WO2017177692A1 - 一种基于dns机制的无线接入方法及无线接入设备 - Google Patents
一种基于dns机制的无线接入方法及无线接入设备 Download PDFInfo
- Publication number
- WO2017177692A1 WO2017177692A1 PCT/CN2016/108171 CN2016108171W WO2017177692A1 WO 2017177692 A1 WO2017177692 A1 WO 2017177692A1 CN 2016108171 W CN2016108171 W CN 2016108171W WO 2017177692 A1 WO2017177692 A1 WO 2017177692A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- dns
- packet
- dns response
- message
- dns request
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 230000007246 mechanism Effects 0.000 title claims abstract description 27
- 230000004044 response Effects 0.000 claims abstract description 231
- 230000002159 abnormal effect Effects 0.000 claims abstract description 19
- 238000012790 confirmation Methods 0.000 claims description 26
- 238000001514 detection method Methods 0.000 claims description 9
- 230000005856 abnormality Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010276 construction Methods 0.000 description 4
- 238000012546 transfer Methods 0.000 description 3
- 238000002592 echocardiography Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5076—Update or notification mechanisms, e.g. DynDNS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/164—Adaptation or special uses of UDP protocol
Definitions
- the present invention relates to the field of wireless access technologies, and in particular, to a wireless access method based on a DNS mechanism and a wireless access device.
- Step 1 The unauthenticated user terminal resolves the destination IP (Internet Protocol) address corresponding to the accessed domain name by using a DNS (Domain Name System) mechanism;
- IP Internet Protocol
- DNS Domain Name System
- Step 2 The unauthenticated user terminal and the destination IP address perform a TCP (Transmission Control Protocol) three-way handshake. After the three-way handshake succeeds, a TCP connection is established.
- TCP Transmission Control Protocol
- Step 3 The unauthenticated user terminal sends an HTTP GET message to the destination IP address, and the AP intercepts and uses the IP address of the Portal server to send a redirect message to the user terminal.
- HTTP HyperText Transfer Protocol
- GET It is the most common type of request for HTTP.
- Step 4 After receiving the redirect packet sent by the AP, the unauthenticated user terminal performs a TCP three-way handshake with the Portal server and establishes a connection.
- Step 5 Repeat step 2: If the destination IP address is a Portal server, the AP will directly release the packet.
- Step 6 When the Portal server receives the http request (Hypertext Transfer Protocol Request) message in step 5, it responds with an http response (hypertext transfer protocol response).
- http request Hypertext Transfer Protocol Request
- http response hypertext transfer protocol response
- Step 7 The unauthenticated user terminal receives the http response and performs the corresponding authentication action.
- Step 8 The AP adds the user terminal to the authentication list.
- the DNS resolution process in step 1 can be correctly completed, which determines whether the entire Portal authentication function can be successfully implemented, and sometimes occurs in the existing network usage: DNS cannot be correctly parsed (mistaken input does not exist) The domain name or DNS server is unreachable, etc.), or the DNS resolution response timed out (due to network congestion).
- the existing network environment is unpredictable.
- the portal authentication cannot be performed, and the user terminal cannot access the Internet normally, which will seriously affect the user experience.
- the present invention provides a wireless access method based on a DNS mechanism, and the method includes:
- the wireless access device confirms that the DNS response packet parsing is abnormal or the DNS response times out;
- the method further includes:
- the acknowledgment that the DNS response packet is parsed abnormally includes:
- the confirming the DNS response timeout includes:
- the DNS response timeout is confirmed.
- the message information of the request message includes: portal IP address information, user datagram protocol header information, IP header information, and Ethernet header information.
- the constructing the DNS response packet according to the packet information of the DNS request packet includes:
- the Ethernet header information is filled into an Ethernet header of the DNS response message.
- the DNS response message that is configured is sent to the user terminal according to the ingress port information
- the packet information of the DNS request packet further includes: ingress port information.
- the invention also provides a wireless access device based on a DNS mechanism, the device comprising:
- the confirmation module is configured to confirm that the DNS response message parsing is abnormal or the DNS response times out;
- the sending module is configured to send the configured DNS response message to the user terminal, so that the user terminal performs access authentication according to the DNS response message.
- the device further includes:
- a receiving module configured to receive a DNS request packet sent by the user terminal, before confirming that the DNS response packet parsing is abnormal or the DNS response times out;
- a traversal module for traversing a cache list of DNS request messages
- a determining module configured to determine whether the DNS request packet is cached in a cache list of the DNS request packet
- an update module configured to: when the determining module determines that the DNS request packet is cached in the cache request packet, update the DNS request packet and the time domain in the cache list of the DNS request packet ;
- a copying module configured to: when the determining module determines that the DNS request packet is not cached in the cached list of the DNS request packet, copying the DNS request packet to a cache list of the DNS request packet .
- the confirmation module includes:
- a receiving submodule configured to receive the DNS response packet addressed to the user terminal
- a first confirmation submodule configured to confirm that a DNS request packet corresponding to the DNS response packet is cached in a cache list of the DNS request packet
- a parsing submodule configured to parse the DNS response message
- the second confirmation submodule is configured to confirm that the DNS response packet parsing is abnormal when the parsing submodule fails to parse.
- confirmation module further includes:
- a detection submodule configured to periodically detect a cache list of the DNS request message
- the third confirmation submodule is configured to confirm that the DNS response times out if no DNS response message is received within a predetermined time.
- the constructing module is specifically configured to enter, according to the packet information of the DNS request packet Constructing the DNS response message;
- the message information of the request message includes: portal IP address information, user datagram protocol header information, IP header information, and Ethernet header information.
- the constructing module includes:
- a first padding submodule configured to fill the portal IP address information into a packet header of the DNS response packet
- a second padding submodule configured to fill the user datagram protocol header information into a user datagram protocol header of the DNS response packet
- a third padding submodule configured to fill the IP header information into an IP header of the DNS response packet
- a fourth padding submodule configured to fill the Ethernet header information into an Ethernet header of the DNS response message.
- the sending module is specifically configured to send the configured DNS response message to the user terminal according to the ingress port information
- the packet information of the DNS request packet further includes: ingress port information.
- the wireless access device When the wireless access device confirms that the DNS response message parsing is abnormal or the DNS response times out; the DNS response message is configured; the constructed DNS response message is sent to the user terminal, so that the user terminal according to the DNS response packets are authenticated. In this way, even if the user terminal incorrectly inputs the domain name that does not exist or the DNS server is unreachable when the existing network is used, and the DNS resolution fails or the DNS response times out, the Portal authentication can be successfully completed.
- FIG. 1 is a flowchart of an embodiment of a wireless access method based on a DNS mechanism according to the present invention
- FIG. 2 is a flowchart of another embodiment of a wireless access method based on a DNS mechanism according to the present invention
- FIG. 3 is a flowchart of an embodiment of a method for parsing an abnormality of a DNS response message in a wireless access method based on a DNS mechanism according to the present invention
- FIG. 4 is a flowchart of an embodiment of a DNS response timeout method in a wireless access method based on a DNS mechanism according to the present invention
- FIG. 5 is a flowchart of another embodiment of a method for constructing a DNS response packet in a wireless access method based on a DNS mechanism according to the present invention
- FIG. 6 is a flowchart of an embodiment of a method for processing a DNS request message after receiving a DNS request message by a wireless access device according to the present invention
- FIG. 7 is a flowchart of an embodiment of a method for processing a DNS response timeout in a practical application of a wireless access method based on a DNS mechanism according to the present invention
- FIG. 8 is a flowchart of an embodiment of a method for processing a DNS response packet parsing exception according to a DNS mechanism of a wireless access method according to the present invention
- FIG. 9 is a flowchart of an embodiment of a method for constructing a DNS response message in a practical application of a wireless access method based on a DNS mechanism according to the present invention.
- FIG. 10 is a structural diagram of an embodiment of a wireless access device based on a DNS mechanism according to the present invention.
- FIG. 11 is a structural diagram of another embodiment of a wireless access device based on a DNS mechanism according to the present invention.
- FIG. 12 is a structural diagram of an embodiment of a confirmation module in a wireless access device based on a DNS mechanism according to the present invention
- FIG. 13 is a structural diagram of another embodiment of a confirmation module in a wireless access device based on a DNS mechanism according to the present invention.
- FIG. 14 is a structural diagram of an embodiment of a construction module in a wireless access device based on a DNS mechanism according to the present invention.
- the technical solution of the present invention is: when the wireless access device confirms that the DNS response message is parsed abnormally or the DNS response times out; the DNS response message is configured; the constructed DNS response message is sent to the user terminal, and the user terminal is Performing access authentication according to the DNS response message.
- FIG. 1 is a flowchart of an embodiment of a wireless access method based on a DNS mechanism according to the present invention. The specific process is as follows:
- Step S101 the wireless access device confirms that the DNS response message is parsed abnormally or the DNS response times out;
- the wireless access device confirms that the DNS (Domain Name System) response message parsing abnormality refers to the incorrect input of the domain name that does not exist or the DNS server is unreachable;
- DNS Domain Name System
- the DNS response timeout refers to the DNS response timeout caused by network congestion.
- Step S102 constructing the DNS response message
- the wireless access device constructs the DNS response message according to the packet information of the DNS request message, that is, the wireless access device actively constructs the DNS response message, so that even if the user mistakenly inputs the non-existent domain name or the current If the DNS resolution of the DNS server is unreachable, the DNS response fails due to network congestion, and the user terminal can successfully complete Portal authentication.
- the message information of the request message includes: portal IP address information, user datagram protocol header information, IP header information, and Ethernet header information.
- Step S103 Send the configured DNS response message to the user terminal, so that the user terminal performs access authentication according to the DNS response message.
- the wireless access device sends the configured DNS response message to the corresponding user terminal according to the user terminal information of the DNS request message of the user terminal, and according to the ingress port information;
- the user terminal After receiving the DNS response packet of the wireless access device, the user terminal performs access authentication.
- the wireless access device adds the user terminal to the authentication list.
- the packet information of the DNS request packet further includes: ingress port information.
- step S101 The further processing before the radio access device confirms that the DNS response message parsing is abnormal or the DNS response times out in step S101 is as shown in FIG. 2, and the specific steps are as follows:
- Step S201 Receive a DNS request packet sent by the user terminal.
- the wireless access device receives the DNS request packet sent by the user terminal.
- Step S202 traversing a cache list of DNS request messages
- the cache list of the DNS request message is a list of DNS request messages pre-cached in the scratchpad.
- Step S203 determining whether the DNS request message is cached in the cache list of the DNS request message
- Step S204 updating a DNS request message and a time domain in the cache list of the DNS request message
- the wireless access device updates the cached DNS request message and the time domain update in the cache request list of the DNS request message by: updating the cache time of the DNS request message to the current time, and updating the time domain.
- a new time domain set for the wireless access device wherein the time domain is the traversal time period, that is, the traversal time; the new time domain is to set a new traversal time period, that is, a new traversal time.
- Step S205 Copy the DNS request packet to a cache list of the DNS request packet.
- the DNS request message is directly copied to the cache list of the DNS request message because the DNS request message is not cached in the DNS request message.
- the method for confirming the abnormality of the DNS response packet in the wireless access device in step S101 is as shown in FIG. 3, and the specific steps are as follows:
- Step S301 Receive the DNS response message addressed to the user terminal.
- the wireless access device receives the DNS response message sent by the DNS server to the user terminal.
- Step S302 traversing a cache list of the DNS request message
- the wireless access device traverses the cache list of the cached DNS request packets, and the cached list of the DNS request messages is as shown in step S202.
- Step S303 confirming that a DNS request message corresponding to the DNS response message is cached in the cache list of the DNS request message
- the DNS response message traverses the corresponding DNS request message in the cached list of the DNS request message, where at least the user terminal information and the DNS request message of the DNS response message are satisfied.
- the user terminal information is the same, and the packet information of the DNS request message echoes the message information of the DNS response message.
- Step S304 parsing the DNS response message
- the DNS response message may be confirmed as a response to the DNS request message.
- Step S305 When the DNS response packet parsing fails, it is confirmed that the DNS response packet parsing is abnormal.
- the DNS response message parsing is abnormal when the user fails to input the non-existent domain name or the DNS server is unreachable and the DNS server fails to resolve the DNS response packet.
- step S101 The method for the wireless access device to confirm the DNS response timeout in step S101 is as shown in FIG. 3, and the specific steps are as follows:
- Step S401 periodically detecting a cache list of the DNS request message
- the preset detection period is configured to periodically detect the cache list of the DNS request message by detecting a cache list of the DNS request message according to a preset detection period.
- Step S402 if the DNS response message is not received within the predetermined time, it is confirmed that the DNS response times out.
- the DNS response is confirmed to be timed out by determining whether the DNS response message is received within the preset time of the timer.
- step S102 The specific method for constructing the DNS response packet in step S102 is as shown in FIG. 5, and the specific steps are as follows:
- Step S501 filling the portal IP address information into a packet header of the DNS response packet
- the portal is a portal website
- the packet information of the DNS response packet includes a packet header
- the portal IP address information in the packet information of the DNS request packet is written into the header of the DNS response packet. That is, the portal IP address information in the message information of the DNS request message is used as the DNS.
- the header of the response message is used as the DNS.
- Step S502 filling the user datagram protocol header information into a user datagram protocol header of the DNS response packet
- the message information of the DNS response message further includes user datagram protocol header (UDP) information, and the user datagram protocol header information in the packet information of the DNS request message is written into the user datagram of the DNS response message.
- UDP user datagram protocol header
- the protocol header that is, the user datagram protocol header information in the packet information of the DNS request message is used as the user datagram protocol header information of the DNS response message.
- Step S503 filling the IP header information into an IP header of the DNS response packet
- the packet information of the DNS response packet further includes an IP header information
- the IP header information in the packet information of the DNS request packet is written into the IP header of the DNS response packet, that is, the DNS request packet is received.
- the IP header information in the message information is used as the IP header information of the DNS response message.
- Step S504 filling the Ethernet header information into an Ethernet header of the DNS response message.
- the packet information of the DNS response packet further includes an Ethernet header information
- the Ethernet header information in the packet information of the DNS request packet is written into the Ethernet header of the DNS response packet, that is, the DNS request is sent.
- the Ethernet header information in the packet information of the packet serves as the Ethernet header information of the DNS response packet.
- FIG. 6 is a flowchart of an embodiment of a method for processing a DNS request message after receiving a DNS request message by a wireless access method according to the present invention. The specific steps are as follows:
- Step S601 receiving a DNS request message of the user terminal
- the wireless access device receives the DNS request message of the user terminal.
- Step S602 traversing a cache list of DNS request messages
- the cache list of the temporarily stored DNS request messages in the scratchpad is traversed.
- Step S603 it is determined whether a DNS request message with the same DNS request message sent by the user terminal is cached in the cache list of the DNS request message, if yes, proceed to step S604, otherwise, go to step S605;
- Step S604 updating a DNS request message and a time domain in a cache list of the DNS request message
- the cached DNS request message in the cache list of the DNS request message is timed.
- the inter-domain update means that the cache time of the DNS request message is updated to the current time, and the time domain is updated to the new time domain set by the wireless access device.
- Step S605 the DNS request message is copied to the cache list of the DNS request message, and proceeds to step S606;
- the DNS request message is directly copied to the cache list of the DNS request message because the DNS request message is not cached in the DNS request message.
- Step S606 determining whether the cache list traversal of the DNS request message is completed within a predetermined time, if yes, proceeding to step S607, otherwise, proceeding to step S608;
- the predetermined time is a time period, and when the end of the time period of the predetermined time comes, the traversal of the cache list of the DNS request message is ended; when the end of the time period of the predetermined time does not come, the traversal is continued.
- a cached list of DNS request messages it is determined according to the predetermined time that the predetermined time is a time period, and when the end of the time period of the predetermined time comes, the traversal of the cache list of the DNS request message is ended; when the end of the time period of the predetermined time does not come, the traversal is continued.
- Step S607 setting the next effective time of the timer, and ending the process.
- setting the next effective time of the timer is setting a predetermined time for the next traversal.
- FIG. 7 is a flowchart of an embodiment of a method for processing a DNS response timeout in a practical application of a wireless access method based on a DNS mechanism according to the present invention. The specific steps are as follows:
- Step S701 the timer is set for a predetermined time
- the timer is set to a predetermined time to set a predetermined time of traversal.
- Step S702 traversing a cache list of DNS request messages
- the cache list of the DNS request message is started.
- Step S703 it is determined whether the DNS response is timed out, if yes, proceeds to step S704, otherwise proceeds to step S705;
- Step S704 constructing a DNS response message, and sending the constructed DNS response message to the user terminal for processing;
- the wireless access device receives the packet of the DNS request packet sent by the user terminal according to the received message.
- the information constructs a DNS response message.
- Step S705 determining whether to end the traversal of the DNS request message within a predetermined time, and if so, proceeding to step S706, otherwise, returning to step S703;
- the buffer list of the DNS request message is traversed. Otherwise, when the end of the time period of the predetermined time does not come, the cache list of the DNS request message is traversed.
- Step S706 setting the next effective time of the timer, and ending the process.
- setting the next effective time of the timer is setting a predetermined time for the next traversal.
- FIG. 8 is a flowchart of an embodiment of a method for processing a DNS response packet parsing exception in a wireless access method based on the DNS mechanism of the present invention, and the specific steps are as follows:
- Step S801 Receive a DNS response message addressed to the user terminal.
- the wireless access device receives the DNS response message sent by the DNS server to the user terminal.
- Step S802 traversing a cache list of DNS request messages
- the cache list of the temporarily stored DNS request messages in the scratchpad is traversed.
- Step S803 determining whether a DNS request message with the same DNS request message sent by the user terminal is cached in the cache list of the DNS request message, if yes, proceeding to step S805, otherwise, proceeding to step S804;
- Step S804 returning NF_ACCEPT (continue to normally transmit the data packet);
- returning NF_ACCEPT is to return a DNS response message that continues to be transmitted normally.
- Step S805 determining whether the DNS response message is parsed successfully? If successful, proceed to step S807;
- Step S806 constructing a DNS response message, and sending the message to the user terminal for processing;
- Step S807 releasing the cached DNS request message, and deleting the cache entry, returning to step S804;
- step S808 NF_STOLEN is returned (the data packet is forgotten).
- returning NF_STOLEN is to return the forgotten received DNS response message.
- FIG. 9 is a flowchart of an embodiment of a method for constructing a DNS response message in a practical application of a wireless access method based on a DNS mechanism according to the present invention. The specific steps are as follows:
- Step S901 constructing according to the packet information of the DNS request message
- Step S902 filling a packet header of the DNS response packet according to the Portal IP address
- Step S903 filling the UDP header of the DNS response packet according to the UDP header of the DNS request packet;
- Step S904 filling an IP header of the DNS response packet according to the IP header of the DNS request packet;
- Step S905 Fill the Ethernet header of the DNS response message according to the Ethernet header of the DNS request message.
- FIG. 10 is a structural diagram of an embodiment of a wireless access device based on a DNS mechanism, where the wireless access device 1000 includes a confirmation module 1001, a construction module 1002, and a transmission module 1003.
- the confirmation module 1001 is configured to confirm that the DNS response message parsing is abnormal or the DNS response times out.
- the wireless access device (AP) 1000 confirms that the DNS (Domain Name System) response packet parsing abnormality refers to the incorrect input of the domain name that does not exist or the DNS server is unreachable;
- DNS Domain Name System
- the DNS response timeout refers to the DNS response timeout caused by network congestion.
- the constructing module 1002 is configured to construct the DNS response message
- the constructing module 1002 constructs the DNS response message according to the message information of the DNS request message, that is, the constructing module 1002 actively constructs the DNS response message, so that even if the user mistakenly inputs the non-existent domain name or the existing network If the DNS resolution fails due to the unreachable DNS server, or the DNS response times out due to network congestion, the user terminal can successfully complete Portal authentication.
- the message information of the request message includes: portal IP address information, user datagram protocol header information, IP header information, and Ethernet header information.
- the sending module 1003 is configured to send the configured DNS response message to the user terminal, so that the user terminal performs access authentication according to the DNS response message.
- the sending module 1003 sends the configured DNS response message to the corresponding user terminal according to the user terminal information of the DNS request message of the user terminal, and according to the ingress port information;
- the user terminal After receiving the DNS response packet, the user terminal performs access authentication.
- the wireless access device 1000 adds the user terminal to the authentication list.
- the packet information of the DNS request packet further includes: ingress port information.
- FIG. 11 is a structural diagram of another embodiment of a wireless access device based on a DNS mechanism, where the wireless access device 1000 includes a confirmation module 1001, a construction module 1002, a transmission module 1003, a receiving module 1004, a traversal module 1005, and a determination.
- the module 1006, the update module 1007, and the copy module 1008, wherein the confirmation module 1001, the construction module 1002, and the transmission module 1003 are specifically as shown in FIG.
- the receiving module 1004 is configured to receive a DNS request packet sent by the user terminal before confirming that the DNS response packet parsing abnormality or the DNS response timeout occurs;
- the receiving module 1004 receives the DNS request packet sent by the user terminal.
- a traversing module 1005, configured to traverse a cache list of DNS request messages
- the cache list of the DNS request message is a list of DNS request messages pre-cached in the scratchpad.
- the determining module 1006 is configured to determine whether the DNS request packet is cached in the cached list of the DNS request packet.
- the cache request list of the DNS request message is not cached. The DNS request message.
- the update module 1007 is configured to: when the determining module 1006 determines that the DNS request packet is cached in the cache request packet, update the DNS request packet and the time domain in the cache list of the DNS request packet. ;
- the update module 1007 updates the cached DNS request message and the time domain update in the cache request list of the DNS request message by updating the cache time of the DNS request message to the current time, and updating the time domain to The new time domain set by the wireless access device; wherein the time domain is the traversal time period, that is, the traversal time; the new time domain is to set a new traversal time period, that is, a new traversal time.
- the copying module 1008 is configured to: when the determining module 1006 determines that the DNS request message is not cached in the cached list of the DNS request message, copy the DNS request message to the DNS request The message is cached in the list.
- the DNS request message is directly copied into the cache list of the DNS request message because the DNS request message is not cached in the DNS request message.
- the structure of the confirmation module 1001 is as shown in FIG. 12, and the confirmation module 1001 includes a receiving submodule 10011, a traversing submodule 10012, a first confirming submodule 10013, a parsing submodule 10014, and a second confirming submodule 10015.
- the receiving submodule 10011 is configured to receive the DNS response packet sent to the user terminal.
- the receiving submodule 10011 receives the DNS response message sent by the DNS server to the user terminal.
- a traversing sub-module 10012 configured to traverse a cache list of the DNS request message
- the traversal sub-module 10012 traverses the cache list of the cached DNS request messages, and the cache list of the DNS request messages is traversed by the module 1005.
- the first confirmation sub-module 10013 is configured to confirm that a DNS request message corresponding to the DNS response message is cached in a cache list of the DNS request message;
- the DNS response message traverses the corresponding DNS request message in the cached list of the DNS request message, where at least the user terminal information that satisfies the DNS response message is the same as the user terminal information of the DNS request message, and the DNS request message
- the message information of the text echoes the message information of the DNS response message.
- a parsing sub-module 10014 configured to parse the DNS response message
- the DNS response message may be confirmed as a response to the DNS request message.
- the second confirmation sub-module 10015 is configured to confirm that the DNS response message parsing is abnormal when the parsing sub-module 10014 fails to parse.
- the DNS response message parsing is abnormal when the user fails to input the non-existent domain name or the DNS server is unreachable and the DNS server fails to resolve the DNS response packet.
- the structure of the confirmation module 1001 is also as shown in FIG. 13, and the confirmation module 1001 includes a detection submodule 10016 and a third confirmation submodule 10017.
- the detecting sub-module 10016 is configured to periodically detect a cache list of the DNS request message
- the preset detection period is configured to periodically detect the cache list of the DNS request message by detecting a cache list of the DNS request message according to a preset detection period.
- the third confirmation sub-module 10017 is configured to confirm that the DNS response times out if the DNS response message is not received within a predetermined time.
- the DNS response is confirmed to be timed out by determining whether the DNS response message is received within the preset time of the timer.
- the structure of the structure module 1002 is as shown in FIG. 14.
- the structure module 1002 includes a first padding submodule 10021, a second padding submodule 10022, a third padding submodule 10023, and a fourth padding submodule 10024.
- a first padding sub-module 10021 configured to fill the portal IP address information into a packet header of the DNS response packet
- the portal is a portal website
- the packet information of the DNS response packet includes a packet header
- the portal IP address information in the packet information of the DNS request packet is written into the header of the DNS response packet. That is, the portal IP address information in the message information of the DNS request message is used as the header of the DNS response message.
- a second padding sub-module 10022 configured to fill the user datagram protocol header information into a user datagram protocol header of the DNS response packet
- the message information of the DNS response message further includes user datagram protocol header (UDP) information, and the user datagram protocol header information in the packet information of the DNS request message is written into the user datagram of the DNS response message.
- UDP user datagram protocol header
- the protocol header that is, the user datagram protocol header information in the packet information of the DNS request message is used as the user datagram protocol header information of the DNS response message.
- a third padding sub-module 10023 configured to fill the IP header information into an IP header of the DNS response packet
- the packet information of the DNS response packet further includes IP header information
- the DNS request packet is The IP header information in the packet information is written into the IP header of the DNS response packet, that is, the IP header information in the packet information of the DNS request packet is used as the IP header information of the DNS response packet.
- the fourth padding sub-module 10024 is configured to fill the Ethernet header information into an Ethernet header of the DNS response message.
- the packet information of the DNS response packet further includes an Ethernet header information
- the Ethernet header information in the packet information of the DNS request packet is written into the Ethernet header of the DNS response packet, that is, the DNS request is sent.
- the Ethernet header information in the packet information of the packet serves as the Ethernet header information of the DNS response packet.
- the functional modules of the wireless access device 1000 may be software modules or functional modules combined with software and hardware, which may be implemented by a processor to implement the functions as described above.
- the wireless access device 1000 can also have other functional modules to implement the specific steps of the portal authentication in the case that the DNS resolution fails or the DNS response times out. For details, refer to the corresponding description of the foregoing method embodiments.
- the processor executes, and when the aforementioned program is executed, the processor can execute all or part of the steps including the above method embodiments.
- the processor may be implemented as one or more processor chips, or may be part of one or more application specific integrated circuits (ASICs); and the foregoing storage medium may include but not be limited to the following types. Storage medium: Flash memory, Read-Only Memory (ROM), Random Access Memory (RAM), removable hard disk, disk or optical disk, and other media that can store program code.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明提出了一种基于DNS机制的无线接入方法,所述方法包括:无线接入设备确认DNS应答报文解析异常或DNS应答超时时;构造所述DNS应答报文;将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。如此,即使在用户终端误输入不存在的域名或者现有网络使用时DNS服务器不可达,从而造成的DNS解析失败或者DNS应答超时的情况下,都能够顺利完成Portal认证。
Description
本申请要求2016年04月12日提交的申请号为:201610224931.9、发明名称为“一种基于DNS机制的无线接入方法及无线接入设备”的中国专利申请的优先权,其全部内容合并在此。
本发明涉及无线接入技术领域,更具体地,涉及一种基于DNS机制的无线接入方法及无线接入设备。
平时上网时,用户比较习惯通过输入一个域名的方式来访问网页,而在企业级的AP(无线接入设备)中,多会采用Portal(接入)方式,为商家或企业用户提供推送广告及认证上网等服务,其Portal认证流程如下:
步骤一,未认证的用户终端通过DNS(Domain Name System,域名系统)机制解析得到所访问的域名对应的目的IP(Internet Protocol,网络协议)地址;
步骤二,未认证的用户终端和目的IP地址进行TCP(Transmission Control Protocol,传输控制协议)三次握手,三次握手成功后,建立TCP连接;
步骤三,未认证的用户终端向目的IP地址发送HTTP GET报文,AP截取并用Portal服务器的IP地址给用户终端发送重定向报文;其中,HTTP(HyperText Transfer Protocol,超文本传输协议);GET是HTTP最常见的一种请求方式,当用户终端要从服务器中读取文档时,点击网页上的链接或者通过在浏览器的地址栏输入网址来浏览网页。
步骤四,未认证的用户终端收到AP发送的重定向报文之后,会和Portal服务器进行TCP三次握手并建立连接;
步骤五,重复步骤二,若目的IP地址是Portal服务器,则AP会对此报文直接放行;
步骤六,Portal服务器收到步骤五中的http request(超文本传输协议请求)报文时,回复http response(超文本传输协议响应)。
步骤七,未认证的用户终端收到http response,进行相应认证动作。
步骤八,AP将该用户终端添加到认证名单中。
综上所述,步骤一中的DNS解析过程能否正确的完成,决定了整个Portal认证功能是否能够顺利实现,而在现有网络使用中有时候会出现:DNS不能正确解析(误输入不存在的域名或者DNS服务器不可达等等),或者DNS解析应答超时(因网络拥塞导致的)。
也就是说,现有网络环境不可预测,当用户终端通过访问域名的方式上网时,如果无法正常完成DNS解析则不能进行Portal认证,进而用户终端不能正常上网,将严重影响用户体验。
发明内容
有鉴于此,本发明提出一种基于DNS机制的无线接入方法,所述方法包括:
无线接入设备确认DNS应答报文解析异常或DNS应答超时时;
构造所述DNS应答报文;
将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。
进一步地,在无线接入设备确认DNS应答报文解析异常或DNS应答超时之前,所述方法还包括:
接收所述用户终端发送的DNS请求报文;
遍历DNS请求报文的缓存列表;
判断所述DNS请求报文的缓存列表中是否缓存有所述DNS请求报文;
如果是,更新所述DNS请求报文的缓存列表中的DNS请求报文和时间域;
如果否,将所述DNS请求报文复制到所述DNS请求报文的缓存列表中。
进一步地,所述确认DNS应答报文解析异常,具体包括:
接收发往所述用户终端的所述DNS应答报文;
遍历所述DNS请求报文的缓存列表;
确认在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文;
解析所述DNS应答报文;
当所述DNS应答报文解析失败时,则确认所述DNS应答报文解析异常。
进一步地,所述确认DNS应答超时,具体包括:
定期检测所述DNS请求报文的缓存列表;
在预定时间内,若没有收到DNS应答报文,则确认DNS应答超时。
进一步地,根据所述DNS请求报文的报文信息进行构造所述DNS应答报文;
其中,所述请求报文的报文信息包括:门户网站IP地址信息、用户数据报协议头信息、IP头信息及以太网头信息。
进一步地,所述根据DNS请求报文的报文信息进行构造所述DNS应答报文,具体包括:
将所述门户网站IP地址信息填充到所述DNS应答报文的报文头;
将所述用户数据报协议头信息填充到所述DNS应答报文的用户数据报协议头;
将所述IP头信息填充到所述DNS应答报文的IP头;
将所述以太网头信息填充到所述DNS应答报文的以太网头。
进一步地,根据所述入端口信息将构造的所述DNS应答报文发送给所述用户终端;
其中,所述DNS请求报文的报文信息还包括:入端口信息。
本发明还提出一种基于DNS机制的无线接入设备,所述设备包括:
确认模块,用于确认DNS应答报文解析异常或DNS应答超时;
构造模块,用于构造所述DNS应答报文;
发送模块,用于将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。
进一步地,所述设备还包括:
接收模块,用于在确认DNS应答报文解析异常或DNS应答超时之前,接收所述用户终端发送的DNS请求报文;
遍历模块,用于遍历DNS请求报文的缓存列表;
判断模块,用于判断所述DNS请求报文的缓存列表中是否缓存有所述DNS请求报文;
更新模块,用于当所述判断模块判断所述DNS请求报文的缓存列表中缓存有所述DNS请求报文时,更新所述DNS请求报文的缓存列表中的DNS请求报文和时间域;
复制模块,用于当所述判断模块判断所述DNS请求报文的缓存列表中没有缓存所述DNS请求报文时,将所述DNS请求报文复制到所述DNS请求报文的缓存列表中。
进一步地,所述确认模块包括:
接收子模块,用于接收发往所述用户终端的所述DNS应答报文;
遍历子模块,用于遍历所述DNS请求报文的缓存列表;
第一确认子模块,用于确认在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文;
解析子模块,用于解析所述DNS应答报文;
第二确认子模块,用于当所述解析子模块解析失败时,确认所述DNS应答报文解析异常。
进一步地,所述确认模块还包括:
检测子模块,用于定期检测所述DNS请求报文的缓存列表;
第三确认子模块,用于在预定时间内,若没有收到DNS应答报文,则确认DNS应答超时。
进一步地,所述构造模块,具体用于根据所述DNS请求报文的报文信息进
行构造所述DNS应答报文;
其中,所述请求报文的报文信息包括:门户网站IP地址信息、用户数据报协议头信息、IP头信息及以太网头信息。
进一步地,所述构造模块包括:
第一填充子模块,用于将所述门户网站IP地址信息填充到所述DNS应答报文的报文头;
第二填充子模块,用于将所述用户数据报协议头信息填充到所述DNS应答报文的用户数据报协议头;
第三填充子模块,用于将所述IP头信息填充到所述DNS应答报文的IP头;
第四填充子模块,用于将所述以太网头信息填充到所述DNS应答报文的以太网头。
进一步地,所述发送模块,具体用于根据所述入端口信息将构造的所述DNS应答报文发送给所述用户终端;
其中,所述DNS请求报文的报文信息还包括:入端口信息。
本发明通过无线接入设备确认DNS应答报文解析异常或DNS应答超时时;构造所述DNS应答报文;将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。如此,即使在用户终端误输入不存在的域名或者现有网络使用时DNS服务器不可达,从而造成的DNS解析失败或者DNS应答超时的情况下,都能够顺利完成Portal认证。
图1为本发明基于DNS机制的无线接入方法的一种实施例的流程图;
图2为本发明基于DNS机制的无线接入方法的另一种实施例的流程图;
图3为本发明基于DNS机制的无线接入方法中DNS应答报文解析异常方法的一种实施例的流程图;
图4为本发明基于DNS机制的无线接入方法中DNS应答超时方法的一种实施例的流程图;
图5为本发明基于DNS机制的无线接入方法中DNS应答报文构造方法的另一种实施例的流程图;
图6为本发明基于DNS机制的无线接入方法在实际应用时无线接入设备接收到DNS请求报文后处理方法的一种实施例的流程图;
图7为本发明基于DNS机制的无线接入方法在实际应用时DNS应答超时处理方法的一种实施例的流程图;
图8为本发明基于DNS机制的无线接入方法在实际应用时DNS应答报文解析异常处理方法的一种实施例的流程图;
图9为本发明基于DNS机制的无线接入方法在实际应用时DNS应答报文构造方法的一种实施例的流程图;
图10为本发明基于DNS机制的无线接入设备的一种实施例的结构图;
图11为本发明基于DNS机制的无线接入设备的另一种实施例的结构图;
图12为本发明基于DNS机制的无线接入设备中确认模块的一种实施例的结构图;
图13为本发明基于DNS机制的无线接入设备中确认模块的另一种实施例的结构图;
图14为本发明基于DNS机制的无线接入设备中构造模块的一种实施例的结构图。
本发明技术方案为:无线接入设备确认DNS应答报文解析异常或DNS应答超时时;构造所述DNS应答报文;将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。
为使本发明的目的、技术方案和优点更加清楚明白,以下举实施例并参照附图,对本发明进一步详细说明。
图1为本发明基于DNS机制的无线接入方法的一种实施例的流程图,具体流程如下:
步骤S101,无线接入设备确认DNS应答报文解析异常或DNS应答超时时;
具体地,其中,无线接入设备(AP)确认DNS(域名系统)应答报文解析异常是指误输入不存在的域名或者DNS服务器不可达;
DNS应答超时是指网络拥塞导致的DNS应答超时。
步骤S102,构造所述DNS应答报文;
具体地,无线接入设备根据DNS请求报文的报文信息构造所述DNS应答报文,即,无线接入设备通过主动构造DNS应答报文,如此,即使用户误输入不存在的域名或现有网络使用时DNS服务器不可达造成的DNS解析失败,或者因网络拥塞导致的DNS应答超时,用户终端都能够顺利完成Portal认证;
其中,所述请求报文的报文信息包括:门户网站IP地址信息、用户数据报协议头信息、IP头信息及以太网头信息。
步骤S103,将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。
具体地,无线接入设备根据用户终端的DNS请求报文的用户终端信息,并根据入端口信息将构造的DNS应答报文发送给对应的用户终端;
用户终端接收到无线接入设备的DNS应答报文后,进行接入认证;
接入认证成功后,无线接入设备将该用户终端添加到认证名单中;
其中,所述DNS请求报文的报文信息还包括:入端口信息。
其中,步骤S101中无线接入设备确认DNS应答报文解析异常或DNS应答超时之前的进一步处理如图2所示,具体步骤如下:
步骤S201,接收所述用户终端发送的DNS请求报文;
具体地,无线接入设备接收到所述用户终端发送的DNS请求报文。
步骤S202,遍历DNS请求报文的缓存列表;
具体地,DNS请求报文的缓存列表是预先缓存在暂存器中的DNS请求报文的列表。
步骤S203,判断所述DNS请求报文的缓存列表中是否缓存有所述DNS请求报文;
具体地,当在所述DNS请求报文的缓存列表中遍历到与接收到的所述用户终端发送的DNS请求报文相同的DNS请求报文,则确认所述DNS请求报文的缓存列表中缓存有所述DNS请求报文,则进入步骤S204;
当在所述DNS请求报文的缓存列表中没有遍历到与接收到的所述用户终端发送的DNS请求报文相同的DNS请求报文,则确认所述DNS请求报文的缓存列表中没有缓存所述DNS请求报文,则进入步骤S205;
步骤S204,更新所述DNS请求报文的缓存列表中的DNS请求报文和时间域;
具体地,无线接入设备将所述DNS请求报文的缓存列表中已缓存的DNS请求报文和时间域更新是指:将DNS请求报文的缓存时间更新为当前时间,并将时间域更新为无线接入设备设置的新时间域;其中,时间域就是遍历时间段,也就是遍历时间;新时间域就是设置新的遍历时间段,也就是新的遍历时间。
步骤S205,将所述DNS请求报文复制到所述DNS请求报文的缓存列表中;
具体地,由于DNS请求报文中没有缓存DNS请求报文,则直接将所述DNS请求报文复制到所述DNS请求报文的缓存列表中。
其中,步骤S101中无线接入设备确认DNS应答报文解析异常方法如图3所示,具体步骤如下:
步骤S301,接收发往所述用户终端的所述DNS应答报文;
具体地,无线接入设备接收到DNS服务器发送给用户终端的DNS应答报文。
步骤S302,遍历所述DNS请求报文的缓存列表;
具体地,无线接入设备遍历自身缓存的DNS请求报文的缓存列表,DNS请求报文的缓存列表如步骤S202。
步骤S303,确认在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文;
具体地,通过DNS应答报文在DNS请求报文的缓存列表中遍历对应的DNS请求报文,这里至少满足DNS应答报文的用户终端信息与DNS请求报文
的用户终端信息相同,DNS请求报文的报文信息与DNS应答报文的报文信息呼应。
步骤S304,解析所述DNS应答报文;
具体地,当在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文,则可以确认所述DNS应答报文就是DNS请求报文的应答。
步骤S305,当所述DNS应答报文解析失败时,则确认所述DNS应答报文解析异常。
具体地,当因用户事先误输入不存在的域名或现有网络使用时DNS服务器不可达而导致DNS应答报文解析过程中失败时,则认为DNS应答报文解析异常。
步骤S101中无线接入设备确认DNS应答超时方法如图3所示,具体步骤如下:
步骤S401,定期检测所述DNS请求报文的缓存列表;
具体地,预设检测周期,定期检测所述DNS请求报文的缓存列表就是按照预设的检测周期检测所述DNS请求报文的缓存列表。
步骤S402,在预定时间内,若没有收到DNS应答报文,则确认DNS应答超时。
具体地,通过定时器预定时间,在检测周期到来检测时,在定时器的预设时间内通过判断是否收到DNS应答报文,确认DNS应答是否超时。
其中,步骤S102构造所述DNS应答报文的具体方法如图5所示,具体步骤如下:
步骤S501,将所述门户网站IP地址信息填充到所述DNS应答报文的报文头;
具体地,门户网站为Portal网站,DNS应答报文的报文信息包括报文头,将DNS请求报文的报文信息中的门户网站IP地址信息写入DNS应答报文的报文头,也就是,将DNS请求报文的报文信息中的门户网站IP地址信息作为DNS
应答报文的报文头。
步骤S502,将所述用户数据报协议头信息填充到所述DNS应答报文的用户数据报协议头;
具体地,DNS应答报文的报文信息还包括用户数据报协议头(UDP)信息,将DNS请求报文的报文信息中的用户数据报协议头信息写入DNS应答报文的用户数据报协议头,也就是,将DNS请求报文的报文信息中的用户数据报协议头信息作为DNS应答报文的用户数据报协议头信息。
步骤S503,将所述IP头信息填充到所述DNS应答报文的IP头;
具体地,DNS应答报文的报文信息还包括IP头信息,将DNS请求报文的报文信息中的IP头信息写入DNS应答报文的IP头,也就是,将DNS请求报文的报文信息中的IP头信息作为DNS应答报文的IP头信息。
步骤S504,将所述以太网头信息填充到所述DNS应答报文的以太网头。
具体地,DNS应答报文的报文信息还包括以太网头信息,将DNS请求报文的报文信息中的以太网头信息写入DNS应答报文的以太网头,也就是,将DNS请求报文的报文信息中的以太网头信息作为DNS应答报文的以太网头信息。
图6为本发明基于DNS机制的无线接入方法在实际应用时无线接入设备接收到DNS请求报文后处理方法的一种实施例的流程图,具体步骤如下:
步骤S601,接收用户终端的DNS请求报文;
具体地,无线接入设备接收用户终端的DNS请求报文。
步骤S602,遍历DNS请求报文的缓存列表;
具体地,遍历暂存器中暂存的DNS请求报文的缓存列表。
步骤S603,判断在DNS请求报文的缓存列表中是否缓存有与接收到的用户终端发送的DNS请求报文相同的DNS请求报文,如果存在,则进入步骤S604,否则,进入步骤S605;
步骤S604,更新DNS请求报文的缓存列表中的DNS请求报文和时间域;
具体地,将所述DNS请求报文的缓存列表中已缓存的DNS请求报文和时
间域更新是指:将DNS请求报文的缓存时间更新为当前时间,并将时间域更新为无线接入设备设置的新时间域。
步骤S605,将DNS请求报文复制到DNS请求报文的缓存列表中,并进入步骤S606;
具体地,由于DNS请求报文中没有缓存DNS请求报文,则直接将所述DNS请求报文复制到所述DNS请求报文的缓存列表中。
步骤S606,判断在预定时间内,是否将DNS请求报文的缓存列表遍历结束,如果是,进入步骤S607,否则,转入步骤S608;
具体地,根据预定时间确定,该预定时间是时间段,当预定时间的时间段结束点到来,则结束遍历DNS请求报文的缓存列表;当预定时间的时间段结束点没有到来,则继续遍历DNS请求报文的缓存列表。
步骤S607,设置定时器下次生效时间,并结束此处理。
具体地,设置定时器下次生效时间就是设置下次遍历的预定时间。
图7为本发明基于DNS机制的无线接入方法在实际应用时DNS应答超时处理方法的一种实施例的流程图,具体步骤如下:
步骤S701,定时器设定预定时间;
具体地,定时器设定预定时间就是设定遍历的预定时间。
步骤S702,遍历DNS请求报文的缓存列表;
具体地,当预定时间的时间段开始点到来时,开始DNS请求报文的缓存列表。
步骤S703,判断DNS应答是否超时,如果是,进入步骤S704,否则进入步骤S705;
具体地,当预定时间的时间段结束点到来,还没有收到DNS应答,则确认DNS应答超时。
步骤S704,构造DNS应答报文,并将构造的DNS应答报文发送给用户终端进行处理;
具体地,无线接入设备根据接收到的用户终端发送的DNS请求报文的报文
信息构造DNS应答报文。
步骤S705,判断在预定时间内是否结束遍历DNS请求报文,如果是,进入步骤S706,否则,返回到步骤S703;
具体地,当预定时间的时间段结束点到来,就结束遍历DNS请求报文的缓存列表,否则,当预定时间的时间段结束点没有到来时,则继续遍历DNS请求报文的缓存列表。
步骤S706,设置定时器下次生效时间,并结束此处理。
具体地,设置定时器下次生效时间就是设置下次遍历的预定时间。
图8为本发明基于DNS机制的无线接入方法在实际应用时DNS应答报文解析异常处理方法的一种实施例的流程图,具体步骤如下:
步骤S801,接收发往用户终端的DNS应答报文;
具体地,无线接入设备接收到DNS服务器发送给用户终端的DNS应答报文。
步骤S802,遍历DNS请求报文的缓存列表;
具体地,遍历暂存器中暂存的DNS请求报文的缓存列表。
步骤S803,判断在DNS请求报文的缓存列表中是否缓存有与接收到的用户终端发送的DNS请求报文相同的DNS请求报文,如果存在,进入步骤S805,否则,进入步骤S804;
步骤S804,返回NF_ACCEPT(继续正常传输数据包);
具体地,返回NF_ACCEPT就是返回继续正常传输接收到的DNS应答报文。
步骤S805,判断DNS应答报文解析成功了吗?如果成功,则进入步骤S807;
步骤S806,构造DNS应答报文,并发送给用户终端进行处理;
步骤S807,释放已缓存的DNS请求报文,并删除缓存表项,返回步骤S804;
步骤S808,返回NF_STOLEN(忘掉数据包)。
具体地,返回NF_STOLEN就是返回遗忘掉接收到的DNS应答报文。
图9为本发明基于DNS机制的无线接入方法在实际应用时DNS应答报文构造方法的一种实施例的流程图,具体步骤如下:
步骤S901,根据DNS请求报文的报文信息进行构造;
步骤S902,根据Portal IP地址填充DNS应答报文的报文头;
步骤S903,根据DNS请求报文的UDP头填充DNS应答报文的UDP头;
步骤S904,根据DNS请求报文的IP头填充DNS应答报文的IP头;
步骤S905,根据DNS请求报文的以太网头填充DNS应答报文的以太网头。
图10为本发明基于DNS机制的无线接入设备的一种实施例的结构图,无线接入设备1000包括确认模块1001、构造模块1002和发送模块1003,
确认模块1001,用于确认DNS应答报文解析异常或DNS应答超时;
具体地,其中,无线接入设备(AP)1000确认DNS(域名系统)应答报文解析异常是指误输入不存在的域名或者DNS服务器不可达;
DNS应答超时是指网络拥塞导致的DNS应答超时。
构造模块1002,用于构造所述DNS应答报文;
具体地,构造模块1002根据DNS请求报文的报文信息构造所述DNS应答报文,即,构造模块1002通过主动构造DNS应答报文,如此,即使用户误输入不存在的域名或现有网络使用时DNS服务器不可达造成的DNS解析失败,或者因网络拥塞导致的DNS应答超时,用户终端都能够顺利完成Portal认证;
其中,所述请求报文的报文信息包括:门户网站IP地址信息、用户数据报协议头信息、IP头信息及以太网头信息。
发送模块1003,用于将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。
具体地,发送模块1003根据用户终端的DNS请求报文的用户终端信息,并根据入端口信息将构造的DNS应答报文发送给对应的用户终端;
用户终端接收到DNS应答报文后,进行接入认证;
接入认证成功后,无线接入设备1000将该用户终端添加到认证名单中;
其中,所述DNS请求报文的报文信息还包括:入端口信息。
图11为本发明基于DNS机制的无线接入设备的另一种实施例的结构图,无线接入设备1000包括确认模块1001、构造模块1002、发送模块1003、接收模块1004、遍历模块1005、判断模块1006、更新模块1007和复制模块1008,其中,确认模块1001、构造模块1002和发送模块1003具体如图10所示,
接收模块1004,用于在确认DNS应答报文解析异常或DNS应答超时之前,接收所述用户终端发送的DNS请求报文;
具体地,接收模块1004接收到所述用户终端发送的DNS请求报文。
遍历模块1005,用于遍历DNS请求报文的缓存列表;
具体地,DNS请求报文的缓存列表是预先缓存在暂存器中的DNS请求报文的列表。
判断模块1006,用于判断所述DNS请求报文的缓存列表中是否缓存有所述DNS请求报文;
具体地,当在所述DNS请求报文的缓存列表中遍历到与接收到的所述用户终端发送的DNS请求报文相同的DNS请求报文,则确认所述DNS请求报文的缓存列表中缓存有所述DNS请求报文;
当在所述DNS请求报文的缓存列表中没有遍历到与接收到的所述用户终端发送的DNS请求报文相同的DNS请求报文,则确认所述DNS请求报文的缓存列表中没有缓存所述DNS请求报文。
更新模块1007,用于当判断模块1006判断所述DNS请求报文的缓存列表中缓存有所述DNS请求报文时,更新所述DNS请求报文的缓存列表中的DNS请求报文和时间域;
具体地,更新模块1007将所述DNS请求报文的缓存列表中已缓存的DNS请求报文和时间域更新是指:将DNS请求报文的缓存时间更新为当前时间,并将时间域更新为无线接入设备设置的新时间域;其中,时间域就是遍历时间段,也就是遍历时间;新时间域就是设置新的遍历时间段,也就是新的遍历时间。
复制模块1008,用于当判断模块1006判断所述DNS请求报文的缓存列表中没有缓存所述DNS请求报文时,将所述DNS请求报文复制到所述DNS请求
报文的缓存列表中。
具体地,由于DNS请求报文中没有缓存有DNS请求报文,则直接将所述DNS请求报文复制到所述DNS请求报文的缓存列表中。
其中,确认模块1001的结构如图12所示,确认模块1001包括接收子模块10011、遍历子模块10012、第一确认子模块10013、解析子模块10014和第二确认子模块10015,
接收子模块10011,用于接收发往所述用户终端的所述DNS应答报文;
具体地,接收子模块10011接收到DNS服务器发送给用户终端的DNS应答报文。
遍历子模块10012,用于遍历所述DNS请求报文的缓存列表;
具体地,遍历子模块10012遍历自身缓存的DNS请求报文的缓存列表,DNS请求报文的缓存列表如遍历模块1005。
第一确认子模块10013,用于确认在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文;
具体地,通过DNS应答报文在DNS请求报文的缓存列表中遍历对应的DNS请求报文,这里至少满足DNS应答报文的用户终端信息与DNS请求报文的用户终端信息相同,DNS请求报文的报文信息与DNS应答报文的报文信息呼应。
解析子模块10014,用于解析所述DNS应答报文;
具体地,当在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文,则可以确认所述DNS应答报文就是DNS请求报文的应答。
第二确认子模块10015,用于当解析子模块10014解析失败时,确认所述DNS应答报文解析异常。
具体地,当因用户事先误输入不存在的域名或现有网络使用时DNS服务器不可达而导致DNS应答报文解析过程中失败时,则认为DNS应答报文解析异常。
其中,确认模块1001的结构还如图13所示,确认模块1001包括检测子模块10016和第三确认子模块10017,
检测子模块10016,用于定期检测所述DNS请求报文的缓存列表;
具体地,预设检测周期,定期检测所述DNS请求报文的缓存列表就是按照预设的检测周期检测所述DNS请求报文的缓存列表。
第三确认子模块10017,用于在预定时间内,若没有收到DNS应答报文,则确认DNS应答超时。
具体地,通过定时器预定时间,在检测周期到来检测时,在定时器的预设时间内通过判断是否收到DNS应答报文,确认DNS应答是否超时。
其中,构造模块1002的结构如图14所示,构造模块1002包括第一填充子模块10021、第二填充子模块10022、第三填充子模块10023和第四填充子模块10024,
第一填充子模块10021,用于将所述门户网站IP地址信息填充到所述DNS应答报文的报文头;
具体地,门户网站为Portal网站,DNS应答报文的报文信息包括报文头,将DNS请求报文的报文信息中的门户网站IP地址信息写入DNS应答报文的报文头,也就是,将DNS请求报文的报文信息中的门户网站IP地址信息作为DNS应答报文的报文头。
第二填充子模块10022,用于将所述用户数据报协议头信息填充到所述DNS应答报文的用户数据报协议头;
具体地,DNS应答报文的报文信息还包括用户数据报协议头(UDP)信息,将DNS请求报文的报文信息中的用户数据报协议头信息写入DNS应答报文的用户数据报协议头,也就是,将DNS请求报文的报文信息中的用户数据报协议头信息作为DNS应答报文的用户数据报协议头信息。
第三填充子模块10023,用于将所述IP头信息填充到所述DNS应答报文的IP头;
具体地,DNS应答报文的报文信息还包括IP头信息,将DNS请求报文的
报文信息中的IP头信息写入DNS应答报文的IP头,也就是,将DNS请求报文的报文信息中的IP头信息作为DNS应答报文的IP头信息。
第四填充子模块10024,用于将所述以太网头信息填充到所述DNS应答报文的以太网头。
具体地,DNS应答报文的报文信息还包括以太网头信息,将DNS请求报文的报文信息中的以太网头信息写入DNS应答报文的以太网头,也就是,将DNS请求报文的报文信息中的以太网头信息作为DNS应答报文的以太网头信息。
应当理解,本实施例提供的无线接入设备1000的功能模块可以为软件模块或者软硬件结合的功能模块,其可以通过处理器执行而实现如上所述的功能。并且,无线接入设备1000还可以具有其他功能模块实现在DNS解析失败或者DNS应答超时的情况下,都能够顺利完成Portal认证的各个具体步骤,具体可以参阅以上方法实施例的相应描述。
另外,所属技术领域的技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于计算机可读取存储介质中,并被通讯内部的处理器执行,前述的程序在被执行时处理器可以执行包括上述方法实施例的全部或者部分步骤。其中,所述处理器可以作为一个或多个处理器芯片实施,或者可以为一个或多个专用集成电路(Application Specific Integrated Circuit,ASIC)的一部分;而前述的存储介质可以包括但不限于以下类型的存储介质:闪存(Flash Memory)、存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。
最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。
Claims (14)
- 一种基于DNS机制的无线接入方法,其特征在于,所述方法包括:无线接入设备确认DNS应答报文解析异常或DNS应答超时时;构造所述DNS应答报文;将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。
- 如权利要求1所述的方法,其特征在于,在无线接入设备确认DNS应答报文解析异常或DNS应答超时之前,所述方法还包括:接收所述用户终端发送的DNS请求报文;遍历DNS请求报文的缓存列表;判断所述DNS请求报文的缓存列表中是否缓存有所述DNS请求报文;如果是,更新所述DNS请求报文的缓存列表中的DNS请求报文和时间域;如果否,将所述DNS请求报文复制到所述DNS请求报文的缓存列表中。
- 如权利要求2所述的方法,其特征在于,所述确认DNS应答报文解析异常,具体包括:接收发往所述用户终端的所述DNS应答报文;遍历所述DNS请求报文的缓存列表;确认在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文;解析所述DNS应答报文;当所述DNS应答报文解析失败时,则确认所述DNS应答报文解析异常。
- 如权利要求2所述的方法,其特征在于,所述确认DNS应答超时,具体包括:定期检测所述DNS请求报文的缓存列表;在预定时间内,若没有收到DNS应答报文,则确认DNS应答超时。
- 如权利要求2所述的方法,其特征在于,根据所述DNS请求报文的报文信息进行构造所述DNS应答报文;其中,所述请求报文的报文信息包括:门户网站IP地址信息、用户数据报协议头信息、IP头信息及以太网头信息。
- 如权利要求5所述的方法,其特征在于,所述根据DNS请求报文的报文信息进行构造所述DNS应答报文,具体包括:将所述门户网站IP地址信息填充到所述DNS应答报文的报文头;将所述用户数据报协议头信息填充到所述DNS应答报文的用户数据报协议头;将所述IP头信息填充到所述DNS应答报文的IP头;将所述以太网头信息填充到所述DNS应答报文的以太网头。
- 如权利要求6所述的方法,其特征在于,根据所述入端口信息将构造的所述DNS应答报文发送给所述用户终端;其中,所述DNS请求报文的报文信息还包括:入端口信息。
- 一种基于DNS机制的无线接入设备,其特征在于,所述设备包括:确认模块,用于确认DNS应答报文解析异常或DNS应答超时;构造模块,用于构造所述DNS应答报文;发送模块,用于将构造的所述DNS应答报文发送给用户终端,使所述用户终端根据所述DNS应答报文进行接入认证。
- 如权利要求8所述的设备,其特征在于,所述设备还包括:接收模块,用于在确认DNS应答报文解析异常或DNS应答超时之前,接收所述用户终端发送的DNS请求报文;遍历模块,用于遍历DNS请求报文的缓存列表;判断模块,用于判断所述DNS请求报文的缓存列表中是否缓存有所述DNS请求报文;更新模块,用于当所述判断模块判断所述DNS请求报文的缓存列表中缓存有所述DNS请求报文时,更新所述DNS请求报文的缓存列表中的DNS请求报文和时间域;复制模块,用于当所述判断模块判断所述DNS请求报文的缓存列表中没有缓存所述DNS请求报文时,将所述DNS请求报文复制到所述DNS请求报文的缓存列表中。
- 如权利要求9所述的设备,其特征在于,所述确认模块包括:接收子模块,用于接收发往所述用户终端的所述DNS应答报文;遍历子模块,用于遍历所述DNS请求报文的缓存列表;第一确认子模块,用于确认在所述DNS请求报文的缓存列表中缓存有与所述DNS应答报文对应的DNS请求报文;解析子模块,用于解析所述DNS应答报文;第二确认子模块,用于当所述解析子模块解析失败时,确认所述DNS应答报文解析异常。
- 如权利要求9所述的设备,其特征在于,所述确认模块还包括:检测子模块,用于定期检测所述DNS请求报文的缓存列表;第三确认子模块,用于在预定时间内,若没有收到DNS应答报文,则确认DNS应答超时。
- 如权利要求9所述的设备,其特征在于,所述构造模块,具体用于根据所述DNS请求报文的报文信息进行构造所述DNS应答报文;其中,所述请求报文的报文信息包括:门户网站IP地址信息、用户数据报协议头信息、IP头信息及以太网头信息。
- 如权利要求12所述的设备,其特征在于,所述构造模块包括:第一填充子模块,用于将所述门户网站IP地址信息填充到所述DNS应答报文的报文头;第二填充子模块,用于将所述用户数据报协议头信息填充到所述DNS应答报文的用户数据报协议头;第三填充子模块,用于将所述IP头信息填充到所述DNS应答报文的IP头;第四填充子模块,用于将所述以太网头信息填充到所述DNS应答报文的以 太网头。
- 如权利要求13所述的设备,其特征在于,所述发送模块,具体用于根据所述入端口信息将构造的所述DNS应答报文发送给所述用户终端;其中,所述DNS请求报文的报文信息还包括:入端口信息。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610224931.9 | 2016-04-12 | ||
CN201610224931.9A CN105721632A (zh) | 2016-04-12 | 2016-04-12 | 一种基于dns机制的无线接入方法及无线接入设备 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017177692A1 true WO2017177692A1 (zh) | 2017-10-19 |
Family
ID=56160953
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/108171 WO2017177692A1 (zh) | 2016-04-12 | 2016-11-30 | 一种基于dns机制的无线接入方法及无线接入设备 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105721632A (zh) |
WO (1) | WO2017177692A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114844721A (zh) * | 2022-06-06 | 2022-08-02 | 广州小鹏汽车科技有限公司 | 攻击侦测方法及其系统、车辆、计算机可读存储介质 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105721632A (zh) * | 2016-04-12 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | 一种基于dns机制的无线接入方法及无线接入设备 |
CN106789431B (zh) * | 2016-12-26 | 2019-12-06 | 中国银联股份有限公司 | 一种超时监控方法及装置 |
CN110995542B (zh) * | 2019-12-16 | 2022-04-22 | 金蝶智慧科技(深圳)有限公司 | 一种网络状态检测方法、系统及相关设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580552A (zh) * | 2015-01-29 | 2015-04-29 | 太仓市同维电子有限公司 | 家庭网关中错误域名解析服务器解析重定向的实现方法 |
CN104883282A (zh) * | 2015-06-19 | 2015-09-02 | 中国互联网络信息中心 | 终端的dns服务器的监控方法及系统 |
CN105245633A (zh) * | 2015-10-19 | 2016-01-13 | 北京奇虎科技有限公司 | 一种安全域名系统及其故障处理方法 |
CN105721632A (zh) * | 2016-04-12 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | 一种基于dns机制的无线接入方法及无线接入设备 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101835205B (zh) * | 2010-04-07 | 2015-08-12 | 中兴通讯股份有限公司 | 一种无线终端及无线上网方法 |
US9820200B2 (en) * | 2011-12-19 | 2017-11-14 | Facebook, Inc. | Captive portal state detection and avoidance for multiple-interface traffic offloading |
CN104168316B (zh) * | 2014-08-11 | 2019-01-11 | 北京星网锐捷网络技术有限公司 | 一种网页访问控制方法、网关 |
CN104580178B (zh) * | 2014-12-26 | 2018-09-04 | 新华三技术有限公司 | 一种Portal认证的方法和设备 |
-
2016
- 2016-04-12 CN CN201610224931.9A patent/CN105721632A/zh active Pending
- 2016-11-30 WO PCT/CN2016/108171 patent/WO2017177692A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580552A (zh) * | 2015-01-29 | 2015-04-29 | 太仓市同维电子有限公司 | 家庭网关中错误域名解析服务器解析重定向的实现方法 |
CN104883282A (zh) * | 2015-06-19 | 2015-09-02 | 中国互联网络信息中心 | 终端的dns服务器的监控方法及系统 |
CN105245633A (zh) * | 2015-10-19 | 2016-01-13 | 北京奇虎科技有限公司 | 一种安全域名系统及其故障处理方法 |
CN105721632A (zh) * | 2016-04-12 | 2016-06-29 | 上海斐讯数据通信技术有限公司 | 一种基于dns机制的无线接入方法及无线接入设备 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114844721A (zh) * | 2022-06-06 | 2022-08-02 | 广州小鹏汽车科技有限公司 | 攻击侦测方法及其系统、车辆、计算机可读存储介质 |
CN114844721B (zh) * | 2022-06-06 | 2023-12-29 | 肇庆小鹏新能源投资有限公司广州分公司 | 攻击侦测方法及其系统、车辆、计算机可读存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN105721632A (zh) | 2016-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017177692A1 (zh) | 一种基于dns机制的无线接入方法及无线接入设备 | |
WO2015039559A1 (zh) | 页面重定向方法、路由设备、终端设备及系统 | |
JP4758362B2 (ja) | 中継装置、プログラム及び中継方法 | |
US20160323409A1 (en) | A method and network node for caching web content | |
JP2005287045A (ja) | Ipネットワークに接続された装置の発見の方法、及び、この方法を実行する装置 | |
US20150350373A1 (en) | Method for Router to Process Web Page Data, and Router | |
KR20140131523A (ko) | 보안 프로토콜의 동적 선택 기법 | |
US8949952B2 (en) | Multi-stack subscriber sign on | |
KR20110076457A (ko) | 콘텐츠 명 기반의 네트워크 장치 및 데이터 요청 방법 | |
WO2018121589A1 (zh) | 数据链路的检测方法、装置及系统 | |
CN110830460B (zh) | 一种连接建立方法、装置、电子设备及存储介质 | |
WO2019218845A1 (zh) | 超文本传输协议重定向方法、装置、路由设备及存储介质 | |
JP2019009596A (ja) | 車載通信装置、通信制御方法および通信制御プログラム | |
CN107995233B (zh) | 建立连接的方法及相应的设备 | |
WO2013091407A1 (zh) | Telnet命令过滤方法、网络安全设备和系统 | |
US20090307371A1 (en) | Communication device provided with arp function | |
CN114374669A (zh) | Vpn客户端代理dns解析方法及系统 | |
JP2010268164A (ja) | ネットワーク通信装置及び方法とプログラム | |
JP5876788B2 (ja) | 通信遮断装置、通信遮断方法、及びプログラム | |
US9442779B2 (en) | Information-processing apparatus, information-processing method, and program | |
JP4677501B2 (ja) | 中継装置および中継方法 | |
JP4443482B2 (ja) | インターネット印刷システム及びそれを実現するためのプログラム | |
CN106656912A (zh) | 一种检测拒绝服务攻击的方法及装置 | |
US8630236B2 (en) | System for registration of communication devices | |
JP6303661B2 (ja) | マルウェア検知システム、マルウェア検知方法、dnsサーバ、及び名前解決プログラム。 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16898504 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16898504 Country of ref document: EP Kind code of ref document: A1 |