[go: up one dir, main page]

CN100454900C - Method and system for quickly responding to IP fragmentation packets - Google Patents

Method and system for quickly responding to IP fragmentation packets Download PDF

Info

Publication number
CN100454900C
CN100454900C CNB2006100333823A CN200610033382A CN100454900C CN 100454900 C CN100454900 C CN 100454900C CN B2006100333823 A CNB2006100333823 A CN B2006100333823A CN 200610033382 A CN200610033382 A CN 200610033382A CN 100454900 C CN100454900 C CN 100454900C
Authority
CN
China
Prior art keywords
message
fragmentation
fragmentation message
destination
fragment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006100333823A
Other languages
Chinese (zh)
Other versions
CN1874301A (en
Inventor
梁铷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2006100333823A priority Critical patent/CN100454900C/en
Publication of CN1874301A publication Critical patent/CN1874301A/en
Application granted granted Critical
Publication of CN100454900C publication Critical patent/CN100454900C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a method for rapidly responding an IP fragment message, which comprises the steps that an IP sending end sends the IP fragment message; an IP destination end receives the IP fragment message, and judges whether the IP fragment message needs a direct response; when the IP fragment message needs the direct response, the IP destination end immediately sends response information to the IP sending end on a network layer; when the IP fragment message does not need the direct response, the IP destination end recombines the IP fragment message. The response time to the IP fragment message is shortened for satisfying the very high real-time requirement of response processing by the response processing of the IP fragment message. Because the IP sending end is not responded after recombination on the IP destination end, the recombination overhead of the response time is reduced, and simultaneously, the possibility of attack suffering caused by establishing a recombination queue is reduced.

Description

快速响应IP分片报文的方法和系统 Method and system for quickly responding to IP fragmentation packets

技术领域 technical field

本发明涉及网络通信中的报文处理技术,尤其涉及快速响应IP分片报文的方法和系统。The invention relates to message processing technology in network communication, in particular to a method and system for quickly responding to IP fragment messages.

背景技术 Background technique

在网络中传输数据时,物理网络层一般要限制每次发送数据帧的最大长度。任何时候IP(Internet Protocol,网络协议)层接收到一份要发送的IP报文的时,判断向本地哪个接口发送数据,并查询该接口以获得其MTU(Maximum Transmission Unit,最大传输单元)。在IP层把接收接口的MTU与需发送IP报文长度进行比较,根据需要把IP报文进行分片,拆分成若干个IP分片报文,即:除最后一片报文,其它的分片报文的大小都达MTU的传输能力。When transmitting data in the network, the physical network layer generally limits the maximum length of each data frame sent. Whenever the IP (Internet Protocol, network protocol) layer receives an IP message to be sent, it determines which interface to send data to locally, and queries the interface to obtain its MTU (Maximum Transmission Unit, maximum transmission unit). At the IP layer, the MTU of the receiving interface is compared with the length of the IP packet to be sent, and the IP packet is fragmented as needed, and divided into several IP fragmented packets, that is, except the last piece of The size of a fragment packet reaches the transmission capacity of the MTU.

在构成完整IP报文的所有IP报文分片达到以后,目的接口才进行重新组装,即:重组。重新组装由目的端的IP层来完成,其目的是使分片和重新组装过程对传输层是透明的。The destination interface is reassembled, that is, reassembled, only after all IP packet fragments constituting a complete IP packet arrive. Reassembly is done by the IP layer at the destination, and its purpose is to make the fragmentation and reassembly process transparent to the transport layer.

IP分片报文首部中包含的数据为分片和重组提供了足够的信息:The data contained in the IP fragmentation header provides enough information for fragmentation and reassembly:

例如IPV4(Internet Protocol version 4,第四代网络协议)的IP分片报文结构如图1所示:前20字节为IP基本报头,其中下面字段用于分片重组过程的标识、标志、片偏移等。For example, the IP fragmentation message structure of IPV4 (Internet Protocol version 4, the fourth generation network protocol) is shown in Figure 1: the first 20 bytes are the IP basic header, and the following fields are used for the identification, sign, slice offset, etc.

对于发送端发送的每片IP分片报文来说,其标识字段都包含一个唯一值,该值在报文分片时被复制到每片IP分片报文中。For each piece of IP fragment message sent by the sender, its identification field contains a unique value, and this value is copied into each piece of IP fragment message when the message is fragmented.

标志字段用其中一个比特(bit)来表示把需要分片的IP报文分为更多的片,除了最后一片外,其他IP分片报文都要把该比特置1。The flag field uses one of the bits (bit) to indicate that the IP message to be fragmented is divided into more fragments. Except for the last fragment, this bit must be set to 1 for other IP fragmented messages.

片偏移字段指的是,该片IP分片报文偏移原始IP报文开始处的位置。The fragment offset field refers to the position where the IP fragment packet is offset from the beginning of the original IP packet.

当IP报文被分片后,每片IP分片报文的总长度值要改为该片报文的长度值。After the IP packet is fragmented, the total length value of each IP fragmented packet should be changed to the length value of the fragmented packet.

最后,标志字段中有一个比特称作“不分片”位,如果将这一比特置1,IP将不对数据报进行分片,如果该把报文丢弃,则发送一个ICMP(InternetControl Message Protocol,网络控制信息协议)差错报文给IP报文发送端。Finally, there is a bit in the flag field called the "don't fragment" bit. If this bit is set to 1, IP will not fragment the datagram. If the message should be discarded, an ICMP (Internet Control Message Protocol, Network Control Information Protocol) error message to the sender of the IP message.

当IP报文被分片后,每一片都成为一个IP分片报文,有自己的IP基本报头,并在选择路由时与其他IP分片报文独立。当IP分片报文到达IP目的端时有可能会失序,但是在IP首部中有足够的信息让接收端能正确组装这些IP分片报文。After the IP message is fragmented, each piece becomes an IP fragment message, has its own IP basic header, and is independent from other IP fragment messages when routing. When the IP fragmented message arrives at the IP destination, it may be out of order, but there is enough information in the IP header to allow the receiving end to correctly assemble these IP fragmented messages.

报文的分片重组过程如图2所示:IP目的端收到IP分片报文,根据IP基本报头的标识字段,挂到重组队列中,等待其余分片报文。当在重组队列中收集到所有IP分片报文,就开始根据每个分片报文的标志和片偏移字段来将报文重新组装为原始的一个IP报文,并交给传输层处理。The fragmentation reassembly process of the message is shown in Figure 2: the IP destination end receives the IP fragmentation message, hangs it in the reassembly queue according to the identification field of the IP basic header, and waits for the rest of the fragmentation messages. When all IP fragmented packets are collected in the reassembly queue, the packet will be reassembled into an original IP packet according to the flag and fragment offset field of each fragmented packet, and handed over to the transport layer for processing .

现有技术对于一些对应答处理的实时性要求很高的业务中,可能不满足需求。The existing technology may not meet the requirements for some services that have high requirements on real-time response processing.

例如:当IP目的端需要快速响应的业务时,IP目的端对IP报文分片重组,待重组完成后,对组装后的原始IP报文再作应答处理,这样在重组的时候占用了大量的时间,不能满足快速响应的需求。特别是IP目的端采用分布式结构,不同的IP分片报文可能到达IP目的端的不同接口板,重组需要做板间传递,进一步影响了应答处理的实时性。For example: when the IP destination needs a quick response service, the IP destination reassembles the fragments of the IP packet, and after the reassembly is completed, it responds to the assembled original IP packet, which occupies a large amount of resources during reassembly. The time cannot meet the needs of rapid response. In particular, the IP destination adopts a distributed structure. Different IP fragmented packets may reach different interface boards of the IP destination. Reassembly needs to be transmitted between boards, which further affects the real-time performance of response processing.

例如:如图3所示中分布式结构中,报文的分片重组过程。IP目的端由接口板1、接口板2和主控板构成,第一片IP分片报文、第三片IP分片报文到达接口板2,第二片IP分片报文到达接口板1,为了实现重组,所有IP分片报文传递到主控板,集中做重组。这种情况下,除了重组耗费时间,板间传递也耗费一定时间。For example: in the distributed structure shown in FIG. 3 , the packet reassembly process. The IP destination is composed of interface board 1, interface board 2, and the main control board. The first IP fragment message and the third IP fragment message arrive at interface board 2, and the second IP fragment message arrives at the interface board. 1. In order to achieve reassembly, all IP fragmented messages are delivered to the main control board for centralized reassembly. In this case, in addition to the time-consuming reassembly, the transfer between boards also takes a certain amount of time.

发明内容 Contents of the invention

本发明要解决的问题在于提供快速响应IP分片报文的方法和系统,缩短对IP分片报文的响应时间,满足实时性的要求。The problem to be solved by the present invention is to provide a method and system for quickly responding to IP fragmented messages, shorten the response time to IP fragmented messages, and meet real-time requirements.

为实现以上的目的,本发明技术方案是这样实现的:For realizing above object, technical scheme of the present invention is realized like this:

一种快速响应IP分片报文的方法,包括:A method for quickly responding to IP fragmentation packets, including:

IP发送端发送IP分片报文;The IP sender sends the IP fragment message;

IP目的端接收所述IP分片报文,判断所述IP分片报文是否需要直接响应,如果是,所述IP目的端在网络层立即发送响应信息到所述IP发送端;否则,所述IP目的端重组所述IP分片报文。The IP destination end receives the IP fragment message, and judges whether the IP fragment message needs to respond directly, and if so, the IP destination end immediately sends response information to the IP sender at the network layer; otherwise, the IP destination end The IP destination end reassembles the IP fragmented message.

所述IP分片报文为:扩展基本报文头中保留字段的IP分片报文或带有协议类型信息的IP分片报文。The IP fragment message is: an IP fragment message with reserved fields in the extended basic message header or an IP fragment message with protocol type information.

所述IP目的端接收所述IP分片报文之后还包括步骤:After the IP destination end receives the IP fragment message, it also includes steps:

IP目的端解析所述的IP分片报文,获取所述保留字段的值或协议类型信息。The IP destination parses the IP fragment message to obtain the value of the reserved field or the protocol type information.

所述扩展报文头中保留字段使用指定值标识是否直接响应;The reserved field in the extended message header uses a specified value to identify whether to respond directly;

所述协议类型信息包括:网络控制消息协议、传输控制协议或用户数据报协议。The protocol type information includes: Network Control Message Protocol, Transmission Control Protocol or User Datagram Protocol.

所述在网络层立即发送响应信息到所述IP发送端之前还包括步骤:修改该IP分片报文中的信息。Before the network layer immediately sends the response information to the IP sender, it further includes the step of modifying the information in the IP fragment message.

所述修改该IP分片报文中的信息具体包括步骤:Described revising the information in this IP fragmentation message specifically comprises steps:

直接交换所述IP分片报文的源地址和目的地址;directly exchanging the source address and destination address of the IP fragment message;

修改所述IP分片报文中基本报头的分片标识字段为本地的分片标识,其中,使用线性函数算法,对所述IP分片报文中基本报头的分片标识进行计算得到本地的分片标识;modifying the fragmentation identification field of the basic header in the IP fragmentation message to be a local fragmentation identification, wherein, using a linear function algorithm, calculating the fragmentation identification field of the basic header in the IP fragmentation message to obtain the local Fragment ID;

调整所述IP分片报文的校验和。Adjust the checksum of the IP fragment message.

所述修改该IP分片报文具体包括步骤:Described modification this IP fragmentation message specifically comprises steps:

修改所述IP分片报文中基本报头的生存时间TTL为指定的TTL;Modifying the time-to-live TTL of the basic header in the IP fragmentation message is the specified TTL;

对于第一片IP分片报文,修改所述IP分片报文中的负荷内容;For the first IP fragment message, modify the load content in the IP fragment message;

对于非第一片IP分片报文,根据应用情况判断是否需要修改IP负荷内容,若需要修改,则对所述IP分片报文中的IP负荷内容进行修改。For the non-first IP fragment message, it is judged according to the application whether the IP payload content needs to be modified, and if modification is required, the IP payload content in the IP fragment message is modified.

所述响应信息为修改后的IP分片报文信息。The response information is the modified IP fragment message information.

所述IP目的端对于需要直接响应的所述IP分片报文,根据发送报文的分片条件,还对所述IP分片报文进行二次分片。For the IP fragment message that needs to respond directly, the IP destination end further fragments the IP fragment message for a second time according to the fragmentation condition of the sent message.

本发明还提供一种快速响应IP分片报文的系统,包括:IP发送端:用于发送IP分片报文;IP目的端:与所述的IP发送端相连接,接收所述IP分片报文,并重组所接收到的IP分片报文;The present invention also provides a system for quickly responding to IP fragmentation messages, including: IP sending end: used to send IP fragmentation messages; IP destination end: connected to the IP sending end, receiving the IP fragmentation Fragment message, and reassemble the received IP fragment message;

所述IP目的端还包括,The IP destination also includes,

报文处理模块:解析所述IP分片报文,判断该IP分片报文是否需要直接响应;Message processing module: analyze the IP fragment message, and judge whether the IP fragment message needs to respond directly;

响应模块:与报文处理模块连接,当所述报文处理模块根据对所述IP分片报文的解析判断该IP分片报文需要直接响应时,在网络层立即发送响应信息到IP发送端。Response module: connected with the message processing module, when the message processing module judges that the IP fragment message needs to respond directly according to the analysis of the IP fragment message, it immediately sends the response information to the IP at the network layer end.

所述判断该IP分片报文是否需要直接响应为通过获取所述保留字段的值或协议类型信息进行判定。The judging whether the IP fragment message needs a direct response is judging by acquiring the value of the reserved field or the protocol type information.

所述响应模块具体包括:The response module specifically includes:

报文修改单元:直接交换所述IP分片报文的源地址和目的地址,修改所述IP分片报文中基本报头的分片标识字段为本地的分片标识,调整所述IP分片报文的校验和,修改所述IP分片报文基本报头的TTL为指定的TTL,修改所述IP分片报文中的负荷内容;Message modifying unit: directly exchange the source address and destination address of the IP fragment message, modify the fragment identification field of the basic header in the IP fragment message to be a local fragment identification, and adjust the IP fragment The checksum of the message, modifying the TTL of the basic header of the IP fragment message is the specified TTL, and modifying the load content in the IP fragment message;

报文回送单元:接收修改后的IP分片报文,发送修改后IP分片报文至IP发送端。Message return unit: receive the modified IP fragment message, and send the modified IP fragment message to the IP sender.

本发明通过对IP分片报文的响应处理,提高了对IP分片报文的响应时间,满足响应处理的实时性要求很高的要求;由于在目的端不需要等待所有的分片报文都达到时再响应,因而减少系统的重组开销;同时在网络的目的端通过实时的响应发送端,以及因建立重组队列而遭受攻击的可能性。The present invention improves the response time to the IP fragment message by processing the response to the IP fragment message, and satisfies the high real-time requirement of the response processing; since there is no need to wait for all the fragment messages at the destination Respond when both are reached, thus reducing the reorganization overhead of the system; at the same time, the destination end of the network responds to the sending end in real time, and the possibility of being attacked due to the establishment of a reorganization queue.

附图说明 Description of drawings

图1现有技术中IPV4的IP分片报文结构。FIG. 1 is the IP fragmentation packet structure of IPV4 in the prior art.

图2现有技术中IP报文分片重组的过程。Fig. 2 is the process of IP packet fragment reassembly in the prior art.

图3现有技术中分布式结构中IP分片报文重组过程。FIG. 3 is the reassembly process of IP fragmented packets in the distributed structure in the prior art.

图4本发明中快速响应IP分片报文流程图。Fig. 4 is a flow chart of quick response IP fragmentation message in the present invention.

图5本发明中另外一种快速响应IP分片报文流程图。FIG. 5 is a flowchart of another quick response IP fragmentation message in the present invention.

图6本发明中IP分片报文的响应系统的结构框图。Fig. 6 is a structural block diagram of the response system of the IP fragment message in the present invention.

图7本发明中响应模块的结构框图。Fig. 7 is a structural block diagram of the response module in the present invention.

具体实施方式 Detailed ways

在应答处理的实时性要求很高的业务中,在IP目的端的网络层等待所有IP分片报文到达后,传输层再对重组的IP报文作应答,可能不满足实时性的需求,特别是IP目的端采用分布式结构,不同分片可能到达目的端的不同接口板,重组需要做板间传递,进一步影响了应答处理的实时性。In the business that requires high real-time response processing, after the network layer of the IP destination waits for all IP fragmented packets to arrive, the transport layer responds to the reassembled IP packets, which may not meet the real-time requirements, especially Because the IP destination adopts a distributed structure, different fragments may reach different interface boards at the destination, and recombination needs to be transferred between boards, which further affects the real-time performance of response processing.

本发明提供一种快速响应IP分片报文的方法,其核心包括:IP目的端接收到IP分片报文,确定所述IP分片报文需要直接响应,则在网络层立即发送IP分片报文响应信息到IP发送端,提高了响应的实时性。The present invention provides a method for quickly responding to an IP fragment message, the core of which includes: the IP destination terminal receives the IP fragment message, determines that the IP fragment message needs a direct response, and immediately sends the IP fragment message at the network layer. The fragment message response information is sent to the IP sender, which improves the real-time performance of the response.

如图1、4所示,为在IPV4中对IP分片报文的响应的具体原理中用到的IPV4包结构和所用到的步骤:As shown in Figures 1 and 4, it is the IPV4 packet structure and the steps used in the specific principle of the response to the IP fragment message in IPV4:

步骤401、IP发送端发送带有标识的IP分片报文。Step 401, the IP sender sends an IP fragment packet with an identifier.

IP分片报文为第一分片报文时,其报文中包括IP负荷内容中具有报文协议信息,用于确定是否立即回应IP分片报文。When the IP fragment message is the first fragment message, the message includes message protocol information in the IP payload content, which is used to determine whether to immediately respond to the IP fragment message.

例如:TCP(Transfer Control Protocol,传输控制协议)、ICMP等报文需要直接回应IP发送端;而对于UDP(User Datagram Protocol,用户数据报协议)等报文不需要直接回应IP发送端。For example: TCP (Transfer Control Protocol, Transmission Control Protocol), ICMP and other messages need to directly respond to the IP sender; and UDP (User Datagram Protocol, User Datagram Protocol) and other messages do not need to directly respond to the IP sender.

所述IP分片报文使用扩展标志位中保留位作为是否立即回应IP发送端的标识,如图1所示,其中使用上述图中的3位标志位中保留位,扩展该保留位为:当保留位的值为0时,表示IP分片报文需要重组后再回应;当保留位的值为1时,则表示不需要重组而需要立即响应IP发送端;同时也可以当保留位的值为1时,表示IP分片报文需要重组后再回应;当保留位的值为0时,则表示不需要重组而需要立即响应IP发送端。Described IP fragmentation message uses the reserved bit in the extended flag bit as the mark of whether to respond to the IP sender immediately, as shown in Figure 1, wherein uses the reserved bit in the 3 flag bits in the above-mentioned figure, expands this reserved bit as: when When the value of the reserved bit is 0, it means that the IP fragment message needs to be reassembled before responding; when the value of the reserved bit is 1, it means that the IP sender needs to be responded immediately without reassembly; at the same time, it can also be used as the value of the reserved bit When it is 1, it means that the IP fragment message needs to be reassembled before responding; when the value of the reserved bit is 0, it means that no reassembly is required and the IP sender needs to be responded immediately.

步骤402、IP目的端接收IP分片报文后,判断该IP分片报文是否需要直接回应,具体方法包括:Step 402, after receiving the IP fragment message, the IP destination terminal judges whether the IP fragment message needs to respond directly, and the specific methods include:

a)根据IP基本报头中携带的信息,确定承载协议类型,例如IPv4基本报头中的协议(Protocol)域或IPv6(Internet Protocol Version 6,第六代网络协议)基本报头中的下一报头(Next Header)域。a) According to the information carried in the IP basic header, determine the bearer protocol type, such as the protocol (Protocol) field in the IPv4 basic header or the next header (Next) in the IPv6 (Internet Protocol Version 6, sixth-generation network protocol) basic header. Header) field.

b)对于第一片IP分片报文,由于其中带有协议类型信息,来确定是否直接回应该分片报文。b) For the first IP fragment message, determine whether to directly respond to the fragment message because it contains protocol type information.

c)当IP分片报文为非第一片IP分片报文,解析IP分片,得到标示位中的保留字段的值,以标识此片分片报文是否要不经过重组而立即响应。c) When the IP fragment message is not the first piece of IP fragment message, analyze the IP fragment to obtain the value of the reserved field in the flag bit, to identify whether this piece of fragment message will respond immediately without reassembly .

步骤403、如果确定该分片不直接响应,则IP目的端存储该分片报文,等待重组。Step 403, if it is determined that the fragment does not respond directly, the IP destination end stores the fragmented message and waits for reassembly.

步骤404、如果确定该分片直接响应,直接修改分片报文作为响应内容。Step 404, if it is determined that the fragment responds directly, directly modify the fragment packet as the response content.

a)直接交换接收到的IP分片报文的源和目的地址,或指定其他源地址,从而修改IP基本报头的源地址和目的地址。a) Directly exchange the source and destination addresses of the received IP fragment message, or specify other source addresses, thereby modifying the source address and destination address of the IP basic header.

b)修改IP基本报头的TTL,指定所需的TTL。b) Modify the TTL of the IP basic header, specifying the required TTL.

c)修改IP基本报头的分片标识字段为本地分片标识,使用现有的算法例如:线性函数算法,对接收报文的分片标识进行计算得到本地的分片标识。c) Modify the fragment identification field of the IP basic header to be a local fragment identification, and use an existing algorithm such as a linear function algorithm to calculate the fragment identification of the received message to obtain a local fragment identification.

d)如果需要也可能修改其它IP基本报头域,如服务种类字段等。d) It is also possible to modify other IP basic header fields, such as the service category field, if necessary.

e)对于第一片IP分片报文,由于其中还包括:部分IP负荷内容,例如除IP头内容外的TCP/UDP或应用数据等,可以修改相应的IP负荷内容。e) For the first IP fragment message, because it also includes: part of the IP payload content, such as TCP/UDP or application data other than the IP header content, the corresponding IP payload content can be modified.

f)对于非第一片IP分片报文,是否修改IP负荷内容,取决于具体应用,例如:对命令ping应用,不需要修改;而对于命令tracert的应用,则需要修改,如果能识别IP分片报文携带的内容,也可以修改。f) For non-first IP fragments, whether to modify the IP payload content depends on the specific application, for example: for the application of the command ping, no modification is required; for the application of the command tracert, it needs to be modified, if the IP can be identified The content carried in the fragmented packet can also be modified.

g)对修改后的响应IP分片报文调整校验和,而不需要对IP整个首部进行重新计算。g) Adjust the checksum of the modified response IP fragment message without recalculating the entire IP header.

根据修改前内容和修改后内容调整出新的校验和,修改传输层内容的可能也需要调整校验和。Adjust the new checksum according to the content before modification and the content after modification, and modify the content of the transport layer may also need to adjust the checksum.

步骤405、IP分片报文修改后,IP目的端直接回应给IP发送端。Step 405: After the IP fragmented message is modified, the IP destination end directly responds to the IP sender end.

IP目的端在网络层立即响应IP发送端。The IP destination responds immediately to the IP sender at the network layer.

IP发送端可以按照标准过程对响应信息进行重组处理,也可以直接再返回给IP目的端。The IP sender can reassemble the response information according to the standard process, and can also directly return it to the IP destination.

本发明中,为提高可靠性处理,分片报文在直接回应的同时,也可以选择在目的端对IP分片报文做重组处理。In the present invention, in order to improve the reliability processing, the fragmented message can also choose to recombine the IP fragmented message at the destination end while responding directly.

本发明中,在IP目的端直接回应的分片报文,同时为满足IP目的端对发送报文的分片条件,而继续分片:直接使用二次分片前的分片报文的分片标识字段,同时调整分片标志位和片偏移字段,以及总长度字段。In the present invention, the fragmented message that is directly responded to by the IP destination end continues to be fragmented in order to meet the fragmentation condition of the IP destination end for sending the message: directly use the fragmentation of the fragmented message before the second fragmentation. Fragment identification field, while adjusting the fragment flag bit and fragment offset field, as well as the total length field.

上述描述主要以IPv4为例,由于IPv6和IPv4的相似性,本发明同样适用于IPv6的分片应答处理。The above description mainly takes IPv4 as an example. Due to the similarity between IPv6 and IPv4, the present invention is also applicable to IPv6 fragment response processing.

下面具体说明本发明响应带有ICMP协议的IPV4分片报文一次具体实施过程:The following concrete description present invention responds to the IPV4 fragmentation message that has ICMP protocol once concrete implementation process:

步骤4001、IP发送端发送分片报文。Step 4001, the IP sender sends a fragmented message.

步骤4002、IP目的端接收该IP分片报文后,判断该IP分片报文是否需要直接回应。Step 4002: After receiving the IP fragment message, the IP destination terminal determines whether the IP fragment message needs to respond directly.

a)通过分片报文头中的协议域判断为IPV4的报文。a) The packet is judged to be an IPV4 packet according to the protocol field in the header of the fragmented packet.

b)解析分片报文头中的协议类型信息,得到ICMP,确定该报文需要直接响应。b) Analyzing the protocol type information in the header of the fragmented message, obtaining ICMP, and determining that the message requires a direct response.

步骤4003、直接修改分片报文的响应内容。Step 4003, directly modify the response content of the fragmented message.

a)直接交换接收到的IP分片报文的源和目的地址。a) Directly exchange the source and destination addresses of the received IP fragments.

b)修改IP基本报头的TTL,指定所需的TTL,可以为1秒、2秒等。b) Modify the TTL of the IP basic header, and specify the required TTL, which can be 1 second, 2 seconds, etc.

c)修改IP基本报头的分片标识字段为本地分片标识,通过算法计算出接收报文的分片标识的本地的分片标识。c) modifying the fragment identifier field of the IP basic header to a local fragment identifier, and calculating the local fragment identifier of the fragment identifier of the received message through an algorithm.

d)修改其它IP基本报头域,如图1所示的8位的服务类型字段等。d) Modify other IP basic header fields, such as the 8-bit service type field shown in FIG. 1 .

e)对修改后的响应IP分片报文调整校验和,而不需要对IP整个首部进行重新计算。e) Adjust the checksum of the modified response IP fragment message without recalculating the entire IP header.

步骤4004、IP分片报文修改后,IP目的端直接回应给IP发送端。Step 4004, after the IP fragmented message is modified, the IP destination end directly responds to the IP sender end.

IP目的端在网络层立即响应IP发送端。The IP destination responds immediately to the IP sender at the network layer.

本发明中还有提供了一种快速响应IP分片报文的方法,IP目的端接收IP发送端发送的IP分片报文,在网络层立即响应IP发送端。The present invention also provides a method for quickly responding to the IP fragment message. The IP destination end receives the IP fragment message sent by the IP sender, and immediately responds to the IP sender at the network layer.

下面结合附图5,具体说明IPV4报文响应的步骤:Below in conjunction with accompanying drawing 5, specifically illustrate the step of IPV4 message response:

步骤501、IP发送端发送IP分片报文。Step 501, the IP sender sends an IP fragment packet.

IP分片报文为第一分片报文时,其报文中包括IP负荷内容包括报文协议信息,用于确定立即发送IP分片报文响应信息到IP发送端。When the IP fragment message is the first fragment message, the message includes the IP payload content including message protocol information, which is used to determine to immediately send the IP fragment message response information to the IP sender.

例如:TCP、ICMP等报文需要直接回应IP发送端。For example, packets such as TCP and ICMP need to directly respond to the IP sender.

所述IP分片报文使用扩展标志位中保留字段作为是否立即回应IP发送端的标识,如图1所示,其中使用上述图中的3位标志位中保留位,扩展该保留位为:使用保留位的值为1,则表示不需要重组而需要立即发送响应信息到IP发送端;同时也可以根据需要指定保留位的值为0时,表示IP分片报文不需要重组后再立即在网络层发送响应信息到IP发送端。Described IP fragmentation message uses the reserved field in the extended flag bit as the mark of whether to respond to the IP sender immediately, as shown in Figure 1, wherein uses the reserved bit in the 3 flag bits in the above-mentioned figure, expands this reserved bit as: use If the value of the reserved bit is 1, it means that there is no need to reassemble and the response information needs to be sent to the IP sender immediately; at the same time, when the value of the reserved bit is 0, it means that the IP fragment message does not need to be reassembled and then sent immediately. The network layer sends a response message to the IP sender.

步骤502、IP目的端接收IP分片报文。Step 502, the IP destination end receives the IP fragmented message.

根据IP基本报头中携带的信息,确定承载协议类型,例如IPv4基本报头中的协议域或IPv6基本报头中的下一报头域。The bearer protocol type is determined according to the information carried in the basic IP header, for example, the protocol field in the basic IPv4 header or the next header field in the basic IPv6 header.

步骤503、修改IP分片报文作为响应信息,发送到IP发送端。Step 503, modifying the IP fragmentation message as response information, and sending it to the IP sending end.

a)直接交换接收到的IP分片报文的源和目的地址,或指定其他源地址,从而修改IP基本报头的源地址和目的地址。a) Directly exchange the source and destination addresses of the received IP fragment message, or specify other source addresses, thereby modifying the source address and destination address of the IP basic header.

b)修改IP基本报头的TTL,指定所需的TTL。b) Modify the TTL of the IP basic header, specifying the required TTL.

c)修改IP基本报头的分片标识字段为本地分片标识,使用现有的算法,例如:线性函数算法,对接收报文的分片标识的本地的分片标识。c) modifying the fragment identification field of the IP basic header to a local fragment identification, using an existing algorithm, such as a linear function algorithm, to local fragment identification of the fragment identification of the received message.

d)如果需要也可能修改其它IP基本报头域,如服务种类字段等。d) It is also possible to modify other IP basic header fields, such as the service category field, if necessary.

e)对于第一片IP分片报文,由于其中还包括:部分IP负荷内容,例如除IP头内容外的TCP/UDP或应用数据等,可以修改相应的IP负荷内容。e) For the first IP fragment message, because it also includes: part of the IP payload content, such as TCP/UDP or application data other than the IP header content, the corresponding IP payload content can be modified.

f)对于非第一片IP分片报文,是否修改IP负荷内容,取决于具体应用,例如:对命令ping应用,不需要修改;而对于命令tracert的应用,则需要修改,如果能识别IP分片报文携带的内容,也可以修改。f) For non-first IP fragments, whether to modify the IP payload content depends on the specific application, for example: for the application of the command ping, no modification is required; for the application of the command tracert, it needs to be modified, if the IP can be identified The content carried in the fragmented packet can also be modified.

g)对修改后的响应IP分片报文调整校验和,而不需要对IP整个首部进行重新计算。g) Adjust the checksum of the modified response IP fragment message without recalculating the entire IP header.

步骤504、IP分片报文修改后,IP目的端直接回应给IP发送端。Step 504: After the IP fragmented message is modified, the IP destination end directly responds to the IP sender end.

IP目的端在网络层立即响应IP发送端。The IP destination responds immediately to the IP sender at the network layer.

本发明中,为提高可靠性处理,IP目的端在直接回应的IP发送端的同时,也可以选择对接收到的IP分片报文重组处理。In the present invention, in order to improve reliability processing, the IP destination end can also choose to recombine the received IP fragment message while directly responding to the IP sender end.

本发明中,在IP目的端直接回应的分片报文,同时为满足IP目的端对发送报文的分片条件,而继续分片:直接使用二次分片前的分片报文的分片标识字段,同时调整分片标志位和片偏移字段,以及总长度字段。In the present invention, the fragmented message that is directly responded to by the IP destination end continues to be fragmented in order to meet the fragmentation condition of the IP destination end for sending the message: directly use the fragmentation of the fragmented message before the second fragmentation. Fragment identification field, while adjusting the fragment flag bit and fragment offset field, as well as the total length field.

上述描述主要以IPv4为例,由于IPv6和IPv4的相似性,本发明同样适用于IPv6的分片应答处理。The above description mainly takes IPv4 as an example. Due to the similarity between IPv6 and IPv4, the present invention is also applicable to IPv6 fragment response processing.

一种IP分片报文的响应系统,包括:IP发送端:用于发送IP分片报文;IP目的端:与所述的IP发送端相连接,接收所述IP分片报文,重组报文;所述IP目的端还包括,A response system for an IP fragment message, comprising: an IP sender: used to send an IP fragment message; an IP destination end: connected to the IP sender, receiving the IP fragment message, and reorganizing message; the IP destination also includes,

报文处理模块:解析所述IP分片报文,判断该IP分片报文是否需要直接响应;Message processing module: analyze the IP fragment message, and judge whether the IP fragment message needs to respond directly;

响应模块:与报文处理模块连接,当判定需要直接回应,在网络层立即发送响应信息到IP发送端。Response module: connected to the message processing module, when it is determined that a direct response is required, the response information is immediately sent to the IP sender at the network layer.

所述判断该IP分片报文是否需要直响应为通过获取所述保留字段的值或传输层协议类型信息进行判定。The judging whether the IP fragment message needs a direct response is judged by obtaining the value of the reserved field or the type information of the transport layer protocol.

所述的响应模块包括:The response modules include:

报文修改单元:直接交换所述IP分片报文的源地址和目的地址,修改所述IP分片报文中基本报头的分片标识字段为本地的分片标识,调整所述IP分片报文的校验和,修改所述IP分片报文基本报头的TTL为指定的TTL,修改所述IP分片报文中的负荷内容;Message modifying unit: directly exchange the source address and destination address of the IP fragment message, modify the fragment identification field of the basic header in the IP fragment message to be a local fragment identification, and adjust the IP fragment The checksum of the message, modifying the TTL of the basic header of the IP fragment message is the specified TTL, and modifying the load content in the IP fragment message;

报文回送单元:接收修改后的IP分片报文,发送修改后IP分片报文至IP发送端。Message return unit: receive the modified IP fragment message, and send the modified IP fragment message to the IP sender.

本发明的技术效果:为通过对IP分片报文的响应处理,缩短了对IP分片报文的响应时间,满足响应处理的实时性要求很高的要求;由于不在IP目的端重组后再响应IP发送端,减少响应时间的重组开销;同时减少了因建立重组队列而遭受攻击的可能性。The technical effect of the present invention: through the response processing to IP fragmentation message, shorten the response time to IP fragmentation message, satisfy the real-time requirement of response processing very high requirement; Respond to the IP sender, reduce the reorganization overhead of the response time; at the same time reduce the possibility of being attacked due to the establishment of a reorganization queue.

以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art within the technical scope disclosed in the present invention can easily think of changes or Replacement should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (12)

1, a kind of method of quick responding IP banding message is characterized in that, comprising:
The IP transmitting terminal sends the IP fragmentation message;
The IP destination receives described IP fragmentation message, judges whether described IP fragmentation message needs direct response, if described IP destination sends response message to described IP transmitting terminal immediately in network layer; Otherwise, the described IP destination described IP fragmentation message of recombinating.
2, method according to claim 1 is characterized in that, described IP fragmentation message is: the IP fragmentation message of reserved field or have the IP fragmentation message of protocol type information in this heading of expansion base.
3, method according to claim 2 is characterized in that, described IP destination receives described IP fragmentation message and also comprises step afterwards:
The IP destination is resolved described IP fragmentation message, obtains the value or the protocol type information of described reserved field.
4, method according to claim 3 is characterized in that, whether directly reserved field uses the response of designated value sign in the described amplifying message head; Described protocol type information comprises: network control messaging protocol, transmission control protocol or User Datagram Protoco (UDP).
5, method according to claim 1 is characterized in that, describedly sends response message immediately in network layer also comprised step before described IP transmitting terminal: revise the information in this IP fragmentation message.
6, method according to claim 5 is characterized in that, the information in this IP fragmentation message of described modification specifically comprises step:
Directly exchange the source address and the destination address of described IP fragmentation message;
The segmental identification field of revising in the described IP fragmentation message basic header is local segmental identification, wherein, uses the linear function algorithm, and the segmental identification of basic header in the described IP fragmentation message is calculated local segmental identification;
Adjust described IP fragmentation message verification and.
7, method according to claim 5 is characterized in that, this IP fragmentation message of described modification specifically comprises step:
The life span TTL that revises basic header in the described IP fragmentation message is the TTL of appointment;
For first IP fragmentation message, revise the load content in the described IP fragmentation message;
For non-first IP fragmentation message, judge whether needs modification IP load content according to applicable cases, if need to revise, then the load of the IP in described IP fragmentation message content is made amendment.
8, method according to claim 5 is characterized in that, described response message is amended IP fragmentation message information.
According to any described method in the claim 1 to 8, it is characterized in that 9, the described IP fragmentation message that described IP destination directly responds for needs according to the burst condition that sends message, also carries out the secondary burst to described IP fragmentation message.
10, a kind of system of quick responding IP banding message comprises: the IP transmitting terminal: be used to send the IP fragmentation message; The IP destination: be connected with described IP transmitting terminal, receive described IP fragmentation message, and the IP fragmentation message of recombinating received; It is characterized in that described IP destination also comprises,
Message processing module (MPM): resolve described IP fragmentation message, judge whether this IP fragmentation message needs direct response;
Respond module: be connected with message processing module (MPM), when described message processing module (MPM) directly responds according to these IP fragmentation message needs of analysis judgment to described IP fragmentation message, send response message immediately to the IP transmitting terminal in network layer.
11, system according to claim 10 is characterized in that, describedly judges whether this IP fragmentation message needs directly response for to judge by value or the protocol type information of obtaining reserved field in this heading of expansion base.
12, system according to claim 11 is characterized in that, described respond module specifically comprises:
Message is revised the unit: the source address and the destination address that directly exchange described IP fragmentation message, the segmental identification field of revising basic header in the described IP fragmentation message is local segmental identification, adjust described IP fragmentation message verification and, the TTL that revises the basic header of described IP fragmentation message is the TTL of appointment, revises the load content in the described IP fragmentation message;
Message loopback cell: receive amended IP fragmentation message, send and revise back IP fragmentation message to the IP transmitting terminal.
CNB2006100333823A 2006-01-24 2006-01-24 Method and system for quickly responding to IP fragmentation packets Expired - Fee Related CN100454900C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100333823A CN100454900C (en) 2006-01-24 2006-01-24 Method and system for quickly responding to IP fragmentation packets

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100333823A CN100454900C (en) 2006-01-24 2006-01-24 Method and system for quickly responding to IP fragmentation packets

Publications (2)

Publication Number Publication Date
CN1874301A CN1874301A (en) 2006-12-06
CN100454900C true CN100454900C (en) 2009-01-21

Family

ID=37484573

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100333823A Expired - Fee Related CN100454900C (en) 2006-01-24 2006-01-24 Method and system for quickly responding to IP fragmentation packets

Country Status (1)

Country Link
CN (1) CN100454900C (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012083482A1 (en) * 2010-12-21 2012-06-28 Telefonaktiebolaget L M Ericsson (Publ) An improvement on ip fragmentation in gtp tunnel
EP2493131A1 (en) 2011-02-28 2012-08-29 British Telecommunications Public Limited Company Obtaining information from data items
CN103595661B (en) * 2013-11-28 2017-05-10 新华三技术有限公司 Message fragmentation restructuring method and device
CN105099992B (en) * 2014-04-29 2018-07-24 杭州迪普科技股份有限公司 A kind of message modification device and method
CN113452646B (en) * 2020-03-24 2022-09-13 北京新能源汽车股份有限公司 Method and device for transmitting data by user datagram protocol and electric automobile
CN114915589B (en) * 2021-02-10 2024-06-04 华为技术有限公司 Message transmission method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1494274A (en) * 2002-10-31 2004-05-05 ����ͨѶ�ɷ����޹�˾ Method of Realizing IP Packet Fragmentation Reassembly Based on Network Processor
CN1509025A (en) * 2002-12-18 2004-06-30 ��Ϊ�������޹�˾ A Method for Realizing Fragmentation and Grouping of Messages
US20040184455A1 (en) * 2003-03-19 2004-09-23 Institute For Information Industry System and method used by a gateway for processing fragmented IP packets from a private network
CN1536832A (en) * 2003-04-04 2004-10-13 华为技术有限公司 The Method of Handling Overlong Messages in Layer 2 Virtual Private Network
US6891855B2 (en) * 2000-07-27 2005-05-10 Corrigent Systems, Ltd. Dynamic packet fragmentation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6891855B2 (en) * 2000-07-27 2005-05-10 Corrigent Systems, Ltd. Dynamic packet fragmentation
CN1494274A (en) * 2002-10-31 2004-05-05 ����ͨѶ�ɷ����޹�˾ Method of Realizing IP Packet Fragmentation Reassembly Based on Network Processor
CN1509025A (en) * 2002-12-18 2004-06-30 ��Ϊ�������޹�˾ A Method for Realizing Fragmentation and Grouping of Messages
US20040184455A1 (en) * 2003-03-19 2004-09-23 Institute For Information Industry System and method used by a gateway for processing fragmented IP packets from a private network
CN1536832A (en) * 2003-04-04 2004-10-13 华为技术有限公司 The Method of Handling Overlong Messages in Layer 2 Virtual Private Network

Also Published As

Publication number Publication date
CN1874301A (en) 2006-12-06

Similar Documents

Publication Publication Date Title
US7600039B2 (en) Label-based multiplexing
US7355971B2 (en) Determining packet size in networking
US6907037B2 (en) Multicast routing method and an apparatus for routing a multicast packet
CN101047711B (en) Method for IP message transmitting, bargaining bandwidth saving ability and saving network bandwidth
US7492762B2 (en) Method for dynamic flow mapping in a wireless network
CN100459576C (en) Method for detecting maximal transmission unit of path
CN101360046B (en) Bandwidth resource saving method
CN100454900C (en) Method and system for quickly responding to IP fragmentation packets
CN113055942B (en) Method for data aggregation in 6tisch network
CN101252524A (en) Method, system and device for message transmission
CN101552728B (en) Path MTU discovery method and system facing to IPV6
EP2157727A1 (en) Path connection
US20010052025A1 (en) Router setting method and router setting apparatus
WO2021254454A1 (en) Bier oam detection method, and device and system
WO2009109128A1 (en) Method and apparatus of full header information message configuration
JPH09270822A (en) Packet communication path test method
KR20080035129A (en) Method and apparatus for classifying packet data by service flow in communication system
US20060109807A1 (en) Multicasting using tunneling method
JP4670866B2 (en) Translator
JP4151699B2 (en) Conversion device and management method
CN100574253C (en) A kind of method of fragment data message transmissions
JP3900157B2 (en) Translator
CN100407713C (en) Method for realizing gate-link net-element ethernet port IP address discovery protocol
CN112235212B (en) Message forwarding method and programmable frame type switching equipment
JP3791497B2 (en) Packet conversion method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090121

Termination date: 20180124