CN109089263B - Message processing method and device - Google Patents

Message processing method and device Download PDF

Info

Publication number
CN109089263B
CN109089263B CN201810825140.0A CN201810825140A CN109089263B CN 109089263 B CN109089263 B CN 109089263B CN 201810825140 A CN201810825140 A CN 201810825140A CN 109089263 B CN109089263 B CN 109089263B
Authority
CN
China
Prior art keywords
savi
wireless terminal
address information
terminal
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810825140.0A
Other languages
Chinese (zh)
Other versions
CN109089263A (en
Inventor
李大鲲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201810825140.0A priority Critical patent/CN109089263B/en
Publication of CN109089263A publication Critical patent/CN109089263A/en
Application granted granted Critical
Publication of CN109089263B publication Critical patent/CN109089263B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W48/00Access restriction; Network selection; Access point selection
    • H04W48/16Discovering, processing access restriction or access information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The embodiment of the application provides a message processing method and device, relates to the technical field of wireless communication, and is used for solving the problem that a wireless terminal can not communicate through a newly accessed AP after roaming occurs. The message processing method comprises the following steps: the method comprises the steps that an AP receives a first data message sent by a first wireless terminal, then if an SAVI table entry matched with first address information carried by the first data message is not found in a locally created SAVI table entry, the AP sends the first address information to the AC, then receives an identification result aiming at the first address information sent by the AC, if the identification result is that the first wireless terminal is a legal terminal, an SAVI table entry corresponding to the first address information is created, and the first data message is forwarded; and if the identification result is that the first wireless terminal is an illegal terminal, discarding the first data message. According to the embodiment of the application, the wireless terminal can still communicate through the newly accessed AP after roaming occurs.

Description

Message processing method and device
Technical Field
The present application relates to the field of wireless communications technologies, and in particular, to a method and an apparatus for processing a packet.
Background
With the increasing widespread application of Wireless Local Area Network (WLAN) technology, security issues during WLAN communication are more and more emphasized, and Source Address validity verification (SAVI) technology is presented in order to prevent an illegal terminal from imitating an Internet Protocol (IP) Address of a legal terminal to access a Network.
The SAVI technology is a technology capable of verifying a source Address of a wireless terminal, and an Access Point (AP) may intercept an Address Resolution Protocol (ARP) message sent by the wireless terminal or a Dynamic Host Configuration Protocol (DHCP) message exchanged between the wireless terminal and a DHCP server, acquire an IP Address of the wireless terminal from the intercepted message, and generate a SAVI entry from the IP Address of the wireless terminal and a Media Access Control (MAC) Address. Furthermore, under the condition that the SAVI function is in an on state, if the AP receives a data packet from the wireless terminal, it may search for whether a SAVI entry matching the MAC address + the IP address carried in the data packet exists in the SAVI entries stored in the AP, if so, forward the data packet, and if not, may consider the wireless terminal sending the data packet as an illegal terminal, and may discard the data packet.
However, the wireless terminal has mobility, and when the wireless terminal moves between different APs, the access AP is switched, that is, the wireless terminal roams. After the wireless terminal roams, the wireless terminal needs to trigger the DHCP process again or resend the ARP message, so that the AP to which the wireless terminal newly accesses generates the SAVI entry for the wireless terminal, and the wireless terminal can communicate through the newly accessed AP. However, if the wireless terminal does not trigger the DHCP process and does not send the ARP packet after roaming occurs, or the AP to which the wireless terminal newly accesses does not obtain the DHCP packet or the ARP packet sent by the terminal due to a network reason, the AP to which the wireless terminal newly accesses cannot generate the SAVI entry for the wireless terminal, so that the wireless terminal cannot communicate through the newly accessed AP.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for processing a packet, so as to enable a wireless terminal to still communicate through a newly accessed AP after roaming occurs.
The specific technical scheme is as follows:
in a first aspect, an embodiment of the present application provides a method for processing a packet, where the method is applied to an access point AP, and the method includes:
receiving a first data message sent by a first wireless terminal;
if the SAVI table entry matched with the first address information carried by the first data message is not found in the SAVI table entry verified by the validity of the locally created source address, sending the first address information to an Access Controller (AC), wherein the first address information comprises a Media Access Control (MAC) address and an Internet Protocol (IP) address of the first wireless terminal, and each SAVI table entry in the locally created SAVI table entry is a combination of the IP address and the MAC address;
receiving an identification result sent by the AC and aiming at the first address information;
if the identification result is that the first wireless terminal is a legal terminal, creating an SAVI (secure SAVI) table entry corresponding to the first address information, and forwarding the first data message;
and if the identification result is that the first wireless terminal is an illegal terminal, discarding the first data message.
In one possible implementation, the method further includes:
and if the SAVI table entry matched with the first address information carried by the first data message is found in the locally created SAVI table entry, forwarding the first data message.
In a possible implementation manner, second address information of a second wireless terminal sent by the AC is received, where the second address information is sent to the AC when another AP that receives a second data packet sent by the second wireless terminal does not find an SAVI entry matching second address information carried in a second data packet in a locally created SAVI entry, and the AC determines that the second wireless terminal is a roaming terminal according to the second address information and sends the second address information to the AP;
judging whether an SAVI (address information indicator) table entry matched with the second address information is stored in the locally created SAVI table entry;
if so, informing the AC to send an identification result that the second wireless terminal is a legal terminal to the other AP, so that the other AP creates an SAVI table item corresponding to the second address information and forwards the second data message;
if not, the AC is informed to send the identification result that the second wireless terminal is an illegal terminal to the other AP, so that the other AP discards the second data message.
In a second aspect, an embodiment of the present application provides a message processing method, where the method is applied to an access controller AC, and the method includes:
receiving address information sent by a first Access Point (AP), wherein the address information is sent to the AC when the first AP does not find an SAVI (media access control) table entry matched with the address information carried by a data message in a local created SAVI table entry after receiving the data message sent by a wireless terminal, the address information comprises a Media Access Control (MAC) address and an Internet Protocol (IP) address of the wireless terminal, and each SAVI table entry in the local created SAVI table entry is a combination of the IP address and the MAC address;
judging whether the wireless terminal corresponding to the address information is a roaming terminal or not;
if not, sending an identification result that the wireless terminal is an illegal terminal to the first AP so that the first AP discards the data message;
if so, sending the address information to a second AP before the roaming of the wireless terminal;
receiving a matching result aiming at the address information sent by the second AP;
if the matching result is that the SAVI table entry matched with the address information is stored in the SAVI table entry locally created by the second AP, sending an identification result that the wireless terminal is a legal terminal to the first AP, so that the first AP creates the SAVI table entry corresponding to the address information and forwards the data message;
and if the matching result is that the SAVI table entry matched with the address information is not stored in the SAVI table entry locally created by the second AP, sending an identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data message.
In a possible implementation manner, the determining whether the wireless terminal corresponding to the address information is a roaming terminal includes:
judging whether the terminal stores the AP information of other APs accessed by the terminal corresponding to the address information before accessing the first AP;
if yes, determining that the wireless terminal is a roaming terminal;
if not, determining that the wireless terminal is not a roaming terminal.
In a third aspect, an embodiment of the present application provides a packet processing apparatus, where the apparatus is applied to an access point AP, and the apparatus includes:
the receiving module is used for receiving a first data message sent by a first wireless terminal;
a search module, configured to search, in a locally created source address validity verification SAVI table entry, a SAVI table entry that matches first address information carried in the first data packet, where the first address information includes a media access control MAC address and an internet protocol IP address of the first wireless terminal, and each locally created SAVI table entry is a combination of an IP address and an MAC address;
a sending module, configured to send the first address information to an access controller AC if the search module does not find an SAVI entry matching the first address information in the first data packet in a locally created SAVI entry;
the receiving module is further configured to receive an identification result for the first address information sent by the AC;
a creating module, configured to create an SAVI entry corresponding to the first address information if the identification result received by the receiving module is that the first wireless terminal is a valid terminal;
the sending module is further configured to forward the first data packet if the identification result received by the receiving module is that the first wireless terminal is a legal terminal;
and the discarding module is used for discarding the first data message if the identification result received by the receiving module is that the first wireless terminal is an illegal terminal.
In a possible implementation manner, the sending module is further configured to forward the first data packet if the search module finds an SAVI entry matching the first address information carried in the first data packet in a locally created SAVI entry.
In a possible implementation manner, the apparatus further includes a judging module and a notifying module;
the receiving module is further configured to receive second address information of a second wireless terminal sent by the AC, where the second address information is sent to the AC when another AP that receives a second data packet sent by the second wireless terminal does not find an SAVI entry matching second address information carried in a second data packet in a locally created SAVI entry, and the AC determines, according to the second address information, that the second wireless terminal is a roaming terminal and sends the second address information to the AP;
the judging module is used for judging whether an SAVI table item matched with the second address information is stored in the locally created SAVI table item;
the notifying module is configured to notify the AC to send an identification result that the second wireless terminal is a valid terminal to the another AP if the determination result of the determining module is yes, so that the another AP creates an SAVI entry corresponding to the second address information and forwards the second data packet; if the judgment result of the judgment module is negative, the AC is informed to send the identification result that the second wireless terminal is an illegal terminal to the other AP, so that the other AP discards the second data message.
In a fourth aspect, an embodiment of the present application provides a packet processing apparatus, where the apparatus is applied to an access controller AC, and the apparatus includes:
a receiving module, configured to receive address information sent by a first access point AP, where the address information is sent to an AC when the first AP does not find an SAVI entry matching the address information carried in a data packet in a locally created source address validation SAVI entry after receiving the data packet sent by a wireless terminal, the address information includes a media access control MAC address and an internet protocol IP address of the wireless terminal, and each SAVI entry in the locally created SAVI entry is a combination of an IP address and an MAC address;
a judging module, configured to judge whether the wireless terminal corresponding to the address information received by the receiving module is a roaming terminal;
a sending module, configured to send, if the determination result of the determining module is negative, an identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data packet; if the judgment result of the judgment module is yes, the address information is sent to a second AP before the wireless terminal roams;
the receiving module is further configured to receive a matching result for the address information sent by the second AP;
the sending module is further configured to send, to the first AP, an identification result that the wireless terminal is a valid terminal if the matching result is that an SAVI entry matching the address information is stored in an SAVI entry locally created by the second AP, so that the first AP creates an SAVI entry corresponding to the address information and forwards the data packet; and if the matching result is that the SAVI table entry matched with the address information is not stored in the SAVI table entry locally created by the second AP, sending an identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data message.
In a possible implementation manner, the determining module is further configured to determine whether the determining module stores AP information that a wireless terminal corresponding to the address information accesses to other APs before accessing to the first AP; if yes, determining that the wireless terminal is a roaming terminal; if not, determining that the wireless terminal is not a roaming terminal.
In a fifth aspect, an embodiment of the present application provides an access point AP, including: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the message processing method in the first aspect is implemented.
In a sixth aspect, embodiments of the present application provide a controller AC, the AC comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the message processing method in the second aspect is implemented.
In a seventh aspect, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the message processing method in the first aspect is implemented.
In an eighth aspect, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the message processing method in the second aspect is implemented.
In a ninth aspect, an embodiment of the present application further provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the message processing method described in the first aspect.
In a tenth aspect, an embodiment of the present application further provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the message processing method described in the second aspect.
According to the message processing method and device provided by the embodiment of the application, after the first AP receives the first data message of the first wireless terminal, under the condition that the SAVI item matched with the first address information carried in the first data message is not found in the locally created SAVI item, the first data message cannot be directly discarded, but the AC judges whether the first wireless terminal sending the first data message is a roaming terminal, if not, the first AP can discard the first data message, and the network safety can be ensured; if the wireless terminal is a roaming terminal, a second AP accessed before the first wireless terminal roams is matched with the SAVI table entry, if the matching fails, the first AP can discard the first data message in order to ensure the network security, if the matching succeeds, the first wireless terminal is a legal terminal, the first AP can forward the first data message for the first wireless terminal, and an SAVI table entry is created for the first wireless terminal, and the first wireless terminal can still access the network for communication.
Of course, not all advantages described above need to be achieved at the same time in the practice of any one product or method of the present application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a communication system according to an embodiment of the present application;
fig. 2 is a flowchart of a message processing method according to an embodiment of the present application;
fig. 3 is a flowchart of another message processing method according to an embodiment of the present application;
fig. 4 is a flowchart of another message processing method according to an embodiment of the present application;
fig. 5 is a flowchart of another message processing method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a message processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another message processing apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of another message processing apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an AP according to an embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of an AC according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The message processing method provided in the embodiment of the present application may be applied to a communication system, as shown in fig. 1, where the communication system includes an IP network, an Access Controller (AC), a DHCP server, an AP, and a wireless terminal.
Wherein the AC is used for centralized management of the wireless terminal.
The AP is configured to provide access service for the wireless terminal, and the AP may generate and store the SAVI entry for each accessed wireless terminal.
For a wireless terminal using an Internet Protocol Version 4 (Ipv 4) address, an AP may intercept an ARP packet sent by the wireless terminal or an DHCP (Dynamic Host Configuration Protocol Version 4, DHCPv4) packet exchanged between the terminal and a DHCP server, acquire an IP address of the terminal from the intercepted packet, and generate an SAVI entry from the IP address and the MAC address of the wireless terminal.
For a wireless terminal using an Internet Protocol Version 6 (Ipv 6) address, the AP may generate the SAVI entry in two ways:
first, a Dynamic Host Configuration Protocol Version 6(Dynamic Host Configuration Protocol Version 6, DHCPv6) mode: the AP may intercept a DHCPv6 message exchanged between the wireless terminal and the DHCPv6 server, acquire a complete Ipv6 address allocated by the DHCPv6 server for the wireless terminal from the DHCPv6 message, and generate an SAVI entry from the complete Ipv6 address and the MAC address of the wireless terminal. If the AP acquires the prefix of the Ipv6 address allocated to the wireless terminal by the DHCPv6 server from the DHCPv6 message, the AP cannot generate the SAVI entry by using the prefix of the Ipv6 address and the MAC address of the wireless terminal.
Second, Ipv6 Neighbor Discovery (ND) approach: the AP may monitor a Route Advertisement (RA) message, a Neighbor Solicitation (NS) message, or a Neighbor Advertisement (NA) message sent by the wireless terminal, acquire an Ipv6 address of the wireless terminal from the monitored message, and form an SAVI entry with the acquired Ipv6 address and an MAC address of the wireless terminal.
The DHCP server is used to assign an IP address to the wireless terminal.
The wireless terminal in the embodiment of the present application may also be referred to as a client or a Station (STA), and specifically may be a mobile phone, a tablet computer, a wearable device with a wireless communication function, and the like.
It should be noted that the number of each device in fig. 1 is merely an example, and in an actual communication system, the number of each device is not limited to the number shown in fig. 1.
With reference to the system shown in fig. 1, in order to solve the problem that a wireless terminal cannot communicate through a newly accessed AP after roaming occurs, an embodiment of the present application provides a message processing method, where after receiving a data message sent by the wireless terminal, the AP may search an SAVI entry matching address information carried in the data message in a locally created SAVI entry, if the address information is not found, the address information is sent to an AC, and then if the AC determines that a wireless terminal to which the address information belongs is not a roaming terminal, the AP is notified that the wireless terminal is an illegal terminal, and the AP discards the data message; if the AP determines that the wireless terminal to which the address information belongs is a roaming terminal, the address information is forwarded to a source AP accessed by the wireless terminal before roaming, the source AP judges whether an SAVI table item matched with the address information is stored in an SAVI table item established locally or not, if yes, the AP is informed of successful matching through the AC, then the AP forwards a data message, and if not, the AP is informed of failed matching through the AC, and then the AP discards the data message.
By adopting the method, although the AP can not find the SAVI table item matched with the address information of the wireless terminal in the SAVI table items established locally under the condition that the wireless terminal roams, the AP can send the address information carried by the data message to the AC, and further if the AC judges that the wireless terminal sending the data message is a roaming terminal, the source AP accessed by the wireless terminal can find the SAVI table item matched with the address information in the SAVI table items established locally, if the matching fails, the terminal is proved to be an illegal terminal, the AP discards the data message, the safety of the network is ensured, if the matching succeeds, the wireless terminal is proved to be a legal terminal, the AP can forward the data message for the wireless terminal, the wireless terminal can still be accessed into the network for communication, therefore, even if the wireless terminal roams, and the newly accessed AP does not store the SAVI table item of the wireless terminal, the wireless terminal can still perform network communication through the newly accessed AP.
The following describes in detail a message processing method provided in the embodiments of the present application with specific embodiments.
With reference to the communication system shown in fig. 1, an embodiment of the present application provides a message processing method, which is described in an AP perspective, and as shown in fig. 2, the method includes:
s201, receiving a first data message sent by a first wireless terminal.
The first data message includes first address information of the first wireless terminal, and the first address information at least includes an IP address and an MAC address of the first wireless terminal.
S202, if the SAVI table entry matched with the first address information carried by the first data message is found in the locally created SAVI table entry, the first data message is forwarded.
Each SAVI table entry in the locally created SAVI table entries is a combination of an IP address and an MAC address;
s203, if the SAVI table entry matched with the first address information carried by the first data message is not found in the locally created SAVI table entry, the first address information is sent to the AC.
And S204, receiving an identification result aiming at the first address information sent by the AC.
S205, if the identification result is that the first wireless terminal is a legal terminal, an SAVI table entry corresponding to the first address information is created, and the first data message is forwarded.
And S206, if the identification result is that the first wireless terminal is an illegal terminal, discarding the first data message.
By adopting the message processing method provided by the embodiment of the application, after receiving the first data message of the first wireless terminal, the AP does not directly discard the first data message but identifies the first address information by the AC under the condition that the locally created SAVI entry does not find the SAVI entry matching the first address information carried in the first data message, and then discards the first data message if the identification result received by the AP is that the first wireless terminal is an illegal terminal, thereby ensuring network security; if the identification result is that the first wireless terminal is a legal terminal, the AP may forward the first data packet to the first wireless terminal, that is, the first wireless terminal may still access the network for communication. Therefore, by adopting the method, the problem that the newly accessed AP does not store the SAVI table entry of the wireless terminal in time after the wireless terminal roams can be solved, and the wireless terminal can still communicate through the newly accessed AP.
Optionally, in another possible implementation manner, if the AP in the embodiment of fig. 2 is used as an AP accessed by another wireless terminal (e.g., a second wireless terminal) before roaming, as shown in fig. 3, the method includes:
s301, second address information of the second wireless terminal sent by the AC is received.
And the second address information is sent to the AC when another AP which receives a second data message sent by the second wireless terminal does not find an SAVI item matched with the second address information carried by the second data message in the SAVI items which are created locally, and the AC determines that the second wireless terminal is a roaming terminal according to the second address information and sends the second address information to the AP. The second address information includes an IP address and a MAC address of the second wireless terminal.
S302, whether the SAVI table entry matched with the second address information is stored in the locally created SAVI table entry is judged.
If yes, executing S303; if not, go to step S304.
S303, informing the AC to send the identification result that the second wireless terminal is a legal terminal to another AP, so that another AP creates an SAVI table entry corresponding to the second address information and forwards the second data message.
S304, the AC is informed to send the identification result that the second wireless terminal is an illegal terminal to another AP, so that the other AP discards the second data message.
By adopting the message processing method provided by the embodiment of the application, if the AP is an AP accessed by the second wireless terminal before roaming, and after receiving the second address information of the second wireless terminal sent by the AC, if it is determined that the locally created SAVI entry does not store the SAVI entry matched with the second address information, indicating that the second wireless terminal is an illegal terminal, the AC may be notified to send an identification result that the second wireless terminal is an illegal terminal to another AP, so that another AP discards the second data message, thereby ensuring network security; if the AP determines that the locally created SAVI entry stores the SAVI entry matching with the second address information, indicating that the second wireless terminal is a valid terminal, the AC may be notified to send an identification result that the second wireless terminal is a valid terminal to another AP, so that another AP creates the SAVI entry for the second wireless terminal, and forwards the second data packet.
Corresponding to the foregoing embodiment, an embodiment of the present application further provides a message processing method, which is described in an AC perspective, and as shown in fig. 4, the method includes:
s401, address information sent by the first AP is received.
The address information is sent to the AC when the first AP does not find the SAVI matched with the address information carried by the data message in the SAVI locally created after receiving the data message sent by the wireless terminal, the address information comprises the MAC address and the IP address of the wireless terminal, and each SAVI in the SAVI locally created is the combination of the IP address and the MAC address.
S402, judging whether the wireless terminal corresponding to the address information is a roaming terminal.
If not, executing S403; if yes, go to S404.
The judging method comprises the following steps: the AC judges whether the AC stores AP information of other APs accessed by the first wireless terminal corresponding to the first address information before accessing the first AP, if so, the AC determines that the first wireless terminal is a roaming terminal; if not, determining that the first wireless terminal is not a roaming terminal.
S403, sending the identification result that the wireless terminal is an illegal terminal to the first AP so that the first AP discards the data message.
S404, sending the address information to the second AP before the roaming of the wireless terminal.
S405, receiving a matching result aiming at the address information sent by the second AP.
S406, if the matching result is that the SAVI table entry matched with the address information is stored in the SAVI table entry locally created by the second AP, sending the identification result that the wireless terminal is a legal terminal to the first AP, so that the first AP creates the SAVI table entry corresponding to the address information and forwards the data message.
And S407, if the matching result is that the SAVI table entry matched with the address information is not stored in the SAVI table entry locally created by the second AP, sending the identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data message.
By adopting the message processing method provided by the embodiment of the application, the AC can receive the address information sent by the first AP, and if the wireless terminal corresponding to the address information is determined not to be a roaming terminal, the AC can send the identification result that the wireless terminal is an illegal terminal to the first AP, so that the network safety can be ensured; if the AC determines that the wireless terminal is a roaming terminal, the AC can send address information to a second AP before the wireless terminal roams, if the subsequently received matching result is that an SAVI table item matched with the address information is stored in an SAVI table item locally created by the second AP, the AC sends an identification result that the wireless terminal is a legal terminal to the first AP, and the wireless terminal can still access the network to communicate through the first AP, so that the wireless terminal can still communicate through the newly accessed AP even if the newly accessed AP does not store the SAVI table item of the wireless terminal after the wireless terminal roams.
On the basis of the embodiments corresponding to fig. 2 to fig. 4, the message processing method provided in the embodiment of the present application is described in detail, and the method takes an interaction flow among the terminal, the first AP, the second AP and the AC as an example, where the first AP is an AP currently accessed by the terminal, and the second AP is an AP accessed by the terminal before the terminal accesses the first AP. As shown in fig. 5, the method specifically includes the following steps:
s501, the first wireless terminal sends a first data message to the first AP. Correspondingly, the first AP receives a first data message sent by the first wireless terminal.
The first data message includes first address information of the first wireless terminal, and the first address information at least includes an IP address and an MAC address of the first wireless terminal.
S502, if the SAVI table entry matched with the first address information carried by the first data message is not found in the SAVI table entries created locally by the first AP, the first address information is sent to the AC. Accordingly, the AC receives the first address information transmitted by the first AP.
The first AP creates SAVI entries of the wireless terminals served by the first AP, wherein each SAVI entry comprises the combination of the IP address and the MAC address of the wireless terminal. For example, referring to table 1, assuming that a first AP serves wireless terminal 1 to wireless terminal 3, the first AP may create an SAVI entry for wireless terminal 1 to wireless terminal 3, where the SAVI entry for wireless terminal 1 includes an IP address of wireless terminal 1 and a MAC address of wireless terminal 1, and the SAVI entries for wireless terminal 2 to wireless terminal 3 are similar.
TABLE 1
Wireless terminal SAVI table entry
Wireless terminal 1 IP Address of Wireless terminal 1 + MAC Address of Wireless terminal 1
Wireless terminal 2 IP address of wireless terminal 2 + MAC address of wireless terminal 2
Wireless terminal 3 IP address of wireless terminal 3 + MAC address of wireless terminal 3
If the first AP does not find the SAVI entry matching both the IP address and the MAC address carried in the first data packet from table 1, the first wireless terminal that sends the first data packet may be an illegal terminal or a roaming terminal, and at this time, the first AP may send the first address information to the AC, and the AC determines whether the first wireless terminal is a legal terminal.
It should be noted that, if the first AP finds, in the locally created SAVI entry, an SAVI entry matching the first address information carried in the first data packet, the first data packet may be forwarded.
S503, the AC determines whether the first wireless terminal corresponding to the address information is a roaming terminal.
If not, executing S504; if yes, go to step S506.
The judging method comprises the following steps: the AC judges whether the first wireless terminal corresponding to the first address information is stored in the AC and accesses the AP information of other APs before accessing the first AP, if so, the first wireless terminal is determined to be a roaming terminal; if not, determining that the first wireless terminal is not a roaming terminal.
After the first wireless terminal accesses the AP or the first wireless terminal is switched from one AP to another AP, the AC stores the AP information accessed by the first wireless terminal. For example, after the first wireless terminal accesses the AP2, the AC may generate a binding table entry for the first wireless terminal, where the binding table entry may include the MAC address of the first wireless terminal and the identifier of the AP2, and when the first wireless terminal is handed over from the AP2 to the AP1, the AC may update the binding table entry of the first wireless terminal, and the updated binding table entry includes the MAC address of the first wireless terminal, the identifier of the AP2, and the identifier of the AP 1. Of course, other information may also be included in the binding table entry, which is not listed here in this embodiment of the application.
With reference to this example, if the AC determines that it stores the binding table entry containing the received MAC address, where the binding table entry includes the MAC address of the first wireless terminal, the identifier of the AP2, and the identifier of the AP1, and the AC determines that the AP sending the MAC address is the AP1, the AC may determine that the first wireless terminal is a roaming terminal, that is, the first wireless terminal has roamed from the AP2 to the AP 1.
S504, the AC sends the identification result that the first wireless terminal is an illegal terminal to the first AP. Accordingly, the first AP receives the identification result that the first wireless terminal sent by the AC is an illegal terminal.
It is understood that if the AC determines that the first wireless terminal is not a roaming terminal, and the first AP does not store the SAVI entry of the first wireless terminal, that is, the other APs may not store the SAVI entry of the first wireless terminal, the first wireless terminal may be considered as a rogue terminal.
And S505, the first AP discards the first data message.
If the first wireless terminal is an illegal terminal, the first data packet may be discarded in order to prevent the first wireless terminal from illegally using network resources. Optionally, the communication between the first wireless terminal and the first AP may be prohibited, or the first AP may be disconnected from the first wireless terminal directly.
S506, the AC forwards the first address information to a second AP before the first wireless terminal roams. Accordingly, the second AP receives the first address information transmitted by the AC.
For example, if the binding table entry found by the AC according to the first address information includes the MAC address of the first wireless terminal, the identifier of the AP2, and the identifier of the AP1, the first AP is AP1, and the second AP is AP 2.
S507, the second AP judges whether the SAVI item matched with the first address information is stored in the SAVI item established locally.
If yes, go to step S508, otherwise go to step S511.
S508, the second AP sends the matching result of the SAVI table entry which is locally created by the second AP and is stored in the SAVI table entry matched with the first address information to the AC. Accordingly, the AC receives the matching result from the second AP.
S509, the AC sends the identification result that the first wireless terminal is a valid terminal to the first AP. Accordingly, the first AP receives the identification result that the first wireless terminal sent by the AC is a legitimate terminal.
In a possible implementation manner, the AC may directly forward the matching result in S508 to the first AP, and the first AP may determine that the first wireless terminal is a valid terminal according to the matching result.
S510, the first AP creates an SAVI table item corresponding to the first address information and forwards the first data message.
After the first AP determines that the first wireless terminal is a valid terminal, the received first data packet may be released, and in order to ensure that the first wireless terminal can identify the identity of the first wireless terminal in time when sending the data packet next time, the IP address and the MAC address in the first data packet received this time may be stored, so as to generate an SAVI entry of the first wireless terminal.
S511, the second AP sends the matching result of the SAVI table entry which is not matched with the first address information and is stored in the SAVI table entry locally created by the second AP to the AC. Accordingly, the AC receives the matching result from the second AP.
S512, the AC sends the identification result that the first wireless terminal is an illegal terminal to the first AP. Accordingly, the first AP receives the identification result that the first wireless terminal sent by the AC is an illegal terminal.
In a possible implementation manner, the AC may directly forward the matching result in S511 to the first AP, and the first AP may determine that the first wireless terminal is an illegal terminal according to the matching result.
S513, the first AP discards the data message.
By adopting the message processing method provided by the embodiment of the application, after receiving the first data message of the first wireless terminal, the first AP does not directly discard the first data message under the condition that the locally created SAVI entry is not found, which matches with the first address information carried in the first data message, but the AC determines whether the first wireless terminal sending the first data message is a roaming terminal, if not, the first AP can discard the first data message, so that network security can be ensured; if the wireless terminal is a roaming terminal, a second AP accessed before the first wireless terminal roams is matched with the SAVI table entry, if the matching fails, the first AP can discard the first data message in order to ensure the network security, if the matching succeeds, the first wireless terminal is a legal terminal, the first AP can forward the first data message for the first wireless terminal, and an SAVI table entry is created for the first wireless terminal, and the first wireless terminal can still access the network for communication.
Corresponding to the foregoing method embodiment, an embodiment of the present application further provides a message processing apparatus, where the apparatus is applied to an AP, and as shown in fig. 6, the apparatus includes: a receiving module 601, a searching module 602, a sending module 603, a creating module 604, and a discarding module 605.
The receiving module 601 is configured to receive a first data packet sent by a first wireless terminal.
The searching module 602 is configured to search, in the locally created source address validity verification SAVI table entry, a SAVI table entry matched with first address information carried in the first data packet, where the first address information includes an MAC address and an IP address of the first wireless terminal, and each locally created SAVI table entry is a combination of an IP address and an MAC address.
A sending module 603, configured to send the first address information to the AC if the searching module 602 does not find the SAVI entry matching the first address information in the first data packet in the locally created SAVI entry.
The receiving module 601 is further configured to receive an identification result of the first address information sent by the AC.
A creating module 604, configured to create an SAVI entry corresponding to the first address information if the identification result received by the receiving module 601 is that the first wireless terminal is a valid terminal.
The sending module 603 is further configured to forward the first data packet if the identification result received by the receiving module 601 is that the first wireless terminal is a legal terminal.
A discarding module 605, configured to discard the first data packet if the identification result received by the receiving module 601 is that the first wireless terminal is an illegal terminal.
In a possible implementation manner, the sending module 603 is further configured to forward the first data packet if the searching module 602 finds, in the locally created SAVI entry, a SAVI entry that matches the first address information carried in the first data packet.
In another possible implementation manner, as shown in fig. 7, the apparatus further includes a determining module 701 and a notifying module 702.
The receiving module 601 is further configured to receive second address information of the second wireless terminal sent by the AC, where the second address information is sent to the AC when another AP that receives the second data packet sent by the second wireless terminal does not find an SAVI entry matching the second address information carried in the second data packet in the locally created SAVI entry, and the AC determines, according to the second address information, that the second wireless terminal is a roaming terminal and sends the second address information to another AP;
a determining module 701, configured to determine whether an SAVI entry matching the second address information is stored in the locally created SAVI entry;
a notifying module 702, configured to notify the AC to send an identification result that the second wireless terminal is a valid terminal to another AP if the determination result of the determining module 701 is yes, so that another AP creates an SAVI entry corresponding to the second address information and forwards the second data packet; if the determination result of the determining module 701 is negative, the AC is notified to send the identification result that the second wireless terminal is an illegal terminal to another AP, so that the another AP discards the second data packet.
An embodiment of the present application further provides another packet processing apparatus, where the apparatus is applied to an AC, and as shown in fig. 8, the apparatus includes: a receiving module 801, a judging module 802 and a sending module 803.
The receiving module 801 is configured to receive address information sent by a first access point AP, where the address information is sent to an AC when the first AP does not find an SAVI entry matching address information carried in a data message in a locally created source address validity verification SAVI entry after receiving the data message sent by the wireless terminal, the address information includes a media access control MAC address and an internet protocol IP address of the wireless terminal, and each SAVI entry in the locally created SAVI entry is a combination of an IP address and an MAC address.
The determining module 802 is configured to determine whether the wireless terminal corresponding to the address information received by the receiving module 801 is a roaming terminal.
A sending module 803, configured to send, if the determination result of the determining module 802 is negative, an identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data packet; if the determination result of the determining module 802 is yes, the address information is sent to the second AP before the roaming of the wireless terminal.
The receiving module 801 is further configured to receive a matching result for the address information sent by the second AP.
The sending module 803 is further configured to send, to the first AP, an identification result that the wireless terminal is a valid terminal if the matching result is that an SAVI entry matching the address information is stored in an SAVI entry locally created by the second AP, so that the first AP creates an SAVI entry corresponding to the address information, and forwards the data packet; and if the matching result is that the SAVI table item matched with the address information is not stored in the SAVI table item locally created by the second AP, sending an identification result that the wireless terminal is an illegal terminal to the first AP so that the first AP discards the data message.
In a possible implementation manner, the determining module 802 is further configured to determine whether the AP information of other APs, which are accessed by the wireless terminal before accessing the first AP, corresponding to the address information is stored in the determining module; if yes, determining that the wireless terminal is a roaming terminal; if not, the wireless terminal is determined not to be a roaming terminal.
The embodiment of the present application further provides an access point AP, as shown in fig. 9, which includes a processor 901, a communication interface 902, a memory 903, and a communication bus 904, where the processor 901, the communication interface 902, and the memory 903 complete mutual communication through the communication bus 904,
a memory 903 for storing computer programs;
the processor 901 is configured to execute the program stored in the memory 903, and is specifically configured to implement the steps executed by the first AP in the foregoing method embodiment.
The communication bus mentioned in the above access point may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the access point and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
The embodiment of the present application further provides an AC, as shown in fig. 10, including a processor 1001, a communication interface 1002, a memory 1003 and a communication bus 1004, where the processor 1001, the communication interface 1002 and the memory 1003 complete mutual communication through the communication bus 1004,
a memory 1003 for storing a computer program;
the processor 1001 is configured to implement the steps executed by the AC in the above method embodiment when executing the program stored in the memory 1003.
The communication bus mentioned in the above controller may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the controller and other devices.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In another embodiment provided by the present application, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps performed by the AP in any of the message processing methods described above.
In another embodiment provided by the present application, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps performed by the AC in any of the message processing methods described above.
In another embodiment provided by the present application, there is also provided a computer program product containing instructions, which when run on a computer, causes the computer to perform the steps performed by the AP in any of the message processing methods in the above embodiments.
In yet another embodiment provided by the present application, there is also provided a computer program product containing instructions, which when run on a computer, cause the computer to perform the steps performed by the AC in any of the message processing methods in the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application are included in the protection scope of the present application.

Claims (12)

1. A message processing method is applied to an Access Point (AP), and is characterized by comprising the following steps:
receiving a first data message sent by a first wireless terminal;
if the SAVI table entry matched with the first address information carried by the first data message is not found in the SAVI table entry verified by the validity of the locally created source address, sending the first address information to an Access Controller (AC), wherein the first address information comprises a Media Access Control (MAC) address and an Internet Protocol (IP) address of the first wireless terminal, and each SAVI table entry in the locally created SAVI table entry is a combination of the IP address and the MAC address;
receiving an identification result sent by the AC and aiming at the first address information;
if the identification result is that the first wireless terminal is a legal terminal, creating an SAVI (secure SAVI) table entry corresponding to the first address information, and forwarding the first data message;
if the identification result is that the first wireless terminal is an illegal terminal, discarding the first data message;
receiving second address information of a second wireless terminal sent by the AC, wherein the second address information is sent to the AC when another AP which receives a second data message sent by the second wireless terminal does not find an SAVI item matched with the second address information carried by the second data message in an SAVI item which is locally created, and the AC determines that the second wireless terminal is a roaming terminal according to the second address information and sends the SAVI item to the AP;
judging whether an SAVI (address information indicator) table entry matched with the second address information is stored in the locally created SAVI table entry;
if so, informing the AC to send an identification result that the second wireless terminal is a legal terminal to the other AP, so that the other AP creates an SAVI table item corresponding to the second address information and forwards the second data message;
if not, the AC is informed to send the identification result that the second wireless terminal is an illegal terminal to the other AP, so that the other AP discards the second data message.
2. The method of claim 1, further comprising:
and if the SAVI table entry matched with the first address information carried by the first data message is found in the locally created SAVI table entry, forwarding the first data message.
3. A message processing method is applied to an Access Controller (AC), and comprises the following steps:
receiving address information sent by a first AP, wherein the address information is sent to the AC when the first AP does not find an SAVI (media access control) table entry matched with the address information carried by a data message in a local created SAVI table entry after receiving the data message sent by a wireless terminal, the address information comprises a Media Access Control (MAC) address and an Internet Protocol (IP) address of the wireless terminal, and each SAVI table entry in the local created SAVI table entry is a combination of the IP address and the MAC address;
judging whether the wireless terminal corresponding to the address information is a roaming terminal or not;
if not, sending an identification result that the wireless terminal is an illegal terminal to the first AP so that the first AP discards the data message;
if so, sending the address information to a second AP before the roaming of the wireless terminal;
receiving a matching result aiming at the address information sent by the second AP;
if the matching result is that the SAVI table entry matched with the address information is stored in the SAVI table entry locally created by the second AP, sending an identification result that the wireless terminal is a legal terminal to the first AP, so that the first AP creates the SAVI table entry corresponding to the address information and forwards the data message;
and if the matching result is that the SAVI table entry matched with the address information is not stored in the SAVI table entry locally created by the second AP, sending an identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data message.
4. The method of claim 3, wherein determining whether the wireless terminal corresponding to the address information is a roaming terminal comprises:
judging whether the terminal stores the AP information of other APs accessed by the terminal corresponding to the address information before accessing the first AP;
if yes, determining that the wireless terminal is a roaming terminal;
if not, determining that the wireless terminal is not a roaming terminal.
5. A message processing apparatus, wherein the apparatus is applied to an access point AP, and the apparatus comprises:
the receiving module is used for receiving a first data message sent by a first wireless terminal;
a search module, configured to search, in a locally created source address validity verification SAVI table entry, a SAVI table entry that matches first address information carried in the first data packet, where the first address information includes a media access control MAC address and an internet protocol IP address of the first wireless terminal, and each locally created SAVI table entry is a combination of an IP address and an MAC address;
a sending module, configured to send the first address information to an access controller AC if the search module does not find an SAVI entry matching the first address information in the first data packet in a locally created SAVI entry;
the receiving module is further configured to receive an identification result for the first address information sent by the AC;
a creating module, configured to create an SAVI entry corresponding to the first address information if the identification result received by the receiving module is that the first wireless terminal is a valid terminal;
the sending module is further configured to forward the first data packet if the identification result received by the receiving module is that the first wireless terminal is a legal terminal;
a discarding module, configured to discard the first data packet if the identification result received by the receiving module is that the first wireless terminal is an illegal terminal;
the receiving module is further configured to receive second address information of a second wireless terminal sent by the AC, where the second address information is sent to the AC when another AP that receives a second data packet sent by the second wireless terminal does not find an SAVI entry matching second address information carried in a second data packet in a locally created SAVI entry, and the AC determines, according to the second address information, that the second wireless terminal is a roaming terminal and sends the second address information to the AP;
the judging module is used for judging whether an SAVI (secure access indicator) table item matched with the second address information is stored in the locally created SAVI table item;
a notification module, configured to notify the AC to send an identification result that the second wireless terminal is a valid terminal to the another AP if the determination result of the determination module is yes, so that the another AP creates an SAVI entry corresponding to the second address information and forwards the second data packet; if the judgment result of the judgment module is negative, the AC is informed to send the identification result that the second wireless terminal is an illegal terminal to the other AP, so that the other AP discards the second data message.
6. The apparatus of claim 5,
the sending module is further configured to forward the first data packet if the search module finds an SAVI entry matching the first address information carried in the first data packet in the locally created SAVI entry.
7. A message processing apparatus, characterized in that the apparatus is applied to an access controller AC, and the apparatus comprises:
a receiving module, configured to receive address information sent by a first AP, where the address information is sent to an AC when the first AP does not find an SAVI entry matching the address information carried in a data packet in a locally created source address validity verification SAVI entry after receiving the data packet sent by a wireless terminal, the address information includes a media access control MAC address and an internet protocol IP address of the wireless terminal, and each SAVI entry in the locally created SAVI entry is a combination of an IP address and an MAC address;
a judging module, configured to judge whether the wireless terminal corresponding to the address information received by the receiving module is a roaming terminal;
a sending module, configured to send, if the determination result of the determining module is negative, an identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data packet; if the judgment result of the judgment module is yes, the address information is sent to a second AP before the wireless terminal roams;
the receiving module is further configured to receive a matching result for the address information sent by the second AP;
the sending module is further configured to send, to the first AP, an identification result that the wireless terminal is a valid terminal if the matching result is that an SAVI entry matching the address information is stored in an SAVI entry locally created by the second AP, so that the first AP creates an SAVI entry corresponding to the address information and forwards the data packet; and if the matching result is that the SAVI table entry matched with the address information is not stored in the SAVI table entry locally created by the second AP, sending an identification result that the wireless terminal is an illegal terminal to the first AP, so that the first AP discards the data message.
8. The apparatus of claim 7,
the judging module is further configured to judge whether the judging module stores the AP information of other APs that the wireless terminal corresponding to the address information accesses before accessing the first AP; if yes, determining that the wireless terminal is a roaming terminal; if not, determining that the wireless terminal is not a roaming terminal.
9. An access point, AP, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor to cause the processor to: carrying out the method steps of any one of claims 1-2.
10. An access controller, AC, comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: -carrying out the method steps of any one of claims 3 to 4.
11. A machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to: carrying out the method steps of any one of claims 1-2.
12. A machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to: -carrying out the method steps of any one of claims 3 to 4.
CN201810825140.0A 2018-07-25 2018-07-25 Message processing method and device Active CN109089263B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810825140.0A CN109089263B (en) 2018-07-25 2018-07-25 Message processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810825140.0A CN109089263B (en) 2018-07-25 2018-07-25 Message processing method and device

Publications (2)

Publication Number Publication Date
CN109089263A CN109089263A (en) 2018-12-25
CN109089263B true CN109089263B (en) 2021-07-30

Family

ID=64838539

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810825140.0A Active CN109089263B (en) 2018-07-25 2018-07-25 Message processing method and device

Country Status (1)

Country Link
CN (1) CN109089263B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110505621B (en) * 2019-08-30 2022-04-26 新华三技术有限公司 Terminal migration processing method and device
CN111740961B (en) * 2020-05-26 2022-02-22 北京华三通信技术有限公司 Communication method and device
CN111885622B (en) * 2020-07-15 2023-08-01 深圳市友华软件科技有限公司 Bridge acceleration compatible WIFI roaming method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1567839A (en) * 2003-06-24 2005-01-19 华为技术有限公司 Port based network access control method
CN102014142A (en) * 2010-12-31 2011-04-13 中国科学院计算技术研究所 Source address validation method and system
CN105577548A (en) * 2014-10-10 2016-05-11 杭州华三通信技术有限公司 Software definition network message processing method and device
CN106487742A (en) * 2015-08-24 2017-03-08 阿里巴巴集团控股有限公司 For verifying the method and device of source address effectiveness

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7865591B2 (en) * 2007-11-20 2011-01-04 Alcatel Lucent Facilitating DHCP diagnostics in telecommunication networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1567839A (en) * 2003-06-24 2005-01-19 华为技术有限公司 Port based network access control method
CN102014142A (en) * 2010-12-31 2011-04-13 中国科学院计算技术研究所 Source address validation method and system
CN105577548A (en) * 2014-10-10 2016-05-11 杭州华三通信技术有限公司 Software definition network message processing method and device
CN106487742A (en) * 2015-08-24 2017-03-08 阿里巴巴集团控股有限公司 For verifying the method and device of source address effectiveness

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于SAVI技术的安全DHCPv6系统研究;蒋雅兰;《中国优秀硕士学位论文全文数据库信息科技辑》;20140615;全文 *

Also Published As

Publication number Publication date
CN109089263A (en) 2018-12-25

Similar Documents

Publication Publication Date Title
US12057963B2 (en) Connecting to a home area network via a mobile communication network
US11212226B2 (en) Data processing method and apparatus, and device
KR101780371B1 (en) Systems and methods for reduced latency during initial link setup
US11102170B2 (en) Route delivery method and device
EP1681895B1 (en) Method and apparatus for minimizing hand-off time using node information
WO2019017840A1 (en) Network verification method, and relevant device and system
CN107026813B (en) Access authentication method and system of WiFi network and portal server
CN109089263B (en) Message processing method and device
US20160036772A1 (en) Technique to Prevent IPv6 Address Exhaustion in Prefix Delegation Mode for Mobile Access Point Routers
CN108616805B (en) Emergency number configuration and acquisition method and device
CN109495369B (en) Message forwarding method and device
CN109981813B (en) Message processing method and device
CN108718280B (en) Message forwarding method and device
WO2020043098A1 (en) Device entry establishment
CN108989173B (en) Message transmission method and device
CN110839050B (en) Method, system and wireless access point for detecting user offline
US9730067B2 (en) Verification in wireless local area network
CN106488458B (en) Method and device for detecting gateway ARP spoofing
CN105635138A (en) Method and apparatus for preventing ARP attacks
CN104955025B (en) A kind of address resource method for releasing and device, system
CN113992583B (en) Table item maintenance method and device
US20180270319A1 (en) Network device, wireless communication terminal and non-transitory computer readable medium
KR20100084773A (en) System and method for authorizing in wireless communication system
KR101784895B1 (en) System and method for providing wireless internet for helping uses of application
KR20140052143A (en) Mobile access gateway, communication system, method for supporting handover in mobile access gateway and method for supporting handover in communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant