Packet processing method, apparatus, device, and computer program product

By using aggregated ports to listen to transport layer packets in dynamic acceleration scenarios, the inefficiency caused by multi-port listening is solved, achieving efficient packet processing and resource utilization.

CN122160446APending Publication Date: 2026-06-05CLOUD INTELLIGENCE ASSETS HOLDING (SINGAPORE) PTE LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CLOUD INTELLIGENCE ASSETS HOLDING (SINGAPORE) PTE LTD
Filing Date
2024-12-05
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In dynamic acceleration scenarios, the large number of service ports leads to a surge in the number of data stream transmission channels, reducing message processing efficiency and system resource utilization.

Method used

By acquiring transport layer packets and associating them with aggregated ports, multiple ports can be monitored using the aggregated ports, reducing the number of ports that need to be monitored, thereby simplifying code logic and improving system resource utilization.

Benefits of technology

It improves the quality and efficiency of message processing, simplifies listening operations, reduces system resource consumption, and enhances system resource utilization.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160446A_ABST
    Figure CN122160446A_ABST
Patent Text Reader

Abstract

Embodiments of the present application relate to the technical field of network, and specifically provide a message processing method, device, equipment and computer program product. The method comprises: obtaining a transport layer message and an aggregation port used for implementing a port monitoring operation; when the transport layer message is an interest message, the interest message is used for sending to a port which needs to be monitored; and associating the transport layer message with a target socket corresponding to the aggregation port, so as to monitor an original destination port corresponding to the transport layer message through the aggregation port. In the embodiment, the transport layer message is associated with the target socket of the aggregation port, so that the monitoring operation on multiple other ports can be implemented through one aggregation port. In this way, the code implementation logic of the monitoring operation on multiple ports can be simplified, and the problems of low message processing efficiency and low utilization rate of system resources caused by a large number of ports can be avoided.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network technology, and in particular to a message processing method, apparatus, device, and computer program product. Background Technology

[0002] In dynamic acceleration scenarios, a typical customer characteristic is that there are a lot of mid-to-long-tail customers, which leads to a large number of services that need to be accelerated. Since different services use different ports, the number of service ports in dynamic acceleration scenarios is also large. In order to ensure the quality and efficiency of service operation, it is necessary to listen to the service ports.

[0003] Currently, to enable listening operations on multiple service ports, a corresponding data stream transmission channel needs to be created for each service port, and then the listening operation is implemented based on the data stream transmission channel corresponding to each service port. However, due to the large number of service ports, the number of data stream transmission channels also increases dramatically. This degrades the performance of looking up the corresponding memory resources when sending and receiving packets, thereby reducing the efficiency of packet processing. Summary of the Invention

[0004] The present invention provides a message processing method, apparatus, device, and computer program product that can guarantee the quality and efficiency of message processing.

[0005] In a first aspect, embodiments of the present invention provide a message processing method, including:

[0006] Obtain transport layer messages and aggregated ports used to implement port listening operations;

[0007] When the transport layer message is an interest message, the interest message is sent to the port that needs to be monitored; the transport layer message is associated with the target socket corresponding to the aggregation port so as to monitor the original destination port corresponding to the transport layer message through the aggregation port.

[0008] Secondly, embodiments of the present invention provide a message processing apparatus, including:

[0009] The first acquisition module is used to acquire transport layer packets and aggregated ports used to implement port listening operations;

[0010] The first processing module is configured to, when the transport layer message is an interest message, wherein the interest message is sent to a port that needs to be monitored; associate the transport layer message with the target socket corresponding to the aggregation port, so as to monitor the original destination port corresponding to the transport layer message through the aggregation port.

[0011] Thirdly, embodiments of the present invention provide an electronic device, including: a memory and a processor; wherein the memory is used to store one or more computer instructions, wherein the one or more computer instructions, when executed by the processor, implement the message processing method in the first aspect described above.

[0012] Fourthly, embodiments of the present invention provide a computer storage medium for storing a computer program, which, when executed by a computer, implements the message processing method described in the first aspect above.

[0013] Fifthly, embodiments of the present invention provide a computer program product, comprising: a computer-readable storage medium storing computer instructions, wherein when the computer instructions are executed by one or more processors, the one or more processors cause the one or more processors to perform the steps of the message processing method described in the first aspect above.

[0014] The message processing method, apparatus, device, and computer program product provided in this invention obtains transport layer messages and an aggregation port for port listening operations. When the transport layer message is a message of interest, it associates the transport layer message with the target socket corresponding to the aggregation port. Then, it can listen to the original destination port corresponding to the message of interest based on the aggregation port. This effectively avoids the problems of low message processing efficiency and low system resource utilization caused by a large number of ports requiring listening operations. Specifically, since multiple other ports can be listened to through a single aggregation port, this simplifies the code implementation logic for listening to multiple ports. Furthermore, the code logic for implementing message processing operations is simple and reliable, facilitating hot upgrades without service loss, while ensuring message processing quality and efficiency. By reducing the number of ports requiring listening, the number of data stream transmission channels required for port listening operations is drastically reduced, thereby improving system resource utilization and further enhancing the practicality of the method. Attached Figure Description

[0015] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0016] Figure 1 A schematic diagram illustrating the principle of multi-port monitoring provided for related technical embodiments;

[0017] Figure 2 This is a schematic diagram illustrating the principle of a message processing method provided in an embodiment of the present invention.

[0018] Figure 3 This is a flowchart illustrating a message processing method provided in an embodiment of the present invention;

[0019] Figure 4 A flowchart illustrating the process of identifying whether a transport layer message is an interest message, provided in an embodiment of the present invention;

[0020] Figure 5 A flowchart illustrating another message processing method provided in an embodiment of the present invention;

[0021] Figure 6 A schematic diagram illustrating the message-stealing technique provided in an application embodiment of the present invention;

[0022] Figure 7 A schematic diagram illustrating the principle of a multi-port aggregation monitoring method in a dynamic acceleration scenario, provided as an application embodiment of the present invention;

[0023] Figure 8 A flowchart illustrating a multi-port aggregation monitoring method in a dynamic acceleration scenario, provided as an application embodiment of the present invention;

[0024] Figure 9 This is a schematic diagram of the structure of a message processing device provided in an embodiment of the present invention;

[0025] Figure 10 To and Figure 9 A schematic diagram of the electronic device corresponding to the message processing device provided in the embodiment is shown. Detailed Implementation

[0026] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0027] The terminology used in the embodiments of this invention is for the purpose of describing particular embodiments only and is not intended to limit the invention. The singular forms “a” and “the” as used in the embodiments of this invention and the appended claims are also intended to include the plural forms, unless the context clearly indicates otherwise; “multiple” generally includes at least two, but does not exclude the inclusion of at least one.

[0028] It should be understood that the term "and / or" used in this document is merely a description of the relationship between associated devices, indicating that three relationships can exist. For example, A and / or B can represent: A alone, A and B simultaneously, or B alone. Additionally, the character " / " in this document generally indicates that the preceding and following associated devices are in an "or" relationship.

[0029] Depending on the context, the words “if” or “suppose” as used here can be interpreted as “when” or “in response to determination” or “in response to detection.” Similarly, depending on the context, the phrases “if determination” or “if detection (of the stated condition or event)” can be interpreted as “when determination” or “in response to determination” or “when detection (of the stated condition or event)” or “in response to detection (of the stated condition or event).”

[0030] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a product or system comprising a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a product or system. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the product or system that includes that element.

[0031] Furthermore, the timing of the steps in the following method embodiments is merely an example and not a strict limitation.

[0032] Terminology Explanation:

[0033] Dynamic acceleration typically refers to technologies that improve the speed and efficiency of data transmission through network optimization techniques. It can be implemented at different layers, including but not limited to the application layer, transport layer, and network layer. The goal of dynamic acceleration is to reduce latency, increase throughput, and improve user experience.

[0034] Port aggregation listening is a technology where the gateway only needs to listen on one port for service access, while different ports are used for application service presentation.

[0035] Content Delivery Network (CDN) is a distributed network service used to accelerate the delivery of content to users worldwide. CDNs deploy edge server nodes around the world, caching static or dynamic content on these nodes. This allows users to obtain the content they need from the server node closest to them, thereby improving content loading speed and response time while reducing the burden on the original server.

[0036] To facilitate understanding of the specific implementation process and effects of the message processing method, apparatus, device, and computer program product in this embodiment, the relevant technologies are briefly described below:

[0037] For Content Delivery Network (CDN) platforms, in order to serve numerous application scenarios, it is necessary to listen to a large number of service ports in the service access gateway application. This will lead to the following problems: on the one hand, it brings great complexity to the access gateway program; on the other hand, with more ports being listened to, the performance consumption of socket lookup in the transport protocol stack increases.

[0038] Currently, to enable listening operations on multiple service ports, a corresponding data stream transmission channel needs to be created for each service port. Listening operations are then implemented based on these data stream transmission channels. Specifically, different service ports using different Transmission Control Protocol (TCP) / User Datagram Protocol (UDP) protocols can be configured for different application services. Furthermore, the corresponding configurations for service IDs and service ports can be maintained for each application service.

[0039] For example, see attached document. Figure 1 As shown, the application services include application service 1, application service 2, application service 3, application service 4, application service 5, and application service 6, etc. Application service 1 can correspond to TCP port 8000, application service 2 can correspond to TCP port 8001, application service 3 can correspond to TCP port 8002, application service 4 can correspond to UDP port 8000, application service 5 can correspond to UDP port 8001, application service 6 can correspond to UDP port 8002, etc. Then, the correspondence configuration between the IDs and service ports of the above application services is maintained and managed.

[0040] When loading and starting the application, the configuration information maintained above can be read, and then different data stream transmission channel file descriptors (fds) can be allocated and created based on the configuration information and bound to different ports. At this point, if it is necessary to listen on TCP ports 8000, 8001, and 8002, and UDP ports 8000, 8001, and 8002, corresponding listening logic code needs to be written for each port. However, this approach has the following drawbacks:

[0041] (1) When there are a large number of ports to be monitored, the entire code for the port monitoring operation becomes extremely complex and has very poor readability. In addition, the monitoring operation of multiple ports is often implemented in an asynchronous mode, which requires the assistance of multiplexing devices (e.g., epoll) or other network asynchronous libraries to achieve the full functionality.

[0042] (2) Hot upgrades are inefficient, require a huge number of ports to be considered at once, and the hot upgrade process is very time-consuming and may cause service loss.

[0043] (3) Due to the huge number of ports, the number of sockets corresponding to the ports increases dramatically. As a result, the performance of finding the target socket is very poor when receiving and sending messages, which reduces the efficiency of message processing.

[0044] (4) Due to the large number of ports, the number of data stream transmission channels fd is also huge, which increases the consumption of system resources.

[0045] To address the aforementioned technical problems, this embodiment provides a message processing method, apparatus, device, and computer program product, as detailed in the appendix. Figure 2 As shown, the message processing method is executed by a message processing device 200, which is communicatively connected to a client 100. The message processing device 200 can be implemented as a server, cloud server, cloud gateway, or application layer access gateway, etc. When the message processing device 200 is implemented as a cloud server, the message processing method can be executed in the cloud. Several computing nodes (cloud servers) can be deployed in the cloud, each with computing and storage resources. In the cloud, multiple computing nodes can be organized to provide a certain service; conversely, a single computing node can provide one or more services. The cloud can provide this service through an external service interface, which users call to use the corresponding service. Service interfaces include Software Development Kits (SDKs) and Application Programming Interfaces (APIs).

[0046] The message processing device 200 refers to a device that can provide message processing operations in a network virtual environment, typically a device that utilizes the network for information planning and message processing. In physical implementation, the message processing device 200 can be any device capable of providing computing services, responding to message processing requests, and performing message processing operations. This device can be integrated into pre-built equipment, such as a cluster server, a regular server, a cloud server, a cloud host, or a virtual data center. The message processing device 200 mainly consists of a processor, hard disk, memory, and system bus, similar to a general computer architecture.

[0047] Client 100 can be implemented as a mobile phone, personal computer (PC), tablet computer, application program, etc. Furthermore, the basic structure of client 100 may include at least one processor. The number of processors depends on the configuration and type of client 100. Client 100 may also include memory, which can be volatile, such as Random Access Memory (RAM), or non-volatile, such as Read-Only Memory (ROM), flash memory, etc., or both types may be included. The memory typically stores the operating system (OS), one or more applications, and may also store program data. In addition to the processing unit and memory, client 100 also includes some basic configurations, such as a network interface card (NIC) chip, I / O bus, display components, and some peripheral devices. Optionally, some peripheral devices may include, for example, a keyboard, mouse, stylus, printer, etc. Other peripheral devices are well known in the art and will not be described in detail here.

[0048] In this embodiment described above, a network connection is established between the client 100 and the message processing device 200. This network connection can be a wireless or wired network connection. If the connection between the client 100 and the message processing device 200 is a communication connection, the mobile network standard can be any one of 2G (GSM), 2.5G (GPRS), 3G (WCDMA, TD-SCDMA, CDMA2000, UTMS), 4G (LTE), 4G+ (LTE+), WiMax, 5G, 6G, etc.

[0049] Client 100 is used by users to initiate, invoke, or implement message processing operations. Specifically, client 100 can generate and obtain message processing requests, which may correspond to transport layer messages. In some instances, message processing requests can be obtained through human-computer interaction or voice interaction. In order to implement the corresponding message processing operation, the message processing request can be sent to message processing device 200 so that message processing device 200 can perform the corresponding message processing operation on the message processing request.

[0050] The message processing device 200 is communicatively connected to the client 100 and is used to obtain message processing requests sent by the client 100. The message processing request may correspond to a transport layer message. In order to realize the message processing operation, it is necessary not only to obtain the transport layer message corresponding to the message processing request, but also to obtain the aggregation port used to realize the port listening operation. In order to use the aggregation port to listen to other ports, it is possible to first identify whether the transport layer message is an interest message, that is, to identify whether the transport layer message is a message corresponding to other ports that need to be listened to. When it is determined that the transport layer message is an interest message, the transport layer message can be associated with the target socket corresponding to the aggregation port. In this way, the aggregation port can directly obtain the message that originally needed to be sent to other ports, thereby realizing that the original destination port corresponding to the transport layer message can be listened to through a single aggregation port. This effectively overcomes the problem of reduced message processing efficiency due to a large number of ports, ensuring both the quality and efficiency of message processing. Furthermore, by using a single aggregated port, multiple other ports can be monitored, thus avoiding the need for a large number of transmission channels to be established due to the sheer number of ports, which would otherwise consume more system resources. This improves the utilization rate of system resources and further ensures the practicality of the method.

[0051] The following detailed description of some embodiments of the present invention is provided in conjunction with the accompanying drawings. Where there is no conflict between the embodiments, the following embodiments and features can be combined with each other. Furthermore, the timing of the steps in the following method embodiments is merely an example and not a strict limitation.

[0052] Figure 3 This is a flowchart illustrating a message processing method provided in an embodiment of the present invention; see attached diagram. Figure 3As shown, this embodiment provides a message processing method. This method can listen to other ports through an aggregated port to improve the quality and efficiency of message processing. The execution subject of this method is a message processing device, which can be implemented as software or a combination of software and hardware. When the message processing device is implemented as hardware, it can be various electronic devices with message processing capabilities. When the message processing device is implemented as software, it can be installed in the electronic devices exemplified above. Based on the above-described message processing device, the message processing method in this embodiment includes:

[0053] Step S301: Obtain the transport layer message to be processed and the aggregated port used to implement port listening operation.

[0054] Step S302: When the transport layer message is an interest message, the interest message is sent to the port that needs to be monitored; the transport layer message is associated with the target socket corresponding to the aggregation port so as to monitor the original destination port corresponding to the transport layer message through the aggregation port.

[0055] The specific implementation process and effects of each of the above steps are explained in detail below:

[0056] Step S301: Obtain the transport layer message to be processed and the aggregated port used to implement port listening operation.

[0057] When a user has message processing or port listening requirements, in order to perform these operations, the message processing device can acquire the transport layer messages to be processed. These transport layer messages, often referred to as Layer 4 messages, typically reside at the transport layer. In some instances, transport layer messages can be obtained through human-computer interaction, or they can be determined by a pre-set device. In this case, acquiring transport layer messages may include: identifying a pre-set device communicatively connected to the message processing device, wherein the pre-set device may store transport layer messages; and acquiring transport layer messages either actively or passively through the pre-set device.

[0058] To enable listening on other ports through a single port, it's necessary to acquire not only the transport layer packets but also the aggregated port (or aggregated listening port) used for the listening operation. The number of aggregated ports can be one. In some instances, the aggregated port can be determined through user interaction. In this case, acquiring the aggregated port may involve: displaying a port configuration page; receiving the user's port selection input on the port configuration page; and retrieving the aggregated port based on the port selection. This effectively ensures the accuracy and reliability of acquiring the aggregated port for listening operations.

[0059] In other instances, the aggregated port used to implement port listening operations can be obtained not only through human-computer interaction but also through packet interception rules. In this case, obtaining the aggregated port used to implement port listening operations may include: obtaining packet interception rules, wherein the packet interception rules include at least one aggregated port; and determining the aggregated port used to implement port listening operations through the packet interception rules.

[0060] This system includes pre-configured packet-stealing rules. These rules can temporarily steal packets from one port and transfer them to another port for processing during network congestion or performance optimization, thereby improving network device performance and response time. In some instances, the packet-stealing rules may include an aggregated port for monitoring operations. These rules can be stored in a preset area or device, and can be obtained by accessing the preset area or device.

[0061] Specifically, in addition to obtaining packet theft rules by accessing preset devices or preset areas, packet theft rules can also be obtained by pre-attached packet entry anchors with packet theft rules. In this case, obtaining packet theft rules may include: determining the packet entry anchor for receiving transport layer packets, wherein the packet entry anchor is attached with packet theft rules for processing transport layer packets; and determining the packet theft rules through the packet entry anchor.

[0062] For transport layer messages, the message processing flow can include five anchor points, and the functions of these five anchor points can be:

[0063] 1) NF_IP_PRE_ROUTING anchor point: This position indicates that a packet has just entered the network stack. It is used to implement Network Address Translation (NAT), port redirection, and early processing of inbound packets. Specifically, the NF_IP_PRE_ROUTING anchor point can perform: Source Network Address Translation (SNAT), Destination Network Address Translation (DNAT), marking packets, rejecting certain packets, and modifying certain fields of packets.

[0064] 2) NF_IP_LOCAL_IN anchor point: This position indicates that the data packet has been determined to be sent to the local host. It is used to filter and process data packets arriving at the local host. Specifically, the NF_IP_LOCAL_IN anchor point can check whether the data packet conforms to the security policy; perform access control list (ACL) filtering; modify certain fields of the data packet; and reject data packets that do not meet the requirements.

[0065] 3) NF_IP_FORWARD anchor: This anchor is used when a packet is determined to be forwarded to another host. It is used to process and filter packets to be forwarded. Specifically, the NF_IP_FORWARD anchor is used to perform SNAT or DNAT; modify the Time To Live (TTL) or other fields of the packet; apply ACL filtering; and reject certain packets.

[0066] 4) NF_IP_LOCAL_OUT anchor: This position is used when a packet is about to be sent from the local host. It is used to process and filter packets sent from the local host. Specifically, the NF_IP_LOCAL_OUT anchor is used to perform SNAT; modify certain fields of the packet; apply ACL filtering; and reject certain packets.

[0067] 5) NF_IP_POST_ROUTING anchor: This position is where the packet is about to leave the network stack and is used to perform final processing, such as SNAT. Specifically, the NF_IP_POST_ROUTING anchor is used to perform SNAT; modify certain fields of the packet; apply ACL filtering; and reject certain packets.

[0068] To enable the interception of transport layer packets sent to ports that need to be monitored, packet interception rules for processing transport layer packets can be attached to any of the aforementioned packet entry anchors. A packet entry anchor can include at least one of the following: a first anchor point (i.e., the NF_IP_POST_ROUTING anchor mentioned above) used to identify when a packet leaves the network stack, and a second anchor point (i.e., the NF_IP_LOCAL_IN anchor mentioned above) used to identify when a packet has been confirmed to be delivered to the local host. In other words, packet interception rules can be attached to either the first or the second anchor point, or vice versa. This simply and effectively enables accurate analysis and identification of transport layer packets sent to ports that need to be monitored based on the functions of the anchor points.

[0069] Based on the above statements, after obtaining the transport layer message, the message theft rules can be directly obtained when the message processing flow passes through the aforementioned message entry anchor point. In order to accurately obtain the message theft rules, before determining the message theft rules through the message entry anchor point, a configuration operation can be performed on the message theft rules. At this time, the method in this embodiment may also include: obtaining the message entry anchor point in the kernel used to receive the message; generating message theft rules for processing the transport layer message; and attaching the message theft rules to the message entry anchor point.

[0070] In order to deploy the message interception message at the message entry anchor point, the message entry anchor point used to receive messages in the kernel can be obtained based on the message processing flow. The message entry anchor point can include at least one of the following: NF_IP_POST_ROUTING anchor point, NF_IP_LOCAL_IN anchor point, etc. After obtaining the message entry anchor point used to receive messages in the kernel, message interception rules for processing transport layer messages can be generated. In some instances, packet interception rules can be obtained through human-computer interaction, or they can be generated from the application or domain to be managed. In this case, generating packet interception rules for processing transport layer packets may include: determining the application or domain to be managed; and generating the packet interception rules based on the aggregation port and the application or domain to be managed. That is, different aggregation ports and different applications or domains to be managed can correspond to different packet interception rules, which can meet the different packet monitoring needs of users, thereby improving the applicability and flexibility of the method, and ensuring the flexibility and reliability of generating packet interception rules.

[0071] After obtaining the packet entry anchor point in the kernel used to receive packets and generating packet theft rules for processing transport layer packets, the packet theft rules can be mounted on the packet entry anchor point, that is, the packet theft rules can be stored or deployed on the packet entry anchor point.

[0072] During the acquisition of transport layer messages, the processing flow of transport layer messages passes through the five anchor points mentioned above. In order to accurately determine the message theft rules, the message entry anchor point used to receive transport layer messages can be determined first. The message entry anchor point carries the message theft rules used to process transport layer messages. Then, the message theft rules can be determined through the message entry anchor point. Specifically, when the message processing flow passes through the message entry anchor point, the operation of reading or obtaining the message theft rules can be automatically triggered. This effectively ensures the accuracy and reliability of determining the message theft rules.

[0073] After obtaining the packet interception rules, since the packet interception rules include the aggregated port, the aggregated port used to implement the port listening operation can be determined through the obtained packet interception rules. That is, the aggregated port used to implement the port listening operation can be obtained by performing information extraction operation on the packet interception rules, so the aggregated port can be obtained stably.

[0074] Step S302: When the transport layer message is an interest message, the interest message is sent to the port that needs to be monitored; the transport layer message is associated with the target socket corresponding to the aggregation port so as to monitor the original destination port corresponding to the transport layer message through the aggregation port.

[0075] To enable listening operations on multiple ports through a single aggregation port, packets destined for the ports requiring listening need to be sent to the aggregation port. The resulting transport layer packets may be intended for ports requiring listening or for ports not requiring listening. For example, when listening to ports 8080, 8081, and 8082, if a transport layer packet is sent to port 8081, it is determined to be a packet of interest; if it is sent to port 8083, it is determined not to be a packet of interest. Therefore, to accurately process the transport layer packets corresponding to the ports requiring listening, after obtaining the transport layer packets to be processed, analysis can be performed to identify whether a transport layer packet is a packet of interest, i.e., whether the transport layer packet is intended for sending to the ports requiring listening.

[0076] In some instances, identifying whether a transport layer message is a message of interest can be achieved using a pre-trained neural network model. In this case, identifying whether a transport layer message is a message of interest can include: obtaining a pre-trained neural network model for determining whether a message is a message of interest; inputting the transport layer message into the neural network model for message recognition; obtaining the recognition result output by the neural network model; and using the recognition result to indicate whether the transport layer message is a message of interest. For example, if the recognition result is the first result, it indicates that the transport layer message is a message of interest; if the recognition result is the second result, it indicates that the transport layer message is not a message of interest. This effectively achieves the identification operation of whether a transport layer message is a message of interest.

[0077] When the identification result identifies the transport layer message as an interest message, in order to analyze and process the message to be sent to the port that needs to be listened to through the aggregation port, so as to enable the aggregation port to listen to multiple other ports, the transport layer message can be associated with the target socket corresponding to the aggregation port. In some instances, association functions can be used to associate transport layer packets with the target sockets corresponding to aggregation ports. This allows packets intended for the original destination port to be sent to the aggregation port for processing. Thus, a single aggregation port can be used to listen on the original aggregation port corresponding to the transport layer packet. For example, when the aggregation port is port 80, the ports to be listened to include ports 8001, 8002, and 8003. The above operation can send packets destined for ports 8001, 8002, and 8003 to port 80. Therefore, packets destined for other ports requiring listening can be obtained through a single port 80, effectively avoiding the problems of low packet processing efficiency and low system resource utilization caused by a large number of ports requiring listening.

[0078] In other instances, associating a transport layer message with the target socket corresponding to the aggregation port can be achieved using the original 5-tuple of the transport layer message. In this case, associating the transport layer message with the target socket corresponding to the aggregation port may include: obtaining the original 5-tuple of the transport layer message; adjusting the destination port in the original 5-tuple to the aggregation port, so as to associate the transport layer message with the target socket.

[0079] In order to associate a transport layer message with a target socket, the original 5-tuple of the transport layer message can be obtained first. Since the destination port in the original 5-tuple of the transport layer message does not point to the aggregation port, but to other ports that need to be listened to through the aggregation port, the aggregation port in the original 5-tuple can be adjusted to the aggregation port. This yields the adjusted 5-tuple. Since the target socket corresponding to the aggregation port can be determined through the aggregation port's 5-tuple, when the destination port in the adjusted 5-tuple is the aggregation port, the transport layer message can be directly associated with the target socket corresponding to the aggregation port. This effectively ensures that the transport layer message and the target socket corresponding to the aggregation port can be associated.

[0080] The association between a transport layer message and a target socket can be determined not only by an association function, but also by modifying the message description field of the transport layer message. In this case, adjusting the destination port in the original 5-tuple to the aggregation port can include: obtaining the message description field corresponding to the transport layer message, which is used to identify the home socket corresponding to the transport layer message; determining the target socket corresponding to the aggregation port; and initializing the target socket to the message description field to associate the transport layer message with the target socket.

[0081] Specifically, each transport layer packet corresponds to a home socket that identifies the packet. Therefore, associating a transport layer packet with a target socket can be achieved by modifying the home socket. First, the packet description field corresponding to the transport layer packet can be obtained. Specifically, this can be obtained from the 5-tuple of the transport layer packet. This packet description field identifies the home socket of the transport layer packet. Then, the target socket corresponding to the aggregation port can be determined, and the target socket can be initialized to the packet description field. This means changing the packet description field of the transport layer packet to the target socket, effectively associating the transport layer packet with the target socket. Then, an aggregation port can be used to listen on the port corresponding to the transport layer packet, effectively reducing the number of ports the transport layer needs to listen on.

[0082] In another embodiment, associating a transport layer packet with the target socket corresponding to the aggregation port can be achieved not only by changing the original 5-tuple of the transport layer packet, but also by changing the IP address of the transport layer packet. In this case, associating the transport layer packet with the target socket corresponding to the aggregation port may include: obtaining the original 5-tuple and the original IP address of the transport layer packet; determining the target IP address used to implement the port listening operation; adjusting the destination port in the original 5-tuple to the aggregation port, and adjusting the original IP address to the target IP address, so as to associate the transport layer packet with the target socket, wherein the target socket corresponds to the target IP address and the aggregation port.

[0083] The process of adjusting the destination port in the original 5-tuple to the aggregated port and adjusting the original IP address to the target IP address includes: obtaining the packet description field corresponding to the transport layer packet, whereby the packet description field is used to identify the home socket corresponding to the transport layer packet; determining the target IP address and the target socket corresponding to the aggregated port; and initializing the target socket to the packet description field to associate the transport layer packet with the target socket. This effectively ensures the accuracy and reliability of the association operation between the transport layer packet and the target socket, which is beneficial to improving the accuracy of port listening.

[0084] The message processing method provided in this embodiment obtains transport layer messages and an aggregation port for port listening operations, then identifies whether the transport layer message is a message of interest. When the transport layer message is a message of interest, it associates the transport layer message with the target socket corresponding to the aggregation port. Then, it can listen to the original destination port corresponding to the message of interest based on the aggregation port. This effectively avoids the problems of low message processing efficiency and low system resource utilization caused by a large number of ports that need to be listened to. Specifically, since multiple other ports can be listened to through one aggregation port, it not only simplifies the code implementation logic for listening to multiple ports, but also facilitates hot upgrade operations without service loss due to the simple and reliable code logic for message processing operations, while ensuring the quality and efficiency of message processing. By reducing the number of ports that need to be listened to, the number of data stream transmission channels that need to be established when listening to ports is drastically reduced, which helps to improve the utilization of system resources and further improves the practicality of the method.

[0085] Figure 4 This is a flowchart illustrating the process of identifying whether a transport layer message is an interest message, provided in an embodiment of the present invention. Based on the above embodiments, refer to the appendix... Figure 4As shown, this embodiment provides a scheme for identifying whether a transport layer packet is a packet of interest by using the eavesdropping port or eavesdropping port segment corresponding to the packet interception rules. In this case, after obtaining the transport layer packet to be transmitted, the method in this embodiment may further include:

[0086] Step S401: Based on the packet interception rules, determine the eavesdropping list corresponding to the aggregation port. The eavesdropping list shall include at least: the eavesdropping port identifier or eavesdropping port segment corresponding to the packet to be eavesdropped, wherein the eavesdropping port segment shall include at least the eavesdropping start port and the eavesdropping end port.

[0087] Step S402: Based on the eavesdropping list, identify whether the transport layer message is an interest message.

[0088] After obtaining the packet interception rules, they can be analyzed and processed to determine the eavesdropping list corresponding to the aggregation port. This eavesdropping list includes at least: the eavesdropping port identifier or eavesdropping port segment corresponding to the packet to be eavesdropped. The eavesdropping port segment includes at least: the eavesdropping start port and the eavesdropping end port. For example, the eavesdropping start port can be port 8001 and the eavesdropping end port can be port 8010. That is, the eavesdropping port segment includes the eavesdropping start port, the eavesdropping end port, and multiple consecutive ports located between the eavesdropping start port and the eavesdropping end port, specifically represented as [8001, 8010]. It should be noted that different consecutive eavesdropping port segments can correspond to different packet interception rules. For example, when the port segment includes ports corresponding to [8001, 8011] and [8015, 8030], there can be one packet interception rule for port segment [8001, 8011] and another packet interception rule for port segment [8015, 8030].

[0089] Since different ports can correspond to different port identifiers for the messages to be eavesdropped, in order to enable the monitoring of other ports or consecutive ports in other eavesdropping port segments through an aggregated port, an eavesdropping list corresponding to the aggregated port can be used to identify whether a transport layer message is a message of interest. In some instances, the ports included in the eavesdropping list can be used to identify whether a transport layer message is a message of interest. In this case, identifying whether a transport layer message is a message of interest based on the eavesdropping list can include: obtaining the port identifier corresponding to the transport layer message; if a port matching the port identifier exists in the eavesdropping list, then the transport layer message is determined to be a message of interest; if no port matching the port identifier exists in the eavesdropping list, then the transport layer message is determined not to be a message of interest.

[0090] Example 1: After obtaining the port identifier corresponding to the transport layer message as port 8010, it is possible to identify whether there is a port in the eavesdropping list that matches the port identifier. For example, if the eavesdropping port identifiers corresponding to the eavesdropping messages included in the eavesdropping list are: port 8001, port 8003, port 8005, port 8008, port 8009, and port 8010, it means that there is a port in the eavesdropping list that matches the port identifier, and thus it can be determined that the transport layer message at this time is an interest message. If the eavesdropping port identifiers include: port 8001, port 8003, port 8005, port 8008, and port 8009, it means that there is no port in the eavesdropping list that matches the port identifier, and thus it can be determined that the transport layer message is not an interest message. This effectively realizes the operation of identifying whether the transport layer message is an interest message.

[0091] Example 2: After obtaining the port identifier corresponding to the transport layer message as port 8010, it is possible to identify whether there is a port in the eavesdropping list that matches the port identifier. For example, if the eavesdropping port identifiers corresponding to the eavesdropping messages included in the eavesdropping list are [port 8001, port 8010], it means that there is a port in the eavesdropping list that matches the port identifier, and thus it can be determined that the transport layer message at this time is an interest message; if the eavesdropping port identifiers include [port 8001, port 8009], it means that there is no port in the eavesdropping list that matches the port identifier, and thus it can be determined that the transport layer message is not an interest message. This effectively realizes the identification operation of whether the transport layer message is an interest message.

[0092] In other instances, it is possible to identify whether a transport layer packet is a packet of interest not only by the ports included in the eavesdropping list, but also by the ports and IP addresses included in the eavesdropping list. In this case, the eavesdropping list also includes: the eavesdropping IP address or eavesdropping IP address range corresponding to the packet to be eavesdropped, wherein the eavesdropping IP address range includes at least: the eavesdropping start IP address and the eavesdropping end IP address. Specifically, based on the eavesdropping list, identifying whether a transport layer packet is a packet of interest may include: obtaining the port identifier and IP address corresponding to the transport layer packet; if the eavesdropping list contains an eavesdropping port identifier that matches the port identifier and an eavesdropping IP address that matches the IP address, then the transport layer packet is determined to be a packet of interest; if the eavesdropping list does not contain an eavesdropping port identifier that matches the port identifier and an eavesdropping IP address that matches the IP address, then the transport layer packet is determined not to be a packet of interest.

[0093] Example 3: After obtaining the port identifier (port 8010) and IP address (192.168.1.1) corresponding to the transport layer packet, it's possible to identify whether there are any ports in the eavesdropping list that match the port identifier and IP addresses that match the eavesdropping IP address. For example, the eavesdropping list might include the following eavesdropping port identifiers and IP addresses corresponding to the packets to be eavesdropped: 8001 port - 192.168.1.1, 8003 port - 192.168.1.1, 8005 port - 192.168.1.1, 8008 port - 192.168.1.1, 8009 port - 192.168.1.1, and 8010 port - 192.168.1.1. If the eavesdropping port identifier matches the port identifier and the eavesdropping IP address, then the transport layer packet can be determined to be an interest packet. If the eavesdropping port identifier includes: port 8001 - IP address 192.168.1.1, port 8003 - IP address 192.168.1.1, port 8005 - IP address 192.168.1.1, port 8008 - IP address 192.168.1.1, or port 8009 - IP address 192.168.1.1, then the eavesdropping list does not contain a port identifier matching the port identifier, and the transport layer packet can be determined to be a non-interest packet. This effectively achieves the identification operation of whether the transport layer packet is an interest packet.

[0094] Example 4: After obtaining the port identifier of the transport layer message as port 8010 and the IP address as 192.168.1.26, it is possible to identify whether there is a port in the eavesdropping list that matches the port identifier and an IP address that matches the IP address. For example, the eavesdropping port identifier and eavesdropping IP address range corresponding to the eavesdropping message in the eavesdropping list include:

[0095] Port 8001 - IP address range [192.168.1.1, 192.168.1.30]

[0096] Port 8003 - IP address range [192.168.1.1, 192.168.1.30]

[0097] Port 8005 - IP address range [192.168.1.1, 192.168.1.30]

[0098] Port 8008 - IP address range [192.168.1.1, 192.168.1.30]

[0099] Port 8009 - IP address range [192.168.1.1, 192.168.1.30]

[0100] When the 8010 port-IP address range [192.168.1.1, 192.168.1.30] is present, it indicates that there is a port to be eavesdropped that matches the port identifier and an IP address to be eavesdropped that matches the IP address in the eavesdropping list. Therefore, it can be determined that the transport layer message at this time is an interest message.

[0101] The eavesdropping port identifiers and IP address ranges corresponding to the messages to be eavesdropped in the eavesdropping list include:

[0102] Port 8001 - IP address range [192.168.1.1, 192.168.1.30]

[0103] Port 8003 - IP address range [192.168.1.1, 192.168.1.30]

[0104] Port 8005 - IP address range [192.168.1.1, 192.168.1.30]

[0105] Port 8008 - IP address range [192.168.1.1, 192.168.1.30]

[0106] If the IP address range of port 8009 is [192.168.1.1, 192.168.1.30], it means that there is no port in the eavesdropping list that matches the port identifier. Therefore, it can be determined that the transport layer message is not a message of interest. This effectively realizes the identification operation of whether the transport layer message is a message of interest.

[0107] In this embodiment, a listening list corresponding to the aggregation port is determined based on the packet interception rules. Then, the transport layer packet is identified as an interest packet based on the listening list. Specifically, the listening list can be used to identify whether the transport layer packet is an interest packet by including the port to be eavesdropped, the port to be eavesdropped, and the IP address to be eavesdropped. This effectively achieves accurate identification of whether the transport layer packet is an interest packet. Then, the packet processing operation can be performed based on the identification result, which further improves the accuracy and reliability of the packet processing.

[0108] Figure 5 This is a flowchart illustrating another message processing method provided by an embodiment of the present invention; based on any of the above embodiments, refer to the appendix. Figure 5As shown, when the transport layer message is a TCP message, the TCP message may correspond to a message handshake phase. During the message handshake phase, the transport layer can create a new socket for the TCP message and maintain and manage the new socket through the transport layer. The transport layer can store and maintain the new sockets corresponding to the TCP messages. When there are multiple TCP messages, the number of new sockets stored and maintained by the transport layer is also multiple. Thus, when the transport layer message is an interest message or later, adjustments can be made to the TCP message based on whether it is in the message handshake phase. In this case, the method in this embodiment may further include:

[0109] Step S501: Check if a maintained socket corresponding to a TCP packet exists.

[0110] Since multiple maintained sockets can be stored and maintained in the message processing device or transport layer, TCP packets corresponding to a maintained socket can be processed directly; however, TCP packets not corresponding to maintained sockets cannot be processed directly. Therefore, to ensure the stability and reliability of message processing operations, when the transport layer message is a TCP packet, the message processing device or transport layer can be searched for the existence of a maintained socket corresponding to the TCP packet.

[0111] In some instances, finding the existence of a maintained socket corresponding to a TCP segment may include: obtaining the original 5-tuple of the TCP segment; determining the set of sockets maintained by the transport layer; and searching within the set of sockets for a maintained socket corresponding to the original 5-tuple.

[0112] For transport layer messages, the original 5-tuple of the transport layer message often corresponds to the established maintained socket. That is, there is a mapping relationship between the maintained socket and the message's 5-tuple. Therefore, in order to accurately find whether there is a maintained socket corresponding to the TCP message, the original 5-tuple of the TCP message can be obtained first. Then, the set of sockets maintained by the transport layer can be determined. The socket set can include multiple maintained sockets stored in the transport layer. Then, the maintained socket corresponding to the original 5-tuple can be searched in the socket set.

[0113] Specifically, in the socket set, searching for the existence of a maintained socket corresponding to the original 5-tuple can include: obtaining the maintained 5-tuple corresponding to the maintained socket in the socket set; then searching for a maintained 5-tuple that matches the original 5-tuple in the socket set; if a maintained 5-tuple that matches the original 5-tuple exists, it is determined that a maintained socket corresponding to the TCP segment exists; if no maintained 5-tuple that matches the original 5-tuple exists, it is determined that a maintained socket corresponding to the TCP segment does not exist. This effectively realizes the search for the existence of a maintained socket corresponding to a TCP segment at the transport layer.

[0114] Step S502: If a maintained socket corresponding to the TCP packet exists, the TCP packet is sent to the transport layer for processing based on the maintained socket.

[0115] If the search result shows that a maintained socket corresponding to a TCP packet exists, it means that the TCP packet corresponding to the maintained socket is a packet that the transport layer can directly process. Therefore, the TCP packet can be sent to the transport layer for analysis and processing based on the maintained socket. In some instances, the TCP packet corresponding to the maintained socket can be sent to both the transport layer and the application layer so that the transport layer and the application layer can analyze and process the received TCP packet.

[0116] In other instances, the maintained socket can be associated with TCP packets first, and then the TCP packets can be sent to the transport layer for analysis and processing. In this case, sending TCP packets to the transport layer for processing based on the maintained socket can include: associating the maintained socket with TCP packets; and sending TCP packets associated with the maintained socket to the transport layer for processing.

[0117] Specifically, since TCP packet processing often requires determining the maintained socket corresponding to the TCP packet, in order to improve the quality and efficiency of the transport layer's analysis and processing of TCP packets, after obtaining the maintained socket, the maintained socket is associated with the TCP packet, and the TCP packet associated with the maintained socket is sent to the transport layer for analysis and processing. This allows the transport layer to directly analyze and process TCP packets based on the maintained socket without having to perform socket lookup and matching operations on the TCP packet, thereby improving the quality and efficiency of packet processing.

[0118] Step S503: If no maintained socket corresponding to the TCP packet is found, then check whether the TCP packet is in the handshake phase.

[0119] If the search result shows that no maintained socket corresponds to the TCP packet, it means that the TCP packet corresponding to the maintained socket is not a packet that the transport layer can directly process. In order to continue to analyze and process the transport layer packet, it is possible to first detect whether the TCP packet is in the handshake phase. In some instances, the detection of whether the TCP packet is in the handshake phase can be determined by the status information of the status register. In this case, detecting whether the TCP packet is in the handshake phase can include: obtaining the status information of the status register used to identify whether the TCP packet is in the handshake phase; when the status information is the first status information (e.g., "1"), it is determined that the TCP packet is in the handshake phase; when the status information is the second status information (e.g., "0"), it is determined that the TCP packet is not in the handshake phase. This effectively realizes the detection operation of whether the TCP packet is in the handshake phase, and then facilitates the corresponding packet processing operation based on the detection result.

[0120] Step S504: When the TCP packet is in the handshake phase, the destination port in the original 5-tuple of the TCP packet is adjusted to the aggregated port to obtain the changed 5-tuple.

[0121] During the TCP handshake phase, to improve the quality and efficiency of packet processing, the destination port in the original TCP packet's 5-tuple can be adjusted to an aggregated port. This allows the updated TCP packet to be obtained, enabling analysis and processing based on the socket corresponding to the aggregated port, further improving processing quality and efficiency. Conversely, if the TCP packet is not in the handshake phase, it can wait until the handshake phase begins, at which point the destination port in the original TCP packet's 5-tuple can be adjusted to an aggregated port to obtain the updated 5-tuple.

[0122] In some instances, after obtaining the replaced 5-tuple, a new socket corresponding to the TCP packet can be generated during the TCP packet handshake phase. In this case, the method in this embodiment may further include: transmitting the TCP packet to the transport layer when the TCP packet is in the handshake phase; and generating a new socket corresponding to the TCP packet at the transport layer, wherein the new socket corresponds to the original 5-tuple of the TCP packet.

[0123] Specifically, during the handshake phase of a TCP packet, in order to accurately transmit the updated TCP packet to the transport layer, the TCP packet can be transmitted to the transport layer for analysis and processing. Furthermore, in order to ensure the quality and effectiveness of packet processing, not only can the TCP packet be transmitted to the transport layer, but a new socket corresponding to the TCP packet can also be generated in the transport layer. The new socket corresponds to the original 5-tuple of the TCP packet.

[0124] For example, if the original 5-tuple of a TCP packet is {IP address 1 (source IP address), port 1 (source port), IP address 1 (destination IP address), port 2 (destination port), TCP}, and the 5-tuple is changed to {IP address 1, port 1, IP address 1, port 0, TCP}, after obtaining the changed 5-tuple, the TCP packet can be uploaded to the transport layer for analysis and processing. Furthermore, when the TCP packet is in the handshake phase, a new socket corresponding to the TCP packet can be generated. The generated new socket corresponds to the original 5-tuple of the TCP packet {IP address 1, port 1, IP address 1, port 2, TCP}.

[0125] After generating a new socket corresponding to a TCP packet in the transport layer, in order to improve the quality and efficiency of packet processing operations, the generated new socket can be sent to the transport layer for management and maintenance. This way, when a transport layer packet corresponding to the new socket is obtained again, the corresponding new socket can be directly queried based on the original 5-tuple of the transport layer packet. This allows for analysis and processing of the transport layer packet based on the new socket, thus improving the quality and efficiency of packet processing.

[0126] In this embodiment, by searching in the transport layer for a maintained socket corresponding to the TCP packet, if it exists, the TCP packet is sent to the transport layer for processing based on the maintained socket; if it does not exist, it can detect whether the TCP packet is in the handshake phase. When the TCP packet is in the handshake phase, the destination port in the original 5-tuple of the TCP packet can be adjusted to the aggregated port to obtain the changed 5-tuple. This effectively enables the modification of some parameters in the 5-tuple of the transport layer packet during the handshake phase, so that the transport layer packet can be associated with the target socket corresponding to the aggregated port during the handshake phase. This allows the original destination port corresponding to the transport layer packet to be monitored through the aggregated port, further improving the practicality of the method.

[0127] In practical applications, this embodiment provides a method for dynamically accelerating multi-port aggregation listening in scenarios. This method can overcome the problems existing in related technologies, such as "the code becomes complex and difficult to read due to the large number of listening ports," "hot upgrades are very time-consuming and may cause service loss," "the performance of socket lookup deteriorates during message reception and transmission due to a surge in the number of sockets," and "the number of transmission channel file descriptors that need to be established is huge, resulting in high system resource consumption." To solve the above technical problems, this method needs to implement the following three key functions:

[0128] (1) Implement port aggregation listening function to reduce the number of ports that the transport layer needs to listen to. In some instances, multiple ports can be aggregated to one port, such as aggregating TCP protocol ports 8000-10000 to port 80.

[0129] (2) The application service retains the ability to use different ports. Specifically, the use of the original port allows the application service to not need to change its listening port, so that the front-end application can switch smoothly and seamlessly to the full-site acceleration platform (e.g., DCDN platform).

[0130] (3) This solution does not require the use of Network Address Translation (NAT) mechanism. The system call function (e.g., getsockopt interface) can be used to obtain the real IP address and real port address of the client. In many dynamic acceleration scenarios, it is necessary to obtain the source IP address and source port of the client. The obtained source IP address and / or source port can be used for some auditing and security protection work.

[0131] To achieve the above functions, the multi-port aggregation monitoring scheme in this application embodiment needs to utilize packet interception technology. To facilitate understanding of the implementation principle of multi-port aggregation monitoring in this application embodiment, the packet interception technology will be briefly explained below:

[0132] Regarding service ports, the system does not have the capability to allow a single socket to bind to and listen on different ports simultaneously. Therefore, a TCP socket will be bound to a specific IP address and a specific port. For example, if a socket is bound to port 80, it cannot process data packets from port 8080. However, from the perspective of the transport layer or network layers three, a socket can be bound to a fixed port, and then the socket can be used to "steal" data packets from other ports, thus allowing the socket to process packets from different listening ports with different input directions. Figure 6 As shown, although a socket is bound to port 80, packet interception technology can be used to intercept packets destined for port 8080 or port 8081 according to rules, thereby enabling the socket to process network packets from ports 8080 and 8081.

[0133] To enable packet theft, the functionality for this can be added to the packet ingress anchor. Specifically, the packet ingress anchor can be at least one of the five anchors in the netfilter framework within the kernel. The netfilter framework handles network packet filtering, modification, and routing. It provides five main anchors (or callback points): NF_IP_PRE_ROUTING, NF_IP_LOCAL_IN, NF_IP_FORWARD, NF_IP_LOCAL_OUT, and NF_IP_POST_ROUTING. These anchors allow the insertion of custom processing logic at different lifecycle stages of the packet.

[0134] In some instances, to implement port aggregation, functional code for packet interception can be mounted on the NF_IP_POST_ROUTING anchor and / or NF_IP_LOCAL_IN anchor. See the attached document. Figure 7 As shown, attaching the functional code used to implement packet theft operations to the NF_IP_POST_ROUTING anchor and / or NF_IP_LOCAL_IN anchor can include:

[0135] Step 11: Generate message theft rules through the rule management center to implement message theft operations.

[0136] Among them, the message theft rule is used to implement the message theft operation. The message theft rule may include: aggregated port and a list of theft ports. The list of theft ports includes one or more ports to be stolen, or the list of theft ports may include a segment of theft ports, which includes a start port for theft, an end port for theft, and multiple consecutive ports located between the start port for theft and the end port for theft.

[0137] For packet interception rules, they can include not only port information but also IP addresses. In this case, the packet interception rule can include: aggregated ports, aggregated IP addresses, a list of intercepted ports, and intercepted IP addresses. The list of intercepted ports includes one or more ports to be intercepted, or the list of intercepted ports can include a port segment to be intercepted, which includes a start port, an end port, and multiple consecutive ports located between the start port and the end port. The intercepted IP addresses can include a range of intercepted IP addresses, which can include a start address, an end address, and multiple consecutive IP address information located between the start address and the end address.

[0138] In addition, generating message theft rules for implementing message theft operations may include: obtaining the application to be managed or the domain name to be managed; generating message theft rules corresponding to the application to be managed or the domain name to be managed, that is, the message theft rules correspond to the application to be managed or the domain name to be managed.

[0139] Step 12: Transmit the packet theft rules through the transport layer to the preset application service, so that the preset application service can send the packet theft rules to the packet entry anchor point in the kernel module.

[0140] The packet entry anchor can include the NF_IP_POST_ROUTING anchor and / or the NF_IP_LOCAL_IN anchor. After the preset application service (e.g., an application service API implemented using the HTTP protocol) obtains the packet theft rules, the netlink mechanism can be used to distribute the packet theft rules to the kernel, thereby enabling communication between user space and kernel modules. Within the kernel module, hash buckets and linked lists can be used to maintain the packet theft rules. The hash bucket key can be generated using the destination IP and port; the generation algorithm can be user-defined or can directly utilize the kernel's jhash capability.

[0141] In addition, the default application service can not only send packet theft rules to the packet entry anchor in the kernel, but also edit, view, or modify the packet theft rules according to application requirements. This ensures that the transport layer packets can be identified as interest packets based on the packet theft rules. After the above operations, the packet theft rules are sent to the NF_IP_POST_ROUTING anchor and / or NF_IP_LOCAL_IN anchor in the kernel to identify whether the transport layer packets are interest packets.

[0142] For details, please refer to the appendix. Figure 8 As shown, the method for multi-port aggregation listening in a dynamic acceleration scenario may include the following steps:

[0143] Step 21: Obtain the transport layer message, where the transport layer message corresponds to the original 5-tuple.

[0144] The system includes a pre-configured network interface card (NIC) for message transmission. Through the NIC, transport layer messages from different ports can be obtained. These transport layer messages can be implemented as TCP or UDP messages.

[0145] Step 22: Determine the message theft rules used to implement message processing operations by entering the message anchor point.

[0146] Specifically, when the incoming node is implemented as an NF_IP_POST_ROUTING anchor, the packet theft rules attached to the NF_IP_POST_ROUTING anchor can be obtained when the packet is about to leave the network stack; or, when the incoming node is implemented as an NF_IP_LOCAL_IN anchor, the packet theft rules attached to the NF_IP_LOCAL_IN anchor can be obtained when the packet has been determined to be transmitted to the local host. Alternatively, when the incoming node is implemented as both an NF_IP_POST_ROUTING anchor and an NF_IP_LOCAL_IN anchor, the packet theft rules can be obtained through the first anchor (i.e., the NF_IP_LOCAL_IN anchor), but not again when passing through the second anchor.

[0147] Step 23: Determine the list of ports to be intercepted and the aggregated ports by using packet interception rules.

[0148] The packet theft rules include: aggregated ports and a list of stolen ports. To prevent the number of packet theft rules from becoming too large, the ports to be stolen in the list of stolen ports can be represented by port ranges. For example, the stolen ports can be implemented as ports from 8001 to 8010, which simplifies the expression and implementation of packet theft rules.

[0149] Step 24: Identify whether a transport layer packet is a packet of interest based on the list of ports to be intercepted in the packet interception rules.

[0150] Specifically, the packet port corresponding to the transport layer packet can be obtained first. If there is a port to be stolen that matches the packet port in the port stealing list, then the transport layer packet is determined to be a packet of interest; if there is no port to be stolen that matches the packet port in the port stealing list, then the transport layer packet is determined not to be a packet of interest.

[0151] Step 25: If the transport layer message is not a message of interest, then ignore the transport layer message, that is, no processing operation is required on the transport layer message; if the transport layer message is a message of interest, then check if there is a target socket corresponding to the transport layer message.

[0152] The process of querying whether a target socket corresponding to a transport layer message exists may include: obtaining the original 5-tuple corresponding to the transport layer message; determining the set of sockets used to implement message processing operations, wherein the set of sockets may include one or more maintained sockets; querying whether a maintained socket corresponding to the original 5-tuple exists in the set of sockets; if a maintained socket corresponding to the original 5-tuple exists in the set of sockets, then it is determined that a target socket corresponding to the transport layer message exists; if a maintained socket corresponding to the original 5-tuple does not exist in the set of sockets, then it is determined that a target socket corresponding to the transport layer message does not exist.

[0153] Step 26: If a target socket corresponding to the transport layer message exists, associate and bind the transport layer message with the target socket, and send the transport layer message and the target socket to the transport layer for analysis and processing.

[0154] Once the target socket corresponding to the transport layer message is found, the message data packet can be directly bound to the target socket. The transport layer message can then be sent to the transport and application layers for analysis and processing. When the transport layer message enters the transport layer and the corresponding data packet is found to be associated with the target socket, the socket lookup for that data packet is no longer repeated. Instead, the message processing flow begins directly, meaning that the message data packets on port 80 can be analyzed and processed through port 80. This message processing flow can be implemented using existing methods, effectively ensuring both the quality and efficiency of message processing.

[0155] Step 26: If no target socket corresponding to the transport layer message exists, identify the message type of the transport layer message.

[0156] The message type can include TCP messages or UDP messages. The message type of a transport layer message can be determined by the transport protocol included in the five-tuple of the transport layer message. When the transport protocol is TCP, the transport layer message is determined to be a TCP message; when the transport protocol is UDP, the transport layer message is determined to be a UDP message.

[0157] Step 27: When the transport layer message is a UDP message, associate the transport layer message with the aggregation socket corresponding to the aggregation port, so as to listen to the original destination port corresponding to the transport layer message through the aggregation port.

[0158] Specifically, you can first obtain the 5-tuple or 4-tuple from the UDP packet, and then adjust the destination port in the 5-tuple or 4-tuple to the aggregation port to associate the transport layer packet with the aggregation socket. Adjusting the destination port in the 5-tuple or 4-tuple to the aggregation port can include: obtaining the packet description field corresponding to the UDP packet, which identifies the home socket of the UDP packet; initializing the aggregation socket to the packet description field to associate the transport layer packet with the aggregation socket corresponding to the aggregation port; after associating the transport layer packet with the aggregation socket corresponding to the aggregation port, you can listen to the original destination port of the transport layer packet through the aggregation port, i.e., you can listen to port 8080 or 8081 through port 80.

[0159] Step 28: When the transport layer message is a TCP message, identify whether the TCP message is in the message handshake phase.

[0160] The status register can be used to identify whether a TCP packet is in the handshake phase. For example, if the status flag in the status register is "0", it means that the TCP packet is not in the handshake phase; if the status flag in the status register is "1", it means that the TCP packet is in the handshake phase.

[0161] Step 29: When the TCP packet is in the packet handshake phase, the original 5-tuple of the TCP packet can be extracted, and the transport layer can be searched to see if there is a maintained socket corresponding to the TCP packet.

[0162] Specifically, querying the transport layer to determine if a maintained socket corresponding to a TCP packet exists may include: obtaining the original 5-tuple or original 4-tuple of the TCP packet, determining the set of sockets maintained in the transport layer, and searching within the socket set for a maintained socket corresponding to the original 5-tuple or original 4-tuple.

[0163] Step 210: If it exists, the TCP packet is sent to the transport layer and application layer for analysis and processing based on the maintained socket; if it does not exist, when the TCP packet is in the packet handshake phase, the TCP packet can be associated with the aggregate socket corresponding to the aggregate port, so as to listen to the original destination port corresponding to the transport layer packet through the aggregate port.

[0164] Specifically, if a maintained socket corresponding to a TCP packet exists, the maintained socket and the TCP packet can be associated and bound together, and then sent to the transport and application layers for analysis and processing. If no maintained socket corresponds to a TCP packet, in order to accurately analyze and process TCP packets forwarded from other ports to the aggregation port, the TCP packet can be associated with the aggregation socket corresponding to the aggregation port. This can include adjusting the destination port in the original 5-tuple or original 4-tuple of the TCP packet to the aggregation port, thereby associating the TCP packet with the aggregation socket corresponding to the aggregation port.

[0165] It is important to note that during the TCP handshake phase, not only can the TCP packet and the aggregated port be sent to the transport layer for analysis and processing, but a new socket corresponding to the TCP packet can also be established based on the original 5-tuple or original 4-tuple of the TCP packet. This new socket can then be sent to the transport layer for management and maintenance, thus serving as a maintained socket in the socket set. This improves the quality and efficiency of TCP packet analysis and processing when TCP packets are retrieved again.

[0166] The technical solution provided in this application embodiment enables listening operations on any other port through a single aggregated port, thereby reducing the number of ports that the transport layer needs to listen on. This reduces the number of transport channel file descriptors (fds) used for port listening operations, and consequently reduces the consumption of process files. Furthermore, this solution preserves the rigid requirements of different service ports for application services, allowing for seamless upgrades when switching to an application platform without requiring any changes to the application services. This not only allows application services to continue using their original ports but also enables smooth, unobtrusive upgrades. Finally, this solution only modifies the packet query rules, without changing the packet's IP address and port. This allows the application layer to obtain the actual source IP address and source port through the system's getsockopt interface, facilitating auditing and security protection operations based on IP address and port, further enhancing the practicality of the method.

[0167] Figure 9 This is a schematic diagram of a message processing device provided in an embodiment of the present invention; see attached diagram. Figure 9 As shown, this embodiment provides a message processing device, which can be implemented as an access gateway, and the device is used to perform the above-mentioned... Figure 3 The message processing method shown herein, specifically, the message processing apparatus may include:

[0168] The first acquisition module 11 is used to acquire the transport layer message to be processed and the aggregated port used to implement port listening operation;

[0169] The first processing module 13 is used to associate the transport layer message with the target socket corresponding to the aggregation port when the transport layer message is an interest message, wherein the interest message is sent to the port that needs to be monitored; so as to monitor the original destination port corresponding to the transport layer message through the aggregation port.

[0170] In some instances, when the first acquisition module 11 acquires the aggregated port used to implement the port listening operation, the first acquisition module 11 is used to perform: acquire packet stealing rules, the packet stealing rules including at least one aggregated port; and determine the aggregated port used to implement the port listening operation through the packet stealing rules.

[0171] In some instances, this embodiment further includes: a first identification module 12, which is used to determine an eavesdropping list corresponding to the aggregation port based on the message theft rules after acquiring the transport layer message to be transmitted. The eavesdropping list includes at least: the eavesdropping port identifier or eavesdropping port segment corresponding to the message to be eavesdropped, wherein the eavesdropping port segment includes at least the eavesdropping start port and the eavesdropping end port; and to identify whether the transport layer message is an interest message based on the eavesdropping list.

[0172] In some instances, when the first acquisition module 11 acquires the message theft rules, the first acquisition module 11 is used to perform: determining the message entry anchor point for receiving transport layer messages, wherein the message entry anchor point is loaded with message theft rules for processing transport layer messages; and determining the message theft rules through the message entry anchor point.

[0173] In some instances, the message enters the anchor point including at least one of the following:

[0174] Used to identify the first anchor point when a message data packet leaves the network stack;

[0175] The second anchor point is used to identify that a message packet has been determined to be delivered to the local host.

[0176] In some instances, before determining the message theft rules by entering the anchor point through the message, the first acquisition module 11 and the first processing module 13 in this embodiment are used to perform the following steps:

[0177] The first acquisition module 11 is used to acquire the packet entry anchor point in the kernel used for receiving packets;

[0178] The first processing module 13 is used to generate message theft rules for processing transport layer messages and attach the message theft rules to the message entry anchor point.

[0179] In some instances, when the first processing module 13 generates packet theft rules for processing transport layer packets, the first processing module 13 is used to perform the following: determine the application to be managed or the domain name to be managed; and generate the packet theft rules based on the aggregation port and the application to be managed or the domain name to be managed.

[0180] In some instances, when the first identification module 12 identifies whether a transport layer message is a message of interest based on the eavesdropping list, the first identification module 12 is used to perform the following: obtain the port identifier corresponding to the transport layer message; if there is a port to be eavesdropped that matches the port identifier in the eavesdropping list, then determine that the transport layer message is a message of interest; if there is no port to be eavesdropped that matches the port identifier in the eavesdropping list, then determine that the transport layer message is not a message of interest.

[0181] In some instances, the eavesdropping list also includes: the eavesdropping IP address or eavesdropping IP address range corresponding to the message to be eavesdropped, wherein the eavesdropping IP address range includes at least: the eavesdropping start IP address and the eavesdropping end IP address;

[0182] When the first identification module 12 identifies whether a transport layer packet is a packet of interest based on the eavesdropping list, the first identification module 12 is used to perform the following: obtain the port identifier and IP address corresponding to the transport layer packet; if there is an eavesdropping port identifier that matches the port identifier and an eavesdropping IP address that matches the IP address in the eavesdropping list, then the transport layer packet is determined to be a packet of interest; if there is no eavesdropping port identifier that matches the port identifier or an eavesdropping IP address that matches the IP address in the eavesdropping list, then the transport layer packet is determined not to be a packet of interest.

[0183] In some instances, when the first processing module 13 associates a transport layer packet with the target socket corresponding to the aggregation port, the first processing module 13 is used to perform the following: obtain the original 5-tuple of the transport layer packet; adjust the destination port in the original 5-tuple to the aggregation port, so as to associate the transport layer packet with the target socket corresponding to the aggregation port.

[0184] In some instances, when the first processing module 13 adjusts the destination port in the original 5-tuple to the aggregated port, the first processing module 13 is used to perform the following: obtain the message description field corresponding to the transport layer message, the message description field being used to identify the home socket corresponding to the transport layer message; determine the target socket corresponding to the aggregated port; initialize the target socket to the message description field, so as to associate the transport layer message with the target socket.

[0185] In some instances, when the transport layer message is a TCP message, and when the transport layer message is an interest message, the first processing module 13 in this embodiment performs the following steps: if a maintained socket corresponding to the TCP message is found in the transport layer, the TCP message is sent to the transport layer for processing based on the maintained socket; if a maintained socket corresponding to the TCP message is not found in the transport layer, it is detected whether the TCP message is in the handshake phase; if the TCP message is in the handshake phase, the destination port in the original 5-tuple of the TCP message is adjusted to the aggregated port to obtain the changed 5-tuple.

[0186] In some instances, when the first processing module 13 searches in the transport layer for the existence of a maintained socket corresponding to a TCP packet, the first processing module 13 performs the following actions: obtaining the original 5-tuple of the TCP packet; determining the set of sockets maintained by the transport layer; and searching in the set of sockets for the existence of a maintained socket corresponding to the original 5-tuple.

[0187] In some instances, when the first processing module 13 sends TCP packets to the transport layer for processing based on the maintained socket, the first processing module 13 is used to perform: associating the maintained socket with the TCP packets; and sending the TCP packets associated with the maintained socket to the transport layer for processing.

[0188] In some instances, after obtaining the replaced 5-tuple, the first processing module 13 in this embodiment is further configured to transmit the TCP packet to the transport layer when the TCP packet is in the handshake completion phase; at the transport layer, a new socket corresponding to the TCP packet is generated, and the new socket corresponds to the original 5-tuple of the TCP packet.

[0189] Figure 9 The device shown can perform Figures 3-8 For the methods shown in the embodiments, the parts not described in detail in this embodiment can be referred to the following: Figures 3-8 The relevant descriptions of the illustrated embodiments are provided below. For the execution process and technical effects of this technical solution, please refer to [link / reference]. Figures 3-8 The descriptions in the illustrated embodiments will not be repeated here.

[0190] In one possible design, Figure 9 The structure of the message processing device shown can be implemented as an electronic device, which can be a controller, personal computer, server, or other similar devices. Figure 10 As shown, the electronic device may include a first processor 21 and a first memory 22. The first memory 22 is used to store data executed by the corresponding electronic device. Figures 3-8 In the illustrated embodiment, the program of the message processing method is configured to execute a program stored in the first memory 22.

[0191] The program includes one or more computer instructions, wherein when executed by the first processor 21, the one or more computer instructions are capable of performing the following steps: acquiring a transport layer message and an aggregation port for implementing port listening operations; when the transport layer message is an interest message, wherein the interest message is used to send to the port to be listened to; associating the transport layer message with the target socket corresponding to the aggregation port, so as to listen to the original destination port corresponding to the transport layer message through the aggregation port.

[0192] Furthermore, the first processor 21 is also used to perform the aforementioned Figure 3 All or part of the steps in the illustrated embodiments.

[0193] The structure of the electronic device may also include a first communication interface 23 for communication between the electronic device and other devices or communication networks.

[0194] In addition, embodiments of the present invention provide a computer storage medium for storing computer software instructions used by an electronic device, which includes instructions for executing the above-described... Figure 3 The procedure involved in the message processing method in the illustrated embodiment.

[0195] Furthermore, embodiments of the present invention provide a computer program product, comprising: a computer-readable storage medium storing computer instructions, which, when executed by one or more processors, cause one or more processors to perform the aforementioned... Figure 3 The steps in the message processing method shown in the embodiment of the method.

[0196] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, stored data, displayed data, etc.) involved in the embodiments of this application are all information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, use and processing of related data must comply with the relevant laws, regulations and standards of the relevant countries and regions, and corresponding operation entry points are provided for users to choose to authorize or refuse.

[0197] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the objectives of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any inventive effort.

[0198] Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of a necessary general-purpose hardware platform, or by a combination of hardware and software. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a computer product. The present invention can take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0199] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable device, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0200] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The functions specified in one or more boxes. These computer program instructions may also be loaded onto a computer or other programmable device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable device for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the functions specified in one or more boxes. In a typical configuration, a computing device includes one or more processors (CPU), input / output interfaces, network interfaces, and memory. Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.

[0201] Computer-readable media includes both permanent and non-permanent, removable and non-removable media that can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic magnetic disk storage or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.

[0202] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A message processing method, characterized in that, include: Obtain the transport layer messages to be processed and the aggregated ports used to implement port listening operations; When the transport layer message is an interest message, the interest message is sent to the port that needs to be monitored; the transport layer message is associated with the target socket corresponding to the aggregation port so as to monitor the original destination port corresponding to the transport layer message through the aggregation port.

2. The method according to claim 1, characterized in that, Obtain the aggregated port used to implement port listening operations, including: Obtain packet theft rules, wherein the packet theft rules include at least one aggregation port; The packet interception rules are used to determine the aggregated port used to implement port listening operations.

3. The method according to claim 2, characterized in that, Obtain message theft rules, including: A message entry anchor point for receiving the transport layer message is determined, wherein the message entry anchor point is loaded with message interception rules for processing the transport layer message; By entering the anchor point through the message, the message theft rules are determined.

4. The method according to claim 3, characterized in that, The message entering the anchor point includes at least one of the following: Used to identify the first anchor point when a message data packet leaves the network stack; The second anchor point is used to identify that a message packet has been determined to be delivered to the local host.

5. The method according to claim 3, characterized in that, Before determining the message theft rules by entering the anchor point through the message, the method further includes: Obtain the message entry anchor point used in the kernel to receive messages; Generate packet interception rules for processing the transport layer packets; The message theft rule is attached to the message entry anchor point.

6. The method according to claim 5, characterized in that, Generate packet interception rules for processing the transport layer packets, including: Identify the application or domain to be managed; The packet theft rules are generated based on the aggregation port and the application or domain name to be managed.

7. The method according to claim 2, characterized in that, After acquiring the transport layer message to be transmitted, the method further includes: Based on the packet interception rules, an eavesdropping list corresponding to the aggregation port is determined. The eavesdropping list includes at least: the eavesdropping port identifier or eavesdropping port segment corresponding to the packet to be eavesdropped, wherein the eavesdropping port segment includes at least the eavesdropping start port and the eavesdropping end port. Based on the eavesdropping list, it is determined whether the transport layer message is an interest message.

8. The method according to claim 7, characterized in that, Based on the eavesdropping list, identifying whether the transport layer message is an interest message includes: Obtain the port identifier corresponding to the transport layer message; If a port matching the port identifier is identified in the eavesdropping list, then the transport layer message is determined to be an interest message; If no port matching the port identifier is found in the eavesdropping list, then the transport layer message is determined not to be a message of interest.

9. The method according to claim 7, characterized in that, The eavesdropping list also includes: the eavesdropping IP address or eavesdropping IP address range corresponding to the message to be eavesdropped, wherein the eavesdropping IP address range includes at least: the eavesdropping start IP address and the eavesdropping end IP address; Based on the eavesdropping list, identifying whether the transport layer message is an interest message includes: Obtain the port identifier and IP address corresponding to the transport layer message; If the eavesdropping list contains an eavesdropping port identifier that matches the port identifier and an eavesdropping IP address that matches the IP address, then the transport layer message is determined to be an interest message. If no eavesdropping port identifier matching the port identifier or an eavesdropping IP address matching the IP address is found in the eavesdropping list, then the transport layer message is determined not to be an interest message.

10. The method according to any one of claims 1-9, characterized in that, Associating the transport layer message with the target socket corresponding to the aggregation port includes: Obtain the original quintuple of the transport layer message; The destination port in the original quintuple is adjusted to the aggregation port to associate the transport layer message with the target socket corresponding to the aggregation port.

11. The method according to claim 10, characterized in that, Adjusting the destination port in the original quintuple to the aggregated port includes: Obtain the message description field corresponding to the transport layer message, the message description field being used to identify the home socket corresponding to the transport layer message; Determine the target socket corresponding to the aggregated port; The target socket is initialized to the message description field to associate the transport layer message with the target socket.

12. The method according to any one of claims 1-9, characterized in that, When the transport layer message is a TCP message, and when the transport layer message is an interest message, the method further includes: If a maintained socket corresponding to the TCP packet is found in the transport layer, the TCP packet is sent to the transport layer for processing based on the maintained socket. If no maintained socket corresponding to the TCP packet is found in the transport layer, then it is checked whether the TCP packet is in the handshake phase. When the TCP packet is in the handshake phase, the destination port in the original 5-tuple of the TCP packet is adjusted to the aggregated port to obtain the changed 5-tuple.

13. The method according to claim 12, characterized in that, The method further includes: Obtain the original 5-tuple of the TCP packet; Determine the set of sockets maintained by the transport layer; In the socket set, search for the existence of a maintained socket corresponding to the original 5-tuple.

14. The method according to claim 12, characterized in that, Based on the maintained socket, the TCP packet is sent to the transport layer for processing, including: The maintained socket is associated with the TCP packet; The TCP packet associated with the maintained socket is sent to the transport layer for processing.

15. The method according to claim 12, characterized in that, After obtaining the replaced quintuple, the method further includes: When the TCP packet is in the handshake phase, the TCP packet is transmitted to the transport layer; At the transport layer, a new socket corresponding to the TCP packet is generated, and the new socket corresponds to the original 5-tuple of the TCP packet.

16. A message processing apparatus, characterized in that, include: The first acquisition module is used to acquire transport layer packets and aggregated ports used to implement port listening operations; The first identification module is used to identify whether the transport layer message is an interest message, and the interest message is used to send to the port that needs to be monitored. The first processing module is configured to associate the transport layer message with the target socket corresponding to the aggregation port when the transport layer message is an interest message, so as to listen to the original destination port corresponding to the transport layer message through the aggregation port.

17. An electronic device, characterized in that, include: A memory and a processor; wherein the memory is used to store one or more computer instructions, wherein the one or more computer instructions, when executed by the processor, implement the method of any one of claims 1-15.

18. A computer storage medium, characterized in that, Used to store a computer program that, when executed by a computer, implements the method of any one of claims 1-15.

19. A computer program product, characterized in that, include: A computer program, when executed by a processor of an electronic device, causes the processor to perform the steps of the method of any one of claims 1-15.