (en) * 2013-12-23 2014-04-23 普联技术有限公司 Methods and apparatuses for sending and receiving testing messages, and testing equipment

Also Published As

Publication number Publication date
CN106953773A (en) 2017-07-14

Similar Documents

Publication Publication Date Title
US11240065B2 (en) NSH encapsulation for traffic steering
US10382309B2 (en) Method and apparatus for tracing paths in service function chains
US9825900B2 (en) Overlay tunnel information exchange protocol
CN110830371B (en) Message redirection method and device, electronic equipment and readable storage medium
US9883010B2 (en) Method, apparatus, device and system for generating DHCP snooping binding table
WO2016082588A1 (en) Link connectivity checking method and apparatus
US7607049B2 (en) Apparatus and method for detecting network failure location
US11689501B2 (en) Data transfer method and virtual switch
CN110224935B (en) Method and device for processing multicast data message
US10693833B2 (en) Address resolution suppression in a logical network
WO2014205784A1 (en) Method and device for processing multicast message in nvo3 network, and nvo3 network
CN102647312B (en) A kind of detection method of whole net multicast topology and device
WO2017129011A1 (en) Message processing method and network device
US10243884B2 (en) Packet transmission method and apparatus
WO2017118428A1 (en) Method and apparatus for realizing message error detection
CN115695306A (en) Message transmission system, method, device, equipment and medium
US9985926B2 (en) Address acquiring method and network virtualization edge device
CN112612670B (en) Session information statistical method, device, exchange equipment and storage medium
EP3913865A1 (en) Message decapsulation method and device, message encapsulation method and device, electronic device, and storage medium
WO2015188706A1 (en) Data frame processing method, device and system
JP5733473B2 (en) Interworking apparatus, method, and program
CN106067864B (en) Message processing method and device
EP4340303A1 (en) Data forwarding method and apparatus, storage medium, and electronic apparatus
WO2022183927A1 (en) Packet transmission method and apparatus
US9742699B2 (en) Network apparatus and selective information monitoring method using the same

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17735866

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17735866

Country of ref document: EP

Kind code of ref document: A1