CN100401699C - Realizing VLAN technology on Ethernet via network card drive - Google Patents
Realizing VLAN technology on Ethernet via network card drive Download PDFInfo
- Publication number
- CN100401699C CN100401699C CNB02128105XA CN02128105A CN100401699C CN 100401699 C CN100401699 C CN 100401699C CN B02128105X A CNB02128105X A CN B02128105XA CN 02128105 A CN02128105 A CN 02128105A CN 100401699 C CN100401699 C CN 100401699C
- Authority
- CN
- China
- Prior art keywords
- vlan
- machine
- frame
- network interface
- interface card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The present invention discloses a technology for IP layer cipher equipment, which realizes the support of a virtual local area network (VLAN) on an Ethernet card not supporting the VLAN through the redesign of a network card driving program on the Ethernet card used by the IP layer cipher equipment. The technology can simultaneously realize the support of an 802.1Q and ISL protocol and multiple VLANs.
Description
Technical field
The present invention relates to network security technology, particularly a kind of redesign NIC driver of on the Ethernet card that IP layer encryption device uses, passing through, on the Ethernet card of supported vlans not, realized support, and then realized the technology of the IP layer encryption device of supported vlans VLAN.
Background technology
IP layer encryption device is a kind of encryption device that IP bag is carried out safe handling (as the IPSEC safe handling etc.), it between local area network (LAN) and router that it is protected, protection LAN data transmission safety on wide area network.VLAN (Virtual Local Area Network) be according to factors such as function, application with the user from being divided into the working group of function opposite independent one by one in logic, each subscriber's main station all is connected on the switch ports themselves of a supported vlans and belongs to some VLAN.Member among the same VLAN shares broadcasting, forms a broadcast domain, and broadcast message is to isolate mutually between the different VLAN.Like this, whole network division is become a plurality of different broadcast domains (VLAN).The agreement that VLAN uses mainly contains two kinds: the 802.1Q standard of a kind of IEEE of being; A kind of is the ISL (Inter-SwitchLink) of Cisco.Generally speaking, the communication that belongs between the member of same VLAN is directly carried out at Layer 2 switch, and the member between different VLAN then needs just can communicate with one another by router.If the member of same VLAN is distributed in different physical regions, must carry out communication by the TRUNK passage of inter-exchange between them.IP layer encryption device often is operated in the above-mentioned network environment, and no matter it self is operated in gateway mode or network bridge mode, all must realize the support to VLAN.IP layer encryption device in the past when being divided into several VLAN (VLAN) as protected LAN, cisco unity malfunction.Generally to realize the support of VLAN agreement is all needed to adopt special-purpose hardware device or special-purpose operating system, cost height at Ethernet card.
Summary of the invention
The invention provides a kind of redesign NIC driver of on the Ethernet card that IP layer encryption device uses, passing through, on the Ethernet card of supported vlans not, realized support to VLAN, and then realized the technology of the IP layer encryption device of supported vlans, can in IP layer encryption device, realize multi-VLAN function of exchange and multi-VLAN routing function, IP layer encryption device can adapt to the situation of having divided a plurality of VLAN among the LAN, comprise that VLAN is based on CISCO proprietary protocol ISL and based on the situation of international standard protocol 802.1Q, so just can expand the scope of application of IP layer encryption device greatly, can on general Ethernet card, produce, receive, handle the Frame of VLAN form.
Principle of the present invention is: drive by network interface card, realize vlan technology with software fully, thereby make IP layer encryption device can realize processing to the VLAN agreement.
Concrete technical scheme of the present invention is as follows:
The invention is characterized in:
(A) in operating system web socket structure, introduce two new respectively as VLAN type code and the variable that points to the pointer of VLAN associated data:
unsigned?char?pad_flag;
unsigned?char*pads;
(B) VLAN at ether interface is provided with structure that is called ifvlan of redetermination:
Struct?ifvlan
{
_ u16 vlanid; //vlan number
_ u8 vlantype; //VLAN type
};
And in the inner core if_req of the relevant ether interface of operating system, added a new structure variable struct ifvlan ifru_vlan, the default VLAN configuration of this ether interface is set with this variable.All distribute a corresponding ifvlan structure for each Ethernet interface;
The flow process that VLAN of the present invention accepts to handle comprises that network interface card accepts data, whether this machine of target MAC (Media Access Control) address is judged, peel off the VLAN encapsulation and recover normal Ether frame, peeling off VLAN encapsulation and information deposits in, submission system ICP/IP protocol stack, after network interface card receives initial data, whether this machine of target MAC (Media Access Control) address is judged, when belonging to this machine, directly removes target MAC (Media Access Control) address the VLAN encapsulation, when target MAC (Media Access Control) address does not belong to this machine when removing the VLAN encapsulation, the VLAN protocol information is saved in corresponding in the structure of directly transmitting use, through from the Frame of VLAN protocol format after the conversion of normal ethernet format Frame, submit to the upper-layer protocol stack, and all carry out in the function accepting of driving of network interface card.
Network interface card of the present invention receives any MAC Address data under promiscuous mode, comprise the Frame of this machine of sending to and send to the Frame of other equipment or multicast, broadcast data frame.
Transmission flow chart of data processing of the present invention comprises that the system protocol stack calls network interface card and sends function, whether this machine of source MAC is judged, search the vlan information of the affiliated network segment of purpose IP, non-machine source MAC extracts vlan information, obtain the vlan information of output interface, packet VLAN encapsulation, the packet physical interface sends, the system protocol stack calls in the web socket parameter of the function that network interface card sends and comprises a complete normal Ether frame, when belonging to this machine, source MAC directly in sending function, Ether frame is converted to the processing of VLAN format data frame after hardware sends the vlan information that the pads variable of direct use web socket is preserved during non-machine of source MAC again.
The present invention utilizes the network interface card drive software to realize support to 802.1Q and these two kinds of VLAN agreements of ISL pellucidly fully on Ethernet card, be fully can realize support simultaneously to 802.1Q, ISL agreement based on software, and on the Ethernet card of supported vlans not, can realize support to 802.1Q, ISL agreement, also can support 802.1Q and two kinds of VLAN agreements of ISL simultaneously at same ether interface, and can receive a plurality of VLAN simultaneously at same ether interface, can send different VLAN agreements and different VLAN ID numbers packet according to purpose IP address.
Description of drawings
Fig. 1 receives flow chart of data processing figure for VLAN of the present invention
Fig. 2 sends flow chart of data processing figure for VLAN of the present invention
Embodiment
The present invention introduces two new variablees in operating system web socket structure:
unsigned?char?pad?flag;
unsigned?char*pads:
Respectively as VLAN type code and the pointer that points to the VLAN associated data; And structure that is called ifvlan of redetermination is set at the VLAN of ether interface:
Struct?ifvlan
{
U16 vlanid; //vlan number
_ u8 vlantype; //VLAN type
};
And in the inner core if_req of the relevant ether interface of operating system, added a new structure variable struct ifvlan ifru_vlan, the default VLAN configuration of this ether interface is set with this variable.All distribute a corresponding ifvlan structure for each Ethernet interface;
The flow process that VLAN of the present invention accepts to handle comprises that network interface card accepts data, whether this machine of target MAC (Media Access Control) address is judged, peel off the VLAN encapsulation and recover normal Ether frame, peeling off VLAN encapsulation and information deposits in, submission system ICP/IP protocol stack, after network interface card receives initial data, whether this machine of target MAC (Media Access Control) address is judged, when belonging to this machine, directly removes target MAC (Media Access Control) address the VLAN encapsulation, when target MAC (Media Access Control) address does not belong to this machine when removing the VLAN encapsulation, the VLAN protocol information is saved in corresponding in the structure of directly transmitting use, through from the Frame of VLAN protocol format after the conversion of normal ethernet format Frame, submit to the upper-layer protocol stack, and all carry out in the function accepting of driving of network interface card.
Network interface card of the present invention receives any MAC Address data under promiscuous mode, comprise the Frame of this machine of sending to and send to the Frame of other equipment or multicast, broadcast data frame.As Fig. 1.
Transmission flow chart of data processing of the present invention comprises that the system protocol stack calls network interface card and sends function, whether this machine of source MAC is judged, search the vlan information of the affiliated network segment of purpose IP, non-machine source MAC extracts vlan information, obtain the vlan information of output interface, packet VLAN encapsulation, the packet physical interface sends, the system protocol stack calls in the web socket parameter of the function that network interface card sends and comprises a complete normal Ether frame, when belonging to this machine, source MAC directly in sending function, Ether frame is converted to the processing of VLAN format data frame after hardware sends the vlan information that the pads variable of direct use web socket is preserved during non-machine of source MAC again.As Fig. 2.
In operating system web socket structure, introduce two new variablees: unsigned charpad_flag; Unsigned char*pads; Wherein pad_flag has following three kinds of values:
#define?PAD_NO 0
#define?PAD_ISL?1
#define?PAD_802_1q?2
Be normal Ether frame, 802.1Q frame, ISL frame.
The pads pointer then according to agreement (802.1q, difference ISL) is pointed to following two kinds of data structures:
typedef?struct?pad_isl{
unsigned?char?head[ISL_HLEN];
//ISL frame stem
unsigned?char?crc[ISL_CRCLEN];
//ISL frame check
}Pad_isl;
typedef?struct?pad_802_1q{
Unsigned short h vlan_proto; // protocol type
Unsigned short h_vlan_TCI; // priority and vlan number
Unsigned short hvlan_encapsulated_proto; // frame type
}Pad_802_1q;
VLAN at ether interface is provided with structure that is called ifvlan of redetermination:
Struct?ifvlan
{
_ u16 vlanid; //vlan number
_ u8 Vlantype; //VLAN type
};
VLAN encapsulation at the various objectives network segment has defined a following list structure:
typedef?struct?vlan_list{
U32net; The network address of // destination network segment
U32netmask; The netmask of // destination network segment
The VLAN ID of u16vlanid // destination network segment
U8vlantype; The VLAN type of // destination network segment
Struct vlan_list*next: // next element
}VLAN_list;
The present invention utilizes the network interface card drive software to realize support to 802.1Q and these two kinds of VLAN agreements of ISL pellucidly fully on Ethernet card, be fully can realize support simultaneously to 802.1Q, ISL agreement based on software, and on the Ethernet card of supported vlans not, can realize support to 802.1Q, ISL agreement, also can support 802.1Q and two kinds of VLAN agreements of ISL simultaneously at same ether interface, and can receive a plurality of VLAN simultaneously at same ether interface, can send different VLAN agreements and different VLAN ID numbers packet according to purpose IP address.
Claims (3)
1. utilize network interface card to drive the method that on Ethernet, realizes VLAN, it is characterized in that:
(A) in operating system web socket structure, introduce two new respectively as VLAN type code and the variable that points to the pointer of VLAN associated data:
unsigned?char pad_flag;
unsigned?char
*?pads;
(B) VLAN at ether interface is provided with structure that is called ifvlan of redetermination:
Struct?ifvlan
{
_ u16 vlanid; //vlan number
_ u8 vlantype; //VLAN type
};
And in the inner core if_req of the relevant ether interface of operating system, added new each Ethernet interface of giving and all distributed the structure variable struct ifvlan ifru_vlan of a corresponding ifvlan structure, the flow process that described VLAN accepts to handle comprises that network interface card accepts data, whether this machine of target MAC (Media Access Control) address is judged, peel off the VLAN encapsulation and recover normal Ether frame, peeling off VLAN encapsulation and information deposits in, submission system ICP/IP protocol stack, after network interface card receives initial data, whether this machine of target MAC (Media Access Control) address is judged, when belonging to this machine, directly removes target MAC (Media Access Control) address the VLAN encapsulation, when target MAC (Media Access Control) address does not belong to this machine when removing the VLAN encapsulation, the VLAN protocol information is saved in corresponding in the structure of directly transmitting use, through from the Frame of VLAN protocol format after the conversion of normal ethernet format Frame, submit to the upper-layer protocol stack, and all carry out in the function accepting of driving of network interface card.
2. the network interface card that utilizes according to claim 1 drives the method that realizes VLAN on Ethernet, it is characterized in that: described network interface card receives any MAC Address data under promiscuous mode, comprises the Frame of this machine of sending to and sends to the Frame of other equipment or multicast, broadcast data frame.
3. the network interface card that utilizes according to claim 1 and 2 drives the method that realizes VLAN on Ethernet, it is characterized in that: described transmission flow chart of data processing comprises that the system protocol stack calls network interface card and sends function, whether this machine of source MAC is judged, search the vlan information of the affiliated network segment of purpose IP, non-machine source MAC extracts vlan information, obtain the vlan information of output interface, packet VLAN encapsulation, the packet physical interface sends, the system protocol stack calls in the web socket parameter of the function that network interface card sends and comprises a complete normal Ether frame, when belonging to this machine, source MAC directly in sending function, Ether frame is converted to the processing of VLAN format data frame after hardware sends the vlan information that the pads variable of direct use web socket is preserved during non-machine of source MAC again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB02128105XA CN100401699C (en) | 2002-12-26 | 2002-12-26 | Realizing VLAN technology on Ethernet via network card drive |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB02128105XA CN100401699C (en) | 2002-12-26 | 2002-12-26 | Realizing VLAN technology on Ethernet via network card drive |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1512718A CN1512718A (en) | 2004-07-14 |
| CN100401699C true CN100401699C (en) | 2008-07-09 |
Family
ID=34231227
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB02128105XA Expired - Fee Related CN100401699C (en) | 2002-12-26 | 2002-12-26 | Realizing VLAN technology on Ethernet via network card drive |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100401699C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283714A (en) * | 2014-10-22 | 2015-01-14 | 上海斐讯数据通信技术有限公司 | Exchanger and system and method for achieving multiple management VLANs |
| CN106850871B (en) * | 2017-01-23 | 2020-11-17 | 上海上讯信息技术股份有限公司 | Method for realizing DHCP server with single physical network card and multiple VLANs |
| CN107172009B (en) * | 2017-04-06 | 2020-01-07 | 烽火通信科技股份有限公司 | Method for uploading VLAN information to application module through socket |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1303054A (en) * | 1999-10-28 | 2001-07-11 | 英业达集团(上海)电子技术有限公司 | Virtual network device and its communication method |
| CN1352495A (en) * | 2001-12-21 | 2002-06-05 | 清华大学 | Method and system for establishing indoor laser radio local network based on ether net |
-
2002
- 2002-12-26 CN CNB02128105XA patent/CN100401699C/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1303054A (en) * | 1999-10-28 | 2001-07-11 | 英业达集团(上海)电子技术有限公司 | Virtual network device and its communication method |
| CN1352495A (en) * | 2001-12-21 | 2002-06-05 | 清华大学 | Method and system for establishing indoor laser radio local network based on ether net |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1512718A (en) | 2004-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100502335C (en) | Communication system, wireless LAN base station controller, and wireless LAN base station device | |
| US7577142B2 (en) | Derived VLAN mapping technique | |
| US6157649A (en) | Method and system for coordination and control of data streams that terminate at different termination units using virtual tunneling | |
| CN101218575B (en) | Techniques for migrating a point to point protocol to a protocol for an access network | |
| JP4355422B2 (en) | Method and apparatus for routing packets | |
| US7818796B2 (en) | Bridged cryptographic VLAN | |
| CN101160850B (en) | Method and device for forwarding packet | |
| US20060146832A1 (en) | Method and system for transporting data using pseudowire circuits over a bridged network | |
| JP3748216B2 (en) | Packet transfer method and packet transmitter / receiver | |
| US20080198863A1 (en) | Bridged Cryptographic VLAN | |
| EP1475942A2 (en) | Address Resolution in IP Internetworking Layer 2 point-to-point connections | |
| US20050180391A1 (en) | Network connection method, network connection system, and, layer 2 switch and management server forming the network connection system | |
| JP2002111725A (en) | Apparatus and method for identifying interface as well as mpls-vpn service network | |
| WO2008085375A2 (en) | Method and apparatus for multicast routing | |
| EP1415442B1 (en) | Metropolitan access via tunnel transports | |
| US20030210696A1 (en) | System and method for routing across segments of a network switch | |
| US20020034962A1 (en) | Subscriber wireless access system | |
| CN107306198A (en) | Message forwarding method, equipment and system | |
| US8437357B2 (en) | Method of connecting VLAN systems to other networks via a router | |
| ES2302977T3 (en) | AUTOMATIC CONFIGURATION PROCEDURE OF A TELEPHONE EQUIPMENT ON IP AND / OR DATA, SYSTEM AND EQUIPMENT THAT IMPLEMENT IT. | |
| US8146144B2 (en) | Method and system for the transparent transmission of data traffic between data processing devices, corresponding computer program product, and corresponding computer-readable storage medium | |
| WO2010024297A1 (en) | Communication network system, line connecting apparatus and band control method that are for inter-site communication | |
| CN104539539A (en) | Multi-service-board data forwarding method for AC device | |
| US20050207380A1 (en) | Process for implementing virtual local area networks over communication systems in the electricity network | |
| WO2005104449A1 (en) | A method and system for transporting ethernet network services in the rpr network. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080709 Termination date: 20151226 |
|
| EXPY | Termination of patent right or utility model |