CN113179268A - Router and router network abnormity redirection method - Google Patents
Router and router network abnormity redirection method Download PDFInfo
- Publication number
- CN113179268A CN113179268A CN202110461364.XA CN202110461364A CN113179268A CN 113179268 A CN113179268 A CN 113179268A CN 202110461364 A CN202110461364 A CN 202110461364A CN 113179268 A CN113179268 A CN 113179268A
- Authority
- CN
- China
- Prior art keywords
- access information
- information
- forwarding
- router
- converter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The embodiment of the application provides a router and a method for redirecting the network exception of the router, wherein the router comprises the following components: and the LAN interface is connected with the user terminal and is used for receiving and forwarding the access information sent by the user terminal. And the data processor comprises a DNS forwarding judgment module and a converter. The DNS forwarding judgment module is connected with the LAN interface and used for receiving and forwarding the access information and the return information; the converter is connected with the DNS forwarding judgment module and used for converting the ciphertext type and the plaintext type of the received information; and the web http server is connected with the converter and used for receiving the decrypted access information, processing the decrypted access information according to the decrypted access information and sending return information. The converter is used for decrypting the access information and encrypting the returned information, and the redirection of the access information in the plaintext and the ciphertext formats is met.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a router and a method for redirecting an exception of a router network.
Background
The router is a device for connecting each local area network and wide area network in the internet, and automatically selects and sets a route according to the condition of a channel, and sends signals in a front-back sequence by using an optimal path.
For security reasons, most browsers and web servers currently use https requests for interaction. When the WAN interface of the household router is not connected with the network or the network is abnormal, any link on the browser is clicked, the login page of the router can be automatically jumped to, and the router can conveniently and directly enter a background management page of the router for processing.
Redirection is the redirection of various network requests to other locations by various methods. For the router with http and https requests, the current router uses two sets of web servers to respectively complete processing of the http request and the https request and redirection of the request. Therefore, the web server inside the router occupies a large space and a large memory, and the communication efficiency of the router is affected.
Disclosure of Invention
The application provides a router and a method for redirecting network abnormity of the router, which aim to solve the technical problem that a webpage server in the router occupies a large space.
In order to solve the technical problem, the embodiment of the application discloses the following technical scheme:
in a first aspect, an embodiment of the present application discloses a router, including:
the LAN interface is connected with the user terminal and is used for receiving and forwarding the access information sent by the user terminal;
the data processor comprises a DNS forwarding judgment module and a converter;
the DNS forwarding judgment module is used for receiving and forwarding access information and return information;
the converter is connected with the DNS forwarding judgment module and used for receiving the access information, decrypting the access information and generating decrypted access information;
the web http server is connected with the converter and used for receiving the decrypted access information, processing the decrypted access information and sending return information;
the converter is also used for receiving the return information, encrypting the return information, generating the encrypted return information, and sending the encrypted access information to the DNS forwarding judgment module.
An embodiment of the present application provides a router, including: and the LAN interface is connected with the user terminal and used for receiving and forwarding the access information sent by the user terminal. And the data processor comprises a DNS forwarding judgment module and a converter. The DNS forwarding judgment module is used for receiving and forwarding access information and return information; the converter is connected with the DNS forwarding judgment module and used for receiving the access information, decrypting the access information and generating decrypted access information; and the web http server is connected with the converter and used for receiving the decrypted access information, processing the decrypted access information according to the decrypted access information and sending return information. The converter is also used for receiving the return information, encrypting the return information, generating the encrypted return information, and sending the encrypted access information to the DNS forwarding judgment module. The converter is used for decrypting the access information and encrypting the returned information, and the redirection of the access information in the plaintext and the ciphertext formats is met. The functions of two sets of servers are realized by using the resources of one set of servers, the occupied space is small, and the occupied resources are small.
In a second aspect, an embodiment of the present application discloses a method for redirecting an exception of a router network, including: receiving access information sent by a user terminal;
forwarding and decrypting the access information to generate decrypted access information;
generating return information according to the decrypted access information;
encrypting the return information to generate encrypted return information;
and forwarding the encrypted return information to the user terminal.
Compared with the prior art, the beneficial effect of this application is:
the embodiment of the application provides a method for redirecting the network exception of a router, which comprises the following steps: receiving access information sent by a user terminal; forwarding and decrypting the access information to generate decrypted access information; generating return information according to the decrypted access information; encrypting the return information to generate encrypted return information; and forwarding the encrypted return information to the user terminal. By decrypting the access information and encrypting the returned information, the redirection of the access information in the plaintext and the ciphertext formats is met. The functions of two sets of servers are realized by using the resources of one set of servers, the occupied space is small, and the occupied resources are small.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a router application scenario provided in an embodiment of the present application;
fig. 2 is a schematic diagram illustrating forwarding of router information under a normal network connection condition in the embodiment of the present application;
fig. 3 is a schematic structural diagram of a router according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating a processing flow of router access information according to an embodiment of the present application;
fig. 5 is a schematic diagram of a process flow of a return message of a router according to an embodiment of the present application;
fig. 6 is a schematic flowchart of a method for redirecting an exception to a router network according to an embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Fig. 1 is a router application scenario provided in an embodiment of the present application. Fig. 2 is a schematic diagram illustrating forwarding of router information under a normal network connection condition in the embodiment of the present application. As shown in fig. 1 and 2, the user terminal 100 provides access information, and the router 200 determines a network address and selects an IP path based on the access information, and connects to the external server 300.
The external server 300 responds to the access information and sends out response information. The router 200 receives the response information and forwards the response information to the user terminal. In this embodiment, the access information provided by the user terminal includes an http request and an https request. The user terminal 100 may be a mobile phone, a personal computer, a television, or other common devices.
Fig. 3 is a schematic structural diagram of a router provided in an embodiment of the present application, and as shown in fig. 3, the router 200 includes: a LAN interface 210, a DNS forwarding decision module 220, and a WAN interface 230, which are communicatively connected in sequence.
And a LAN interface 210 communicatively connected to the user terminal 100 for receiving the access information. The DNS forwarding determination module 220 forwards the received access information to the WAN interface 230. The WAN interface 230 transmits the access information to the external server 300.
When the network connection is normal, the WAN interface 230 of the router may further receive response information returned by the external server 300, and send the response information to the DNS forwarding determination module 220, and the DNS forwarding determination module 220 sends the response information to the user terminal 100 through the LAN interface 210.
The router 200 further includes: and the web http server 240 is in communication connection with the DNS forwarding judgment module 220. The DNS forwarding determination module 220 determines whether the access information is a plaintext request or a ciphertext request, and selects a forwarding manner according to a message form in the access information.
Further, if the message in the access information is in an http format and the access information is a plaintext request, the DNS forwarding determination module 220 forwards the access information to the web http server 240. The web http server 240 is provided with a first sub-interface 241 for receiving the access information and sending feedback information of the web http server 240.
If the message in the access information is in https format and the access information is a ciphertext request, the DNS forwarding determination module 220 selects a forwarding manner according to the network connection state of the WAN interface 230.
In some embodiments of the present application, the DNS forwarding determining module 220 is configured to determine whether the network connection is normal, and forward the access information to different interfaces according to a determination result.
Further, the DNS forwarding determination module 220 retrieves ip information of the WAN interface, and determines whether the network connection is normal by determining whether the ip information includes an ip address. If the network connection is normal, the DNS forwarding determination module 220 forwards the received access information to the WAN interface 230. And if the network connection is abnormal, performing network redirection.
The forwarding judgment module 220 may also forward the https-formatted access information to the WAN interface, and judge whether the WAN interface network connection is normal according to whether the response information of the WAN interface is received; and different data forwarding paths are selected according to whether the WAN interface network connection is normal or not. If the network connection is normal, the DNS forwarding determination module 220 forwards the received access information to the WAN interface 230. And if the network connection is abnormal, performing network redirection.
If the WAN interface network connection is abnormal, the DNS forwarding determination module 220 forwards the access information to the web http server 240.
In order to solve the problem of network redirection of access information in https format under the condition that network connection is abnormal, an embodiment of the present application provides a router, further including: the converter 250 is connected to the DNS forwarding determining module 220, and is configured to receive the access information, where the access information is in https format. The converter 250 decrypts the http format access information and converts the http format access information into http access information. Meanwhile, the converter 250 is also connected to the web http server 240, and is configured to forward the decrypted access information to the web http server 240.
In the embodiment of the present application, the DNS forwarding determining module 220 and the converter 250 are functional components in the CPU.
Fig. 4 is a schematic view of a processing flow of access information of a router provided in an embodiment of the present application, and fig. 5 is a schematic view of a processing flow of return information of a router provided in an embodiment of the present application. As shown in fig. 4 and 5, for the ciphertext access request (https access request) in the case where the network connection is not normal, the processing procedure of the router 200 is: the LAN interface 210 receives the access information and transmits the access information to the DNS forwarding decision module 220. The DNS forwarding determination module 220 determines that the WAN interface network connection is not normal, and forwards the access information to the converter 250 according to the access information being a ciphertext request. The converter 250 decrypts the http formatted access information to convert the http formatted access information into http access information, and forwards the decrypted access information to the web http server 240. The web http server 240 processes the access information and sends out return information, where the return information is plaintext information. The converter 250 encrypts the return information after receiving the return information, generates ciphertext return information, and sends the ciphertext return information to the DNS forwarding determination module 220, and the DNS forwarding determination module 220 sends the ciphertext return information to the user terminal 100 through the LAN interface 210.
Further, the converter 250 includes: the second sub-interface 251 is configured to receive the access information in the https format sent by the DNS forwarding determination module 220, and forward the access information. Further, the second sub-interface 251 is 443 ports.
A data transmission module 252 connected to the second sub-interface 251 and configured to receive access information; the data transmission module 252 is further connected to the ciphertext processing module 253, and sends the access information to the ciphertext processing module 253; the ciphertext processing module 253 decrypts the access information to form plaintext access information, and sends the plaintext access information to the data transmission module 252.
And a third sub-interface 254 connected to the data transfer module 252. In some embodiments of the present application, the third sub-interface 254 is an 80-port.
The first sub-interface 241 is in communication connection with the third sub-interface 254, plaintext access information sent by the data transmission module 252 is transmitted to the first sub-interface 241 through the third sub-interface 254, and then transmitted to the web http server 240 through the first sub-interface 241, and after receiving the plaintext access information, the web http server 240 processes the plaintext access information and sends return information to the first sub-interface 241. The returned information is plaintext information at this time.
The third sub-interface 254 is further configured to receive the return information sent by the first sub-interface 241, and send the return information to the data transmission module 252; the data transmission module 252 transmits the acquired return information to the ciphertext processing module 253; the ciphertext processing module 253 encrypts the return information to form ciphertext return information; the data transmission module 252 obtains the ciphertext return information and sends the ciphertext return information to the DNS forwarding judgment module 220 through the second sub-interface 251.
In the embodiment of the present application, the converter 250 includes: the system comprises a data transmission module 252 and a ciphertext processing module 253, wherein the data transmission module 252 is respectively connected to the DNS forwarding judgment module 220 and the web http server 240 in a communication manner, and the data transmission module 252 is further connected to the ciphertext processing module 253.
The data transmission module 252 is configured to receive and forward data information, and the ciphertext processing module 253 is configured to convert plaintext and ciphertext of communication data. Specifically, the ciphertext processing module 253 is configured to decrypt the ciphertext access information to generate plaintext access information; and encrypting the plaintext return information to generate ciphertext return information. The data transmission module 252 is configured to receive the ciphertext access information, send the ciphertext access information to the ciphertext processing module 253, obtain plaintext access information, and send the plaintext access information to the web http server 240; the data transmission module 252 is further configured to receive plaintext return information and send the plaintext return information to the ciphertext processing module 253, obtain ciphertext access information, and send the ciphertext return information to the DNS forwarding determination module 220.
In order to realize that the data transmission module 252 is respectively in communication connection with the DNS forwarding judgment module 220 and the web http server 240, the data transmission module 252 is provided with a second sub-interface 251, and is in communication connection with the DNS forwarding judgment module 220, so that the data transmission module 252 is in communication connection with the DNS forwarding judgment module 220; the data transfer module 252 is further provided with a third sub-interface 254 communicatively coupled to the web http server 240. Wherein the second sub-interface 251 is 443 ports. The third sub-interface 254 is an 80-port.
The router provided in the embodiments of the present application may utilize one web http server 240 to simultaneously address redirection of http and http access information. Specifically, the method comprises the following steps: for the http access information, the LAN interface 210 receives the http access information sent by the user terminal 100, and sends the http access information to the DNS forwarding determination module 220. The DNS forwarding judgment module 220 judges the http access information as plaintext, and sends the http access information to the web http server 240 through the first sub-interface 241. The web http server 240 processes the received http access information, and sends http return information to the DNS forwarding determination module 220, and the DNS forwarding determination module 220 sends the http return information to the user terminal 100 through the LAN interface 210.
For https access information, the LAN interface 210 receives https access information sent by the user terminal 100, sends the https access information to the DNS forwarding determination module 220, and sends the https access information to the DNS forwarding determination module 220. The DNS forwarding determination module 220 determines that the https access information is a ciphertext and the WAN interface 230 is not normally connected to the network at this time, transmits the https access information to the converter 250 through the second sub-interface 251, and the converter 250 decrypts the https access information to generate http access information. And then sent to the web http server 240 through the third sub-interface 254 and the first sub-interface 241. The web http server 240 processes the received http access information, and sends out http return information to the converter 250 through the first sub-interface 241 and the third sub-interface 254. The converter 250 encrypts the http return information to generate http return information, and transmits the http return information to the DNS forwarding determination module 220 via the second sub-interface, and the DNS forwarding determination module 220 transmits the http return information to the LAN interface 210 and finally to the user terminal 100.
An embodiment of the present application provides a router, including: the system comprises a LAN interface 210, a DNS forwarding judgment module 220, a converter 250 and a web http server 240 which are sequentially connected in a communication mode, wherein the DNS forwarding judgment module 220 is further connected with a WAN interface. The LAN interface 210 is also communicatively connected to a user terminal. The LAN interface 210 receives access information transmitted from the user terminal and transmits the access information to the DNS forwarding determination module 220. The DNS forwarding determination module 220 selects a forwarding path according to the message format of the access information and the WAN interface network connection condition. If the message of the access information is a ciphertext and the WAN interface is not accessible, the DNS forwarding determination module 220 sends the access information to the converter 250, and the converter 250 decrypts the access information to generate plaintext access information and sends the plaintext access information to the web http server 240. The web http server 240 processes the plaintext access information to generate plaintext return information, and sends the plaintext return information to the converter 250, and the converter 250 encrypts the plaintext return information to generate ciphertext return information, and then sends the ciphertext return information to the DNS forwarding judgment module 220, and the DNS forwarding judgment module 220 sends the ciphertext return information to the LAN interface, and finally sends the ciphertext return information to the user terminal. According to the method and the device, through the arrangement of the converter and the web http server, under the condition that the two servers of the web http server and the web http server are not required to be arranged at the same time, the converter is used for encrypting or decrypting information, and the redirection of access information in plaintext and ciphertext formats can be met at the same time. The resources of one set of server realize the functions of two sets of servers, occupy small space and occupy few resources. Meanwhile, the newly-added converter does not influence the service processing of the original web http server, namely, the newly-added converter only needs to realize the function of the converter without modifying the original web http server, and is convenient and quick. After the router network is reconnected, the converter process can be ended, and the space and the resources are released; when the router network is abnormal, the translator process is pulled up again, and the translator process occupies fewer resources on average in the whole running process of the router.
Fig. 6 is a schematic flowchart of a method for redirecting an exception to a router network according to an embodiment of the present application. As shown in fig. 6, an embodiment of the present application provides a method for redirecting an exception to a router network, including: and receiving the access information, analyzing the received access information, and selecting a forwarding path according to the message type of the access information.
If the message type of the access information is a plaintext, forwarding the access information to a web http server; the web http server processes the access information to generate return information; and if the message type ciphertext of the access information is received, acquiring the network connection information and selecting a forwarding path according to the network connection information.
Further, the acquiring network connection information and selecting a forwarding path according to the network connection information includes: and if the network connection is normal, sending the access information to the WAN side to be connected with an external server. If the network connection is abnormal, decrypting the access information and sending the decrypted access information to a web http server; and receiving return information sent by the web http server, wherein the return information is in a plaintext type, and encrypting the return information to generate encrypted return information. And sending the return information to the user terminal.
Further, the access information is sent by the user terminal.
Further, the router 200 includes: a LAN interface 210, a DNS forwarding decision module 220, and a WAN interface 230, which are communicatively connected in sequence.
And a LAN interface 210 communicatively connected to the user terminal 100 for receiving the access information. The DNS forwarding determination module 220 forwards the received access information to the WAN interface 230. The WAN interface 230 transmits the access information to the external server 300.
When the network connection is normal, the WAN interface 230 of the router may further receive response information returned by the external server 300, and send the response information to the DNS forwarding determination module 220, and the DNS forwarding determination module 220 sends the response information to the user terminal 100 through the LAN interface 210.
The router 200 further includes: and the web http server 240 is in communication connection with the DNS forwarding judgment module 220. The DNS forwarding determination module 220 determines whether the access information is a plaintext request or a ciphertext request, and selects a forwarding manner according to a message form in the access information.
Further, if the message in the access information is in an http format and the access information is a plaintext request, the DNS forwarding determination module 220 forwards the access information to the web http server 240. The web http server 240 is provided with a first sub-interface 241 for receiving the access information and sending feedback information of the web http server 240.
If the message in the access information is in https format and the access information is a ciphertext request, the DNS forwarding determination module 220 selects a forwarding manner according to the network connection state of the WAN interface 230.
In some embodiments of the present application, the DNS forwarding determining module 220 is configured to determine whether the network connection is normal, and forward the access information to different interfaces according to a determination result.
Further, the DNS forwarding determination module 220 calls ip information of the WAN interface 230, and determines whether the network connection is normal by determining whether the ip information includes an ip address. If the network connection is normal, the DNS forwarding determination module 220 forwards the received access information to the WAN interface 230. And if the network connection is abnormal, performing network redirection.
The forwarding judgment module 220 may also forward the https-formatted access information to the WAN interface 230, and judge whether the WAN interface 230 is normally connected to the network according to whether the response information of the WAN interface 230 is received; and selects a different data forwarding path depending on whether the WAN interface 230 network connection is normal. If the network connection is normal, the DNS forwarding determination module 220 forwards the received access information to the WAN interface 230. And if the network connection is abnormal, performing network redirection.
If the network connection of the WAN interface 230 is abnormal, the DNS forwarding determination module 220 forwards the access information to the web http server 240.
The converter 250 is connected to the DNS forwarding determining module 220, and is configured to receive the access information, where the access information is in https format. The converter 250 decrypts the http format access information and converts the http format access information into http access information. Meanwhile, the converter 250 is also connected to the web http server 240, and is configured to forward the decrypted access information to the web http server 240.
Further, the converter 250 includes: the second sub-interface 251 is configured to receive the access information in the https format sent by the DNS forwarding determination module 220, and forward the access information. Further, the second sub-interface 251 is 443 ports.
A data transmission module 252 connected to the second sub-interface 251 and configured to receive access information; the data transmission module 252 is further connected to the ciphertext processing module 253, and sends the access information to the ciphertext processing module 253; the ciphertext processing module 253 decrypts the access information to form plaintext access information, and sends the plaintext access information to the data transmission module 252.
And a third sub-interface 254 connected to the data transfer module 252. In some embodiments of the present application, the third sub-interface 254 is an 80-port.
The first sub-interface 241 is in communication connection with the third sub-interface 254, plaintext access information sent by the data transmission module 252 is transmitted to the first sub-interface 241 through the third sub-interface 254, and then transmitted to the web http server 240 through the first sub-interface 241, and after receiving the plaintext access information, the web http server 240 processes the plaintext access information and sends return information to the first sub-interface 241. The returned information is plaintext information at this time.
The third sub-interface 254 is further configured to receive the return information sent by the first sub-interface 241, and send the return information to the data transmission module 252; the data transmission module 252 transmits the acquired return information to the ciphertext processing module 253; the ciphertext processing module 253 encrypts the return information to form ciphertext return information; the data transmission module 252 obtains the ciphertext return information and sends the ciphertext return information to the DNS forwarding judgment module 220 through the second sub-interface 251.
In the embodiment of the present application, the converter 250 includes: the system comprises a data transmission module 252 and a ciphertext processing module 253, wherein the data transmission module 252 is respectively connected to the DNS forwarding judgment module 220 and the web http server 240 in a communication manner, and the data transmission module 252 is further connected to the ciphertext processing module 253.
The data transmission module 252 is configured to receive and forward data information, and the ciphertext processing module 253 is configured to convert plaintext and ciphertext of communication data. Specifically, the ciphertext processing module 253 is configured to decrypt the ciphertext access information to generate plaintext access information; and encrypting the plaintext return information to generate ciphertext return information. The data transmission module 252 is configured to receive the ciphertext access information, send the ciphertext access information to the ciphertext processing module 253, obtain plaintext access information, and send the plaintext access information to the web http server 240; the data transmission module 252 is further configured to receive plaintext return information and send the plaintext return information to the ciphertext processing module 253, obtain ciphertext access information, and send the ciphertext return information to the DNS forwarding determination module 220.
In order to realize that the data transmission module 252 is respectively in communication connection with the DNS forwarding judgment module 220 and the web http server 240, the data transmission module 252 is provided with a second sub-interface 251, and is in communication connection with the DNS forwarding judgment module 220, so that the data transmission module 252 is in communication connection with the DNS forwarding judgment module 220; the data transfer module 252 is further provided with a third sub-interface 254 communicatively coupled to the web http server 240. Wherein the second sub-interface 251 is 443 ports. The third sub-interface 254 is an 80-port.
The embodiment of the application provides a method for redirecting the network exception of a router, which comprises the following steps: the DNS forwarding determination module 220 receives access information sent by the user terminal, analyzes the received access information, and selects a forwarding path according to a packet type of the access information.
If the message type of the access information is a plaintext, forwarding the access information to a web http server; the web http server processes the access information to generate return information; and if the message type ciphertext of the access information is received, acquiring the network connection information and selecting a forwarding path according to the network connection information.
Further, the step of the DNS forwarding determining module 220 obtaining the network connection information and selecting a forwarding path according to the network connection information includes: and if the network connection is normal, sending the access information to the WAN side to be connected with an external server. If the network connection is abnormal, decrypting the access information and sending the decrypted access information to a web http server; and receiving return information sent by the web http server, wherein the return information is in a plaintext type, and encrypting the return information to generate encrypted return information. And sending the return information to the user terminal.
The DNS forwarding determination module 220 may determine whether the network connection is normal by calling ip information of the WAN interface and determining whether the ip information includes an ip address. If the network connection is normal, the DNS forwarding determination module 220 forwards the received access information to the WAN interface 230. And if the network connection is abnormal, performing network redirection. The https-formatted access information may also be forwarded to the WAN interface 230, and whether the WAN interface 230 is normally connected to the network is determined according to whether the response information of the WAN interface 230 is received. If the DNS forwarding judgment module 220 can receive the response information of the WAN interface, it judges that the WAN interface 230 is connected to the network normally; if the DNS forwarding judgment module 220 can not receive the WAN interface response message, it judges that the WAN interface network connection is not normal.
If the network connection is not normal, the converter 250 decrypts the access information and sends the decrypted access information to the web http server 240; the converter 250 is further configured to receive the return information sent by the web http server 240, where the return information is of a plaintext type, and encrypt the return information to generate encrypted return information. Converter 250 sends the return information to DNS forwarding determination module 220, and DNS forwarding determination module 220 sends the return information to user terminal 100.
Therefore, an embodiment of the present application provides a method for redirecting an exception to a router network, including: and receiving the access information, and selecting a forwarding path according to the message type of the access information. And if the access information is plaintext, directly sending the access information to the web http server, and sending return information to the user terminal by the web http server according to the access information. And if the access information is the ciphertext, decrypting the access information, sending the decrypted access information to the web http server, and processing the access information by the web http server to generate return information. And receiving the return information, encrypting the returned information, and sending the encrypted return information to the user terminal. By decrypting the access information and encrypting the return information, the redirection of the access information in http and http forms is realized by using a web http server.
The embodiment of the application provides a router and a method for redirecting the router network abnormality, wherein a LAN interface 210 receives access information sent by a user terminal and transmits the access information to a DNS forwarding judgment module 220. The DNS forwarding determination module 220 selects a forwarding path according to the message format of the access information and the WAN interface network connection condition. If the message of the access information is a ciphertext and the WAN interface is not accessible, the DNS forwarding determination module 220 sends the access information to the converter 250, and the converter 250 decrypts the access information to generate plaintext access information and sends the plaintext access information to the web http server 240. The web http server 240 processes the plaintext access information to generate plaintext return information, and sends the plaintext return information to the converter 250, and the converter 250 encrypts the plaintext return information to generate ciphertext return information, and then sends the ciphertext return information to the DNS forwarding judgment module 220, and the DNS forwarding judgment module 220 sends the ciphertext return information to the LAN interface 210, and finally sends the ciphertext return information to the user terminal 100. According to the method and the device, through the arrangement of the converter and the web http server, under the condition that the two servers of the web http server and the web http server are not required to be arranged at the same time, the converter is used for encrypting or decrypting information, and the redirection of access information in plaintext and ciphertext formats can be met at the same time. The resources of one set of server realize the functions of two sets of servers, occupy small space and occupy few resources. Meanwhile, the newly-added converter does not influence the service processing of the original web http server, namely, the newly-added converter only needs to realize the function of the converter without modifying the original web http server, and is convenient and quick. After the router network is reconnected, the converter process can be ended, and the space and the resources are released; when the router network is abnormal, the translator process is pulled up again, and the translator process occupies fewer resources on average in the whole running process of the router.
Since the above embodiments are all described by referring to and combining with other embodiments, the same portions are provided between different embodiments, and the same and similar portions between the various embodiments in this specification may be referred to each other. And will not be described in detail herein.
It should be noted that, in the present specification, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a circuit structure, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such circuit structure, article, or apparatus. Without further limitation, the presence of an element identified by the phrase "comprising an … …" does not exclude the presence of other like elements in a circuit structure, article or device comprising the element.
The decrypted access information is plaintext access information, which can also be called http access information; the encrypted return information is ciphertext return information, which can also be called https return information.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
The above-described embodiments of the present application do not limit the scope of the present application.
Claims (10)
1. A router, comprising: the LAN interface is connected with the user terminal and is used for receiving and forwarding the access information sent by the user terminal;
the data processor comprises a DNS forwarding judgment module and a converter;
the DNS forwarding judgment module is used for receiving and forwarding access information and return information;
the converter is connected with the DNS forwarding judgment module and used for receiving the access information, decrypting the access information and generating decrypted access information;
the web http server is connected with the converter and used for receiving the decrypted access information, processing the decrypted access information and sending return information;
the converter is also used for receiving the return information, encrypting the return information, generating the encrypted return information, and sending the encrypted access information to the DNS forwarding judgment module.
2. The router according to claim 1, wherein the switch is provided with a second sub-interface, and the DNS forwarding determination module;
the converter is provided with a third sub-interface which is connected with the web http server;
the web http server is provided with a first sub-interface which is connected with the converter.
3. The router of claim 2, wherein the second subinterface is 443 ports, and wherein the first subinterface and the third subinterface are 80 ports.
4. The router of claim 1, wherein the converter comprises: the system comprises a ciphertext processing module and a data transmission module; the data transmission module is connected with the DNS forwarding judgment module and the web http server and is used for transmitting data; the data comprises the access information, the return information, the decrypted access information and the encrypted return information;
and the ciphertext processing module is connected with the data transmission module and is used for decrypting the access information and encrypting the return information.
5. The router according to claim 1, wherein the DNS forwarding decision module is further connected to the web http server, and configured to select a forwarding path according to the type of the access information and a network connection state.
6. A method for redirecting router network exceptions, comprising: receiving access information sent by a user terminal;
forwarding and decrypting the access information to generate decrypted access information;
generating return information according to the decrypted access information;
encrypting the return information to generate encrypted return information;
and forwarding the encrypted return information to the user terminal.
7. The method according to claim 6, wherein before forwarding and decrypting the access information and generating the decrypted access information, the method further comprises: and analyzing the message type of the access information, if the message type of the access information is a plaintext, processing the access information to generate return information, and sending the return information to the user terminal.
8. The method according to claim 6, wherein the packet type of the returned message is plaintext.
9. The method according to claim 6, wherein before forwarding and decrypting the access information and generating the decrypted access information, the method further comprises: and analyzing the network connection state, and if the network connection state is normal, sending the access information to an external server.
10. The method according to claim 6, wherein before forwarding and decrypting the access information and generating the decrypted access information, the method further comprises: and analyzing the message type and the network connection state of the access information, and if the message type of the access information is a ciphertext and the network connection state is abnormal, forwarding and decrypting the access information to generate decrypted access information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110461364.XA CN113179268A (en) | 2021-04-27 | 2021-04-27 | Router and router network abnormity redirection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110461364.XA CN113179268A (en) | 2021-04-27 | 2021-04-27 | Router and router network abnormity redirection method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113179268A true CN113179268A (en) | 2021-07-27 |
Family
ID=76926646
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110461364.XA Pending CN113179268A (en) | 2021-04-27 | 2021-04-27 | Router and router network abnormity redirection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113179268A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114866374A (en) * | 2022-05-11 | 2022-08-05 | 青岛海信日立空调系统有限公司 | Intelligent home gateway equipment and intelligent home system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791451A (en) * | 2014-12-22 | 2016-07-20 | 华为技术有限公司 | Message response method and device |
CN106603491A (en) * | 2016-11-10 | 2017-04-26 | 上海斐讯数据通信技术有限公司 | Portal authentication method based on https protocol, and router |
CN107395582A (en) * | 2017-07-14 | 2017-11-24 | 上海斐讯数据通信技术有限公司 | Portal authentication devices and system |
US20180109498A1 (en) * | 2016-10-17 | 2018-04-19 | Zscaler, Inc. | Systems and methods for improving https security |
CN109802925A (en) * | 2017-11-17 | 2019-05-24 | 广州市动景计算机科技有限公司 | A kind of authentication method and system of public WiFi access |
-
2021
- 2021-04-27 CN CN202110461364.XA patent/CN113179268A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105791451A (en) * | 2014-12-22 | 2016-07-20 | 华为技术有限公司 | Message response method and device |
US20180109498A1 (en) * | 2016-10-17 | 2018-04-19 | Zscaler, Inc. | Systems and methods for improving https security |
CN106603491A (en) * | 2016-11-10 | 2017-04-26 | 上海斐讯数据通信技术有限公司 | Portal authentication method based on https protocol, and router |
CN107395582A (en) * | 2017-07-14 | 2017-11-24 | 上海斐讯数据通信技术有限公司 | Portal authentication devices and system |
CN109802925A (en) * | 2017-11-17 | 2019-05-24 | 广州市动景计算机科技有限公司 | A kind of authentication method and system of public WiFi access |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114866374A (en) * | 2022-05-11 | 2022-08-05 | 青岛海信日立空调系统有限公司 | Intelligent home gateway equipment and intelligent home system |
CN114866374B (en) * | 2022-05-11 | 2024-01-16 | 青岛海信日立空调系统有限公司 | Intelligent home gateway equipment and intelligent home system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3748908B1 (en) | Method, system, network device, storage medium for creating a network slice | |
CN104967595B (en) | The method and apparatus that equipment is registered in platform of internet of things | |
JP5143125B2 (en) | Authentication method, system and apparatus for inter-domain information communication | |
US8130635B2 (en) | Network access nodes | |
JP2000188616A (en) | Communication system and communication method | |
EP3110081B1 (en) | Methods for controlling service chain of service flow | |
US20090254628A1 (en) | Method, System And Apparatus For Instant Messaging | |
US20120320835A1 (en) | Methods, Devices, Systems, and Computer Program Products for Registration of Multi-Mode Communications Devices | |
CN109391704B (en) | Cross-private-network access method and device for video monitoring equipment | |
US10637929B1 (en) | Methods and apparatus for storing and/or retrieving session state information | |
US20170026481A1 (en) | Technique for controlling the service request routing | |
US20220191664A1 (en) | Optimization of services applied to data packet sessions | |
US20230156468A1 (en) | Secure Communication Method, Related Apparatus, and System | |
US8064434B2 (en) | Method for providing internet services to a telephone user | |
CN109474646B (en) | Communication connection method, device, system and storage medium | |
US10158587B2 (en) | Communication between a web application instance connected to a connection server and a calling entity other than said connection server | |
CN113179268A (en) | Router and router network abnormity redirection method | |
CN112738217B (en) | Secure interaction system and method | |
US20110149754A1 (en) | Voice Quality Analysis Device and Method Thereof | |
JP2006221450A (en) | Load distribution device, load distribution method and load distribution program | |
JP2009296333A (en) | Communication control system and communication control method | |
US20100034209A1 (en) | Communication system and home gateway | |
CN101868945A (en) | Communication system, communication method, and communication session integration device | |
TWI608749B (en) | Method for controlling a client device to access a network device, and associated control apparatus | |
WO2022012355A1 (en) | Secure communication method, related apparatus, and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210727 |
|
RJ01 | Rejection of invention patent application after publication |