一、Five-Tuple 是什麼
Five-Tuple 直譯為五元組,是網絡協議中一個重要的概念,用於描述網絡通信中的一個連接。它包括五個重要的參數:
- 源 IP 地址。
- 目的 IP 地址。
- 源端口號。
- 目的端口號。
- 傳輸協議。
其中,前四個參數都是一個 16 比特的整數,傳輸協議也是一個 8 比特的整數,從而共佔用 64 比特的空間。
二、Five-Tuple 的作用
Five-Tuple 可以用來唯一地標識一個連接,根據源 IP 地址、源端口號、目的 IP 地址和目的端口號的不同組合,可以區分不同的連接。同時,傳輸協議可以區分 TCP 連接和 UDP 連接。
在網絡傳輸中,Five-Tuple 不僅是識別和區分連接的重要參數,而且在路由和過濾策略中也有廣泛的應用。
三、Five-Tuple 的應用
<!-- 代碼示例1:使用 socket 獲取 Five-Tuple -->
<h3>1. 獲取本地 Five-Tuple</h3>
import socket
def get_local_five_tuple():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('www.baidu.com', 80))
local_address, local_port = sock.getsockname()
remote_address, remote_port = sock.getpeername()
sock.close()
return (local_address, local_port, remote_address, remote_port, socket.IPPROTO_TCP)
if __name__ == '__main__':
print(get_local_five_tuple())
<!-- 代碼示例1:使用 socket 獲取 Five-Tuple -->
<h3>1. 獲取本地 Five-Tuple</h3>
import socket
def get_local_five_tuple():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('www.baidu.com', 80))
local_address, local_port = sock.getsockname()
remote_address, remote_port = sock.getpeername()
sock.close()
return (local_address, local_port, remote_address, remote_port, socket.IPPROTO_TCP)
if __name__ == '__main__':
print(get_local_five_tuple())
獲取當前計算機連接的 Five-Tuple 可以使用 Python 中的 socket 模塊。通過創建一個 TCP 連接,可以得到當前計算機和對方計算機之間的 Five-Tuple。具體代碼如上所示。
<!-- 代碼示例2:過濾五元組 -->
<h3>2. 過濾 Five-Tuple</h3>
import socket
def get_local_five_tuple():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('www.baidu.com', 80))
local_address, local_port = sock.getsockname()
remote_address, remote_port = sock.getpeername()
sock.close()
return (local_address, local_port, remote_address, remote_port, socket.IPPROTO_TCP)
def filter_five_tuple(five_tuple_list, protocol, local_address=None, local_port=None, remote_address=None, remote_port=None):
result = []
for five_tuple in five_tuple_list:
if five_tuple[4] == protocol:
if local_address is None or local_address == five_tuple[0]:
if local_port is None or local_port == five_tuple[1]:
if remote_address is None or remote_address == five_tuple[2]:
if remote_port is None or remote_port == five_tuple[3]:
result.append(five_tuple)
return result
if __name__ == '__main__':
five_tuple_list = [(192, 168, 0, 1, 80, 123, 234, 567, socket.IPPROTO_TCP),
(192, 168, 0, 2, 80, 123, 234, 568, socket.IPPROTO_TCP),
(192, 168, 0, 3, 80, 123, 234, 569, socket.IPPROTO_TCP)]
result = filter_five_tuple(five_tuple_list, socket.IPPROTO_TCP)
print(result)
<!-- 代碼示例2:過濾五元組 -->
<h3>2. 過濾 Five-Tuple</h3>
import socket
def get_local_five_tuple():
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect(('www.baidu.com', 80))
local_address, local_port = sock.getsockname()
remote_address, remote_port = sock.getpeername()
sock.close()
return (local_address, local_port, remote_address, remote_port, socket.IPPROTO_TCP)
def filter_five_tuple(five_tuple_list, protocol, local_address=None, local_port=None, remote_address=None, remote_port=None):
result = []
for five_tuple in five_tuple_list:
if five_tuple[4] == protocol:
if local_address is None or local_address == five_tuple[0]:
if local_port is None or local_port == five_tuple[1]:
if remote_address is None or remote_address == five_tuple[2]:
if remote_port is None or remote_port == five_tuple[3]:
result.append(five_tuple)
return result
if __name__ == '__main__':
five_tuple_list = [(192, 168, 0, 1, 80, 123, 234, 567, socket.IPPROTO_TCP),
(192, 168, 0, 2, 80, 123, 234, 568, socket.IPPROTO_TCP),
(192, 168, 0, 3, 80, 123, 234, 569, socket.IPPROTO_TCP)]
result = filter_five_tuple(five_tuple_list, socket.IPPROTO_TCP)
print(result)
Five-Tuple 還可以用於過濾網絡數據包,在網絡防火牆、入侵檢測等領域中廣泛應用。將五個參數傳入 filter_five_tuple() 函數中,可以過濾出符合條件的 Five-Tuple 列表。如上所示的代碼中,通過傳入五個參數過濾 Five-Tuple 列表,並返回符合條件的 Five-Tuple 列表。
<!-- 代碼示例3:驗證 Five-Tuple 的唯一性 -->
<h3>3. 驗證五元組唯一性</h3>
import socket
def unique_five_tuple():
sock1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock1.connect(('www.baidu.com', 80))
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock2.connect(('www.baidu.com', 80))
local_address1, local_port1 = sock1.getsockname()
local_address2, local_port2 = sock2.getsockname()
remote_address, remote_port = sock1.getpeername()
sock1.close()
sock2.close()
return local_address1 == local_address2 and local_port1 != local_port2 and remote_address == remote_address and remote_port == remote_port and socket.IPPROTO_TCP == socket.IPPROTO_TCP
if __name__ == '__main__':
print(unique_five_tuple())
<!-- 代碼示例3:驗證 Five-Tuple 的唯一性 -->
<h3>3. 驗證五元組唯一性</h3>
import socket
def unique_five_tuple():
sock1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock1.connect(('www.baidu.com', 80))
sock2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock2.connect(('www.baidu.com', 80))
local_address1, local_port1 = sock1.getsockname()
local_address2, local_port2 = sock2.getsockname()
remote_address, remote_port = sock1.getpeername()
sock1.close()
sock2.close()
return local_address1 == local_address2 and local_port1 != local_port2 and remote_address == remote_address and remote_port == remote_port and socket.IPPROTO_TCP == socket.IPPROTO_TCP
if __name__ == '__main__':
print(unique_five_tuple())
Five-Tuple 的唯一性是保障網絡傳輸正常運轉的基礎,如果 Five-Tuple 不唯一,會導致網絡傳輸錯誤。可以通過創建多個連接並獲取 Five-Tuple 進行比對,來驗證 Five-Tuple 的唯一性。具體代碼如上所示。
結語
Five-Tuple 是網絡協議中的一個重要概念,包含五個參數:源 IP、目的 IP、源端口、目的端口和傳輸協議。它可以唯一地標識一個連接,廣泛應用於網絡傳輸、路由和過濾策略中。在 Python 中,可以使用 socket 模塊獲取 Five-Tuple,同時也可以驗證 Five-Tuple 的唯一性並進行過濾操作。
原創文章,作者:小藍,如若轉載,請註明出處:https://www.506064.com/zh-hant/n/312996.html
微信掃一掃 
支付寶掃一掃 