CN112350961A - Message processing method and device, electronic equipment and readable storage medium - Google Patents
Message processing method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN112350961A CN112350961A CN202011257807.5A CN202011257807A CN112350961A CN 112350961 A CN112350961 A CN 112350961A CN 202011257807 A CN202011257807 A CN 202011257807A CN 112350961 A CN112350961 A CN 112350961A
- Authority
- CN
- China
- Prior art keywords
- message
- voice
- mac address
- lldp
- source mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/35—Switches specially adapted for specific applications
- H04L49/354—Switches specially adapted for specific applications for supporting virtual local area networks [VLAN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
- H04L12/4645—Details on frame tagging
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/66—Layer 2 routing, e.g. in Ethernet based MAN's
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/25—Routing or path finding in a switch fabric
- H04L49/253—Routing or path finding in a switch fabric using establishment or release of connections between ports
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a message processing method, a message processing device, an electronic device and a readable storage medium, wherein the message processing method comprises the following steps: receiving a Link Layer Discovery Protocol (LLDP) message from opposite-end equipment; judging whether the opposite terminal equipment sending the LLDP message is a voice equipment or not; if the voice equipment exists, acquiring a source MAC address from the LLDP message; determining that a source MAC address is in a preset MAC address field; establishing a corresponding table entry of a port for receiving an LLDP message and a source MAC address; and sending the data to a switching chip. The LLDP message may be acquired from the peer device, and after determining that the peer device is a voice device, the source MAC address of the LLDP message is acquired, and is compared with the preset MAC address field to determine whether the source MAC address is within the preset MAC address field. If so, a corresponding table entry of the port and the source MAC address can be established and issued to the switching chip. By the method, the corresponding table item which accurately reflects the MAC address can be generated, and the voice message can be judged according to the corresponding table item, so that the safety of message transmission can be improved.
Description
Technical Field
The present application relates to the field of data transmission, and in particular, to a method and an apparatus for processing a packet, an electronic device, and a readable storage medium.
Background
The situation that service data traffic and voice data traffic coexist commonly exists in a network, and in order to ensure the call quality, the voice data traffic generally needs to have a higher transmission priority than the service data traffic. In the prior art, the transmission priority of Voice data traffic is guaranteed by a Voice-VLAN technology. Voice-VLAN is a VLAN that partitions the Voice data traffic for the user. The Voice data is transmitted in a centralized manner in the Voice-VLAN, in which the priority of the Voice data stream is higher.
In the conventional Voice-VLAN technology, for a message forwarded in a Voice-VLAN, if a source Media Access Control (MAC) address of the message is in a white list of a switch, the switch may increase a priority of the message to a preset value. If the source MAC address of the message is not in the white list of the switch, but the tag value of the message is a value corresponding to the Voice VLAN, the message can still be transmitted in the Voice VLAN, but the priority of the message is not adjusted.
Due to the above-mentioned characteristics of Voice-VLAN technology, the following security risks may be caused:
for the purpose of network attack, a lawbreaker can use a computer or a communication device to construct a large number of messages with tag values corresponding to the Voice VLAN, and forward the messages in the Voice VLAN, thereby occupying the bandwidth of the Voice VLAN and affecting the transmission of normal Voice messages.
Or the lawbreaker modifies the source MAC address of the attack message by using the computer or the communication equipment, modifies the source MAC address of the attack message into the MAC address in the white list, and improves the transmission priority of the attack message, thereby occupying the bandwidth of the Voice VLAN and influencing the transmission of the normal Voice message.
Therefore, the prior art has lower security when transmitting voice messages.
Disclosure of Invention
An object of the embodiments of the present application is to provide a message processing method, an apparatus, an electronic device, and a readable storage medium, so as to solve the problem of low security of transmitting a voice message in the prior art.
In a first aspect, an embodiment of the present application provides a message processing method, which is applied to a switch, and the method includes: receiving a Link Layer Discovery Protocol (LLDP) message from opposite-end equipment; judging whether the opposite terminal equipment sending the LLDP message is a voice equipment or not; if the opposite terminal device sending the LLDP message is a voice device, acquiring a source MAC address from the LLDP message; determining that the source MAC address is in a preset MAC address field; establishing a corresponding table entry of a port for receiving the LLDP message and the source MAC address; and issuing the corresponding table entry to a switching chip.
In the foregoing embodiment, for the switch, the LLDP packet may be obtained from the peer device, and it is determined whether the peer device that sends the LLDP packet is a voice device; after determining that the opposite terminal device sending the LLDP message is the voice device, acquiring a source MAC address of the LLDP message, comparing the source MAC address with a preset MAC address field, and judging whether the source MAC address is in the preset MAC address field. If so, a corresponding table entry with a mapping relation between the port for receiving the LLDP message and the source MAC address may be established, and the table entry is issued to the switch chip. By the method, the corresponding table item which accurately reflects the MAC address can be generated, and the voice message can be judged according to the corresponding table item, so that the safety of message transmission can be improved.
In a possible design, the determining whether the peer device sending the LLDP packet is a voice device includes: extracting a preset field from the LLDP message; judging whether the preset field is a preset value or not; and if the preset field is a preset value, judging that the device sending the LLDP message is a voice device.
In the foregoing embodiment, when determining whether the device sending the LLDP message is a voice device, the determination may be performed according to a specific value of a preset field in the LLDP message, and if the preset field is a preset value, it may be determined that the device sending the LLDP message is a voice device.
In one possible design, the method further includes: receiving a voice message sent by the opposite terminal equipment; acquiring a source MAC address of the voice message; judging whether a hardware table item matched with the source MAC address exists in a switching chip or not; if yes, forwarding the Voice message in the Voice VLAN to which the port in the hardware table entry belongs; otherwise, the voice message is discarded.
In the foregoing embodiment, a source MAC address is obtained from a Voice packet, and it is determined whether the source MAC address is consistent with a mapping MAC address corresponding to a port number of a port through which the Voice packet passes in a hardware forwarding table entry, and if so, the Voice packet may be forwarded in a Voice VLAN through the port. Whether the Voice message is a normal Voice message or not is judged through a source MAC address in the Voice message, so that messages with tag values corresponding to the Voice VLAN but illegal MAC addresses can be avoided, messages with legal MAC addresses but port numbers passing through the messages not in hardware forwarding table entries can be avoided, the bandwidth of the Voice VLAN is not occupied easily, and normal Voice message transmission is smoother.
In one possible design, before forwarding the Voice packet in the Voice VLAN corresponding to the port in the corresponding entry, the method further includes: and determining that the port in the hardware table entry belongs to the Voice VLAN.
In the above embodiment, before determining that the Voice message is a normal Voice message and forwarding the normal Voice message in the Voice VLAN, it is further required to determine that the port belongs to the Voice VLAN. The port can be judged whether to start the support of the Voice VLAN, if not, the support of the Voice VLAN is automatically started, thereby ensuring the smooth transmission of normal Voice messages.
In a second aspect, an embodiment of the present application provides a packet processing apparatus, which is applied to a switch, and the apparatus includes: a message receiving module, configured to receive a link layer discovery protocol LLDP message from an opposite-end device; the message processing module is used for judging whether the opposite terminal equipment which sends the LLDP message is the voice equipment or not; and if the opposite terminal device sending the LLDP message is a voice device, acquiring a source MAC address from the LLDP message; the table item processing module is used for determining that the source MAC address is in a preset MAC address field; establishing a corresponding table entry of a port for receiving the LLDP message and the source MAC address; and issuing the corresponding table entry to a switching chip.
In one possible design, the message processing module is specifically configured to: extracting a preset field from the LLDP message; judging whether the preset field is a preset value or not; and if the preset field is a preset value, judging that the device sending the LLDP message is a voice device.
In one possible design, the apparatus further includes a packet forwarding module: the message receiving module is further configured to receive a voice message sent by the peer device; the message forwarding module is used for acquiring a source MAC address of the voice message; judging whether a hardware table item matched with the source MAC address exists in a switching chip or not; when a hardware table entry matched with the source MAC address exists in the exchange chip, forwarding the Voice message in a Voice VLAN to which a port in the hardware table entry belongs; and when the hardware table item matched with the source MAC address does not exist in the exchange chip, discarding the voice message.
In one possible design, the apparatus further includes: and the VLAN determining module is used for determining that the port belongs to the Voice VLAN.
In a third aspect, the present application provides an electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory communicating via the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the method of the first aspect or any of the alternative implementations of the first aspect.
In a fourth aspect, the present application provides a readable storage medium having stored thereon a computer program which, when executed by a processor, performs the method of the first aspect or any of the optional implementations of the first aspect.
In a fifth aspect, the present application provides a computer program product which, when run on a computer, causes the computer to perform the method of the first aspect or any possible implementation manner of the first aspect.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flow chart of a message processing method according to an embodiment of the present application;
fig. 2 shows a schematic flowchart of a specific step of step S20 in fig. 1;
fig. 3 is a schematic flowchart of a specific implementation of a message processing method according to an embodiment of the present application;
fig. 4 shows an application scenario diagram of a message processing method provided in the embodiment of the present application;
fig. 5 is a diagram illustrating another application scenario in which the message processing method according to the embodiment of the present application is located;
fig. 6 is a schematic structural block diagram of a message processing apparatus according to an embodiment of the present application.
Detailed Description
In the comparison embodiment, for the message forwarded in the Voice-VLAN, if the source MAC address of the message is in the white list of the switch, the switch will increase the priority of the message to a preset value, and then forward the message in the Voice VLAN.
Specifically, for a packet with a source MAC address in the white list of the switch:
if the message is an untag message, the switch marks a tag corresponding to the Voice VLAN for the untag message, then improves the transmission priority of the tag-marked message to a preset value, and forwards the message in the Voice VLAN.
If the message is a tag message and the tag value is a value corresponding to the Voice VLAN, the transmission priority of the tag message is increased to a preset value, and the message is forwarded in the Voice VLAN.
For a message with a source MAC address not in the white list of the switch, if the tag value of the message is the value corresponding to the Voice VLAN, the message can still be transmitted in the Voice VLAN, and only the priority of the message cannot be adjusted.
The lawless person would use the above characteristics of Voice-VLAN technology in the comparative example to perform a network attack:
lawless persons can construct a large number of messages with tag values being the values corresponding to the Voice VLAN by using a computer or communication equipment, and forward the messages in the Voice VLAN, so that the bandwidth of the Voice VLAN is occupied, and the transmission of normal Voice messages is influenced.
Or the lawbreaker modifies the source MAC address of the attack message by using the computer or the communication equipment, modifies the source MAC address of the attack message into the MAC address in the white list, and improves the transmission priority of the attack message, thereby occupying the bandwidth of the Voice VLAN and influencing the transmission of the normal Voice message.
The message processing method provided by the embodiment of the application can improve the safety of message transmission by generating the corresponding table item which accurately reflects the MAC address and judging the voice message according to the corresponding table item.
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Referring to fig. 1, fig. 1 is a flowchart illustrating a message processing method according to an embodiment of the present application, where the method may be executed by a switch, and specifically includes the following steps S10 to S60:
step S10, receiving a link layer discovery protocol LLDP message from the peer device.
A Link Layer Discovery Protocol (LLDP) message may be sent to the switch through a voice device, or may be sent to the switch through other communication devices. The device which needs to send the LLDP message in the embodiment of the present application is a voice device. The input end of the voice device can be connected with a PC or other communication devices, or can not be connected with the PC or other communication devices.
Before step S10, the LLDP function should be enabled at the switch, and the LLDP function should also be enabled at the device that sends the LLDP message, so that the LLDP message can be sent from the device to the switch.
Step S20, determining whether the peer device sending the LLDP packet is a voice device, if yes, executing step S30.
Optionally, referring to fig. 2, in an embodiment, the step S20 specifically includes the following steps S21 to S23:
and step S21, extracting preset fields from the LLDP message.
Step S22, determining whether the preset field is a preset value, if yes, executing step S23.
And step S23, determining that the device sending the LLDP message is a voice device.
Optionally, in an embodiment, the preset field in the LLDP message may be a telephone field in the capabilities field in the MED-tlv field. And judging whether the preset field is a preset value, specifically judging whether the telephone field is 1. If the telephone field is 1, indicating that the device sending the LLDP message is a voice device; and if the telephone field is 0, indicating that the device sending the LLDP message is not a voice device.
Optionally, in another embodiment, the preset field may be an Application Type in a Network Policy field in the MED-tlv field, and the preset value may be any one of the following values: voice, Voice Signaling, Guest Voice Signaling, Softphone Voice, Video conference, Streaming Video, Video Signaling. If the value of the Application Type in the Network Policy field in the MED-tlv field is any one of the preset values, indicating that the device sending the LLDP message is a voice device; and if the value of the Application Type in the Network Policy field in the MED-tlv field is not any one of the preset values, indicating that the device sending the LLDP message is not a voice device.
When determining whether the device sending the LLDP message is the voice device, the determination may be performed according to a specific value of a preset field in the LLDP message, and if the preset field is a preset value, it may be determined that the device sending the LLDP message is the voice device, and step S30 is executed.
Step S30, obtaining a source MAC address from the LLDP message.
Step S40, determining that the source MAC address is in a preset MAC address field.
The preset MAC address field can be a MAC address field with continuous addresses, and the MAC address field can be conveniently configured by operation and maintenance personnel.
If the source MAC address is in the preset MAC address field, it means that the voice device sending the LLDP packet is an authenticated voice device, and step S50 may be executed; if the source MAC address is not within the preset MAC address range, it means that the voice device sending the LLDP message is an unauthenticated voice device, and step S50 may not be executed.
Step S50, establishing the corresponding table item of the port for receiving the LLDP message and the source MAC address.
And step S60, issuing the corresponding table entry to the switch chip.
Specifically, the corresponding table entry includes a corresponding relationship between a port number of a port through which the LLDP message passes and a source MAC address of the LLDP message. The source MAC address within the preset range of MAC address fields can be sent to the switch chip by issuing the corresponding table entry to the switch chip of the switch.
The switching chip can store the corresponding table entry and store a plurality of corresponding table entries in the above manner, each corresponding table entry has a corresponding relationship between a port number through which the voice message passes and a source MAC address which the voice message should have, and the storage of the plurality of corresponding table entries can prevent message attacks transmitted from other unauthenticated ports of the switch. If the MAC address of the voice message is replaced by the address in the preset MAC address field range by the PC or other communication equipment, but the source MAC address of the voice message is not consistent with the MAC address corresponding to the port number of the port through which the voice message passes, the abnormal voice message of the voice message can be identified, and the normal communication of the voice message is effectively ensured.
By the mode, the operation and maintenance personnel do not need to configure the MAC addresses of the voice devices accessed to the switch into the switch one by one, and the workload of the operation and maintenance personnel is reduced well.
For example, for Cisco voice devices, the MAC address field is 0003-6b00-0000 to 0003-6bFF-FFFF, if a plurality of voice devices to be accessed to the switch are all Cisco voice devices, the operator only needs to configure the initially selected white list range to be 0003-6b00-0000 to 0003-6bFF-FFFF, and does not need to configure the voice devices to be accessed to the switch one by one in the switch.
For each port of a plurality of ports of the switch, acquiring an LLDP message transmitted from the port, and judging whether a device sending the LLDP message is a voice device; and after the device for sending the LLDP message is determined to be the voice device, acquiring a source MAC address of the LLDP message, comparing the source MAC address with a preset MAC address field, and judging whether the source MAC address is in the preset MAC address field. If so, corresponding table entries may be generated, where each corresponding table entry has a corresponding relationship between a port number through which the voice message passes and a source MAC address that the voice message should have, where the source MAC address that the voice message should have refers to a source MAC of an LLDP message sent through the port. By the method, more accurate corresponding table items can be generated, and the voice message can be judged according to the corresponding table items, so that the safety of message transmission can be improved.
Optionally, referring to fig. 3, in an embodiment of the present application, the following steps S110 to S150 may be further included:
step S110, receiving the voice packet sent by the peer device.
The voice message is a message for transmitting voice data traffic, and the voice message may be sent to the switch 200 by the user through the voice device 100, for details, see fig. 4; it may also be sent by the user through the PC 300 or other communication device (not shown) to the switch 200 via the voice device 100, see fig. 5 for details. The particular device that sends the voice message should not be construed as limiting the application.
Step S120, obtaining the source MAC address of the voice message.
Step S130, judging whether a hardware table item matched with the source MAC address exists in the exchange chip, if so, executing step S140; if not, go to step S150.
Judging whether the source MAC address of the voice message is consistent with the MAC address corresponding to the port number of the port through which the voice message passes in the hardware table entry, if so, determining that the message is the voice message sent by the authenticated voice equipment, and executing the step S140; if not, it indicates that the port through which the message passes is authenticated but the device sending the message is not an authenticated device, and step S150 is executed.
Step S140, forwarding the Voice message in the Voice VLAN to which the port in the hardware table entry belongs.
And step S150, discarding the voice message.
If any of the port number or the source MAC address does not correspond to the hardware entry, the voice packet may be discarded. By judging whether the source MAC address of the Voice message is consistent with the MAC address corresponding to the port number of the port through which the Voice message passes in the hardware table entry or not, the messages with tag values corresponding to the Voice VLAN but illegal MAC addresses can be avoided, and the messages with legal MAC addresses but illegal port numbers through which the messages pass are not recorded can be avoided, so that the bandwidth of the Voice VLAN is not easy to be occupied, and the normal Voice message is more smoothly transmitted.
Optionally, the Voice message may be an untag message, and in a specific implementation, forwarding the Voice message in a Voice VLAN to which a port in the hardware table entry belongs may include the following steps a to B:
and step A, determining the PVID of the port as the number corresponding to the Voice VLAN.
And B, forwarding the Voice message in the Voice VLAN through the port.
The untag message has the following properties: the untag message is transmitted in the VLAN to which the number corresponding to the PVID belongs. Therefore, if an untag message is to be transmitted in a Voice VLAN, it needs to be determined that the PVID of the port of the Voice message is the number corresponding to the Voice VLAN, and in the process of forwarding the untag message, a tag corresponding to the Voice VLAN may be marked on the untag message, and the priority of the untag message is increased to a preset value.
Optionally, the Voice message may also be a message with tag, and the tag value is a value corresponding to a Voice VLAN.
And the message with tag is transmitted in the VLAN corresponding to the tag. Therefore, if the Voice message is a message with tag, the tag value of the Voice message is a value corresponding to the Voice VLAN.
Optionally, in a specific embodiment, before step S140, the method may further include the following steps: and determining that the port belongs to the Voice VLAN.
In the above steps, it can be specifically determined whether the port has opened support for Voice VLAN, and if not, the port can automatically open support for Voice VLAN, thereby ensuring smooth transmission of normal Voice message; if already turned on, the status quo may be maintained.
Referring to fig. 6, fig. 6 shows a specific implementation of a message processing apparatus provided in an embodiment of the present application, which is applied to a switch, where the apparatus 400 includes:
a message receiving module 410, configured to receive a link layer discovery protocol LLDP message from an opposite end device.
A message processing module 420, configured to determine whether an opposite-end device that sends the LLDP message is a voice device; and if the opposite terminal device sending the LLDP message is a voice device, acquiring a source MAC address from the LLDP message.
The table entry processing module 430 is configured to determine that the source MAC address is in a preset MAC address field; establishing a corresponding table entry of a port for receiving the LLDP message and the source MAC address; and issuing the corresponding table entry to a switching chip.
The message processing module 420 is specifically configured to: extracting a preset field from the LLDP message; judging whether the preset field is a preset value or not; and if the preset field is a preset value, judging that the device sending the LLDP message is a voice device. The apparatus may further include:
a message receiving module 410, configured to receive the voice message sent by the peer device.
The message forwarding module is used for acquiring a source MAC address of the voice message; judging whether a hardware table item matched with the source MAC address exists in a switching chip or not; when a hardware table entry matched with the source MAC address exists in the exchange chip, forwarding the Voice message in a Voice VLAN to which a port in the hardware table entry belongs; and when the hardware table item matched with the source MAC address does not exist in the exchange chip, discarding the voice message.
And the VLAN determining module is used for determining that the port belongs to the Voice VLAN.
The message processing apparatus shown in fig. 6 corresponds to the message processing method shown in fig. 1, and details thereof are not repeated here.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A message processing method is applied to a switch, and the method comprises the following steps:
receiving a Link Layer Discovery Protocol (LLDP) message from opposite-end equipment;
judging whether the opposite terminal equipment sending the LLDP message is a voice equipment or not;
if the opposite terminal device sending the LLDP message is a voice device, acquiring a source MAC address from the LLDP message;
determining that the source MAC address is in a preset MAC address field;
establishing a corresponding table entry of a port for receiving the LLDP message and the source MAC address;
and issuing the corresponding table entry to a switching chip.
2. The method according to claim 1, wherein the determining whether the peer device sending the LLDP packet is a voice device comprises:
extracting a preset field from the LLDP message;
judging whether the preset field is a preset value or not;
and if the preset field is a preset value, judging that the device sending the LLDP message is a voice device.
3. The method according to claim 1 or 2, characterized in that the method further comprises:
receiving a voice message sent by the opposite terminal equipment;
acquiring a source MAC address of the voice message;
judging whether a hardware table item matched with the source MAC address exists in a switching chip or not;
if yes, forwarding the Voice message in the Voice VLAN to which the port in the hardware table entry belongs; otherwise, the voice message is discarded.
4. The method of claim 3, wherein before forwarding the Voice packet in the Voice VLAN corresponding to the port in the corresponding entry, the method further comprises:
and determining that the port in the hardware table entry belongs to the Voice VLAN.
5. A message processing apparatus, applied to a switch, the apparatus comprising:
a message receiving module, configured to receive a link layer discovery protocol LLDP message from an opposite-end device;
the message processing module is used for judging whether the opposite terminal equipment which sends the LLDP message is the voice equipment or not; and if the opposite terminal device sending the LLDP message is a voice device, acquiring a source MAC address from the LLDP message;
the table item processing module is used for determining that the source MAC address is behind a preset MAC address segment; establishing a corresponding table entry of a port for receiving the LLDP message and the source MAC address; and issuing the corresponding table entry to a switching chip.
6. The apparatus according to claim 5, wherein the message processing module is specifically configured to:
extracting a preset field from the LLDP message;
judging whether the preset field is a preset value or not;
and if the preset field is a preset value, judging that the device sending the LLDP message is a voice device.
7. The apparatus according to claim 5 or 6, wherein the apparatus further comprises a packet forwarding module:
the message receiving module is further configured to receive a voice message sent by the peer device;
the message forwarding module is used for acquiring a source MAC address of the voice message; judging whether a hardware table item matched with the source MAC address exists in a switching chip or not; when a hardware table entry matched with the source MAC address exists in the exchange chip, forwarding the Voice message in a Voice VLAN to which a port in the hardware table entry belongs; and when the hardware table item matched with the source MAC address does not exist in the exchange chip, discarding the voice message.
8. The apparatus of claim 7, further comprising:
and the VLAN determining module is used for determining that the port belongs to the Voice VLAN.
9. An electronic device, comprising: a processor, a storage medium and a bus, the storage medium storing machine-readable instructions executable by the processor, the processor and the storage medium communicating via the bus when the electronic device is operating, the processor executing the machine-readable instructions to perform the message processing method according to any one of claims 1 to 4.
10. A readable storage medium, having stored thereon a computer program which, when executed by a processor, performs the message processing method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011257807.5A CN112350961B (en) | 2020-11-11 | 2020-11-11 | Message processing method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011257807.5A CN112350961B (en) | 2020-11-11 | 2020-11-11 | Message processing method and device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112350961A true CN112350961A (en) | 2021-02-09 |
| CN112350961B CN112350961B (en) | 2022-07-12 |
Family
ID=74363584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011257807.5A Active CN112350961B (en) | 2020-11-11 | 2020-11-11 | Message processing method and device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112350961B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040111640A1 (en) * | 2002-01-08 | 2004-06-10 | Baum Robert T. | IP based security applications using location, port and/or device identifier information |
| CN1567839A (en) * | 2003-06-24 | 2005-01-19 | 华为技术有限公司 | Port based network access control method |
| CN1929483A (en) * | 2006-09-19 | 2007-03-14 | 清华大学 | Admittance control method for IPv6 switch-in network true source address access |
| CN101635731A (en) * | 2009-08-31 | 2010-01-27 | 杭州华三通信技术有限公司 | Method and equipment for defending MAC address deception attack |
| CN101820432A (en) * | 2010-05-12 | 2010-09-01 | 中兴通讯股份有限公司 | Safety control method and device of stateless address configuration |
| CN102546666A (en) * | 2012-02-28 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and device for preventing IGMP (Internet Group Management Protocol) from being cheated and attacked |
| CN103368967A (en) * | 2013-07-17 | 2013-10-23 | 杭州华三通信技术有限公司 | Security access method and equipment for IP phone |
| CN105978859A (en) * | 2016-04-25 | 2016-09-28 | 杭州华三通信技术有限公司 | Message processing method and message processing device |
-
2020
- 2020-11-11 CN CN202011257807.5A patent/CN112350961B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040111640A1 (en) * | 2002-01-08 | 2004-06-10 | Baum Robert T. | IP based security applications using location, port and/or device identifier information |
| CN1567839A (en) * | 2003-06-24 | 2005-01-19 | 华为技术有限公司 | Port based network access control method |
| CN1929483A (en) * | 2006-09-19 | 2007-03-14 | 清华大学 | Admittance control method for IPv6 switch-in network true source address access |
| CN101635731A (en) * | 2009-08-31 | 2010-01-27 | 杭州华三通信技术有限公司 | Method and equipment for defending MAC address deception attack |
| CN101820432A (en) * | 2010-05-12 | 2010-09-01 | 中兴通讯股份有限公司 | Safety control method and device of stateless address configuration |
| CN102546666A (en) * | 2012-02-28 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and device for preventing IGMP (Internet Group Management Protocol) from being cheated and attacked |
| CN103368967A (en) * | 2013-07-17 | 2013-10-23 | 杭州华三通信技术有限公司 | Security access method and equipment for IP phone |
| CN105978859A (en) * | 2016-04-25 | 2016-09-28 | 杭州华三通信技术有限公司 | Message processing method and message processing device |
Non-Patent Citations (2)
| Title |
|---|
| ALEXANDER SOLOVIEV;VICTOR BONDARENKO: ""Optimization of VoIP network performance based on voice call routing and network reorganisation"", 《2017 IEEE FIRST UKRAINE CONFERENCE ON ELECTRICAL AND COMPUTER ENGINEERING (UKRCON)》 * |
| 胡金龙: ""新一代视频会议安全关键技术研究"", 《中国博士学位论文全文数据库信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112350961B (en) | 2022-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9276907B1 (en) | Load balancing in a network with session information | |
| US8750106B2 (en) | Interface control system and interface control method | |
| CN1855873B (en) | Method and system for implementing a high availability vlan | |
| US8838771B2 (en) | Enabling VoIP calls to be initiated when a call server is unavailable | |
| EP2725749B1 (en) | Method, apparatus and system for processing service flow | |
| US8514712B1 (en) | Non-stop VoIP support | |
| US11646976B2 (en) | Establishment of fast forwarding table | |
| CN110830371A (en) | Message redirection method and device, electronic equipment and readable storage medium | |
| CN104639913A (en) | Network video recorder (NVR) and automatic IPC (Internet Protocol Camera) access method thereof | |
| EP2218214B1 (en) | Network location service | |
| WO2021135382A1 (en) | Network security protection method and protection device | |
| JP2012023443A (en) | Bridge device, interface device, and communication method | |
| CN112350961B (en) | Message processing method and device, electronic equipment and readable storage medium | |
| CN104168200A (en) | Open vSwitch-based method and system for realizing ACL function | |
| US20100322239A1 (en) | method and an apparatus for processing packets | |
| US9591377B2 (en) | Method and device for recording multimedia data | |
| CN111262782B (en) | Message processing method, device and equipment | |
| CN110753135A (en) | IP address configuration method, configuration equipment and storage medium | |
| KR20160036182A (en) | Hybrid OpenFlow switch, system, and method for combining legacy switch protocol function and SDN function | |
| CN112367261B (en) | Message forwarding method and device and distributed equipment | |
| WO2021190075A1 (en) | Method and apparatus for transmitting policy, and network transmission system | |
| CN113055427B (en) | Service-based server cluster access method and device | |
| CN110768930A (en) | Data forwarding method and device for server | |
| CN115883256B (en) | Data transmission method, device and storage medium based on encryption tunnel | |
| CN106330781B (en) | Method, device and switch for separating protocol control and forwarding link of stacking system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |