CN101626345A - Message processing method and real-time stream protocol application layer gateway in home gateway - Google Patents

Message processing method and real-time stream protocol application layer gateway in home gateway Download PDF

Info

Publication number
CN101626345A
CN101626345A CN200910158271A CN200910158271A CN101626345A CN 101626345 A CN101626345 A CN 101626345A CN 200910158271 A CN200910158271 A CN 200910158271A CN 200910158271 A CN200910158271 A CN 200910158271A CN 101626345 A CN101626345 A CN 101626345A
Authority
CN
China
Prior art keywords
expectation
message
port
address
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910158271A
Other languages
Chinese (zh)
Other versions
CN101626345B (en
Inventor
嵇盛育
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Innovation Polymerization LLC
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN2009101582719A priority Critical patent/CN101626345B/en
Publication of CN101626345A publication Critical patent/CN101626345A/en
Application granted granted Critical
Publication of CN101626345B publication Critical patent/CN101626345B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a message processing method which comprises the following steps: a home gateway establishes an expectation connection according to media stream message receiving and transmitting ports supplied by a client, forbids the established expectation connection, and transmits the ports of the established expectation connection to a server for selecting; the home gateway starts the corresponding expectation connection of the selected port of the server according to the selected port of the server and waits for the arrival of the data message; detecting and modifying the data message according to the expectation connection when a data message arrives the expectation connection; establishing a corresponding connection track CONNYRACK record of the data message; and deleting the expectation connection which supplies an establishing a basis to the CONNYRACK record. Correspondingly, the invention provides a real-time stream protocol application layer gateway in a home gateway, and therefore, the message processing method can establish more expectation connections with enable parameters and prevent the attack through the expectation connections by forbidding the expectation connections which are not used.

Description

Real-time stream protocol application layer gateway in a kind of message processing method and the home gateway
Technical field
The present invention relates to the network safety filed in the home gateway, particularly relate to the real-time streaming protocol (RTSP in a kind of message processing method and the home gateway, Real Time Streaming Protocol) ALG (ALG, Application Layer Gateway).
Background technology
At present, along with networks development, the application of carrying out multimedia transmission by network is more and more, as IP Camera, Internet video broadcast etc.So, for a lot of users that adopt the home gateway online, the home gateway that it adopted uses RTSP to communicate between private network and public network.Wherein, use the user of RTSP can open a plurality of transmission connections to server, if but the user need issue Media Stream from the another one server by a server, then because RTSP needs to determine the port and the Internet protocol (IP of Media Stream in the message interaction process, Internet Protocol) address, and in the message that this moment, the Local Area Network side was sent with the IP address be the IP address of LAN side, this will cause network to connect.In addition, if issue Media Stream from a server itself, then do not need to consult IP this moment, but Media Stream is when arriving, and home gateway then can't be known the client (PC) that is transmitted to which LAN side.For two kinds of above-mentioned situations, can utilize RTSP ALG to come corresponding data in the message are made amendment, for example: the source IP address of setting up next message connects with promptly expecting being connected of purpose IP address, and the arrival of wait Media Stream, if the source IP address of Media Stream, purpose IP address and destination interface are all expected, then made amendment in the destination interface and the IP address of the Media Stream that arrives, to realize the transmission of data.
Yet, can bring the another one problem this moment: if when server wants is changed a server and issued Media Stream, then need consult the IP address this moment, and RTSP is in the negotiations process of client and server end, can provide the port of a variety of forms to select for server, as port 5009-5010, therefore just may create many expectations that can not use later connects, and the assailant can construct the packet of the connection request that meets the expectation, and utilize above-mentioned untapped expectation connection to connect with LAN side PC, its packet of constructing is sent to home gateway, thereby provide condition for attack.
In addition, carry port in the message of port because directly revise client in the general home gateway, after server was selected, client just acquiescence used amended port as its media stream message transmitting-receiving port.At this moment, if a plurality of LAN side PC do not accept the port revised, when then many LAN side PC connect with server together, first PC that sets up the expectation connection is not used because of media stream message transmitting-receiving port, just can successfully not set up the expectation connection and do not need to revise port, when but second later PC uses same port as media stream message transmitting-receiving port, then can be revised port by home gateway, if, then can not issue Media Stream by the normal play server so described PC does not accept amended port as its media stream message transmitting-receiving port.At this moment, the one family gateway is hung a plurality of LAN side PC up and down and can not be used same port.
Summary of the invention
In view of this, main purpose of the present invention is to provide the gateway of the real-time stream protocol application layer in a kind of message processing method and the home gateway, can set up many expectations with the parameter of enabling and connect, and prevent to connect the attack of carrying out by expectation.
For achieving the above object, the invention discloses a kind of message processing method, comprise: the media stream message transmitting-receiving port that home gateway provides according to client is set up expectation and is connected, the expectation that forbidding is set up connects and writes down described media stream message transmitting-receiving port, will be used to set up and expect that the port that connects sends to server and selects; The port that home gateway is selected according to server, the expectation of enabling the selected port correspondence of server connects, and waits for that data message arrives; When expectation is connected with the data message arrival, the data message is detected and revises, set up the connection tracking CONNTRACK record of the correspondence of described data message, and deletion provides the expectation of setting up foundation to connect to this CONNTRACK record according to described expectation connection.
In the said method, described home gateway waits for that this method also comprises after the data message arrival step:
When home gateway is received the data message that server issues, judge whether this data message has corresponding CONNTRACK record,, judge that then the expectation of described data message under whether having connects if there is not corresponding CONNTRACK record; If corresponding CONNTRACK record is arranged, then described data message is detected and revises according to the CONNTRACK record; Wherein, attribute and state that the described data message of described CONNTRACK record description connects comprise: source port and IP address, destination interface and IP address, protocol type.
Wherein, the described record according to CONNTRACK detected and is revised as described data message: the media stream message transmitting-receiving port and the Internet protocol IP address that find corresponding client; Whether the destination interface of judging described data message is consistent with client media stream message transmitting-receiving port and IP address with the IP address, if inconsistent, then the destination interface and the purpose IP address of described data message are revised as media stream message transmitting-receiving port and IP address respectively; If consistent, then finish this processing to described data message.
In the said method, before the packet sending and receiving port that described home gateway conversion client provides, this method also comprises: client is set up main the connection by home gateway and server; The described main CONNTRACK record that the mutual control flows of client and server forms that connects, described expectation connects carry under main the connection; Wherein, described main the connection comprises: the port of client control flows packet sending and receiving port and IP address, server and IP address; Described expectation connects and comprises: the media stream message transmitting-receiving port of the source port of expectation message and IP address, destination interface and IP address, client, the main connection.
Wherein, the media stream message transmitting-receiving port that described home gateway provides according to client is set up the expectation connection and is specially: take out a untreated port from the media stream message transmitting-receiving port that client provides, and judge whether the port that is taken out has been supposed to connect use, connect use if be not supposed to, then adopt the port that is taken out to set up expectation and connect; If the port that is taken out has been supposed to connect and has used, then judge whether to find the port that is not supposed to connect use, if can find, then adopt the port that finds to set up expectation and connect; If can not find untapped port, then finish the expectation establishment of connection.
In the said method, the described connection according to expectation is treated to the data message: judge whether described expectation connection is in initiate mode, if connecting, expectation is in initiate mode, whether the destination interface of then judging described data message is consistent with media stream message transmitting-receiving port and IP address with the IP address, if inconsistent, then the destination interface and the purpose IP address of described data message are revised as client media stream message transmitting-receiving port and IP address respectively; If consistent, then finish this processing to described data message; Be in disabled status if expectation connects, then directly abandon described data message, and finish the processing of this data message.The port that described server is selected is transmitted by response message; Wherein, after home gateway receives described response message, judge whether the destination interface in the described response message is consistent with the media stream message transmitting-receiving port and the IP address of described client with purpose IP address, if inconsistent, then the destination interface in the response message and IP address correspondence are changed into the media stream message transmitting-receiving port and the purpose IP address of client.
For realizing said method, the invention provides the real-time stream protocol application layer gateway in a kind of home gateway, comprising: expectation connects sets up module, expectation connection switch module, message processing module (MPM), CONNTRACK logging modle; Wherein, expect to connect and sets up module, connection is expected in the media stream message transmitting-receiving port foundation that is used for providing according to client, and described media stream message transmitting-receiving port is recorded in the expectation connection, and foundation is expected that the port that connects sends to server and selects; Expect to connect switch module, be used to forbid described expectation and connect the expectation connection of setting up module foundation, and enable the expectation connection of the selected port correspondence of server; Message processing module (MPM) is used for connecting or the CONNTRACK record according to expectation, and the data message that server is issued detects and revises; The CONNTRACK logging modle is used for setting up the CONNTRACK record according to the information that described message processing module (MPM) provides, and deletion provides the expectation of setting up foundation to connect to this CONNTRACK record.
Above-mentioned real-time stream protocol application layer gateway also comprises: port is chosen module, is used to choose the port of setting up the expectation connection; And/or, the message judge module, comprise: submodule and expectation connection judgment submodule judged in the CONNTRACK record, wherein, submodule judged in the CONNTRACK record, be used to judge whether described data message has corresponding CONNTRACK record, if there is not corresponding CONNTRACK record, then notice is expected the connection judgment submodule; If corresponding CONNTRACK record is arranged, then notifies message processing module (MPM); Expectation connection judgment submodule is used to judge whether described data message has affiliated expectation and connect, if having, then notifies expectation connection status judge module; If do not have, then notify message processing module (MPM); And/or expectation connection status judge module is used to judge the message judge module, and expectation connects residing user mode, and judged result is notified to message processing module (MPM); And/or CONNTRACK record search module is used to search described message judge module and judges the pairing CONNTRACK record of described data message that obtains, and lookup result is notified to described message processing module (MPM); Wherein, described main the connection comprises: the port of client control flows packet sending and receiving port and IP address, server and IP address; Described expectation connects and comprises: the media stream message transmitting-receiving port of the source port of expectation message and IP address, destination interface and IP address, client, the main connection.
Described real-time stream protocol application layer gateway also comprises: main link block is used to set up the CONNTRACK record of the control flows of client and server interaction; Described expectation connects sets up module, also is used for main linkage record is being connected with the expectation of carry under described main the connection; And/or, described message processing module (MPM) specifically is used for: according to the media stream message transmitting-receiving port that the expectation under the described data message connects or the CONNTRACK record writes down, whether the destination interface of judging the data message that server issues is consistent with described media stream message transmitting-receiving port and IP address with purpose IP address, and when inconsistent, with the destination interface in the described data message and purpose IP address respectively correspondence be revised as media stream message transmitting-receiving port and IP address.
As can be seen from the above technical solutions, each available media stream message transmitting-receiving port that RTSP ALG in the home gateway of the present invention provides at client is set up an expectation and is connected, for connecting one of increase, the expectation of setting up enables parameter to control the user mode that this expectation connects, and, come the expectation of the port correspondence of enabler server affirmation to connect by checking the response message of server affirmation port.Thereby avoided connecting the safety problem of bringing, attacked by RTSP ALG preventing because of RTSP ALG sets up many expectations that can not use later on.
In addition, the application is used for preventing attacking except this parameter is set, and also each port in the multiple port combination form has all been set up expectation and connected, and the original port of record client.In the affirmation message of server selection port, amended port is revised back original port again, and when the data message that expectation connects arrives, correctly be transmitted to the original port of client.So, satisfy the one family gateway and hung the requirement that a plurality of LAN side clients are used same media stream message transmitting-receiving port up and down.
Description of drawings
Fig. 1 handles the method for message schematic flow sheet for the RTSP ALG in the home gateway of the present invention;
Fig. 2 is the application system structural representation that the present invention is based on RTSP;
Fig. 3 handles the method flow schematic diagram of client negotiation packet for the present invention;
Fig. 4 is the schematic flow sheet of processing server response message method of the present invention;
The flow chart of the data message method that Fig. 5 issues for processing server of the present invention;
Fig. 6 is the composition schematic diagram of the RTSP ALG in the home gateway of the present invention.
Embodiment
Basic thought of the present invention is: increase enables parameter in connecting by the expectation of setting up for RTSP ALG, and all having set up expectation at the various ports combining form connects, by the port of checking that server is confirmed, enabling corresponding expectation connects, the data message that waiting for server issues arrives, and when expectation is connected with the data message arrival, according to the expectation connection of being set up described data message is detected and revises, and set up connection tracking (CONNTRACK) record of the correspondence of described data message, deletion provides the expectation of setting up foundation to connect to this CONNTRACK record.
For above-mentioned purpose of the present invention, feature and advantage can be become apparent more, the present invention is further detailed explanation below in conjunction with the drawings and specific embodiments.
Before introducing specific embodiments of the present invention, the structure that expectation is connected is once revised and illustrated earlier: it is a kind of structure form that described expectation is connected, and is kept in the overall chained list, so that search.Described expectation connects and comprises: the media stream message transmitting-receiving port of source port and source IP address, destination interface and purpose IP address, client, mainly is connected, three layer protocols, four layer protocols, and the timer that connects of mask, expectation, the parameters such as direction of current expectation connection.Described expectation connects carry under main the connection, and record is main connects, and therefore in overall chained list, connects and port that expectation is connected finds the expectation connection according to main.
Wherein, mask is 1 entirely to be cared about all, is that 0 expression is indifferent to this entirely; The timer that expectation connects is responsible for deleting this expectation and connecting when the expectation connection of creating exceeds the time of setting, because expectation connects a life period is arranged all, exceeds the time of setting, just deletes this expectation connection automatically; What the direction that current expectation connects was then represented to set up this expectation connection is initiator or response side; Described original port is the media stream message transmitting-receiving port of client; Can select the expectation of which port to connect because be difficult to determine server, so expectation generally is indifferent to source port in connecting, therefore, the mask of source port is typically provided to 0x00.
Here, described main the connection is the CONNTRACK record that the mutual control flows of client and server forms, can receive and dispatch the message of negotiated ports, described main the connection mainly comprises two-way port and IP address etc., be three layer protocol types such as the IPV4 and the information such as four layer protocol types such as TCP of the port of client control flows packet sending and receiving port and IP address, server and IP address, each direction.When server in outer net such as the Internet, client when the LAN side, port and IP address that source port that described expectation connects and IP address are meant server, and destination interface and IP address are meant the port and the IP address of home gateway; When server in the LAN side, client when the Internet, port and IP address that source port that described expectation connects and IP address are meant server, and destination interface and IP address are meant the media stream message transmitting-receiving port and the IP address of client.And the present invention's increase in expectation connects enables parameter, connects to open or close corresponding expectation.
It is pointed out that all to have increased in the expectation connection related in the embodiments of the invention to enable parameter, and can set up the expectation connection respectively by corresponding a plurality of ports.Be example in LAN side, service end in the Internet side with client below, illustrate that RTSP ALG in the home gateway handles the method for message flow process in the home gateway of the present invention, as shown in Figure 1, key step is as follows:
Step 101, home gateway dial-up success, LAN side client are connected to network and connect with server;
Here, as shown in Figure 2, LAN side client 201 is connected to network 203 by home gateway 202.LAN side client is utilized the client device of RTSP related application, connects as the player and the server 204 of media data.Wherein, being connected that described LAN side client and server are set up is described main the connection.Herein, described main linkage record is client and server port and IP address etc.
Step 102, client sends negotiation packet to home gateway;
When which media stream message transmitting-receiving port is client use carry out the transmission of data message and receive at negotiation and server, can a series of port combination be sent to server by home gateway, select for server, thereby then include a series of port combination forms of selecting for servers in the negotiation packet, for example: a port one 006, two port one 006-1007 select combining forms such as a port one 006/1007.
Step 103, home gateway are set up expectation and are connected according to described negotiation packet middle port information, and the expectation that forbidding is set up connects;
Wherein, after RTSP ALG in the home gateway receives the negotiation packet of described client transmission, described negotiation packet is detected, if detect when including a series of port combination of selecting for server in the negotiation packet, then each the available port that provides at client is all set up an expectation connection, and expect that connection enables parameter and is set to forbidding, expectation is connected be in disabled status.
When the port that home gateway provides client is set up the expectation connection,, then revise the original port of client if original port is occupied, till setting up the expectation connection, and the record original port, the expectation connection that forbidding is set up.Therefore, when original port is occupied, port in the negotiation packet and IP address is revised as current expectation respectively and is connected selected port and IP address.For example: according to different combining forms, a port one 006 is revised as 1025, two port one 006-1007 is revised as 1026-1027 respectively, select a port one 006/1007 and be revised as 1028/1029.Wherein, 1025,1026-1027 and 1028/1029 sends to the port that server is selected for server.
Step 104 is received and dispatched port with the media stream message of client and is recorded in the expectation connection, and will set up and expect that the port that connects sends to the server selection;
Here, the media stream message transmitting-receiving port with LAN side client records in the described expectation connection as original port.Home gateway can send to server with the port of setting up the expectation connection, selects for server.
Step 105, server sends response message to home gateway, returns the port of selection;
Wherein, server is selected a kind of port combination form and selected port combination form is replied to home gateway with response message after receiving the port combination form of home gateway transmission.Comprise the port combination form that server is confirmed in the described response message, as a port, two ports or select a port.Here, server selects the mode of port combining form more, normally selects at random in the port that server is supported.Then, server feeds back to home gateway with the port form of its affirmation.
Step 106, the port that home gateway receives response message and confirms according to server is enabled the pairing expectation connection of port that server is confirmed;
RTSP ALG in the home gateway checks in the server response message of receiving and includes port information, then resolves from described response message and obtains the port that server is confirmed, and enable the expectation connection of the port correspondence of described affirmation.That is to say that when RTSP ALG found to comprise the port information of affirmation in the server end response message, the parameter that enables that the pairing expectation of the port of confirming connects was set to available.Here, to judge also whether the port in the described response message is consistent with the media stream message transmitting-receiving port of described client, if inconsistent, then make the front port of working as in the response message into corresponding original port, i.e. the media stream message of client transmitting-receiving port.After this, home gateway also can be done follow-up processing to described response message, and the response message after will handling is transmitted to client.Relevant subsequent treatment and packet sending and receiving are conventional message and handle operation, are not the key of present embodiment, so be not described in further detail.
Step 107, home gateway judge whether described data message has corresponding CONNTRACK record, if the CONNTRACK record is arranged, then execution in step 108 when receiving the data message that server issues; If there is not the CONNTRACK record, then execution in step 109;
Here, described CONNTRACK is recorded as the data message that transmits in the communication process left all recording of informations in home gateway, described CONNTRACK record description described the data message attribute and the state that connect, mainly comprise: source port and IP address, destination interface and IP address, protocol type and be connected information such as residing state.
Step 108, according to the CONNTRACK record, the destination interface of processing said data message and purpose IP address guarantee that the destination interface of described data message is consistent with the media stream message transmitting-receiving port and the IP address of client respectively with purpose IP address, and execution in step 111 then;
Wherein, the destination interface of processing said data message mainly is meant with purpose IP address: judge whether the destination interface of described data message is consistent with the media stream message transmitting-receiving port and the IP address of client respectively with purpose IP address, if it is inconsistent, the media stream message transmitting-receiving port and the IP address of then the destination interface and the purpose IP address of described data message being revised as client respectively, execution in step 111 then.Here, article one, Zhi Hou data message, can seek the record of its corresponding CONNTRACK according to the destination interface of described data message, and then find the media stream message transmitting-receiving port and the IP address of corresponding client, come corresponding destination interface and purpose IP address of revising described data message.
Step 109, home gateway judge the expectation under the described data message connects whether be in initiate mode, is in initiate mode if expectation connects, and then execution in step 110; Be in disabled status if expectation connects, then directly abandon described data message, and execution in step 111;
When home gateway is received the data message that server issues, RTSP ALG can judge the expectation under the described data message connects whether be in initiate mode, and this mainly is whether the parameter that enables that connects by the expectation of checking the destination interface correspondence in the described data message is available.
Step 110, home gateway connects according to the expectation under the described data message, to making amendment with the media stream message transmitting-receiving port of client and the destination interface and the purpose IP address of the inconsistent data message in IP address, set up the CONNTRACK record, and deletion provides the expectation of setting up foundation to connect to this CONNTRACK record;
When the data message of expectation connection arrives, RTSP ALG basis in the home gateway is recorded in original port and the following client ip address that writes down in the main connection of described expectation connection of hanging in the expectation connection, whether the destination interface of judging described data message is consistent with the media stream message transmitting-receiving port and the IP address of client respectively with the IP address, if the two is inconsistent, then the destination interface and the IP address of described data message are revised as corresponding original port and IP address respectively, be client media stream message transmitting-receiving port and IP address, the destination interface that guarantees described data message is consistent with the media stream message transmitting-receiving port and the IP address of client respectively with the IP address, so that client can be received described data message, communication is normally carried out.And, set up the CONNTRACK record that subsequent packet uses, and after the foundation of CONNTRACK record was finished, deletion provided the expectation of setting up foundation to connect to this CONNTRACK record from overall chained list.
Step 111 finishes the processing of this data message.
Wherein, when home gateway arrives the described data message that detects the expectation connection, enable forbidding, directly abandon described data message, and finish the processing of this data message if corresponding expectation connects.
It more than is a kind of implementation method flow process that home gateway of the present invention is handled message, for making above-mentioned flow process more detailed, further specify above-mentioned steps 103~104 below, promptly home gateway is to the processing procedure of described negotiation packet, as shown in Figure 3, key step is as follows:
Step 301, home gateway judge whether contain port information in the described negotiation packet, if contain port information, then execution in step 302; If do not contain port information, then execution in step 308;
Step 302 parses all media stream message transmitting-receiving ports from described negotiation packet;
Step 303 is taken out a port of not handling according to the order of sequence and is set up the expectation connection;
Step 304 judges whether the port that is taken out has been supposed to connect use, if be used, then execution in step 305; If be not used, then execution in step 306;
Step 305 judges whether to find the port that is not supposed to connect use, if can find, then execution in step 306; If can not find, then execution in step 308.
If the port that is taken out has been supposed to connect and has used, generally can from port one 024~65535, seek the port that is not supposed to connect use, set up expectation and connect.If can not find the port that is not supposed to connect use, then finish processing to described negotiation packet.
Step 306, the port that use is found is not supposed to connect use is set up expectation and is connected, information such as the media stream message transmitting-receiving port of the client of described negotiation packet and IP address are recorded during expectation is connected, and will expect that the parameter that enables of connection is made as forbidding;
Step 307 judges whether that all of the port all set up expectation and connected, and sets up the port that expectation connects if also have, and then returns step 303; Connect if all of the port has all been set up expectation, then execution in step 308;
Step 308 finishes the handling process to described negotiation packet.
Next, further specify above-mentioned steps 106, that is: home gateway is to the processing procedure of described response message, and as shown in Figure 4, key step is as follows:
Step 401 judges whether contain port information in the described response message, if contain port information, then execution in step 402; If do not contain port information, then execution in step 405;
Step 402 parses the port combination form that server is confirmed from described response message, find corresponding port;
Step 403 judges whether to find the expectation of the port correspondence that server confirms to connect, if can find corresponding expectation to connect, then execution in step 404; If can not find corresponding expectation to connect, then execution in step 405;
Step 404, enabling the expectation of finding connects, and whether the destination interface of judging described response message is consistent with described media stream message transmitting-receiving port and IP address with purpose IP address, and the destination interface of described response message and purpose IP address is revised as the media stream message that this expectation write down in being connected when inconsistent and receives and dispatches port and IP address;
Wherein, the parameter that enables that expectation is connected is made as availablely, enables this expectation connection.For normally carrying out of communicating by letter, client can receive described response message, this expectation is revised as in the destination interface and the purpose IP address of response message is connected the original port and the IP address of being preserved, be i.e. the media stream message of client transmitting-receiving port and IP address.
Step 405 finishes the processing to the response message of server.
Below in conjunction with step 107~109, the process that the data message that server is issued is handled is described further, and as shown in Figure 5, mainly may further comprise the steps:
Step 501 judges whether the data message that server issues exists corresponding CONNTRACK record, if there is corresponding CONNTRACK record, then execution in step 502; If there is no Dui Ying CONNTRACK record, then execution in step 504;
First data message correspondence be that expectation connects, when handling first data message, can set up a CONNTRACK record, therefore after handling first data message during the data message of arrival, can be by finding the CONNTRACK record, data message after first data message is handled, promptly carried out the modification of port and IP address.
Step 502 according to the CONNTRACK record that finds, judges whether the destination interface of described data message is consistent with the media stream message transmitting-receiving port and the IP address of client respectively with purpose IP address, if inconsistent, then execution in step 503; If consistent, then execution in step 507;
Step 503, with media stream message transmitting-receiving port and IP address that the destination interface and the purpose IP address of described data message are revised as client respectively, execution in step 507 then;
Step 504 judges whether described data message has affiliated expectation and connect, if the expectation under having connects, then execution in step 505; If the expectation under not having connects, then set up the CONNTRACK record according to the information in the described data message, and execution in step 507;
Here, affiliated expectation connects the destination interface that is meant described data message and has corresponding expectation connection, and the destination interface of described data message does not have corresponding expectation to connect, and the expectation under then not having connects.
Step 505 judges the expectation of described data message correspondence connects whether be in initiate mode, if be in initiate mode, then execution in step 506; If be in disabled status, then directly described data message is abandoned, and execution in step 507;
Step 506, media stream message transmitting-receiving port and IP address according to the client of record in the expectation connection of described data message correspondence, to making amendment with the media stream message transmitting-receiving port of client and the destination interface and the purpose IP address of the inconsistent data message in IP address, set up the CONNTRACK record, and deletion provides the expectation of setting up foundation to connect to this CONNTRACK record;
When the RTSP ALG module in the home gateway detects the data message arrival of expectation connection, if connecting, corresponding expectation is in initiate mode, then the relevant informations such as client ip address of receiving and dispatching port and writing down in main the connection according to the media stream message that is recorded in the client in expecting to connect are revised as described media stream message transmitting-receiving port and IP address respectively with the destination interface and the purpose IP address of described data message.In addition, set up the CONNTRACK record, and will provide the expectation of setting up foundation to connect deletion to this CONNTRACK record by the information of described data message.
Step 507 finishes the processing to described data message.
For each above-mentioned embodiment, for simple description, so it all is expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not subjected to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.
For realizing said method, the present invention also provides the real-time stream protocol application layer gateway RTSP in a kind of home gateway ALG, as shown in Figure 6, mainly comprise: expectation connects sets up module 602, expectation connection switch module 603, message processing module (MPM) 605, CONNTRACK logging modle 606; Wherein,
Expect to connect and sets up module 602, connection is expected in the media stream message transmitting-receiving port foundation that is used for providing according to client, and described media stream message transmitting-receiving port is recorded in the expectation connection, and foundation is expected that the port that connects sends to server and selects;
Expectation connects switch module 603, is used to forbid newly-established expectation and connects, and enable the expectation connection of the selected port correspondence of server;
Message processing module (MPM) 605 is used for connecting or the CONNTRACK record according to expectation, and the data message that server is issued detects and revises;
CONNTRACK logging modle 606 is used for setting up the CONNTRACK record according to the information that described message processing module (MPM) 605 provides, and deletion provides the expectation of setting up foundation to connect to this CONNTRACK record.
Above-mentioned RTSP ALG also comprises:
Port is chosen module 601, is used to choose the port of setting up the expectation connection; And/or,
Message judge module 608 is used to judge whether described data message has corresponding CONNTRACK record, if there is not corresponding CONNTRACK record, judges then described data message is expected to connect under whether having.Message judge module 608 comprises: submodule and expectation connection judgment submodule judged in the CONNTRACK record, wherein: submodule judged in the CONNTRACK record, be used to judge whether described data message has corresponding CONNTRACK record, if there is not corresponding CONNTRACK record, then notice is expected the connection judgment submodule; If corresponding CONNTRACK record is arranged, then notifies message processing module (MPM) 605; Expectation connection judgment submodule is used to judge whether described data message has affiliated expectation and connect, if having, then notice expectation connection status judge module 604; If do not have, then notify message processing module (MPM) 605; And/or,
Expectation connection status judge module 604 is used for judging that expectation connects residing user mode, and judged result is notified to message processing module (MPM) 605.
CONNTRACK record search module 609 is used to search described data message and whether has corresponding CONNTRACK record, and lookup result is notified to described message processing module (MPM) 605.
Here, described real-time stream protocol application layer gateway also comprises: main link block 607 is used to set up the CONNTRACK record of the control flows of client and server interaction; Described expectation connects sets up module 602, also is used for main linkage record is being connected with the expectation of carry under described main the connection.
Wherein, described main the connection comprises: the port of client control flows packet sending and receiving port and IP address, server and IP address; Described expectation connects and comprises: the media stream message transmitting-receiving port of the source port of expectation message and IP address, destination interface and IP address, client, the main connection.
In addition, described message processing module (MPM) 605 specifically is used for: according to the information such as media stream message transmitting-receiving port that the expectation under the described data message connects or the CONNTRACK record writes down, whether the destination interface of judging the data message that server issues is consistent with described media stream message transmitting-receiving port and IP address with purpose IP address, and when inconsistent, with the destination interface in the described data message and purpose IP address respectively correspondence be revised as media stream message transmitting-receiving port and IP address.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, do not have the part that describes in detail among certain embodiment, can get final product referring to the associated description of other embodiment.The above only is preferred embodiment of the present invention, just is used for description and interpretation the present invention, is not to be used to limit protection scope of the present invention.Within spirit of the present invention and claim protection range, to any modification that the present invention did, be equal to replacement, all fall into protection scope of the present invention.

Claims (10)

1, a kind of message processing method is characterized in that, this method comprises:
The media stream message transmitting-receiving port that home gateway provides according to client is set up and is expected to connect, and the expectation that forbidding is set up connects and writes down described media stream message transmitting-receiving port, will be used to set up and expect that the port that connects sends to server and selects;
The port that home gateway is selected according to server, the expectation of enabling the selected port correspondence of server connects, and waits for that data message arrives;
When expectation is connected with the data message arrival, the data message is detected and revises, set up the connection tracking CONNTRACK record of the correspondence of described data message, and deletion provides the expectation of setting up foundation to connect to this CONNTRACK record according to described expectation connection.
2, message processing method according to claim 1 is characterized in that, described home gateway waits for that this method also comprises after the data message arrival step:
When home gateway is received the data message that server issues, judge whether this data message has corresponding CONNTRACK record,, judge that then the expectation of described data message under whether having connects if there is not corresponding CONNTRACK record;
If corresponding CONNTRACK record is arranged, then described data message is detected and revises according to the CONNTRACK record;
Wherein, attribute and state that the described data message of described CONNTRACK record description connects comprise: source port and IP address, destination interface and IP address, protocol type.
3, message processing method according to claim 2 is characterized in that, the described record according to CONNTRACK detected and be revised as described data message:
Find the media stream message transmitting-receiving port and the Internet protocol IP address of corresponding client;
Whether the destination interface of judging described data message is consistent with client media stream message transmitting-receiving port and IP address with the IP address, if inconsistent, then the destination interface and the purpose IP address of described data message are revised as media stream message transmitting-receiving port and IP address respectively; If consistent, then finish this processing to described data message.
4, message processing method according to claim 1 is characterized in that, before the packet sending and receiving port that described home gateway conversion client provides, this method also comprises: client is set up main the connection by home gateway and server;
The described main CONNTRACK record that the mutual control flows of client and server forms that connects, described expectation connects carry under main the connection;
Wherein, described main the connection comprises: the port of client control flows packet sending and receiving port and IP address, server and IP address; Described expectation connects and comprises: the media stream message transmitting-receiving port of the source port of expectation message and IP address, destination interface and IP address, client, the main connection.
According to each described message processing method in the claim 1 to 4, it is characterized in that 5, the media stream message transmitting-receiving port that described home gateway provides according to client is set up the expectation connection and is specially:
From the media stream message transmitting-receiving port that client provides, take out a untreated port, and judge whether the port that is taken out has been supposed to connect use, use, then adopt the port that is taken out to set up the expectation connection if be supposed to connect;
If the port that is taken out has been supposed to connect and has used, then judge whether to find the port that is not supposed to connect use, if can find, then adopt the port that finds to set up expectation and connect; If can not find untapped port, then finish the expectation establishment of connection.
According to each described message processing method in the claim 1 to 4, it is characterized in that 6, the described connection according to expectation is treated to the data message:
Judge whether described expectation connection is in initiate mode, if connecting, expectation is in initiate mode, whether the destination interface of then judging described data message is consistent with media stream message transmitting-receiving port and IP address with the IP address, if inconsistent, then the destination interface and the purpose IP address of described data message are revised as client media stream message transmitting-receiving port and IP address respectively; If consistent, then finish this processing to described data message;
Be in disabled status if expectation connects, then directly abandon described data message, and finish the processing of this data message.
7, message processing method according to claim 1 is characterized in that, the port that described server is selected is transmitted by response message; Wherein,
After home gateway receives described response message, judge whether the destination interface in the described response message is consistent with the media stream message transmitting-receiving port and the IP address of described client with purpose IP address, if inconsistent, then the destination interface in the response message and IP address correspondence are changed into the media stream message transmitting-receiving port and the purpose IP address of client.
8, the real-time stream protocol application layer gateway in a kind of home gateway is characterized in that, this real-time stream protocol application layer gateway comprises: expectation connects sets up module, expectation connection switch module, message processing module (MPM), CONNTRACK logging modle; Wherein,
Expect to connect and sets up module, connection is expected in the media stream message transmitting-receiving port foundation that is used for providing according to client, and described media stream message transmitting-receiving port is recorded in the expectation connection, and foundation is expected that the port that connects sends to server and selects;
Expect to connect switch module, be used to forbid described expectation and connect the expectation connection of setting up module foundation, and enable the expectation connection of the selected port correspondence of server;
Message processing module (MPM) is used for connecting or the CONNTRACK record according to expectation, and the data message that server is issued detects and revises;
The CONNTRACK logging modle is used for setting up the CONNTRACK record according to the information that described message processing module (MPM) provides, and deletion provides the expectation of setting up foundation to connect to this CONNTRACK record.
9, the real-time stream protocol application layer gateway in the home gateway according to claim 8 is characterized in that, this real-time stream protocol application layer gateway also comprises:
Port is chosen module, is used to choose the port of setting up the expectation connection; And/or,
The message judge module comprises: submodule and expectation connection judgment submodule judged in the CONNTRACK record, wherein,
CONNTRACK record judgement submodule is used to judge whether described data message has corresponding CONNTRACK record, if there is not corresponding CONNTRACK record, then notice is expected the connection judgment submodule; If corresponding CONNTRACK record is arranged, then notifies message processing module (MPM);
Expectation connection judgment submodule is used to judge whether described data message has affiliated expectation and connect, if having, then notifies expectation connection status judge module; If do not have, then notify message processing module (MPM); And/or,
Expectation connection status judge module is used to judge the message judge module, and expectation connects residing user mode, and judged result is notified to message processing module (MPM); And/or,
CONNTRACK record search module is used to search described message judge module and judges the pairing CONNTRACK record of described data message that obtains, and lookup result is notified to described message processing module (MPM);
Wherein, described main the connection comprises: the port of client control flows packet sending and receiving port and IP address, server and IP address; Described expectation connects and comprises: the media stream message transmitting-receiving port of the source port of expectation message and IP address, destination interface and IP address, client, the main connection.
10, the real-time stream protocol application layer gateway in the home gateway according to claim 8 is characterized in that, this real-time stream protocol application layer gateway also comprises:
Main link block is used to set up the CONNTRACK record of the control flows of client and server interaction;
Described expectation connects sets up module, also is used for main linkage record is being connected with the expectation of carry under described main the connection; And/or,
Described message processing module (MPM) specifically is used for: according to the media stream message transmitting-receiving port that the expectation under the described data message connects or the CONNTRACK record writes down, whether the destination interface of judging the data message that server issues is consistent with described media stream message transmitting-receiving port and IP address with purpose IP address, and when inconsistent, with the destination interface in the described data message and purpose IP address respectively correspondence be revised as media stream message transmitting-receiving port and IP address.
CN2009101582719A 2009-07-23 2009-07-23 Message processing method and real-time stream protocol application layer gateway in home gateway Expired - Fee Related CN101626345B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009101582719A CN101626345B (en) 2009-07-23 2009-07-23 Message processing method and real-time stream protocol application layer gateway in home gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101582719A CN101626345B (en) 2009-07-23 2009-07-23 Message processing method and real-time stream protocol application layer gateway in home gateway

Publications (2)

Publication Number Publication Date
CN101626345A true CN101626345A (en) 2010-01-13
CN101626345B CN101626345B (en) 2013-03-20

Family

ID=41522038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101582719A Expired - Fee Related CN101626345B (en) 2009-07-23 2009-07-23 Message processing method and real-time stream protocol application layer gateway in home gateway

Country Status (1)

Country Link
CN (1) CN101626345B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103379027A (en) * 2012-04-16 2013-10-30 中兴通讯股份有限公司 Gateway optimizing method and device
CN104363174A (en) * 2014-11-12 2015-02-18 迈普通信技术股份有限公司 Connection tracking management device and connection tracking management method
CN106470214A (en) * 2016-10-21 2017-03-01 杭州迪普科技股份有限公司 Attack detection method and device
CN108234359A (en) * 2016-12-13 2018-06-29 华为技术有限公司 The system and method for transmitting message
CN110365560A (en) * 2019-07-15 2019-10-22 上海市共进通信技术有限公司 The adaptive control method of serve port is realized in home gateway
WO2022036492A1 (en) * 2020-08-17 2022-02-24 Arris Enterprises Llc Processing real-time-streaming-protocol (rtsp) packets to enhance video-on-demand services

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1859276A (en) * 2005-07-27 2006-11-08 华为技术有限公司 Multiple port path selecting method for network equipment
CN100561977C (en) * 2006-04-23 2009-11-18 华为技术有限公司 Fast rerouting method during a kind of a plurality of ports share transmission link
CN101068227B (en) * 2007-06-01 2010-08-11 广东中大讯通软件科技有限公司 System for protecting QoS system based on family gateway and reservation band width technique and method thereof

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103379027A (en) * 2012-04-16 2013-10-30 中兴通讯股份有限公司 Gateway optimizing method and device
CN103379027B (en) * 2012-04-16 2016-12-21 中兴通讯股份有限公司 Gateway optimization method and device
CN104363174A (en) * 2014-11-12 2015-02-18 迈普通信技术股份有限公司 Connection tracking management device and connection tracking management method
CN104363174B (en) * 2014-11-12 2017-10-27 迈普通信技术股份有限公司 One kind connection tracing management apparatus and method
CN106470214A (en) * 2016-10-21 2017-03-01 杭州迪普科技股份有限公司 Attack detection method and device
CN106470214B (en) * 2016-10-21 2020-03-06 杭州迪普科技股份有限公司 Attack detection method and device
CN108234359A (en) * 2016-12-13 2018-06-29 华为技术有限公司 The system and method for transmitting message
CN108234359B (en) * 2016-12-13 2020-12-04 华为技术有限公司 System and method for transmitting message
CN110365560A (en) * 2019-07-15 2019-10-22 上海市共进通信技术有限公司 The adaptive control method of serve port is realized in home gateway
CN110365560B (en) * 2019-07-15 2021-09-24 上海市共进通信技术有限公司 Control method for realizing service port self-adaption in home gateway
WO2022036492A1 (en) * 2020-08-17 2022-02-24 Arris Enterprises Llc Processing real-time-streaming-protocol (rtsp) packets to enhance video-on-demand services
US11909796B2 (en) 2020-08-17 2024-02-20 Arris Enterprises Llc Processing real-time-streaming-protocol (RTSP) packets to enhance video-on-demand services

Also Published As

Publication number Publication date
CN101626345B (en) 2013-03-20

Similar Documents

Publication Publication Date Title
JP4467220B2 (en) Voice instant messaging
KR101150110B1 (en) Transport system for instant messaging
CN101626345B (en) Message processing method and real-time stream protocol application layer gateway in home gateway
CN100479415C (en) System for realizing data communication and its method
CN104660952B (en) Video conference communication method and system
US20100220740A1 (en) Method, system, and program for forwarding messages between nodes
CN101945141B (en) TCP-based method and system for traversing NAT devices
US20100192218A1 (en) Method and system for packet filtering for local host-management controller pass-through communication via network controller
CN104506567B (en) Data exchange method for gateway and server of Internet of things
JP2005318503A (en) Presence server, session control server, packet relay system, server, and system
WO2015180570A1 (en) Data channel establishment method and communications device
JP4934148B2 (en) SIP multi-user media client with user agent shared by multiple user applications
CN104683435B (en) Network system keeps connection method, electronic equipment, server
US20080013554A1 (en) Gateway for controlling electric equipment connected to lan through wan
CN101834783A (en) Method and device for forwarding messages and network equipment
WO2018107556A1 (en) Cross-domain instant messaging method and system based on ims architecture
CN101437036A (en) Document transmission method and system capable of supporting NAT/firewall traversing
CN108234518A (en) A kind of method, apparatus, terminal and the storage medium of terminal communication
CN105706455A (en) Electronic device and method for controlling electronic device
TW442729B (en) Network controller for processing status queries
WO2009009967A1 (en) Instant messenger system, component and method for supplementary services
CN101867586A (en) Method and system for realizing cross network segment signaling interworking of videoconference system
JP2002518885A5 (en)
CN102045379B (en) Method and system for IP storage and storage equipment
CN105743852B (en) Method and system for realizing Socket connection maintaining communication across network gate through http

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20180709

Address after: California, USA

Patentee after: Global innovation polymerization LLC

Address before: 518057 Nanshan District high tech Industrial Park, Shenzhen, Guangdong, Ministry of justice, Zhongxing Road, South China road.

Patentee before: ZTE Corp.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130320

CF01 Termination of patent right due to non-payment of annual fee