CN115277058A - Communication method and device - Google Patents

Abstract

The application provides a communication method and a communication device, wherein the method is applied to network equipment and comprises the following steps: acquiring a first read response data packet sent to a client by a server, wherein the first read response data packet comprises first file content and a first request sequence number; acquiring a second request sequence number from a first node included in a first queue, wherein the first node is a first node of the first queue; judging whether the first request sequence number is the same as the second request sequence number; if the first file content is the same as the second file content, performing DPI service processing on the first file content; if the first response data packet is different from the second response data packet, caching the first response data packet; the first queue comprises at least one node, and the request sequence number stored in the head node of the first queue is the minimum value.

Description

Communication method and device

technical field

The present application relates to the technical field of communication, and in particular to a communication method and device.

Background technique

Deep Packet Inspection (English: Deep Packet Inspection, DPI for short) is a security mechanism for detecting and controlling service traffic passing through network devices based on application layer information.

In increasingly complex network security threats, many malicious behaviors (for example, worms, spam, loopholes, etc.) are hidden in the application layer payload of data packets. Traditional security protection technologies relying only on network layer and transport layer security detection technologies can no longer meet network security requirements. Therefore, network equipment must have DPI function to realize the detection and control of network application layer information, so as to ensure the security of data content and improve network security.

In one scenario, the client pre-reads the file from the server (for example, a Server Message Block (English: Server Message Block, SMB for short) server). The specific process is:

The client first sends an NT_CREATE_ANDX Request packet to the server to request the server to open the file. The server returns an NT_CREATE_ANDX Response packet to inform the client that the file has been opened. The client sends a READ_ANDX Request packet to the server to request to read the file. The READ_ANDX Response packet returned by the server to transfer the file content to the client. After the transfer is complete, the client sends a CLOSE Request packet to the server to request to close the file. The server returns a CLOSE Response packet to inform the client that the file has been closed.

In the above process, when the client sends the READ_ANDX Request data packet, it sends multiple data packets sequentially in the order in which the file content is read. However, when the server returns the READ_ANDX Response packet, it does not respond to the READ_ANDX Request packets in the order in which the file content was read. Doing so will result in out-of-order file contents.

The disorder of file content mentioned above specifically refers to the disorder of the content of the application layer, not the disorder of the IP network layer and the disorder of the TCP transport layer. Since the processing of the Deep Inspection Management (English: Deep Inspect Manager, referred to as: DIM) engine is based on streams, if the file content is out of order during the file transmission process, it will cause algorithm level errors and protocol errors when parsing the message. Identification and analysis failures, file identification and analysis failures, and false negatives in attack signature identification.

Contents of the invention

In view of this, the present application provides a communication method and device, which are used to solve the problem that files are easily out of order in the process of transferring files between the existing client and server.

In a first aspect, the present application provides a communication method, the method is applied to a network device, and the method includes:

Obtaining the first read response data packet sent by the server to the client, the first read response data packet including the first file content and the first request sequence number;

Obtaining a second request sequence number from a first node included in the first queue, where the first node is the head node of the first queue;

judging whether the first request sequence number is the same as the second request sequence number;

If they are the same, perform DPI service processing on the content of the first file;

If different, cache the first response data packet;

Wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is a minimum value.

In a second aspect, the present application provides a communication device, the device is applied to a network device, and the device includes:

The first obtaining unit is configured to obtain a first read response data packet sent by the server to the client, the first read response data packet including the first file content and the first request sequence number;

A second obtaining unit, configured to obtain a second request sequence number from a first node included in the first queue, where the first node is the head node of the first queue;

a first judging unit, configured to judge whether the first request serial number is the same as the second request serial number;

A service processing unit, configured to perform DPI service processing on the first file content if they are the same;

a cache unit, configured to cache the first response data packet if they are different;

Wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is a minimum value.

In a third aspect, the present application provides a network device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions that can be executed by the processor, and the processor is prompted to execute by the machine-executable instructions The method provided in the first aspect of the present application.

Therefore, by applying the communication method and device provided in this application, the network device obtains the first read response data packet sent from the server to the client, the first read response data packet includes the first file content and the first request sequence number; the network device Obtain the second request sequence number from the first node included in the first queue, and the first node is the head node of the first queue; the network device judges whether the first request sequence number is the same as the second request sequence number; The first file content is subjected to DPI service processing; if different, the network device caches the first response data packet; wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is the minimum value.

In this way, the request sequence numbers sent by the client and the server are used to enable the network device to perform business processing on the matched file content according to the request sequence numbers. It solves the problem that the file is prone to disorder in the file transfer process between the existing client and the server. It ensures the sequential processing of file content, thereby improving the ability to detect files.

Description of drawings

FIG. 1 is a flowchart of a communication method provided in an embodiment of the present application;

FIG. 2 is a structural diagram of a communication device provided in an embodiment of the present application;

FIG. 3 is a hardware structure of a network device provided by an embodiment of the present application.

Detailed ways

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatuses and methods consistent with aspects of the present application as recited in the appended claims.

The terminology used in this application is for the purpose of describing particular embodiments only, and is not intended to limit the application. As used in this application and the appended claims, the singular forms "a", "the", and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more corresponding listed items.

It should be understood that although the terms first, second, third, etc. may be used in this application to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of the present application, first information may also be called second information, and similarly, second information may also be called first information. Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to a determination."

The communication method provided by the embodiment of the present application will be described in detail below. Referring to FIG. 1 , FIG. 1 is a flowchart of a communication method provided by an embodiment of the present application. The method is applied to a network device, and the network device may specifically be a firewall device capable of processing DPI services. The communication method provided in the embodiment of the present application may include the following steps.

Step 110, obtain the first read response data packet sent by the server to the client, the first read response data packet includes the content of the first file and the first request sequence number;

Specifically, the client, the network device, and the server are in the same local area network. The network device is between the client and the server, and it can capture various data packets exchanged between the client and the server. For example, a read request packet, a read response packet, a write request packet, a write response packet, and so on.

After receiving the first read request data packet (for example, READ_ANDX Request) sent by the client, the server acquires the content of the first file in the corresponding file according to the first read request data packet. The server generates a first read response data packet (for example, READ_ANDX Response), and the first read response data packet includes the content of the first file and the first request sequence number.

The server sends the first read response packet to the client.

After obtaining the first read response data packet, the network device obtains the content of the first file and the first request sequence number therefrom.

It should be noted that the first read request data packet includes the content length of the first file, the starting position of the content of the first file, and the second request sequence number. The server can obtain the first file content from the file according to the length of the first file content and the starting position of the first file content.

Usually, after receiving the read request data packet, the server uses the request serial number included in the read request data packet as the request serial number included in the read response data packet corresponding to the read request data packet.

Optionally, before step 110, it also includes that the network device acquires that the client sends the first read request packet to the server, and the network device correspondingly stores the content included in the read request packet into the first queue, that is, at the node of Req_Queue1 .

Take the client pre-reading the file from the server (for example, SMB server) as an example for illustration.

When accessing files through file sharing in the LAN, SMB session authentication is first performed between the client and the server. The client first sends a create request (for example, NT_CREATE_ANDX Request) packet to the server to request the server to open the file. The server returns a create response (eg, NT_CREATE_ANDX Response) packet to inform the client that the file has been opened.

The client sends a first read request packet to the server to request to read the file. The network device obtains the first read request data packet, and the first read request data packet includes the content length (len) of the first file to be read by the client, the starting position of the first file content (also referred to as offset amount offset) and the second request sequence number (messageID).

Among them, len is the length of the file content currently to be read. offset is the offset position of the current file content to be read in the entire file. The messageID can be specifically a number, for example, 1, 2, 3 and so on. After the client sends a read request packet, the messageID is incremented by 1. In the embodiment of this application, the messageIDs of the request data packet and the response data packet should match correspondingly.

If offset is 0 and messageID is 1, the network device determines that the first read request packet is the first read request packet for reading the file, and the network device may use the messageID as lastReqID. If the sum of len and offset is file_size, that is, the sum is the total length of the file currently to be read, the network device determines that the first read request packet is the last read request packet for reading the file. The network device can set messageID to endOfFileID.

In the embodiment of the present application, the network device locally uses Req_Queue1 to record the request sequence number, len and offset. Req_Queue1 includes at least one node, each node is used to store the request serial number, and the nodes are sorted according to the order of the request serial number, and the request serial number stored in the first node in Req_Queue1 is the minimum value of all request serial numbers. Certainly, content such as len and offset may also be stored at the node where the corresponding request sequence number is located.

After the network device obtains the first read request data packet, it caches the second request serial number to the first node included in Req_Queue1 (the network device caches the second request serial number to the corresponding node according to the size of the second request serial number, and the first node is used as an example here. illustrate). The network device calculates the sum of the length of the content of the first file and the starting position of the content of the first file to obtain a first value, that is, first value=len+offset. The network device acquires the second value stored in the SMB protocol parsing plug-in locally. The network device judges whether the second value is the same as the starting position of the content of the first file.

If they are the same, the network device determines that the current client reads the file content as sequential reading, and the network device uses the first value to update the second value; if different, the network device determines that the current client reads the file content as out-of-order reading, Keeping the second value unchanged, the network device also caches the content length of the first file and the starting position of the content of the first file from the first node to the first node.

Similarly, when the network device obtains the second read request packet sent by the client to the server, the network device caches the third request sequence number included in the second read request packet to the third node included in Req_Queue1 (herein referred to as the first The third node is taken as an example for illustration, and it may also be the second node). The network device compares whether the second value is the same as the start position of the second file content included in the second read request data packet.

If they are not the same, the network device determines that the current client reads the content of the file as out-of-order reading, and maintains the second value unchanged, and the network device sends the second file content length, second file content, and The starting position is cached to the third node; if they are the same, the network device determines that the current client reads the file content as sequential reading, and the network device calculates the sum of the length of the second file content and the starting position of the second file content to obtain third value, and update the second value with the third value.

In the embodiment of the present application, the network device locally includes an SMB protocol analysis plug-in, and the second value stored in the SMB protocol analysis plug-in is specifically NextReqOffset. That is, the offset value that the next request packet should carry. NextReqOffset corresponds to different values depending on the request type. For example, when it is read request data, NextReqOffset is specifically the second value; when it is a write request data packet, NextReqOffset is specifically the fourth value (here, the fourth value is used as an example for illustration, and may also be the third value). In subsequent embodiments, the fourth value will be introduced in detail.

In an example, the second value stored in the local SMB protocol parsing plug-in of the network device is 0. The network assumes that the first read request packet is received, the length (len) of the first file content is 40, the start position (offset) of the first file content is 0, and the second request sequence number (messageID) is 1.

The network device caches the second request sequence number 1 at the first node, and determines that the first read request data packet is the first read request data packet. The network device calculates the sum of the content length of the first file and the starting position of the content of the first file, and obtains a first value of 40. The network device obtains the second value from the SMB protocol parsing plug-in, and compares whether the second value is the same as the starting position of the content of the first file.

In this example, the second value is the same as the starting position of the content of the first file. The network device determines that the current file content read by the client is sequential reading, and the network device uses the first value 40 to update the second value 0. At this time, the second value is 40.

At this time, the network device obtains the second read request packet sent by the client to the server, the second file content length (len) is 40, the second file content start position (offset) is 120, and the third request sequence number ( messageID) is 2.

The network device caches the third request sequence number 2 to the third node. It can be understood that the third node is adjacent to and behind the first node. The network device obtains the second value 40 from the SMB protocol parsing plug-in, and compares whether the second value is the same as the starting position of the second file content.

In this example, the second value is different from the starting position of the content of the second file. The network device determines that the file content read by the current client is out-of-order reading, and the network device caches the content length of the second file and the starting position of the second file content to the third node.

In another example, at this time, the network device obtains the second read request packet sent by the client to the server, the second file content length (len) is 40, and the second file content start position (offset) is 40 And the third request sequence number (messageID) is 2.

The network device caches the third request sequence number 2 to the third node. It can be understood that the third node is adjacent to and behind the first node. The network device obtains the second value 40 from the SMB protocol parsing plug-in, and compares whether the second value is the same as the starting position of the second file content.

In this example, the second value is the same as the starting position of the content of the second file. The network device determines that the current client reads the content of the file as sequential reading, the network device calculates the sum of the length of the second file content and the starting position of the second file content, obtains the first value of 80, and uses the first value 80 to update the first value The second value is 40, at this time, the second value is 80.

It can be understood that, each time the network device obtains the read request data packet sent by the client to the server, it first stores the request sequence numbers to the nodes of Req_Queue1 in order of size. Then, the network device compares whether the value in the SMB protocol parsing plug-in is the same as the starting position of the file content.

If they are the same, the network device determines that the client reads the file content as sequential reading. The network device calculates the sum of the length of the file content and the starting position of the file content, and uses the sum to update the value in the SMB protocol parsing plug-in.

If they are different, the network device determines that the client reads the file content out of order. The network device maintains the value in the SMB protocol analysis plug-in, and caches the length of the file content and the starting position of the file content to the node where the request sequence number is located.

The network device repeatedly executes the above process.

Step 120, obtaining a second request sequence number from a first node included in the first queue, the first node being the head node of the first queue;

Specifically, according to the description of step 110, the network device acquires the second request sequence number cached in the first node included in Req_Queue1.

Step 130, judging whether the first request sequence number is the same as the second request sequence number;

Specifically, according to the description of step 120, after obtaining the second request serial number, the network device compares whether the first request serial number is the same as the second request serial number. If they are the same, the network device executes step 140; if they are different, the network device executes step 150.

Step 140, if they are the same, perform DPI service processing on the first file content;

Specifically, according to the description of step 130, if the first request sequence number is the same as the second request sequence number, the network device determines that the first read response data packet is a response data packet corresponding to the first read request data packet.

The network device performs DPI service processing on the content of the first file.

Optionally, after the network device performs DPI service processing on the first file content, the network device deletes the first node from Req_Queue1. At this time, the next node adjacent to the first node is promoted to be the head node of the first queue, and the request sequence number cached in this node is the minimum value of all request sequence numbers.

Step 150, if different, cache the first response data packet.

Specifically, according to the description of step 130, if the first request sequence number is different from the second request sequence number, the network device determines that the first read response data packet is not a response data packet corresponding to the first read request data packet, and determines that the server Read response packets are not returned in order. The network device does not perform DPI service processing on the content of the first file first.

The network device caches the first response packet.

Optionally, the network device caches the first response data packet. The specific process: the network device caches the first request sequence number to the second node included in Req_Queue1, and caches the first file content to the second node.

Therefore, by applying the communication method provided by this application, the network device obtains the first read response data packet sent by the server to the client, the first read response data packet includes the first file content and the first request sequence number; Obtain the second request serial number from the first node included in a queue, and the first node is the head node of the first queue; the network device judges whether the first request serial number is the same as the second request serial number; DPI service processing is performed on the file content; if different, the network device caches the first response data packet; wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is the minimum value.

In this way, the request sequence numbers sent by the client and the server are used to enable the network device to perform business processing on the matched file content according to the request sequence numbers. It solves the problem that the file is prone to disorder in the file transfer process between the existing client and the server. It ensures the sequential processing of file content, thereby improving the ability to detect files.

Optionally, in this embodiment of the present application, it also includes a process in which the network device identifies whether the first request sequence number is the final sequence number, and then ends the current file transfer process.

Specifically, the network device repeatedly executes the aforementioned steps 110 to 150, and after obtaining the first request serial number each time, judges whether the first request serial number is the final serial number, that is, whether the first request serial number is endOfFileID.

If yes, it is determined that the server has transmitted the last part of the file content, and the network device traverses the file content. If the file end mark is traversed, the network device ends the current file transfer process.

Wherein, the value of endOfFileID is the total length of the file to be obtained, and the total length of the file to be obtained is the sum of the length of the file content of the file to be obtained and the starting position of the file content of the file to be obtained.

Optionally, if the file technical flag is not traversed, the network device determines that the file transfer in the current file transfer traffic is incomplete, and the network device cannot end the current file transfer process.

If the current file transfer process has not ended, when the network device obtains the close request data packet (for example, CLOSE Request data packet) sent by the client to the server, the current file transfer process ends.

Optionally, in the embodiment of the present application, the above descriptions are all described by taking the exchange of read request data packets and read response data packets between the client and the server as an example. In the actual process, the client and the server will also interact with each other to write request packets and write response packets.

The following takes the interaction between the client and the server to write request data packets and write response data packets as an example for illustration.

Specifically, SMB session authentication is first performed between the client and the server. The client first sends a create request (for example, NT_CREATE_ANDX Request) packet to the server to request the server to create and open a new file. The server returns a create response (eg, NT_CREATE_ANDX Response) packet to inform the client that the file has been created and opened.

The client sends a first write request packet (for example, WRITE_ANDX Request) to the server, the first write request packet includes the content of the third file to be written by the client, the length of the content of the third file, the start of the content of the third file location and the fourth request sequence number.

The network device obtains the first write request data packet, and obtains the third file content, the length of the third file content, the starting position of the third file content, and the fourth request sequence number from the first write request data packet.

The network device calculates the sum of the content length of the third file and the starting position of the content of the third file to obtain a third value. The network device acquires the fourth value stored in the local SMB protocol parsing plug-in. The network device judges whether the fourth value is the same as the starting position of the content of the third file.

If they are the same, the network device determines that the file content written by the client is written sequentially, and uses the third value to update the fourth value; if not, the network device determines that the file content written by the client is written out of order, and maintains the local The SMB protocol parses the fourth value stored in the plug-in.

Further, after the network device updates the fourth value with the third value, it performs DPI service processing on the content of the third file.

After the network device maintains the fourth value stored in the local SMB protocol analysis plug-in, the content of the third file, the length of the content of the third file and the starting position of the content of the third file are cached to the first node included in the second queue (for example, Req_Queue2) place.

It can be understood that Req_Queue2 has the same structure and function as Req_Queue1, and each node can be used to record len, offset and file content. Req_Queue1 corresponds to the obtained read request data packet and read response data packet; Req_Queue2 corresponds to the obtained write request data packet.

In this embodiment of the application, the network device no longer caches the fourth request sequence number in the node because, after the server receives the write request data packet, it writes the file content to the corresponding location, generates and sends it to the client Write a response packet (for example, WRITE_ANDX Response) to inform the client of the write execution result. The corresponding request sequence number is no longer included in the write response data packet, but includes write success or write failure.

It should be noted that after the network device maintains the fourth value stored in the local SMB protocol analysis plug-in, if the write request packet is subsequently received, after the above calculation and judgment, the fourth value is different from the starting position of the file content, then The network device may traverse the offsets stored in each node included in the Req_Queue2 to find whether there is an offset that is the same as the fourth value. If it exists, the network device calculates the sum of the offset and len in the node, and uses the sum to update the fourth value. After updating the fourth value, the network device performs DPI service processing on the file content stored in the node. After processing the DPI service, the network device deletes the offset, len and file content stored in the node.

In an example, the fourth value stored in the local SMB protocol parsing plug-in of the network device is 0. The network assumes that the first write request packet is received, the third file content length (len) is 40, the third file content start position (offset) is 0, and the fourth request sequence number (messageID) is 1.

The network device calculates the sum of the content length of the third file and the starting position of the content of the third file, and obtains a third value of 40. The network device obtains the fourth value from the SMB protocol parsing plug-in, and compares whether the fourth value is the same as the starting position of the content of the third file.

In this example, the fourth value is the same as the starting position of the content of the third file. The network device determines that the current file content written by the client is sequential writing, and the network device uses the third value 40 to update the fourth value 0. At this time, the fourth value is 40. The network device performs DPI service processing on the content of the third file.

At this time, the network device obtains the second write request packet sent by the client to the server, the fourth file content length (len) is 40, the fourth file content start position (offset) is 120, and the fifth request sequence number ( messageID) is 2.

The network device obtains the fourth value 40 from the SMB protocol parsing plug-in again, and compares whether the fourth value is the same as the starting position of the content of the fourth file.

In this example, the fourth value is different from the starting position of the content of the fourth file. The network device determines that the file content read by the current client is out-of-order writing, and the network device caches the length of the fourth file content, the starting position of the fourth file content, and the fourth file content to the first node included in Req_Queue2.

In another example, the fourth value stored in the local SMB protocol parsing plug-in of the network device is 40. Node 1, Node 2, and Node 3 included in Req_Queue2 all store the corresponding offset, len, and file content.

Node 1 stores offset1 as 40, len1 as 40 and file content 1; node 2 stores offset2 as 120, len2 as 40 and file content 2; node 3 stores offset3 as 200, len3 as 40 and file content 3.

At this time, the network device obtains the second read request packet sent by the client to the server, the content length (len) of the third file is 40, the starting position (offset) of the content of the third file is 160, and the fourth request sequence number ( messageID) is 2.

The network device obtains the fourth value 40 from the SMB protocol parsing plug-in, and compares whether the fourth value is the same as the starting position of the content of the third file.

In this example, the fourth value is different from the content starting position of the third file. The network device determines that the file content read by the current client is out-of-order writing, the network device traverses the offsets stored in node 1, node 2, and node 3, and finds that offset1 stored in node 1 is the same as the fourth value. The network device calculates the sum of offset1 and len1 to be 80, and uses the sum of 80 to update the fourth value. After updating the fourth value to 80, the network device performs DPI service processing on file content 1. After processing the DPI service, the network device deletes offset1, len1 and file content 1 stored in node 1.

Based on the same inventive concept, an embodiment of the present application also provides a communication device. Referring to Fig. 2, Fig. 2 is a communication device provided by an embodiment of the present application, the device is applied to a network device, and the device includes:

The first obtaining unit 210 is configured to obtain a first read response data packet sent by the server to the client, the first read response data packet includes the first file content and the first request sequence number;

The second obtaining unit 220 is configured to obtain a second request sequence number from a first node included in the first queue, the first node being the head node of the first queue;

The first judging unit 230 is configured to judge whether the first request serial number is the same as the second request serial number;

The service processing unit 240 is configured to perform DPI service processing on the first file content if they are the same;

The cache unit 250 is configured to cache the first response data packet if they are different;

Wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is a minimum value.

Optionally, the first obtaining unit 210 is further configured to obtain a first read request packet sent by the client to the server, the first read request packet includes The content length of the first file, the starting position of the first file content and the second request sequence number;

The caching unit 250 is further configured to cache the second request sequence number at the first node;

The device further includes: a calculation unit (not shown in the figure), configured to calculate the sum of the length of the content of the first file and the starting position of the content of the first file to obtain the first value;

A third acquisition unit (not shown in the figure), configured to acquire the second value stored in the local SMB protocol analysis plug-in;

The second judging unit (not shown in the figure) is used to judge whether the second value is the same as the starting position of the content of the first file;

An updating unit (not shown in the figure), configured to use the first value to update the second value if they are the same;

The cache unit 250 is also used to, if different, maintain the second value stored in the local SMB protocol analysis plug-in, and cache the first file content length and the first file content start position to the Cache at the first node to the first node;

Wherein, the first file content is determined by the server according to the length of the first file content and the starting position of the first file content.

Optionally, the apparatus further includes: a deleting unit (not shown in the figure), configured to delete the first node from the first queue.

Optionally, the cache unit 250 is specifically configured to cache the first request sequence number to a second node included in the first queue, and cache the first file content to the second node .

Optionally, the device further includes: a third judging unit (not shown in the figure), configured to judge whether the first request sequence number is a final sequence number;

An end unit (not shown in the figure) is used to end the file transfer process if so;

Wherein, the value of the final sequence number is the total file length of the file to be obtained, and the total file length of the file to be obtained is the sum of the file content length of the file to be obtained and the starting position of the file content of the file to be obtained .

Optionally, the end unit (not shown in the figure) is also configured to, if the current file transfer process is not ended, when the close request packet sent by the client to the server is obtained, end This file transfer process.

Optionally, the first obtaining unit 210 is further configured to obtain a first write request packet sent by the client to the server, the first write request packet includes The content of the third file, the length of the content of the third file, and the starting position of the content of the third file;

The calculation unit (not shown in the figure) is also used to calculate the sum of the content length of the third file and the starting position of the content of the third file to obtain a third value;

The third obtaining unit (not shown in the figure) is also used to obtain the fourth value stored in the local SMB protocol analysis plug-in;

The second judging unit (not shown in the figure) is also used to judge whether the fourth value is the same as the starting position of the content of the third file;

The updating unit (not shown in the figure) is also used to, if they are the same, update the fourth value only by using the third one;

The cache unit 250 is further configured to, if different, maintain the fourth value stored in the local SMB protocol parsing plug-in.

Optionally, the service processing unit 240 is further configured to perform DPI service processing on the third file content.

Optionally, the caching unit 250 is further configured to cache the third file content, the length of the third file content, and the starting position of the third file content at the first node included in the second queue;

Wherein, the second queue includes at least one node, and each node is used to store the file content, the length of the file content, and the starting position of the file content.

Therefore, by using the communication device provided by this application, the network device obtains the first read response data packet sent from the server to the client, the first read response data packet includes the first file content and the first request sequence number; Obtain the second request serial number from the first node included in a queue, and the first node is the head node of the first queue; the network device judges whether the first request serial number is the same as the second request serial number; DPI service processing is performed on the file content; if different, the network device caches the first response data packet; wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is the minimum value.

In this way, the request sequence numbers sent by the client and the server are used to enable the network device to perform business processing on the matched file content according to the request sequence numbers. It solves the problem that the file is prone to disorder in the file transfer process between the existing client and the server. It ensures the sequential processing of file content, thereby improving the ability to detect files.

Based on the same inventive concept, the embodiment of the present application also provides a network device, as shown in FIG. 3 , including a processor 310, a transceiver 320 and a machine-readable storage medium 330. The machine-readable storage medium 330 stores The processor 310 executes the machine-executable instructions, and the processor 310 is prompted by the machine-executable instructions to execute the communication method provided by the embodiment of the present application. The aforementioned communication device shown in FIG. 2 can be realized by using the hardware structure of the network equipment shown in FIG. 3 .

The above-mentioned computer-readable storage medium 330 may include a random access memory (English: Random Access Memory, abbreviated as RAM), and may also include a non-volatile memory (English: Non-volatile Memory, abbreviated: NVM), such as at least one disk memory . Optionally, the computer-readable storage medium 330 may also be at least one storage device located away from the aforementioned processor 310 .

The above-mentioned processor 310 can be a general-purpose processor, including a central processing unit (English: Central Processing Unit, referred to as: CPU), a network processor (English: Network Processor, referred to as: NP), etc.; it can also be a digital signal processor (English: Digital Signal Processor (abbreviation: DSP), application specific integrated circuit (English: Application Specific Integrated Circuit, abbreviation: ASIC), field programmable gate array (English: Field-Programmable Gate Array, abbreviation: FPGA) or other programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.

In the embodiment of the present application, the processor 310 reads the machine-executable instructions stored in the machine-readable storage medium 330, and is prompted by the machine-executable instructions to implement the processor 310 itself and call the transceiver 320 to execute the foregoing description of the embodiment of the present application. communication method.

In addition, the embodiment of the present application provides a machine-readable storage medium 330. The machine-readable storage medium 330 stores machine-executable instructions. When called and executed by the processor 310, the machine-executable instructions prompt the processor 310 itself and The transceiver 320 is invoked to execute the communication method described in the foregoing embodiments of the present application.

For the implementation process of the functions and effects of each unit in the above device, please refer to the implementation process of the corresponding steps in the above method for details, and will not be repeated here.

As for the device embodiment, since it basically corresponds to the method embodiment, for related parts, please refer to the part description of the method embodiment. The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this application. It can be understood and implemented by those skilled in the art without creative effort.

As for the embodiments of the communication device and the machine-readable storage medium, since the content of the methods involved is basically similar to the foregoing method embodiments, the description is relatively simple, and for relevant details, please refer to the descriptions of the method embodiments.

The above is only a preferred embodiment of the application, and is not intended to limit the application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the application should be included in the application. within the scope of protection.

Claims (10)

1. A communication method, characterized in that, the method is applied to a network device, and the method comprises: Obtaining the first read response data packet sent by the server to the client, the first read response data packet including the first file content and the first request sequence number; Obtaining a second request sequence number from a first node included in the first queue, where the first node is the head node of the first queue; judging whether the first request sequence number is the same as the second request sequence number; If they are the same, perform DPI service processing on the content of the first file; If different, cache the first response data packet; Wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is a minimum value. 2. The method according to claim 1, wherein before obtaining the first read response packet sent by the server to the client, the method further comprises: Obtaining the first read request data packet sent by the client to the server, the first read request data packet includes the content length of the first file to be read by the client, the starting position of the first file content, and the second request sequence number; cache the second request sequence number at the first node; calculating the sum of the content length of the first file and the starting position of the content of the first file to obtain a first value; Obtain the second value stored in the local SMB protocol parsing plug-in; judging whether the second value is the same as the starting position of the content of the first file; If they are the same, updating the second value with the first value; If different, then maintain the second value stored in the local SMB protocol analysis plug-in, and cache the content length of the first file and the starting position of the content of the first file to the first node and cache to the at the first node; Wherein, the first file content is determined by the server according to the length of the first file content and the starting position of the first file content. 3. The method according to claim 1, characterized in that, after performing DPI service processing on the first file content, the method further comprises: deleting the first node from the first queue. 4. The method according to claim 1, wherein the caching the first response data packet specifically comprises: Cache the first request sequence number to the second node included in the first queue, and cache the first file content to the second node. 5. The method according to claim 1, wherein the method further comprises: judging whether the first request sequence number is the final sequence number; If so, end the file transfer process; Wherein, the value of the final sequence number is the total file length of the file to be obtained, and the total file length of the file to be obtained is the sum of the file content length of the file to be obtained and the starting position of the file content of the file to be obtained . 6. The method according to claim 5, further comprising: If the current file transfer process has not ended, when the close request data packet sent by the client to the server is obtained, the current file transfer process is ended. 7. The method according to claim 1, further comprising: Obtain the first write request data packet sent by the client to the server, the first write request data packet includes the content of the third file to be written by the client, the length of the content of the third file, and the content of the third file Content start position; calculating the sum of the content length of the third file and the starting position of the content of the third file to obtain a third value; Obtain the fourth value stored in the local SMB protocol parsing plug-in; judging whether the fourth value is the same as the starting position of the content of the third file; If they are the same, then using the third one to update the fourth value; If not, maintain the fourth value stored in the local SMB protocol parsing plug-in. 8. The method according to claim 7, wherein after updating the fourth value using the third value, the method further comprises: Perform DPI service processing on the content of the third file. 9. The method according to claim 7, wherein after maintaining the fourth value stored in the local SMB protocol analysis plug-in, the method further comprises: Cache the content of the third file, the length of the content of the third file, and the starting position of the content of the third file to the first node included in the second queue; Wherein, the second queue includes at least one node, and each node is used to store the file content, the length of the file content, and the starting position of the file content. 10. A communication device, characterized in that the device is applied to network equipment, and the device comprises: The first obtaining unit is configured to obtain a first read response data packet sent by the server to the client, the first read response data packet including the first file content and the first request sequence number; A second obtaining unit, configured to obtain a second request sequence number from a first node included in the first queue, where the first node is the head node of the first queue; a first judging unit, configured to judge whether the first request serial number is the same as the second request serial number; A service processing unit, configured to perform DPI service processing on the first file content if they are the same; a cache unit, configured to cache the first response data packet if they are different; Wherein, the first queue includes at least one node, and the request sequence number stored in the first node included in the first queue is a minimum value.

Images