CN111405560A - Communication method, device, equipment and storage medium - Google Patents
Communication method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111405560A CN111405560A CN202010093628.6A CN202010093628A CN111405560A CN 111405560 A CN111405560 A CN 111405560A CN 202010093628 A CN202010093628 A CN 202010093628A CN 111405560 A CN111405560 A CN 111405560A
- Authority
- CN
- China
- Prior art keywords
- user
- address
- swing
- broadcast packet
- real
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/08—Access restriction or access information delivery, e.g. discovery data delivery
- H04W48/10—Access restriction or access information delivery, e.g. discovery data delivery using broadcasted information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
Abstract
One or more embodiments of the present specification provide a communication method, apparatus, device and storage medium, the method comprising: receiving an online broadcast packet sent by a first newly online autumn flying user in a local area network; the local area network is based on moving target defense; establishing connection between the first flight-autumn user and a second registered flight-autumn user in the local area network based on an online broadcast packet and a preset broadcast packet forwarding rule; and forwarding the communication message between the first swing user and the second swing user so as to realize the communication between the first swing user and the second swing user. According to the broadcast packet forwarding rule, the online broadcast packet of the first fly-autumn user is sent to other logged-in fly-autumn users in the local area network, so that connection between the fly-autumn users in the local area network based on moving target defense is established, communication between the fly-autumn users is finally achieved, and the local area network based on moving target defense and local area network communication software can be compatible.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of communications technologies, and in particular, to a communication method, apparatus, device, and storage medium.
Background
Aiming at the safety problem of the current network space, moving target defense provides a new idea for improving the safety of the network space; however, the message transmission of the local area network communication software is based on UDP, but the current local area network based on the moving target defense is not compatible with the local area network communication software, so a method capable of improving the compatibility of the local area network based on the moving target defense and the flying target is needed to enable the flying target defense to be applied in the local area network based on the moving target defense.
Disclosure of Invention
In view of the above, an object of one or more embodiments of the present disclosure is to provide a communication method, apparatus, device and storage medium, so as to solve the problem that a local area network based on moving target defense is not compatible with local area network communication software.
In view of the above object, a first aspect of one or more embodiments of the present specification provides a communication method, including:
receiving an online broadcast packet sent by a first newly online autumn flying user in a local area network; the local area network is based on moving target defense;
establishing connection between the first swing user and a second swing user logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule;
and forwarding the communication message between the first swing user and the second swing user so as to realize the communication between the first swing user and the second swing user.
Optionally, the online broadcast packet includes first flight and autumn user information;
the establishing of the connection between the first swing user and the second swing user logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule includes:
judging whether the online broadcast packet conforms to a broadcast packet forwarding rule or not based on a preset broadcast packet forwarding rule;
if so, sending the online broadcast packet to the second swing user so that the second swing user adds the first swing user information to a user list of the second swing user;
receiving a UDP message fed back by the second swing user based on the online broadcast packet; the UDP message comprises second flight and autumn user information;
and sending the UDP message to the first swing user, so that the first swing user adds the second swing user information to a user list of the first swing user.
Optionally, the first swing user information includes a first real IP address of the first swing user;
the sending the online broadcast packet to the second swing user includes:
modifying the first real IP address in the online broadcast packet into a first virtual IP address corresponding to the first real IP address;
and sending the online broadcast packet comprising the first virtual IP address to the second swing user.
Optionally, the second swing user information includes a second real IP address of the second swing user; the UDP message comprises a first virtual IP address;
the sending the UDP packet to the first fall user includes:
modifying the first virtual IP address into a first real IP address, and modifying the second real IP address into a second virtual IP address corresponding to the second real IP address;
and sending the UDP message to the first swing user based on the first real IP address.
Optionally, the establishing a connection between the first swing user and a second swing user logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule further includes:
establishing a first UDP temporary flow table and a second UDP temporary flow table based on the UDP message; wherein the first UDP temporary flow table is used to translate the first real IP address to the first virtual IP address and the second virtual IP address to the second real IP address; the second UDP temporary flow table is used to translate the second real IP address to a second virtual IP address and translate the first virtual IP address to the first real IP address.
Optionally, the forwarding a communication packet between the first swing user and the second swing user includes:
receiving a first swing message sent by the first swing user; wherein the first swing message includes the first real IP address and the second virtual IP address;
converting the first real IP address to the first virtual IP address and the second virtual IP address to the second real IP address based on the first UDP temporary flow table;
based on the second real IP address, sending the first swing message to the second swing user;
receiving a second swing message fed back by the second swing user based on the first swing message; wherein the second swing message includes the second real IP address and the first virtual IP address;
converting the second real IP address to a second virtual IP address and the first virtual IP address to the first real IP address based on the second UDP temporary flow table;
and sending the second swing message to the first swing user based on the first real IP address.
Optionally, the method further comprises:
receiving an offline broadcast packet sent by the first swing user;
deleting the first UDP temporary flow table and the second UDP temporary flow table, and sending the offline broadcast packet to the second swing user, so that the first swing user and the second swing user are disconnected in communication.
A second aspect of one or more embodiments of the present specification provides, for the same purpose, a communication apparatus, including:
the receiving module is used for receiving an online broadcast packet sent by a first newly online autumn flying user in the local area network; the local area network is based on moving target defense;
the connection establishing module is used for establishing the connection between the first swing user and a second swing user which is logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule;
and the communication message forwarding module is used for forwarding the communication message between the first flight-autumn user and the second flight-autumn user so as to realize the communication between the first flight-autumn user and the second flight-autumn user.
Optionally, the online broadcast packet includes first flight and autumn user information;
the connection establishing module comprises:
the judging unit is used for judging whether the online broadcast packet conforms to the broadcast packet forwarding rule or not based on a preset broadcast packet forwarding rule;
a broadcast packet sending unit, configured to send the online broadcast packet to the second swing user if the online broadcast packet meets the broadcast packet forwarding rule, so that the second swing user adds the first swing user information to a user list of the second swing user;
a UDP packet receiving unit, configured to receive a UDP packet fed back by the second swing user based on the online broadcast packet; the UDP message comprises second flight and autumn user information;
a UDP packet sending unit, configured to send the UDP packet to the first swing user, so that the first swing user adds the second swing user information to a user list of the first swing user.
Optionally, the first swing user information includes a first real IP address of the first swing user;
the broadcast packet sending unit is specifically configured to:
modifying the first real IP address in the online broadcast packet into a first virtual IP address corresponding to the first real IP address;
and sending the online broadcast packet comprising the first virtual IP address to the second swing user.
Optionally, the second swing user information includes a second real IP address of the second swing user; the UDP message comprises a first virtual IP address;
the UDP packet sending unit is specifically configured to:
modifying the first virtual IP address into a first real IP address, and modifying the second real IP address into a second virtual IP address corresponding to the second real IP address;
and sending the UDP message to the first swing user based on the first real IP address.
Optionally, the connection establishing module further includes:
a UDP temporary flow table establishing unit, configured to establish a first UDP temporary flow table and a second UDP temporary flow table based on the UDP packet; wherein the first UDP temporary flow table is used to translate the first real IP address to the first virtual IP address and the second virtual IP address to the second real IP address; the second UDP temporary flow table is used to translate the second real IP address to a second virtual IP address and translate the first virtual IP address to the first real IP address.
Optionally, the communication packet forwarding module is specifically configured to:
receiving a first swing message sent by the first swing user; wherein the first swing message includes the first real IP address and the second virtual IP address;
converting the first real IP address to the first virtual IP address and the second virtual IP address to the second real IP address based on the first UDP temporary flow table;
based on the second real IP address, sending the first swing message to the second swing user;
receiving a second swing message fed back by the second swing user based on the first swing message; wherein the second swing message includes the second real IP address and the first virtual IP address;
converting the second real IP address to a second virtual IP address and the first virtual IP address to the first real IP address based on the second UDP temporary flow table;
and sending the second swing message to the first swing user based on the first real IP address.
Optionally, the receiving module is further configured to receive an offline broadcast packet sent by the first swing user;
the device further comprises:
a disconnection module, configured to delete the first UDP temporary flow table and the second UDP temporary flow table, and send the offline broadcast packet to the second swing user, so that the first swing user and the second swing user are disconnected from communication.
A third aspect of one or more embodiments of the present specification provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the method according to any one of the first aspect of the present specification.
A fourth aspect of one or more embodiments of the present specification provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the method of any one of the first aspects of the present specification.
As can be seen from the above description, in the communication method, apparatus, device, and storage medium provided in one or more embodiments of the present specification, the connection between the first femto-subscriber and the second femto-subscriber in the local area network based on the moving target defense is established by receiving the online broadcast packet of the first femto-subscriber, then based on the online broadcast packet and the preset broadcast packet forwarding rule, and finally, the communication packet between the first femto-subscriber and the second femto-subscriber is forwarded to implement the communication between the first femto-subscriber and the second femto-subscriber. The online broadcast packet of the first fly-autumn user is sent to other logged-in fly-autumn users in the local area network according to the broadcast packet forwarding rule so as to establish connection between the fly-autumn users in the local area network based on moving target defense, and finally communication between the fly-autumn users is realized, so that the local area network based on moving target defense is compatible with local area network communication software.
Drawings
In order to more clearly illustrate one or more embodiments or prior art solutions of the present specification, the drawings that are needed in the description of the embodiments or prior art will be briefly described below, and it is obvious that the drawings in the following description are only one or more embodiments of the present specification, and that other drawings may be obtained by those skilled in the art without inventive effort from these drawings.
Fig. 1 is a flow diagram of a communication method provided in one or more embodiments of the present disclosure;
FIG. 2 is an illustration of step S02 provided by one or more embodiments of the disclosure;
fig. 3 is a schematic diagram of an IP address hopping strategy provided in one or more embodiments of the present disclosure;
FIG. 4 is an illustration of step S03 provided by one or more embodiments of the disclosure;
fig. 5 is a schematic flow chart diagram of a specific embodiment of a communication method according to one or more embodiments of the present disclosure;
fig. 6 is a schematic structural diagram of a communication device provided in one or more embodiments of the present disclosure;
fig. 7 is a more specific hardware structure diagram of an electronic device according to one or more embodiments of the present disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present specification should have the ordinary meaning as understood by those of ordinary skill in the art to which this disclosure belongs. The use of "first," "second," and similar terms in one or more embodiments of the specification is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
With the development of computer technology and the popularization of network application, information networks play an increasingly greater role in the social development process. Previously dispersed and independent individuals are now more and more relevant, forming larger or smaller networks. In recent years, problems such as key information leakage, enterprise system breakdown, financial service failure and the like are endless, and the penetration and destruction of the network form a very serious threat to various fields of the country and the society. In view of the current cyberspace security problem, the emergence of Moving Target Defense (MTD) provides a new idea for improving cyberspace security.
The traditional safety defense idea is to defend various attack modes through a constantly updated cave depot from the aspects of monitoring, detection, prevention and restoration. Hackers can always explore updated and stronger attack means by analyzing relatively unchangeable attack surfaces, and a security team can only continuously and passively defend as a defender, and most of the existing security innovations are also researched to defend more completely and timely. In recent years, in all new safety defense concepts, the mobile target defense is separate, and through continuously changing attack surfaces, the analysis and prediction of hackers are forced to pay huge cost, so that the current situation of passive defense is fundamentally changed, and defenders obtain 'initiative', therefore, the mobile target defense is called as a technology of 'changing game rules'.
After the self-moving object defense concept is proposed, the concept is applied to various network security defense technologies, including an intranet security defense technology. The technologies mainly utilize the programmable characteristic of the SDN to change various elements in the network, such as MAC addresses, IP addresses, port numbers, and the like, so as to change the attack plane of the hacker and greatly increase the attack difficulty and cost of the hacker.
The message transmission of the local area network communication software is based on UDP, but the current communication method based on moving target defense is not compatible with the flying autumn, and the main reasons are as follows: 1. the method comprises the following steps that an IP packet is broadcasted to a local area network by an online and offline of a flying autumn user, so that other flying autumn users can know the state of the user, and the IP packet cannot be broadcasted in the current moving target defense local area network; 2. the UDP temporary flow table of the current moving target defense local area network is automatically deleted after a specific time interval and cannot be kept consistent with the offline time of the flight-autumn user, so that the situation can occur, the user is not offline for a long time, but the UDP temporary flow table is deleted and communication can not be carried out any more; or the user is off-line, but the switch still keeps the UDP temporary flow table, occupying space.
In order to solve the above problems, the present specification provides a communication method, apparatus, device, and storage medium, where a connection between a first femto-user and a second femto-user in a local area network based on a moving target defense is established by receiving an online broadcast packet of the first femto-user, then based on the online broadcast packet and a preset broadcast packet forwarding rule, and finally, a communication packet between the first femto-user and the second femto-user is forwarded to implement communication between the first femto-user and the second femto-user. The method and the device can be applied to various electronic devices such as mobile phones, tablet computers, SDN switches and the like, and are not limited specifically.
For the sake of understanding, the communication method is described in detail below with reference to the drawings.
Fig. 1 is a schematic flow chart of a communication method provided in the present specification, where the method includes:
s01, receiving an online broadcast packet sent by a first newly online autumn flying user in the local area network; the local area network is based on moving target defense.
In this embodiment, an electronic device (hereinafter referred to as the present electronic device) that executes the present invention may be an SDN switch, where OpenvSwitch is installed in the SDN switch to have a virtual switch function, and Ryu is installed to have an SDN controller function; the SDN switch provides DHCP service, and real IP addresses of all terminals in the local area network can be distributed to different network segments.
Feiqiu is instant messaging software for chatting and transmitting files in a local area network, and the default port of the instant messaging software is 2425; in a local area network based on moving target defense, the flying autumn adopts UDP protocol to communicate.
In practical applications, a plurality of flight and autumn users may be included in the local area network based on the moving target defense, and in order to distinguish two mutually communicating flight and autumn users, the two mutually communicating flight and autumn users may be respectively called a first flight and autumn user and a second flight and autumn user, which is not limited specifically.
In this embodiment, a new online flight and autumn user in the local area network based on the moving target defense may be named as a first flight and autumn user, and a registered flight and autumn user in the local area network may be named as a second flight and autumn user, where the second flight and autumn user may be a single registered flight and autumn user in the local area network, or may be multiple registered flight and autumn users in the local area network, and the details are not limited.
The online broadcast packet may be a message sent by a first new online user to notify other online users in the local area network of online information.
In order to implement communication between a newly online first flight and autumn user and a second registered flight and autumn user in a local area network based on moving target defense, the newly online first flight and autumn user can generate an online broadcast packet and send the online broadcast packet to the electronic device. The electronic equipment receives an online broadcast packet sent by a first flight and autumn user.
S02, establishing the connection between the first flight and autumn user and the second registered flight and autumn user in the local area network based on the online broadcast packet and the preset broadcast packet forwarding rule.
In this embodiment, the broadcast packet forwarding rule is a basis for the electronic device to determine whether to forward the broadcast packet, and after receiving the message, first determine whether the message is a broadcast packet and whether the port number is the default port 2425 for swing, and if it is determined that the received message is a broadcast packet and the port number is the default port 2425 for swing, send the broadcast packet to all subnets, that is, broadcast the broadcast packet in all subnets.
The connection refers to a communication connection established between the first and second users, and is the basis on which the first and second users can communicate with each other.
In practical application, after receiving an online broadcast packet, firstly, judging whether the port number of the online broadcast packet is a default port 2425 for autumn; if yes, sending the online broadcast packet to the second registered flight autumn user in the local area network, and establishing connection between the first flight autumn user and the second registered flight autumn user in the local area network; if not, the online broadcast packet is not broadcasted in the local area network, namely the online broadcast packet is not sent to all subnets in the local area network.
The detailed description will be given later on with respect to a specific method for establishing a connection between a first femto-subscriber and a second femto-subscriber registered in a local area network, and will not be described herein again.
And S03, forwarding the communication message between the first swing user and the second swing user to realize the communication between the first swing user and the second swing user.
In this embodiment, the communication message refers to a message carrying chat information between the first flight and autumn user and the second flight and autumn user, and includes both a message carrying chat information of the first flight and autumn user and sent by the first flight and autumn user to the second flight and autumn user, and a message carrying chat information of the second flight and autumn user and sent by the second flight and autumn user to the first flight and autumn user.
In order to realize the communication between the first swing user and other swing users in the local area network, after the connection between the first swing user and the second swing user in the local area network based on the moving target defense is established, the communication message between the first swing user and the second swing user can be continuously forwarded.
As for the forwarding method of the communication message between the first swing user and the second swing user, detailed description will be given later, and details are not repeated here.
It can be understood that, in practical applications, in order to ensure safety, the local area network based on the moving target defense allocates all terminal hosts to different subnets, and each terminal host can only transmit in its own subnet by default when transmitting a broadcast packet on-line in the autumn, and cannot transmit to other autumn users. Through the broadcast packet forwarding rule, the terminal hosts of all the subnets can receive the online broadcast packet. The online broadcast packet of the first fly-autumn user is sent to other logged-in fly-autumn users in the local area network according to the broadcast packet forwarding rule so as to establish connection between the fly-autumn users in the local area network based on moving target defense, and finally communication between the fly-autumn users is realized, so that the local area network based on moving target defense is compatible with local area network communication software.
In practical application, in order to realize communication between a first flight and autumn user and a second flight and autumn user in a local area network based on moving target defense, firstly, a connection between the first flight and autumn user and the second flight and autumn user needs to be established; then, fig. 2 is an explanation provided herein for step S02, and as shown in fig. 2, in some possible embodiments, the online broadcast package includes the first flight user information;
establishing connection between the first Feiqiu user and a second Feiqiu user logged in a local area network based on an online broadcast packet and a preset broadcast packet forwarding rule, wherein the connection comprises the following steps:
s21, judging whether the online broadcast packet conforms to the broadcast packet forwarding rule or not based on the preset broadcast packet forwarding rule;
s22, if yes, sending the online broadcast packet to a second swing user so that the second swing user adds the first swing user information to a user list of the second swing user;
s23, receiving a UDP message fed back by a second flight and autumn user based on the online broadcast packet; the UDP message comprises second flight and autumn user information;
and S24, sending the UDP message to the first swing user, so that the first swing user adds the second swing user information to the user list of the first swing user.
In practical application, the fly-autumn communication is performed by using a UDP protocol in a local area network based on moving target defense, so that the sent message is a UDP message.
The first swing user information may include information such as a user name, a work group, a host name, and an IP address of the first swing user, which is not limited specifically. The second swing user information may include information such as a user name, a work group, a host name, and an IP address of the second swing user, and is not limited specifically.
The online broadcast packet sent by the newly online first flight and autumn user comprises first flight and autumn user information, after the online broadcast packet is received, whether the online broadcast packet sent by the first flight and autumn user meets the broadcast packet forwarding rule is judged according to the broadcast packet forwarding rule, namely whether the online broadcast packet sent by the first flight and autumn user through the port number 2425 is judged, and if not, the online broadcast packet is not sent to the subnet in the local area network, namely the broadcast packet is not broadcast by the subnet in the local area network.
If yes, broadcasting the broadcast packet in a subnet in the local area network, namely sending the online broadcast packet to a second flight and autumn user in the local area network, so that the second flight and autumn user adds first flight and autumn user information included in the online broadcast packet to a user list of the second flight and autumn user after receiving the online broadcast packet; for example, information such as a user name, a work group, and a host name of the first swing user may be added to the user list, which is not limited specifically.
Then, in some possible embodiments, the first flight-autumn user information comprises a first real IP address of the first flight-autumn user;
sending the online broadcast packet to a second swing user, comprising:
modifying a first real IP address in the online broadcast packet into a first virtual IP address corresponding to the first real IP address;
and sending the online broadcast packet comprising the first virtual IP address to a second flight user.
That is, in practical applications, in order to ensure security, all terminal hosts in the local area network based on moving target defense can be allocated to different subnets, and each terminal host uses different subnets and has different real IP addresses when chatting in the local area network by flying autumn; for the convenience of distinction, the real IP address of the first swing user may be called a first real IP address, and the real IP address of the second swing user may be called a second real IP address.
The UDP default flow table is used to process all UDP messages sent from a specific port, for example, a DNS message from a 53 port or a swing message from a 2425 port, so that the DNS service based on the UDP protocol can work normally, and meanwhile, an online broadcast packet from the 2425 port can be broadcast, so that a swing user in the local area network based on the moving target defense can discover a new online swing user, so as to establish a connection between the new online swing user and a registered swing user in the local area network, thereby implementing communication between the new online swing user and the registered swing user in the local area network.
In practical application, after an online broadcast packet is received, firstly, based on a pre-established UDP default flow table, matching the online broadcast packet according to a default port number 2425 of the Feiqiu in the online broadcast packet, namely, matching according to a target IP address, an IP protocol number and a port number in the online broadcast packet, and determining whether the online broadcast packet is the Feiqiu broadcast packet or not by judging whether the IP protocol number is a UDP message, judging whether the port number is the default port 2425 of the Feiqiu and judging whether the target IP address is the broadcast address 255.255.255.255; if yes, the first real IP address in the online broadcast packet is modified into a first virtual IP address corresponding to the first real IP address.
It should be noted that the source IP address and the destination IP address are relative concepts, and do not refer to fixed IP addresses; different source IP addresses and different destination IP addresses are provided for different message senders and receivers; in one case, the first flight-autumn user sends information to the second flight-autumn user, and the source IP address is a first real IP address of the first flight-autumn user or a first virtual IP address corresponding to the first real IP address, and the destination IP address is a second real IP address of the second flight-autumn user or a second virtual IP address corresponding to the second real IP address; in one case, the second fly-autumn user sends information to the first fly-autumn user, and the source IP address is a second real IP address of the second fly-autumn user or a second virtual IP address corresponding to the second real IP address, and the destination IP address is a first real IP address of the first fly-autumn user or a first virtual IP address corresponding to the first real IP address.
And after the first real IP address in the online broadcast packet is modified into the first virtual IP address corresponding to the first real IP address, the online broadcast packet is sent to the second registered Feiqiu user in the local area network, namely the online broadcast packet is broadcasted in the subnet.
It can be understood that, by modifying the first real IP address in the online broadcast packet into the first virtual IP address, not only can the security of the communication between the first femto-user and other femto-users in the local area network be ensured, but also the communication between the femto-users in different subnets in the local area network can be realized.
After the online broadcast packet is sent to the second swing user logged in the local area network, the second swing user adds the first swing user information included in the online broadcast packet to the user list of the second swing user, and simultaneously can send a UDP message to the first virtual IP address included in the online broadcast packet, where the UDP message includes the second swing user information, for example, information such as a user name, a work group, a host name, a second real IP address, and the like of the second swing user, and the specific limitation is not specifically made
After receiving the UDP message fed back by the second swing user, the first swing user needs to further send the UDP message to the second swing user, so that after receiving the UDP message, the first swing user adds the second swing user information in the UDP message to the user list.
In practical application, after receiving the UDP message sent by the second swing user, the UDP message is sent to the first swing user after further processing is required; then, in some possible embodiments, the second flight user information includes a second real IP address of the second flight user; the UDP message comprises a first virtual IP address;
sending the UDP message to a first Feijiu user, comprising:
modifying the first virtual IP address into a first real IP address, and modifying the second real IP address into a second virtual IP address corresponding to the first real IP address;
and based on the first real IP address, sending the UDP message to the first swing user.
That is, the second swing user sends a UDP message to the first virtual IP address included in the online broadcast packet, where the UDP message includes the first virtual IP address; meanwhile, the second swing user information comprises a second real IP address of the second swing user;
in practical application, after receiving the UDP message fed back by the second swing user, matching the UDP message based on the UDP default flow table, that is, determining whether the IP protocol number is the UDP message; if so, modifying the first virtual IP address into a first real IP address corresponding to the first virtual IP address, and modifying the second real IP address of the second swing user into a second virtual IP address corresponding to the second real IP address; and then sending the UDP message to a first swing user according to the first real IP address. It should be noted that the second virtual IP address refers to a broadcast packet that is also sent to the electronic device when the second swing user goes online, so that the electronic device can receive the broadcast packet sent when the second swing user goes online and match the corresponding second virtual IP address according to the second real IP address of the second swing user included in the broadcast packet; and in the current online time period of the second swing user, the second virtual IP address is kept unchanged.
It can be understood that after receiving the UDP message, based on the UDP default flow table, the first virtual IP address and the second virtual IP address included in the UDP message are modified to the corresponding first real IP address and second virtual IP address, and then the UDP message is sent to the first femto user, and the first femto user adds the second femto user information in the UDP message to its user list, so that a connection between the first femto user and the second femto user is established, which is helpful to further implement efficient and secure communication between the first femto user and the second femto user.
In practical application, in order to improve the communication efficiency between the first swing user and the second swing user, a UDP temporary flow table may be further established according to the UDP packet; then, in some possible embodiments, establishing a connection between the first femto-user and a second femto-user logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule further includes:
establishing a first UDP temporary flow table and a second UDP temporary flow table based on the UDP message; the first UDP temporary flow table is used for converting the first real IP address into a first virtual IP address and converting the second virtual IP address into a second real IP address; the second UDP temporary flow table is used to translate the second real IP address to the second virtual IP address and to translate the first virtual IP address to the first real IP address.
That is, after receiving the UDP packet sent by the second swing user, the first UDP temporary flow table and the second UDP temporary flow table may be further established according to the UDP packet.
The UDP temporary flow table is used for maintaining the modification rules of the real IP address and the virtual IP address of the host in the UDP communication state currently in the local area network, the table ensures that the IP addresses of the messages received by the host in the UDP communication are not in a continuous jumping state due to an IP address jumping strategy, and the IP addresses of the host in the UDP communication can be always modified by the fixed IP address based on the information of the UDP temporary flow table, so that the host in the UDP communication can correctly receive the data packet sent by the opposite party, and the IP address of the opposite party is always the IP address when the connection is established due to the maintenance of the temporary flow table; that is, the temporary flow table can maintain the mapping from the real IP address to the virtual IP address of the feijiu user in the current local area network, so that the IP addresses carried by the UDP messages sent by all the feijiu users are static, rather than in a state of changing every moment, and thus the communication between the two users will not be disconnected.
Fig. 3 is a schematic diagram of an IP address hopping policy provided by the present invention, and as shown in fig. 3, a virtual IP address hopping process of a local area network based on moving target defense includes: setting a timer, and executing a virtual IP address hopping program at intervals of a specific time interval t; deleting all IP message processing flow tables in the virtual switch, then randomly generating a new virtual IP address and modifying host information in a stored mapping table, then recycling the old virtual IP address, and finally issuing the new IP message processing flow table to the virtual switch to complete the hopping process of the virtual IP address.
In one case, in communication between the first swing user and the second swing user, when the first swing user sends information to the second swing user, and a message including the information reaches the electronic device, the electronic device may convert the first real IP address included in the message into the first virtual IP address according to the first UDP temporary flow table, and convert the second virtual IP address into the second real IP address.
In one case, in communication between the first swing user and the second swing user, when the second swing user sends information to the first swing user, and a message including the information reaches the electronic device, the electronic device may convert, according to the second UDP temporary flow table, the second real IP address included in the message into the second virtual IP address, and convert the first virtual IP address into the first real IP address.
It can be understood that by establishing the first UDP temporary flow table and the second UDP temporary flow table, information before the swing user in the local area network can be quickly matched and forwarded, and communication efficiency between the swing users in the local area network is improved.
In practical application, after the first and second users in the local area network establish connection, communication can be further performed based on the first UDP temporary flow table and the second UDP temporary flow table; then, fig. 4 is an explanation provided in this specification for step S03, and as shown in fig. 4, in some possible embodiments, forwarding a communication packet between a first flight-autumn user and a second flight-autumn user includes:
s41, receiving a first swing message sent by a first swing user; the first flight-autumn message comprises a first real IP address and a second virtual IP address;
s42, converting the first real IP address into a first virtual IP address and converting the second virtual IP address into a second real IP address based on the first UDP temporary flow table;
s43, based on the second real IP address, sending the first swing message to a second swing user;
s44, receiving a second swing message fed back by a second swing user based on the first swing message; the second flight autumn message comprises a second real IP address and a first virtual IP address;
s45, converting the second real IP address into a second virtual IP address based on the second UDP temporary flow table, and converting the first virtual IP address into the first real IP address;
and S46, sending the second swing message to the first swing user based on the first real IP address.
That is, the flight-autumn message refers to an information message transmitted when the first flight-autumn user and the second flight-autumn user perform communication, and for convenience of description, the information message transmitted by the first flight-autumn user to the second flight-autumn user may be used as the first flight-autumn message, and the information message transmitted by the second flight-autumn user to the first flight-autumn user may be used as the second flight-autumn message.
In practical application, when a first swing user and a second swing user communicate with each other, the first swing user sends a first swing message to the electronic device, where the first swing message includes a first real IP address of the first swing user and a second virtual IP address of the second swing user.
After receiving the first swing message, the electronic device may match the first swing message based on a first UDP temporary flow table, convert a first real IP address of the first swing user into a first virtual IP address of the first swing user, and convert a second virtual IP address of the second swing user into a second real IP address of the second swing user; and then the first swing message is sent to the second swing user based on the second real IP address, so that the first swing message is sent to the second swing user by the first swing user.
Similarly, after receiving the first fly-autumn message, the second fly-autumn user may feed back a second fly-autumn message based on the first fly-autumn message, and send the second fly-autumn message to the electronic device, where the second fly-autumn message includes a second real IP address of the second fly-autumn user and a first virtual IP address of the first fly-autumn user.
After receiving the second swing message, the electronic device may match the second swing message based on a second UDP temporary flow table, convert the second real IP address of the second swing user into a second virtual IP address of the second swing user, and convert the first virtual IP address of the first swing user into a first real IP address of the first swing user; and then, based on the first real IP address, the second swing message is sent to the first swing user, so that the second swing message is sent to the first swing user by the second swing user.
It can be understood that, the first flight-autumn user and the second flight-autumn user in the local area network communicate based on the first UDP temporary flow table and the second UDP temporary flow table, so that the communication efficiency and the communication safety are improved.
In practical application, after the communication between the first flight and autumn user and the second flight and autumn user in the local area network is completed, the connection between the first flight and autumn user and the second flight and autumn user may need to be disconnected; then, in some possible embodiments, the method further comprises:
receiving an offline broadcast packet sent by a first swing user;
and deleting the first UDP temporary flow table and the second UDP temporary flow table, and sending the offline broadcast packet to the second swing user so as to disconnect the communication between the first swing user and the second swing user.
That is, the offline broadcast packet refers to a broadcast packet that informs other femto subscribers of an offline message within the local area network.
When the first swing user needs to go offline, an offline broadcast packet may be sent to the electronic device, where the offline broadcast packet may include information of a user name, a work group, a first real IP address, a port number, an offline identifier, and the like of the first swing user, and is not limited specifically.
After receiving the offline broadcast packet, it may first be determined whether the offline broadcast packet conforms to a broadcast packet forwarding rule; and if not, not sending the offline broadcast packet to the second user.
And if so, matching the offline broadcast packet based on a UDP default flow table, and modifying the first real IP address in the offline broadcast packet into a first virtual IP address corresponding to the first real IP address. And then based on sending the offline broadcast packet to a second femto-subscriber in the local area network, deleting the first UDP temporary flow table and the second UDP temporary flow table at the same time.
And after receiving the off-line broadcast packet, the second flight and autumn user in the local area network deletes the first flight and autumn user information in the user list, so that the first flight and autumn user and the second flight and autumn user are disconnected in communication.
Similarly, the second swing user offline process in the local area network is the same as the first swing user offline process.
Fig. 5 is a flow chart illustrating an exemplary embodiment of a communication method provided herein; as shown in fig. 5, the swing user a is a new online user in the local area network, that is, the swing user a is equivalent to a first swing user, and the swing user B is a logged-in user in the local area network, that is, the swing user B is equivalent to a second swing user; in the embodiment, the communication between the swing user A and the swing user B is realized by adopting an SDN switch; the SDN switch is provided with OpenvSwitch to have a virtual switch function, so that the SDN switch is called a virtual switch machine; ryu is also installed to have SDN controller functionality. The SDN switch provides DHCP service, and real IP addresses of all terminals in the local area network can be distributed to different network segments. The communication process between the swing user A and the swing user B is as follows:
s1, starting the swing communication software by a swing user A in the local area network, wherein the swing communication software uses a UDP protocol to send a broadcast packet representing the online notification of the swing communication software to the broadcast address 255.255.255.255, and the default port is 2425; the broadcast content includes information such as a user name, a workgroup, a host name, a real IP address of the user a, and the like of the current user a, and is not limited specifically.
And S2, the broadcast packet arrives at the switch and is matched with a UDP default flow table in the switch, the virtual switch uploads the broadcast packet to the Ryu controller, the Ryu controller matches the broadcast packet according to the default port 2425 in the broadcast packet, the real IP address of the user A in the broadcast packet is modified to be the virtual IP address of the user A, and global broadcasting is carried out.
S3, after receiving the broadcast packet through 2425 port, the swing user B who has started swing adds the information of the user name, work group, etc. of the swing user a to its own user list, and sends a UDP packet containing the native information to the virtual IP address of the user a of the broadcast packet.
And S4, matching the virtual switch with the UDP default flow table after the UDP message reaches the virtual switch, and uploading the UDP message to the Ryu controller for processing. And the Ryu controller modifies the virtual IP address of the user A in the UDP message into a corresponding real IP address of the user A, modifies the real IP address of the user B into a corresponding virtual IP address of the user B, sends the UDP message to the real IP address of the user A, and establishes a first UDP temporary flow table and a second UDP temporary flow table according to the UDP message matching rule and sends the first UDP temporary flow table and the second UDP temporary flow table to the virtual switch so that the virtual switch can be directly matched and forwarded.
And S5, when the UDP message reaches the first Feiqiu user A sending the Feiqiu discovery broadcast message, the Feiqiu user A adds the information of the user name, the working group, the opposite party IP address and the like of the user B in the own Feiqiu user list according to the UDP message. Therefore, the purpose that the flight-autumn users find each other is achieved, namely the flight-autumn user A and the flight-autumn user B establish connection.
S6, the Feiqiu user A sends chat information to the Feiqiu user B in the user list, a Feiqiu message carrying the chat information is sent, the source IP address is the real IP address of the Feiqiu user A, the destination IP address is the virtual IP address of the Feiqiu user B stored in the user list, the default port is 2425, and after the message reaches the virtual switch, the virtual switch modifies the real IP address of the Feiqiu user A of the Feiqiu message into the virtual IP address of the Feiqiu user A corresponding to the real IP address of the Feiqiu user A and the virtual IP address of the Feiqiu user B into the real IP address of the Feiqiu user B corresponding to the virtual IP address of the Fei.
S7, the flight-autumn message reaches the corresponding host of the flight-autumn user B according to the real IP address of the flight-autumn user B, the flight-autumn user B judges that the flight-autumn message is the information sent by the flight-autumn user A in the user list according to the virtual IP address of the flight-autumn user A of the flight-autumn message, and the process that the flight-autumn user B sends chat information to the flight-autumn user A is the same as S6 and S7; the communication between the swing user A and the swing user B is realized.
And S8, when the swing user B exits swing, sending an offline broadcast packet to 255.255.255.255 by using a UDP (user Datagram protocol) protocol like online, wherein the offline broadcast packet contains the user name, the workgroup, the IP address and the offline identification of the user B, and the default port is 2425. After the offline broadcast packet reaches the virtual switch, the virtual switch is matched with a UDP default flow table, the offline broadcast packet is uploaded to the Ryu controller, the Ryu controller modifies the real IP address of the fly-autumn user B of the offline broadcast packet into the corresponding virtual IP address of the fly-autumn user B, and the offline packet is broadcast and sent. Meanwhile, the relevant UDP temporary flow table in the virtual switch is deleted.
After receiving the offline broadcast packet, the other swing users in the local area network delete the corresponding user B in the offline broadcast packet from the user list, and the communication between the swing user a and the swing user B is disconnected.
It should be noted that the method of one or more embodiments of the present disclosure may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may perform only one or more steps of the method of one or more embodiments of the present disclosure, and the devices may interact with each other to complete the method.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Fig. 6 is a schematic structural diagram of a communication device provided in the present specification; as shown in fig. 6, the apparatus includes:
the receiving module 61 is used for receiving an online broadcast packet sent by a first newly online autumn-flying user in the local area network; the local area network is based on moving target defense;
the connection establishing module 62 is configured to establish a connection between the first flight and autumn user and a second registered flight and autumn user in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule;
the communication message forwarding module 63 is configured to forward a communication message between the first swing user and the second swing user, so as to implement communication between the first swing user and the second swing user.
In one possible embodiment, the online broadcast packet includes first flight and autumn user information;
a connection establishing module 62, comprising:
the judging unit is used for judging whether the online broadcast packet conforms to the broadcast packet forwarding rule or not based on the preset broadcast packet forwarding rule;
the broadcast packet sending unit is used for sending the online broadcast packet to the second swing user if the online broadcast packet meets the broadcast packet forwarding rule, so that the second swing user adds the first swing user information to a user list of the second swing user;
the UDP message receiving unit is used for receiving a UDP message fed back by the second Feiqiu user based on the online broadcast packet; the UDP message comprises second flight and autumn user information;
and the UDP message sending unit is used for sending the UDP message to the first swing user so that the first swing user adds the second swing user information to the user list of the first swing user.
As an embodiment, the first flight-autumn user information includes a first real IP address of the first flight-autumn user;
the broadcast packet sending unit is specifically configured to:
modifying a first real IP address in the online broadcast packet into a first virtual IP address corresponding to the first real IP address;
and sending the online broadcast packet comprising the first virtual IP address to a second flight user.
In one possible embodiment, the second flight user information includes a second real IP address of the second flight user; the UDP message comprises a first virtual IP address;
the UDP packet sending unit is specifically configured to:
modifying the first virtual IP address into a first real IP address, and modifying the second real IP address into a second virtual IP address corresponding to the first real IP address;
and based on the first real IP address, sending the UDP message to the first swing user.
As an embodiment, the establishing connection module 62 further includes:
a UDP temporary flow table establishing unit configured to establish a first UDP temporary flow table and a second UDP temporary flow table based on the UDP packet; the first UDP temporary flow table is used for converting the first real IP address into a first virtual IP address and converting the second virtual IP address into a second real IP address; the second UDP temporary flow table is used to translate the second real IP address to the second virtual IP address and to translate the first virtual IP address to the first real IP address.
In a possible implementation manner, the communication packet forwarding module 63 is specifically configured to:
receiving a first swing message sent by a first swing user; the first swing message comprises the first real IP address and the second virtual IP address;
converting the first real IP address into a first virtual IP address and converting the second virtual IP address into a second real IP address based on the first UDP temporary flow table;
based on the second real IP address, sending the first swing message to a second swing user;
receiving a second swing message fed back by a second swing user based on the first swing message; the second flight autumn message comprises a second real IP address and a first virtual IP address;
converting the second real IP address into a second virtual IP address and converting the first virtual IP address into a first real IP address based on a second UDP temporary flow table;
and sending the second swing message to the first swing user based on the first real IP address.
As an embodiment, the receiving module 61 is further configured to receive an offline broadcast packet sent by a first swing user;
the apparatus further includes a disconnection module (not shown in the figure) configured to delete the first UDP temporary flow table and the second UDP temporary flow table, and send the offline broadcast packet to the second femto-user, so that the first femto-user and the second femto-user are disconnected from communication.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the modules may be implemented in the same one or more software and/or hardware implementations in implementing one or more embodiments of the present description.
The apparatus of the foregoing embodiment is used to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
One or more embodiments of the present specification also provide an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the communication method according to any one of the above when executing the program.
Fig. 7 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
One or more embodiments of the present specification also provide a non-transitory computer-readable storage medium storing computer instructions for causing the computer to perform any of the communication methods described above.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the spirit of the present disclosure, features from the above embodiments or from different embodiments may also be combined, steps may be implemented in any order, and there are many other variations of different aspects of one or more embodiments of the present description as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures, for simplicity of illustration and discussion, and so as not to obscure one or more embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the understanding of one or more embodiments of the present description, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the one or more embodiments of the present description are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that one or more embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
It is intended that the one or more embodiments of the present specification embrace all such alternatives, modifications and variations as fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of one or more embodiments of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A method of communication, the method comprising:
receiving an online broadcast packet sent by a first newly online autumn flying user in a local area network; the local area network is based on moving target defense;
establishing connection between the first swing user and a second swing user logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule;
and forwarding the communication message between the first swing user and the second swing user so as to realize the communication between the first swing user and the second swing user.
2. The communication method according to claim 1, wherein the online broadcast packet includes first femto subscriber information;
the establishing of the connection between the first swing user and the second swing user logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule includes:
judging whether the online broadcast packet conforms to a broadcast packet forwarding rule or not based on a preset broadcast packet forwarding rule;
if so, sending the online broadcast packet to the second swing user so that the second swing user adds the first swing user information to a user list of the second swing user;
receiving a UDP message fed back by the second swing user based on the online broadcast packet; the UDP message comprises second flight and autumn user information;
and sending the UDP message to the first swing user, so that the first swing user adds the second swing user information to a user list of the first swing user.
3. The communication method according to claim 2, wherein the first flight-autumn user information includes a first real IP address of the first flight-autumn user;
the sending the online broadcast packet to the second swing user includes:
modifying the first real IP address in the online broadcast packet into a first virtual IP address corresponding to the first real IP address;
and sending the online broadcast packet comprising the first virtual IP address to the second swing user.
4. The communication method according to claim 3, wherein the second flight-autumn user information includes a second real IP address of the second flight-autumn user; the UDP message comprises a first virtual IP address;
the sending the UDP packet to the first fall user includes:
modifying the first virtual IP address into a first real IP address, and modifying the second real IP address into a second virtual IP address corresponding to the second real IP address;
and sending the UDP message to the first swing user based on the first real IP address.
5. The communication method according to claim 4, wherein the establishing of the connection between the first femto-user and the second femto-user logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule further comprises:
establishing a first UDP temporary flow table and a second UDP temporary flow table based on the UDP message; wherein the first UDP temporary flow table is used to translate the first real IP address to the first virtual IP address and the second virtual IP address to the second real IP address; the second UDP temporary flow table is used to translate the second real IP address to a second virtual IP address and translate the first virtual IP address to the first real IP address.
6. The communication method according to claim 5, wherein the forwarding the communication packet between the first femto-user and the second femto-user comprises:
receiving a first swing message sent by the first swing user; wherein the first swing message includes the first real IP address and the second virtual IP address;
converting the first real IP address to the first virtual IP address and the second virtual IP address to the second real IP address based on the first UDP temporary flow table;
based on the second real IP address, sending the first swing message to the second swing user;
receiving a second swing message fed back by the second swing user based on the first swing message; wherein the second swing message includes the second real IP address and the first virtual IP address;
converting the second real IP address to a second virtual IP address and the first virtual IP address to the first real IP address based on the second UDP temporary flow table;
and sending the second swing message to the first swing user based on the first real IP address.
7. The communication method of claim 5, wherein the method further comprises:
receiving an offline broadcast packet sent by the first swing user;
deleting the first UDP temporary flow table and the second UDP temporary flow table, and sending the offline broadcast packet to the second swing user, so that the first swing user and the second swing user are disconnected in communication.
8. A communications apparatus, the apparatus comprising:
the receiving module is used for receiving an online broadcast packet sent by a first newly online autumn flying user in the local area network; the local area network is based on moving target defense;
the connection establishing module is used for establishing the connection between the first swing user and a second swing user which is logged in the local area network based on the online broadcast packet and a preset broadcast packet forwarding rule;
and the communication message forwarding module is used for forwarding the communication message between the first flight-autumn user and the second flight-autumn user so as to realize the communication between the first flight-autumn user and the second flight-autumn user.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the program.
10. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010093628.6A CN111405560B (en) | 2020-02-14 | 2020-02-14 | Communication method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010093628.6A CN111405560B (en) | 2020-02-14 | 2020-02-14 | Communication method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111405560A true CN111405560A (en) | 2020-07-10 |
| CN111405560B CN111405560B (en) | 2021-11-02 |
Family
ID=71430328
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010093628.6A Active CN111405560B (en) | 2020-02-14 | 2020-02-14 | Communication method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111405560B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112616171A (en) * | 2020-12-11 | 2021-04-06 | 深圳市越疆科技有限公司 | Communication method and device based on wireless local area network and computer readable storage medium |
| CN113497765A (en) * | 2021-09-08 | 2021-10-12 | 中兴通讯股份有限公司 | Method and device for route management, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106375361A (en) * | 2015-07-24 | 2017-02-01 | 中兴通讯股份有限公司 | Method of transmitting file between terminals, mobile terminal and wireless routing device |
| US20180227374A1 (en) * | 2011-12-16 | 2018-08-09 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to identify media presentation devices |
| CN109450921A (en) * | 2018-11-29 | 2019-03-08 | 北京北信源信息安全技术有限公司 | Network status monitoring method, apparatus, storage medium and server |
| CN110611671A (en) * | 2019-09-12 | 2019-12-24 | 北京邮电大学 | Local area network communication method and device based on moving target defense |
-
2020
- 2020-02-14 CN CN202010093628.6A patent/CN111405560B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180227374A1 (en) * | 2011-12-16 | 2018-08-09 | The Nielsen Company (Us), Llc | Systems, methods, and apparatus to identify media presentation devices |
| CN106375361A (en) * | 2015-07-24 | 2017-02-01 | 中兴通讯股份有限公司 | Method of transmitting file between terminals, mobile terminal and wireless routing device |
| CN109450921A (en) * | 2018-11-29 | 2019-03-08 | 北京北信源信息安全技术有限公司 | Network status monitoring method, apparatus, storage medium and server |
| CN110611671A (en) * | 2019-09-12 | 2019-12-24 | 北京邮电大学 | Local area network communication method and device based on moving target defense |
Non-Patent Citations (2)
| Title |
|---|
| 赫赫小虾: "飞秋的实现原理", 《HTTPS://WWW.CNBLOGS.COM/HEHEXIAOXIA/P/4108403.HTML》 * |
| 酷兒: "飞秋实现的原理", 《HTTPS://BLOG.CSDN.NET/UFE_1/ARTICLE/DETAILS/47170615》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112616171A (en) * | 2020-12-11 | 2021-04-06 | 深圳市越疆科技有限公司 | Communication method and device based on wireless local area network and computer readable storage medium |
| CN112616171B (en) * | 2020-12-11 | 2024-03-01 | 深圳市越疆科技有限公司 | Communication method and device based on wireless local area network and computer readable storage medium |
| CN113497765A (en) * | 2021-09-08 | 2021-10-12 | 中兴通讯股份有限公司 | Method and device for route management, electronic equipment and storage medium |
| CN113497765B (en) * | 2021-09-08 | 2021-11-30 | 中兴通讯股份有限公司 | Method and device for route management, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111405560B (en) | 2021-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11646974B2 (en) | Systems and methods for end point data communications anonymization for a communications hub | |
| US11451510B2 (en) | Method and apparatus for processing service request | |
| US10158998B2 (en) | Network path probing using available network connections | |
| CN105376299B (en) | Network communication method, equipment and network attached storage equipment | |
| CN105491060A (en) | Method and device for defending attack of distribution denial of service (DDOS), client and defense device | |
| CN105430059A (en) | Smart client routing | |
| WO2018044657A1 (en) | Communications hub | |
| CN106921578B (en) | Method and device for generating forwarding table item | |
| CN111405560B (en) | Communication method, device, equipment and storage medium | |
| GB2482268A (en) | Mobile terminal and peer-to-peer mode based data transmission method thereof | |
| CN111786867B (en) | Data transmission method and server | |
| CN111786869B (en) | Data transmission method between servers and server | |
| CN104917605A (en) | Key negotiation method and device during terminal device switching | |
| KR20120036973A (en) | Method for providing information, home gateway and home network system | |
| US10797993B2 (en) | Overlay network identity-based relay | |
| CN104883339A (en) | User privacy protecting method, equipment and system thereof | |
| CN116471586A (en) | Data processing method, device and readable storage medium | |
| CN103746768A (en) | Data packet identification method and equipment thereof | |
| Naito et al. | End-to-end IP mobility platform in application layer for iOS and Android OS | |
| CN103227822A (en) | Method for establishing P2P communication connection and equipment | |
| KR20140092630A (en) | User's device, communication server and control method thereof | |
| CN104301197B (en) | It is a kind of to realize the method and system mutually found between user multiple terminals | |
| US20230171673A1 (en) | Method and system for routing an internet protocol data packet between wireless computer devices connected to a cellular network | |
| CN111988282B (en) | Data transmission system, method, electronic device and medium based on TCP | |
| CN101686265B (en) | Network equipment, network system and method for establishing data communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |