CN106559506A - ARP entry generation method and device - Google Patents
ARP entry generation method and device Download PDFInfo
- Publication number
- CN106559506A CN106559506A CN201510628667.0A CN201510628667A CN106559506A CN 106559506 A CN106559506 A CN 106559506A CN 201510628667 A CN201510628667 A CN 201510628667A CN 106559506 A CN106559506 A CN 106559506A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- arp
- address
- client
- arp entry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
Abstract
The invention provides a kind of arp entry generation method and device.Wherein, the method includes:DHCP REQUEST messages, and the IP address of the MAC Address and client request distribution of the client carried in parsing DHCP REQUEST messages are obtained, wherein, DHCP REQUEST messages are that client is sent to Dynamic Host Configuration Protocol server;Judge whether to receive dhcp server response in a DHCP ACK messages of DHCP REQUEST messages;In the case where determining and receiving a DHCP ACK messages, IP address of the MAC Address with client request distribution is write into ARP as arp entry.By the present invention, in solving the problems, such as correlation technique, arp entry reliability is low, improves the reliability of arp entry.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of arp entry generation method and device.
Background technology
DHCP (Dynamic Host Configuration Protocol, referred to as DHCP) is in guiding
The one kind for being optimized and extending and produce on the basis of procedural agreement (Bootstrap Protocol, referred to as BOOTP)
Network configuration protocol.With the expansion of network Development and scale, network complexity more and more higher, carry out network configuration and also get over
Come more complicated, the network equipment carries out the distribution of host address typically using DHCP protocol.
It is DHCP security features that DHCP monitors (DHCP Snooping) technology, by foundation and maintaining DHCP
Snooping binding tables filter fly-by-night DHCP information, and these information are referred to from the DHCP for distrusting region
Information.User media Access Control of the DHCP Snooping binding tables comprising distrust region (Media Access Control,
Referred to as MAC) it is address, Internet Protocol (Internet Protocol, referred to as IP) address, lease period, virtual
The information such as LAN identity (Virtual Local Area Network-Identity, referred to as VLAN-ID) interface.
Address resolution protocol (Address Resolution Protocol, referred to as ARP) is to obtain physics according to IP address
Address a transmission control protocol/Internet protocol (Transmission Control Protocol/Internet Protocol,
Referred to as TCP/IP).The ARP request comprising target ip address is broadcast to when main frame sends information all on network
Main frame, and return message is received, the physical address of target is determined with this;Receive the IP address and thing after return message
Certain hour is managed during address is stored in the machine arp cache and retained, arp cache is directly inquired about during request next time to save money
Source.
The present inventor has found that in research process each main frame is mutually believed during address resolution protocol is built upon network
On the basis of appointing, the main frame on network can independently send arp reply message, when other main frames receive response message
Will not detect that the verity of the message will be logged into the machine arp cache;Thus attacker just can be to a certain main frame
Send pseudo- arp reply message so as to which the information of transmission cannot reach expected main frame or reach the main frame of mistake, and this is just
Constitute an ARP deception.ARP is equally existed for three-layer network is closed, is led to after main frame obtains IP address
ARP protocol study is crossed to host A RP entries, due to dynamic learning to arp entry lack two priority classes, institute
ARP bars on the equipment of three-layer network pass are caused with the ARP request for being likely to occur the same IP of counterfeit main frame transmission in a network
Mesh is capped, and causes ARP table information errors or arp entry mutually to cover, and causes main frame online abnormal, matter of conversing
The defect and potential safety hazard of the various service quality such as amount decline.
For the low problem of arp entry reliability in correlation technique, effective solution is not yet proposed at present.
The content of the invention
The invention provides a kind of arp entry generation method and device, can at least to solve arp entry in correlation technique
By the low problem of property.
According to an aspect of the invention, there is provided a kind of arp entry generation method, including:Obtain DHCP
REQUEST messages, and MAC Address and the institute of the client carried in parsing the DHCP REQUEST messages
The IP address of client request distribution is stated, wherein, the DHCP REQUEST messages are the clients to DHCP
What server sent;Judge whether to receive the dhcp server response in the DHCP REQUEST messages
First DHCP ACK messages;In the case where determining and receiving the DHCP ACK messages, will be described
The IP address that MAC Address is distributed with the client request writes ARP as arp entry.
Alternatively, before the DHCP REQUEST messages are obtained, methods described also includes:Obtain DHCP
DISCOVER messages, and the MAC Address carried in parsing the DHCP DISCOVER messages, wherein,
The DHCP DISCOVER messages are that the client is sent to the Dynamic Host Configuration Protocol server;Obtain and carry
One or more DHCP OFFER message of MAC Address is stated, and parses one or more of DHCP
One or more IP address carried in OFFER messages, wherein, one or more of DHCP OFFER
Message is that the Dynamic Host Configuration Protocol server is sent to the client.
Alternatively, in the IP address for distributing the MAC Address and the client request as the arp entry
After writing the ARP, methods described also includes:According to dhcp address lease ageing time, to the ARP
Entry carries out aging.
Alternatively, in the IP address for distributing the MAC Address and the client request as the arp entry
After writing the ARP, methods described also includes:Acquisition carries the DHCP of the MAC Address
REQUEST re-rents message, wherein, it is the client to the DHCP that the DHCP REQUEST re-rent message
What server sent;Judge whether that receiving the dhcp server response re-rents report in the DHCP REQUEST
2nd DHCP ACK messages of text;In the case where determining and receiving the 2nd DHCP ACK messages, update
The ageing time of the arp entry.
Alternatively, in the IP address for distributing the MAC Address and the client request as the arp entry
After writing the ARP, methods described also includes:Acquisition carries the DHCP of the MAC Address
RELEASE messages;Delete the arp entry.
Alternatively, the priority of the arp entry is higher than the Dynamic ARP entry generated according to address resolution protocol.
Alternatively, in the IP address for distributing the MAC Address and the client request as the arp entry
After writing the ARP, methods described also includes:Receive the ARP study messages that the client sends;Sentence
The source MAC carried in the disconnected ARP study message and source IP address whether with record in the arp entry
The IP address that the MAC Address distributes with the client request is consistent;In the ARP study message is determined
The MAC Address recorded in the source MAC and source IP address of carrying and the arp entry and the client
In the case that the IP address of end request distribution is consistent, arp response message is sent to the client.
Alternatively, according to the dhcp address lease ageing time, the arp entry is carried out it is aging after,
Methods described also includes:Judge whether the arp entry is aging;Determining the aging feelings of the arp entry
Under condition, check whether the client is online;Check the client it is online in the case of, by the ARP bars
Nystagmus are changed to Dynamic ARP entry;Otherwise, delete the arp entry.
According to another aspect of the present invention, a kind of arp entry generating means are additionally provided, including:First processes mould
Block, for obtaining DHCP REQUEST messages, and the client carried in parsing the DHCP REQUEST messages
The MAC Address at end and the IP address of client request distribution, wherein, the DHCP REQUEST messages are
The client is sent to Dynamic Host Configuration Protocol server;First judge module, for judging whether to receive the DHCP
A DHCP ACK message of the server in response to the DHCP REQUEST messages;Writing module, for
Determine in the case of receiving the DHCP ACK messages, by the MAC Address and the client request
The IP address of distribution writes ARP as arp entry.
Alternatively, described device also includes:Ageing module, for according to dhcp address lease ageing time, to described
Arp entry carries out aging.
Alternatively, described device also includes:First acquisition module, for obtaining the DHCP for carrying the MAC Address
REQUEST re-rents message, wherein, it is the client to the DHCP that the DHCP REQUEST re-rent message
What server sent;Second judge module, for judging whether to receive the dhcp server response in the DHCP
REQUEST re-rents the 2nd DHCP ACK messages of message;Update module, for receiving described second determining
In the case of DHCP ACK messages, the ageing time of the arp entry is updated.
Alternatively, described device also includes:Second acquisition module, for obtaining the DHCP for carrying the MAC Address
RELEASE messages;Removing module, for deleting the arp entry.
Alternatively, described device also includes:Receiver module, for receiving the ARP study messages that the client sends;
3rd judge module, for the source MAC that judges to carry in ARP study message and source IP address whether with
The MAC Address recorded in the arp entry is consistent with the IP address that the client request is distributed;Send mould
Block, for determining source MAC and source IP address and the ARP bars that the ARP learns to carry in message
In the case that the MAC Address that records in mesh is consistent with the IP address that the client request is distributed, ARP is sent
Response message is to the client.
Alternatively, described device also includes:4th judge module, for judging whether the arp entry is aging;
Check module, for determine the arp entry it is aging in the case of, check whether the client online;
Second processing module, for check the client it is online in the case of, the arp entry is converted to into dynamic
Arp entry;Otherwise, delete the arp entry.
By the present invention, using acquisition DHCP REQUEST messages, and take in parsing DHCP REQUEST messages
The MAC Address of the client of band and the IP address of client request distribution, wherein, DHCP REQUEST messages are
Client is sent to Dynamic Host Configuration Protocol server;Judge whether to receive dhcp server response in DHCP REQUEST
First DHCP ACK messages of message;In the case where determining and receiving a DHCP ACK messages, by MAC
The IP address that address is distributed with client request writes the mode of ARP as arp entry, solves related skill
The low problem of arp entry reliability in art, improves the reliability of arp entry.
Description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, the present invention
Schematic description and description be used for explain the present invention, do not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of arp entry generation method according to embodiments of the present invention;
Fig. 2 is the structured flowchart of arp entry generating means according to embodiments of the present invention;
Fig. 3 is the preferred structure block diagram one of arp entry generating means according to embodiments of the present invention;
Fig. 4 is the preferred structure block diagram two of arp entry generating means according to embodiments of the present invention;
Fig. 5 is the preferred structure block diagram three of arp entry generating means according to embodiments of the present invention;
Fig. 6 is the preferred structure block diagram four of arp entry generating means according to embodiments of the present invention;
Fig. 7 is the preferred structure block diagram five of arp entry generating means according to embodiments of the present invention;
Fig. 8 is networking structure block diagram according to the preferred embodiment of the invention;
Fig. 9 is networking structure block diagram according to the preferred embodiment of the invention two;
Figure 10 is the sequential flow chart of arp entry generation method according to the preferred embodiment of the invention;
Figure 11 is the flow chart of ARP learnings method according to the preferred embodiment of the invention;
Figure 12 is the flow chart of arp entry aging method according to the preferred embodiment of the invention.
Specific embodiment
Below with reference to accompanying drawing and in conjunction with the embodiments describing the present invention in detail.It should be noted that in the feelings not conflicted
Under condition, the feature in embodiment and embodiment in the application can be mutually combined.
It should be noted that description and claims of this specification and the term " first " in above-mentioned accompanying drawing, " second "
Etc. being for distinguishing similar object, without for describing specific order or precedence.
A kind of arp entry generation method is provided in the present embodiment, and Fig. 1 is ARP bars according to embodiments of the present invention
The flow chart of mesh generation method, as shown in figure 1, the flow process comprises the steps:
Step S102, obtains DHCP REQUEST messages, and the visitor carried in parsing DHCP REQUEST messages
The MAC Address at family end and the IP address of client request distribution, wherein, DHCP REQUEST messages are clients
Send to Dynamic Host Configuration Protocol server;
Step S104, judges whether to receive dhcp server response in the first of DHCP REQUEST messages
DHCP ACK messages;
Step S106, in the case where determining and receiving a DHCP ACK messages, by MAC Address and client
The IP address of end request distribution writes ARP as arp entry.
By above-mentioned steps, in the case where a DHCP ACK messages are received, DHCP REQUEST are reported
The client mac address that carries in text and have been acknowledged that the IP address for distributing to client is write as arp entry
ARP, the arp entry for generating in this way, only in client to Dynamic Host Configuration Protocol server IP address requesting
Just arp entry can be updated during distribution, therefore there is no ARP caused by address resolution protocol learning ARP institutes
The low problem of entry reliability.It can be seen that, using above-mentioned steps, in solving correlation technique, arp entry reliability is low
Problem, improves the reliability of arp entry.
Alternatively, also include in arp entry:VLAN and interface message etc., VLAN and interface message are that client is sent out
The information of VLAN used and interface when sending DHCP message.
Alternatively, said method can apply to three-layer network and close equipment, wherein, it can be DHCP that above-mentioned three-layer network is closed
Relaying, or Dynamic Host Configuration Protocol server.
Alternatively, before above-mentioned steps S102, the client carried during DHCP DISCOVER messages can be obtained
MAC Address, as the Dynamic Host Configuration Protocol server for receiving DHCP DISCOVER messages all can be sent to client
DHCP OFFER messages, therefore one or more DHCP for carrying client mac address can be obtained
OFFER message methods, and one or more IP carried in parsing one or more DHCP OFFER message
Address.
Alternatively, the DHCP request report for carrying identical MAC Address that equipment is received is closed in order to ensure three-layer network
Text both is from identical interface or VLAN, after DHCP request message is intercepted and captured can carry out access information concordance
Check;For the DHCP DISCOVER messages and DHCP REQUEST that carry identical MAC Address that intercept
Message, if access information is inconsistent, not according to the two the DHCP DISCOVER messages and DHCP for intercepting
REQUEST messages generate arp entry.
Alternatively, dhcp address lease and arp entry can all have the control of ageing time, in order that dhcp address
The ageing process unification of lease and arp entry, it is to avoid conflict, after above-mentioned steps S106, can be according to DHCP
Address lease ageing time, is carried out to arp entry aging.
Alternatively, as arp entry can carry out aging according to dhcp address lease ageing time, client can be with
DHCP REQUEST are sent to Dynamic Host Configuration Protocol server and re-rents request, therefore, it can receiving Dynamic Host Configuration Protocol server sound
Should be in the case that DHCP REQUEST re-rent the 2nd DHCP ACK messages of message, re-renting according to client
Request, updates the ageing time of arp entry, for example, after above-mentioned steps S106, can also obtain and carry
The DHCP REQUEST of MAC Address re-rent message, wherein, DHCP REQUEST re-rent message be client to
What Dynamic Host Configuration Protocol server sent;Judge whether that receiving dhcp server response re-rents message in DHCP REQUEST
The 2nd DHCP ACK messages;In the case where determining and receiving the 2nd DHCP ACK messages, ARP is updated
The ageing time of entry.
Alternatively, client to Dynamic Host Configuration Protocol server send DHCP RELEASE messages in the case of, DHCP
Server can discharge the IP address for distributing to client, therefore, it can the MAC Address of client corresponding ARP
Entry is deleted, for example, after above-mentioned steps S106, can also obtain the DHCP RELEASE for carrying MAC Address
Message;Delete arp entry.
Alternatively, the priority of arp entry is higher than the Dynamic ARP entry generated according to address resolution protocol, wherein,
The priority of arp entry higher than the Dynamic ARP entry generated according to address resolution protocol can be expressed as arp entry without
The Dynamic ARP entry generated according to address resolution protocol by method is covered.
Alternatively, the ARP study messages of client transmission after above-mentioned steps S106, can be received, and according to visitor
The MAC Address at family end and IP address confirm the legitimacy of client, in the case where client is legal, send out to client
Arp response message is sent, in the case of client is illegal, not response for example, can receive client transmission
ARP study message;Judge in ARP study messages the source MAC that carries and source IP address whether with ARP
The IP address that the MAC Address recorded in entry distributes with client request is consistent;In ARP study messages are determined
What the MAC Address and client request recorded in the source MAC and source IP address and arp entry of carrying distributed
In the case that IP address is consistent, arp response message is sent to client.
Alternatively, due to arp entry can carry out according to dhcp address lease ageing time it is aging, can be to ARP
Whether entry aging to be judged, determine arp entry it is aging in the case of, whether can be existed according to client
Line is processed to aging arp entry, for example, according to dhcp address lease ageing time, to arp entry
Carry out it is aging after, can be by judging whether arp entry aging;Determining the aging situation of arp entry
Under, check whether client is online;Check client it is online in the case of, arp entry is converted to into Dynamic ARP
Entry;Otherwise, delete arp entry.
Through the above description of the embodiments, those skilled in the art is can be understood that according to above-described embodiment
Method can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but a lot
In the case of the former be more preferably embodiment.Based on such understanding, technical scheme is substantially in other words to existing
There is the part that technology contributes embody in the form of software product, the computer software product is stored in one
In storage medium (such as ROM/RAM, magnetic disc, CD), use so that a station terminal equipment (can including some instructions
Being mobile phone, computer, server, or network equipment etc.) perform method described in each embodiment of the invention.
Additionally provide a kind of arp entry generating means in the present embodiment, the device is used to realizing above-described embodiment and excellent
Embodiment is selected, repeating no more for explanation had been carried out.As used below, term " module " can be realized pre-
Determine the combination of the software and/or hardware of function.Although the device described by following examples is preferably with software realizing,
But hardware, or the realization of the combination of software and hardware is also may and to be contemplated.
Fig. 2 is the structured flowchart of arp entry generating means according to embodiments of the present invention, as shown in Fig. 2 the device
Including:First processing module 22, the first judge module 24 and writing module 26, wherein, first processing module 22 is used
In obtaining DHCP REQUEST messages, and the MAC of the client carried in parsing DHCP REQUEST messages
Address and the IP address of client request distribution, wherein, DHCP REQUEST messages are clients to DHCP service
What device sent;First judge module 24, coupled to first processing module 22, for judging whether to receive DHCP clothes
A DHCP ACK message of the business device in response to DHCP REQUEST messages;Writing module 26, coupled to first
Judge module 24, in the case where determining and receiving a DHCP ACK messages, by MAC Address and visitor
The IP address of family end request distribution writes ARP as arp entry.
Alternatively, the device can also include:3rd processing module, for obtaining DHCP DISCOVER messages,
And the MAC Address carried in parsing DHCP DISCOVER messages, wherein, DHCP DISCOVER messages are
Client is sent to Dynamic Host Configuration Protocol server;Fourth processing module, coupled to the 3rd processing module and first processing module
Between 22, for obtaining one or more DHCP OFFER message for carrying MAC Address, and one is parsed
Or one or more IP address carried in multiple DHCP OFFER messages, wherein, one or more DHCP
OFFER messages are that Dynamic Host Configuration Protocol server is sent to client.
Fig. 3 is the preferred structure block diagram one of arp entry generating means according to embodiments of the present invention, as shown in figure 3,
Preferably, the device also includes:Ageing module 32, coupled to writing module 26, for according to dhcp address lease
Ageing time, is carried out to arp entry aging.
Fig. 4 is the preferred structure block diagram two of arp entry generating means according to embodiments of the present invention, as shown in figure 4,
Preferably, the device also includes:First acquisition module 42, the second judge module 44 and update module 46, wherein, the
One acquisition module 42, coupled to ageing module 32, continues for obtaining the DHCP REQUEST for carrying MAC Address
Message is rented, wherein, it is that client is sent to Dynamic Host Configuration Protocol server that DHCP REQUEST re-rent message;Second judges
Module 44, coupled to the first acquisition module 42, for judging whether to receive dhcp server response in DHCP
REQUEST re-rents the 2nd DHCP ACK messages of message;Update module 46, coupled to the second judge module 44,
For in the case where determining and receiving the 2nd DHCP ACK messages, updating the ageing time of arp entry.
Fig. 5 is the preferred structure block diagram three of arp entry generating means according to embodiments of the present invention, as shown in figure 5,
Preferably, the device also includes:Second acquisition module 52 and removing module 54, wherein, the second acquisition module 52, coupling
Writing module 26 is bonded to, for obtaining the DHCP RELEASE messages for carrying MAC Address;Removing module 54,
Coupled to the second acquisition module 52, for deleting arp entry.
Alternatively, the priority of arp entry is higher than the Dynamic ARP entry generated according to address resolution protocol.
Fig. 6 is the preferred structure block diagram four of arp entry generating means according to embodiments of the present invention, as shown in fig. 6,
Preferably, the device also includes:Receiver module 62, the 3rd judge module 64 and sending module 66, wherein, receive mould
Block 62, coupled to writing module 26, for receiving the ARP study messages of client transmission;3rd judge module 64,
Coupled to receiver module 62, for the source MAC that judges to carry in ARP study messages and source IP address whether with
The IP address that the MAC Address recorded in arp entry distributes with client request is consistent;Sending module 66, is coupled to
3rd judge module 64, for the source MAC that carries in ARP study messages are determined and source IP address with
In the case that the MAC Address recorded in arp entry is consistent with the IP address that client request is distributed, sends ARP and ring
Message is answered to client.
Fig. 7 is the preferred structure block diagram five of arp entry generating means according to embodiments of the present invention, as shown in fig. 7,
Preferably, the device also includes:4th judge module 72, inspection module 74 and Second processing module 76, wherein, the
Four judge modules 72, coupled to ageing module 32, for judging whether arp entry is aging;Check module 74, coupling
Be bonded to the 4th judge module 72, for determine arp entry it is aging in the case of, check client it is whether online;
Second processing module 76, coupled to check module 74, for check client it is online in the case of, by ARP bars
Nystagmus are changed to Dynamic ARP entry;Otherwise, delete arp entry.
It should be noted that above-mentioned modules can be by software or hardware to realize, for the latter, Ke Yitong
Cross in the following manner realization, but not limited to this:Above-mentioned module is respectively positioned in same processor;Or, above-mentioned module distinguishes position
In multiple processors.
Embodiments of the invention additionally provide a kind of software, and the software is used to perform in above-described embodiment and preferred implementation
The technical scheme of description.
Alternatively, storage medium is also configured to store the program code for being used to performing following steps:
S200, obtains DHCP REQUEST messages, and the client carried in parsing DHCP REQUEST messages
MAC Address and client request distribution IP address, wherein, DHCP REQUEST messages be client to
What Dynamic Host Configuration Protocol server sent;
S400, judges whether to receive dhcp server response in a DHCP of DHCP REQUEST messages
ACK messages;
S600, in the case where determining and receiving a DHCP ACK messages, please with client by MAC Address
The IP address of distribution is asked to write ARP as arp entry.
Alternatively, storage medium is also configured to store the program code for being used to performing following steps:
S120, obtains DHCP DISCOVER messages, and the MAC carried in parsing DHCP DISCOVER messages
Address, wherein, DHCP DISCOVER messages are that client is sent to Dynamic Host Configuration Protocol server;
S140, acquisition carry one or more DHCP OFFER message of MAC Address, and parse one or
One or more IP address carried in the multiple DHCP OFFER messages of person, wherein, one or more DHCP
OFFER messages are that Dynamic Host Configuration Protocol server is sent to client.
Alternatively, storage medium is also configured to store the program code for being used to performing following steps:
S700, according to dhcp address lease ageing time, is carried out to arp entry aging.
Alternatively, storage medium is also configured to store the program code for being used to performing following steps:
S720, acquisition carry the DHCP REQUEST of MAC Address and re-rent message, wherein, DHCP REQUEST
It is that client is sent to Dynamic Host Configuration Protocol server to re-rent message;
S722, judges whether to receive second that message is re-rented in dhcp server response in DHCP REQUEST
DHCP ACK messages;
S724, in the case where determining and receiving the 2nd DHCP ACK messages, updates the ageing time of arp entry.
Alternatively, storage medium is also configured to store the program code for being used to performing following steps:
S800, acquisition carry the DHCP RELEASE messages of MAC Address;
S802, deletes arp entry.
Alternatively, storage medium is also configured to store the program code for being used to performing following steps:
S620, the priority of arp entry is higher than the Dynamic ARP entry generated according to address resolution protocol.
Alternatively, storage medium is also configured to store the program code for being used to performing following steps:
S900, receives the ARP study messages that client sends;
S902, judge in ARP study messages the source MAC that carries and source IP address whether with remember in arp entry
The IP address that the MAC Address of record distributes with client request is consistent;
Remember in S904, the source MAC carried in ARP study messages are determined and source IP address and arp entry
In the case that the MAC Address of record is consistent with the IP address that client request is distributed, arp response message is sent to client
End.
Embodiments of the invention additionally provide a kind of storage medium.In the present embodiment, above-mentioned storage medium can be set
It is used for performing the program code of following steps for storage:
S740, judges whether arp entry is aging;
S742, determine arp entry it is aging in the case of, check client it is whether online;
S744, check client it is online in the case of, arp entry is converted to into Dynamic ARP entry;Otherwise,
Delete arp entry.
Alternatively, in the present embodiment, above-mentioned storage medium can be including but not limited to:USB flash disk, read only memory
(Read-Only Memory are referred to as ROM), random access memory (Random Access Memory, referred to as
For RAM), portable hard drive, magnetic disc or CD etc. are various can be with the medium of store program codes.
In order that the description of the embodiment of the present invention is clearer, it is described with reference to preferred embodiment and illustrates.
The preferred embodiment of the present invention provides a kind of generation method of arp entry on the equipment of three-layer network pass, by monitoring
With intercepting DHCP message, the information such as IP, MAC needed for arp entry is extracted, when main frame obtains IP address, three
Layer gateway device is added to arp entry in ARP table, and the arp entry is old according to the address lease that DHCP distributes
Change, the renewal of arp entry ageing time can be carried out, the priority of the arp entry is excellent more than Dynamic ARP entry
First level, it is impossible to covered by dynamic arp entry, so as to ensure that the legitimacy of arp entry, improves safety,
Equipment is reduced for the burden that DynamicHost ARP learns.
Below in conjunction with the accompanying drawings the preferred embodiment of the present invention is illustrated.
Fig. 8 is networking structure block diagram one according to the preferred embodiment of the invention, as shown in figure 8, three-layer network is closed can be
DHCP relay (DHCP Relay).
Fig. 9 is networking structure block diagram two according to the preferred embodiment of the invention, as shown in figure 9, three-layer network close can also be with
Dynamic Host Configuration Protocol server (DHCP Server) is deployed on same equipment.
Figure 10 is the sequential flow chart of arp entry generation method according to the preferred embodiment of the invention, as shown in Figure 10,
The flow process comprises the steps:
Step S1002, main frame (equivalent to above-mentioned client) send DHCP to Dynamic Host Configuration Protocol server by DHCP protocol
DISCOVER messages, monitor or intercept and capture the conjunction that DHCP DISCOVER messages extract main frame on the equipment of three-layer network pass
Method access information and MAC information;
Step S1004, Dynamic Host Configuration Protocol server receive DHCP DISCOVER messages and carry out protocol processes to host response
DHCP OFFER messages, monitor or intercept and capture DHCP OFFER messages on the equipment of three-layer network pass and extract MAC information
Carry out matching the list item for finding the generation of step S1002, while extracting IP address information write list item;
Step S1006, main frame receive DHCP OFFER messages and carry out protocol processes to Dynamic Host Configuration Protocol server transmission
DHCP REQUEST messages, monitor or intercept and capture DHCP REQUEST messages on the equipment of three-layer network pass and extract MAC
Information carries out matching the list item for finding the generation of step S1002, carries out access information consistency check;
Step S1008, Dynamic Host Configuration Protocol server carry out protocol processes and return DHCP to main frame after receiving DHCP REQUEST
ACK messages, monitor on the equipment of three-layer network pass or intercepting and capturing DHCP ACK message extractions MAC information carries out matching and looks for
To the list item that step S1002 is generated, while carrying out consistency desired result to IP, legal IP and MAC information is write
ARP;
Step S1010, main frame send DHCP REQUEST to Dynamic Host Configuration Protocol server and re-rent message, close in three-layer network and set
Standby upper monitoring or intercepting and capturing DHCP REQUEST message extractions MAC information are carried out matching and find the generation of step S1002
List item, carries out access information consistency check;
Step S1012, Dynamic Host Configuration Protocol server are received after DHCP REQUEST re-rent message and carry out protocol processes to main frame
DHCP ACK messages are returned, DHCP ACK messages is monitored or intercepted and captured on the equipment of three-layer network pass and extracts MAC information
Carry out matching the list item for finding the generation of step S1002, while consistency desired result is carried out to IP, update arp entry aging
Time;
Step S1014, main frame send DHCP RELEASE messages to Dynamic Host Configuration Protocol server, on the equipment of three-layer network pass
Monitoring or intercept and capture DHCP RELEASE messages extraction MAC information carries out matching the list item for finding the generation of step S1002,
Access information consistency check is carried out, corresponding arp entry is deleted.
Figure 11 is the flow chart of ARP learnings method according to the preferred embodiment of the invention, as shown in figure 11, the flow process
Comprise the steps:
Step S1102, three-layer network close the ARP study messages that equipment receives user terminal;
Step S1104, is compared with arp entry added in ARP table according to IP and MAC;
Step S1106, it is legal, reply arp response;
Step S1108, does not conform to rule and not responds.
Figure 12 is the flow chart of arp entry aging method according to the preferred embodiment of the invention, as shown in figure 12, should
Flow process comprises the steps:
Step S1202, the arp entry added in ARP table are aging according to DHCP leases, and ageing time is arrived;
Step S1204, three-layer network close equipment triggering ARP study, check whether main frame is still online;
Arp entry, if main frame is still online, is changed into common Dynamic ARP entry by step S1206;
Step S1208, if main frame is not online, deletes arp entry.
In sum, by the above embodiment of the present invention and preferred embodiment, a kind of arp entry has been increased newly and has generated mould
Formula, compared with prior art, by DHCP message is monitored and intercepted on the equipment of three-layer network pass, extracts arp entry
Required IP, MAC, VLAN, interface message etc., when main frame obtains IP address, arp entry is added by three-layer equipment
Enter in ARP table, the arp entry is aging according to the address lease that DHCP distributes, arp entry can be carried out old
The renewal of change time, the priority of the arp entry are more than Dynamic ARP entry priority, it is impossible to by Dynamic ARP bar
Mesh is covered, and so as to ensure that the legitimacy of arp entry, being improve safety, being decreased equipment for DynamicHost
The burden of ARP study.
Obviously, those skilled in the art should be understood that each module or each step of the above-mentioned present invention can be with general
Realizing, they can concentrate on single computing device computing device, or be distributed in multiple computing devices and constituted
Network on, alternatively, they can be realized with the executable program code of computing device, it is thus possible to by they
Storage in the storage device by computing device performing, and in some cases, can be holding different from order herein
The shown or described step of row, or they are fabricated to each integrated circuit modules respectively, or will be many in them
Individual module or step are fabricated to single integrated circuit module to realize.So, the present invention is not restricted to any specific hardware
Combine with software.
The preferred embodiments of the present invention are the foregoing is only, the present invention is not limited to, for the technology of this area
For personnel, the present invention can have various modifications and variations.It is all within the spirit and principles in the present invention, made it is any
Modification, equivalent, improvement etc., should be included within the scope of the present invention.
Claims (14)
1. a kind of arp entry generation method, it is characterised in that include:
Acquisition DHCP REQUEST messages, and the client carried in parsing the DHCP REQUEST messages
MAC Address and the IP address of client request distribution, wherein, the DHCP REQUEST messages are institutes
State what client was sent to Dynamic Host Configuration Protocol server;
Judge whether to receive the dhcp server response in a DHCP of the DHCP REQUEST messages
ACK messages;
In the case where determining and receiving the DHCP ACK messages, by the MAC Address and the visitor
The IP address of family end request distribution writes ARP as arp entry.
2. method according to claim 1, it is characterised in that before the DHCP REQUEST messages are obtained,
Methods described also includes:
Obtain DHCP DISCOVER messages, and the MAC carried in parsing the DHCP DISCOVER messages
Address, wherein, the DHCP DISCOVER messages are that the client is sent to the Dynamic Host Configuration Protocol server;
Acquisition carries one or more DHCP OFFER message of the MAC Address, and parses one
Or one or more IP address carried in multiple DHCP OFFER messages, wherein, it is one or many
Individual DHCP OFFER messages are that the Dynamic Host Configuration Protocol server is sent to the client.
3. method according to claim 1, it is characterised in that by the MAC Address and the client request
After the IP address of distribution writes the ARP as the arp entry, methods described also includes:
According to dhcp address lease ageing time, the arp entry is carried out aging.
4. method according to claim 3, it is characterised in that by the MAC Address and the client request
After the IP address of distribution writes the ARP as the arp entry, methods described also includes:
Acquisition carries the DHCP REQUEST of the MAC Address and re-rents message, wherein, the DHCP
It is that the client is sent to the Dynamic Host Configuration Protocol server that REQUEST re-rents message;
Judge whether that receiving the dhcp server response re-rents the second of message in the DHCP REQUEST
DHCP ACK messages;
In the case where determining and receiving the 2nd DHCP ACK messages, the aging of the arp entry is updated
Time.
5. method according to claim 1, it is characterised in that by the MAC Address and the client request
After the IP address of distribution writes the ARP as the arp entry, methods described also includes:
Acquisition carries the DHCP RELEASE messages of the MAC Address;
Delete the arp entry.
6. method according to claim 1, it is characterised in that the priority of the arp entry is higher than solving according to address
The Dynamic ARP entry of analysis protocol generation.
7. method according to any one of claim 1 to 6, it is characterised in that by the MAC Address and institute
State client request distribution IP address write the ARP as the arp entry after, methods described
Also include:
Receive the ARP study messages that the client sends;
The source MAC carried in judging ARP study message and source IP address whether with the arp entry
The MAC Address of middle record is consistent with the IP address that the client request is distributed;
The source MAC carried in the ARP study message is determined and source IP address and the arp entry
In the case that the MAC Address of middle record is consistent with the IP address that the client request is distributed, ARP is sent
Response message is to the client.
8. method according to claim 3, it is characterised in that according to the dhcp address lease ageing time,
The arp entry is carried out it is aging after, methods described also includes:
Judge whether the arp entry is aging;
Determine the arp entry it is aging in the case of, check whether the client online;
Check the client it is online in the case of, the arp entry is converted to into Dynamic ARP entry;
Otherwise, delete the arp entry.
9. a kind of arp entry generating means, it is characterised in that include:
First processing module, for obtaining DHCP REQUEST messages, and parses the DHCP REQUEST reports
The MAC Address of the client carried in text and the IP address of client request distribution, wherein, the DHCP
REQUEST messages are that the client is sent to Dynamic Host Configuration Protocol server;
First judge module, for judging whether to receive the dhcp server response in the DHCP
First DHCP ACK messages of REQUEST messages;
Writing module, in the case where determining and receiving the DHCP ACK messages, will be described
The IP address that MAC Address is distributed with the client request writes ARP as arp entry.
10. device according to claim 9, it is characterised in that described device also includes:
Ageing module, for according to dhcp address lease ageing time, carrying out to the arp entry aging.
11. devices according to claim 10, it is characterised in that described device also includes:
First acquisition module, re-rents message for obtaining the DHCP REQUEST for carrying the MAC Address,
Wherein, it is that the client is sent to the Dynamic Host Configuration Protocol server that the DHCP REQUEST re-rent message;
Second judge module, for judging whether to receive the dhcp server response in the DHCP
REQUEST re-rents the 2nd DHCP ACK messages of message;
Update module, in the case where determining and receiving the 2nd DHCP ACK messages, updating described
The ageing time of arp entry.
12. devices according to claim 9, it is characterised in that described device also includes:
Second acquisition module, for obtaining the DHCP RELEASE messages for carrying the MAC Address;
Removing module, for deleting the arp entry.
13. devices according to any one of claim 9 to 12, it is characterised in that described device also includes:
Receiver module, for receiving the ARP study messages that the client sends;
3rd judge module, for the source MAC that judges to carry in ARP study message and source IP address
It is whether consistent with the IP address of the MAC Address and the client request distribution recorded in the arp entry;
Sending module, for determining source MAC and the source IP address that the ARP learns to carry in message
The feelings consistent with the IP address of the MAC Address and the client request distribution recorded in the arp entry
Under condition, arp response message is sent to the client.
14. devices according to claim 10, it is characterised in that described device also includes:
4th judge module, for judging whether the arp entry is aging;
Check module, for determine the arp entry it is aging in the case of, whether check the client
Online;
Second processing module, for check the client it is online in the case of, by the arp entry change
For Dynamic ARP entry;Otherwise, delete the arp entry.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510628667.0A CN106559506A (en) | 2015-09-28 | 2015-09-28 | ARP entry generation method and device |
PCT/CN2016/086454 WO2017054526A1 (en) | 2015-09-28 | 2016-06-20 | Arp entry generation method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510628667.0A CN106559506A (en) | 2015-09-28 | 2015-09-28 | ARP entry generation method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106559506A true CN106559506A (en) | 2017-04-05 |
Family
ID=58416703
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510628667.0A Pending CN106559506A (en) | 2015-09-28 | 2015-09-28 | ARP entry generation method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106559506A (en) |
WO (1) | WO2017054526A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107343057A (en) * | 2017-06-30 | 2017-11-10 | 中国航空工业集团公司雷华电子技术研究所 | A kind of C6678 Ethernet loading methods of IP address flexibility and changeability |
CN109462609A (en) * | 2018-12-24 | 2019-03-12 | 新华三技术有限公司 | A kind of ARP inhibits list item generation method and device |
CN110677508A (en) * | 2019-09-06 | 2020-01-10 | 四川天邑康和通信股份有限公司 | White box engineering IP network optimization |
CN111835735A (en) * | 2020-06-29 | 2020-10-27 | 新华三信息安全技术有限公司 | Anti-attack method, device, equipment and machine readable storage medium |
CN112261173A (en) * | 2020-10-20 | 2021-01-22 | 四川天邑康和通信股份有限公司 | DHCP server allocation address conflict detection method relating to convergence gateway |
CN113014693A (en) * | 2021-03-31 | 2021-06-22 | 贵州航天电子科技有限公司 | Multi-client temperature control combined server |
CN114124812A (en) * | 2021-11-22 | 2022-03-01 | 迈普通信技术股份有限公司 | Method and device for maintaining consistency of table items and electronic equipment |
CN115002067A (en) * | 2022-04-19 | 2022-09-02 | 深圳市共进电子股份有限公司 | Client host name processing method, device, system, equipment and medium |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110474814B (en) * | 2019-08-29 | 2022-06-21 | 广东电网有限责任公司广州供电局 | Power local area network fault diagnosis method and device |
CN111740901B (en) * | 2020-05-20 | 2022-09-02 | 北京华三通信技术有限公司 | Method and device for establishing BGP peer |
CN111835879B (en) * | 2020-06-18 | 2022-06-24 | 烽火通信科技股份有限公司 | Message processing method based on DHCP RELAY protocol and relay equipment |
CN112383559B (en) * | 2020-11-25 | 2023-04-25 | 杭州迪普信息技术有限公司 | Address resolution protocol attack protection method and device |
CN113630322B (en) * | 2021-08-02 | 2023-06-13 | 迈普通信技术股份有限公司 | Network cutting method, device, network equipment and computer readable storage medium |
CN113709129A (en) * | 2021-08-20 | 2021-11-26 | 绿盟科技集团股份有限公司 | White list generation method, device and system based on traffic learning |
CN114553761B (en) * | 2022-01-14 | 2024-02-09 | 新华三技术有限公司合肥分公司 | Exception handling method, device, network equipment and storage medium |
CN115065664B (en) * | 2022-06-17 | 2024-01-26 | 北京天融信网络安全技术有限公司 | Internet protocol address recycling method, electronic equipment and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060294257A1 (en) * | 2005-06-24 | 2006-12-28 | Olympus Corporation | IP address obtaining method |
US20070192500A1 (en) * | 2006-02-16 | 2007-08-16 | Infoexpress, Inc. | Network access control including dynamic policy enforcement point |
CN101175080A (en) * | 2007-07-26 | 2008-05-07 | 杭州华三通信技术有限公司 | Method and system for preventing ARP message attack |
CN101179566A (en) * | 2007-11-24 | 2008-05-14 | 华为技术有限公司 | Method and apparatus for preventing ARP packet attack |
CN101453495A (en) * | 2008-12-30 | 2009-06-10 | 杭州华三通信技术有限公司 | Method, system and equipment for preventing authentication address resolution protocol information loss |
US20120195198A1 (en) * | 2011-01-31 | 2012-08-02 | Joseph Regan | Method and apparatus providing protocol policing |
-
2015
- 2015-09-28 CN CN201510628667.0A patent/CN106559506A/en active Pending
-
2016
- 2016-06-20 WO PCT/CN2016/086454 patent/WO2017054526A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060294257A1 (en) * | 2005-06-24 | 2006-12-28 | Olympus Corporation | IP address obtaining method |
US20070192500A1 (en) * | 2006-02-16 | 2007-08-16 | Infoexpress, Inc. | Network access control including dynamic policy enforcement point |
CN101175080A (en) * | 2007-07-26 | 2008-05-07 | 杭州华三通信技术有限公司 | Method and system for preventing ARP message attack |
CN101179566A (en) * | 2007-11-24 | 2008-05-14 | 华为技术有限公司 | Method and apparatus for preventing ARP packet attack |
CN101453495A (en) * | 2008-12-30 | 2009-06-10 | 杭州华三通信技术有限公司 | Method, system and equipment for preventing authentication address resolution protocol information loss |
US20120195198A1 (en) * | 2011-01-31 | 2012-08-02 | Joseph Regan | Method and apparatus providing protocol policing |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107343057A (en) * | 2017-06-30 | 2017-11-10 | 中国航空工业集团公司雷华电子技术研究所 | A kind of C6678 Ethernet loading methods of IP address flexibility and changeability |
CN109462609A (en) * | 2018-12-24 | 2019-03-12 | 新华三技术有限公司 | A kind of ARP inhibits list item generation method and device |
CN110677508A (en) * | 2019-09-06 | 2020-01-10 | 四川天邑康和通信股份有限公司 | White box engineering IP network optimization |
CN111835735A (en) * | 2020-06-29 | 2020-10-27 | 新华三信息安全技术有限公司 | Anti-attack method, device, equipment and machine readable storage medium |
CN111835735B (en) * | 2020-06-29 | 2023-12-29 | 新华三信息安全技术有限公司 | Anti-attack method, device, equipment and machine-readable storage medium |
CN112261173A (en) * | 2020-10-20 | 2021-01-22 | 四川天邑康和通信股份有限公司 | DHCP server allocation address conflict detection method relating to convergence gateway |
CN113014693A (en) * | 2021-03-31 | 2021-06-22 | 贵州航天电子科技有限公司 | Multi-client temperature control combined server |
CN113014693B (en) * | 2021-03-31 | 2023-05-26 | 贵州航天电子科技有限公司 | Multi-client temperature control combined server |
CN114124812A (en) * | 2021-11-22 | 2022-03-01 | 迈普通信技术股份有限公司 | Method and device for maintaining consistency of table items and electronic equipment |
CN115002067A (en) * | 2022-04-19 | 2022-09-02 | 深圳市共进电子股份有限公司 | Client host name processing method, device, system, equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
WO2017054526A1 (en) | 2017-04-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106559506A (en) | ARP entry generation method and device | |
CN104410813B (en) | User account number and the binding method and device of monitoring device in video monitoring system | |
EP1749384B1 (en) | Systems and methods for tracking web activity | |
CN104283848B (en) | Terminal access method and device | |
CN102325202B (en) | Method and equipment for managing customer address table | |
CN111131544B (en) | Method for realizing NAT traversal | |
CN104660409B (en) | The method of system login and certificate server cluster under cluster environment | |
CN108055312A (en) | Method for routing and its device and computer installation and its readable storage medium storing program for executing | |
CN104363507B (en) | A kind of video and audio recording and sharing method and system based on OTT set-top box | |
KR101638315B1 (en) | System and method for providing advertisement based on web using wifi network | |
CN105141628B (en) | A kind of method and device for realizing push | |
WO2017050591A1 (en) | Equipment for offering domain name resolution services | |
CN104410546A (en) | Testing method and device of real-time processing system | |
CN106850865A (en) | The distribution method of MAC Address, apparatus and system | |
EP3016423A1 (en) | Network safety monitoring method and system | |
CN105592180A (en) | Portal authentication method and device | |
CN108418907A (en) | IP address distribution method and device | |
CN109936539B (en) | Account information transmission method | |
CN108123955A (en) | Management method, device, equipment and the machine readable storage medium of safe list item | |
CN102695171B (en) | Subscriber identity obtaining method, system and equipment thereof | |
CN107483480A (en) | A kind of processing method and processing device of address | |
CN106375489B (en) | Method and device for processing Media Access Control (MAC) address | |
CN108235083A (en) | TV log information acquisition methods and device | |
CN107707689A (en) | A kind of DHCP message processing method, Dynamic Host Configuration Protocol server and gateway device | |
CN107948682A (en) | Collocation method, service server and the terminal device of business domain name |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170405 |