CN116094737A - Processing method, server, equipment and storage medium for dial-up online - Google Patents
Processing method, server, equipment and storage medium for dial-up online Download PDFInfo
- Publication number
- CN116094737A CN116094737A CN202111310352.3A CN202111310352A CN116094737A CN 116094737 A CN116094737 A CN 116094737A CN 202111310352 A CN202111310352 A CN 202111310352A CN 116094737 A CN116094737 A CN 116094737A
- Authority
- CN
- China
- Prior art keywords
- negotiation
- time
- client
- network layer
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 8
- 230000000977 initiatory effect Effects 0.000 claims abstract description 82
- 230000004044 response Effects 0.000 claims abstract description 60
- 238000000034 method Methods 0.000 claims abstract description 33
- 238000012545 processing Methods 0.000 claims description 16
- 230000003111 delayed effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000003068 static effect Effects 0.000 description 6
- 238000012790 confirmation Methods 0.000 description 5
- 230000006399 behavior Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000001934 delay Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000005236 sound signal Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Abstract
The embodiment of the application discloses a dial-up online processing method, device, equipment and storage medium, wherein the method comprises the following steps: sending authentication success information of PPP authentication of the session to the client so as to inform the client to enter a network layer for negotiation; determining negotiation initiation time of network layer negotiation; receiving a first negotiation message which is transmitted by a client and negotiated by a network layer, and taking the time of receiving the first negotiation message as negotiation response time; determining whether the client performs a delay operation of network layer negotiation according to the negotiation initiation time and the negotiation response time; if the client determines to carry out the delay operation of the network layer negotiation, the session is closed, the non-compliance delay is refused, and the unauthorized multi-dialing behavior obtained in a manual delay network layer negotiation mode is stopped.
Description
Technical Field
The application relates to a communication technology and provides a dial-up processing method, a server, computer equipment and a computer readable storage medium.
Background
Network operators often carry out multiple authentications on broadband dialing of users based on service security and network security requirements, besides account numbers and passwords, the common types of online positions, online session numbers and the like are also online positions, so as to limit unauthorized broadband dialing behaviors, but because of vulnerabilities of a PPPoE (Point to Point Protocol over Ethernet, ethernet-based point-to-point) protocol, users can still bypass the limitation of operators on the online quantity by modifying a PPPOE client program, and realize multiple dialing online, thereby obtaining multiple bandwidths and multiple IP (Internet Protocol ) addresses; this causes loss of service revenue and waste of IP addresses for the operators.
Disclosure of Invention
The present application aims to provide a processing method, a server, a computer device and a computer readable storage medium for dial-up, reject non-compliance delay, and prevent unauthorized multi-dial behavior obtained by artificially delaying network layer negotiation.
The application provides a dial-up online processing method, which comprises the following steps: sending authentication success information of PPP authentication of a session to a client to inform the client to enter a network layer for negotiation; determining negotiation initiation time of the network layer negotiation; receiving a first negotiation message which is transmitted by the client and is negotiated by the network layer, and taking the time of receiving the first negotiation message as negotiation response time; determining whether the client performs delay operation of the network layer negotiation according to the negotiation initiation time and the negotiation response time; and closing the session if the client determines that the network layer negotiates a delay operation.
Further, the determining the negotiation initiation time of the network layer negotiation includes: and sending a second negotiation message negotiated by the network layer to the client, and taking the time of sending the second negotiation message as the negotiation initiating time.
Further, the determining the negotiation initiation time of the network layer negotiation includes: recording the sending time of the authentication success message, and taking the sending time as the negotiation initiating time.
Further, the determining whether the client performs the delay operation of the network layer negotiation according to the negotiation response time and the negotiation initiation time includes: determining a difference between the negotiation response time and the negotiation initiation time; and determining whether the client performs delay operation of the network layer negotiation according to the difference between the negotiation response time and the negotiation initiation time and a preset time threshold.
Further, the preset time threshold includes a minimum interval duration of a charging start packet set by the authentication server, and the determining whether the client performs the delay operation of the network layer negotiation according to the difference between the negotiation response time and the negotiation initiation time and the preset time threshold includes:
and if the difference between the negotiation initiation time and the negotiation response time exceeds the minimum interval duration of the charging start packet, determining the delay operation of the client for the network layer negotiation.
Further, the preset time threshold includes a standard time determined according to a time spent by a standard client to dial online historically, and the determining whether the client performs a delay operation of the network layer negotiation according to a difference between the negotiation response time and the negotiation initiation time and a preset time threshold further includes:
and if the difference between the negotiation initiation time and the negotiation response time exceeds the standard time, determining the delay operation of the client for the network layer negotiation.
Further, the preset time threshold further includes a charging start packet minimum interval duration set by the authentication server, and before the determining that the client delays the network negotiation, the method further includes:
if the difference between the negotiation initiation time and the negotiation response time exceeds the standard time but does not exceed the minimum interval duration of the charging start packet, determining that the client does not perform the delay operation of the network layer negotiation;
and if the difference between the negotiation initiation time and the negotiation response time exceeds the minimum interval duration of the charging start packet, determining the delay operation of the client for carrying out the network layer negotiation.
The application also provides a server, which comprises: the sending module sends authentication success information of PPP authentication of the session to the client so as to inform the client to enter a network layer for negotiation; a negotiation determining module for determining negotiation initiation time of the network layer negotiation; the receiving module is used for receiving a first negotiation message which is transmitted by the client and negotiated by the network layer, and taking the time of receiving the first negotiation message as negotiation response time; the delay determining module is used for determining whether the client performs the delay operation of the network layer negotiation according to the negotiation initiating time and the negotiation response time; and the session closing module is used for closing the session if the delay operation of the network layer negotiation by the client is determined.
The present application also proposes a computer device comprising: one or more processors; storage means for storing one or more programs that, when executed by the one or more processors, cause the computer device to implement the methods described above.
The present application also proposes a computer readable storage medium having stored thereon computer readable instructions, which when executed by a processor of a computer, cause the computer to perform a method as described above.
Compared with the prior art, the application has the following beneficial effects:
in the technical scheme provided by the application, after the authentication phase of the session is successful, the server adds a tracking mechanism of network negotiation, determines whether the client performs delay operation of the network layer negotiation according to the negotiation initiation time and the negotiation response time of the network layer negotiation, closes the session when determining that the client delays the network layer negotiation, namely refuses the non-compliant delay, avoids the unauthorized multi-dialing behavior obtained in a manual delay network layer negotiation mode, avoids the service loss of each operator, and avoids the potential safety hazard of network equipment of the operator caused by user behavior.
Drawings
FIG. 1 is a schematic illustration of one implementation environment to which the present application relates;
FIG. 2 is a flow chart illustrating an unauthorized multiple dialing up in accordance with an exemplary embodiment of the present application;
FIG. 3 is a flow chart illustrating a method of handling dial-up wire in accordance with an exemplary embodiment of the present application;
FIG. 4 is a flow chart illustrating another method of dial-up processing according to an exemplary embodiment of the present application;
FIG. 5 is a flow chart illustrating yet another method of dial-up processing according to an exemplary embodiment of the present application;
FIG. 6 is a schematic diagram of a server shown in an exemplary embodiment of the present application;
FIG. 7 is a flow chart illustrating server-client interactions according to an exemplary embodiment of the present application;
fig. 8 shows a schematic structural diagram of a computer device suitable for use in implementing embodiments of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
Also to be described is: reference to "a plurality" in this application means two or more than two. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., a and/or B may represent: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
Referring to fig. 1, fig. 1 is a schematic diagram of an implementation environment according to the present application. The implementation environment comprises a client 10 and a server 20, wherein the client 10 and the server 20 are communicated through a wired or wireless network;
it should be noted that the clients and the service terminals in the present application support PPPoE protocol, for example, the clients are PPPoE clients, the service terminals are PPPoE service terminals, and optionally, the PPPoE service terminals are service terminals of broadband access equipment (Broadband Remote Access Server, BRAS) equipment.
When the client connects the broadband, the PPPPoE protocol is utilized to apply for dialing and uploading to the server and the authentication server, the working flow of the PPPoE comprises two stages of Discovery (Discovery) and Session (Session), the Discovery stage is stateless, the purpose is to obtain the Ethernet MAC address (Media Access Control Address) of the PPPoE terminal, and a unique PPPoE Session-ID is established, so that the server can distinguish different users.
After the discovery phase is finished, a standard PPP session phase is entered, wherein the PPP session phase comprises a LCP (Link Control Protocol) negotiation phase, an authentication phase and a NCP (Network Control Protocol) negotiation phase, and user authentication, address allocation, charging and other functional attributes authorization to the user are completed, so that the service control of the client is realized.
The client 10 may be implemented in various forms. For example, the terminals described in the present invention may include mobile terminals such as cellular phones, tablet computers, notebook computers, palm computers, personal digital assistants (20 PDAs), portable media players (PortableMediaPlayer, PMP), wearable devices, smart bracelets, and fixed terminals such as digital TVs, desktop computers, and the like having dial-up capabilities.
The server 20 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs (Content Delivery Network, content delivery networks), basic cloud computing services such as big data and artificial intelligence platforms, which are not limited herein.
Referring to fig. 2, fig. 2 is a flowchart of an unauthorized multiple dialing online shown in an exemplary embodiment, which includes that a PPPoE terminal and a BRAS device complete PPPoE negotiation, the PPPoE terminal, the BRAS device and an authentication server complete user information authentication, the PPPoE terminal waits for a period of time to meet the requirement of multiple dialing authentication, and then initiates IPCP negotiation, after the IPCP negotiation is completed, the BRAS device sends an online request to the authentication server, and then the authentication server records online information and feeds back the online information to the BRAS device, which feeds back the PPPoE terminal, and completes the dialing online of the PPPoE terminal. The PPPoE terminal waits for a period of time to initiate IPCP negotiation, during the waiting period, the PPPoE terminal can request authentication again, and the authentication server can successfully authenticate because the authentication server does not detect the record of online, thereby realizing multiple dialing authentication and finally realizing batch online, avoiding the limitation of BRAS and the authentication server on the session number of the broadband account, and realizing a plurality of online sessions with the same line and the same number; in order to solve the problem, the embodiment provides a processing method for dialing online, which increases an IPCP negotiation timer through a PPPoE server to solve the problem that a user PPPoE client delays IPCP negotiation and illegally dials more.
Referring to fig. 3, fig. 3 is a flowchart illustrating a method for processing a dial-up line according to an exemplary embodiment of the present application, where the method for processing a dial-up line is executed by the server shown in fig. 1, and the method for processing a dial-up line includes steps S110 to S150, which are described in detail as follows:
s110, sending authentication success information of PPP authentication of the session to the client so as to inform the client of entering a network layer for negotiation.
In this embodiment, the server and the client have completed the discovery phase of PPPPoE and the LCP negotiation phase, and the LCP negotiation phase completes the Maximum Transmission Unit (MTU), whether to perform authentication and what authentication method (Authentication Type) is adopted, after LCP negotiation is completed, the authentication server performs PPP authentication through the server, and authenticates the information accuracy and the online number uniqueness of the client, where the PPP authentication includes PAP (Password Authentication Protocol ) authentication and CHAP (Challenge Handshake Authentication Protocol, challenge handshake authentication protocol) authentication; after receiving the authentication success message sent by the authentication server, the server determines that the information of the client is accurate and the information is unique corresponding to the online number, and sends the authentication success message of PPP authentication to the client so as to inform the client that the authentication is successful and can enter a network layer for negotiation.
S120, determining the negotiation initiation time of the network layer negotiation.
In this embodiment, the network layer negotiates, that is, negotiates network layer parameters of both parties, negotiates a network protocol to be adopted; the network layer negotiation is specifically NCP negotiation, and the main function of NCP is to negotiate network layer parameters of PPP packets, such as IP address, DNS Server IP (Domain Name Server IP ) address, WINS Server IP (Windows Internet Name Service IP) address, etc., where NCP negotiation is a plurality of types, such as IPCP (Internet Protocol Control Protocol ), BCP (Bridge Control Protocol, bridge Control Protocol), IPv6CP (IP Control Protocol and IPv6 Control Protocol ), and the most commonly used is IPCP Protocol.
Illustratively, the client obtains the IP address or IP address segment of the visited network primarily through IPCP negotiations. IPCP negotiation can be classified into static negotiation and dynamic negotiation according to different configurations of a client and a server; wherein, static negotiation, i.e. no negotiation, the two ends of the point-to-point communication equipment are configured with IP addresses, when reaching the network layer negotiation stage, the two communication parties inform the IP addresses of the two parties; dynamic negotiation, namely negotiation for dynamically acquiring an IP address; the server side manually configures the IP address, the IP address needs to be allocated to the client side, and the client side dynamically acquires the IP address.
It should be noted that, in an example of the present embodiment, after entering the network layer negotiation, the client may first send a negotiation message of the network layer negotiation to request to configure the IP address; determining a negotiation initiation time of the network layer negotiation at this time includes: recording the sending time of the authentication success message, and taking the sending time as the negotiation initiating time.
In this embodiment, when the server sends an authentication success message, the sending time is recorded, and the server uses the sending time as a negotiation initiation time, where the authentication success message informs the client that the PPP authentication phase passes, and also informs the client that the client can send a negotiation message for network layer negotiation, and the negotiation initiation time is a negotiation notification time for informing the client to initiate network layer negotiation; when the client receives the authentication success message, the client can directly and immediately initiate the network layer negotiation so as to respond to the negotiation notification of the server.
In an example of this embodiment, after entering the network layer negotiation, the server may first send a negotiation message for the network layer negotiation to inform the client of its own IP address; determining a negotiation initiation time of the network layer negotiation at this time includes: and sending a second negotiation message negotiated by the network layer to the client, and taking the time of sending the second negotiation message as negotiation initiating time.
The server side sends a second negotiation message of the network layer negotiation to the client side, wherein the second negotiation message is used for informing the client side of the IP address of the client side, the time for sending the second negotiation message is taken as the negotiation initiation time, and the negotiation initiation time informs the client side of the negotiation initiation time of the network layer negotiation; when the client receives the second negotiation message, the client may send a first negotiation message negotiated by the network layer in response to the second negotiation message.
When the network layer negotiation is IPCP negotiation, whether static negotiation or dynamic negotiation is adopted, the second negotiation message that the server sends the network negotiation to the client is an IPCP request message, where the IPCP request message carries the IP address of the client.
S130, receiving a first negotiation message negotiated by a network layer and sent by the client, and taking the time of receiving the first negotiation message as negotiation response time.
In an example of this embodiment, after the server sends the authentication success message, the client receives the authentication success message, and sends a first negotiation message negotiated by the network layer to the server, and when static negotiation is adopted, the first negotiation message negotiated by the network layer sent by the client is an IPCP request message, where the IPCP request message carries an IP address configured by the client; when adopting dynamic negotiation, the IPCP request message carries an IP address of zero.
In another example of this embodiment, after the server sends the second negotiation message negotiated by the network layer, the client sends the first negotiation message negotiated by the network layer to the server after receiving the second negotiation message, which may be a Configuration-Ack message of a confirmation message that replies to the second negotiation message, so as to inform that the server itself has known the IP address of the server; the first negotiation message may also be an IPCP request message requesting an IP address from the server, where, when static negotiation is adopted, the IPCP request message carries an IP address configured by the client; when adopting dynamic negotiation, the IPCP request message carries an IP address of zero.
When the server receives the first negotiation message sent by the client, the client responds to the network layer negotiation, records the receiving time of the received first negotiation message, and takes the receiving time as the negotiation response time of the client responding to the network layer negotiation.
And S140, determining whether the client performs the delay operation of the network layer negotiation according to the negotiation initiation time and the negotiation response time.
In this embodiment, the time spent by the client in responding to the network layer negotiation may be determined according to the negotiation initiation time and the negotiation response time, so as to determine whether the client performs a delay operation of the network layer negotiation according to the time spent by the client in responding to the network layer negotiation, that is, whether the client waits for a plurality of times to send the first negotiation message.
Exemplary delay operations for determining whether a client performs network layer negotiation by a server include: and determining the difference between the negotiation response time and the negotiation initiation time, and determining whether the client performs the delay operation of the network layer negotiation according to the difference between the negotiation response time and the negotiation initiation time and a preset time threshold.
The difference between the negotiation response time and the negotiation initiation time is compared with a preset time threshold to determine whether the client performs the delay operation of the network layer negotiation, where the preset time threshold may be a specific value or a range of values, and is not limited herein.
It should be noted that, in an example of the present embodiment, the preset time threshold may be different according to the negotiation initiation time. When the negotiation initiation time is the sending time of the authentication success message sent by the server, the transmission time is required for the authentication success message to be transmitted to the client, so that the preset time threshold value corresponding to the sending time of the authentication success message sent by the server is set by the negotiation initiation time, and is larger than the preset time threshold value corresponding to the sending time of the second negotiation message initiated by the server to the client.
In another example of the present embodiment, the preset time threshold may be the same according to the difference in negotiation initiation time; the preset time threshold includes a charging start packet minimum interval duration set by the authentication server, that is, the authentication server sets a charging start packet minimum interval duration of two adjacent times, and the charging start packet minimum interval duration of two adjacent times is used as the preset time threshold.
It is noted that, at this time, determining whether the client performs the delay operation of the network layer negotiation according to the difference between the negotiation response time and the negotiation initiation time and the preset time threshold specifically includes: and when the difference between the negotiation initiation time and the negotiation response time exceeds the minimum interval duration of the charging start packet, determining the delay operation of the client for network layer negotiation.
When the minimum interval duration of the charging start packet is a numerical value, the difference between the negotiation initiation time and the negotiation response time is larger than the numerical value, which indicates that the client performs the delay operation of network layer negotiation; when the charging start includes that the minimum interval duration is a value range, if the difference between the negotiation initiation time and the negotiation response time is not in the value range, the delay operation of the network layer negotiation performed by the client is indicated.
In another embodiment, the preset time threshold comprises a standard time determined from a standard client historical online dialing time; for example, after the server side sends an authentication success message or a second negotiation message, recording the historical negotiation response time sent by the standard client side, and taking the average value of the difference between the historical negotiation response time and the negotiation initiation time of the standard client side as a preset time threshold; or determining the maximum value and the minimum value of the difference between the historical negotiation response time and the negotiation initiation time of the standard client, and taking the value range between the maximum value and the minimum value as a preset time threshold.
Determining whether the client performs the delay operation of the network layer negotiation according to the difference between the negotiation response time and the negotiation initiation time and the preset time threshold value comprises the following steps: and when the difference between the negotiation initiation time and the negotiation response time exceeds the standard time, determining the delay operation of the client for network layer negotiation.
On the basis of another embodiment, the preset time threshold further comprises a minimum interval duration of a charging start packet set by the authentication server, when the difference between the negotiation initiation time and the negotiation response time exceeds the standard time, the client performs the delay operation of network layer negotiation, and further determines whether the client is reasonably delayed or not, when the difference between the negotiation initiation time and the negotiation response time exceeds the standard time but does not exceed the minimum interval duration of the charging start packet, the client is reasonably delayed, and the delay operation of network layer negotiation is not performed; when the difference between the negotiation initiation time and the negotiation response time exceeds the minimum interval duration of the charging start packet, determining the delay operation of the client for network layer negotiation, which means that the client performs unreasonable delay operation of the network layer negotiation.
And S150, closing the session if the client determines that the client performs the delay operation of the network layer negotiation.
In this embodiment, the client may manually delay the time point of the network layer negotiation, and by modifying the client program, manually delay the time point of the client initiating the network layer negotiation after the authentication is successful, so as to implement parallel online of multiple sessions; the server adds a tracking mechanism of the network layer negotiation time point, refuses the delay or unreasonable delay, and closes the session to prevent the client from illegally dialing.
It can be appreciated that when it is determined that the client does not perform the delay operation of the network layer negotiation, the server closes the session and sends a session close message to the client. And when the difference between the negotiation initiation time and the negotiation response time does not exceed the preset time threshold, indicating that the client does not perform the delay operation of the network layer negotiation, sending a negotiation confirmation message to the client. When IPCP dynamic negotiation is adopted, the negotiation confirmation message carries an IP address allocated to the client; when static negotiation of IPCP is employed, the negotiation acknowledgement message replies to the acknowledgement message of the first negotiation message of the client, indicating that the address of the client is already known.
In order to facilitate understanding, this embodiment describes a method for processing a dial-up line with a specific example, as shown in fig. 4, where the client is a PPPoE client, the server is a BRAS device, and the authentication server is a Radius server, and the method for processing a dial-up line includes a discovery phase, an LCP negotiation phase, an authentication phase, and an IPCP negotiation phase.
The discovery phase includes: the PPPoE client discovers the BRAS device by broadcasting and sending PADI (PPPoE Active Discovery Initiation) messages; after receiving the PADI message, all BRAS devices compare the service requested by the PPPoE client with the service which can be provided by the PPPoE client, and if the service can be provided, the BRAS devices unicast and reply the PADO (PPPoE Active Discovery Offer) message; the PPPoE client selects BRAS equipment corresponding to the PADO message received first, unicast transmits a PADR (PPPoE Active Discovery Request) message, prepares to start PPP session after receiving the PADR message, and transmits a PPPoE valid discovery session confirmation PADS (PPPoE Active Discovery Session-confirmation) message.
The LCP negotiation phase and authentication phase include: the PPPoE client and the BRAS device carry out LCP negotiation, and the PPPoE client carries out CHAP authentication with the Radius server through the BRAS device. And the BRAS equipment forwards the authentication success message sent by the Radius server to the PPPoE client.
The IPCP negotiation phase includes: the BRAS device sends the configuration-Request message to the PPPoE client, records the time for sending the configuration-Request message, and takes the time for sending the configuration-Request message as IPCP negotiation initiation time T1, wherein the configuration-Request message carries the IP address of the BRAS device.
The PPPoE client sends a configuration-Request message to the BRAS equipment, wherein the IP address of the configuration-Request message is zero or the configuration-Ack message is used for confirming the IP address of the BRAS equipment.
The BRAS device records the time of receiving the message, takes the time of receiving the message as IPCP negotiation response time T2, and judges whether T2-T1 is in a reasonable range or not.
If the T2-T1 is not in the reasonable range, the BRAS device closes the session and sends a PADT message to the PPPoE client.
If T2-T1 is in a reasonable range, the BRAS device sends a configuration-Nck message to the PPPoE client, the configuration-Nck message carries a dynamically allocated IP address, the PPPoE client sends a configuration-Request message with the allocated IP address, and the BRAS device replies the configuration-Ack message, so that the configuration is successful.
For easy understanding, the present embodiment describes a dial-up processing method with another specific example, as shown in fig. 5, and the discovery phase, the LCP negotiation phase, and the authentication phase are shown in fig. 4, which are not described in detail herein.
IPCP negotiation phase: the BRAS device forwards the authentication success message sent by the Radius server to the PPPoE client, records the time for sending the authentication success message, and takes the time for sending the authentication success message as IPCP negotiation initiation time T1.
The PPPoE client sends a configuration-Request message to the BRAS equipment, takes the time of receiving the message as IPCP negotiation response time T2, and judges whether T2-T1 is in a reasonable range or not, wherein the configuration-Request message carries an IP address configured by the PPPoE client.
If the T2-T1 is not in the reasonable range, the BRAS device sends a PADT message to the PPPoE client.
If T2-T1 is in a reasonable range, the BRAS device sends a configuration-Ack message to the PPPoE client to confirm the IP address of the PPPoE client.
The following describes an embodiment of an apparatus of the present application that may be used to perform the text-based classification method of the above-described embodiments of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the text classification method described in the present application.
As shown in fig. 6, fig. 6 is a schematic diagram of a server according to an exemplary embodiment of the present application, including:
a sending module 610, configured to send an authentication success message of PPP authentication of the session to the client, so as to inform the client to enter a network layer for negotiation;
a negotiation determination module 620 that determines a negotiation initiation time of the network layer negotiation;
a receiving module 630, configured to receive a first negotiation message negotiated by the network layer and sent by the client, and take a time of receiving the first negotiation message as a negotiation response time;
a delay determining module 640 for determining whether the client performs a delay operation of the network layer negotiation according to the negotiation initiation time and the negotiation response time;
the session closing module 650 closes the session if it is determined that the client performs the delay operation of the network layer negotiation.
In some embodiments of the present application, based on the foregoing solution, the negotiation determining module 620 is specifically configured to send a second negotiation message negotiated by the network layer to the client, and take a time of sending the second negotiation message as a negotiation initiation time.
In some embodiments of the present application, based on the foregoing solution, the negotiation determination module 620 is specifically configured to record a sending time of sending the authentication success message, and take the sending time as the negotiation initiation time.
In some embodiments of the present application, based on the foregoing solution, the delay determining module 640 includes a negotiation time determining unit and a delay judging unit, where the negotiation time determining unit is configured to determine a difference between a negotiation response time and a negotiation initiation time; the delay judging unit is used for determining whether the client performs the delay operation of the network layer negotiation according to the difference between the negotiation response time and the negotiation initiation time and the preset time threshold.
In some embodiments of the present application, based on the foregoing solution, the preset time threshold includes a charging start packet minimum interval duration set by the authentication server, and the delay determining unit is specifically configured to determine a delay operation of the client for performing network layer negotiation if a difference between the negotiation initiation time and the negotiation response time exceeds the charging start packet minimum interval duration.
In some embodiments of the present application, based on the foregoing solution, the preset time threshold includes a standard time determined according to a standard time spent by the standard client to dial online historically, and the delay determining unit is specifically configured to determine a delay operation of the client for performing the network layer negotiation if a difference between the negotiation initiation time and the negotiation response time exceeds the standard time.
In some embodiments of the present application, based on the foregoing solution, the preset time threshold further includes a minimum interval duration of a charging start packet set by the authentication server, and the delay determining unit is specifically configured to determine that the client does not perform a delay operation of network layer negotiation if a difference between a negotiation initiation time and a negotiation response time exceeds a standard time, but does not exceed the minimum interval duration of the charging start packet; if the difference between the negotiation initiation time and the negotiation response time exceeds the minimum interval duration of the charging start packet, determining the delay operation of the client for network layer negotiation.
As shown in fig. 7, fig. 7 shows a flow chart of dial-up connection between a PPPoE terminal and a BRAS device, the service end shown in fig. 6 is applied to the BRAS device, and a process of interaction between the PPPoE terminal and the BRAS device includes: the PPPoE terminal and the BRAS equipment complete PPPoE negotiation, the PPPoE terminal, the BRAS equipment and the authentication server complete user information authentication, the PPPoE terminal waits for a period of time to meet the requirement of multiple dialing authentication, then initiates IPCP negotiation, the BRAS equipment increases the longest waiting parameter of the IPCP negotiation, judges that the IPCP negotiation of the PPPoE terminal is overtime, namely judges that the PPPoE terminal carries out illegal delay, and then sends PADT frames to close PPPoE session; when judging that the IPCP negotiation of the PPPoE terminal is not overtime, continuing to carry out the IPCP negotiation with the PPPoE terminal, and further sending an online request to an authentication server by the BRAS equipment when the negotiation is completed, further recording online information by the authentication server and feeding back the online information to the BRAS equipment, and feeding back the PPPoE terminal by the BRAS equipment to complete the dialing online of the PPPoE terminal.
According to the technical scheme provided by the embodiment, hardware equipment is not required to be added, only the PPPoE source code of the BRAS equipment is required to be modified and recompiled, the tracking mechanism of the IPCP negotiation time point is added to the PPPoE server program of the BRAS equipment of an operator, illegal delay is refused, and therefore the phenomenon that unauthorized multi-dialing is obtained in a manual delay IPCP negotiation mode can be avoided.
It should be noted that, the apparatus provided in the foregoing embodiments and the method provided in the foregoing embodiments belong to the same concept, and the specific manner in which each module and unit perform the operation has been described in detail in the method embodiments, which is not repeated herein.
In an exemplary embodiment, a computer device includes one or more processors; storage means for storing one or more programs that, when executed by the one or more processors, cause the computer device to implement the method as described above.
Fig. 8 is a schematic diagram of a computer device, according to an example embodiment.
It should be noted that the computer device is just one example adapted to the present application, and should not be construed as providing any limitation to the scope of use of the present application. Nor should the computer device be construed as necessarily relying on or necessarily having one or more of the components of the exemplary computer device shown in fig. 8.
As shown in fig. 8, in an exemplary embodiment, the computer device includes a processing component 801, a memory 802, a power supply component 803, a multimedia component 804, an audio component 805, a processor 806, a sensor component 807, and a communication component 808. The components described above are not all necessary, and the computer device may add other components or reduce some components according to its own functional requirements, which is not limited in this embodiment.
The memory 802 is configured to store various types of data to support operations at the computer device, examples of which include instructions for any application or method operating on the computer device. The memory 802 has stored therein one or more modules configured to be executed by the one or more processors 806 to perform all or part of the steps of the methods described in the embodiments above.
The power supply component 803 provides power to the various components of the computer device. The power components 803 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for computer devices.
The multimedia component 804 includes a screen between the computer device and the user that provides an output interface. In some embodiments, the screen may include a TP (Touch Panel) and an LCD (Liquid Crystal Display ). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation.
The audio component 805 is configured to output and/or input audio signals. For example, the audio component 805 includes a microphone configured to receive external audio signals when the computer device is in an operational mode, such as a call mode, a recording mode, and a speech recognition mode. In some embodiments, the audio component 805 further comprises a speaker for outputting audio signals.
The sensor assembly 807 includes one or more sensors for providing status assessment of various aspects of the computer device. For example, the sensor assembly 807 may detect an on/off state of the computer device, and may also detect a temperature change of the computer device.
The communication component 808 is configured to facilitate communication between the computer device and other devices in a wired or wireless manner. The computer device may access a Wireless network based on a communication standard, such as Wi-Fi (Wireless-Fidelity).
It will be appreciated that the configuration shown in fig. 8 is merely illustrative and that the computer device may include more or fewer components than shown in fig. 8 or have different components than shown in fig. 8. Each of the components shown in fig. 8 may be implemented in hardware, software, or a combination thereof.
In an exemplary embodiment, a computer readable storage medium has stored thereon a computer program which, when executed by a processor, implements a method as described above. The computer-readable storage medium may be contained in the computer device described in the above embodiment or may exist alone without being assembled into the computer device.
The computer readable storage medium according to the embodiments of the present application may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains.
The foregoing is merely a preferred exemplary embodiment of the present application and is not intended to limit the embodiments of the present application, and those skilled in the art may make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for processing dial-up line, comprising:
sending authentication success information of PPP authentication of a session to a client to inform the client to enter a network layer for negotiation;
determining negotiation initiation time of the network layer negotiation;
receiving a first negotiation message which is transmitted by the client and is negotiated by the network layer, and taking the time of receiving the first negotiation message as negotiation response time;
determining whether the client performs delay operation of the network layer negotiation according to the negotiation initiation time and the negotiation response time;
and closing the session if the client determines that the network layer negotiates a delay operation.
2. The method of claim 1, wherein said determining a negotiation initiation time for said network layer negotiation comprises:
and sending a second negotiation message negotiated by the network layer to the client, and taking the time of sending the second negotiation message as the negotiation initiating time.
3. The method of claim 1, wherein said determining a negotiation initiation time for said network layer negotiation comprises:
recording the sending time of the authentication success message, and taking the sending time as the negotiation initiating time.
4. A method according to claim 2 or 3, wherein said determining whether the client performs a delay operation of the network layer negotiation according to the negotiation response time and the negotiation initiation time comprises:
determining a difference between the negotiation response time and the negotiation initiation time;
and determining whether the client performs delay operation of the network layer negotiation according to the difference between the negotiation response time and the negotiation initiation time and a preset time threshold.
5. The method according to claim 4, wherein the preset time threshold includes a charging start packet minimum interval duration set by an authentication server, and the determining whether the client performs the delay operation of the network layer negotiation according to a difference between the negotiation response time and the negotiation initiation time and a preset time threshold includes:
and if the difference between the negotiation initiation time and the negotiation response time exceeds the minimum interval duration of the charging start packet, determining that the client performs the delay operation of the network layer negotiation.
6. The method of claim 4, wherein the predetermined time threshold comprises a standard time determined based on a standard client's historical online dialing time, wherein the determining whether the client performs a delay operation for the network layer negotiation based on a difference between the negotiation response time and the negotiation initiation time and a predetermined time threshold, further comprises:
and if the difference between the negotiation initiation time and the negotiation response time exceeds the standard time, determining the delay operation of the client for the network layer negotiation.
7. The method of claim 6, wherein the preset time threshold further comprises a billing start packet minimum interval duration set by an authentication server, the determining that the client has delayed the network negotiation, the method further comprising:
if the difference between the negotiation initiation time and the negotiation response time exceeds the standard time but does not exceed the minimum interval duration of the charging start packet, determining that the client does not perform the delay operation of the network layer negotiation;
and if the difference between the negotiation initiation time and the negotiation response time exceeds the minimum interval duration of the charging start packet, determining the delay operation of the client for carrying out the network layer negotiation.
8. A server, comprising:
the sending module sends authentication success information of PPP authentication of the session to the client so as to inform the client to enter a network layer for negotiation;
a negotiation determining module for determining negotiation initiation time of the network layer negotiation;
the receiving module is used for receiving a first negotiation message which is transmitted by the client and negotiated by the network layer, and taking the time of receiving the first negotiation message as negotiation response time;
the delay determining module is used for determining whether the client performs the delay operation of the network layer negotiation according to the negotiation initiating time and the negotiation response time;
and the session closing module is used for closing the session if the delay operation of the network layer negotiation by the client is determined.
9. A computer device, comprising:
one or more processors;
storage means for storing one or more programs that, when executed by the one or more processors, cause the computer device to implement the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111310352.3A CN116094737A (en) | 2021-11-05 | 2021-11-05 | Processing method, server, equipment and storage medium for dial-up online |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111310352.3A CN116094737A (en) | 2021-11-05 | 2021-11-05 | Processing method, server, equipment and storage medium for dial-up online |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116094737A true CN116094737A (en) | 2023-05-09 |
Family
ID=86197803
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111310352.3A Pending CN116094737A (en) | 2021-11-05 | 2021-11-05 | Processing method, server, equipment and storage medium for dial-up online |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116094737A (en) |
-
2021
- 2021-11-05 CN CN202111310352.3A patent/CN116094737A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11297051B2 (en) | Authenticated session management across multiple electronic devices using a virtual session manager | |
| US11140162B2 (en) | Response method and system in virtual network computing authentication, and proxy server | |
| US10116448B2 (en) | Transaction authorization method and system | |
| EP3036650B1 (en) | System, apparatus, and method for sharing electronic device | |
| US8190694B2 (en) | Device centric controls for a device controlled through a web portal | |
| US8826398B2 (en) | Password changing | |
| US20100197293A1 (en) | Remote computer access authentication using a mobile device | |
| WO2017024842A1 (en) | Internet access authentication method, client, computer storage medium | |
| US9344417B2 (en) | Authentication method and system | |
| US20070136471A1 (en) | Systems and methods for negotiating and enforcing access to network resources | |
| CN104158808A (en) | Portal authentication method based on APP application and device | |
| US20110035793A1 (en) | Transparent reconnection | |
| EP2518972A1 (en) | System and method for device addressing | |
| US10846658B2 (en) | Establishing a communication event | |
| US20230013371A1 (en) | Data communication method, apparatus, and device, storage medium, and computer program product | |
| US9635524B2 (en) | Mobile device pass through for signaling messages | |
| EP2883367A1 (en) | Video call service | |
| US20070136301A1 (en) | Systems and methods for enforcing protocol in a network using natural language messaging | |
| TW201605203A (en) | Home control gateway and home control network connection method thereof | |
| WO2018032953A1 (en) | Windows window sharing method, gateway server, system, storage media | |
| US9641512B2 (en) | Identity protocol translation gateway | |
| KR20090072687A (en) | Network access authentication system and method for internet access service | |
| WO2016131297A1 (en) | Method and device for limiting non-permissive user equipment on access to home gateway | |
| CN116094737A (en) | Processing method, server, equipment and storage medium for dial-up online | |
| US20070136472A1 (en) | Systems and methods for requesting protocol in a network using natural language messaging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |