CN101834783A - Method and device for forwarding messages and network equipment - Google Patents
Method and device for forwarding messages and network equipment Download PDFInfo
- Publication number
- CN101834783A CN101834783A CN201010136616A CN201010136616A CN101834783A CN 101834783 A CN101834783 A CN 101834783A CN 201010136616 A CN201010136616 A CN 201010136616A CN 201010136616 A CN201010136616 A CN 201010136616A CN 101834783 A CN101834783 A CN 101834783A
- Authority
- CN
- China
- Prior art keywords
- message
- interface
- stream
- record
- tuple information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses method and device for forwarding messages and network equipment. The method comprises steps of: confirming a first interface for receiving the message; extracting five tuple information from the received message; matching the five tuple information with five tuple information of a flow record in a flow list; if the matching is successful, comparing if the first interface is consistent with a receiving interface corresponding to a message initiator in a matched first flow record, and if so, forwarding the message from a sending interface corresponding to the response end of the first flow record, if not so, creating a second flow record in the flow list and using a second interface formed by the first interface in a bridge set way in the second flow record as a sending window corresponding to the message response end; and forwarding the message from the second interface. The invention realizes that a transparent mode fire wall correctly forwards messages received from two interfaces forming a bridge set and provided with same five tuple information.
Description
Technical field
The present invention relates to the Data Communication in Computer Networks field, relate in particular to a kind of message forwarding method, device and the network equipment.
Background technology
The packet filtering function of fire compartment wall is not to be target with certain single message only, allows or stops it to pass through according to rule; But follow the tracks of complete data exchange process, and in certain context environmental, the legitimacy of each contact message of audit data exchange process both sides.
Fire compartment wall generally comes the context environmental of record data reciprocal process by " stream ".
(Transmission Control Protocol, TCP) message is an example: (SYN, synchronize) message is the beginning of a data interaction, after fire compartment wall is received the SYN message, creates a stream record synchronously with transmission control protocol.Under this situation, only allow SYNACK message of responder response of SYN message, or the originating end of SYN message is retransmitted the SYN message; If receive the non-SYN message of SYN message originating end, or receive asynchronous affirmation (SYNACK) message of SYN message response end, all think illegal.If fire compartment wall is received a non-SYN message, and, that is to say the context environmental that does not have this non-SYN message, think that then this non-SYN message is illegal without any one " stream " record and this message coupling.The other types message as finishing (FIN) message, affirmation (ACK) message etc., also is by context environmental, decides what to use.
At present, fire compartment wall is with the form organization and management stream of " linked list array ", and this " linked list array " is commonly referred to " stream table ".
Still be example with the TCP message, generally by TCP stream of five-tuple sign, this five-tuple is by source IP, purpose IP, protocol type for fire compartment wall, and source port and destination interface five partial informations are formed.
Whenever receive a TCP message, fire compartment wall extracts source IP, purpose IP, protocol type from header, source port and destination interface, and through Hash (HASH) computing, the HASH result who obtains (being assumed to be X) is as the index of " stream table " with five-tuple.
Index value at " stream table " is on the X position, is one " stream " record chained list, and each node of this chained list is " stream " record conversely speaking,, and the HASH operation result of the five-tuple of each " stream " all equals X.
Fire compartment wall mates the five-tuple that each node write down on the five-tuple of this TCP message and the chained list one by one, if " stream " that can mate under this message of expression exists; Otherwise, fire compartment wall determine this TCP message meet create the new condition that connects after, will create one " stream ", the index value that adds to " flow and show " is on " stream " chained list of X position, to write down the context environmental of the connection under this message.Cause the new message of creating one " stream " record of fire compartment wall, be commonly referred to " literary composition of reporting for the first time ".
The firewall class of transparent mode is like bridge, each interface of fire compartment wall is made into " bridge group " in pairs, each bridge group has and has only two member interfaces, network message (is a receiving interface from an interface, to call " incoming interface " in the following text) received by fire compartment wall, if by the fire compartment wall examination, allow to transmit, then this message necessarily leaves fire compartment wall from another interface (promptly send outlet, to call " outgoing interface " in the following text) that belongs to a bridge group together with " incoming interface "; Otherwise,,, then be bound to go out from " incoming interface " if do not screened to illegally being dropped by fire compartment wall if message advances from " outgoing interface ".
Create in the process of stream record, the transparent mode fire compartment wall need find " incoming interface " affiliated bridge group of reception " literary composition of reporting for the first time " in bridge group table, then obtain to belong to " outgoing interface " of a bridge group with " incoming interface ", " incoming interface " is corresponding with the originating end (originating end of " literary composition of reporting for the first time " just) of stream, " outgoing interface " is corresponding with the responder (responder of " literary composition of reporting for the first time " just) of stream, is kept in the stream record.
When receiving the subsequent packet that belongs to this stream, after the fire compartment wall confirmation message is legal,, then leave fire compartment wall from " outgoing interface " if the message source is " originating end "; If the message source is " responder ", then leave fire compartment wall from " incoming interface ".
By corresponding with originating end and responder, be recorded in " stream ", after stream is created " incoming interface " and " outgoing interface ", fire compartment wall need not again in order to determine that message leaves the path of fire compartment wall, and inquiry bridge group table reduces this query manipulation, helps to improve the message forward rate.
The inventor finds, in the prior art, two physical subnets of the fire compartment wall bridge joint of transparent mode are when this fire compartment wall E-Packets, no matter if the direction that message sends how, content of message is the same, in other words, the five-tuple that comprises in the message is the same, but receive respectively from two interfaces of this fire compartment wall bridge joint, will cause the wrong problem of transmitting, citing an actual example below describes:
Suppose two physical subnets of transparent mode fire compartment wall bridge joint (subnet Net_A and subnet Net_B), subnet Net_A is connected on the interface Intf_A of fire compartment wall, and subnet Net_B is connected on the interface Intf_B of fire compartment wall.
The IP of the PC of two subnets is a dynamic-configuration, and a DHCP (DHCP, Dynamic Host Configuration Protocol) server unique in the network is placed on subnet Net_A.
Host PC _ the A that is positioned at subnet Net_A sends DHCP-discover broadcasting packet (source IP address is that 0.0.0.0, purpose IP address are that 255.255.255.255, source port are 68, destination interface is 67, protocol type be udp protocol) PKT_1 when starting, the request Dynamic Host Configuration Protocol server is its distributing IP, because PKT_1 is a broadcasting packet, so all devices of subnet Net_A, comprise fire compartment wall, all can receive PKT_1.
After fire compartment wall is received PKT_1, stream table through the traversal storage, not with any existing stream record coupling, and PKT_1 does not run counter to the restriction strategy of the stream establishment of user's setting yet, so fire compartment wall as the literary composition of reporting for the first time, is created a stream record: " incoming interface ": Intf_A, corresponding originating end: 0.0.0.0 with PKT_1; " outgoing interface ": Intf_B, corresponding responder: 255.255.255.255.And PKT_1 is forwarded to subnet Net_B.
Subsequently, host PC _ the B that is positioned at subnet Net_B has also started, also sent DHCP-discover broadcasting packet PKT_2, because the content of all DHCP-discover broadcasting packets is identical, so the five-tuple that comprises of PKT_1 and PKT_2 is also the same.
After fire compartment wall is received PKT_2, extract its five-tuple (source IP address, purpose IP address, source port, destination interface and protocol type) information, the stream table of traversal storage, find the stream record coupling affiliated with PKT_1, because the interface of responder 255.255.255.255 correspondence is Intf_B in the stream record, so fire compartment wall just forwards PKT_2 from Intf_B.
Like this, PKT_2 just is equivalent to be kept off by fire compartment wall, can not arrive the Dynamic Host Configuration Protocol server that is arranged in subnet Net_A, has caused PC_B can't be assigned to IP.
Summary of the invention
The embodiment of the invention provides a kind of message forwarding method, device and the network equipment, in order to the fire compartment wall of realizing transparent mode to correct forwarding from two distinct interfaces messages that receive, that have identical five-tuple information of forming the bridge group.
A kind of message forwarding method that the embodiment of the invention provides comprises:
Determine to receive first interface of message;
From the described message that receives, extract five-tuple information;
The five-tuple information of the record of the stream in described five-tuple information and the stream table is mated; If the match is successful, whether the receiving interface that the message originating end is corresponding in the first-class record of more described first interface and coupling is consistent, if consistent, then the transmission interface of message response end correspondence is transmitted this message from described first-class record; If inconsistent, then in the stream table, set up the second stream record, second interface that will form the bridge group with described first interface in the described second stream record is transmitted this message as the corresponding transmission interface of message response end from described second interface.
A kind of apparatus for forwarding message that the embodiment of the invention provides comprises:
Determining unit is used for definite first interface that receives message;
Extraction unit is used for extracting five-tuple information from the described message that receives;
Matching unit is used for the five-tuple information of the stream of described five-tuple information and stream table record is mated;
Comparing unit is used for when matching unit when the match is successful, and whether the receiving interface that the message originating end is corresponding in the first-class record of more described first interface and coupling is consistent;
Stream record creating unit is used for creating the second stream record when the comparative result of described comparing unit when being inconsistent in the stream table, in the described second stream record will with second interface of described first interface composition bridge group as the corresponding transmission interface of message response end;
Retransmission unit is used for when the comparative result of described comparing unit is unanimity, and the transmission interface of message response end correspondence is transmitted this message from described first-class record; Perhaps when the comparative result of described comparing unit when being inconsistent, described second interface from the second stream record is transmitted this message.
A kind of network equipment that the embodiment of the invention provides includes above-mentioned apparatus for forwarding message.
The beneficial effect of the embodiment of the invention comprises:
The message forwarding method that the embodiment of the invention provides, the device and the network equipment, receiving under the situation of message from a docking port of forming the bridge group respectively with identical five-tuple information, the five-tuple information matches of the stream record of in the five-tuple information of message and stream table, having created, but when the interface that receiving interface is corresponding with message source in this stream record is inconsistent, for this message is created the second stream record again, and second interface of forming the bridge group with first interface of record is transmitted from the second stream record that the back is set up, avoided occurring in the prior art when first interface that the receives message receiving interface corresponding with message source during the stream of coupling writes down is inconsistent, also the transmission interface according to message response end in the stream record of this coupling sends this message, cause occurring transmitting the problem of going back from first interface again, thereby the fire compartment wall of having realized transparent mode is for receiving from two distinct interfaces forming the bridge group from the message that first interface receives, correct forwarding with message of identical five-tuple information.
Description of drawings
The flow chart of the message forwarding method that Fig. 1 provides for the embodiment of the invention;
The network connection diagram of the instantiation that Fig. 2 provides for the embodiment of the invention;
The structural representation of the apparatus for forwarding message that Fig. 3 provides for the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, the embodiment of a kind of message forwarding method provided by the invention, device and the network equipment is described in detail.
The message forwarding method that the embodiment of the invention provides as shown in Figure 1, comprises the steps:
S101, determine that fire compartment wall receives first interface of message;
S102, fire compartment wall extract five-tuple information from this message that receives.
S103, fire compartment wall mate the five-tuple information of the record of the stream in five-tuple information and the stream table; If the match is successful, execution in step S104 then; If coupling is unsuccessful, then execution in step S108;
S104, fire compartment wall further relatively in the first-class record of this fire compartment wall first interface of receiving this message and coupling the receiving interface of message originating end whether consistent, if consistent, execution in step S105 then, if inconsistent, execution in step S106 then;
S105, the message transmission interface that writes down from first-class record are transmitted this message;
S106, in the stream table, set up the second stream record, in this second stream record, will form second interface of bridge group as the corresponding transmission interface of message response end with first interface; Carry out S107 then;
S107, transmit this message from second interface.
S108, the method for creating the stream record according to the fire compartment wall of existing transparent mode are created a new stream record.
Among the above-mentioned steps S101, fire compartment wall extracts the method for five-tuple information from the message that receives same as the prior art, promptly extracts five information of source IP address, purpose IP address, source port, destination interface and the protocol type of message.
Among the above-mentioned steps S103, fire compartment wall travels through each bar stream record in the stream table of its storage, five-tuple information with the message that receives, compare with the five-tuple information of each bar stream record in the stream table, if exist the five-tuple information in certain bar stream record consistent, think that then the match is successful, if the five-tuple information of the message that receives with the five-tuple information that extracts, all inequality with the five-tuple information in each bar stream record in the stream table, think that then coupling is unsuccessful.
In embodiments of the present invention, be, when the success of five-tuple information matches, also need to carry out above-mentioned steps S104 with the mode of operation difference of the fire compartment wall of transparent mode in the prior art.
Among the above-mentioned steps S104, according to each stream record in the existing stream table, except writing down the five-tuple information of this message, also comprised in this fire compartment wall with the corresponding relation of this message originating end and receiving interface (or being weighed into interface) and with the corresponding relation of this message response end and transmission interface (or weighing up interface), only at the interface of the current actual reception message of fire compartment wall, when the receiving interface that the message originating end of record is corresponding in that stream record that matches with five-tuple in the stream table is consistent, think that just this message mates fully with this stream record fully, under the situation of mating fully, just allow the transmission interface of message message response end of record from this stream record to send.
All can't mate in five-tuple information with the stream record in the stream table, perhaps the match is successful for the stream record in five-tuple and stream are shown, but the receiving interface of message originating end correspondence is inconsistent in the interface of this this message of fire compartment wall actual reception and the stream that the matches record, think that also this message can't mate fully with the stream record in the stream table, need be with this message as the literary composition of reporting for the first time, set up the i.e. second stream record of a new stream record, in this stream record, not only comprise five-tuple information, also include the correspondence relationship information of the message source and first interface and the correspondence relationship information of the message response end and second interface, first interface and second interface are a pair of bridge group interfaces of this fire compartment wall, and just pairing is finished in advance.
Among the above-mentioned steps S106, in the stream table, set up the second stream record, promptly in the stream table, create a new five-tuple information that includes this message, be the correspondence relationship information of the message originating end and first interface as the receiving interface of message originating end first interface, and second interface that will form the bridge group with first interface is the record of the correspondence relationship information of message response end and second interface as the transmission interface of message response end, and this new record flows record as second.
When above-mentioned steps S106 and S108 create the stream record, preferably, use the form of data link table to create the stream record.
In order to be illustrated more clearly in the message forwarding method that the embodiment of the invention provides, the instantiation with the DHCP message forwarding mentioned in the background technology is elaborated to the message forwarding method that the embodiment of the invention provides below.
As shown in Figure 2, the fire compartment wall of transparent mode connects subnet A and subnet B, and subnet A is connected on the interface A of fire compartment wall, and subnet B is connected on the interface B of fire compartment wall, has only a Dynamic Host Configuration Protocol server to be placed among the subnet A in the network.Certainly, this fire compartment wall has not merely connected this to subnet, and it also might be connected with other paired subnets, and the embodiment of the invention only describes with a pair of subnet wherein.
Host PC _ the A1 that is positioned at subnet A sends the broadcasting packet that DHCP is found (DHCP Discover) to Dynamic Host Configuration Protocol server after startup, the five-tuple information of this broadcasting packet is: source IP address is 0.0.0.0, purpose IP address is 255.255.255.255, source port is 68, destination interface is 67, protocol type is a udp protocol, after fire compartment wall receives this broadcasting packet, the stream table of traversal storage, discovery matches without any the five-tuple information of existing stream record, fire compartment wall is with message headed by this broadcasting packet, create a stream record (hereinafter referred to as first-class record), in this first-class record, except writing down the five-tuple information of this broadcasting packet, also write down the correspondence relationship information of originating end (IP address 0.0.0.0) Yu the interface A of this broadcasting packet, and the correspondence relationship information of responder of this broadcasting packet (the IP address is 255.255.255.255) and interface B, then this broadcasting packet is sent from interface B.
If after fire compartment wall is finished the process that the DHCP discover broadcasting packet of host PC _ A1 transmits, a host PC _ A2 who occurs once more among the subnet A sends DHCP Discover broadcasting packet to this Dynamic Host Configuration Protocol server, the technique scheme that provides according to the embodiment of the invention, because the content of each DHCP Discover broadcasting packet all is the same, five-tuple information in the broadcasting packet that the extraction host PC _ A2 sends, can be complementary with the existing first-class record of stream table storage, and, owing to fire compartment wall is actual to be this DHCP discover broadcasting packet from interface A reception, consistent with the receiving interface that the message originating end that writes down in this first-class record is corresponding, the interface B of this message response end correspondence that therefore, can be by this first-class record record transmits this DHCP discover broadcasting packet.
If after fire compartment wall is finished the process that the DHCP discover broadcasting packet of host PC _ A1 transmits, a host PC _ B1 who occurs once more among the subnet B sends DHCP Discover broadcasting packet to this Dynamic Host Configuration Protocol server, the technique scheme that provides according to the embodiment of the invention, because the content of each DHCP Discover broadcasting packet all is the same, five-tuple information in the broadcasting packet that the extraction host PC _ A2 sends, can be complementary with the existing first-class record of stream table storage, but, interface B with this broadcasting packet of fire compartment wall actual reception, when the interface A corresponding with the message source that writes down in the first-class record compares, it is inconsistent to find both, then with message headed by this broadcasting packet, in the stream table, create a new stream record (hereinafter referred to as the second stream record) again, this second stream record except the five-tuple information that writes down this broadcasting packet promptly: source IP address is 0.0.0.0, purpose IP address is 255.255.255.255, source port is 68, destination interface is 67, protocol type is outside the udp protocol, the message originating end (the IP address is 0.0.0.0) of this broadcasting packet and the corresponding relation of interface B have also been write down, and write down the message response end (the IP address is 255.255.255.255) of this broadcasting packet and the corresponding relation of interface A, then according to the second stream record, this broadcasting packet is forwarded from interface A, thereby realized the correct forwarding of message.
After having created the second stream record, if a host PC _ B2 among the subnet B sends DHCP Discover broadcasting packet to this Dynamic Host Configuration Protocol server, similar with the situation of host PC _ A2, extract the five-tuple information of this broadcasting packet, all mate with the first-class record and the second stream record, but the interface that receives this broadcasting packet is that the interface B that the message originating end is corresponding in the interface B and the second stream record is consistent, therefore, interface A according to the message response end correspondence of record in the second stream record transmits this broadcasting packet, thereby arrived the Dynamic Host Configuration Protocol server among the subnet A, realized the correct forwarding of broadcasting packet.
Based on same inventive concept, the embodiment of the invention also provides a kind of apparatus for forwarding message and the network equipment, because the principle that this device and equipment are dealt with problems is similar to aforementioned a kind of message forwarding method, therefore the enforcement of this device and fire compartment wall can repeat part and not give unnecessary details referring to the enforcement of method.
A kind of apparatus for forwarding message that the embodiment of the invention provides as shown in Figure 3, comprising:
Determining unit 302 is used for extracting five-tuple information from this message that receives;
Comparing unit 304 is used for when matching unit when the match is successful, and relatively whether the receiving interface that the message originating end is corresponding in the first-class record of first interface and coupling is consistent;
Stream record creating unit 305 is used for creating the second stream record when the comparative result of comparing unit 304 when being inconsistent in the stream table, in the second stream record will with second interface of first interface composition bridge group as the corresponding transmission interface of message response end;
Further, the stream record creating unit 305 in the apparatus for forwarding message that the embodiment of the invention provides also is used for when matching unit 303 couplings are unsuccessful this message as the literary composition of reporting for the first time, being set up a new stream record in the stream table.
The stream record creating unit 305 that the embodiment of the invention provides, be further used in the stream table, creating a correspondence relationship information that includes five-tuple information, message originating end and first interface of this message, and the record of the correspondence relationship information of the message response end and second interface is as the second stream record.
The embodiment of the invention also provides a kind of network equipment, and this network equipment comprises above-mentioned apparatus for forwarding message, can realize that receiving interface is different but has the correct forwarding of the message of identical five-tuple information.
Preferably, the above-mentioned network equipment that provides of the embodiment of the invention is a fire compartment wall.
The message forwarding method that the embodiment of the invention provides, the device and the network equipment, receiving under the situation of message from a docking port of forming the bridge group respectively with identical five-tuple information, the five-tuple information matches of the stream record of in the five-tuple information of message and stream table, having created, but when the interface that receiving interface is corresponding with message source in this stream record is inconsistent, for this message is created the second stream record again, and second interface of forming the bridge group with first interface of record is transmitted from the second stream record that the back is set up, avoided occurring in the prior art when first interface that the receives message receiving interface corresponding with message source during the stream of coupling writes down is inconsistent, also the transmission interface according to message response end in the stream record of this coupling sends this message, cause occurring transmitting the problem of going back from first interface again, thereby the fire compartment wall of having realized transparent mode is for receiving from two distinct interfaces forming the bridge group from the message that first interface receives, correct forwarding with message of identical five-tuple information.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (8)
1. a message forwarding method is characterized in that, comprising:
Determine to receive first interface of message;
From the described message that receives, extract five-tuple information;
The five-tuple information of the record of the stream in described five-tuple information and the stream table is mated; If the match is successful, whether the receiving interface that the message originating end is corresponding in the first-class record of more described first interface and coupling is consistent, if consistent, then the transmission interface of message response end correspondence is transmitted this message from described first-class record; If inconsistent, then in the stream table, create the second stream record, second interface that will form the bridge group with described first interface in the described second stream record is transmitted this message as the corresponding transmission interface of message response end from described second interface.
2. the method for claim 1 is characterized in that, creates the second stream record in the stream table, comprising:
In the stream table, create a correspondence relationship information that includes the five-tuple information of this message, described message originating end and described first interface, and the record of the correspondence relationship information of described message response end and described second interface is as the second stream record.
3. the method for claim 1 is characterized in that, if coupling is unsuccessful, then with described message as the literary composition of reporting for the first time, new stream record of establishment in the stream table.
4. method as claimed in claim 1 or 2 is characterized in that, uses the form of data link table to create the second stream record.
5. an apparatus for forwarding message is characterized in that, comprising:
Determining unit is used for definite first interface that receives message;
Extraction unit is used for extracting five-tuple information from the described message that receives;
Matching unit is used for the five-tuple information of the stream of described five-tuple information and stream table record is mated;
Comparing unit is used for when matching unit when the match is successful, and whether the receiving interface that the message originating end is corresponding in the first-class record of more described first interface and coupling is consistent;
Stream record creating unit is used for creating the second stream record when the comparative result of described comparing unit when being inconsistent in the stream table, in the described second stream record will with second interface of described first interface composition bridge group as the corresponding transmission interface of message response end;
Retransmission unit is used for when the comparative result of described comparing unit is unanimity, and the transmission interface of message response end correspondence is transmitted this message from described first-class record; Perhaps when the comparative result of described comparing unit when being inconsistent, described second interface from the second stream record is transmitted this message.
6. device as claimed in claim 5, it is characterized in that, described stream record creating unit, be further used in the stream table, creating a correspondence relationship information that includes the five-tuple information of this message, described message originating end and described first interface, and the record of the correspondence relationship information of described message response end and described second interface is as the second stream record.
7. device as claimed in claim 5 is characterized in that, described stream record creating unit also is used for when described matching unit coupling is unsuccessful described message as the literary composition of reporting for the first time, being set up a new stream record in the stream table.
8. a network equipment is characterized in that, comprises as the described apparatus for forwarding message of the arbitrary claim of claim 5~7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101366163A CN101834783B (en) | 2010-03-29 | 2010-03-29 | Method and device for forwarding messages and network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101366163A CN101834783B (en) | 2010-03-29 | 2010-03-29 | Method and device for forwarding messages and network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101834783A true CN101834783A (en) | 2010-09-15 |
| CN101834783B CN101834783B (en) | 2012-01-25 |
Family
ID=42718715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101366163A Active CN101834783B (en) | 2010-03-29 | 2010-03-29 | Method and device for forwarding messages and network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101834783B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102301663A (en) * | 2011-07-06 | 2011-12-28 | 华为技术有限公司 | Message processing method and associated devices |
| CN103607350A (en) * | 2013-12-10 | 2014-02-26 | 山东中创软件商用中间件股份有限公司 | Method and device for generating route |
| CN104168186A (en) * | 2014-07-01 | 2014-11-26 | 汉柏科技有限公司 | Message forwarding method and system based on network bridge |
| WO2015010256A1 (en) * | 2013-07-23 | 2015-01-29 | 华为技术有限公司 | Packet forwarding method and device |
| CN104994084A (en) * | 2015-06-23 | 2015-10-21 | 西安交大捷普网络科技有限公司 | Local agent method of WEB firewall |
| CN106254433A (en) * | 2016-07-28 | 2016-12-21 | 杭州迪普科技有限公司 | A kind of method and device setting up TCP communication connection |
| CN107483341A (en) * | 2017-08-29 | 2017-12-15 | 杭州迪普科技股份有限公司 | A kind of across fire wall packet fast forwarding method and device |
| CN107948076A (en) * | 2017-12-29 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of method and device to E-Packet |
| CN108141875A (en) * | 2015-08-17 | 2018-06-08 | Lg 电子株式会社 | The method and its device of grouping are sent and received in a wireless communication system |
| CN110809330A (en) * | 2019-12-16 | 2020-02-18 | 腾讯科技(深圳)有限公司 | Multi-terminal connection establishing method and device, storage medium and electronic device |
| CN112511438A (en) * | 2020-11-19 | 2021-03-16 | 锐捷网络股份有限公司 | Method and device for forwarding message by using flow table and computer equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1486030A (en) * | 2002-09-23 | 2004-03-31 | 华为技术有限公司 | Method of implementing bridge group multiplexing on WAN interface |
| CN1604539A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Firewall kernel security component integration method |
| US7299296B1 (en) * | 2002-09-18 | 2007-11-20 | Juniper Networks, Inc. | Filtering data flows based on associated forwarding tables |
-
2010
- 2010-03-29 CN CN2010101366163A patent/CN101834783B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7299296B1 (en) * | 2002-09-18 | 2007-11-20 | Juniper Networks, Inc. | Filtering data flows based on associated forwarding tables |
| CN1486030A (en) * | 2002-09-23 | 2004-03-31 | 华为技术有限公司 | Method of implementing bridge group multiplexing on WAN interface |
| CN1604539A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Firewall kernel security component integration method |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9385886B2 (en) | 2011-07-06 | 2016-07-05 | Huawei Technologies Co., Ltd. | Method for processing a packet and related device |
| WO2012106869A1 (en) * | 2011-07-06 | 2012-08-16 | 华为技术有限公司 | Message processing method and related device thereof |
| CN102301663B (en) * | 2011-07-06 | 2013-11-06 | 华为技术有限公司 | Message processing method and associated devices |
| CN102301663A (en) * | 2011-07-06 | 2011-12-28 | 华为技术有限公司 | Message processing method and associated devices |
| US10057165B2 (en) | 2013-07-23 | 2018-08-21 | Huawei Technologies Co., Ltd. | Packet forwarding method and device |
| WO2015010256A1 (en) * | 2013-07-23 | 2015-01-29 | 华为技术有限公司 | Packet forwarding method and device |
| CN103607350B (en) * | 2013-12-10 | 2017-02-01 | 山东中创软件商用中间件股份有限公司 | Method and device for generating route |
| CN103607350A (en) * | 2013-12-10 | 2014-02-26 | 山东中创软件商用中间件股份有限公司 | Method and device for generating route |
| CN104168186A (en) * | 2014-07-01 | 2014-11-26 | 汉柏科技有限公司 | Message forwarding method and system based on network bridge |
| CN104168186B (en) * | 2014-07-01 | 2018-01-02 | 汉柏科技有限公司 | A kind of message forwarding method and system based on bridge |
| CN104994084A (en) * | 2015-06-23 | 2015-10-21 | 西安交大捷普网络科技有限公司 | Local agent method of WEB firewall |
| CN108141875B (en) * | 2015-08-17 | 2021-03-30 | Lg 电子株式会社 | Method for transmitting and receiving packet in wireless communication system and apparatus therefor |
| CN108141875A (en) * | 2015-08-17 | 2018-06-08 | Lg 电子株式会社 | The method and its device of grouping are sent and received in a wireless communication system |
| CN106254433A (en) * | 2016-07-28 | 2016-12-21 | 杭州迪普科技有限公司 | A kind of method and device setting up TCP communication connection |
| CN106254433B (en) * | 2016-07-28 | 2020-11-06 | 杭州迪普科技股份有限公司 | Method and device for establishing TCP communication connection |
| CN107483341A (en) * | 2017-08-29 | 2017-12-15 | 杭州迪普科技股份有限公司 | A kind of across fire wall packet fast forwarding method and device |
| CN107948076A (en) * | 2017-12-29 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of method and device to E-Packet |
| CN110809330A (en) * | 2019-12-16 | 2020-02-18 | 腾讯科技(深圳)有限公司 | Multi-terminal connection establishing method and device, storage medium and electronic device |
| CN110809330B (en) * | 2019-12-16 | 2023-07-14 | 腾讯科技(深圳)有限公司 | Multi-terminal connection establishment method and device, storage medium and electronic device |
| CN112511438A (en) * | 2020-11-19 | 2021-03-16 | 锐捷网络股份有限公司 | Method and device for forwarding message by using flow table and computer equipment |
| CN112511438B (en) * | 2020-11-19 | 2022-12-13 | 锐捷网络股份有限公司 | Method and device for forwarding message by using flow table and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101834783B (en) | 2012-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101834783B (en) | Method and device for forwarding messages and network equipment | |
| CN101207604B (en) | Virtual machine system and communication processing method thereof | |
| EP2206320B1 (en) | Method and apparatus for peer to peer link establishment over a network | |
| US20060002391A1 (en) | Multicast packet relay device adapted for virtual router | |
| CN106790420B (en) | A kind of more session channel method for building up and system | |
| EP2866395B1 (en) | Maximum transmission unit negotiation method and data terminal | |
| CN103326948B (en) | A kind of exchange processing system and method | |
| WO2010063242A1 (en) | Clock synchronization method, device and network system | |
| CN102546407B (en) | File transmitting method and device | |
| US8739270B1 (en) | Trusted, cross domain information sharing between multiple legacy and IP based devices | |
| US6515994B1 (en) | Method of communication in a communications network and apparatus therefor | |
| CN102594672A (en) | Method and system applicable to high-quality internet communication in low-reliability network environment | |
| CN114553799B (en) | Multicast forwarding method, device, equipment and medium based on programmable data plane | |
| JP2006074132A (en) | Multicast communication method and gateway device | |
| CN101184089A (en) | Port and content interweaved detection based protocol identifying method | |
| Davin et al. | Simple gateway monitoring protocol | |
| CN101309154B (en) | Datagram sending method, sending apparatus and transmission system | |
| CN101827037A (en) | Multicast data stream sending method, device and two-layer switching equipment | |
| CN102136988A (en) | Multicast data message transferring method and device | |
| US20130191501A1 (en) | Procedures for the Transfer of User Data | |
| WO2013034037A1 (en) | Communication method, system and apparatus applied to fibre channel over ethernet scenario | |
| CN101510901A (en) | Communication method, communication apparatus and system between distributed equipment | |
| KR100654945B1 (en) | Method and system for communicating with each other between equipments which exist in other logical network and recording media of packet transformer for the same | |
| CN117424928B (en) | Network equipment and resource sharing method | |
| CN115883256B (en) | Data transmission method, device and storage medium based on encryption tunnel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |