Disclosure of Invention
The invention provides a data transmission method, a system and a device for an ICMP proxy UDP, which can avoid QOS speed limit and interference of a firewall to UDP flow, effectively ensure and improve UDP connection speed and stability and ensure user experience effect of audio and video service.
In order to solve the technical problem, the present invention provides a data transmission method of an ICMP proxy UDP, including:
transmitting an original UDP message from a data transmitting end to a first router through an Ethernet network;
the first router is controlled to carry out ICMP encapsulation on the original UDP message to form a first UDP message with an ICMP header;
the first UDP message is sent to a second router through an Ethernet network; a firewall is arranged between the first router and the second router;
controlling the second router to decapsulate the first UDP message to obtain a second UDP message;
and sending the second UDP message to a data sending end through a local network card.
Further, the sending, by the ethernet network, the original UDP packet from the data sending end to the first router is specifically:
determining a source address of an original UDP message as a data transmitting end;
and determining the destination address of the original UDP message as a first router.
Further, the controlling the first router performs ICMP encapsulation on the original UDP packet to form a first UDP packet with an ICMP header, which specifically includes:
modifying the source address of the original UDP message from the data transmitting end to a first router;
modifying the destination address of the original UDP message from the first router to the second router;
and adding ICMP header encapsulation to the original UDP message to form a first UDP message with the ICMP header.
Further, the adding ICMP header encapsulation to the original UDP packet forms a first UDP packet with an ICMP header, which specifically includes:
setting the type of ICMP according to the message type of the original UDP message; the message type of the original UDP message comprises a request and a reply;
acquiring a UDP Header and UDP Data from the original UDP message, and determining the UDP Header and the UDP Data as ICMP Data;
generating ICMP head encapsulation according to the type of the ICMP and the ICMP Data;
and adding the ICMP header encapsulation to the original UDP message to form a first UDP message with the ICMP header.
Further, the setting of the ICMP type according to the message type of the original UDP message specifically includes:
when the message type of the original UDP message is a request, setting the type of ICMP as 8;
when the message type of the original UDP message is a reply, setting the type of the ICMP as 0.
Further, the controlling the second router decapsulates the first UDP packet to obtain a second UDP packet, specifically:
modifying the source address of the first UDP message from the first router to the second router;
modifying the destination address of the first UDP message from the second router to the data receiving end;
and determining the first UDP message with the modified source address and the modified destination address as a second UDP message.
The invention provides a data transmission method of ICMP agent UDP, which sends an original UDP message to a first router from a data sending end through an Ethernet network; the first router is controlled to carry out ICMP encapsulation on the original UDP message to form a first UDP message with an ICMP header; transmitting the first UDP message to a second router through an Ethernet network; controlling a second router to decapsulate the first UDP message to obtain a second UDP message; and sending the second UDP message to the data sending end through the local network card to finish data transmission. According to the invention, the firewall marks the UDP flow as the ICMP flow by simulating the ICMP header, so that QOS speed limit and interference of the firewall on the UDP flow are avoided, the speed and stability of UDP connection are effectively ensured and improved, and the user experience effect of the audio/video service is ensured.
The invention provides a data transmission system of ICMP agent UDP, comprising: the system comprises a service client, an encapsulation router, a firewall, a decapsulation router and a service server;
the service client side and the service server side adopt UDP transmission protocol to carry out service bidirectional communication;
the communication process between the business client and the business server passes through a packaging router, a firewall and a deblocking router;
when the service client side sends a UDP message to the service server side, the encapsulation router is used for ICMP encapsulation of the UDP message, and the decapsulation router is used for decapsulating the UDP message;
when the service server side sends the UDP message to the service client side, the decapsulation router is used for performing ICMP encapsulation on the UDP message, and the encapsulation router is used for decapsulating the UDP message.
The invention provides a data transmission system of an ICMP proxy UDP, which is based on the organic combination among modules, and the firewall marks the UDP flow as the ICMP flow by simulating the ICMP header, so that QOS speed limit and interference of the firewall on the UDP flow are avoided, the UDP connection speed and stability are effectively ensured and improved, and the user experience effect of audio and video service is ensured.
The invention provides a data transmission device of ICMP agent UDP, comprising: the system comprises a first sending module, a packaging module, a second sending module, a deblocking module and a third sending module;
the first sending module is used for sending the original UDP message from the data sending end to the first router through the Ethernet network;
the encapsulation module is used for controlling the first router to carry out ICMP encapsulation on the original UDP message to form a first UDP message with an ICMP header;
the second sending module is used for sending the first UDP message to a second router through an Ethernet network; a firewall is arranged between the first router and the second router;
the decapsulation module is used for controlling the second router to decapsulate the first UDP message to obtain a second UDP message;
the third sending module is configured to send the second UDP packet to a data sending end through a local network card.
Further, the package module includes: a first source address modification unit, a first destination address modification unit, and an addition unit;
the first source address modification unit is used for modifying the source address of the original UDP message from the data transmitting end to a first router;
the first destination address modification unit is used for modifying the destination address of the original UDP message from the first router to the second router;
the adding unit is used for adding ICMP header encapsulation to the original UDP message to form a first UDP message with the ICMP header.
Further, the adding unit includes: setting a subunit, a determining subunit, a generating subunit and a message forming subunit;
the setting subunit is used for setting the type of the ICMP according to the message type of the original UDP message; the message type of the original UDP message comprises a request and a reply;
the determining subunit is configured to obtain a UDP Header and UDP Data from the original UDP packet, and determine the UDP Header and UDP Data as ICMP Data;
the generating subunit is used for generating ICMP head encapsulation according to the type of the ICMP and the ICMP Data;
the message forming subunit is configured to add the ICMP header encapsulation to the original UDP message to form a first UDP message with an ICMP header.
The invention provides a data transmission device of ICMP agent UDP, based on the organic combination between modules, the original UDP message is sent from a data sending end to a first router through an Ethernet network; the first router is controlled to carry out ICMP encapsulation on the original UDP message to form a first UDP message with an ICMP header; transmitting the first UDP message to a second router through an Ethernet network; controlling a second router to decapsulate the first UDP message to obtain a second UDP message; and sending the second UDP message to the data sending end through the local network card to finish data transmission. According to the invention, the firewall marks the UDP flow as the ICMP flow by simulating the ICMP header, so that QOS speed limit and interference of the firewall on the UDP flow are avoided, the speed and stability of UDP connection are effectively ensured and improved, and the user experience effect of the audio/video service is ensured.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
ICMP (Internet Control Message Protocol) Internet control message protocol. It is a sub-protocol of the TCP/IP protocol suite for passing control messages between IP hosts, routers. The control message refers to a message of the network itself such as a network is not connected, whether a host is reachable, whether a route is available, and the like. These control messages, although not transmitting user data, play an important role in the transfer of user data. Because the ICMP message can carry data, and the ICMP message is processed by the system kernel, the ICMP message does not occupy any port, and the traditional router does not limit the flow of the ICMP.
The invention makes the firewall mark UDP flow as ICMP flow by simulating ICMP header, adopts a method based on three layers of ICMP protocols of Ethernet, compared with TCP protocol message, ICMP message is processed by the system kernel, does not occupy any port, and has very fast kernel processing speed; the ICMP protocol message is simpler than the TCP protocol message, and is more friendly to developers in use; ICMP does not require three-way and four-way handshaking procedures like the TCP protocol, and the flow is simpler.
Example 1
Referring to fig. 1, a flow chart of an embodiment of a data transmission method of an ICMP proxy UDP provided by the present invention is shown, where the method includes steps 101 to 105, and the steps are specifically as follows:
step 101: the original UDP message is sent to the first router from the data sending end through the Ethernet network.
Further, in the first embodiment of the present invention, an original UDP packet is sent from a data sending end to a first router through an ethernet network, which specifically is:
determining a source address of an original UDP message as a data transmitting end;
and determining the destination address of the original UDP message as a first router.
In the first embodiment of the invention, unlike the conventional method of directly transmitting the UDP message from the data transmitting end to the data receiving end, the method of the invention transmits the UDP message from the data transmitting end to the first router to disguise the UDP message by adding ICMP encapsulation behavior, thereby avoiding the limitation of the firewall on UDP flow. Therefore, when the original UDP packet is transmitted, the source address needs to be set as the IP address of the data transmitting end, and the destination address needs to be set as the IP address of the first router.
The following table is a format of a UDP message, and the source address and destination address of the UDP message are stored in the ip header.
Step 102: and controlling the first router to carry out ICMP encapsulation on the original UDP message to form a first UDP message with an ICMP header.
Further, in the first embodiment of the present invention, the first router is controlled to perform ICMP encapsulation on the original UDP packet to form a first UDP packet with an ICMP header, which specifically is:
modifying the source address of the original UDP message from the data transmitting end to a first router;
modifying the destination address of the original UDP message from the first router to the second router;
and adding ICMP header encapsulation to the original UDP message to form a first UDP message with the ICMP header.
Further, in the first embodiment of the present invention, an ICMP header encapsulation is added to the original UDP packet to form a first UDP packet with an ICMP header, which specifically is:
setting the type of ICMP according to the message type of the original UDP message; the message type of the original UDP message comprises a request and a reply;
acquiring a UDP Header and UDP Data from the original UDP message, and determining the UDP Header and the UDP Data as ICMP Data;
generating ICMP head encapsulation according to the type of the ICMP and the ICMP Data;
and adding the ICMP header encapsulation to the original UDP message to form a first UDP message with the ICMP header.
Further, in the first embodiment of the present invention, according to the message type of the original UDP message, the type of the ICMP is set, specifically:
when the message type of the original UDP message is a request, setting the type of ICMP as 8;
when the message type of the original UDP message is a reply, setting the type of the ICMP as 0.
In the first embodiment of the invention, when the original UDP message is transmitted to the first router, the first router is utilized to carry out ICMP encapsulation on the original UDP message, disguise UDP traffic, and avoid the limitation of the firewall of the central machine room on UDP traffic. The ICMP encapsulation operation of the original UDP message comprises respectively modifying the source address and the destination address of the IP Header of the original UDP message to form the IP Header of the first UDP message; setting the type of ICMP according to the message type of the original UDP message, and combining the UDP Header and UDP Data of the original UDP message to form an ICMP Header package of the first UDP message; and adding the ICMP header encapsulation to the original UDP message to generate a first UDP message.
The following table is the format of a first UDP packet, where the source address and the destination address of the first UDP packet are stored in the IP Header, and the ICMP Data of the first UDP packet includes the UDP Header and the UDP Data of the original UDP packet.
Step 103: the first UDP message is sent to a second router through an Ethernet network; and a firewall is arranged between the first router and the second router.
In the first embodiment of the invention, after the original UDP message finishes ICMP encapsulation through the first router, the original UDP message is transmitted in the network with the firewall in the form of the first UDP message, so that the effect that the UDP protocol is not limited by the firewall of the central machine room can be achieved.
Step 104: and controlling the second router to decapsulate the first UDP message to obtain a second UDP message.
Further, in the first embodiment of the present invention, the second router is controlled to decapsulate the first UDP packet to obtain a second UDP packet, which is specifically:
modifying the source address of the first UDP message from the first router to the second router;
modifying the destination address of the first UDP message from the second router to the data receiving end;
and determining the first UDP message with the modified source address and the modified destination address as a second UDP message.
In the first embodiment of the invention, when the first UDP message is transmitted to the second router through the firewall, the second router is utilized to decapsulate the first UDP message and restore the original UDP message. The first UDP message is unpacked by modifying the source address and the destination address of the IP Header of the first UDP message to form the IP Header of the second UDP message; the source port of the first UDP message is modified to be a UDP source port used by the second router for sending, and the destination port is a destination port monitored by the data receiving end, so that the first UDP message is restored to be the second UDP message.
Step 105: and sending the second UDP message to a data sending end through a local network card.
In the first embodiment of the invention, after the first UDP message is decapsulated by the second router, a second UDP message identical to the original UDP message can be formed, and the second UDP message is transmitted to the data receiving end, so that the safety and the integrity of the transmitted data can be ensured.
In summary, the first embodiment of the present invention provides a data transmission method of an ICMP proxy UDP, where an original UDP packet is sent from a data sending end to a first router through an ethernet network; the first router is controlled to carry out ICMP encapsulation on the original UDP message to form a first UDP message with an ICMP header; transmitting the first UDP message to a second router through an Ethernet network; controlling a second router to decapsulate the first UDP message to obtain a second UDP message; and sending the second UDP message to the data sending end through the local network card to finish data transmission. According to the invention, the firewall marks the UDP flow as the ICMP flow by simulating the ICMP header, so that QOS speed limit and interference of the firewall on the UDP flow are avoided, the speed and stability of UDP connection are effectively ensured and improved, and the user experience effect of the audio/video service is ensured.
Example 2
Referring to fig. 2, a schematic structural diagram of an embodiment of an ICMP proxy UDP data transmission system provided by the present invention includes a service client, an encapsulation router, a firewall, a decapsulation router, and a service server;
the service client side and the service server side adopt UDP transmission protocol to carry out service bidirectional communication;
the communication process between the business client and the business server passes through a packaging router, a firewall and a deblocking router;
when the service client side sends a UDP message to the service server side, the encapsulation router is used for ICMP encapsulation of the UDP message, and the decapsulation router is used for decapsulating the UDP message;
when the service server side sends the UDP message to the service client side, the decapsulation router is used for performing ICMP encapsulation on the UDP message, and the encapsulation router is used for decapsulating the UDP message.
As an example of the second embodiment of the present invention, referring to fig. 3, a flowchart of an embodiment of the UDP request and reply method provided by the present invention is shown. When the service server actively initiates UDP request and reply to the service client, the specific flow is as follows: the service client sends UDP service message to the encapsulation router; the encapsulation router encapsulates the UDP message with the ICMP Header according to the configuration or starting parameters, and adds a corresponding ICMP Header, and the type of the UDP service message is a request at the moment, so that the type of the ICMP is set as 8, and an ICMP encapsulation message is generated; sending the ICMP encapsulation message to an decapsulation router through an Ethernet network; the deblocking router performs deblocking on the ICMP encapsulation message with the ICMP header to obtain an original UDP message, and routes and forwards the original UDP message through a local network card according to configuration or starting parameters, and sends the original UDP message to a service server; after receiving the UDP service message, the service server performs service processing on the application layer, performs UDP reply, and sends a reply UDP service message to the decapsulation router; the method comprises the steps that an deblocking router is utilized to carry out ICMP Header encapsulation on a reply UDP service message according to configuration or starting parameters, a corresponding ICMP Header is added, and the type of the UDP service message at the moment is reply, so that the type of the ICMP is set to be 0, and a reply message after ICMP encapsulation is generated; the reply UDP service message after ICMP encapsulation is sent to an encapsulation router through an Ethernet network; the encapsulation router decapsulates the reply UDP service message with the ICMP header to obtain an original reply UDP service message, and routes and forwards the reply UDP service message to the service client through the local network card according to configuration or starting parameters to complete UDP reply. It should be noted that, because the ICMP Header encapsulation needs to occupy the size of the protocol frame and the extension parameter of the Header of the ICMP, the MTU of the original traffic needs to be adjusted so as not to exceed the maximum limit value of the ethernet, so as to ensure that the large packet traffic of the original traffic can smoothly complete the ICMP Header encapsulation.
As an example of the second embodiment of the present invention, referring to fig. 4, a flow chart of another embodiment of a UDP request and reply method provided by the present invention is shown, where when a service client actively initiates a UDP request and reply to a service server, the specific flow is as follows: the service server sends UDP service message to the unpacking router; the deblocking router performs ICMP Header encapsulation on the UDP message according to the configuration or starting parameters, and adds a corresponding ICMP Header, and the type of the UDP service message at the moment is a request, so that the type of the ICMP is set as 8, and an ICMP encapsulation message is generated; sending the ICMP encapsulation message to an encapsulation router through an Ethernet network; the encapsulation router decapsulates the ICMP encapsulation message with the ICMP header to obtain an original UDP message, and routes the original UDP message through a local network card according to configuration or starting parameters to send the original UDP message to the service client; after receiving the UDP service message, the service client performs service processing on the application layer, performs UDP reply, and sends a reply UDP service message to the encapsulation router; the encapsulation router is utilized to carry out ICMP Header encapsulation on the reply UDP service message according to configuration or starting parameters, and corresponding ICMP Header is added, wherein the type of the UDP service message is reply at the moment, so that the type of the ICMP is set to be 0, and a reply message after ICMP encapsulation is generated; the reply UDP service message after ICMP encapsulation is sent to the decapsulation router through the Ethernet network; the decapsulation router decapsulates the reply UDP service message with the ICMP header to obtain an original reply UDP service message, and routes and forwards the reply UDP service message to the service server through the local network card according to configuration or starting parameters to complete UDP reply. It should be noted that, because the ICMP Header encapsulation needs to occupy the size of the protocol frame and the extension parameter of the Header of the ICMP, the MTU of the original traffic needs to be adjusted so as not to exceed the maximum limit value of the ethernet, so as to ensure that the large packet traffic of the original traffic can smoothly complete the ICMP Header encapsulation.
In summary, the second embodiment of the present invention provides an ICMP proxy UDP data transmission system, based on the organic combination between modules, by simulating an ICMP header, the firewall marks the UDP traffic as ICMP traffic, thereby avoiding QOS speed limitation and interference of the firewall on the UDP traffic, effectively ensuring and improving the speed and stability of UDP connection, and ensuring the user experience effect of the audio and video service.
Example 3
Referring to fig. 5, a schematic structural diagram of an embodiment of an ICMP proxy UDP data transmission apparatus according to the present invention is provided, where the apparatus includes a first sending module 201, an encapsulation module 202, a second sending module 203, an decapsulation module 204, and a third sending module 205;
the first sending module 201 is configured to send an original UDP packet from a data sending end to a first router through an ethernet network;
the encapsulation module 202 is configured to control the first router to perform ICMP encapsulation on the original UDP packet, so as to form a first UDP packet with an ICMP header;
the second sending module 203 is configured to send the first UDP packet to a second router through an ethernet network; a firewall is arranged between the first router and the second router;
the decapsulation module 204 is configured to control the second router to decapsulate the first UDP packet to obtain a second UDP packet;
the third sending module 205 is configured to send the second UDP packet to a data sending end through a local network card.
Further, in the third embodiment of the present invention, the first transmitting module 201 includes: a source address determination unit and a destination address determination unit;
the source address determining unit is used for determining the source address of the original UDP message as a data transmitting end;
the destination address determining unit is used for determining the destination address of the original UDP message as the first router.
Further, in the third embodiment of the present invention, the package module 202 includes: a first source address modification unit, a first destination address modification unit, and an addition unit;
the first source address modification unit is used for modifying the source address of the original UDP message from the data transmitting end to the first router;
the first destination address modification unit is used for modifying the destination address of the original UDP message from the first router to the second router;
the adding unit is used for adding ICMP header encapsulation to the original UDP message to form a first UDP message with the ICMP header.
Further, in a third embodiment of the present invention, an adding unit includes: setting a subunit, a determining subunit, a generating subunit and a message forming subunit;
the setting subunit is used for setting the type of the ICMP according to the message type of the original UDP message; the message type of the original UDP message comprises a request and a reply;
the determining subunit is configured to obtain a UDP Header and UDP Data from the original UDP packet, and determine the UDP Header and UDP Data as ICMP Data;
the generating subunit is used for generating ICMP head encapsulation according to the type of the ICMP and the ICMP Data;
the message forming subunit is configured to add the ICMP header encapsulation to the original UDP message to form a first UDP message with an ICMP header.
Further, in the third embodiment of the present invention, according to the message type of the original UDP message, the type of the ICMP is set, specifically:
when the message type of the original UDP message is a request, setting the type of ICMP as 8;
when the message type of the original UDP message is a reply, setting the type of the ICMP as 0.
Further, in the third embodiment of the present invention, the decapsulation module 204 includes: the second source address modification unit, the second destination address modification unit and the message determination unit;
the second source address modification unit is used for modifying the source address of the first UDP message from the first router to the second router;
the second destination address modification unit is used for modifying the destination address of the first UDP message from the second router to the data receiving end;
the message determining unit is used for determining the first UDP message modified by the source address and the destination address as a second UDP message.
In summary, the third embodiment of the present invention provides a data transmission device of an ICMP proxy UDP, based on the organic combination between modules, sending an original UDP packet from a data sending end to a first router through an ethernet network; the first router is controlled to carry out ICMP encapsulation on the original UDP message to form a first UDP message with an ICMP header; transmitting the first UDP message to a second router through an Ethernet network; controlling a second router to decapsulate the first UDP message to obtain a second UDP message; and sending the second UDP message to the data sending end through the local network card to finish data transmission. According to the invention, the firewall marks the UDP flow as the ICMP flow by simulating the ICMP header, so that QOS speed limit and interference of the firewall on the UDP flow are avoided, the speed and stability of UDP connection are effectively ensured and improved, and the user experience effect of the audio/video service is ensured.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention, and are not to be construed as limiting the scope of the invention. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present invention are intended to be included in the scope of the present invention.