CN115412308A - Message processing method and device and electronic equipment - Google Patents

Message processing method and device and electronic equipment Download PDF

Info

Publication number
CN115412308A
CN115412308A CN202210951150.5A CN202210951150A CN115412308A CN 115412308 A CN115412308 A CN 115412308A CN 202210951150 A CN202210951150 A CN 202210951150A CN 115412308 A CN115412308 A CN 115412308A
Authority
CN
China
Prior art keywords
message
information
service board
board
response message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210951150.5A
Other languages
Chinese (zh)
Inventor
牟瑞涛
王强
曲胜超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202210951150.5A priority Critical patent/CN115412308A/en
Publication of CN115412308A publication Critical patent/CN115412308A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • H04L45/7453Address table lookup; Address filtering using hashing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The disclosure provides a message processing method and device, and relates to the technical field of boundary security. The method is applied to network security equipment and comprises the steps of obtaining characteristic information of a first response message; creating a message board transferring information table according to the characteristic information of the first response message; sending the first request message to a resource server; receiving a first response message sent by a resource server; the first response message carries target quintuple information; inquiring a message transfer board information table according to the target quintuple information; and if the target quintuple information hits the quintuple information corresponding to any first response message in the message transfer plate information table, sending the first response message transfer plate to the first service plate according to the table entry information corresponding to the message transfer plate information table, so that the first request message and the first response message are both processed by the first service plate. By adopting the method, the integrity of the SSLVPN session connection can be ensured when the service boards are subjected to multi-core concurrent processing in a large-flow scene.

Description

Message processing method and device and electronic equipment
Technical Field
The present disclosure relates to the field of border security technologies, and in particular, to a method and an apparatus for processing a packet, an electronic device, and a computer-readable storage medium.
Background
The SSLVPN (Secure Session Layer Virtual Private Network) is used for a remote user to safely and efficiently access the resources of the internal Network of the enterprise through the internet.
In a distributed system, a plurality of service boards provide a data processing function at the same time, and each service board adopts a plurality of multi-core processors to concurrently process service data. Due to the characteristic that the service board concurrently processes data with multiple cores, when the traffic load is large, the board transfer characteristic information of the request message is not sent to the service board where the response message is located, and the response message is fed back to the service board of the response message, at this time, because the message board transfer information table is not established or the corresponding node information does not exist on the service board of the response message, the response message cannot be transferred to the service board where the request message is located according to the board transfer information table, so that the request message and the response message cannot be processed on the same service board, and the integrity of session connection cannot be guaranteed.
Therefore, how to ensure the integrity of the SSLVPN session connection during the concurrent processing of multiple cores on a service board in a large flow scenario is a problem that needs to be solved at present.
Disclosure of Invention
In order to solve the above technical problems or at least partially solve the above technical problems, the present disclosure provides a message processing method, which solves the problem that in a large flow scene, a flit information table is created depending on message characteristic information to instruct an SSLVPN message to forward, and a packet loss phenomenon is generated due to a time sequence problem of multi-core concurrent processing of a service board, so that an SSLVPN session connection is incomplete.
In order to achieve the above object, the embodiments of the present disclosure provide the following technical solutions:
in a first aspect, an embodiment of the present disclosure provides a packet processing method, which is applied to a network security device, where the network security device includes: a switch board and at least two service boards, the method comprising:
acquiring characteristic information of the first response message; the feature information of the first response packet includes: quintuple information of the first response message and a first service board slot number; the first service board slot number is the corresponding service board slot number after the first request message is split by the hash;
creating a message board transferring information table according to the characteristic information of the first response message; the message board-to-board information table is composed of five-tuple information of at least one first response message and at least one first service board slot number;
sending the first request message to a resource server;
receiving a first response message sent by the resource server; the first response message carries target quintuple information; the target quintuple information is used for representing quintuple information of the first response message;
inquiring the message transfer board information table according to the target quintuple information;
and if the target quintuple information hits quintuple information corresponding to any first response message in the message transfer plate information table, sending the first response message transfer plate to a first service plate according to table entry information corresponding to the message transfer plate information table, so that the first request message and the first response message are both processed by the first service plate.
As an optional implementation manner of this embodiment of the present disclosure, the obtaining of the feature information of the first response packet includes:
receiving a first tunnel message sent by a switch board;
decrypting the first tunnel message to obtain a first service board slot number and a second service board slot number;
judging whether the slot number of the second service board is consistent with the slot number of the first service board;
if the slot number of the second service board is not consistent with the slot number of the first service board, the first service board transmits the first request message to the second service board;
the second service board receives the first request message, and the first request message carries a first service board slot number;
acquiring quintuple information of the first response message according to the quintuple correspondence between the first request message and the first response message;
and determining the characteristic information of the first response message according to the quintuple information of the first response message and the slot number of the first service board.
As an optional implementation manner of the embodiment of the present disclosure, before receiving the first tunnel packet sent by the switch board, the method further includes:
the method comprises the steps that a switch board receives a first tunnel message sent by a client; the first tunnel message carries an outer source IP, an outer destination IP, an inner source IP and an inner destination IP;
and sending the first tunnel message to a first service board based on the outer layer source IP and the outer layer destination IP.
As an optional implementation manner of this embodiment of the present disclosure, the decrypting the first tunnel packet to obtain the slot number of the first service board and the slot number of the second service board includes:
decrypting based on the first tunnel message to obtain an outer source IP, an outer destination IP, an inner source IP, an inner destination IP, an inner source port, an inner destination port, an inner transport protocol and a first request message;
carrying out Hash distribution according to the outer layer source IP and the outer layer target IP to obtain a first service board slot number of the first request message;
determining that the inner layer source IP is a first source IP of the first request message, the inner layer destination IP is a first destination IP of the first request message, the inner layer source port is a first source port, the inner layer destination port is a first destination port, and the inner layer transport protocol is a first transport protocol;
determining a second service board slot number based on the first source IP and the first destination IP; and the second service board slot number is the service board slot number responsible for processing the first response message.
As an optional implementation manner of the embodiment of the present disclosure, the determining a slot number of a second service board based on the first source IP and the first destination IP includes:
converting according to the first source IP and the first destination IP to obtain a second source IP and a second destination IP;
and carrying out Hash distribution according to the second source IP and the second destination IP to obtain a second service board slot number.
As an optional implementation manner of this embodiment of the present disclosure, after creating a packet forwarding information table according to the feature information of the first response packet, the method further includes:
and sending the first request message to a resource server through a second service board.
As an optional implementation manner of the embodiment of the present disclosure, the method further includes:
and if the slot number of the first service board is consistent with the slot number of the second service board, sending the first request message to a resource server through the first service board.
In a second aspect, an embodiment of the present disclosure provides a packet processing apparatus, including:
the characteristic information acquisition module is used for acquiring the characteristic information of the first response message; the feature information of the first response packet includes: quintuple information of the first response message and a first service board slot number; the first service board slot number is the corresponding service board slot number after the first request message is split by the hash;
a board transfer information table creation module, configured to create a message board transfer information table according to the feature information of the first response message; the message board-to-board information table is composed of five-tuple information of at least one first response message and at least one first service board slot number;
the request message sending module is used for sending the first request message to the resource server;
a response message receiving module, configured to receive a first response message sent by the resource server; the first response message carries target quintuple information; the target quintuple information is used for representing quintuple information of the first response message;
a quintuple information query module for querying the message transfer board information table according to the target quintuple information;
and the transfer board sending module is used for sending the first response message transfer board to a first service board according to the table entry information corresponding to the message transfer board information table if the target quintuple information hits the quintuple information corresponding to any first response message in the message transfer board information table, so that the first request message and the first response message are both processed by the first service board.
As an optional implementation manner of the embodiment of the present disclosure, the feature information acquiring module includes:
a tunnel message receiving unit, configured to receive a first tunnel message sent by a switch board;
a service board slot number obtaining unit, configured to decrypt the first tunnel packet, and obtain a first service board slot number and a second service board slot number;
the judging unit is used for judging whether the slot number of the second service board is consistent with the slot number of the first service board;
a first sending unit, configured to forward, by the first service board, the first request packet to the second service board if the slot number of the second service board is not consistent with the slot number of the first service board;
a first receiving unit, configured to receive the first request packet by the second service board, where the first request packet carries a first service board slot number;
a quintuple information obtaining unit, configured to obtain quintuple information of the first response packet according to a quintuple correspondence between the first request packet and the first response packet;
and the characteristic information determining unit is used for determining the characteristic information of the first response message according to the quintuple information of the first response message and the slot number of the first service board.
As an optional implementation manner of the embodiment of the present disclosure, the apparatus further includes a tunnel packet sending module, which is specifically configured to:
the method comprises the steps that a switch board receives a first tunnel message sent by a client; the first tunnel message carries an outer source IP, an outer destination IP, an inner source IP and an inner destination IP;
and sending the first tunnel message to a first service board based on the outer layer source IP and the outer layer destination IP.
As an optional implementation manner of the embodiment of the present disclosure, the service board slot number obtaining unit includes:
a tunnel message decryption unit, configured to decrypt based on the first tunnel message to obtain an outer source IP, an outer destination IP, an inner source IP, an inner destination IP, an inner source port, an inner destination port, an inner transport protocol, and a first request message;
a first service board slot number obtaining unit, configured to perform hash distribution according to the outer layer source IP and the outer layer destination IP, and obtain a first service board slot number of the first request packet;
a determining unit, configured to determine that the inner layer source IP is a first source IP of the first request packet, the inner layer destination IP is a first destination IP of the first request packet, the inner layer source port is a first source port, the inner layer destination port is a first destination port, and the inner layer transport protocol is a first transport protocol;
a second service board slot number obtaining unit, configured to determine a second service board slot number based on the first source IP and the first destination IP; and the second service board slot number is the service board slot number responsible for processing the first response message.
As an optional implementation manner of the embodiment of the present disclosure, the second service board slot number obtaining unit is specifically configured to:
converting according to the first source IP and the first destination IP to obtain a second source IP and a second destination IP;
and carrying out Hash distribution according to the second source IP and the second destination IP to obtain a second service board slot number.
As an optional implementation manner of this embodiment of the present disclosure, the request packet sending module is further configured to:
and sending the first request message to a resource server through a second service board.
As an optional implementation manner of the embodiment of the present disclosure, the apparatus further includes:
and the second sending unit is used for sending the first request message to a resource server through the first service board if the slot number of the first service board is consistent with the slot number of the second service board.
In a third aspect, an embodiment of the present disclosure provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the message processing method according to the first aspect or any implementation manner of the first aspect when executing the computer program.
In a fourth aspect, an embodiment of the present disclosure provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the message processing method according to the first aspect or any implementation manner of the first aspect.
The message processing method provided by the embodiment of the disclosure is applied to network security equipment, and includes the steps of firstly obtaining feature information of a first response message, then creating a message transfer board information table according to the feature information of the first response message, then sending the first request message to a resource server, receiving the first response message sent by the resource server, wherein the first response message carries target quintuple information, inquiring the message transfer board information table according to the target quintuple information, and if the target quintuple information hits the quintuple information corresponding to any one first response message in the message transfer board information table, sending the first response message transfer board to a first service board according to table entry information corresponding to the message transfer board information table, so that the first request message and the first response message are both processed by the first service board. Before the first request message is sent to the resource server, the second service board already acquires the characteristic information of the first response message, and establishes a message transfer board information table according to the characteristic information of the first response message, and the message transfer board information table comprises quintuple information of a plurality of response messages and a service board slot number where the corresponding request message is located, so that when a plurality of service data are concurrently processed by multiple cores, table entry information consistent with the quintuple information of the response message of each service data can be searched in the message transfer board information table according to the quintuple information of the response message of each service data, and accordingly, each response message transfer board is sent to the service board slot number where the corresponding request message is located according to the service board slot number where the request message corresponding to each response message is located, so that each response message and the corresponding request message are subjected to service processing on the same service board, and it is ensured that in a scene, the message transfer board information table is established before the response message reaches a target service board, thereby avoiding the phenomenon of concurrent processing by the service board and further ensuring the integrity of a sequence packet loss due to the problem of a large flow.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic view of an application scenario of a message processing method in an embodiment;
FIG. 2 is a flow diagram illustrating a method for message processing according to an embodiment;
FIG. 3 is a diagram illustrating an exemplary architecture of a message processing apparatus;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
Relational terms such as "first" and "second," and the like, may be used throughout the description and claims of the present disclosure to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
In the embodiments of the present disclosure, the words "exemplary" or "such as" are used herein to mean serving as an example, instance, or illustration. Any embodiment or design described as "exemplary" or "e.g.," in an embodiment of the present disclosure is not to be construed as preferred or advantageous over other embodiments or designs. Rather, use of the word "exemplary" or "such as" is intended to present concepts related in a concrete fashion. Further, in the description of the embodiments of the present disclosure, the meaning of "a plurality" means two or more unless otherwise specified.
The application provides a message processing method, which can be applied to an application environment as shown in fig. 1. Fig. 1 is an application scenario diagram of a message processing method in an embodiment; the application environment comprises a client 11, a network security device 12 and a resource server 13. The network security device 12 includes a switch board and at least two service boards (N service boards are illustrated in fig. 1 as an example). For example, the network security device 12 may be an SSLVPN server. Specifically, a second service board of the network security device acquires feature information of the first response message; the feature information of the first response packet includes: quintuple information of the first response message and a first service board slot number; the first service board slot number is the corresponding service board slot number after the first request message is split by the hash; the second service board creates a message transfer board information table according to the characteristic information of the first response message; the message transfer board information table consists of five-tuple information of at least one first response message and at least one first service board slot number; the second service board sends the first request message to the resource server; the second service board receives a first response message sent by the resource server; the first response message carries target quintuple information; the target quintuple information is used for representing quintuple information of the first response message; the second service board inquires a message board-switching information table according to the target quintuple information; and if the target quintuple information hits the quintuple information corresponding to any first response message in the message transfer plate information table, sending the first response message transfer plate to the first service plate according to the table entry information corresponding to the message transfer plate information table, so that the first request message and the first response message are both processed by the first service plate. The first request message may be an inner layer forward message obtained through tunnel message analysis, and the first response message may be a reverse message corresponding to the inner layer forward message. Forward and reverse messages: messages sent from a client to a server are generally called forward messages; the message that the server responds to is called a reverse message. Specifically, the forward message is obtained by decrypting the tunnel message, and the tunnel message contains 2-layer IP characteristic information; the outer layer of source IP refers to the IP of an actual physical network card, and the outer layer of target IP refers to the IP of network security equipment; the source IP of the inner layer refers to the IP distributed by the virtual network card, and the target IP of the inner layer refers to the IP of the resource server. The reverse message is a common message and only contains 1-layer IP characteristic information; the reverse message and the forward message (only containing inner layer IP characteristic information) after the decryption and the decapsulation of the tunnel message correspond to each other.
In one embodiment, as shown in fig. 2, a method for message processing is provided. In this embodiment, the method is mainly exemplified by being applied to a network security device, where the network security device includes a switch board and at least two service boards, and the method includes the following steps:
s21, acquiring the characteristic information of the first response message.
Wherein, the characteristic information of the first response message includes: quintuple information of the first response message and a first service board slot number; the first service board slot number is the corresponding service board slot number after the first request message is split by the hash.
Specifically, the second service board receives a first request message sent by the first service board, and obtains quintuple information of the first response message and a slot number of the first service board based on a quintuple relationship between the first request message and the first response message. The quintuple information of the first request message comprises: the system comprises a first source IP, a first destination IP, a first source port, a first destination port and a transmission protocol. Because the source IP and the destination IP of the first request message and the first response message are opposite, the source port and the destination port are opposite, and the transmission protocols are the same. Therefore, quintuple information of the first response packet can be acquired.
In addition, the first service board slot number is used for representing the corresponding service board slot number after the first request message is split by the hash. In this embodiment, the hash splitting may be understood as calculating a hash value according to a certain calculation method based on the input first source IP and the first destination IP. It should be noted that the first service board slot number may be a service board slot number corresponding to the hash value obtained by calculation in a preset manner, for example, when the hash value is aabbb, the service board slot number corresponding to the first service board is 01; when the hash value is vvhhh, the slot number of the first service board is 02.
And S22, creating a message transfer board information table according to the characteristic information of the first response message.
The message-to-board information table comprises at least one piece of quintuple information of the first response message and at least one first service board slot number.
Specifically, the message transfer board information table exists in a linked list form, the linked list includes a plurality of nodes, and each node stores one item of information. For convenience of understanding, taking table 1 as an example, the message forwarding table may include the contents shown in table 1. It should be noted that, when the multi-core concurrently processes the service, table 1 may contain more table entry information. This is merely an example, and no particular limitation is imposed on the entry information.
TABLE 1
Table item First service board slot number Five tuple information of response message
1 01 192.168.1.1、121.14.88.76、80、1000、TCP
2 02 121.14.88.76、192.168.1.1、1000、80、TCP
3 03 192.168.1.8、124.13.82.71、80、1000、TCP
And S23, sending the first request message to a resource server.
The first request message may be an inner layer forward message obtained through tunnel message analysis. The tunnel message contains 2-layer IP characteristic information; the outer layer source IP refers to the IP of an actual physical network card, and the outer layer target IP refers to the IP of network security equipment; the source IP of the inner layer refers to the IP distributed by the virtual network card, and the target IP of the inner layer refers to the IP of the resource server.
Optionally, the first request packet is sent to a resource server through a second service board.
Specifically, after the message-to-board information table is created on the second service board according to the feature information of the first response message, the first request message is sent to the resource server.
And S24, receiving a first response message sent by the resource server.
The first response message carries target quintuple information; the target quintuple information is used for representing quintuple information of the first response message.
Correspondingly, the second service board receives the first response message sent by the resource server. The first response message is a message corresponding to the first request message, the first request message is sent to the resource server by the network security device, and the first response message is returned to the network security device by the resource server.
And S25, inquiring the message transfer board information table according to the target quintuple information.
Illustratively, if the target quintuple information is: 192.168.1.8 124.13.82.71, 80, 1000, TCP. And inquiring whether the message board transferring information table contains the table item information corresponding to the message board transferring information table or not according to the target quintuple information.
And S26, if the target quintuple information hits quintuple information corresponding to any first response message in the message transfer board information table, sending the first response message transfer board to a first service board according to the table entry information corresponding to the message transfer board information table, so that the first request message and the first response message are both processed by the first service board.
Illustratively, referring to table 1, the information corresponding to entry 3 in the message forwarding table is: 192.168.1.8, 124.13.82.71, 80, 1000, TCP. Therefore, if the table entry 3 in the table 1 is consistent with the target quintuple information, the first response message is sent from the second service board to the first service board, and the slot number of the first service board corresponding to the first service board is 03, so that the first request message and the first response message are both processed by the first service board with the slot number of 03.
In this embodiment, before sending the first request packet to the resource server, the purpose of establishing the packet forwarding table is to: when multi-core concurrent processing services are performed, the first service board sends the first request message to the resource server, and the resource server already sends the first response message to the second service board, but at this time, the problem of the timing sequence that the message transfer board information table is not established is solved, so that the corresponding table entry information in the message transfer board information table cannot be found according to the target five-tuple information of the first response message, the first response message cannot be forwarded to the first service board where the first request message is located, and further the integrity of the SSLVPN session cannot be realized.
The message processing method provided by the embodiment of the disclosure is applied to network security equipment, and includes the steps of firstly obtaining feature information of a first response message, then creating a message transfer board information table according to the feature information of the first response message, then sending the first request message to a resource server, receiving the first response message sent by the resource server, wherein the first response message carries target quintuple information, inquiring the message transfer board information table according to the target quintuple information, and if the target quintuple information hits the quintuple information corresponding to any one first response message in the message transfer board information table, sending the first response message transfer board to a first service board according to table entry information corresponding to the message transfer board information table, so that the first request message and the first response message are both processed by the first service board. Before the first request message is sent to the resource server, the second service board already acquires the characteristic information of the first response message, and establishes a message transfer board information table according to the characteristic information of the first response message, and the message transfer board information table comprises quintuple information of a plurality of response messages and a service board slot number where the corresponding request message is located, so that when a plurality of service data are concurrently processed by multiple cores, table entry information consistent with the quintuple information of the response message of each service data can be searched in the message transfer board information table according to the quintuple information of the response message of each service data, and accordingly, each response message transfer board is sent to the service board slot number where the corresponding request message is located according to the service board slot number where the request message corresponding to each response message is located, so that each response message and the corresponding request message are subjected to service processing on the same service board, and it is ensured that in a scene, the message transfer board information table is established before the response message reaches a target service board, thereby avoiding the phenomenon of concurrent processing by the service board and further ensuring the integrity of a sequence packet loss due to the problem of a large flow.
In some embodiments, the implementation manner of the step S21 (obtaining the feature information of the first response packet) may include the following steps a to g:
a. and receiving a first tunnel message sent by the exchange board.
Wherein, the first tunnel message includes: outer source IP, outer destination IP, inner source IP and inner destination IP.
b. And decrypting the first tunnel message to obtain a first service board slot number and a second service board slot number.
Optionally, the step b (obtaining the slot number of the first service board of the first request packet) may be implemented in the following manner:
b-1, decrypting based on the first tunnel message to obtain an outer source IP, an outer destination IP, an inner source IP, an inner destination IP, an inner source port, an inner destination port, an inner transport protocol and a first request message.
b-2, carrying out Hash distribution according to the outer layer source IP and the outer layer target IP, and obtaining a first service board slot number of the first request message.
b-3, determining that the inner layer source IP is a first source IP of the first request message, the inner layer destination IP is a first destination IP of the first request message, the inner layer source port is a first source port, the inner layer destination port is a first destination port, and the inner layer transport protocol is a first transport protocol.
b-4, determining a second service board slot number based on the first source IP and the first destination IP. And the second service board slot number is the service board slot number responsible for processing the first response message.
Optionally, step b-4 (determining the slot number of the second service board based on the first source IP and the first destination IP) may be implemented as follows:
converting according to the first source IP and the first destination IP to obtain a second source IP and a second destination IP;
and carrying out Hash distribution according to the second source IP and the second destination IP to obtain a second service board slot number.
Specifically, the quintuple information of the first request packet includes: the first source port, the first destination port, and the first transport protocol. The quintuple information of the first response packet includes: a second source IP, a second destination IP, a second source port, a second destination port, and a second transport protocol. The first source IP and the first destination IP are respectively opposite to the second source IP and the second destination IP, the first source port and the first destination port are respectively opposite to the second source port and the second destination port, and the first transmission protocol is the same as the second transmission protocol. Therefore, a second source IP and a second destination IP are obtained according to the first source IP and the first destination IP, and then Hash distribution is carried out according to the second source IP and the second destination IP to obtain a second service board slot number.
c. And judging whether the slot number of the second service board is consistent with the slot number of the first service board.
d. And if the slot number of the second service board is not consistent with the slot number of the first service board, the first service board forwards the first request message to the second service board.
For example, assuming that the first request packet is hashed and distributed to the first service board with slot number 01, and the first response packet is hashed and distributed to the second service board with slot number 02, the first service board sends the first request packet to the second service board.
e. And the second service board receives the first request message, and the first request message carries a first service board slot number.
Correspondingly, the second service board with the slot number of 02 receives the first request message sent by the first service board with the slot number of 01.
f. And acquiring quintuple information of the first response message according to the quintuple correspondence between the first request message and the first response message.
Specifically, since the first source IP and the first destination IP are respectively opposite to the second source IP and the second destination IP, the first source port and the first destination port are respectively opposite to the second source port and the second destination port, and the first transport protocol is the same as the second transport protocol, the quintuple information of the first response packet can be further obtained after the quintuple information of the first request packet is obtained.
g. And determining the characteristic information of the first response message according to the quintuple information of the first response message and the slot number of the first service board.
Specifically, after acquiring the quintuple information and the first service board slot number of the first response packet, the feature information of the first response packet may be determined.
In some embodiments, if the slot number of the first service board is consistent with the slot number of the second service board, the first request packet is sent to a resource server through the first service board.
For example, assuming that the first request packet is hashed and shunted to the first service board with slot number 01, and the first response packet is hashed and shunted to the first service board with slot number 01, the first request is sent to the resource server through the first service board.
In some embodiments, before the step a (receiving the first tunnel packet sent by the switch board) is executed, the following steps may also be executed:
(1) and the exchange board receives a first tunnel message sent by the client.
The first tunnel packet carries an outer source IP, an outer destination IP, an inner source IP, and an inner destination IP.
(2) And sending the first tunnel message to a first service board based on the outer layer source IP and the outer layer destination IP.
Specifically, the switch board receives a first tunnel packet sent by the client, and distributes the first tunnel packet to the first service board for processing.
The message processing method provided by the embodiment of the disclosure is applied to network security equipment, and comprises the steps of firstly obtaining characteristic information of a first response message, then creating a message transfer board information table according to the characteristic information of the first response message, then sending the first request message to a resource server, receiving the first response message sent by the resource server, wherein the first response message carries target quintuple information, inquiring the message transfer board information table according to the target quintuple information, and if the target quintuple information hits the quintuple information corresponding to any first response message in the message transfer board information table, sending the first response message transfer board to a first service board according to table entry information corresponding to the message transfer board information table, so that the first request message and the first response message are both processed by the first service board. Before the first request message is sent to the resource server, the second service board already acquires the characteristic information of the first response message, and establishes a message transfer board information table according to the characteristic information of the first response message, wherein the message transfer board information table comprises the quintuple information of a plurality of response messages and the service board slot number of the corresponding request message, so that when a plurality of service data are concurrently processed by multiple cores, the table entry information consistent with the quintuple information of the response message of each service data can be searched in the message transfer board information table according to the quintuple information of the response message of each service data, and each response message transfer board is sent to the service board slot number of the corresponding request message according to the service board slot number of the request message corresponding to each response message, so that each response message and each corresponding request message are processed on the same service board in service, and under a scene, the message transfer board information table is established before the response message reaches the target service board, thereby avoiding the phenomenon of packet loss caused by the concurrent processing of the service boards, and further guaranteeing the problem of packet loss due to the time sequence of the multiple cores, and further guaranteeing the large flow session volume of the LVPN.
In one embodiment, as shown in fig. 3, there is provided a message processing apparatus 300, including:
a characteristic information obtaining module 310, configured to obtain characteristic information of the first response packet; the feature information of the first response packet includes: quintuple information of the first response message and a first service board slot number; the first service board slot number is the corresponding service board slot number after the first request message is split by the hash;
a transfer board information table creating module 320, configured to create a message transfer board information table according to the feature information of the first response message; the message board-to-board information table consists of five-tuple information of at least one first response message and at least one first service board slot number;
a request message sending module 330, configured to send the first request message to the resource server;
a response message receiving module 340, configured to receive a first response message sent by the resource server; the first response message carries target quintuple information; the target quintuple information is used for representing quintuple information of the first response message;
a quintuple information query module 350, configured to query the message forwarding table according to the target quintuple information;
a forwarding board sending module 360, configured to send the first response packet forwarding board to a first service board according to the entry information corresponding to the packet forwarding board information table if the target quintuple information hits the quintuple information corresponding to any first response packet in the packet forwarding board information table, so that the first request packet and the first response packet are both processed by the first service board.
As an optional implementation manner of the embodiment of the present disclosure, the feature information obtaining module 310 includes:
a tunnel message receiving unit, configured to receive a first tunnel message sent by a switch board;
a service board slot number obtaining unit, configured to decrypt the first tunnel packet, and obtain a first service board slot number and a second service board slot number;
the judging unit is used for judging whether the slot number of the second service board is consistent with the slot number of the first service board;
a first sending unit, configured to send, by the first service board, the first request packet to the second service board if the slot number of the second service board is inconsistent with the slot number of the first service board;
a first receiving unit, configured to receive the first request packet by the second service board, where the first request packet carries a first service board slot number;
a quintuple information obtaining unit, configured to obtain quintuple information of the first response packet according to a quintuple correspondence between the first request packet and the first response packet;
and the characteristic information determining unit is used for determining the characteristic information of the first response message according to the quintuple information of the first response message and the slot number of the first service board.
As an optional implementation manner of the embodiment of the present disclosure, the apparatus further includes a tunnel packet sending module, which is specifically configured to:
the method comprises the steps that a switch board receives a first tunnel message sent by a client; the first tunnel message carries an outer source IP, an outer destination IP, an inner source IP and an inner destination IP;
and sending the first tunnel message to a first service board based on the outer layer source IP and the outer layer destination IP.
As an optional implementation manner of the embodiment of the present disclosure, the service board slot number obtaining unit includes:
a tunnel message decryption unit, configured to decrypt based on the first tunnel message, and obtain an outer source IP, an outer destination IP, an inner source IP, an inner destination IP, an inner source port, an inner destination port, an inner transport protocol, and a first request message;
a first service board slot number obtaining unit, configured to perform hash distribution according to the outer layer source IP and the outer layer destination IP, and obtain a first service board slot number of the first request packet;
a determining unit, configured to determine that the inner layer source IP is a first source IP of the first request packet, the inner layer destination IP is a first destination IP of the first request packet, the inner layer source port is a first source port, the inner layer destination port is a first destination port, and the inner layer transport protocol is a first transport protocol;
a second service board slot number obtaining unit, configured to determine a second service board slot number based on the first source IP and the first destination IP; and the second service board slot number is the service board slot number responsible for processing the first response message.
As an optional implementation manner of the embodiment of the present disclosure, the second service board slot number obtaining unit is specifically configured to:
converting according to the first source IP and the first destination IP to obtain a second source IP and a second destination IP;
and carrying out Hash distribution according to the second source IP and the second destination IP to obtain a second service board slot number.
As an optional implementation manner of this embodiment of the present disclosure, the request packet sending module 330 is further configured to:
and sending the first request message to a resource server through a second service board.
As an optional implementation manner of the embodiment of the present disclosure, the apparatus further includes:
and the second sending unit is used for sending the first request message to a resource server through the first service board if the slot number of the first service board is consistent with the slot number of the second service board.
The message processing apparatus provided by the embodiment of the disclosure is applied to a network security device, and is configured to first obtain feature information of a first response message, then create a message transfer board information table according to the feature information of the first response message, then send the first request message to a resource server, receive the first response message sent by the resource server, where the first response message carries target quintuple information, query the message transfer board information table according to the target quintuple information, and if the target quintuple information hits any one of the quintuple information corresponding to the first response message in the message transfer board information table, send the first response message transfer board to a first service board according to entry information corresponding to the message transfer board information table, so that both the first request message and the first response message are processed by the first service board. Before the first request message is sent to the resource server, the second service board already acquires the characteristic information of the first response message, and establishes a message transfer board information table according to the characteristic information of the first response message, wherein the message transfer board information table comprises the quintuple information of a plurality of response messages and the service board slot number of the corresponding request message, so that when a plurality of service data are concurrently processed by multiple cores, the table entry information consistent with the quintuple information of the response message of each service data can be searched in the message transfer board information table according to the quintuple information of the response message of each service data, and each response message transfer board is sent to the service board slot number of the corresponding request message according to the service board slot number of the request message corresponding to each response message, so that each response message and each corresponding request message are processed on the same service board in service, and under a scene, the message transfer board information table is established before the response message reaches the target service board, thereby avoiding the phenomenon of packet loss caused by the concurrent processing of the service boards, and further guaranteeing the problem of packet loss due to the time sequence of the multiple cores, and further guaranteeing the large flow session volume of the LVPN.
The embodiment of the present disclosure further provides an electronic device, and fig. 4 is a schematic structural diagram of the electronic device provided in the embodiment of the present disclosure. As shown in fig. 4, the electronic device provided in this embodiment includes: a memory 41 and a processor 42, the memory 41 being for storing computer programs; the processor 42 is configured to execute the steps of the message processing method provided by the above-mentioned method embodiment when calling the computer program.
The embodiment of the present disclosure further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the steps in the message processing method provided in the foregoing method embodiment.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
The processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer readable media include both permanent and non-permanent, removable and non-removable storage media. Storage media may implement an information store by any method or technology, and the information may be computer-readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include transitory computer readable media (transmyedia) such as modulated data signals and carrier waves.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A message processing method is applied to a network security device, and the network security device comprises: a switch board and at least two service boards, the method comprising:
acquiring characteristic information of the first response message; the feature information of the first response packet includes: quintuple information of the first response message and a first service board slot number; the first service board slot number is the corresponding service board slot number after the first request message is split by the hash;
creating a message board transferring information table according to the characteristic information of the first response message; the message board-to-board information table consists of five-tuple information of at least one first response message and at least one first service board slot number;
sending the first request message to a resource server;
receiving a first response message sent by the resource server; the first response message carries target quintuple information; the target quintuple information is used for representing quintuple information of the first response message;
inquiring the message transfer board information table according to the target quintuple information;
and if the target quintuple information hits quintuple information corresponding to any first response message in the message transfer plate information table, sending the first response message transfer plate to a first service plate according to table entry information corresponding to the message transfer plate information table, so that the first request message and the first response message are both processed by the first service plate.
2. The method of claim 1, wherein the obtaining the feature information of the first response packet comprises:
receiving a first tunnel message sent by a switching board;
decrypting the first tunnel message to obtain a first service board slot number and a second service board slot number;
judging whether the slot number of the second service board is consistent with the slot number of the first service board;
if the slot number of the second service board is not consistent with the slot number of the first service board, the first service board transmits the first request message to the second service board;
the second service board receives the first request message, and the first request message carries a first service board slot number;
acquiring quintuple information of the first response message according to the quintuple correspondence between the first request message and the first response message;
and determining the characteristic information of the first response message according to the quintuple information of the first response message and the slot number of the first service board.
3. The method of claim 2, wherein prior to receiving the first tunneling packet sent by the switch board, the method further comprises:
the method comprises the steps that a switch board receives a first tunnel message sent by a client; the first tunnel message carries an outer source IP, an outer destination IP, an inner source IP and an inner destination IP;
and sending the first tunnel message to a first service board based on the outer layer source IP and the outer layer destination IP.
4. The method according to claim 2, wherein the decrypting the first tunnel packet to obtain the slot number of the first service board and the slot number of the second service board comprises:
decrypting based on the first tunnel message to obtain an outer source IP, an outer destination IP, an inner source IP, an inner destination IP, an inner source port, an inner destination port, an inner transport protocol and a first request message;
performing hash shunting according to the outer layer source IP and the outer layer destination IP to obtain a first service board slot number of the first request message;
determining that the inner layer source IP is a first source IP of the first request message, the inner layer destination IP is a first destination IP of the first request message, the inner layer source port is a first source port, the inner layer destination port is a first destination port, and the inner layer transport protocol is a first transport protocol;
determining a second service board slot number based on the first source IP and the first destination IP; and the second service board slot number is the service board slot number responsible for processing the first response message.
5. The method of claim 4, wherein the determining a second traffic board slot number based on the first source IP and the first destination IP comprises:
converting according to the first source IP and the first destination IP to obtain a second source IP and a second destination IP;
and carrying out Hash distribution according to the second source IP and the second destination IP to obtain a second service board slot number.
6. The method of claim 1, wherein after creating a message forwarding information table according to the feature information of the first response message, the method further comprises:
and sending the first request message to a resource server through a second service board.
7. The method of claim 2, further comprising:
and if the slot number of the first service board is consistent with the slot number of the second service board, sending the first request message to a resource server through the first service board.
8. A message processing apparatus, comprising:
the characteristic information acquisition module is used for acquiring the characteristic information of the first response message; the feature information of the first response packet includes: quintuple information of the first response message and a first service board slot number; the first service board slot number is the corresponding service board slot number after the first request message is split by the hash;
a board transfer information table creation module, configured to create a message board transfer information table according to the feature information of the first response message; the message board-to-board information table is composed of five-tuple information of at least one first response message and at least one first service board slot number;
the request message sending module is used for sending the first request message to the resource server;
a response message receiving module, configured to receive a first response message sent by the resource server; the first response message carries target quintuple information; the target quintuple information is used for representing quintuple information of the first response message;
a quintuple information query module for querying the message transfer board information table according to the target quintuple information;
and the transfer board sending module is used for sending the first response message transfer board to a first service board according to the table entry information corresponding to the message transfer board information table if the target quintuple information hits the quintuple information corresponding to any first response message in the message transfer board information table, so that the first request message and the first response message are both processed by the first service board.
9. An electronic device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the message processing method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the message processing method according to any one of claims 1 to 7.
CN202210951150.5A 2022-08-09 2022-08-09 Message processing method and device and electronic equipment Pending CN115412308A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210951150.5A CN115412308A (en) 2022-08-09 2022-08-09 Message processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210951150.5A CN115412308A (en) 2022-08-09 2022-08-09 Message processing method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN115412308A true CN115412308A (en) 2022-11-29

Family

ID=84159869

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210951150.5A Pending CN115412308A (en) 2022-08-09 2022-08-09 Message processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN115412308A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103931162A (en) * 2014-01-20 2014-07-16 华为技术有限公司 Method for processing service and network equipment
CN104486226A (en) * 2014-12-23 2015-04-01 北京天融信科技有限公司 Message processing method and device
CN110601990A (en) * 2019-10-30 2019-12-20 杭州迪普科技股份有限公司 Message distribution method and device
US20200244557A1 (en) * 2017-10-23 2020-07-30 Huawei Technologies Co., Ltd. Traffic processing method, user plane apparatus, and terminal device
CN112585914A (en) * 2020-11-27 2021-03-30 新华三技术有限公司 Message forwarding method and device and electronic equipment
WO2021139311A1 (en) * 2020-08-07 2021-07-15 平安科技(深圳)有限公司 Routing forwarding method and apparatus, routing device and readable storage medium
CN113179295A (en) * 2021-04-02 2021-07-27 杭州迪普科技股份有限公司 Message processing method and device
CN113383531A (en) * 2019-12-25 2021-09-10 华为技术有限公司 Forwarding equipment, network card and message forwarding method
WO2022116848A1 (en) * 2020-12-01 2022-06-09 武汉绿色网络信息服务有限责任公司 Packet transmission method and apparatus, computer device, and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103931162A (en) * 2014-01-20 2014-07-16 华为技术有限公司 Method for processing service and network equipment
CN104486226A (en) * 2014-12-23 2015-04-01 北京天融信科技有限公司 Message processing method and device
US20200244557A1 (en) * 2017-10-23 2020-07-30 Huawei Technologies Co., Ltd. Traffic processing method, user plane apparatus, and terminal device
CN110601990A (en) * 2019-10-30 2019-12-20 杭州迪普科技股份有限公司 Message distribution method and device
CN113383531A (en) * 2019-12-25 2021-09-10 华为技术有限公司 Forwarding equipment, network card and message forwarding method
WO2021139311A1 (en) * 2020-08-07 2021-07-15 平安科技(深圳)有限公司 Routing forwarding method and apparatus, routing device and readable storage medium
CN112585914A (en) * 2020-11-27 2021-03-30 新华三技术有限公司 Message forwarding method and device and electronic equipment
WO2022116848A1 (en) * 2020-12-01 2022-06-09 武汉绿色网络信息服务有限责任公司 Packet transmission method and apparatus, computer device, and storage medium
CN113179295A (en) * 2021-04-02 2021-07-27 杭州迪普科技股份有限公司 Message processing method and device

Similar Documents

Publication Publication Date Title
US11343353B2 (en) Method and system of dispatching requests in a content delivery network
CN109189751B (en) Data synchronization method based on block chain and terminal equipment
CN109660578B (en) CDN back-to-source processing method, device and system
EP3170091B1 (en) Method and server of remote information query
US8302204B2 (en) Secure distributed item-level discovery service using secret sharing
US20120155646A1 (en) Supporting dns security in a multi-master environment
US10637794B2 (en) Resource subscription method, resource subscription apparatus, and resource subscription system
WO2021120355A1 (en) Domain name parsing method, authoritative domain name server and local domain name server
US20150088995A1 (en) Method and apparatus for sharing contents using information of group change in content oriented network environment
JPWO2021040827A5 (en)
JP2018506796A (en) Data backfill method and system
CN112615781B (en) Method and server for realizing BGP message interaction in DPDK
CN113891396B (en) Data packet processing method and device, computer equipment and storage medium
CN112769671B (en) Message processing method, device and system
US8539099B2 (en) Method for providing on-path content distribution
CN109639589B (en) Load balancing method and device
WO2016090921A1 (en) Session control method and device
CN109547508B (en) Method, device and system for realizing resource access
CN115277816B (en) Service adaptation method, device, system and computer readable medium
CN115412308A (en) Message processing method and device and electronic equipment
CN113301173A (en) Domain name updating system and method, message forwarding method and server
CN115277213B (en) Message transfer board processing method and device
Karolewicz et al. On efficient data storage service for IoT
CN106060155B (en) The method and device of P2P resource-sharing
WO2024114539A1 (en) Address allocation method and apparatus, and user plane function entity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination