Matching method and device based on tunnel message

A technology of tunnel message and matching method, which is applied in the field of tunnel message-based matching, can solve the problem of low matching analysis efficiency in the inner layer or outer layer of the tunnel, and achieve the effect of flexible detection

Active Publication Date: 2022-04-12
WUHAN GREENET INFORMATION SERVICE
View PDF11 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The technical problem to be solved by the present invention is the low matching analysis efficiency of the existing tunnel inner layer or outer layer
[0005] The further technical problem to be solved by the present invention is that in the prior art, for the inner layer tunnel and the outer layer tunnel provided by the tunnel message, and the possible middle layer tunnel The use method is inflexible, resulting in low processing efficiency in complex business scenarios

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Matching method and device based on tunnel message
  • Matching method and device based on tunnel message
  • Matching method and device based on tunnel message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] Embodiment 1 of the present invention provides a matching method based on tunnel packets, which is realized by converting into signature rules, such as figure 1 As shown, the methods include:

[0042] In step 201, the fields in the innermost layer and / or outermost layer protocol header content of the tunnel are arranged in a preset order and converted into a hexadecimal character string.

[0043] In step 202, a corresponding mask is generated for the content of the innermost layer and / or outermost layer protocol header of the tunnel as the basis for identifying the tunnel message.

[0044] In step 203, the characteristic code of the tunnel is obtained through the logical AND operation of the mask and the character string, wherein, when the characteristic code of the tunnel message matches the characteristic code of the corresponding tunnel, it is determined that the tunnel message is a hit, Otherwise, it is determined that the corresponding tunnel packet is a tunnel pa...

Embodiment 2

[0094] The embodiment of the present invention continues the method content of embodiment 1, and by combining Figure 5 The shown example tunnel message content illustrates the realization of the method content of the above steps 201-203.

[0095] Such as Figure 5 As shown, in the corresponding border of the outer layer SIP+DIP: SIP is 10.0.0.1 (converted to 0a 00 0001 in hexadecimal); In the frame is IP protocol 4 (corresponding to 04 in hexadecimal, which is shown as Internet Protocol Version 4 in the figure).

[0096] The content of the border corresponding to the inner SIP+DIP is: SIP is 11.12.13.1 (converted to hexadecimal to 0b 0c 0d01); DIP is 11.12.13.254 (converted to hexadecimal to 0b 0c 0d fe), and the border corresponds to the port number Sport 1024 (convert to 0400 in hexadecimal), Dport 1024 (convert to 0400 in hexadecimal), and the protocol number corresponding to the border is udp 17 (convert to 11 in hexadecimal).

[0097] Internal and external solution 1:...

Embodiment 3

[0122] Such as Figure 6 As shown in FIG. 2 , it is a schematic diagram of the structure of the matching device based on the tunnel message according to the embodiment of the present invention. The apparatus for matching based on tunnel packets in this embodiment includes one or more processors 21 and memory 22 . in, Figure 6 A processor 21 is taken as an example.

[0123] Processor 21 and memory 22 can be connected by bus or other means, Figure 6 Take connection via bus as an example.

[0124] The memory 22, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs and non-volatile computer-executable programs, such as the matching method based on tunnel packets in Embodiment 1. The processor 21 executes the matching method based on the tunnel message by running the non-volatile software programs and instructions stored in the memory 22 .

[0125] The memory 22 may include a high-speed random access memory, and may also inc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of tunnel messages, and provides a matching method and device based on tunnel messages. Wherein all fields in the innermost layer and/or outermost layer protocol header content of the tunnel are arranged according to a preset sequence and then are converted into hexadecimal character strings; generating a corresponding mask as a tunnel message identification basis in the innermost layer and/or outermost layer protocol header content of the tunnel; and obtaining a feature code of the tunnel through logic and operation of the mask and the character string, when the feature code of the tunnel message is matched with the feature code of the corresponding tunnel, judging that the tunnel message is a hit tunnel message, and otherwise, judging that the corresponding tunnel message is a missed tunnel message. According to the invention, a new matching mode is added, so that the data message can be detected more comprehensively, and the analysis and safety of the data message can be better guaranteed.

Description

【Technical field】 [0001] The invention relates to the technical field of tunnel messages, in particular to a matching method and device based on tunnel messages. 【Background technique】 [0002] Tunneling is a way to establish a virtual link between networks to transmit data by using the infrastructure of the Internet. Through the establishment of tunnels, it is possible to force data to a specific address and hide private networks. address, transfer non-IP data packets on the IP network, and provide data security support and other functions. The current processing of tunnel packets is to match the outermost layer or the innermost layer of the tunnel. Through the switch control, only the inner layer or outer layer of the tunnel packet can be matched separately, and the data packets are not matched at the same time or only the tunnel is matched. Any layer inside or outside will ensure that the data packets match. With the rigor and complexity of network security, some specia...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L69/22H04L12/46
CPCH04L69/22H04L12/4633
Inventor 陈维胡乐勇
Owner WUHAN GREENET INFORMATION SERVICE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap