JP2015095789A - Communication terminal, communication method and communication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication terminal capable of correctly operating communication even for communication inappropriate to address conversion, when performing communication to separately use each of a plurality of communication interfaces by address conversion.SOLUTION: A communication control unit 82 selects a communication interface unit 81 for use in packet transmission and reception from among a plurality of communication interfaces 81, to perform control to convert a source address, included in a packet, into an address usable in the selected communication interface unit. A source address control unit 83 detects or predicts the occurrence of target communication inappropriate to address conversion by the communication control unit 82, to perform control to set a source address, which does not change before and after the address conversion on the target communication packet by the communication control unit 82, to the target communication packet, prior to the address conversion.

Description

  The present invention relates to a communication terminal, a communication method, and a communication program that control communication using a plurality of communication interfaces.

  In recent years, communication terminals having a plurality of communication interfaces have become widespread with the enhancement of functions of communication terminals such as mobile phones. Examples of such communication interfaces include 3G (3rd Generation), LTE (Long Term Evolution), wireless LAN (Local Area Network), WiMAX (Worldwide Interoperability Access) and other registered trademarks.

  Since resources that the communication network can use for communication are limited, if communication concentrates, congestion may occur and performance degradation or service stop may occur. This is particularly noticeable in the wireless communication network as described above.

  When the communication terminal has multiple communication interfaces, it is possible to avoid congestion and congestion of the communication network and achieve better communication quality by using different communication interfaces depending on the communication contents. become.

  As one method of properly using a communication interface used depending on the content of communication in a single communication terminal, a method of applying NAT (Network Address Translation) to a communication terminal side address in a header of a packet to be communicated. Yes (see Non-Patent Document 1). In the method described in Non-Patent Document 1, a communication interface to be used for transmission is first selected for a packet to be transmitted from a communication terminal. Thereafter, the source address which is the source address of the packet is converted (NAT) for the selected communication interface, and then the packet is transmitted from the selected communication interface.

  For the packet received by the communication terminal, the destination address is reversely converted. When NAT is not applied to a packet transmitted by a communication terminal, the packet is determined to be an inappropriate source address in the network to which the selected communication interface is connected, and communication may not be performed correctly.

  When a packet is transmitted / received from the selected communication interface, the opposite device such as an anchor device or a tunneling device becomes unnecessary by performing NAT using the address set in the communication interface. Therefore, it is possible to use a plurality of communication interfaces properly with a single communication terminal.

Shuichi Kano and three others, “Application of OpenFlow to Mobile Terminal Control by Business Operators”, IEICE Technical Report (Science Technical Report), Vol. 111, No. 468, NS2011-201, pp.123 -128, March 2012

  On the other hand, there is communication that does not operate normally when NAT is applied. As an example of communication that does not operate normally when NAT is applied, SIP (Session Initiation Protocol) protocol, FTP (File Transfer Protocol) protocol, UPnP (Universal Plug and Play) protocol and DLNA (Digital Living Network) are defined. There are communication specifications.

  In these protocols, the address used for communication is included in the data portion as well as the header portion of the packet for communication. Therefore, when NAT is applied to a packet and the address of the header part is changed, a difference occurs between the address of the header part and the address of the data part, and the protocol or communication process using the packet fails.

  As a method for correctly operating communication when NAT is applied, for example, a technique such as NAT traversal is also known. However, when this method is used, there is a problem that it is necessary to expand to a module (client, server, etc.) that performs communication, or an additional device such as a relay device or a proxy device is required.

  Therefore, the present invention provides a communication terminal, a communication method, and a communication capable of correctly operating a communication that is not suitable for address conversion when performing communication that uses a plurality of communication interfaces by performing address conversion. The purpose is to provide a program.

  The communication terminal according to the present invention selects a plurality of communication interface units and a communication interface unit used for packet transmission / reception, and converts the source address included in the packet into an address usable by the selected communication interface unit. Detecting or predicting the occurrence of target communication that is not suitable for address conversion by the communication control unit and the communication control unit, and setting the source address that does not change before and after address conversion for the packet of the target communication by the communication control unit And a source address control unit that performs control for setting the packet of the target communication before conversion.

  In the communication method according to the present invention, a communication interface unit used for packet transmission / reception is selected from a plurality of communication interface units, and a source address included in the packet is converted into an address usable by the selected communication interface unit. Detects or predicts the occurrence of target communication that is not suitable for address conversion, and changes the source address that does not change before and after address conversion to the target communication packet to the target communication packet before the address conversion. Control to be set is performed.

  A communication program according to the present invention selects a communication interface unit to be used for transmission / reception of a packet from a plurality of communication interface units, and uses a source address included in the packet as an address that can be used by the selected communication interface unit. A communication control process that performs control to convert to, and a source that detects or predicts the occurrence of target communication that is not suitable for address conversion in the communication control process, and does not change before and after address conversion for the packet of the target communication in the communication control process Source address control processing for performing control to set the address in the packet of the target communication before the conversion of the address is performed.

  According to the present invention, when performing communication that uses a plurality of communication interfaces by performing address conversion, the communication can be correctly operated even for communication that is not suitable for address conversion.

It is explanatory drawing which shows the structural example of the communication system with which the communication terminal of this invention is applied. It is a block diagram which shows one Embodiment of the communication terminal by this invention. 3 is a block diagram illustrating a configuration example of a communication control unit 10. FIG. 3 is a block diagram illustrating a configuration example of a communication processing unit 20. FIG. 3 is a block diagram illustrating a configuration example of a source address control unit 40. FIG. It is explanatory drawing which shows the specific example of a structure of the communication network 3-1 in this embodiment. It is explanatory drawing which shows the example of the MAC address and IP address of each apparatus. It is explanatory drawing which shows the example of the list | wrist of a control policy. It is a flowchart which shows the operation example of a communication system. It is a sequence diagram which shows the operation example of a communication system. 3 is a flowchart illustrating an operation example of a communication control unit 10. It is explanatory drawing which shows the example of a flow entry. It is a block diagram which shows the outline | summary of the communication terminal by this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is an explanatory diagram showing a configuration example of a communication system to which a communication terminal of the present invention is applied. The communication system illustrated in FIG. 1 includes a communication terminal 1, a server 2, and communication networks 3-1 to 3-3. Note that the numbers and connection relationships of these components shown in FIG. 1 are merely examples, and the present invention is not limited to this configuration. In the following description, the communication terminal 1 and the server 2 may be referred to as a first communication device and a second communication device, respectively.

  The communication terminal 1 can connect and communicate simultaneously with the communication network 3-1 and the communication network 3-2, and communicates with the server 2 via these communication networks and the communication network 3-3 that is another communication network. I do. The communication terminal 1 is, for example, a client terminal that uses the service of the server 2, but may be any communication device that communicates with the server 2.

  The server 2 is a communication partner of the communication terminal 1, and examples thereof include a Web server, a mail server, a video server, and the like. However, the server 2 in the present invention is not limited to these. Moreover, in the following description, the case where the communication partner of the communication terminal 1 is the server 2 will be described as an example, but the present invention is not limited to this configuration. The communication partner of the communication terminal 1 only needs to be a device that can communicate with the communication terminal 1, and the form may be a terminal, a mobile phone, a personal computer, a household appliance, or the like in addition to the server.

  The communication network 3-1 and the communication network 3-2 are connected to the communication terminal 1 and relay communication between the communication terminal 1 and a device connected to the own network or another network. The communication network 3-3 is connected to the server 2 and relays communication between the communication terminal 1 and the server 2.

  The communication networks 3-1 to 3-3 may be wired networks or wireless networks. Examples of the wired network include Ethernet (registered trademark) and a dedicated line. Examples of the wireless network include 3G, LTE, wireless LAN, WiMAX, and PHS (Personal Handy-phone System).

  The communication networks 3-1 to 3-3 may be different types of networks or the same type of networks. For example, one of the communication networks 3-1 and 3-2 may be 3G, and the other may be a wireless LAN.

  FIG. 2 is a block diagram showing an embodiment of a communication terminal according to the present invention. The communication terminal 1 of the present embodiment includes a communication control unit 10, a communication processing unit 20, communication IF (Interface) units 30-1 to 30-2, a source address control unit 40, an internal communication IF unit 50, Communication utilization units 60-1 to 60-m and a protocol stack unit 70 are provided. 2 is an example of a functional block (processing unit or module) of the communication terminal 1, and other configurations may be used as long as the operation of the present embodiment can be realized. The same applies to the configurations illustrated in FIGS. 3 and 4 described later.

  The communication control unit 10 controls communication processing by the communication processing unit 20. As will be described later, the communication control unit 10 controls the processing of the communication processing unit 20 by creating a flow entry (processing rule) based on the control policy. In the present embodiment, a case where the communication control unit 10 is a control unit that controls the communication processing unit 20 inside the communication terminal 1 will be described as an example. However, the communication control unit 10 is outside the communication terminal 1. It may be a control device that controls the communication processing unit 20 via a network or the like. That is, the communication terminal 1 of the present embodiment may be a system composed of a plurality of devices.

  The communication processing unit 20 processes communication (packets) transmitted and received from the communication IF units 30-1 to 30-2 and the internal communication IF unit 50 under the control of the communication control unit 10. As will be described later, the communication processing unit 20 processes the received packet based on the flow entry (processing rule) set from the communication control unit 10.

  The protocol stack unit 70 is a module that processes a communication protocol group. The protocol stack unit 70 processes, for example, a protocol group corresponding to a network layer and a transport layer of an OSI (Open Systems Interconnection) reference model and a TCP / IP (Transmission Control Protocol / Internet Protocol) reference model.

  The protocol stack unit 70 is a protocol stack that processes part or all of the layered communication protocols. The protocol stack unit 70 processes at least a communication protocol of a higher layer than the communication IF units 30-1 to 30-2. The protocol stack unit 70 provides, for example, a communication function using a socket interface to the communication using units 60-1 to 60-m, which are applications (upper layer applications) that perform upper layer communication.

  The protocol stack unit 70 may have a function (for example, a Raw socket) for performing communication by skipping the processing of the network layer and the transport layer described above. The protocol stack unit 70 has a function (bind function) that fixes (limits, binds) communication to be sent and received to a higher layer application to a specific address, port, and communication interface through a socket interface, for example. Also good. This binding function may be operated for each socket. For example, the protocol stack unit 70 may have a function of acquiring an address, a port, and a communication interface used by an upper layer application for communication through a socket interface.

  Communication IF units 30-1 to 30-2 are connected to communication network 3-1 and communication network 3-2, respectively, and transmit and receive packets. The communication IF units 30-1 to 30-2 are physical interfaces compliant with communication protocols (for example, layer 1) of the communication networks 3-1 and 3-2 to be connected.

  The source address control unit 40 controls the source addresses used for communication by the communication using units 60-1 to 60-m so that NAT is not applied to communication in which trouble occurs when NAT is applied. Hereinafter, such control is referred to as source address control. The operation of the source address control unit 40 will be described later.

  The internal communication IF unit 50 is an internal interface for connecting internal functions (processing units) of the communication terminal 1, and is a virtual communication interface that does not involve physical connection with a device outside the communication terminal 1. It is. The internal communication IF unit 50 behaves in the same manner as a general physical communication IF with respect to the communication use units 60-1 to 60-m and the protocol stack unit 70 that perform communication using the internal communication IF unit 50. However, packets transmitted / received by the internal communication IF unit 50 are handled as input / output to / from the communication processing unit 20 without being transmitted / received to / from the physical network.

  The communication using units 60-1 to 60-m are modules that perform communication within the communication terminal 1. The communication using units 60-1 to 60-m are client processing units that access the external server 2 via the communication processing unit 20 and use a service provided by the server 2, for example.

  Examples of the communication using units 60-1 to 60-m include a Web browser, a mail client, a video streaming application, a SNS (Social Network Service) application, and the like. However, the contents of the communication utilization units 60-1 to 60-m in the present invention are not limited to these. In the present embodiment, it is assumed that the internal communication IF unit 50 is used for communication performed by the communication using units 60-1 to 60-m. This communication can be realized by an instruction to the protocol stack unit 70 through the socket interface by the communication using units 60-1 to 60-m, or a preset (for example, a route) to the protocol stack unit 70.

  FIG. 3 is a block diagram illustrating a configuration example of the communication control unit 10. As illustrated in FIG. 3, the communication control unit 10 includes a control processing unit 101 and a control policy storage unit 102.

  The control processing unit 101 uses the information stored in the control policy storage unit 102 to control communication processing by the communication processing unit 20.

  The control processing unit 101 performs control communication (control channel) with a control channel processing unit 201 of the communication processing unit 20 described later. When the control processing unit 101 receives a notification of a packet that needs to be processed (packet notification) from the communication processing unit 20 through the control channel, the control processing unit 101 collates the control policy stored in the control policy storage unit 102 with the packet.

  When the control processing unit 101 succeeds in collating the packet and determines the control policy to be applied, the control processing unit 101 determines a process to be applied to the communication (flow) to which the packet belongs from the control policy. After determining the process to be applied to the communication, the control processing unit 101 generates 0 or 1 or more flow entries (processing rules) representing the determined process, and sets the flow entry in the communication processing unit 20 through the control channel. To do.

  The control policy storage unit 102 stores a list of control policies. The control policy is information used by the control processing unit 101 to determine a process to be applied to the generated communication. The control policy includes at least a traffic condition that specifies communication (traffic, flow) to which the control policy is applied, and processing to be executed when the control policy is applied. The control policy may include priority. In this embodiment, a case where the control policy storage unit 102 is a storage unit inside the communication control unit 10 will be described as an example. However, the control policy storage unit 102 is a storage unit of other parts inside the communication terminal 1. It may be a storage device external to the communication terminal 1.

The traffic conditions of the control policy include the following items, for example. One or more traffic conditions may be included in one control policy, and these conditions may be combined with AND (AND condition) or OR (OR condition). Further, the traffic condition may be complete match or partial match.
-Source IP address-Destination IP address-Protocol type-Source port number-Destination port number-Input interface-Input interface type-QoS (Quality of Service)
-VLAN ID (Virtual Local Area Network Identification)
・ Domain name / Application

The process of the control policy includes the following items, for example. One or a plurality of processes may be included in one control policy.
・ Communicate using the specified IF.
Communicate using any of the designated IF groups (priorities may be set between IFs).
-Communicate using all of the specified IF groups.
Change the specified field in the packet to the specified value.
-Transfer to the specified server or module.
Set the specified flow entry in the communication processing unit 20.
・ Destroy.

  The control policy traffic conditions and processing described above are examples, and the conditions and processing applied to the present invention are not limited to these. The control policy stored in the control policy storage unit 102 may be given in advance, or may be received from a device other than the communication terminal 1 such as a control policy server (not shown).

  FIG. 4 is a block diagram illustrating a configuration example of the communication processing unit 20. As illustrated in FIG. 4, the communication processing unit 20 includes a control channel processing unit 201, a packet processing unit 202, and a flow table storage unit 203.

  The control channel processing unit 201 performs control communication (control channel) with the communication control unit 10. When the control channel processing unit 201 receives a notification of a packet for which no corresponding flow entry exists from the packet processing unit 202, the control channel processing unit 201 notifies the communication control unit 10 of the packet using the control channel (packet notification). The packet notification includes all or part of the packet and information on the communication IF from which the packet was received.

  Further, when the control channel processing unit 201 is instructed to add, change, or delete the flow entry from the communication control unit 10 via the control channel, the control channel processing unit 201 stores the flow entry in the flow table storage unit 203 based on the instructed content. Update the flow table. When the communication control unit 10 is instructed to output a packet via the control channel, the control channel processing unit 201 instructs the packet processing unit 202 to output a packet based on the instructed content.

  The flow table storage unit 203 stores a flow table including processing rules (flow entries). The processing rule (flow entry) is recorded in the flow table storage unit 203 by the control channel processing unit 201. In the present embodiment, a case where the flow table storage unit 203 is a storage unit inside the communication processing unit 20 will be described as an example. However, the flow table storage unit 203 is a storage unit of other parts inside the communication terminal 1. Alternatively, a storage device outside the communication terminal 1 may be used.

  The packet processing unit 202 is connected to other devices and modules (hereinafter collectively referred to as entities) via the communication IF units 30-1 to 30-2 and the internal communication IF unit 50, and the connected entities Send and receive packets.

  When the packet processing unit 202 receives a packet from another device, the packet processing unit 202 searches the flow table stored in the flow table storage unit 203 for a flow entry corresponding to the received packet. When a flow entry corresponding to the received packet is found in the flow table, the packet processing unit 202 performs processing according to the action of the flow entry. On the other hand, when the flow entry corresponding to the received packet is not found in the flow table, the packet processing unit 202 notifies the control channel processing unit 201 that there is no flow entry for the received packet.

  Further, the packet processing unit 202 includes a plurality of ports for communicating with other entities, and each port is connected to a different communication IF unit 30-1 to 30-2 and internal communication IF unit 50. Each port is identified by a port identifier.

Examples of the process performed by the packet processing unit 202 based on the action of the flow entry include the processes exemplified below. Further, the number of processes performed by the packet processing unit 202 is not limited to one, and may be zero (that is, no process is performed) or two or more. Further, the process designated as the action of the flow entry is not limited to the following process.
-Output the packet from the specified port.
Change the destination MAC (Media Access Control) address of the packet to the specified value.
-Change the source MAC address of the packet to the specified value.
-Change the destination IP address of the packet to the specified value.
-Change the source IP address of the packet to the specified value.
-Change the destination port number of the packet to the specified value.
-Change the packet source port number to the specified value.
Add a VLAN (Virtual Local Area Network) tag to the packet.
-Delete the VLAN tag of the packet.
-Change the VLAN tag of the packet.
-Discard the packet.

  As an example, the control channel processing unit 201 and the packet processing unit 202 can be realized by a CPU (Central Processing Unit) of a computer that operates according to a program (communication program). Further, each of the control channel processing unit 201 and the packet processing unit 202 may be realized by dedicated hardware.

  FIG. 5 is a block diagram illustrating a configuration example of the source address control unit 40. As illustrated in FIG. 5, the source address control unit 40 includes a source address control target detection unit 401, a target list storage unit 402, and a source address control processing unit 403.

  The source address control target detection unit 401 detects the occurrence or sign of communication requiring source address control, and instructs the source address control processing unit 403 to start processing of source address control.

  This instruction may include information related to the target communication (identifiers or the like of the communication using units 60-1 to 60-m that perform communication). The source address control target detection unit 401 uses information stored in the target list storage unit 402 to determine whether or not source address control is necessary.

  The target list storage unit 402 stores information for identifying communication targeted for source address control. Information stored in the target list storage unit 402 may be given in advance or may be received from a device other than the communication terminal 1.

  The source address control processing unit 403 determines the source address to be used for the communication so that the NAT is not applied to the communication subject to the source address control, and the configuration of each component set in the protocol stack unit 70 is determined. Change information. The source address control processing unit 403 refers to the control processing unit 101 in order to determine a source address to be used.

  As an example, the source address control target detection unit 401 and the source address control processing unit 403 can be realized by a CPU (Central Processing Unit) of a computer that operates according to a program (communication program). Further, the source address control target detection unit 401 and the source address control processing unit 403 may each be realized by dedicated hardware.

  Hereinafter, the operation of the communication system of the present embodiment will be described by exemplifying a specific communication network configuration. However, the content of this invention is not limited to the aspect of the communication system illustrated below.

  First, it is assumed that the communication network 3-1 is a wireless LAN network, the communication IF unit 30-1 is a wireless LAN interface, and the communication IF unit 30-1 is connected to the communication network 3-1. Further, it is assumed that the communication network 3-2 is a 3G network, the communication IF unit 30-2 is a 3G interface, and the communication IF unit 30-2 is connected to the communication network 3-2.

  FIG. 6 is an explanatory diagram showing a specific example of the configuration of the communication network 3-1 in the present embodiment. As shown in FIG. 6, the communication network 3-1 in this embodiment includes a LAN (Local Area Network) 3-1-1, a wireless LAN base station 3-1-2, and a router 3-1-3. I have.

  The wireless LAN base station 3-1-2 is a wireless LAN base station (access point), and is connected to the communication IF unit 30-1 of the communication terminal 1 by a wireless LAN method. Relay communication with 1-1.

  The router 3-1-3 is a router that relays TCP / IP protocol communication between the LAN 3-1-1 and the communication network 3-3.

  The protocol stack unit 70 in the present embodiment is a TCP / IP stack. In particular, the protocol stack unit 70 in this embodiment processes IP, TCP (Transmission Control Protocol), UDP (User Datagram Protocol), ICMP (Internet Control Message Protocol), and ARP. However, the protocol used in the present invention is not limited to these.

  The protocol stack unit 70 holds an IP address used for each communication interface (the communication IF units 30-1 to 30-2 and the internal communication IF unit 50). This IP address may be given in advance to the protocol stack unit 70, or may be dynamically acquired or updated. The protocol stack unit 70 can also hold a plurality of IP addresses for one communication interface.

  The protocol stack unit 70 holds a routing table that is information for determining a transfer destination of an IP packet to be transmitted. The routing table held by the protocol stack unit 70 includes, for example, a destination IP address, an IP address of an IP packet transfer destination device in which the destination IP address is set, and an identifier of a communication interface used for transfer, or any of them And the recommended source address if the route is used.

  The destination IP address may be a network address and a subnet address. The route table may be given in advance to the protocol stack unit 70, or may be dynamically acquired or updated.

  When the source address of the IP packet to be transmitted has not been determined, the protocol stack unit 70 determines the source address to be used for the IP packet. The source address of the IP packet to be transmitted is, for example, not specified by the transmission requester, or a connection type communication IP packet such as TCP, and the IP packet is a packet before the start of connection establishment processing Undecided.

  For example, when the recommended source address is set in the path used for transmitting the IP packet, the protocol stack unit 70 may use the source address as the source address of the IP packet. When the recommended source address is not set, the protocol stack unit 70 may use the IP address set in the communication IF unit that transmits the IP packet as the source address of the IP packet. When a plurality of IP addresses are set in the communication IF unit that transmits the IP packet, the protocol stack unit 70 matches the destination address of the IP packet most closely among the plurality of IP addresses. May be used for the source address of the IP packet.

  The source address control unit 40 according to the present embodiment detects and controls a source address control target in units of the communication using units 60-1 to 60-m.

  The target list storage unit 402 of this embodiment holds a list of identifiers of the communication using units 60-1 to 60-m to be controlled. For the identifiers of the communication using units 60-1 to 60-m, for example, any of process names, application names, program file names of the communication using units 60-1 to 60-m, or combinations thereof may be used.

  The source address control target detection unit 401 according to the present embodiment treats the start of operation of the control target communication using units 60-1 to 60-m as a sign of communication that requires source address control. That is, the source address control target detection unit 401 starts the source address control process for the source address control processing unit 403 when the communication using units 60-1 to 60-m included in the target list storage unit 402 start operation. Instruct. The source address control target detection unit 401 includes the identifiers of the communication use units 60-1 to 60-m that have started operation in the instruction. For example, the source address control target detection unit 401 has started a process that executes the communication using units 60-1 to 60-m, or the communication using units 60-1 to 60-m have become foreground processes or applications, Alternatively, when these combinations are detected, it may be determined that the communication using units 60-1 to 60-m have started operation.

  The source address control target detection unit 401 uses the system management module (not shown, for example, Operation System (OS)) of the communication terminal 1 to determine that the communication using units 60-1 to 60-m have started operation. ). The source address control target detection unit 401 may acquire this information by polling, or may acquire this information as an event notification from the system management module.

  The source address control processing unit 403 of the present embodiment inquires the communication control unit 10 for information on the communication IF unit 30 to be used by the communication using units 60-1 to 60-m to be controlled. Then, the source address control processing unit 403 determines the IP address set in the obtained communication IF unit 30 as a source address to be used by the communication usage units 60-1 to 60-m to be controlled.

  The source address control processing unit 403 makes the following setting changes to the protocol stack unit 70. The source address control processing unit 403 performs setting to add the determined source address to the internal communication IF unit 50. Further, the source address control processing unit 403 performs setting for changing the recommended address of the default route to the determined source address in the protocol stack unit 70.

  FIG. 7 is an explanatory diagram showing an example of the MAC address and IP address of each device. In this embodiment, it is assumed that the MAC address and IP address illustrated in FIG. 7 are set in each device. In the present embodiment, as shown in FIG. 7, an address is assigned to the communication IF unit 30-1 by DHCP (Dynamic Host Configuration Protocol), and a PPP (Point to Point Protocol) is assigned to the communication IF unit 30-2. To assign an address. For these address settings, a DHCP server (not shown) and a PPP server (not shown) in the communication networks 3-1 to 3-3 are used. Further, it is assumed that the addresses shown in FIG. 7 are set in advance in other communication interfaces and apparatuses.

In the protocol stack unit 70 of the present embodiment, the following route (default route) is set in advance in the route table.
-Destination 0.0.0.0/0
-Transfer destination Internal communication IF unit 50
-Recommended source address 192.168.254.1 (IP address of internal communication IF unit 50)

  FIG. 8 is an explanatory diagram illustrating an example of a list of control policies stored in the control policy storage unit 102. As shown in FIG. 8, the control policy in this embodiment is a rule that associates priority, traffic conditions, and processing to be executed. The traffic condition is a condition for identifying traffic to which the policy is applied. Further, the control policy in the present embodiment includes priority, and it is assumed that a smaller numerical value has higher priority. Here, for convenience of explanation, the priority of the control policy is used as the identifier of the control policy. For example, when referring to the first control policy from the top illustrated in FIG. In the description of this embodiment, the traffic condition is an AND combination (AND condition) unless otherwise specified.

  Based on the specific example shown above, operation | movement of the communication system of this embodiment is demonstrated. Here, a case where only the communication use unit 60-X, which is one of the communication use units 60-1 to 60-m, is stored as a control target in the target list storage unit 402 will be described as an example.

  In the present embodiment, processing for resolving an IP address from a domain name is performed by a general technique such as DNS (Domain Name System), and the description thereof is omitted. In TCP communication, Ack (acknowledgment) transmission and data packet retransmission accompanying data loss usually occur, but their illustration and description are omitted unless otherwise specified.

  First, an operation when one of the communication using units 60-1 to 60-m starts operation will be described. FIG. 9 is a flowchart showing an operation example of the communication system in the present embodiment.

  First, one of the communication using units 60-1 to 60-m starts operation (step S101). This operation may be started, for example, when an application corresponding to the communication using unit 60 is activated by a user operation.

  When the source address control target detection unit 401 detects the start of operation of the communication use unit 60, whether the communication use unit 60 that has detected the operation is included in the list stored in the target list storage unit 402, that is, the source address control It is confirmed whether it is a target (step S102). When the communication using unit 60 that has detected the operation is not the target of source address control (N in step S102), this operation ends.

  On the other hand, when the communication utilization unit 60 that has detected the operation is the target of source address control (Y in step S102), the source address control target detection unit 401 causes the source address control processing unit 403 to start processing of source address control. Instruct. Receiving the processing start instruction, the source address control processing unit 403 determines a communication IF unit to be used by the communication using unit 60 (step S103).

  Specifically, the source address control processing unit 403 inquires of the communication control unit 10 about the communication IF unit 30 to be used by the communication using unit 60, and acquires the result. The operation of the communication control unit 10 at this time will be described with reference to FIG. 11 described later, but is the same as the operation of the control processing unit 101 in the communication control unit 10 when a packet notification is received.

  However, in this case, although the packet is not actually received, the control processing unit 101 performs the collation operation with the control policy on the assumption that the application receives the packet that is the communication using unit 60.

  In the case of this example, since the communication utilization unit 60-X operates as an application, the traffic condition conforms to the control policy 2 illustrated in FIG. Therefore, the communication IF unit 30-1 (wireless LAN) is selected as the communication IF unit 30 to be used by the communication utilization unit 60.

  The source address control processing unit 403 confirms whether there is a communication IF unit 30 to be used by the communication using unit 60 (step S104). If it does not exist (N in step S104), that is, if the communication using unit 60 is not permitted to communicate, this operation ends.

  On the other hand, when the communication IF unit 30 to be used by the communication using unit 60 exists (Y in step S104), the source address control processing unit 403 determines the source address to be used by the communication using unit 60 (step S104). S105). Specifically, the source address control processing unit 403 acquires the IP address set in the communication IF unit 30 to be used by the communication using unit 60 from the protocol stack unit 70, and uses the acquired IP address for the communication use The unit 60 determines the source address to be used.

  The source address control processing unit 403 requests the protocol stack unit 70 to add the IP address determined as the source address to the IP address set in the internal communication IF unit 50 (step S106).

  The source address control processing unit 403 updates the default route so that the determined source address is used by default (step S107). Specifically, the source address control processing unit 403 requests the protocol stack unit 70 to change the recommended source address of the default route to the determined source address.

  When the control policy illustrated in FIG. 12 to be described later is used, when this operation is executed with respect to the communication utilization unit 60-X, the communication utilization unit 60-X stores the list stored in the target list storage unit 402. Since it is included, the following processing is performed.

  First, in step S103, the communication IF unit 30-1 (WLAN IF) is determined as the communication IF unit 30 to be used by the communication using unit 60-X. In step S105, 192.168.1.1 (IP address of the communication IF unit 30-1) is determined as a source address to be used. In step S106, 192.168.1.1 is added to the IP address of the internal communication IF unit 50. In step S107, the recommended source address of the default route is changed to 192.168.1.1.

  Next, an operation when the communication using unit 60 performs HTTP (Hypertext Transfer Protocol) communication with the server 2 will be described. FIG. 10 is a sequence diagram illustrating an operation example of the communication system according to the present embodiment. In FIG. 10, illustration of the communication network 3-3 is omitted.

  FIG. 11 is a flowchart showing an operation example of the communication control unit 10 of the present embodiment. FIG. 12 is an explanatory diagram showing an example of a flow entry used in the description of the operation of the present embodiment. The flow entry illustrated in FIG. 12 indicates that a match condition corresponding to the traffic condition described above is associated with a process (action) performed when the match condition is met.

  First, an operation when the communication using unit 60-X performs HTTP communication with the server 2 will be described. In this communication, processing is expected to be performed according to the control policy 2 illustrated in FIG.

In the description of this operation, it is assumed that the following conditions are satisfied.
-No flow entry is stored in the flow table storage unit 203.
-Regarding the communication utilization unit 60-X, the operation illustrated in FIG. 9 has been executed.

  As illustrated in FIG. 10, first, the communication using unit 60-X issues a request for creating a socket (HTTP socket) used for communication related to HTTP to the protocol stack unit 70, and the protocol stack unit 70 requests the request. (Step S120). Thereafter, the communication using unit 60-X transmits and receives packets through the created HTTP socket.

  Subsequently, since the communication using unit 60-X performs the TCP connection for HTTP before acquiring the HTTP data, a TCP connection request (to the TCP 80 port of 10.0.0.2 which is the IP address of the server 2) CONNECT request) is transmitted (step S121).

  Subsequently, the protocol stack unit 70 receives a TCP connection request, creates a TCP connection establishment packet (TCP SYN packet (TCP connection request packet)), and transmits the packet (step S122).

  Specifically, the protocol stack unit 70 determines to use the default route with reference to the route table, and selects the internal communication IF unit 50 as a transfer destination of the packet. Further, the protocol stack unit 70 refers to the recommended source address of the default route and determines to use 192.168.1.1 as the source address. The source IP address of the packet is set to 192.168.1.1, the destination IP address is set to 10.0.0.2, and the destination port number is set to 80. Further, it is assumed that the transmission source port number of the packet is 10,000.

  Subsequently, the internal communication IF unit 50 receives the packet (TCP connection request packet) and notifies the communication processing unit 20 (step S123).

  Subsequently, the packet processing unit 202 of the communication processing unit 20 receives the packet, refers to the flow table storage unit 203, and checks whether there is a flow entry corresponding to this packet (step S124). At step S124, since the flow table storage unit 203 is empty, no flow entry corresponding to the received packet (TCP connection request packet) is found.

  Since there is no flow entry that matches the received packet, the packet processing unit 202 of the communication processing unit 20 notifies the control channel processing unit 201 of the packet, and the control channel processing unit 201 sends a corresponding packet notification to the communication control unit. 10 (step S125).

  Subsequently, the control processing unit 101 of the communication control unit 10 receives the packet notification and determines processing for the notified packet (TCP connection request packet) (step S126). The operation of the control processing unit 101 is performed according to the flowchart illustrated in FIG.

  Specifically, when information from the control channel processing unit 201 or the source address control processing unit 403 is received, the control processing unit 101 of the communication control unit 10 searches for a control policy corresponding to the received information. At this time, the control processing unit 101 first selects the control policy with the highest priority from among the control policies (step S151 in FIG. 11).

  The control processing unit 101 determines whether the selected control policy matches the received information in the match condition (traffic condition) (step S152). If the selected control policy does not match (N in step S152), the control processing unit 101 checks whether there is an unconfirmed control policy (step S153). If there is no unconfirmed control policy (N in step S153), the process ends. On the other hand, when there is an unconfirmed control policy (Y in step S153), the control processing unit 101 selects a control policy with the next priority (step S154), and repeats the processing after step S152.

  On the other hand, if the selected control policy matches the received information in the matching condition (traffic condition) (Y in step S152), the control processing unit 101 executes processing based on the selected control policy. A flow entry is created (step S155). After creating the flow entry, the control processing unit 101 transmits information indicating the flow entry to the information transmission destination.

  Hereinafter, the process of creating a flow entry in step S155 will be described using a specific example. For example, it is assumed that the designated process is “communication using a designated IF”. In this case, for the packet transmitted by the communication terminal 1, the control processing unit 101 has a flow entry having an action of “output from the designated IF after changing the source IP address to the designated IF IP address”. May be created. Further, in this case, the control processing unit 101 changes the “destination IP address to the original transmission source IP address of the packet transmitted by the communication terminal 1 and then the internal communication IF unit 50 for the packet received by the communication terminal 1. Create a flow entry with the action “Output from”.

  In addition, the control processing unit 101 changes the “source MAC address to the MAC address of the designated IF” before the above-described action “output from the designated IF” of the flow entry for the packet transmitted by the communication terminal 1. And “change the destination MAC address to the MAC address of the default gateway on the LAN to which the designated IF is connected” may be included.

  Further, the control processing unit 101 determines that the “destination MAC address is the MAC address of the internal communication IF unit 50” before the action “output from the internal communication IF unit 50” of the flow entry described above for the packet received by the communication terminal 1 May include the action “Change to”.

  The control processing unit 101 obtains information related to generation of these actions from the protocol stack unit 70, the communication IF units 30-1 to 30-2, the internal communication IF unit 50, and the OS (not shown) of the communication terminal 1. You may get it.

  When a plurality of IFs to be used for communication are designated, the control processing unit 101 checks whether the designated IFs can be used in order from the one with the highest priority. You may create a simple flow entry. The control processing unit 101 may determine whether or not an IF is available based on, for example, whether the IF exists, whether the link is up, whether an IP address is configured, or the like. .

  If the designated process is “discard”, the control processing unit 101 creates a flow entry with an empty action, for example.

  In this example, since the TCP connection request packet conforms to the control policy 2 illustrated in FIG. 8, in step S155 illustrated in FIG. 11, the flow entries illustrated in item numbers 1 and 2 in FIG. 12 are generated. Is done. That is, the control processing unit 101 determines to perform a process for performing communication using the wireless LAN, which is a process set in the control policy 2. Therefore, the control processing unit 101 is a flow entry (item number 1 illustrated in FIG. 12) for transferring the packet received from the internal communication IF unit 50 to the server 2 via the communication IF unit 30-1 (wireless LAN). Create Furthermore, the control processing unit 101 transfers a packet received from the server 2 via the communication IF unit 30-1 (wireless LAN) to the internal communication IF unit 50 (item number 2 illustrated in FIG. 12). ).

  Subsequently, the control processing unit 101 of the communication control unit 10 sets the flow entry generated in step S126 in the communication processing unit 20. In addition, the control processing unit 101 instructs the communication processing unit 20 to apply the processing based on the flow entry to the corresponding TCP connection request packet (step S127 in FIG. 10).

  Subsequently, the control channel processing unit 201 of the communication processing unit 20 stores the notified (set) flow entry (item number 1 and item number 2 illustrated in FIG. 12) in the flow table storage unit 203 (step S128). ).

  Subsequently, the packet processing unit 202 of the communication processing unit 20 processes the packet (TCP connection request packet) based on the flow entry set in step S128 (step S129). Here, since the packet matches the flow entry of item number 1 illustrated in FIG. 12, the packet processing unit 202 executes the action of the flow entry.

  Specifically, the packet processing unit 202 changes the transmission destination MAC address of the packet to 02: 00: 03: 01: 03: 01, and the transmission source MAC address to 02: 00: 00: 00: 01. After changing the source IP address to 192.168.1.1, the packet is output to the communication IF unit 30-1.

  Here, the source IP address changing process is performed. As a result of the control by the source address control unit 40, the source IP address before the change and the source IP address after the change are the same. That is, NAT is not applied to this packet substantially.

  Subsequently, the communication IF unit 30-1 transmits the packet requested for transmission (TCP connection request packet) (step S130). Thereafter, this packet is transferred in the order of the communication network 3-1 and the communication network 3-3 and received by the server 2.

  Subsequently, the server 2 transmits a TCP connection response packet corresponding to the received TCP connection request packet (step S131). At this time, the source IP address of the TCP connection response packet is 10.0.0.2, the source port number is 80, the destination IP address is 192.168.1.1, and the destination port number is 10,000. . This packet is transferred in the order of the communication network 3-3 and the communication network 3-1, and is received by the communication IF unit 30-1.

  Subsequently, the communication IF unit 30-1 transmits the received packet (TCP connection response packet) to the communication processing unit 20 (step S132).

  Subsequently, the packet processing unit 202 of the communication processing unit 20 receives the TCP connection response packet, refers to the flow table storage unit 203, and checks whether there is a flow entry corresponding to this packet (step S133). When the received TCP connection response packet is compared with the condition of the flow entry, the flow entry stored in step S128 is found here (item number illustrated in FIG. 12).

  Subsequently, the packet processing unit 202 of the communication processing unit 20 processes the packet (TCP connection response packet) based on the flow entry found in step S133 (step S134). Since this packet matches the flow entry of item number 2 illustrated in FIG. 12, the packet processing unit 202 executes the action of the flow entry.

  Specifically, the packet processing unit 202 changes the destination MAC address of the packet to 02: 00: 00: 00: 50 and changes the destination IP address to 192.168.1.1, The packet is output to the internal communication IF unit 50.

  Here, the destination IP address changing process is performed. As a result of the control by the source address control unit 40, the destination IP address before the change and the destination IP address after the change are the same. That is, NAT is not applied to this packet substantially.

  Subsequently, the internal communication IF unit 50 receives this packet (TCP connection response packet) and notifies the protocol stack unit 70 (step S135).

  Subsequently, the protocol stack unit 70 performs reception processing of the received packet, and as a result, notifies the communication using unit 60-X of connection completion of the TCP connection through the HTTP socket (step S136).

  Subsequently, the communication using unit 60-X transmits the HTTP request data to the protocol stack unit 70 using the HTTP socket in order to acquire the HTTP data through the TCP connection (connection) in which the connection is completed (Step S137). ).

  Subsequently, the protocol stack unit 70 receives a data transmission request (HTTP request), and creates and transmits a TCP packet including the HTTP request (step S138). The protocol stack unit 70 refers to the routing table and transmits the TCP packet to the internal communication IF unit 50 as in the process of step S122.

  Subsequently, the internal communication IF unit 50 receives the TCP packet (HTTP request) and notifies the communication processing unit 20 (step S139).

  Subsequently, the packet processing unit 202 of the communication processing unit 20 receives the TCP packet, refers to the flow table storage unit 203, and checks whether there is a flow entry corresponding to this packet (step S140). When the received TCP packet (HTTP request) and the condition of the flow entry are compared, the flow entry of item number 1 illustrated in FIG. 12 stored in step S128 is found here.

  Subsequently, the packet processing unit 202 of the communication processing unit 20 processes the TCP packet (HTTP request) based on the flow entry found in step S140 (step S141). Here, since the packet matches the flow entry of item number 1 illustrated in FIG. 12, the packet processing unit 202 executes the action of the flow entry.

  Specifically, the packet processing unit 202 changes the transmission destination MAC address of the packet to 02: 00: 03: 01: 03: 01, and the transmission source MAC address to 02: 00: 00: 00: 01. After changing the source IP address to 192.168.1.1, the packet is output to the communication IF unit 30-1.

  Here, the source IP address changing process is performed. As a result of the control by the source address control unit 40, the source IP address before the change and the source IP address after the change are the same. That is, NAT is not applied to this packet substantially.

  Subsequently, the communication IF unit 30-1 transmits the TCP packet (HTTP request) requested to be transmitted (step S142). Thereafter, this packet is transferred in the order of the communication network 3-1 and the communication network 3-3 and received by the server 2.

  Thereafter, the server 2 transmits a response packet (HTTP response) to the received packet, but the processing is the same as the processing of the TCP connection response packet described in steps S131 to S136, and thus the description thereof is omitted. To do.

  Next, an operation in a case where a communication utilization unit 60 other than the communication utilization unit 60-X (hereinafter referred to as a communication utilization unit 60-Y) performs HTTP communication with the server 2 will be described. In this communication, processing is expected to be performed according to the control policy 3 illustrated in FIG.

In the description of this operation, it is assumed that the following conditions are satisfied.
-No flow entry is stored in the flow table storage unit 203.
-Regarding the communication utilization unit 60-X, the operation described with reference to FIG. 9 has been executed.

  Further, in the description of this operation, reference is made to FIG. 10 showing an operation example when the communication using unit 60-X performs HTTP communication, and it is limited to points different from the case where the communication using unit 60-Y performs HTTP communication. And explain.

  In addition, all the communication utilization parts 60-X described by the description with reference to FIG. 10 shall be read by the communication utilization part 60-Y. Further, it is assumed that the source port number of the transmitted TCP connection request packet is 10001. The processing from step S120 to step S125 performed for the communication using unit 60-Y is the same as the processing performed for the communication using unit 60-X.

  In step S126, when the communication using unit 60 is the communication using unit 60-Y, the TCP connection request packet conforms to the control policy 3 illustrated in FIG. 8, and therefore in step S155 illustrated in FIG. Flow entries exemplified in No. 3 and No. 4 are generated. That is, the control processing unit 101 determines to perform a process of performing communication using 3G that is a process set in the control policy 3. Therefore, the control processing unit 101 provides a flow entry (item number 3 illustrated in FIG. 12) for transferring the packet received from the internal communication IF unit 50 to the server 2 via the communication IF unit 30-2 (3G). create. Furthermore, the control processing unit 101 transfers a packet received from the server 2 via the communication IF unit 30-2 (3G) to the internal communication IF unit 50 (item number 4 illustrated in FIG. 12). Create

  Note that the processing from step S127 to step S128 performed for the communication using unit 60-Y is the same as the processing performed for the communication using unit 60-X.

  In step S129, since the packet (TCP connection request packet) matches the flow entry of item number 3 illustrated in FIG. 12, the packet processing unit 202 of the communication processing unit 20 executes the action of the flow entry.

  Specifically, the packet processing unit 202 changes the source IP address of the packet to 192.168.2.1, and then outputs the packet to the communication IF unit 30-2. Here, the change process of the source IP address is performed, but the communication use unit 60-Y is not included in the list stored in the target list storage unit 402, and NAT is used for communication of the communication use unit 60-Y. Even if it is applied, the communication will not be hindered.

  In steps S130 to S132, the packet requested for transmission (TCP connection request packet) and the TCP connection response packet transmitted by the server 2 are processed by the communication IF unit 30-2 instead of the communication IF unit 30-1, and The communication is performed via the communication network 3-2 instead of the communication network 3-1.

  In step S133, item number 4 illustrated in FIG. 12 is found instead of the flow entry of item number 2 illustrated in FIG.

  In step S134, since the packet (TCP connection response packet) matches the flow entry of item number 4 illustrated in FIG. 12, the packet processing unit 202 of the communication processing unit 20 executes the action of the flow entry.

  Specifically, the packet processing unit 202 changes the destination MAC address of the packet to 02: 00: 00: 00: 50 and changes the destination IP address to 192.168.1.1, The packet is output to the internal communication IF unit 50.

  Here, although the destination IP address changing process is performed, the communication use unit 60-Y is not included in the list stored in the target list storage unit 402, and NAT is used for communication of the communication use unit 60-Y. Even if it is applied, the communication will not be hindered.

  Henceforth, the process from step S135 performed to communication utilization part 60-Y to step S139 is the same as the process performed about communication utilization part 60-X.

  In step S140, item number 3 illustrated in FIG. 12 is found instead of the flow entry of item number 1 illustrated in FIG.

  In step S141, since the packet (TCP connection request packet) matches the flow entry of item number 3 illustrated in FIG. 12, the packet processing unit 202 of the communication processing unit 20 executes the action of the flow entry.

  Specifically, the packet processing unit 202 changes the source IP address of the packet to 192.168.2.1, and then outputs the packet to the communication IF unit 30-2. Here, the change process of the source IP address is performed, but the communication use unit 60-Y is not included in the list stored in the target list storage unit 402, and NAT is used for communication of the communication use unit 60-Y. Even if it is applied, the communication will not be hindered.

  As described above, according to the present embodiment, the communication processing unit 20 uses communication among the plurality of communication IF units 30-1 to 30-2 to transmit and receive packets by the communication using units 60-1 to 60-m. The IF unit is selected, and the source address included in the packet is converted into an address that can be used by the selected communication IF unit. At this time, if the communication processing unit 20 cannot select the communication IF unit or cannot convert the source address to an address usable by the selected communication IF unit, the communication processing unit 20 performs processing. Control to be able to. Therefore, it can be said that the communication control unit 10 and the communication processing unit 20 cooperate to perform these processes.

  In addition, the source address control unit 40 (specifically, the source address control target detection unit 401) detects or predicts the occurrence of communication that is not suitable for address conversion by the communication processing unit 20. Then, the source address control processing unit 403 sets the source address that does not change before and after the address conversion performed on the target communication packet to the target communication packet before the address conversion. Control is performed on the protocol stack unit 70.

  Specifically, the source address control unit 40 (more specifically, the source address control target detection unit 401) generates a source address control target communication (communication in which NAT is not suitable, communication in which address translation is not suitable) or The sign is detected, and source address control is started for the communication at the time of detection.

  When performing source address control, the source address control unit 40 specifies the communication IF unit 30 to be used for the communication with reference to the communication control unit 10, and determines the address set in the specified communication IF unit 30 for internal communication. Additional settings are made in the IF unit 50. At the same time, the source address control unit 40 changes the route setting so that the set address is used as the source address of the communication.

  The communication control unit 10 determines the processing content of the packet received by the communication processing unit 20 and the flow to which the packet belongs according to the control policy, and sets a flow entry (processing rule) corresponding to the communication processing unit 20. This flow entry is created so that appropriate address translation can be applied to the packet so that the packet can be communicated in a network outside the communication terminal 1 (that is, usable in the communication IF).

  At this time, as described above, the source address control unit 40 controls the source address control target communication so that the address of the communication IF unit 30 to be used for communication is used as the source address from the beginning. Yes. Therefore, the address conversion process is not substantially applied to this communication (that is, the addresses before and after conversion are the same).

  Therefore, according to the present embodiment, the communication terminal can perform communication processing for selectively using a plurality of communication interfaces by address conversion, and can also use a plurality of communication interfaces for communication that is not suitable for address conversion.

  In the description of the communication system in the present embodiment, an example in which an action for converting a source or destination address is always included in a flow entry created by the communication control unit 10, but the present invention is not limited to this. Is not to be done. For example, when the address before conversion and the address after conversion are the same, the communication control unit 10 may not include an action for converting the source or destination address in the created flow entry. Thereby, the load of the communication processing unit 20 can be reduced.

  In the description of the communication system in the present embodiment, the target list storage unit 402 holds a list of identifiers of the communication using units 60-1 to 60-m to be controlled, and the source address control target detection unit 401 has a control target communication. Although an example in which the operation start of the utilization units 60-1 to 60-m is treated as a sign of communication that requires source address control has been shown, the present invention is not limited to this.

  For example, the target list storage unit 402 includes information related to communication (for example, transmission destination IP address, transmission source IP address, protocol number, transmission destination port number) in addition to or instead of the identifiers of the communication utilization units 60-1 to 60-m. Or a combination of all or part of the transmission source port numbers). Further, the source address control target detection unit 401 may treat the communication start of the communication using units 60-1 to 60-m as a sign of communication that requires source address control. This is because, for example, the source address control target detection unit 401 hooks or monitors a communication start or connection start request (for example, via the Socket interface) from the communication using units 60-1 to 60-m to the protocol stack unit 70. realizable.

  In the description of the communication system in the present embodiment, an example in which the source address control processing unit 403 performs setting to change the recommended address of the default route to the determined source address as source address control has been described. It is not limited to this.

  For example, instead of updating the default route, the source address control processing unit 403 determines a route addressed to the destination IP address of the communication subject to source address control (the transfer destination is the internal communication IF unit 50, and the recommended source address is determined). Source address) may be added. The source address control processing unit 403 may acquire the transmission destination IP address from the communication information that triggered the source address control, or the control policy used when determining the communication IF unit 30 to be used. May be obtained from the traffic conditions.

  Next, the outline of the present invention will be described. FIG. 13 is a block diagram showing an outline of a communication terminal according to the present invention. The communication terminal according to the present invention selects a plurality of communication interface units 81 (for example, communication IF units 30-1 to 30-2) and a communication interface unit 81 used for packet transmission / reception, and sets a source address included in the packet. The communication control unit 82 (for example, the communication control unit 10 and the communication processing unit 20) that performs control for conversion to an address that can be used by the selected communication interface unit, and target communication (for which address conversion by the communication control unit 82 is not appropriate) For example, a source address (for example, the address of the communication IF unit) that does not change before and after the address conversion for the packet of the target communication by the communication control unit 82 is detected or predicted. Perform control (for example, for protocol stack unit 70) to set the packet of the target communication before conversion Source address control unit 83 (e.g., source address controller 40) and a.

  With such a configuration, when performing address conversion and performing communication using a plurality of communication interfaces, it is possible to operate the communication correctly even for communication that is not suitable for address conversion.

  Further, the source address control unit 83 may set an address usable in the communication interface unit 81 selected by the communication control unit 82 and used for transmission / reception of the target communication packet as a source address in the target communication packet. .

  Also, the source address control unit 83 instructs to set or add an address used by the communication interface unit 81 to a source address used for transmission / reception of the packet of the target communication, and instructs to set a route using the source address. Thus, control may be performed to set a source address that does not change before and after address conversion for the target communication packet in the target communication packet.

  In addition, the source address control unit 83 maintains a list of applications that perform target communication (for example, the communication use unit 60), and detects or predicts the occurrence of target communication by monitoring the operating state of the applications included in the list. May be.

  The communication terminal also relays communication between a control target unit (for example, protocol stack unit 70) controlled by the source address control unit 83 and a communication control unit 82 (for example, communication processing unit 20). An interface unit (for example, the internal communication IF unit 50) may be provided. Then, the source address control unit 83 may perform control for the control target unit to set the address of the internal communication interface unit to the address of the communication interface unit used for transmission / reception of the packet of the target communication.

DESCRIPTION OF SYMBOLS 1 Communication terminal 2 Server 3-1 to 3-3 Communication network 10 Communication control part 20 Communication processing part 30-1 to 30-2 Communication IF part 40 Source address control part 50 Internal communication IF part 60-1 to m Communication utilization part 70 Protocol Stack Unit 101 Control Processing Unit 102 Control Policy Storage Unit 201 Control Channel Processing Unit 202 Packet Processing Unit 203 Flow Table Storage Unit 401 Source Address Control Target Detection Unit 402 Target List Storage Unit 403 Source Address Control Processing Unit

Claims (9)

A plurality of communication interface units;
A communication control unit that selects the communication interface unit to be used for packet transmission and reception, and performs control to convert the source address included in the packet into an address that can be used by the selected communication interface unit;
Detect or predict the occurrence of target communication that is not suitable for address conversion by the communication control unit, the source address that does not change before and after address conversion for the packet of the target communication by the communication control unit before the conversion of the address And a source address control unit that performs control for setting the packet in the target communication. 2. The communication terminal according to claim 1, wherein the source address control unit causes the packet of the target communication to be set as an address that can be used by the communication interface unit selected by the communication control unit and used for transmission / reception of the packet of the target communication. The source address control unit instructs to set or add the address used by the communication interface unit to the source address used for transmission / reception of the packet of the target communication, and instructs the route setting using the source address, The communication terminal according to claim 1, wherein control is performed to set a source address that does not change before and after address conversion for a packet of the target communication in the packet of the target communication. The source address control unit holds a list of applications that perform target communication, and detects or predicts the occurrence of target communication by monitoring the operating state of the applications included in the list. The communication terminal according to any one of the above. A control target unit controlled by the source address control unit and an internal communication interface unit that relays communication between the communication control unit,
The source address control unit controls the control target unit to set the address of the internal communication interface unit to the address of the communication interface unit used for transmission / reception of a packet of the target communication. 4. The communication terminal according to claim 1. Select the communication interface part to be used for packet transmission / reception from the multiple communication interface parts.
Performs control to convert the source address included in the packet into an address usable in the selected communication interface unit,
Detecting or predicting the occurrence of target communications for which the address conversion is not suitable,
A control method for performing control to set a source address that does not change before and after address conversion for the target communication packet in the target communication packet before the address conversion. The communication method according to claim 6, wherein an address usable in the selected communication interface unit is set as a source address in a packet of target communication. On the computer,
Communication control for selecting a communication interface unit to be used for packet transmission / reception from a plurality of communication interface units and converting a source address included in the packet into an address usable by the selected communication interface unit Processing and
Detect or predict the occurrence of target communication that is not suitable for address conversion in the communication control process, and change the source address that does not change before and after the address conversion for the target communication packet in the communication control process before the address conversion. A communication program for causing a source address control process to perform control to be set in a packet of the target communication. The communication program according to claim 8, wherein in the source address control process, an address that can be used in the selected communication interface unit is set as a source address in a packet of target communication.

Images