CN101834783B - Method and device for forwarding messages and network equipment - Google Patents
Method and device for forwarding messages and network equipment Download PDFInfo
- Publication number
- CN101834783B CN101834783B CN2010101366163A CN201010136616A CN101834783B CN 101834783 B CN101834783 B CN 101834783B CN 2010101366163 A CN2010101366163 A CN 2010101366163A CN 201010136616 A CN201010136616 A CN 201010136616A CN 101834783 B CN101834783 B CN 101834783B
- Authority
- CN
- China
- Prior art keywords
- message
- interface
- record
- stream
- tuple information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses method and device for forwarding messages and network equipment. The method comprises steps of: confirming a first interface for receiving the message; extracting five tuple information from the received message; matching the five tuple information with five tuple information of a flow record in a flow list; if the matching is successful, comparing if the first interface is consistent with a receiving interface corresponding to a message initiator in a matched first flow record, and if so, forwarding the message from a sending interface corresponding to the response end of the first flow record, if not so, creating a second flow record in the flow list and using a second interface formed by the first interface in a bridge set way in the second flow record as a sending window corresponding to the message response end; and forwarding the message from the second interface. The invention realizes that a transparent mode fire wall correctly forwards messages received from two interfaces forming a bridge set and provided with same five tuple information.
Description
Technical field
The present invention relates to the Data Communication in Computer Networks field, relate in particular to a kind of message forwarding method, device and the network equipment.
Background technology
The packet filtering function of fire compartment wall is not to be target with certain single message only, allows or stops it to pass through according to rule; But follow the tracks of complete data exchange process, and in certain context environmental, the legitimacy of each contact message of audit data exchange process both sides.
Fire compartment wall generally comes the context environmental of record data reciprocal process through " stream ".
(Transmission Control Protocol, TCP) message is an example: (SYN, synchronize) message is the beginning of a data interaction, after fire compartment wall is received the SYN message, creates a stream record synchronously with transmission control protocol.Under this situation, only allow SYN ACK message of responder response of SYN message, or the originating end of SYN message is retransmitted the SYN message; If receive the non-SYN message of SYN message originating end, or receive asynchronous affirmation (SYNACK) message of SYN message response end, all think illegal.If fire compartment wall is received a non-SYN message, and have no one " stream " record and this message coupling, that is to say the context environmental that does not have this non-SYN message, think that then this non-SYN message is illegal.The other types message as finishing (FIN) message, affirmation (ACK) message etc., also is through context environmental, decides what to use.
At present, fire compartment wall is with the form organization and management stream of " linked list array ", and this " linked list array " is commonly referred to " stream table ".
Still be example with the TCP message, generally through TCP stream of five-tuple sign, this five-tuple is by source IP, purpose IP, protocol type for fire compartment wall, and source port and destination interface five partial informations are formed.
Whenever receive a TCP message, fire compartment wall extracts source IP, purpose IP, protocol type from header, source port and destination interface, and through Hash (HASH) computing, the HASH result who obtains (being assumed to be X) is as the index of " stream table " with five-tuple.
Index value at " stream table " is on the X position, is one " stream " record chained list, and each node of this chained list is " stream " record conversely speaking,, and the HASH operation result of the five-tuple of each " stream " all equals X.
Fire compartment wall matees the five-tuple that each node write down on the five-tuple of this TCP message and the chained list one by one, if " stream " that can mate under this message of expression exists; Otherwise, fire compartment wall confirm this TCP message meet create the new condition that connects after, will create one " stream ", the index value that adds to " flow and show " is on " stream " chained list of X position, to write down the context environmental of the connection under this message.Cause the new message of creating one " stream " record of fire compartment wall, be commonly referred to " literary composition of reporting for the first time ".
The firewall class of transparent mode is like bridge, and each interface of fire compartment wall is made into " bridge group " in pairs, and each bridge group has and have only two member interfaces; Network message (is a receiving interface from an interface; To call " incoming interface " in the following text) received by fire compartment wall, if through the fire compartment wall examination, allow to transmit; Then this message necessarily leaves fire compartment wall from another interface (promptly send outlet, to call " outgoing interface " in the following text) that belongs to a bridge group together with " incoming interface "; Otherwise,,, then be bound to go out from " incoming interface " if do not screened to illegally being dropped by fire compartment wall if message advances from " outgoing interface ".
Create in the process of stream record; The transparent mode fire compartment wall need find " incoming interface " affiliated bridge group of reception " literary composition of reporting for the first time " in bridge group table; Then obtain to belong to " outgoing interface " of a bridge group with " incoming interface "; " incoming interface " is corresponding with the originating end (originating end of " literary composition of reporting for the first time " just) of stream, and " outgoing interface " is corresponding with the responder (responder of " literary composition of reporting for the first time " just) of stream, is kept in the stream record.
When receiving the subsequent packet that belongs to this stream, after the fire compartment wall confirmation message is legal,, then leave fire compartment wall from " outgoing interface " if the message source is " originating end "; If the message source is " responder ", then leave fire compartment wall from " incoming interface ".
Through corresponding with originating end and responder, be recorded in " stream ", after stream is created " incoming interface " and " outgoing interface "; Fire compartment wall need not again in order to confirm that message leaves the path of fire compartment wall; And inquiry bridge group table reduces this query manipulation, helps to improve the message forward rate.
The inventor finds that in the prior art, two physical subnets of the fire compartment wall bridge joint of transparent mode are when this fire compartment wall E-Packets; No matter if the direction that message sends how, content of message is the same, in other words; The five-tuple that comprises in the message is the same; But receive respectively from two interfaces of this fire compartment wall bridge joint, will cause the wrong problem of transmitting, citing an actual example below describes:
Suppose two physical subnets of transparent mode fire compartment wall bridge joint (subnet Net_A and subnet Net_B), subnet Net_A is connected on the interface Intf_A of fire compartment wall, and subnet Net_B is connected on the interface Intf_B of fire compartment wall.
The IP of the PC of two sub-net is a dynamic-configuration, and a DHCP (DHCP, Dynamic Host Configuration Protocol) server unique in the network is placed on subnet Net_A.
Host PC _ the A that is positioned at subnet Net_A sends DHCP-discover broadcasting packet (source IP address is that 0.0.0.0, purpose IP address are that 255.255.255.255, source port are 68, destination interface is 67, protocol type be udp protocol) PKT_1 when starting; The request Dynamic Host Configuration Protocol server is its distributing IP; Because PKT_1 is a broadcasting packet; So all devices of subnet Net_A comprises fire compartment wall, all can receive PKT_1.
After fire compartment wall is received PKT_1; Stream table through the traversal storage; Not with any existing stream record coupling; And PKT_1 do not run counter to the restriction strategy that stream that the user sets is created yet, then fire compartment wall with PKT_1 as the literary composition of reporting for the first time, create one and flow record: " incoming interface ": Intf_A, corresponding originating end: 0.0.0.0; " outgoing interface ": Intf_B, corresponding responder: 255.255.255.255.And be forwarded to subnet Net_B to PKT_1.
Subsequently; Host PC _ the B that is positioned at subnet Net_B has also started; Also sent DHCP-discover broadcasting packet PKT_2, because the content of all DHCP-discover broadcasting packets is identical, so the five-tuple that comprises of PKT_1 and PKT_2 is also the same.
After fire compartment wall is received PKT_2; Extract its five-tuple (source IP address, purpose IP address, source port, destination interface and protocol type) information; The stream table of traversal storage; Find the stream record coupling affiliated with PKT_1, because the interface of responder 255.255.255.255 correspondence is Intf_B in the stream record, so fire compartment wall just forwards PKT_2 from Intf_B.
Like this, PKT_2 just is equivalent to kept off by fire compartment wall, can not arrive the Dynamic Host Configuration Protocol server that is arranged in subnet Net_A, has caused PC_B can't be assigned to IP.
Summary of the invention
The embodiment of the invention provides a kind of message forwarding method, device and the network equipment, in order to the fire compartment wall of realizing transparent mode to correct forwarding from two distinct interfaces messages that receive, that have identical five-tuple information of forming the bridge group.
A kind of message forwarding method that the embodiment of the invention provides comprises:
Confirm to receive first interface of message;
From the said message that receives, extract five-tuple information;
The five-tuple information of the record of the stream in said five-tuple information and the stream table is mated; If the match is successful, whether the receiving interface that the message originating end is corresponding in the first-class record of more said first interface and coupling is consistent, if consistent, then the transmission interface that the message response end is corresponding from said first-class record is transmitted this message; If it is inconsistent; Then in the stream table, set up a correspondence relationship information that includes the five-tuple information of this message, said message originating end and said first interface; And the record of the correspondence relationship information of said message response end and said second interface is as the second stream record; Second interface that in the said second stream record, will form the bridge group with said first interface is as the corresponding transmission interface of message response end, from said this message of second interface forwarding.
A kind of apparatus for forwarding message that the embodiment of the invention provides comprises:
Confirm the unit, be used for confirming to receive first interface of message;
Extraction unit is used for extracting five-tuple information from the said message that receives;
Matching unit is used for the five-tuple information of the stream of said five-tuple information and stream table record is mated;
Comparing unit is used for when matching unit matees successfully, and whether the receiving interface that the message originating end is corresponding in the first-class record of more said first interface and coupling is consistent;
The unit created in the stream record; Be used for when the comparative result of said comparing unit when being inconsistent; In the stream table, create a correspondence relationship information that includes the five-tuple information of this message, said message originating end and said first interface; And the record of the correspondence relationship information of said message response end and said second interface is as the second stream record, and second interface that in the said second stream record, will form the bridge group with said first interface is as the corresponding transmission interface of message response end;
Retransmission unit is used for when the comparative result of said comparing unit is unanimity, and the transmission interface that the message response end is corresponding from said first-class record is transmitted this message; Perhaps when the comparative result of said comparing unit when being inconsistent, said second interface from the second stream record is transmitted this message.
A kind of network equipment that the embodiment of the invention provides includes above-mentioned apparatus for forwarding message.
The beneficial effect of the embodiment of the invention comprises:
The message forwarding method that the embodiment of the invention provides, device and the network equipment; Receiving under the situation of message from a docking port of forming the bridge group respectively with identical five-tuple information; When the five-tuple information matches of the stream record of having created in the five-tuple information of message and the stream table but receiving interface write down with this stream in the corresponding interface of message source when inconsistent; For this message is created the second stream record again; And second interface of forming the bridge group with first interface of record is transmitted from the second stream record that the back is set up; Avoided occurring in the prior art when first interface that the receives message receiving interface corresponding with message source during the stream of coupling writes down is inconsistent; Also the transmission interface according to message response end in the stream record of this coupling sends this message; Cause occurring transmitting the problem of going back from first interface again, thereby the fire compartment wall of having realized transparent mode is for the correct forwarding from two distinct interfaces messages that receive, that have identical five-tuple information of forming the bridge group from the message that first interface receives.
Description of drawings
The flow chart of the message forwarding method that Fig. 1 provides for the embodiment of the invention;
Fig. 2 connects sketch map for the network of the instantiation that the embodiment of the invention provides;
The structural representation of the apparatus for forwarding message that Fig. 3 provides for the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing, the embodiment of a kind of message forwarding method provided by the invention, device and the network equipment is carried out detailed explanation.
The message forwarding method that the embodiment of the invention provides, as shown in Figure 1, comprise the steps:
S101, confirm that fire compartment wall receives first interface of message;
S102, fire compartment wall extract five-tuple information from this message that receives.
S103, fire compartment wall mate the five-tuple information of the record of the stream in five-tuple information and the stream table; If mate successfully, execution in step S104 then; If coupling is unsuccessful, then execution in step S108;
S104, fire compartment wall further relatively in the first-class record of this fire compartment wall first interface of receiving this message and coupling the receiving interface of message originating end whether consistent, if unanimity, execution in step S105 then, as if inconsistent, execution in step S106 then;
S105, the message transmission interface that from first-class record, writes down are transmitted this message;
S106, in the stream table, set up the second stream record, second interface that in this second stream record, will form the bridge group with first interface is as the corresponding transmission interface of message response end; Carry out S107 then;
S107, transmit this message from second interface.
S108, the method for creating the stream record according to the fire compartment wall of existing transparent mode are created a new stream record.
Among the above-mentioned steps S101, fire compartment wall extracts five-tuple information from the message that receives method is identical with prior art, promptly extracts five information of source IP address, purpose IP address, source port, destination interface and the protocol type of message.
Among the above-mentioned steps S103, each the bar stream record in the stream table of its storage of fire compartment wall traversal is with the five-tuple information of the message that receives; Compare with the five-tuple information of each bar stream record in the stream table; If exist the five-tuple information in certain bar stream record consistent, then think and mate successfully, if the five-tuple information of the message that receives with the five-tuple information that extracts; All inequality with the five-tuple information in each bar stream record in the stream table, think that then coupling is unsuccessful.
In embodiments of the present invention, be, when the success of five-tuple information matches, also need carry out above-mentioned steps S104 with the mode of operation difference of the fire compartment wall of transparent mode in the prior art.
Among the above-mentioned steps S104; According to each stream record in the existing stream table; Except writing down the five-tuple information of this message; Also comprised in this fire compartment wall with the corresponding relation of this message originating end and receiving interface (or being weighed into interface) and with the corresponding relation of this message response end and transmission interface (or weighing up interface); Only at the interface of the current actual reception message of fire compartment wall, when consistent with the corresponding receiving interface of the message originating end of record in that stream record that five-tuple in the stream table matches, thinking just that complete and this stream of this message writes down fully matees; Under the situation of mating fully, just allow the transmission interface of message message response end of record from this stream record to send.
All can't mate in five-tuple information with the stream record in the stream table; Perhaps the stream record in five-tuple and stream are shown matees successfully; The receiving interface that the message originating end was corresponding during but the interface of this this message of fire compartment wall actual reception write down with the stream that matches is inconsistent, thinks that also this message can't mate with the stream record in the stream table fully, need be with this message as the literary composition of reporting for the first time; Set up the i.e. second stream record of a new stream record; In this stream record, not only comprise five-tuple information, also include the correspondence relationship information of the message source and first interface and the correspondence relationship information of the message response end and second interface; First interface and second interface are the pair of bridge group interfaces of this fire compartment wall, are just to match in advance to accomplish.
Among the above-mentioned steps S106; In the stream table, set up the second stream record; Promptly in the stream table, create a new five-tuple information that includes this message, be the correspondence relationship information of the message originating end and first interface as the receiving interface of message originating end first interface; And second interface that will form the bridge group with first interface is the record of the correspondence relationship information of message response end and second interface as the transmission interface of message response end, and this new record flows record as second.
When above-mentioned steps S106 and S108 create the stream record, preferably, use the form of data link table to create the stream record.
In order to be illustrated more clearly in the message forwarding method that the embodiment of the invention provides, the instantiation with the DHCP message forwarding mentioned in the background technology is elaborated to the message forwarding method that the embodiment of the invention provides below.
As shown in Figure 2, the fire compartment wall of transparent mode connects subnet A and subnet B, and subnet A is connected on the interface A of fire compartment wall, and subnet B is connected on the interface B of fire compartment wall, has only a Dynamic Host Configuration Protocol server to be placed among the subnet A in the network.Certainly, this fire compartment wall has not merely connected this to subnet, and it also might be connected with other paired subnets, and the embodiment of the invention only describes with a pair of subnet wherein.
Host PC _ the A1 that is positioned at subnet A sends the broadcasting packet that DHCP is found (DHCP Discover) to Dynamic Host Configuration Protocol server after startup; The five-tuple information of this broadcasting packet is: source IP address is that 0.0.0.0, purpose IP address are that 255.255.255.255, source port are 68, destination interface is 67, protocol type is a udp protocol; After fire compartment wall receives this broadcasting packet; The stream table of traversal storage finds to have no the five-tuple information of existing stream record to match, and fire compartment wall is with message headed by this broadcasting packet; Create a stream record (below be called first-class record); In this first-class record,, also write down the correspondence relationship information of originating end (IP address 0.0.0.0) Yu the interface A of this broadcasting packet except writing down the five-tuple information of this broadcasting packet; And the correspondence relationship information of responder of this broadcasting packet (the IP address is 255.255.255.255) and interface B, then this broadcasting packet is sent from interface B.
If after the process that the DHCP discover broadcasting packet of fire compartment wall completion host PC _ A1 is transmitted; A host PC _ A2 who occurs once more among the subnet A sends DHCP Discover broadcasting packet to this Dynamic Host Configuration Protocol server; The technique scheme that provides according to the embodiment of the invention because the content of each DHCP Discover broadcasting packet all is the same, is extracted five-tuple information in the broadcasting packet of host PC _ A2 transmission; Can be complementary with the existing first-class record of stream table storage; And,, consistent with the receiving interface that the message originating end that writes down in this first-class record is corresponding to be this DHCP discover broadcasting packet that receives from interface A owing to fire compartment wall is actual; Therefore, can transmit this DHCP discover broadcasting packet by corresponding interface B through this message response end of this first-class record record.
If after the process that the DHCP discover broadcasting packet of fire compartment wall completion host PC _ A1 is transmitted; A host PC _ B1 who occurs once more among the subnet B sends DHCP Discover broadcasting packet to this Dynamic Host Configuration Protocol server; The technique scheme that provides according to the embodiment of the invention; Because the content of each DHCP Discover broadcasting packet all is the same, five-tuple information in the broadcasting packet that the extraction host PC _ A2 sends can be complementary with the existing first-class record of stream table storage; But; With the interface B of this broadcasting packet of fire compartment wall actual reception, when the interface A corresponding with the message source that writes down in the first-class record compared, it was inconsistent to find both; Then with message headed by this broadcasting packet; In the stream table, create a new stream record (below be called the second stream record) again, this second stream record except the five-tuple information that writes down this broadcasting packet promptly: source IP address is that 0.0.0.0, purpose IP address are that 255.255.255.255, source port are 68, destination interface is 67, protocol type is the udp protocol, has also write down the message originating end (the IP address is 0.0.0.0) of this broadcasting packet and the corresponding relation of interface B; And write down the message response end (the IP address is 255.255.255.255) of this broadcasting packet and the corresponding relation of interface A; According to the second stream record, this broadcasting packet is forwarded from interface A, thereby realized the correct forwarding of message then.
After having created the second stream record; If a host PC _ B2 among the subnet B sends DHCP Discover broadcasting packet to this Dynamic Host Configuration Protocol server, and is similar with the situation of host PC _ A2, extract the five-tuple information of this broadcasting packet; All mate with the first-class record and the second stream record; But the interface that receives this broadcasting packet is that the interface B that the message originating end is corresponding in the interface B and the second stream record is consistent, therefore, and according to this broadcasting packet of interface A forwarding of the message response end correspondence of record in the second stream record; Thereby arrived the Dynamic Host Configuration Protocol server among the subnet A, realized the correct forwarding of broadcasting packet.
Based on same inventive concept; The embodiment of the invention also provides a kind of apparatus for forwarding message and the network equipment; Because the principle that this device and equipment are dealt with problems is similar with aforementioned a kind of message forwarding method; Therefore the enforcement of this device and fire compartment wall can repeat part and not give unnecessary details referring to the enforcement of method.
A kind of apparatus for forwarding message that the embodiment of the invention provides, as shown in Figure 3, comprising:
Determining unit 302 is used for extracting five-tuple information from this message that receives;
Comparing unit 304 is used for when matching unit matees successfully, and whether the receiving interface that relatively the message originating end is corresponding in the first-class record of first interface and coupling is consistent;
Stream record creating unit 305 is used in the stream table, creating the second stream record when the comparative result of comparing unit 304 when being inconsistent, in the second stream record will with second interface of first interface composition bridge group as the corresponding transmission interface of message response end;
Further, unit 305 created in the stream record in the apparatus for forwarding message that the embodiment of the invention provides, and also is used for when matching unit 303 couplings are unsuccessful, this message as the literary composition of reporting for the first time, being set up a new stream record in the stream table.
The embodiment of the invention also provides a kind of network equipment, and this network equipment comprises above-mentioned apparatus for forwarding message, can realize that receiving interface is different but has the correct forwarding of the message of identical five-tuple information.
Preferably, the above-mentioned network equipment that provides of the embodiment of the invention is a fire compartment wall.
The message forwarding method that the embodiment of the invention provides, device and the network equipment; Receiving under the situation of message from a docking port of forming the bridge group respectively with identical five-tuple information; When the five-tuple information matches of the stream record of having created in the five-tuple information of message and the stream table but receiving interface write down with this stream in the corresponding interface of message source when inconsistent; For this message is created the second stream record again; And second interface of forming the bridge group with first interface of record is transmitted from the second stream record that the back is set up; Avoided occurring in the prior art when first interface that the receives message receiving interface corresponding with message source during the stream of coupling writes down is inconsistent; Also the transmission interface according to message response end in the stream record of this coupling sends this message; Cause occurring transmitting the problem of going back from first interface again, thereby the fire compartment wall of having realized transparent mode is for the correct forwarding from two distinct interfaces messages that receive, that have identical five-tuple information of forming the bridge group from the message that first interface receives.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.
Claims (6)
1. a message forwarding method is characterized in that, comprising:
Confirm to receive first interface of message;
From the said message that receives, extract five-tuple information;
The five-tuple information of the record of the stream in said five-tuple information and the stream table is mated; If the match is successful, whether the receiving interface that the message originating end is corresponding in the first-class record of more said first interface and coupling is consistent, if consistent, then the transmission interface that the message response end is corresponding from said first-class record is transmitted this message; If it is inconsistent; Then in the stream table, create a correspondence relationship information that includes the five-tuple information of this message, said message originating end and said first interface; And the record of the correspondence relationship information of the said message response end and second interface is as the second stream record; Second interface that in the said second stream record, will form the bridge group with said first interface is as the corresponding transmission interface of message response end, from said this message of second interface forwarding.
2. the method for claim 1 is characterized in that, if coupling is unsuccessful, then with said message as the literary composition of reporting for the first time, new stream record of establishment in the stream table.
3. the method for claim 1 is characterized in that, uses the form of data link table to create the second stream record.
4. an apparatus for forwarding message is characterized in that, comprising:
Confirm the unit, be used for confirming to receive first interface of message;
Extraction unit is used for extracting five-tuple information from the said message that receives;
Matching unit is used for the five-tuple information of the stream of said five-tuple information and stream table record is mated;
Comparing unit is used for when matching unit matees successfully, and whether the receiving interface that the message originating end is corresponding in the first-class record of more said first interface and coupling is consistent;
The unit created in the stream record; Be used for when the comparative result of said comparing unit when being inconsistent; In the stream table, create a correspondence relationship information that includes the five-tuple information of this message, said message originating end and said first interface; And the record of the correspondence relationship information of the said message response end and second interface is as the second stream record, and second interface that in the said second stream record, will form the bridge group with said first interface is as the corresponding transmission interface of message response end;
Retransmission unit is used for when the comparative result of said comparing unit is unanimity, and the transmission interface that the message response end is corresponding from said first-class record is transmitted this message; Perhaps when the comparative result of said comparing unit when being inconsistent, said second interface from the second stream record is transmitted this message.
5. device as claimed in claim 4 is characterized in that, the unit created in said stream record, also is used for when said matching unit coupling is unsuccessful, said message as the literary composition of reporting for the first time, being set up a new stream record in the stream table.
6. a network equipment is characterized in that, comprises like the described apparatus for forwarding message of the arbitrary claim of claim 4~5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101366163A CN101834783B (en) | 2010-03-29 | 2010-03-29 | Method and device for forwarding messages and network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010101366163A CN101834783B (en) | 2010-03-29 | 2010-03-29 | Method and device for forwarding messages and network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101834783A CN101834783A (en) | 2010-09-15 |
| CN101834783B true CN101834783B (en) | 2012-01-25 |
Family
ID=42718715
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010101366163A Active CN101834783B (en) | 2010-03-29 | 2010-03-29 | Method and device for forwarding messages and network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101834783B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102301663B (en) * | 2011-07-06 | 2013-11-06 | 华为技术有限公司 | Message processing method and associated devices |
| EP3016322B1 (en) | 2013-07-23 | 2019-01-16 | Huawei Technologies Co., Ltd. | Packet forwarding method and device |
| CN103607350B (en) * | 2013-12-10 | 2017-02-01 | 山东中创软件商用中间件股份有限公司 | Method and device for generating route |
| CN104168186B (en) * | 2014-07-01 | 2018-01-02 | 汉柏科技有限公司 | A kind of message forwarding method and system based on bridge |
| CN104994084A (en) * | 2015-06-23 | 2015-10-21 | 西安交大捷普网络科技有限公司 | Local agent method of WEB firewall |
| WO2017030268A1 (en) * | 2015-08-17 | 2017-02-23 | 엘지전자(주) | Method for transmitting and receiving packets in wireless communication system, and apparatus therefor |
| CN106254433B (en) * | 2016-07-28 | 2020-11-06 | 杭州迪普科技股份有限公司 | Method and device for establishing TCP communication connection |
| CN107483341B (en) * | 2017-08-29 | 2020-10-02 | 杭州迪普科技股份有限公司 | Method and device for rapidly forwarding firewall-crossing messages |
| CN107948076B (en) * | 2017-12-29 | 2021-08-24 | 杭州迪普科技股份有限公司 | Method and device for forwarding message |
| CN110809330B (en) * | 2019-12-16 | 2023-07-14 | 腾讯科技(深圳)有限公司 | Multi-terminal connection establishment method and device, storage medium and electronic device |
| CN112511438B (en) * | 2020-11-19 | 2022-12-13 | 锐捷网络股份有限公司 | Method and device for forwarding message by using flow table and computer equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1486030A (en) * | 2002-09-23 | 2004-03-31 | 华为技术有限公司 | Method of implementing bridge group multiplexing on WAN interface |
| CN1604539A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Firewall kernel security component integration method |
| US7299296B1 (en) * | 2002-09-18 | 2007-11-20 | Juniper Networks, Inc. | Filtering data flows based on associated forwarding tables |
-
2010
- 2010-03-29 CN CN2010101366163A patent/CN101834783B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7299296B1 (en) * | 2002-09-18 | 2007-11-20 | Juniper Networks, Inc. | Filtering data flows based on associated forwarding tables |
| CN1486030A (en) * | 2002-09-23 | 2004-03-31 | 华为技术有限公司 | Method of implementing bridge group multiplexing on WAN interface |
| CN1604539A (en) * | 2004-10-29 | 2005-04-06 | 江苏南大苏富特软件股份有限公司 | Firewall kernel security component integration method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101834783A (en) | 2010-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101834783B (en) | Method and device for forwarding messages and network equipment | |
| CN101207604B (en) | Virtual machine system and communication processing method thereof | |
| EP2206320B1 (en) | Method and apparatus for peer to peer link establishment over a network | |
| CN101707619B (en) | Message filtering method, device and network device | |
| US20060002391A1 (en) | Multicast packet relay device adapted for virtual router | |
| EP2866395B1 (en) | Maximum transmission unit negotiation method and data terminal | |
| US8739270B1 (en) | Trusted, cross domain information sharing between multiple legacy and IP based devices | |
| CN102546407B (en) | File transmitting method and device | |
| CN112437168B (en) | Intranet penetration system | |
| CN114553799B (en) | Multicast forwarding method, device, equipment and medium based on programmable data plane | |
| US6515994B1 (en) | Method of communication in a communications network and apparatus therefor | |
| CN101651626B (en) | Traffic-forwarding method and device | |
| JP2006074132A (en) | Multicast communication method and gateway device | |
| CN101184089A (en) | Port and content interweaved detection based protocol identifying method | |
| CN106131039A (en) | The processing method and processing device of SYN flood attack | |
| WO2011116614A1 (en) | Method, system and device for accessing network equipment | |
| CN101309154B (en) | Datagram sending method, sending apparatus and transmission system | |
| CN101827037A (en) | Multicast data stream sending method, device and two-layer switching equipment | |
| CN101510901B (en) | Communication method, communication apparatus and system between distributed equipment | |
| WO2013034037A1 (en) | Communication method, system and apparatus applied to fibre channel over ethernet scenario | |
| CN103067280A (en) | Method and device of message processing | |
| CN105991629A (en) | TCP (transmission control protocol) connection establishment method and device | |
| KR100654945B1 (en) | Method and system for communicating with each other between equipments which exist in other logical network and recording media of packet transformer for the same | |
| CN1134946C (en) | Message receiving and transmitting method capable of realizing route and bridge connection functions at same time | |
| TWI584617B (en) | Auxiliary data transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |