Unlock instant, AI-driven research and patent intelligence for your innovation.

A method, device, system and storage medium for detecting packet loss

A technology for detecting packets and packets, applied in the Internet field, can solve problems such as tunnel establishment failure, fragmented packet loss, unfragmented packet discarding, etc.

Active Publication Date: 2022-04-29
BEIJING QIANXIN TECH +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] The key exchange protocol based on the national secret algorithm is defined in the "IPSec VPN Technical Specifications"; the key exchange protocol stipulates the use of encryption and signature separation of the double secret certificate for key negotiation and identity authentication; The encryption certificate is used for key negotiation and identity authentication, which not only enhances the security of the key exchange protocol, but also increases the length of the negotiation message. The negotiation message is very easy to exceed the interface MTU (Maximum Transmission Unit, the maximum transmission unit). Cause IP layer fragmentation; because some firewalls in the fragmented network will consider fragmented packets as fragmented attacks and prevent fragmented packets from passing through, if the responder cannot obtain all fragmented packets, the key negotiation cannot succeed. As a result, IPSec (Internet Protocol Security, Internet Security Protocol) tunnels cannot be established; in key negotiation, large negotiation messages often occur, but due to the particularity of the national secret network, the relevant IP does not allow PING (Packet Internet Groper, Internet packet Explorer) detection, so it is impossible to troubleshoot the discarding of fragmented packets; in the existing technical specifications, no corresponding processing suggestions are provided for the loss of fragmented packets caused by IP layer fragmentation; Therefore, how to detect whether there is a fragmented packet loss during the key negotiation process of the national secret VPN (Virtual Private Network, virtual private network) has become a technical problem that those skilled in the art need to solve urgently

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method, device, system and storage medium for detecting packet loss
  • A method, device, system and storage medium for detecting packet loss
  • A method, device, system and storage medium for detecting packet loss

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] The embodiment of the present invention provides a method for detecting message loss, which is applied to the initiator in the national secret VPN key negotiation process, such as figure 1 As shown, the method specifically includes the following steps:

[0048] Step S101: During the key negotiation process based on the national secret algorithm, when the first negotiation message is sent to the responder, a detection message is constructed; wherein, the detection message is used to detect that the first negotiation message is in Check whether multiple fragmented packets obtained after IP layer fragmentation are lost during transmission.

[0049] Wherein, the first negotiation message is a message used for key negotiation between the initiator and the responder. Since the national secret standard needs to use a double national secret certificate for key negotiation, it will cause the first The case where the negotiation packet is too large; if the first negotiation pack...

Embodiment 2

[0068] The embodiment of the present invention provides a method for detecting message loss, which is applied to the responding party in the national secret VPN key negotiation process, such as figure 2 As shown, the method specifically includes the following steps:

[0069] Step S201: During the key negotiation process based on the National Secret Algorithm, receive a plurality of fragmented messages and detection messages from the initiator; wherein, the plurality of fragmented messages are responses to the first A negotiation message is obtained after performing IP layer fragmentation, and the detection message includes a first characteristic value that is calculated by using a preset algorithm and has a unique mapping relationship with the first negotiation message.

[0070] Wherein, the first negotiation message is a message used for key negotiation between the initiator and the responder. Since the national secret standard needs to use a double national secret certifica...

Embodiment 3

[0087] The embodiment of the present invention provides a device for detecting message loss, which is applied to the initiator in the national secret VPN key negotiation process, such as image 3As shown, the device specifically includes the following components:

[0088] A construction module 301, configured to construct a detection message when sending a first negotiation message to the responder during the key negotiation process based on the national secret algorithm; wherein, the detection message is used to detect the first negotiation message Whether the multiple fragmented packets obtained after the packet is fragmented at the IP layer during transmission are lost;

[0089] The first calculation module 302 is configured to use a preset algorithm to calculate the first negotiation message, obtain a first feature value that has a unique mapping relationship with the first negotiation message, and calculate the first feature value added to the detection message;

[0090...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, device, system and storage medium for detecting message loss. The method includes: when sending a first negotiation message to the responding party, constructing a detection message; wherein, the detection message uses To detect whether the multiple fragmented messages obtained after the first negotiation message is fragmented at the IP layer during transmission are lost; use a preset algorithm to calculate the first negotiation message to obtain the the first characteristic value of the first negotiation packet, and add the first characteristic value to the detection packet; send the first negotiation packet and the detection packet to the responder, for the responder to assemble the multiple received fragmented packets of the first negotiation packet into a second negotiation packet, and use the preset algorithm to calculate the first negotiation packet of the second negotiation packet. Two eigenvalues, judging whether the first eigenvalue is consistent with the second eigenvalue to determine whether there is a fragmented packet loss.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a method, device, system and storage medium for detecting packet loss. Background technique [0002] The key exchange protocol based on the national secret algorithm is defined in the "IPSec VPN Technical Specifications"; the key exchange protocol stipulates the use of encryption and signature separation of the double secret certificate for key negotiation and identity authentication; The encryption certificate is used for key negotiation and identity authentication, which not only enhances the security of the key exchange protocol, but also increases the length of the negotiation message. The negotiation message is very easy to exceed the interface MTU (Maximum Transmission Unit, the maximum transmission unit). Cause IP layer fragmentation; because some firewalls in the fragmented network will consider fragmented packets as fragmented attacks and prevent fragmented packets ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L43/0829H04L9/08H04L9/40
CPCH04L43/0835H04L9/0838H04L63/061
Inventor 傅旭明
Owner BEIJING QIANXIN TECH