CN115174486A - Message transmission method, system and storage medium - Google Patents
Message transmission method, system and storage medium Download PDFInfo
- Publication number
- CN115174486A CN115174486A CN202210618394.1A CN202210618394A CN115174486A CN 115174486 A CN115174486 A CN 115174486A CN 202210618394 A CN202210618394 A CN 202210618394A CN 115174486 A CN115174486 A CN 115174486A
- Authority
- CN
- China
- Prior art keywords
- message
- bytes
- token bucket
- key
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000005540 biological transmission Effects 0.000 title claims abstract description 30
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 45
- 230000009471 action Effects 0.000 claims abstract description 27
- 230000000903 blocking effect Effects 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 10
- 238000011084 recovery Methods 0.000 claims description 10
- 238000007493 shaping process Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 abstract description 9
- 238000004891 communication Methods 0.000 abstract description 5
- 230000000694 effects Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003116 impacting effect Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/215—Flow control; Congestion control using token-bucket
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/23—Bit dropping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of communication transmission, and discloses a message transmission method, a system and a storage medium, wherein the method comprises the steps of generating a first KEY code which is uniquely corresponding to a received message based on a preset operation algorithm; searching a token bucket corresponding to the first KEY code from a pre-stored database, and adding 1 to the number of tokens in the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to one KEY code; judging whether the number of tokens is greater than a preset token threshold value, if so, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; if the number of tokens is less than the preset token threshold value, the action corresponding to the first token bucket is modified into forwarding, and the received message is forwarded continuously, so that the aggressiveness of the message can be judged efficiently, the message transmission delay is reduced, and the normal process in the system is ensured.
Description
Technical Field
The present invention relates to the field of communication transmission technologies, and in particular, to a method, a system, and a storage medium for transmitting a message.
Background
The message (packet) is a data unit exchanged and transmitted in the network, with the rapid development of network technology, the sending amount of the message is increasing day by day, at present, the switches and routers in the market cannot judge the legal message with attack property in a targeted way, and cannot achieve the intelligent identification effect, most switches and routers have limited function for protecting the message from impacting the CPU, the main methods in the industry are to limit the speed of the CPU interface, limit the speed based on the overall speed of the CPU message on an input port, limit the speed based on the COS queue of the CPU port, limit the speed based on the type of the Ethernet message, and do not judge whether the message has attack property, when the switches or routers receive one or more kinds of high speed, the message content is fixed, and the message can be loaded on the CPU, if the message content is legal, most switches or routers in the market cannot judge the message impacting the CPU as the attack property to discard. When a large amount of messages with attack properties impact a switch or a router CPU, the resources of the device CPU are occupied without fail, and the bandwidth of a CPU interface is occupied, so that the protocol messages of the CPU on normal cannot be processed normally, or the time delay is large, and meanwhile, the communication abnormality of the internal process of the system is caused. Therefore, when the message is transmitted in the existing mode, the message aggressivity cannot be found in time, so that the message transmission delay is large, and the internal process of the system is influenced.
Disclosure of Invention
The invention provides a message transmission method, a message transmission system and a storage medium, which are used for solving the problems that the message transmission delay is larger and the internal process of the system is influenced because the message aggressivity cannot be found in time when the message is transmitted in the conventional mode.
In order to achieve the purpose, the invention is realized by the following technical scheme:
in a first aspect, the present invention provides a packet transmission method, including:
generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm;
searching a token bucket corresponding to the KEY code from a pre-stored database, and adding 1 to the number of tokens in the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to one KEY code;
judging whether the number of tokens is greater than a preset token threshold value, if so, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; and if the number of the tokens is smaller than the preset token threshold value, modifying the action corresponding to the first token bucket into forwarding, and continuing to forward the received message.
Optionally, the generating a first KEY code uniquely corresponding to the received packet based on a preset operation algorithm includes:
defining an unsigned shaping array KEY with a data type of 32 bits, wherein the size of array elements is 16, and the total array size is 64 bytes;
and determining a preset operation algorithm according to the message length of the message, and generating the first KEY code based on the preset operation algorithm, the message and the shaping array KEY.
Optionally, the determining a preset operation algorithm according to the message length of the message includes:
when the message length is less than 16 bytes, the preset operation algorithm satisfies the following relational expression:
push16=(((x 1 )&(y 1 ))|((~w 1 )&(z 1 )));
wherein x is 1 The result of the AND operation on the 0-3 bytes of the message content and the KEY array element 0, y 1 The result of AND operation for 4-7 bytes of message content and KEY array element 1, w 1 The result of AND operation for 8-11 bytes of message content and KEY array element 2, z 1 The result of the and operation, representing the inverse operation, for the 12-15 bytes of message content and KEY array element 3,&a and operation is represented, | represents an or operation;
when the message length is larger than 16 and smaller than 32 bytes, the preset operation algorithm satisfies the following relational expression:
push32=(((x 2 )&(z 2 ))|((y 2 )&(~w 2 )));
wherein x is 2 The result of the AND operation, z, for the 16-19 bytes of the message content and the KEY array element 4 2 The result of the AND operation for 20-23 bytes of message content and KEY array element 5, y 2 The result of the AND operation for the 24-27 bytes of message content and the KEY array element 6, w 2 The result of AND operation is carried out on the 28-31 bytes of the message content and the KEY array element 7;
when the message length is greater than 32 and less than 48 bytes, the preset operation algorithm satisfies the following relational expression:
push48=((w 3 )^(x 3 )^(y 3 )^(z 3 ));
wherein, w 3 The result of the AND operation for 32-35 bytes of message content and the KEY array element 8, x 3 The result of the AND operation for 36-39 bytes of message content and KEY array element 9, y 3 The result of the AND operation, z, for the message contents 40-43 bytes and the KEY array element 10 3 The AND operation result of the message content 44-47 bytes and the KEY array element 11 indicates the OR operation;
when the message length is more than 48 and less than 64 bytes, the preset operation algorithm satisfies the following relational expression:
push64=(((y 4 )|(~w 4 ))^((x 4 )|(~z 4 )));
wherein, y 4 The result of the AND operation for the 48-51 bytes of the message content and the KEY array element 12, w 4 The result of the AND operation, x, for the message contents 52-55 bytes and the KEY array element 13 4 The result of the AND operation, z, for the 56-59 bytes of the message content and the KEY array element 14 4 The AND operation result is carried out on the message content 60-63 bytes and the KEY array element 15;
when the message length is larger than 64 and smaller than 112 bytes, the preset operation algorithm satisfies the following relational expression:
pushTail=(((x 5 )&(y 5 ))|((~w 5 )&(z 5 )));
wherein x is 5 The result of the AND operation on 96-99 bytes of the message content and the KEY array element 0, y 5 The result of the AND operation, w, for 100-103 bytes of message content and KEY array element 1 5 The result of the AND operation on the message contents of 104-107 bytes and the KEY array element 2, z 5 The result of AND operation is carried out on 108-111 bytes of the message content and KEY array element 3;
the first KEY code is generated, and the following relational expression is satisfied:
keyCode=(push16+push32+push48+push64+pushTail)|(pktLen<<4)|(pktLen>>4);
wherein, pktLen < <4 indicates that the message length is shifted left by 4 bits, and pktLen > >4 indicates that the message length is shifted right by 4 bits.
Optionally, if a first token bucket corresponding to the first KEY code is not found in a pre-stored database and token bucket resources in the database are full, rewriting a second KEY code corresponding to a token bucket with the least number of token buckets in the database into the first KEY code; and if the token bucket corresponding to the first KEY code is not found and the resources of the token bucket in the database are sufficient, establishing a token bucket corresponding to the first KEY code.
Optionally, before the token bucket corresponding to the KEY code is searched from the pre-stored database, the method further includes:
when the packet receiving rate of the message is greater than the preset rate, starting a token bucket blocking mechanism;
the searching the token bucket corresponding to the KEY code from a pre-stored database includes:
and under the condition of opening a token bucket blocking mechanism, searching a token bucket corresponding to the KEY code from a pre-stored database.
Optionally, the method further comprises:
if the current action of the token bucket is discarding and the number of tokens is equal to a preset recovery value, the action of the token bucket is converted into preparation;
if the token bucket is currently operated as preparation and the number of tokens is equal to the preset recovery value minus the number of tokens to be taken, the operation of the token bucket is converted into forwarding, and the forwarding of the message is recovered.
In a second aspect, the present invention provides a message transmission system, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method according to the first aspect when executing the computer program.
In a third aspect, the invention provides a computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the method steps according to the first aspect.
Has the beneficial effects that:
the message transmission method provided by the invention carries out operation with the message content through a preset operation algorithm to generate a first KEY code uniquely corresponding to the message, searches a token bucket corresponding to the first KEY code from a pre-stored database, and further judges whether the message has the aggressivity according to the number of tokens of the token bucket so as to determine to discard the message or continuously forward the message, so that the aggressivity of the message can be efficiently judged, the message transmission delay is reduced, and the normal process in the system is ensured.
In the preferred embodiment, the bit operation is carried out on the message content and the defined KEY array by adopting the preset operation algorithm, the calculation mode is efficient, the CPU resource occupation is less, and the preset operation algorithm can generate a unique KEY code for each message with different content.
In a preferred embodiment, if the token bucket is currently in operation as a preparation and the number of tokens is equal to a preset recovery value minus the number of tokens to be taken, the operation of the token bucket is converted into forwarding and the forwarding of the message is recovered, so that the forwarding can be automatically recovered when the rate of the attack message is reduced and the attack message is no longer offensive. The method can achieve the effects of preventing the impact of the message on the CPU and ensuring the normal operation of the service.
Drawings
Fig. 1 is a flowchart of a message transmission method according to a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of a KEY code generation method according to a preferred embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a token bucket opening process according to a preferred embodiment of the present invention;
FIG. 4 is a diagram illustrating a process of getting and closing tokens according to a preferred embodiment of the present invention;
fig. 5 is a second flowchart of a message transmission method according to a preferred embodiment of the present invention.
Detailed Description
The technical solutions of the present invention are described clearly and completely below, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Unless otherwise defined, technical or scientific terms used herein shall have the ordinary meaning as understood by one of ordinary skill in the art to which this invention belongs. The use of "first," "second," and similar terms in the present application do not denote any order, quantity, or importance, but rather the terms are used to distinguish one element from another. Also, the use of the terms "a" or "an" and the like do not denote a limitation of quantity, but rather denote the presence of at least one. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships are changed accordingly.
It should be understood that the message transmission method provided in the present application may be applied to various forwarding devices in the field of data communication, for example, the forwarding device may be a switch or a router CPU, which is only an example and is not limited herein. When a large amount of messages with attack properties impact a switch or a router CPU, the resources of the device CPU are occupied without fail, and the bandwidth of a CPU interface is occupied, so that the protocol messages of the CPU on normal cannot be processed normally, or the time delay is large, and meanwhile, the communication abnormality of the internal process of the system is caused. Therefore, the phenomena of failure of remote network management software access, network failure caused by untimely protocol processing, incapability of managing equipment blockage, automatic equipment restart and the like can be caused. Based on this, the application provides a message transmission method.
Referring to fig. 1, a message transmission method provided in the present application includes:
generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm;
searching a token bucket corresponding to the first KEY code from a pre-stored database, and adding 1 to the number of tokens in the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to one KEY code;
judging whether the number of tokens is greater than a preset token threshold value, if so, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; if the number of the tokens is smaller than a preset token threshold value, modifying the action corresponding to the first token bucket into forwarding, and continuing to forward the received message.
In this embodiment, the token bucket is a traffic policing algorithm, and the number of messages may be counted according to the number of tokens in the token bucket, each token bucket corresponds to one KEY code, if hit, the token bucket adds a token into the token bucket, and the number of tokens corresponding to the token bucket is increased by 1. If the number of tokens is larger than the threshold value, the number of tokens in the token bucket is set as the threshold value plus 1, wherein the preset token threshold value can be set by a worker according to actual requirements. And judging that the message has attack properties if the number of tokens is larger than or equal to a preset token threshold value, wherein the message number is larger.
According to the message transmission method, the operation is carried out on the message content through the preset operation algorithm, the first KEY code uniquely corresponding to the message is generated, the token bucket corresponding to the first KEY code is searched from the pre-stored database, and whether the message is offensive or not is further judged according to the number of the tokens of the token bucket, so that the message is discarded or continuously forwarded, the offensive of the message can be judged efficiently, the message transmission delay is reduced, and the normal process in the system is ensured.
Optionally, the generating a first KEY code uniquely corresponding to the received packet based on a preset operation algorithm includes:
defining an unsigned shaping array KEY with a data type of 32 bits, wherein the size of array elements is 16, and the total array size is 64 bytes;
and determining a preset operation algorithm according to the message length of the message, and generating the first KEY code based on the preset operation algorithm, the message and the shaping array KEY.
It should be noted that 64 bytes corresponds to the shortest length of a common ethernet message, after the CPU receives the ethernet message, the CPU performs operation on the message content and the KEY array through a preset operation algorithm to generate an unsigned 32-bit shaping KEY code (KEY code), stores the KEY code obtained through the operation in a pre-stored database to indicate that the message is marked, and subsequently receives the message again through KEY code matching, and can quickly determine whether the message hits, thereby performing token bucket operation on the message number, and further determining whether the message is discarded according to the operation result.
Optionally, the determining a preset operation algorithm according to the packet length of the packet includes a first algorithm shown in fig. 2: when the message length is less than 16 bytes, the preset operation algorithm satisfies the following relational expression:
push16=(((x 1 )&(y 1 ))|((~w 1 )&(z 1 )));
wherein x is 1 The result of the AND operation on the 0-3 bytes of the message content and the KEY array element 0, y 1 The result of AND operation for 4-7 bytes of message content and KEY array element 1, w 1 The result of the AND operation for the 8-11 bytes of the message content and the KEY array element 2, z 1 The result of the AND operation, representing the inverse operation, for the message contents 12-15 bytes and the KEY array element 3,&represents an and operation, | represents an or operation.
And a second algorithm: when the message length is larger than 16 and smaller than 32 bytes, the preset operation algorithm satisfies the following relational expression:
push32=(((x 2 )&(z 2 ))|((y 2 )&(~w 2 )));
wherein x is 2 The result of the AND operation for the 16-19 bytes of the message content and the KEY array element 4, z 2 The result of the AND operation for 20-23 bytes of message content and KEY array element 5, y 2 The result of the AND operation for the 24-27 bytes of message content and the KEY array element 6, w 2 The result of AND operation is carried out on the 28-31 bytes of the message content and the KEY array element 7;
and (3) algorithm three: when the message length is greater than 32 and less than 48 bytes, the preset operation algorithm satisfies the following relational expression:
push48=((w 3 )^(x 3 )^(y 3 )^(z 3 ));
wherein, w 3 The result of the AND operation, x, on the message content 32-35 bytes and the KEY array element 8 3 The result of the AND operation for 36-39 bytes of message content and KEY array element 9, y 3 The result of the AND operation, z, for the message contents 40-43 bytes and the KEY array element 10 3 The AND operation result of the message content 44-47 bytes and the KEY array element 11 indicates the OR operation;
and (4) algorithm four: when the message length is more than 48 and less than 64 bytes, the preset operation algorithm satisfies the following relational expression:
push64=(((y 4 )|(~w 4 ))^((x 4 )|(~z 4 )));
wherein, y 4 The result of the AND operation for the 48-51 bytes of the message content and the KEY array element 12, w 4 The result of the AND operation, x, for the 52-55 bytes of the message content and the KEY array element 13 4 The result of the AND operation, z, for the 56-59 bytes of the message content and the KEY array element 14 4 The result of AND operation is carried out on the message content 60-63 bytes and the KEY array element 15;
and (5) algorithm five: when the message length is larger than 64 and smaller than 112 bytes, the preset operation algorithm satisfies the following relational expression:
pushTail=(((x 5 )&(y 5 ))|((~w 5 )&(z 5 )));
wherein x is 5 The result of the AND operation on 96-99 bytes of the message content and the KEY array element 0, y 5 The result of the AND operation, w, for 100-103 bytes of message content and KEY array element 1 5 The result of the AND operation on the message content 104-107 bytes and KEY array element 2, z 5 The result of AND operation is carried out on 108-111 bytes of the message content and KEY array element 3;
and (6) algorithm six: the generating of the first KEY code satisfies the following relation:
keyCode=(push16+push32+push48+push64+pushTail)|(pktLen<<4)|(pktLen>>4);
wherein, pktLen < <4 indicates that the message length is shifted by 4 bits left, and pktLen > >4 indicates that the message length is shifted by 4 bits right.
It should be noted that the above formula is only one kind of mathematical expression satisfied by the above formula, and in other possible embodiments, the above formula may be transformed into other forms, but no matter how the above is transformed, the above formula is within the protection scope of the present application. The KEY code is a KEY code which needs to be stored in the database and is used for mapping to a corresponding message, and the KEY code is mainly used for a token bucket blocking impact mechanism behind and judging whether the message hits the KEY code stored in the database (each token bucket corresponds to one KEY code). Therefore, the bit operation is carried out on the message content and the defined KEY array by adopting the preset operation algorithm, the calculation mode is efficient, the CPU resource occupation is less, and the preset operation algorithm can generate a unique KEY code for each message with different content.
Optionally, if a first token bucket corresponding to the first KEY code is not found in a pre-stored database and the token bucket resources in the database are full, rewriting a second KEY code corresponding to a token bucket with the least number of token buckets in the database into the first KEY code; and if the token bucket corresponding to the first KEY code is not found and the resources of the token bucket in the database are sufficient, establishing a token bucket corresponding to the first KEY code.
In this alternative embodiment, the token bucket resource is full with the token bucket class up to the maximum and no resources available. Sufficient token bucket resources means that there are resources available for the token bucket class that is not the largest.
In this embodiment, the KEY code corresponding to the token bucket is rewritten by finding the situation and the token bucket is added or reduced, so that reasonable configuration can be performed according to the user requirement and the use scene.
Optionally, before the token bucket corresponding to the KEY code is searched from a pre-stored database, the method further includes:
when the packet receiving rate of the message is greater than the preset rate, starting a token bucket blocking mechanism;
the searching the token bucket corresponding to the KEY code from a pre-stored database includes:
and under the condition of opening a token bucket blocking mechanism, searching a token bucket corresponding to the KEY code from a pre-stored database.
It should be noted that, as shown in fig. 3, the token bucket blocking mechanism is automatically turned on only when the packet receiving rate of the CPU reaches a certain value (a value configured by a user). If the token bucket under the port is not opened, the processing function triggered by the timer can read the speed in the token bucket record table and judge whether the number of the messages taken per second is exceeded. And if the token bucket does not exceed the speed limit, resetting the overspeed times in the token bucket record table. And judging whether the overspeed times reach the maximum allowable overspeed times (the overspeed times can be determined through user configuration), and opening the token bucket if the maximum overspeed times reach.
Therefore, the token bucket is automatically switched on and off according to the packet receiving rate of the CPU, and computing resources can be saved.
Optionally, the method further includes:
if the current action of the token bucket is discarding and the number of tokens is equal to a preset recovery value, the action of the token bucket is converted into preparation;
if the token bucket is currently operated as preparation and the number of tokens is equal to the preset recovery value minus the number of tokens to be taken, the operation of the token bucket is converted into forwarding, and the forwarding of the message is recovered.
In this alternative embodiment, as shown in fig. 4, if the token bucket under the port is already open, the processing function triggered by the timer will traverse the token record and take the token. When the actions of the tokens in the bucket are judged, if the actions are discarding, the tokens are taken away by twice the number of the tokens taken at one time, and if the actions are other actions, the tokens are taken away by the number of the tokens taken at one time. The number of tokens recorded in the token bucket record table is reduced when a token is taken from the bucket. If the current action of the token is discarding and the number of tokens is equal to the recovery value, the action of the token is ready. If the current token action is used as preparation and the number of tokens is equal to the recovery value minus the number of tokens, the token action is converted into forwarding, and the forwarding of the message is recovered. Thus, when the rate of the attack message is reduced and the attack is no longer aggressive, the forwarding can be automatically recovered. The method can achieve the effects of preventing the impact of the message on the CPU and ensuring the normal operation of the service.
In one example, if the number of tokens for a token bucket is zero, it is removed from the token bucket record table and the token class in the bucket is decremented by one. And if the token record in the token bucket record table is empty, all the tokens in the token bucket are taken away, and the token bucket is closed.
In a complete example, as shown in fig. 5, when the cpu receives a message, the cpu generates a KEY code through the above operations, and then compares the KEY code with the KEY code stored in the database to find out the token bucket corresponding to the message through hit. If there is a hit, the token bucket adds the token to the bucket, adding 1 to the number of corresponding tokens in the token bucket. If the number of tokens is greater than the threshold, the number of tokens in the token bucket is set to the threshold plus 1. And if the message is not hit, a new token bucket corresponding to the message is created. It is first checked whether the existing token bucket class has reached the maximum, i.e. whether resources are available. If the token is maximum, replacing the token bucket with the minimum token number, wherein the token bucket type number is unchanged. And if the number of the types of the token buckets is not the maximum, creating a token bucket corresponding to the KEY code, recording the token bucket in a token bucket database, and adding 1 to the number of the types of the token buckets. The number of tokens newly added to the token bucket is the initial token value. And if the number of the tokens in the token bucket is greater than or equal to the threshold value and the action is not discarded, the action of the token bucket is discarded and stored in a token bucket database. Messages for actions other than the forwarding action will be discarded. Therefore, a mechanism for effectively judging and blocking message attack is established, and the effects of accurately judging message attack and effectively blocking the message from impacting a CPU are achieved through a set of processing mechanisms of accurately identifying, recording, speed calculating, attacking property judging, blocking action responding, recovering and the like on the message. And automatically switching on and off the token bucket according to the packet receiving rate of the CPU, automatically identifying the message of the attack property, automatically issuing the attack blocking action, and stopping the attack and automatically recovering the forwarding. The token bucket comprises the settings of the bucket threshold value, the normal recovery value, the single token taking value and the initialization token value, and can be reasonably configured according to the user requirements and the use scene, so that the effects of preventing the impact on a CPU and ensuring the normal operation of the service are achieved.
The application also provides a message transmission system, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor implements the steps of the method when executing the computer program. The message transmission system can implement each embodiment of the message transmission method and achieve the same beneficial effects, and details are not repeated here.
Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method steps as described above. The readable storage medium can implement the embodiments of the method described above, and can achieve the same beneficial effects, which are not described herein again.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions that can be obtained by a person skilled in the art through logical analysis, reasoning or limited experiments based on the prior art according to the concepts of the present invention should be within the scope of protection determined by the claims.
Claims (8)
1. A method for packet transmission, comprising:
generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm;
searching a token bucket corresponding to the first KEY code from a pre-stored database, and adding 1 to the number of tokens in the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to one KEY code;
judging whether the token quantity is larger than a preset token threshold value or not, if the token quantity is larger than or equal to the preset token threshold value, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; if the token quantity is smaller than the preset token threshold value, modifying the action corresponding to the first token bucket into forwarding, and continuing to forward the received message.
2. The message transmission method according to claim 1, wherein the generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm comprises:
defining an unsigned shaping array KEY with a data type of 32 bits, wherein the size of array elements is 16, and the total array size is 64 bytes;
and determining a preset operation algorithm according to the message length of the message, and generating the first KEY code based on the preset operation algorithm, the message and the shaping array KEY.
3. The message transmission method according to claim 2, wherein the determining a predetermined operation algorithm according to the message length of the message comprises:
when the message length is less than 16 bytes, the preset operation algorithm satisfies the following relational expression:
push16=(((x 1 )&(y 1 ))|((~w 1 )&(z 1 )));
wherein x is 1 The result of the AND operation for 0-3 bytes of message content and KEY array element 0,y 1 the result of AND operation for 4-7 bytes of message content and KEY array element 1, w 1 The result of the AND operation for the 8-11 bytes of the message content and the KEY array element 2, z 1 The result of the and operation, representing the inverse operation, for the 12-15 bytes of message content and KEY array element 3,&represents and operation, | represents or operation;
when the message length is larger than 16 and smaller than 32 bytes, the preset operation algorithm satisfies the following relational expression:
push32=(((x 2 )&(z 2 ))|((y 2 )&(~w 2 )));
wherein x is 2 The result of the AND operation, z, for the 16-19 bytes of the message content and the KEY array element 4 2 The result of the AND operation for 20-23 bytes of message content and KEY array element 5, y 2 The result of the AND operation for the 24-27 bytes of message content and the KEY array element 6, w 2 The result of AND operation is carried out on the 28-31 bytes of the message content and the KEY array element 7;
when the message length is greater than 32 and less than 48 bytes, the preset operation algorithm satisfies the following relational expression:
push48=((w 3 )^(x 3 )^(y 3 )^(z 3 ));
wherein, w 3 The result of the AND operation, x, on the message content 32-35 bytes and the KEY array element 8 3 The result of the AND operation for 36-39 bytes of message content and KEY array element 9, y 3 The result of the AND operation for the 40-43 bytes of message content and the KEY array element 10, z 3 The AND operation result of the message content 44-47 bytes and the KEY array element 11 indicates the OR operation;
when the message length is more than 48 and less than 64 bytes, the preset operation algorithm satisfies the following relational expression:
push64=(((y 4 )|(~w 4 ))^((x 4 )|(~z 4 )));
wherein, y 4 The result of the AND operation for the 48-51 bytes of the message content and the KEY array element 12, w 4 The result of the AND operation, x, for the message contents 52-55 bytes and the KEY array element 13 4 The result of the AND operation, z, for the 56-59 bytes of the message content and the KEY array element 14 4 The result of AND operation is carried out on the message content 60-63 bytes and the KEY array element 15;
when the message length is larger than 64 and smaller than 112 bytes, the preset operation algorithm satisfies the following relational expression:
pushTail=(((x 5 )&(y 5 ))|((~w 5 )&(z 5 )));
wherein x is 5 The result of the AND operation, y, for 96-99 bytes of message content and KEY array element 0 5 The result of the AND operation, w, for 100-103 bytes of message content and KEY array element 1 5 The result of the AND operation on the message contents of 104-107 bytes and the KEY array element 2, z 5 The result of AND operation is carried out on 108-111 bytes of the message content and KEY array element 3;
the first KEY code is generated, and the following relational expression is satisfied:
keyCode=(push16+push32+push48+push64+pushTail)|(pktLen<<4)|(pktLen>>4);
wherein, pktLen < <4 indicates that the message length is shifted left by 4 bits, and pktLen > >4 indicates that the message length is shifted right by 4 bits.
4. The message transmission method according to claim 1, wherein if the first token bucket corresponding to the first KEY code is not found in a pre-stored database and the token bucket resources in the database are full, the second KEY code corresponding to the token bucket with the least number of token buckets in the database is rewritten into the first KEY code; and if the token bucket corresponding to the first KEY code is not found and the resources of the token bucket in the database are sufficient, establishing a token bucket corresponding to the first KEY code.
5. The message transmission method according to claim 1, wherein before searching the token bucket corresponding to the KEY code from the pre-stored database, the method further comprises:
when the packet receiving rate of the message is greater than the preset rate, starting a token bucket blocking mechanism;
the searching the token bucket corresponding to the KEY code from a pre-stored database comprises:
and under the condition of opening a token bucket blocking mechanism, searching a token bucket corresponding to the KEY code from a pre-stored database.
6. The message transmission method according to claim 1, wherein the method further comprises:
if the current action of the token bucket is discarding and the number of tokens is equal to a preset recovery value, the action of the token bucket is converted into preparation;
if the token bucket is currently in preparation and the number of tokens is equal to the preset recovery value minus the number of tokens to be taken, the action of the token bucket is converted into forwarding, and the forwarding of the message is recovered.
7. A messaging system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method of any of claims 1 to 6 when executing the computer program.
8. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210618394.1A CN115174486B (en) | 2022-06-01 | 2022-06-01 | Message transmission method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210618394.1A CN115174486B (en) | 2022-06-01 | 2022-06-01 | Message transmission method, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115174486A true CN115174486A (en) | 2022-10-11 |
| CN115174486B CN115174486B (en) | 2024-05-28 |
Family
ID=83483925
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210618394.1A Active CN115174486B (en) | 2022-06-01 | 2022-06-01 | Message transmission method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115174486B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941610A (en) * | 2022-12-09 | 2023-04-07 | 中联智慧农业股份有限公司 | Token bucket algorithm-based current limiting method, current limiting device and electronic equipment |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020075875A1 (en) * | 2000-09-22 | 2002-06-20 | Narad Networks, Inc. | Broadband system with transmission scheduling and flow control |
| CN1466334A (en) * | 2002-06-12 | 2004-01-07 | ��Ϊ��������˾ | Method for controlling message transmitting spped rate in router interface |
| CN101272346A (en) * | 2008-04-29 | 2008-09-24 | 华为技术有限公司 | Method and device for packet flux monitoring |
| CN101325588A (en) * | 2007-06-11 | 2008-12-17 | 华为技术有限公司 | Method for preventing network equipment from attacking and network equipment |
| CN105024942A (en) * | 2015-05-29 | 2015-11-04 | 桂林电子科技大学 | Dynamic flow monitoring method |
| CN105471917A (en) * | 2016-01-14 | 2016-04-06 | 成都麦杰康科技有限公司 | Data transmission method and system |
| CN106656850A (en) * | 2016-10-27 | 2017-05-10 | 盛科网络(苏州)有限公司 | Chip realizing method for automatically identifying network traffic and making speed limit |
| CN110611623A (en) * | 2019-08-30 | 2019-12-24 | 江苏苏宁物流有限公司 | Current limiting method and device |
| CN110995598A (en) * | 2019-11-12 | 2020-04-10 | 芯创智(北京)微电子有限公司 | Variable-length message data processing method and scheduling device |
| CN111447150A (en) * | 2020-02-29 | 2020-07-24 | 中国平安财产保险股份有限公司 | Access request current limiting method, server and storage medium |
| WO2021002022A1 (en) * | 2019-07-04 | 2021-01-07 | 日本電信電話株式会社 | Communication device, communication method, and program |
| CN113411267A (en) * | 2021-06-16 | 2021-09-17 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
-
2022
- 2022-06-01 CN CN202210618394.1A patent/CN115174486B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020075875A1 (en) * | 2000-09-22 | 2002-06-20 | Narad Networks, Inc. | Broadband system with transmission scheduling and flow control |
| CN1466334A (en) * | 2002-06-12 | 2004-01-07 | ��Ϊ��������˾ | Method for controlling message transmitting spped rate in router interface |
| CN101325588A (en) * | 2007-06-11 | 2008-12-17 | 华为技术有限公司 | Method for preventing network equipment from attacking and network equipment |
| CN101272346A (en) * | 2008-04-29 | 2008-09-24 | 华为技术有限公司 | Method and device for packet flux monitoring |
| CN105024942A (en) * | 2015-05-29 | 2015-11-04 | 桂林电子科技大学 | Dynamic flow monitoring method |
| CN105471917A (en) * | 2016-01-14 | 2016-04-06 | 成都麦杰康科技有限公司 | Data transmission method and system |
| CN106656850A (en) * | 2016-10-27 | 2017-05-10 | 盛科网络(苏州)有限公司 | Chip realizing method for automatically identifying network traffic and making speed limit |
| WO2021002022A1 (en) * | 2019-07-04 | 2021-01-07 | 日本電信電話株式会社 | Communication device, communication method, and program |
| CN110611623A (en) * | 2019-08-30 | 2019-12-24 | 江苏苏宁物流有限公司 | Current limiting method and device |
| CN110995598A (en) * | 2019-11-12 | 2020-04-10 | 芯创智(北京)微电子有限公司 | Variable-length message data processing method and scheduling device |
| CN111447150A (en) * | 2020-02-29 | 2020-07-24 | 中国平安财产保险股份有限公司 | Access request current limiting method, server and storage medium |
| CN113411267A (en) * | 2021-06-16 | 2021-09-17 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115941610A (en) * | 2022-12-09 | 2023-04-07 | 中联智慧农业股份有限公司 | Token bucket algorithm-based current limiting method, current limiting device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115174486B (en) | 2024-05-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102082693B (en) | Method and device for monitoring network traffic | |
| EP2991304B1 (en) | Conflict detection and solving method and device | |
| CN101399711B (en) | Network monitoring system and network monitoring method | |
| US7140041B2 (en) | Detecting dissemination of malicious programs | |
| JP6433865B2 (en) | Communication device | |
| Zhang et al. | FTGuard: A priority-aware strategy against the flow table overflow attack in SDN | |
| US20070174449A1 (en) | Method and system for identifying potential adverse network conditions | |
| US20180314619A1 (en) | Automated code verification and machine learning in software defined networks | |
| CN108429731A (en) | Anti-attack method, device and electronic equipment | |
| US6918067B2 (en) | Detecting network instability | |
| CN115174486A (en) | Message transmission method, system and storage medium | |
| CN109657463B (en) | Method and device for defending message flooding attack | |
| CN107800626B (en) | Data message processing method, device and equipment | |
| CN111901234A (en) | Network loop processing method, system and related equipment | |
| US11108812B1 (en) | Data plane with connection validation circuits | |
| WO2009018737A1 (en) | Method and network device for preventing dos attacks | |
| CN106789954A (en) | A kind of method and apparatus of the DDOS attack identification based on multi -CPU | |
| Kwon et al. | RNN-based anomaly detection in DNP3 transport layer | |
| CN111756713A (en) | Network attack identification method and device, computer equipment and medium | |
| Zhang et al. | A scalable double oracle algorithm for hardening large active directory systems | |
| CN111641659A (en) | Method, device, equipment and storage medium for preventing central processing unit of switch from being attacked | |
| CN114697088B (en) | Method and device for determining network attack and electronic equipment | |
| CN116185598A (en) | Address processing method, address processing device, electronic equipment and readable storage medium | |
| CN113328976B (en) | Security threat event identification method, device and equipment | |
| CN116743406A (en) | Network security early warning method and device, storage medium and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |