CN115174486B - Message transmission method, system and storage medium - Google Patents
Message transmission method, system and storage medium Download PDFInfo
- Publication number
- CN115174486B CN115174486B CN202210618394.1A CN202210618394A CN115174486B CN 115174486 B CN115174486 B CN 115174486B CN 202210618394 A CN202210618394 A CN 202210618394A CN 115174486 B CN115174486 B CN 115174486B
- Authority
- CN
- China
- Prior art keywords
- message
- bytes
- token bucket
- key
- array element
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000005540 biological transmission Effects 0.000 title claims abstract description 20
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 45
- 230000009471 action Effects 0.000 claims abstract description 35
- 230000000903 blocking effect Effects 0.000 claims description 12
- 238000011084 recovery Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 238000007493 shaping process Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 8
- 238000004891 communication Methods 0.000 abstract description 5
- 230000000694 effects Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/215—Flow control; Congestion control using token-bucket
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/23—Bit dropping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of communication transmission and discloses a message transmission method, a message transmission system and a storage medium, wherein the method comprises the steps of generating a first KEY code uniquely corresponding to a received message based on a preset operation algorithm; searching a token bucket corresponding to the first KEY code from a prestored database, and adding 1 to the number of tokens in the bucket of the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to a KEY code; judging whether the number of tokens is larger than a preset token threshold, if the number of tokens is larger than or equal to the preset token threshold, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; if the number of tokens is smaller than the preset token threshold, the action corresponding to the first token bucket is modified to be forwarding, and the received message is forwarded continuously, so that the aggressiveness of the message can be judged efficiently, the message transmission delay is reduced, and the normal process in the system is ensured.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, a system, and a storage medium for transmitting a message.
Background
The packet is a data unit exchanged and transmitted in the network, with the rapid development of network technology, the sending amount of the packet is increased, at present, the switch and the router on the market cannot target to judge legal packet with attack property, and cannot achieve intelligent identification effect, most of the switches and routers have limited functions of protecting the CPU from the attack of the packet, the industry mainly comprises the step of limiting the speed of a CPU interface, the global speed of the packet based on an ingress port, the speed of the COS queue based on the CPU port and the speed of the packet type based on the Ethernet, and whether the packet has attack is not judged, when the switch or the router receives one or more packets with larger speed, the content of the packet is fixed, and the packet which impacts the CPU is not judged to be attack by most of the switch or the router on the market and is discarded if the content of the packet is legal. When a large number of messages with attack property impact the CPU of the switch or the router, the CPU resources of the equipment and the CPU interface bandwidth are necessarily occupied, so that protocol messages of the CPU on the normal state cannot be processed normally or the delay is large, and meanwhile, communication abnormality of internal processes of the system is caused. Therefore, when the message is transmitted, the existing mode can not find out the aggressiveness of the message in time, so that the message transmission delay is larger, and the internal process of the system is influenced.
Disclosure of Invention
The invention provides a message transmission method, a system and a storage medium, which are used for solving the problems that the aggressiveness of a message cannot be found in time when the message is transmitted in the existing mode, so that the message transmission delay is larger and the internal process of the system is influenced.
In order to achieve the above object, the present invention is realized by the following technical scheme:
in a first aspect, the present invention provides a method for transmitting a message, including:
Generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm;
searching a token bucket corresponding to the KEY code from a prestored database, and adding 1 to the number of tokens in the bucket of the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to a KEY code;
Judging whether the number of tokens is larger than a preset token threshold, if the number of tokens is larger than or equal to the preset token threshold, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; and if the number of tokens is smaller than the preset token threshold, modifying the action corresponding to the first token bucket into forwarding, and continuing forwarding the received message.
Optionally, the generating the first KEY code uniquely corresponding to the received message based on the preset operation algorithm includes:
Defining an unsigned shaped array KEY with 32 bits of data type, wherein the array element size is 16, and the total array size is 64 bytes;
and determining a preset operation algorithm according to the message length of the message, and generating the first KEY code based on the preset operation algorithm, the message and the shaping array KEY.
Optionally, the determining a preset operation algorithm according to the message length of the message includes:
When the message length is smaller than 16 bytes, the preset operation algorithm satisfies the following relation:
push16=(((x1)&(y1))|((~w1)&(z1)));
Wherein x 1 is the result of performing the AND operation on the 0-3 bytes of the message content and the KEY array element 0, y 1 is the result of performing the AND operation on the 4-7 bytes of the message content and the KEY array element 1, w 1 is the result of performing the AND operation on the 8-11 bytes of the message content and the KEY array element 2, z 1 is the result of performing the AND operation on the 12-15 bytes of the message content and the KEY array element 3, and represents the inverse operation, & represents the AND operation, |represents the OR operation;
When the message length is more than 16 and less than 32 bytes, the preset operation algorithm satisfies the following relation:
push32=(((x2)&(z2))|((y2)&(~w2)));
Wherein x 2 is the result of the AND operation of 16-19 bytes of the message content and the KEY array element 4, z 2 is the result of the AND operation of 20-23 bytes of the message content and the KEY array element 5, y 2 is the result of the AND operation of 24-27 bytes of the message content and the KEY array element 6, and w 2 is the result of the AND operation of 28-31 bytes of the message content and the KEY array element 7;
when the message length is more than 32 and less than 48 bytes, the preset operation algorithm satisfies the following relation:
push48=((w3)^(x3)^(y3)^(z3));
Wherein w 3 is the result of the AND operation of 32-35 bytes of the message content and the KEY array element 8, x 3 is the result of the AND operation of 36-39 bytes of the message content and the KEY array element 9, y 3 is the result of the AND operation of 40-43 bytes of the message content and the KEY array element 10, z 3 is the result of the AND operation of 44-47 bytes of the message content and the KEY array element 11, and either the expression or the operation is given;
when the message length is more than 48 and less than 64 bytes, the preset operation algorithm satisfies the following relation:
push64=(((y4)|(~w4))^((x4)|(~z4)));
Wherein y 4 is the result of performing the AND operation on the message content 48-51 bytes and the KEY array element 12, w 4 is the result of performing the AND operation on the message content 52-55 bytes and the KEY array element 13, x 4 is the result of performing the AND operation on the message content 56-59 bytes and the KEY array element 14, and z 4 is the result of performing the AND operation on the message content 60-63 bytes and the KEY array element 15;
When the message length is more than 64 and less than 112 bytes, the preset operation algorithm satisfies the following relation:
pushTail=(((x5)&(y5))|((~w5)&(z5)));
Wherein x 5 is the result of performing the AND operation on 96-99 bytes of the message content and the KEY array element 0, y 5 is the result of performing the AND operation on 100-103 bytes of the message content and the KEY array element 1, w 5 is the result of performing the AND operation on 104-107 bytes of the message content and the KEY array element 2, and z 5 is the result of performing the AND operation on 108-111 bytes of the message content and the KEY array element 3;
and generating the first KEY code, wherein the first KEY code meets the following relation:
keyCode=(push16+push32+push48+push64+pushTail)|(pktLen<<4)|(pktLen>>4);
wherein pktLen < <4 > represents a left shift of 4 bits in message length, pktLen >4 represents a right shift of 4 bits in message length.
Optionally, if the first token bucket corresponding to the first KEY code is not found in the pre-stored database and the token bucket resources in the database are full, rewriting the second KEY code corresponding to the token bucket with the least token bucket number in the database into the first KEY code; if the token bucket corresponding to the first KEY code is not found and the token bucket resources in the database are sufficient, a token bucket corresponding to the first KEY code is created.
Optionally, before the step of searching the token bucket corresponding to the KEY code from the pre-stored database, the method further includes:
When the packet receiving rate of the message is greater than a preset rate, a token bucket blocking mechanism is started;
the searching the token bucket corresponding to the KEY code from the prestored database comprises the following steps:
and under the condition of starting a token bucket blocking mechanism, searching a token bucket corresponding to the KEY code from a prestored database.
Optionally, the method further comprises:
if the current action of the token bucket is discarding and the number of tokens is equal to a preset recovery value, the action of the token bucket is converted into preparation;
If the current action of the token bucket is ready and the number of tokens is equal to the preset recovery value minus the number of tokens, the action of the token bucket is converted into forwarding, and the forwarding of the message is recovered.
In a second aspect, the present invention provides a message transmission system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method according to the first aspect when executing the computer program.
In a third aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method steps according to the first aspect.
The beneficial effects are that:
The method for transmitting the message provided by the invention carries out operation on the message content through the preset operation algorithm, generates a first KEY code uniquely corresponding to the message, searches the token bucket corresponding to the first KEY code from the prestored database, and further judges whether the message has aggressiveness according to the token quantity of the token bucket so as to determine whether the message is discarded or the message is continuously transmitted, thus the aggressiveness of the message can be efficiently judged, the message transmission delay is reduced, and the normal process in the system is ensured.
In a preferred embodiment, a preset operation algorithm is adopted to perform bit operation on the message content and the defined KEY array, the calculation mode is efficient, the occupied CPU resources are less, and the preset operation algorithm can generate unique KEY codes for messages with different contents.
In a preferred embodiment, if the token bucket is currently active as ready and the number of tokens is equal to the preset recovery value minus the number of tokens taken, the action of the token bucket is converted into forwarding and the forwarding of the message is resumed, so that the forwarding can be resumed automatically when the attack message rate is reduced and no more aggressiveness is present. The method can achieve the effects of preventing the impact of the message on the CPU and ensuring the normal operation of the service.
Drawings
FIG. 1 is a flow chart of a message transmission method according to a preferred embodiment of the present invention;
FIG. 2 is a schematic diagram of a KEY code generation scheme according to a preferred embodiment of the present invention;
FIG. 3 is a schematic diagram of a token bucket opening flow in accordance with a preferred embodiment of the present invention;
FIG. 4 is a schematic diagram of a token taking and closing process according to a preferred embodiment of the present invention;
fig. 5 is a second flowchart of a message transmission method according to the preferred embodiment of the invention.
Detailed Description
The following description of the present invention will be made clearly and fully, and it is apparent that the embodiments described are only some, but not all, of the embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this invention belongs. The terms "first," "second," and the like, as used herein, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. Likewise, the terms "a" or "an" and the like do not denote a limitation of quantity, but rather denote the presence of at least one. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate a relative positional relationship, which changes accordingly when the absolute position of the object to be described changes.
It should be understood that the method for transmitting a message provided by the present application may be applied to various forwarding devices in the field of data communication, for example, the forwarding device may be a switch or a router CPU, which is only used herein as an example and not limited thereto. When a large number of messages with attack property impact the CPU of the switch or the router, the resources of the CPU of the equipment are necessarily occupied, the bandwidth of the interface of the CPU is occupied, so that protocol messages of the CPU on the normal state cannot be processed normally, or the delay is large, and meanwhile, abnormal communication of internal processes of the system is caused. Therefore, the phenomena of access failure of remote network management software, network failure caused by untimely protocol processing, incapacity of management of equipment, automatic restarting of equipment and the like can be caused. Based on the above, the application provides a message transmission method.
Referring to fig. 1, the method for transmitting a message provided by the present application includes:
Generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm;
Searching a token bucket corresponding to the first KEY code from a prestored database, and adding 1 to the number of tokens in the bucket of the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to a KEY code;
Judging whether the number of tokens is larger than a preset token threshold, if the number of tokens is larger than or equal to the preset token threshold, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; if the number of tokens is smaller than the preset token threshold, modifying the action corresponding to the first token bucket into forwarding, and continuing forwarding the received message.
In this embodiment, the token bucket is a traffic policing algorithm, and the number of messages can be counted by the number of tokens in the token bucket, each token bucket corresponds to a KEY code, if hit, the token bucket adds the tokens into the bucket, and the number of the corresponding tokens in the token bucket is increased by 1. If the number of tokens is greater than the threshold value at this time, the number of tokens in the token bucket is set to be the threshold value plus 1, wherein the preset token threshold value can be set by staff according to actual demands. The number of tokens is larger than or equal to a preset token threshold value, which indicates that the number of messages is larger, and the messages are regarded as having attack properties.
According to the message transmission method, the first KEY code uniquely corresponding to the message is generated by carrying out operation on the message content through the preset operation algorithm, the token bucket corresponding to the first KEY code is searched from the prestored database, and whether the message is offensive or not is judged according to the number of tokens in the token bucket, so that whether the message is discarded or the message is continuously transmitted is judged, the offensiveness of the message can be judged efficiently, the message transmission delay is reduced, and the normal process in the system is ensured.
Optionally, the generating the first KEY code uniquely corresponding to the received message based on the preset operation algorithm includes:
Defining an unsigned shaped array KEY with 32 bits of data type, wherein the array element size is 16, and the total array size is 64 bytes;
and determining a preset operation algorithm according to the message length of the message, and generating the first KEY code based on the preset operation algorithm, the message and the shaping array KEY.
It should be noted that 64 bytes correspond to the shortest length of a common ethernet message, when the CPU receives the ethernet message, the CPU performs an operation on the message content and the KEY array through a preset operation algorithm, so as to generate an unsigned 32-bit shaping KEY code (KEY code), and stores the KEY code obtained by the operation in a pre-stored database, which indicates that the message is marked, and then after the CPU receives the message, it can quickly determine whether the message hits or not through KEY code matching, thereby performing a token bucket operation on the message number, and further determining whether the message is discarded according to an operation result.
Optionally, the determining a preset operation algorithm according to the message length of the message includes an algorithm one shown in fig. 2: when the message length is smaller than 16 bytes, the preset operation algorithm satisfies the following relation:
push16=(((x1)&(y1))|((~w1)&(z1)));
Wherein x 1 is the result of the AND operation of 0-3 bytes of the message content and the KEY array element 0, y 1 is the result of the AND operation of 4-7 bytes of the message content and the KEY array element 1, w 1 is the result of the AND operation of 8-11 bytes of the message content and the KEY array element 2, z 1 is the result of the AND operation of 12-15 bytes of the message content and the KEY array element 3, and represents the inverse operation, and represents the AND operation, and I represents the OR operation.
Algorithm II: when the message length is more than 16 and less than 32 bytes, the preset operation algorithm satisfies the following relation:
push32=(((x2)&(z2))|((y2)&(~w2)));
Wherein x 2 is the result of the AND operation of 16-19 bytes of the message content and the KEY array element 4, z 2 is the result of the AND operation of 20-23 bytes of the message content and the KEY array element 5, y 2 is the result of the AND operation of 24-27 bytes of the message content and the KEY array element 6, and w 2 is the result of the AND operation of 28-31 bytes of the message content and the KEY array element 7;
algorithm III: when the message length is more than 32 and less than 48 bytes, the preset operation algorithm satisfies the following relation:
push48=((w3)^(x3)^(y3)^(z3));
Wherein w 3 is the result of the AND operation of 32-35 bytes of the message content and the KEY array element 8, x 3 is the result of the AND operation of 36-39 bytes of the message content and the KEY array element 9, y 3 is the result of the AND operation of 40-43 bytes of the message content and the KEY array element 10, z 3 is the result of the AND operation of 44-47 bytes of the message content and the KEY array element 11, and either the expression or the operation is given;
Algorithm IV: when the message length is more than 48 and less than 64 bytes, the preset operation algorithm satisfies the following relation:
push64=(((y4)|(~w4))^((x4)|(~z4)));
Wherein y 4 is the result of performing the AND operation on the message content 48-51 bytes and the KEY array element 12, w 4 is the result of performing the AND operation on the message content 52-55 bytes and the KEY array element 13, x 4 is the result of performing the AND operation on the message content 56-59 bytes and the KEY array element 14, and z 4 is the result of performing the AND operation on the message content 60-63 bytes and the KEY array element 15;
algorithm five: when the message length is more than 64 and less than 112 bytes, the preset operation algorithm satisfies the following relation:
pushTail=(((x5)&(y5))|((~w5)&(z5)));
Wherein x 5 is the result of performing the AND operation on 96-99 bytes of the message content and the KEY array element 0, y 5 is the result of performing the AND operation on 100-103 bytes of the message content and the KEY array element 1, w 5 is the result of performing the AND operation on 104-107 bytes of the message content and the KEY array element 2, and z 5 is the result of performing the AND operation on 108-111 bytes of the message content and the KEY array element 3;
algorithm six: the generating the first KEY code satisfies the following relation:
keyCode=(push16+push32+push48+push64+pushTail)|(pktLen<<4)|(pktLen>>4);
wherein pktLen < <4 > represents a left shift of 4 bits in message length, pktLen >4 represents a right shift of 4 bits in message length.
It should be noted that the above formula is only one mathematical expression that it satisfies, and in other possible embodiments, the above formula may be converted into other forms, but any conversion thereof is within the scope of the present application. The final result keyCode, keyCode is the KEY code to be stored in the database and mapped to the corresponding message, where the KEY code is mainly used for blocking the impact mechanism by the following token bucket, and determining whether the message hits the KEY code stored in the database (each token bucket corresponds to one KEY code). In this way, the preset operation algorithm is adopted to perform bit operation on the message content and the defined KEY array, the calculation mode is efficient, the occupied CPU resources are less, and the preset operation algorithm can generate unique KEY codes for messages with different contents.
Optionally, if the first token bucket corresponding to the first KEY code is not found in the pre-stored database and the token bucket resources in the database are full, rewriting the second KEY code corresponding to the token bucket with the least token bucket number in the database into the first KEY code; if the token bucket corresponding to the first KEY code is not found and the token bucket resources in the database are sufficient, a token bucket corresponding to the first KEY code is created.
In this alternative embodiment, token bucket resources are full, meaning that the token bucket class is maximized and no resources are available. Sufficient token bucket resources means that the token bucket class is not maximized and there are available resources.
In this embodiment, by rewriting the KEY code corresponding to the token bucket and newly adding or subtracting the token bucket according to the search condition, reasonable configuration can be performed according to the user requirement and the use scenario.
Optionally, before the step of searching the token bucket corresponding to the KEY code from the pre-stored database, the method further includes:
When the packet receiving rate of the message is greater than a preset rate, a token bucket blocking mechanism is started;
the searching the token bucket corresponding to the KEY code from the prestored database comprises the following steps:
and under the condition of starting a token bucket blocking mechanism, searching a token bucket corresponding to the KEY code from a prestored database.
It should be noted that, as shown in fig. 3, the token bucket blocking mechanism is automatically turned on when the CPU packet receiving rate reaches a certain value (a value configured by the user). If the token bucket under the port is not opened, the processing function triggered by the timer reads the rate in the token bucket record table and judges whether the number of messages taken per second is exceeded. And if the speed exceeds the preset speed, adding 1 to the speed in the token bucket record table, and if the speed does not exceed the preset speed, resetting the speed in the token bucket record table. And judging whether the overspeed frequency reaches the maximum allowable overspeed frequency (the overspeed frequency can be determined through user configuration), and opening the token bucket if the maximum overspeed frequency is reached.
Thus, the token bucket is automatically opened and closed according to the CPU packet receiving rate, and the calculation resource can be saved.
Optionally, the method further comprises:
if the current action of the token bucket is discarding and the number of tokens is equal to a preset recovery value, the action of the token bucket is converted into preparation;
If the current action of the token bucket is ready and the number of tokens is equal to the preset recovery value minus the number of tokens, the action of the token bucket is converted into forwarding, and the forwarding of the message is recovered.
In this alternative embodiment, as shown in fig. 4, if the token bucket under the port is opened, the processing function triggered by the timer will traverse the token log to take the token. When judging the action of the tokens in the bucket, taking the tokens twice the number of the single-time tokens if the action is discarding, and taking the tokens twice the number of the single-time tokens if the action is other actions. When tokens are taken from the bucket, the number of tokens recorded in the token bucket record table is reduced. If the current action of the token is discarding and the number of tokens is equal to the recovery value, the action of the token is changed to be ready. If the current token action is ready and the number of tokens is equal to the recovery value minus the number of tokens to be taken, the token action is converted into forwarding, and the forwarding of the message is recovered. In this way, forwarding can be automatically resumed when the attack packet rate decreases and no longer has an offensiveness. The method can achieve the effects of preventing the impact of the message on the CPU and ensuring the normal operation of the service.
In one example, if the number of tokens in a token bucket is zero, it is deleted from the token bucket record table, and the token class in the bucket is decremented by one. If the token record in the token bucket record table is empty, the token bucket is closed, which indicates that all tokens in the token bucket have been taken away.
In a complete example, as shown in fig. 5, when the cpu receives a message, the KEY code is generated through the above operation, and then compared with the KEY code stored in the database, the token bucket corresponding to the message is found through hit. If hit, the token bucket adds the token to the bucket, the number of corresponding tokens in the token bucket being increased by 1. If the number of tokens is greater than the threshold value at this time, the number of tokens in the token bucket is set to the threshold value plus 1. If there is no hit, a new token bucket corresponding to the message is created. It is first checked whether the existing token bucket class has reached a maximum, i.e. whether resources are available. If the number of the tokens reaches the maximum, the token bucket with the minimum number of the tokens is replaced, and the number of the token bucket types is unchanged. If the token bucket is not the largest, a token bucket corresponding to the KEY code is created, the token bucket is recorded in a token bucket database, and the number of token bucket types is increased by 1. The number of tokens newly added to the token bucket is the initial token value. And if the number of tokens in the token bucket is greater than or equal to the threshold value and the action is not discarding, changing the action of the token bucket into discarding and storing the action into a token bucket database. Messages of actions other than the forwarding action will be discarded. Thus, a mechanism for effectively judging and blocking the message attack is established, and the effects of accurately judging the message attack and effectively blocking the impact of the message on the CPU are achieved through a set of processing mechanisms such as message accurate identification, recording, rate operation, attack property judgment, blocking action response, recovery and the like. And automatically switching on and off the token bucket according to the CPU packet receiving rate, automatically identifying the message with the attack property, automatically issuing the blocking attack action, and stopping the attack and automatically recovering and forwarding. The token bucket of the invention comprises the settings of the bucket threshold value, the normal recovery value, the single token value taking and the initialization token value, and can be reasonably configured according to the user requirement and the use scene, thereby achieving the effects of preventing the impact on the CPU and ensuring the normal operation of the service.
The application also provides a message transmission system, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the steps of the method when executing the computer program. The message transmission system can realize the embodiments of the message transmission method and achieve the same beneficial effects, and the description is omitted here.
The embodiments of the present application also provide a computer readable storage medium having stored thereon a computer program which when executed by a processor realizes the method steps as described above. The readable storage medium can implement the embodiments of the method described above and achieve the same advantageous effects, and will not be described here in detail.
The foregoing describes in detail preferred embodiments of the present invention. It should be understood that numerous modifications and variations can be made in accordance with the concepts of the invention by one of ordinary skill in the art without undue burden. Therefore, all technical solutions which can be obtained by logic analysis, reasoning or limited experiments based on the prior art by the person skilled in the art according to the inventive concept shall be within the scope of protection defined by the claims.
Claims (6)
1. A method for transmitting a message, comprising:
Generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm;
Searching a token bucket corresponding to the first KEY code from a prestored database, and adding 1 to the number of tokens in the first token bucket under the condition that the first token bucket corresponding to the first KEY code is searched; each token bucket corresponds to a KEY code;
Judging whether the number of tokens is larger than a preset token threshold, if the number of tokens is larger than or equal to the preset token threshold, modifying the action corresponding to the first token bucket into discarding, and discarding the received message; if the number of tokens is smaller than the preset token threshold, modifying the action corresponding to the first token bucket into forwarding and continuing forwarding the received message,
The generating a first KEY code uniquely corresponding to the received message based on a preset operation algorithm includes:
Defining an unsigned shaped array KEY with 32 bits of data type, wherein the array element size is 16, and the total array size is 64 bytes;
Determining a preset operation algorithm according to the message length of the message, generating the first KEY code based on the preset operation algorithm, the message and the shaping array KEY,
The determining a preset operation algorithm according to the message length of the message comprises the following steps:
When the message length is smaller than 16 bytes, the preset operation algorithm satisfies the following relation:
push16=(((x1)&(y1))|((~w1)&(z1)));
Wherein x 1 is the result of performing the AND operation on the 0-3 bytes of the message content and the KEY array element 0, y 1 is the result of performing the AND operation on the 4-7 bytes of the message content and the KEY array element 1, w 1 is the result of performing the AND operation on the 8-11 bytes of the message content and the KEY array element 2, z 1 is the result of performing the AND operation on the 12-15 bytes of the message content and the KEY array element 3, and represents the inverse operation, & represents the AND operation, |represents the OR operation;
When the message length is more than 16 and less than 32 bytes, the preset operation algorithm satisfies the following relation:
push32=(((x2)&(z2))|((y2)&(~w2)));
Wherein x 2 is the result of the AND operation of 16-19 bytes of the message content and the KEY array element 4, z 2 is the result of the AND operation of 20-23 bytes of the message content and the KEY array element 5, y 2 is the result of the AND operation of 24-27 bytes of the message content and the KEY array element 6, and w 2 is the result of the AND operation of 28-31 bytes of the message content and the KEY array element 7;
when the message length is more than 32 and less than 48 bytes, the preset operation algorithm satisfies the following relation:
push48=((w3)^(x3)^(y3)^(z3));
Wherein w 3 is the result of the AND operation of 32-35 bytes of the message content and the KEY array element 8, x 3 is the result of the AND operation of 36-39 bytes of the message content and the KEY array element 9, y 3 is the result of the AND operation of 40-43 bytes of the message content and the KEY array element 10, z 3 is the result of the AND operation of 44-47 bytes of the message content and the KEY array element 11, and either the expression or the operation is given;
when the message length is more than 48 and less than 64 bytes, the preset operation algorithm satisfies the following relation:
push64=(((y4)|(~w4))^((x4)|(~z4)));
Wherein y 4 is the result of performing the AND operation on the message content 48-51 bytes and the KEY array element 12, w 4 is the result of performing the AND operation on the message content 52-55 bytes and the KEY array element 13, x 4 is the result of performing the AND operation on the message content 56-59 bytes and the KEY array element 14, and z 4 is the result of performing the AND operation on the message content 60-63 bytes and the KEY array element 15;
When the message length is more than 64 and less than 112 bytes, the preset operation algorithm satisfies the following relation:
pushTail=(((x5)&(y5))|((~w5)&(z5)));
Wherein x 5 is the result of performing the AND operation on 96-99 bytes of the message content and the KEY array element 0, y 5 is the result of performing the AND operation on 100-103 bytes of the message content and the KEY array element 1, w 5 is the result of performing the AND operation on 104-107 bytes of the message content and the KEY array element 2, and z 5 is the result of performing the AND operation on 108-111 bytes of the message content and the KEY array element 3;
and generating the first KEY code, wherein the first KEY code meets the following relation:
keyCode=(push16+push32+push48+push64+pushTail)|(pktLen<<4)|(pktLen>>4);
wherein pktLen < <4 > represents a left shift of 4 bits in message length, pktLen >4 represents a right shift of 4 bits in message length.
2. The method for transmitting a message according to claim 1, wherein if a first token bucket corresponding to the first KEY code is not found in a pre-stored database and a token bucket resource in the database is full, a second KEY code corresponding to a token bucket with the least number of token buckets in the database is rewritten to the first KEY code; if the token bucket corresponding to the first KEY code is not found and the token bucket resources in the database are sufficient, a token bucket corresponding to the first KEY code is created.
3. The method for transmitting a message according to claim 1, wherein before searching a token bucket corresponding to the KEY code from a pre-stored database, the method further comprises:
When the packet receiving rate of the message is greater than a preset rate, a token bucket blocking mechanism is started;
the searching the token bucket corresponding to the KEY code from the prestored database comprises the following steps:
and under the condition of starting a token bucket blocking mechanism, searching a token bucket corresponding to the KEY code from a prestored database.
4. The method for transmitting a message according to claim 1, further comprising:
if the current action of the token bucket is discarding and the number of tokens is equal to a preset recovery value, the action of the token bucket is converted into preparation;
If the current action of the token bucket is ready and the number of tokens is equal to the preset recovery value minus the number of tokens, the action of the token bucket is converted into forwarding, and the forwarding of the message is recovered.
5. A message transmission system comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of the preceding claims 1 to 4 when executing the computer program.
6. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, carries out the method steps according to any of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210618394.1A CN115174486B (en) | 2022-06-01 | 2022-06-01 | Message transmission method, system and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210618394.1A CN115174486B (en) | 2022-06-01 | 2022-06-01 | Message transmission method, system and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115174486A CN115174486A (en) | 2022-10-11 |
CN115174486B true CN115174486B (en) | 2024-05-28 |
Family
ID=83483925
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210618394.1A Active CN115174486B (en) | 2022-06-01 | 2022-06-01 | Message transmission method, system and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115174486B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115941610A (en) * | 2022-12-09 | 2023-04-07 | 中联智慧农业股份有限公司 | Token bucket algorithm-based current limiting method, current limiting device and electronic equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1466334A (en) * | 2002-06-12 | 2004-01-07 | ��Ϊ��������˾ | Method for controlling message transmitting spped rate in router interface |
CN101272346A (en) * | 2008-04-29 | 2008-09-24 | 华为技术有限公司 | Method and device for packet flux monitoring |
CN101325588A (en) * | 2007-06-11 | 2008-12-17 | 华为技术有限公司 | Method for preventing network equipment from attacking and network equipment |
CN105471917A (en) * | 2016-01-14 | 2016-04-06 | 成都麦杰康科技有限公司 | Data transmission method and system |
CN106656850A (en) * | 2016-10-27 | 2017-05-10 | 盛科网络(苏州)有限公司 | Chip realizing method for automatically identifying network traffic and making speed limit |
CN110611623A (en) * | 2019-08-30 | 2019-12-24 | 江苏苏宁物流有限公司 | Current limiting method and device |
CN110995598A (en) * | 2019-11-12 | 2020-04-10 | 芯创智(北京)微电子有限公司 | Variable-length message data processing method and scheduling device |
CN111447150A (en) * | 2020-02-29 | 2020-07-24 | 中国平安财产保险股份有限公司 | Access request current limiting method, server and storage medium |
WO2021002022A1 (en) * | 2019-07-04 | 2021-01-07 | 日本電信電話株式会社 | Communication device, communication method, and program |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020075875A1 (en) * | 2000-09-22 | 2002-06-20 | Narad Networks, Inc. | Broadband system with transmission scheduling and flow control |
CN105024942B (en) * | 2015-05-29 | 2018-05-08 | 桂林电子科技大学 | A kind of dynamic flow monitoring method |
CN113411267B (en) * | 2021-06-16 | 2023-04-07 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
-
2022
- 2022-06-01 CN CN202210618394.1A patent/CN115174486B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1466334A (en) * | 2002-06-12 | 2004-01-07 | ��Ϊ��������˾ | Method for controlling message transmitting spped rate in router interface |
CN101325588A (en) * | 2007-06-11 | 2008-12-17 | 华为技术有限公司 | Method for preventing network equipment from attacking and network equipment |
CN101272346A (en) * | 2008-04-29 | 2008-09-24 | 华为技术有限公司 | Method and device for packet flux monitoring |
CN105471917A (en) * | 2016-01-14 | 2016-04-06 | 成都麦杰康科技有限公司 | Data transmission method and system |
CN106656850A (en) * | 2016-10-27 | 2017-05-10 | 盛科网络(苏州)有限公司 | Chip realizing method for automatically identifying network traffic and making speed limit |
WO2021002022A1 (en) * | 2019-07-04 | 2021-01-07 | 日本電信電話株式会社 | Communication device, communication method, and program |
CN110611623A (en) * | 2019-08-30 | 2019-12-24 | 江苏苏宁物流有限公司 | Current limiting method and device |
CN110995598A (en) * | 2019-11-12 | 2020-04-10 | 芯创智(北京)微电子有限公司 | Variable-length message data processing method and scheduling device |
CN111447150A (en) * | 2020-02-29 | 2020-07-24 | 中国平安财产保险股份有限公司 | Access request current limiting method, server and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN115174486A (en) | 2022-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10193890B2 (en) | Communication apparatus to manage whitelist information | |
JP3574184B2 (en) | Method and apparatus for analysis of information contained in a data structure | |
CN115174486B (en) | Message transmission method, system and storage medium | |
US20070174449A1 (en) | Method and system for identifying potential adverse network conditions | |
CN101286996A (en) | Storm attack resisting method and apparatus | |
CN109905361A (en) | Internet of Things ddos attack defence method, device, system and storage medium | |
JP2003018198A (en) | Packet transfer device having a plurality of kinds of packet control functions | |
Zhang et al. | FTGuard: A priority-aware strategy against the flow table overflow attack in SDN | |
CN107800626B (en) | Data message processing method, device and equipment | |
CN108429731A (en) | Anti-attack method, device and electronic equipment | |
CN109657463B (en) | Method and device for defending message flooding attack | |
CN112583850B (en) | Network attack protection method, device and system | |
US11855888B2 (en) | Packet verification method, device, and system | |
US11108812B1 (en) | Data plane with connection validation circuits | |
US6973503B2 (en) | Preventing at least in part control processors from being overloaded | |
JP7139252B2 (en) | transfer device | |
CN112187665B (en) | Message processing method and device | |
CN111695115B (en) | Industrial control system network attack tracing method based on communication time delay and security evaluation | |
CN108418794A (en) | A kind of intelligent substation communication network resists the method and system of ARP attacks | |
CN111641659A (en) | Method, device, equipment and storage medium for preventing central processing unit of switch from being attacked | |
EP4398534A1 (en) | Network monitoring method and apparatus, and computer storage medium | |
Zhang et al. | ADMBIFA: Accurate Detection and Mitigation of Blended Interest Flooding Attacks in NDNs | |
Team | Nfd developer’s guide | |
CN115380510B (en) | Method for monitoring data flow between controllers of motor vehicle and motor vehicle equipped therewith | |
KR100347516B1 (en) | Garbage Packet Discarding Apparatus for Preventing Congestion in ATM System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |