WO2022127663A1 - Wireless broadband router, message processing method and apparatus, and domain name resolution method and apparatus - Google Patents

Wireless broadband router, message processing method and apparatus, and domain name resolution method and apparatus Download PDF

Info

Publication number
WO2022127663A1
WO2022127663A1 PCT/CN2021/136357 CN2021136357W WO2022127663A1 WO 2022127663 A1 WO2022127663 A1 WO 2022127663A1 CN 2021136357 W CN2021136357 W CN 2021136357W WO 2022127663 A1 WO2022127663 A1 WO 2022127663A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
domain name
wireless broadband
broadband router
dns
Prior art date
Application number
PCT/CN2021/136357
Other languages
French (fr)
Chinese (zh)
Inventor
张伟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022127663A1 publication Critical patent/WO2022127663A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal

Definitions

  • the present application relates to the field of communication technologies, and in particular, to a wireless broadband router, a packet processing and domain name resolution method and device.
  • the wireless broadband router is different from the traditional home router using optical fiber access.
  • the wireless broadband router is installed with a subscriber identity module (SIM) card.
  • SIM subscriber identity module
  • the wireless broadband router dials up through the SIM card and establishes communication with the access network equipment.
  • the use of wireless broadband routers greatly reduces the wiring cost, and the mobility is flexible, and the market share is increasing year by year.
  • the wireless broadband router works in a bridge mode (also called a bridge mode)
  • a bridge mode also called a bridge mode
  • the local business of the wireless broadband router and the server in the wide area network (WAN) communication cannot be performed normally.
  • the embodiments of the present application provide a wireless broadband router, a packet processing and domain name resolution method and device, which are used to enable the local service of the wireless broadband router working in bridge mode to communicate with a server in a WAN to proceed normally.
  • a wireless broadband router works in a bridge mode.
  • the wireless broadband router stores a first IP address and a SNAT rule for converting the first IP address to the second IP address.
  • the first IP address is stored in the wireless broadband router.
  • the IP address is the pseudo address of the wireless broadband router in the local area network, and the second IP address is the IP address of the wireless broadband router in the WAN; the wireless broadband router is used to send the first handshake message carrying the second IP address to the service server , the first handshake message carrying the second IP address is used to request the establishment of a connection with the service server, the source IP address in the first handshake message carrying the second IP address is the second IP address, and the destination IP address is the service The IP address of the server; the wireless broadband router is also used to receive the second handshake message carrying the second IP address sent by the service server, and the second handshake message carrying the second IP address After the first handshake packet with the second IP address is sent to the wireless broadband router, the source IP address in the second handshake packet carrying the second IP address is the IP address of the service server, and the destination IP address is the second IP address.
  • the wireless broadband router is also used to convert the second IP address in the received second handshake message carrying the second IP address into the first IP address according to the SNAT rule, and obtain the second IP address carrying the first IP address.
  • Second handshake message The wireless broadband router in the first aspect can make the wireless broadband router working in bridge mode normal by setting the IP address in the LAN as a pseudo IP address, and using SNAT rules to convert the pseudo IP address and the WAN side IP address.
  • the wireless broadband router is further configured to generate a first handshake packet carrying the first IP address, and the source IP address in the first handshake packet carrying the first IP address is the first IP address, the destination IP address is the IP address of the service server; the wireless broadband router is also used to convert the first IP address in the first handshake packet carrying the first IP address into the second IP address according to the SNAT rule, and obtain The first handshake packet carrying the second IP address.
  • the first handshake message sent to the service server can be Carrying the second IP address, because the second IP address is the IP address of the WAN side, so that the service server can identify the packet.
  • the wireless broadband router includes: a bridging module and a firewall module; the bridging module is used to send the SNAT rule to the firewall module; the firewall module is used to generate the first translation rule and the second translation rule according to the SNAT rule , the first conversion rule is used to convert the first IP address in the message to the second IP address when the first IP address is carried in the judgment message, and the second conversion rule is used to judge the message in the message. In the case of carrying the second IP address, the second IP address in the packet is converted into the first IP address.
  • the wireless broadband router can realize the bidirectional conversion of the first IP address and the second IP address, thereby ensuring the report sent to the service server.
  • the message is recognized by the service server, and the message received from the service server is recognized by the local service module in the wireless broadband router.
  • the wireless broadband router further includes: a local service module; a local service module, configured to send a first handshake message carrying the first IP address to the firewall module;
  • the firewall module In the first handshake packet of the IP address, the firewall module is further configured to convert the first IP address in the first handshake packet carrying the first IP address into the second IP address according to the first conversion rule, and obtain the first handshake packet carrying the first IP address.
  • the first handshake packet with the second IP address; the firewall module is further configured to send the first handshake packet carrying the second IP address to the service server; the firewall module is further configured to receive the second IP address from the service server.
  • the second handshake packet of the address in response to receiving the second handshake packet carrying the second IP address, the firewall module is further configured to include the second handshake packet carrying the second IP address in the second handshake packet carrying the second IP address according to the second conversion rule
  • the second IP address is converted into the first IP address, and the second handshake message carrying the first IP address is obtained; the firewall module is also used to send the second handshake message carrying the first IP address to the local service module.
  • the bidirectional conversion between the first IP address and the second IP address is realized by adopting the first conversion rule and the second conversion rule, thereby ensuring that the message sent to the service server is recognized by the service server and received from the service server.
  • the received message is recognized by the local service module in the wireless broadband router.
  • the first IP address is stored in the bridge module.
  • a packet processing method is provided, which is applied to a wireless broadband router.
  • the wireless broadband router works in a bridge mode.
  • the wireless broadband router stores a first IP address and a method for converting the first IP address into a second IP address.
  • the SNAT rule of the address, the first IP address is the pseudo address of the wireless broadband router in the local area network, and the second IP address is the IP address of the wireless broadband router in the wide area network;
  • the method includes: the wireless broadband router sends a message carrying the second IP address to the service server.
  • the first handshake packet carrying the second IP address is used to request the establishment of a connection with the service server, and the source IP address in the first handshake packet carrying the second IP address is the second IP address.
  • the wireless broadband router receives the second handshake message carrying the second IP address sent by the service server, and the second handshake message carrying the second IP address is the service server in After receiving the first handshake packet carrying the second IP address, and sent to the wireless broadband router, the source IP address in the second handshake packet carrying the second IP address is the IP address of the service server, and the destination IP address is the second IP address; the wireless broadband router converts the second IP address in the received second handshake message carrying the second IP address into the first IP address according to the SNAT rule, and obtains the second IP address carrying the first IP address. Second handshake message.
  • the method further includes: the wireless broadband router generates a first handshake packet carrying the first IP address, and according to SNAT rules, the first handshake packet in the first handshake packet carrying the first IP address An IP address is converted into a second IP address, and a first handshake packet carrying the second IP address is obtained.
  • the source IP address in the first handshake packet carrying the first IP address is the first IP address
  • the destination IP address is the IP address of the service server.
  • the wireless broadband router includes: a bridge module and a firewall module; the method further includes: the bridge module sends an SNAT rule to the firewall module; the firewall module generates a first translation rule and a second translation rule according to the SNAT rule, The first conversion rule is used to convert the first IP address in the packet to the second IP address when the judgment packet carries the first IP address, and the second conversion rule is used to carry the first IP address in the judgment packet. In the case of the second IP address, the second IP address in the packet is converted into the first IP address.
  • the wireless broadband router further includes: a local service module; the method further includes: the local service module sends a first handshake message carrying the first IP address to the firewall module; In the first handshake packet of the first IP address, the firewall module converts the first IP address in the first handshake packet carrying the first IP address into the second IP address according to the first conversion rule, and obtains the second IP address.
  • the first handshake packet of the address the firewall module sends the first handshake packet carrying the second IP address to the service server; the firewall module receives the second handshake packet carrying the second IP address from the service server; response After receiving the second handshake message carrying the second IP address, the firewall module converts the second IP address in the second handshake message carrying the second IP address into the first IP address according to the second conversion rule, and obtains the first IP address.
  • the second handshake packet of the first IP address the firewall module sends the second handshake packet carrying the first IP address to the local service module.
  • the first IP address is stored in the bridge module.
  • a wireless broadband router works in a bridge mode, a first IP address and an SNAT rule are stored in the wireless broadband router, and the SNAT rule is used to convert the first IP address to the second IP address,
  • the first IP address is the pseudo address of the wireless broadband router in the local area network
  • the second IP address is the IP address of the wireless broadband router in the wide area network
  • the wireless broadband router includes: a processing unit and a communication unit; the communication unit is used for sending to the service server.
  • the first handshake packet carrying the second IP address, the first handshake packet carrying the second IP address is used to request the establishment of a connection with the service server, and the source IP in the first handshake packet carrying the second IP address
  • the address is the second IP address, and the destination IP address is the IP address of the service server;
  • the communication unit is further configured to receive the second handshake message carrying the second IP address sent by the service server, and the second handshake message carrying the second IP address
  • the handshake packet is sent by the service server to the wireless broadband router after receiving the first handshake packet carrying the second IP address.
  • the source IP address in the second handshake packet carrying the second IP address is the service server.
  • the processing unit is further configured to generate a first handshake packet carrying the first IP address, and according to the SNAT rule, the first IP address in the first handshake packet carrying the first IP address is The address is converted into the second IP address, and the first handshake packet carrying the second IP address is obtained.
  • the source IP address in the first handshake packet carrying the first IP address is the first IP address
  • the destination IP address is the service The IP address of the server.
  • a message processing device comprising: a processor; the processor is connected to a memory, the memory is used to store computer-executed instructions, and the processor executes the computer-executed instructions stored in the memory, so that the message processing device realizes the first Any of the two methods provided.
  • the memory and the processor may be integrated together, or may be independent devices. In the latter case, the memory may be located in the message processing device or outside the message processing device.
  • the message processing device may exist in the form of a chip product.
  • a fifth aspect provides a message processing device, comprising: a processor and an interface, the processor is coupled to the memory through the interface, and when the processor executes the computer program or instructions in the memory, any one of the methods provided in the second aspect is made method is executed.
  • a computer-readable storage medium including instructions, which, when executed on a computer, cause the computer to implement any one of the methods provided in the second aspect.
  • a computer program product comprising instructions, which, when the instructions are executed on a computer, enable the computer to implement any one of the methods provided in the second aspect.
  • a wireless broadband router works in a bridge mode.
  • the wireless broadband router includes a DNS domain name request interception module, a DNS domain name resolution proxy module, and a DNS domain name resolution response module.
  • the DNS domain name request interception module stores a The first domain name; the DNS domain name request interception module, configured to receive the first DNS domain name resolution request sent by the first terminal, the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request to resolve the second domain name domain name;
  • the DNS domain name request interception module is further configured to send a second DNS domain name resolution request to the DNS domain name resolution proxy module when it is determined that the second domain name is the same as the first domain name, where the second DNS domain name resolution request carries the first domain name resolution request domain name; in response to receiving the second DNS domain name resolution request, the DNS domain name resolution proxy module is used to determine the maintenance IP address of the wireless broadband router corresponding to the first domain name; the DNS domain name resolution proxy module is also used to respond to the DNS
  • the wireless broadband router provided in the eighth aspect by intercepting and parsing the DNS domain name resolution request for accessing the local domain name, can make the wireless broadband router work in the bridge mode, the user can normally access the web maintenance page of the local domain name through the terminal , configure and view the operating parameters of the wireless broadband router, reduce the maintenance complexity of the wireless broadband router, improve the upgrade efficiency of the wireless broadband router, and improve the user experience.
  • the DNS domain name request interception module is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name, and the third DNS domain name resolution request is Carry a second domain name.
  • the DNS domain name request interception module when the user accesses a non-first domain name (ie, a non-local domain name), the DNS domain name request interception module does not intercept the DNS domain name resolution request, but sends the DNS domain name resolution request to the DNS server, so that the DNS server Determine the IP address corresponding to the domain name accessed by the user to ensure that the user can access non-local domain names normally.
  • the DNS domain name resolution proxy module stores a corresponding relationship between the first domain name and the maintenance IP address; the DNS domain name resolution proxy module is specifically configured to determine the corresponding relationship with the first domain name according to the corresponding relationship. Maintain IP addresses.
  • the DNS domain name resolution proxy module can determine the local machine according to the local domain name
  • the maintenance IP address corresponding to the domain name ensures that users can access the local domain name normally.
  • the wireless broadband router further includes a bridging module; the bridging module is used to send the first domain name to the DNS domain name request interception module; in response to receiving the first domain name, the DNS domain name request interception module is also used to save first domain name.
  • the DNS domain name request interception module can compare the first domain name with the second domain name when receiving the DNS domain name resolution request by saving the first domain name, so as to determine whether to intercept the DNS domain name resolution request.
  • the DNS domain name resolution response module is further configured to parse the first message, and generate a response to the first DNS domain name resolution request according to the parsed maintenance IP address.
  • the first DNS domain name resolution request and the second DNS domain name resolution request further include a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the DNS server IP address.
  • the device receiving the DNS domain name resolution request can determine which device sent the request and to which device, so that the correct is forwarded or processed on the device.
  • a ninth aspect provides a domain name resolution method, which is applied to a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router includes: a DNS domain name request interception module, a DNS domain name resolution proxy module, and a DNS domain name resolution response module, DNS
  • the domain name request interception module stores the first domain name
  • the method includes: the DNS domain name request interception module receives the first DNS domain name resolution request sent by the first terminal, the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request The request is used to request to resolve the second domain name; the DNS domain name request interception module sends a second DNS domain name resolution request to the DNS domain name resolution proxy module when it is determined that the second domain name is the same as the first domain name, and the second DNS domain name resolution request carries There is a first domain name; in response to receiving the second DNS domain name resolution request, the DNS domain name resolution proxy module determines the maintenance IP address of the wireless broadband router corresponding to the first domain name; the DNS domain name resolution proxy module
  • the first message carries the maintenance IP address; the DNS domain name resolution response module receives the first message; the DNS domain name resolution response module sends a response to the first DNS domain name resolution request to the first terminal, and the response to the first DNS domain name resolution request includes Maintain IP addresses.
  • the method further includes: when the DNS domain name request interception module determines that the second domain name is different from the first domain name, sending a third DNS domain name resolution request to the DNS server, the third DNS domain name resolution request carries the second domain name in the .
  • the DNS domain name resolution proxy module stores the correspondence between the first domain name and the maintenance IP address, and the DNS domain name resolution proxy module determines the maintenance IP address of the wireless broadband router corresponding to the first domain name , including: the DNS domain name resolution proxy module determines the maintenance IP address corresponding to the first domain name according to the corresponding relationship.
  • the wireless broadband router further includes a bridging module; the method further includes: the bridging module sends the first domain name to the DNS domain name request interception module; in response to receiving the first domain name, the DNS domain name request interception module saves the first domain name domain name.
  • the method further includes: the DNS domain name resolution response module parses the first message, and analyzes the first message according to the resolution.
  • the output maintenance IP address generates a response to the first DNS domain name resolution request.
  • the first DNS domain name resolution request and the second DNS domain name resolution request further include a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the DNS server IP address.
  • a tenth aspect provides a domain name resolution method, which is applied to a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name; the method includes: the wireless broadband router receives a first domain name from a first terminal.
  • a DNS domain name resolution request the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request resolution of the second domain name; when the wireless broadband router determines that the second domain name is the same as the first domain name, Determine the maintenance IP address of the wireless broadband router corresponding to the first domain name; the wireless broadband router sends a response to the first DNS domain name resolution request to the first terminal, and the response to the first DNS domain name resolution request includes the maintenance IP address.
  • the method further includes: when the wireless broadband router determines that the second domain name is different from the first domain name, sending a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries There is a second domain name.
  • the wireless broadband router stores the correspondence between the first domain name and the maintenance IP address.
  • the first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
  • a wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name;
  • the wireless broadband router includes: a processing unit and a communication unit;
  • the processing unit is used to determine the relationship between the second domain name and the first domain name.
  • the communication unit is further configured to send to the first terminal a response to the first DNS domain name resolution request, a response to the first DNS domain name resolution request This includes maintaining IP addresses.
  • the communication unit is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name, where the third DNS domain name resolution request carries the third DNS domain name resolution request. Second domain name.
  • the wireless broadband router stores the correspondence between the first domain name and the maintenance IP address.
  • the first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
  • a twelfth aspect provides a domain name resolution device, comprising: a processor; the processor is connected to a memory, the memory is used to store computer execution instructions, and the processor executes the computer execution instructions stored in the memory, so that the domain name resolution device realizes the ninth Any one of the methods provided in the aspect, or, implement any one of the methods provided by the tenth aspect.
  • the memory and the processor may be integrated together, or may be independent devices. In the latter case, the memory may be located in the domain name resolution device or outside the domain name resolution device.
  • the domain name resolution device may exist in the form of a chip.
  • a thirteenth aspect provides a domain name resolution apparatus, comprising: a processor and an interface, the processor is coupled with the memory through the interface, and when the processor executes the computer program or instructions in the memory, any one of the methods provided in the ninth aspect is made The method, or any one of the methods provided by the tenth aspect is performed.
  • a fourteenth aspect provides a computer-readable storage medium, comprising instructions that, when the instructions are run on a computer, cause the computer to execute any one of the methods provided in the ninth aspect, or, any one of the methods provided in the tenth aspect method.
  • a fifteenth aspect provides a computer program product containing instructions that, when the instructions are run on a computer, cause the computer to execute any one of the methods provided in the ninth aspect, or any one of the methods provided in the tenth aspect.
  • a sixteenth aspect provides a domain name resolution system, including: a first terminal and a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name; Send a first DNS domain name resolution request, where the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request resolution of the second domain name; in response to receiving the first DNS domain name resolution request, the wireless broadband router uses In the case where it is determined that the second domain name is the same as the first domain name, the maintenance IP address of the wireless broadband router corresponding to the first domain name is determined; the wireless broadband router is also used to send the first DNS domain name resolution request to the first terminal.
  • the response of the first DNS domain name resolution request includes the maintenance IP address; in response to receiving the response of the first DNS domain name resolution request, the first terminal is further configured to access the Web maintenance page of the wireless broadband router according to the maintenance IP address.
  • the domain name resolution system further includes: a DNS server; and a wireless broadband router, which is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name,
  • the third DNS domain name resolution request carries the second domain name; in response to receiving the third DNS domain name resolution request, the DNS server is used to determine the IP address corresponding to the second domain name; the DNS server is also used to send to the first terminal
  • the response to the third DNS domain name resolution request includes the IP address corresponding to the second domain name; in response to receiving the response to the third DNS domain name resolution request, the first terminal is further configured to The IP address corresponding to the domain name accesses the web page corresponding to the second domain name.
  • the wireless broadband router stores the correspondence between the first domain name and the maintenance IP address.
  • the first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
  • FIG. 1 is a schematic diagram of a network architecture when a wireless broadband router provided by an embodiment of the present application is in a routing mode
  • FIG. 2 is a schematic flowchart of domain name resolution when a wireless broadband router provided by an embodiment of the present application is in routing mode
  • FIG. 3 is a schematic diagram of a network architecture when a wireless broadband router provided by an embodiment of the present application is in a bridge mode;
  • FIG. 4 is a schematic diagram of IP address allocation when a wireless broadband router provided by an embodiment of the present application is in bridge mode;
  • FIG. 5 is a flowchart of domain name resolution when a wireless broadband router provided by an embodiment of the present application is in bridge mode
  • FIG. 6 is a schematic diagram of the composition of a wireless broadband router according to an embodiment of the present application.
  • FIG. 7 is a flowchart of a message processing method provided by an embodiment of the present application.
  • FIG. 8 is a flowchart of another packet processing method provided by an embodiment of the present application.
  • FIG. 9 is a schematic diagram of the composition of another wireless broadband router provided by an embodiment of the present application.
  • FIG. 10 is a flowchart of a method for domain name resolution provided by an embodiment of the present application.
  • FIG. 11 is a flowchart of another method for domain name resolution provided by an embodiment of the present application.
  • FIG. 13 is a schematic diagram of the composition of another wireless broadband router provided by an embodiment of the present application.
  • FIG. 14 is a schematic diagram of a hardware structure of a wireless broadband router provided by an embodiment of the application.
  • FIG. 15 is a schematic diagram of a hardware structure of another wireless broadband router provided by an embodiment of the present application.
  • words such as “first” and “second” are used to distinguish the same or similar items with basically the same function and effect.
  • words “first”, “second” and the like do not limit the quantity and execution order, and the words “first”, “second” and the like are not necessarily different.
  • the technical solutions of the embodiments of the present application can be applied to 4G systems, various systems based on 4G system evolution, 5G systems, and various systems based on 5G system evolution.
  • the 4G system may also be called an evolved packet system (EPS).
  • EPS evolved packet system
  • the core network (CN) of the 4G system may be called an evolved packet core (EPC), and the access network may be called long term evolution (LTE).
  • LTE long term evolution
  • the core network of the 5G system can be called 5GC (5G core), and the access network can be called new radio (NR).
  • Domain Name Also known as a domain, it is the name of a computer or computer group on a network consisting of a string of names separated by dots, which is used to locate and identify computers during data transmission (sometimes also referred to as geographic location). Domain names include local domain names and public domain names.
  • the public domain name may be, for example, www.XXX.com, www.XXX.cn, and the like. There is no fixed form for native domain names.
  • Domain name resolution It is a service that resolves a domain name into an IP address, allowing users to easily access a website by accessing the domain name. It is completed by the domain name system (DNS).
  • DNS domain name system
  • IP internet protocol
  • IP address is a long string of numbers, such as 14.215.177.39, 111.230.159.21, 192.168.8.200, 192.168.8.100, etc., which is not enough. Intuitive, and it is very inconvenient for users to remember.
  • the domain name and IP address are mapped to each other through DNS, so that users can access the website more conveniently.
  • IP address For example, if the domain name www.XXX.com and the IP address 14.215.177.39 are mapped to each other, when the user accesses www.XXX.com through the terminal, the DNS can resolve the domain name www.XXX.com to the IP address 14.215.177.39 and return it to the terminal, The terminal can access the website by visiting the IP address 14.215.177.39.
  • the local domain name of a device refers to the domain name of the local domain where device 1 is located (the domain where the current network to which device 1 is attached is located). Not filed in the public network, only other devices (eg, device 2) in the local area network (LAN) can access.
  • the mapping between the local domain name and the IP address of the device 1 is implemented by the DNS domain name resolution proxy module in the device 1 .
  • a LAN can also be called a private network or an intranet.
  • the method of Internet access for the local domain name is: the user enters the local domain name in device 2 - device 2 sends a DNS domain name resolution request to device 1 - the DNS domain name resolution proxy module in device 1 resolves the local domain name into an IP address And return to the device 2 - the device 2 accesses the IP address - to the access destination.
  • Public domain name The domain name registered in the WAN can be accessed by anyone. WAN can also be called public network or external network. The mapping between the public domain name and the IP address is realized by the DNS server in the WAN.
  • a DNS server is a server that provides translation services between IP addresses and domain names.
  • the Internet access method for the public domain name is as follows: the user enters the public domain name on the device 3 - the device 3 sends a DNS domain name resolution request to the DNS server - the DNS server parses the public domain name into an IP address and returns it to the device 3 - Device 3 accesses the IP address—reaches the access destination.
  • Firewall technology is to help computer networks build a relatively isolated protective barrier between internal and external networks by organically combining various software and hardware devices for security management and screening to protect user data and information security. a technology.
  • Firewall rules are rules used to isolate some information between internal and external networks.
  • SNAT source network address translation
  • IP address of the wireless broadband router The IP address assigned by the operator is used to identify the wireless broadband router in the WAN.
  • Maintenance IP address of the wireless broadband router The factory-set IP address of the wireless broadband router is used to identify the wireless broadband router in the LAN. Each wireless broadband router has a unique maintenance IP address. The maintenance IP address of the wireless broadband router may also be called the gateway address of the wireless broadband router.
  • routers In order to reduce wiring costs and improve the mobility of routers, routers have evolved from traditional home routers using optical fiber access to wireless broadband routers. Taking the wireless broadband router as a boundary, the wireless broadband router and connected devices (eg, home routers, terminals, etc.) belong to the LAN, and the wireless broadband router and above belong to the WAN. Wireless broadband routers can work in two modes. One mode is routing mode and the other mode is bridge mode.
  • the wireless broadband router occupies the DNS server IP address and the WAN side IP assigned by the operator (for example, a dynamic host configuration protocol (DHCP) server) to the wireless broadband router address, the wireless broadband router assigns the WAN side IP address and the DNS server IP address to the terminal (for example, personal computer (PC), mobile phone or tablet computer, etc.) connected to it, and the DNS server IP address assigned to the terminal is used for the terminal.
  • the destination IP address of the domain name request For example, referring to Figure 1, the wireless broadband router assigns the PC an IP address of 192.168.9.100 and a DNS server IP address of 192.168.8.1.
  • the DNS server IP address assigned by the wireless broadband router to the terminal may be the same as the maintenance IP address of the wireless broadband router, or it may be different from the maintenance IP address of the wireless broadband router. Since it is generally the same, therefore, in this application
  • the method provided by the present application is exemplified by taking that the IP address of the DNS server allocated to the terminal is the same as the maintenance IP address of the wireless broadband router as an example.
  • the PC sends a message to the wireless broadband router.
  • the destination IP address in the sent DNS domain name resolution request is the DNS server IP address assigned by the wireless broadband router to the PC (that is, the maintenance IP address 192.168.8.1 of the wireless broadband router).
  • the DNS domain name resolution proxy module resolves the local domain name to the maintenance IP address of the wireless broadband router according to the factory configuration and returns To the PC, after receiving the result of domain name resolution, the PC uses the maintenance IP address to access the web maintenance page of the wireless broadband router.
  • the specific process includes:
  • the DNS domain name resolution proxy module in the wireless broadband router obtains the binding setting of the local domain name and the maintenance IP address in the factory setting. That is to say, the corresponding relationship between cpe.win and the maintenance IP address will be stored in the DNS domain name resolution proxy module.
  • the correspondence between the local domain name and the maintenance IP address may be expressed as: cpe.win ⁇ 192.168.8.1.
  • the user opens the browser of the PC, and enters the local domain name cpe.win in the address bar of the browser.
  • the PC sends a DNS domain name resolution request to the DNS domain name resolution proxy module in the wireless broadband router.
  • the DNS domain name resolution request includes the source IP address (src ip, that is, the IP address of the PC 192.168.9.100), the destination IP address (dst ip, that is, the DNS server IP address 192.168.8.1 configured for the PC) and the queried domain name ( query name, i.e. cpe.win).
  • the DNS domain name resolution proxy module in the wireless broadband router resolves the local domain name cpe.win to the maintenance IP address 192.168.8.1.
  • the specific DNS domain name resolution proxy module can resolve the local domain name cpe.win to the corresponding maintenance IP address 192.168.8.1 according to the binding relationship between the local domain name and the maintenance IP address set by the factory.
  • the DNS domain name resolution proxy module in the wireless broadband router sends the maintenance IP address to the DNS domain name resolution response module in the wireless broadband router.
  • the DNS domain name resolution response module in the wireless broadband router generates (also can be described as assembling) a response to the DNS domain name resolution request, and the resolution result included in the response to the DNS domain name resolution request is the maintenance IP address 192.168.8.1.
  • the DNS domain name resolution response module in the wireless broadband router returns a response to the DNS domain name resolution request to the PC.
  • the response of the DNS domain name resolution request includes the source IP address (src ip, that is, the maintenance IP address 192.168.8.1), the destination IP address (dst ip, that is, the IP address of the PC 192.168.9.100), the query domain name (query name, i.e. cpe.win) and the query result (answer, i.e. maintain the IP address 192.168.8.1).
  • the PC subsequently uses the maintenance IP address 192.168.8.1 to access the web maintenance page of the wireless broadband router.
  • power over Ethernet is used to forward data between the wireless broadband router and the home router, and supply power to the wireless broadband router and the home router.
  • the wireless broadband router provides the ability to access the Internet
  • the home router provides The ability of terminal access is improved, and the two routers open up the Internet access in a bridge mode, giving full play to the advantages of high bandwidth and low latency of the 5G network.
  • the outdoor wireless broadband router When the outdoor wireless broadband router works in bridge mode, see Figure 4, it will send the DNS server IP address and the WAN side IP address assigned by the operator to the wireless broadband router to the indoor home router.
  • the WAN side IP address assigned by itself does not occupy the IP address of the DNS server. It is completely transparent to the WAN. It only provides the transparent transmission capability of wireless Internet access, and transparently transmits all received packets.
  • the wireless broadband router sends the DNS server IP address 10.98.48.123 and the WAN side IP address 10.62.17.183 assigned by the operator to the wireless broadband router to the indoor home router.
  • the home router assigns an IP address and a DNS server IP address to the connected terminal, for example, assigns the PC an IP address of 192.168.9.100.
  • the home router assigns the DNS server IP address to the connected terminal (here, the DNS server IP address assigned to the terminal is the one received from the wireless broadband router. DNS server IP address 10.98.48.123).
  • the destination IP address in the DNS domain name resolution request is the DNS server IP address 10.98.48.123 assigned to the terminal, but Since cpe.win is a local domain name, it is not recorded in the WAN, that is, the DNS server will not store the corresponding relationship between the local domain name cpe.win and the maintenance IP address.
  • the DNS server cannot resolve the native domain name. Therefore, the PC cannot use cpe.win to access the web maintenance page of the wireless broadband router, and thus cannot view and configure the running network parameters of the wireless broadband router (for example, store dial-up parameters, view device status, view wireless fidelity, wifi) parameters, check if there is new firmware to upgrade, etc.), which brings difficulties to users and maintainers.
  • the specific process includes:
  • step 501 same as step 201 , see step 201 .
  • step 502 same as step 202 , see step 202 .
  • the PC sends a DNS domain name resolution request to the DNS server.
  • the DNS domain name resolution request includes the source IP address (src ip, that is, the IP address of the PC 192.168.9.100), the destination IP address (dst ip, that is, the DNS server IP address 10.98.48.123) and the query domain name (query name, that is, cpe.win).
  • step 503 the DNS domain name resolution request sent by the PC first reaches the wireless broadband router, because when the wireless broadband router works in bridge mode, it does not occupy the WAN side IP address allocated for itself, nor does it occupy the DNS server IP address, It is completely transparent to the WAN, only provides the transparent transmission capability of wireless Internet access, and transparently transmits all received packets. Therefore, after receiving the DNS domain name resolution request, the wireless broadband router will send the received DNS domain name resolution request. Sent to the DNS server.
  • the DNS server returns a response to the DNS domain name resolution request to the PC.
  • the response of the DNS domain name resolution request includes the source IP address (src ip, that is, the DNS server IP address 10.98.48.123), the destination IP address (dst ip, that is, the IP address of the PC 192.168.9.100), the query domain name (query name) , namely cpe.win) and the query result (answer).
  • the query result here is an error.
  • the wireless broadband router works in the routing mode
  • the user can normally log in to the web maintenance page of the wireless broadband router through the terminal.
  • the wireless broadband router works in bridge mode
  • the user cannot log in to the web maintenance page of the wireless broadband router normally through the terminal.
  • the firmware of wireless broadband routers is upgraded. Since it is in bridge mode, it is not possible to view and configure operating network parameters. Therefore, only the maintenance personnel of the operator regularly visit users, temporarily split the networking scheme of "wireless broadband router + home router", and disconnect the two.
  • the wireless broadband router works in the bridge mode, the operator has a requirement for device management of the wireless broadband router.
  • the wireless broadband router does not have an IP address on the WAN side, it loses its independent identity in the WAN, so that the wireless broadband router needs to communicate with the server in the WAN (for example, Over-The-Air (OTA) server, operator technology Report 069 (Technical Report-069, TR069) server) communication's local business (wireless broadband router's own business, such as OTA online upgrade, TR069 device management) cannot be performed normally.
  • OTA Over-The-Air
  • TR069 Technical Report-069, TR069
  • the wireless broadband router will have two problems:
  • the reason for problem 1 is that the wireless broadband router does not occupy the IP address on the WAN side and loses its independent identity in the WAN.
  • the reason for problem 2 is that because the wireless broadband router does not occupy the IP address on the WAN side and loses its independent identification in the WAN, it can only provide the transparent transmission capability of wireless Internet access. After the wireless broadband router receives the DNS domain name resolution request, it transparently It is transmitted to the DNS server in the WAN, but the DNS server cannot resolve the local domain name in the DNS domain name resolution request, so that the user cannot access the web maintenance page of the wireless broadband router.
  • the present application provides the following first and second embodiments. Solve problems such as complicated maintenance and lagging upgrade of wireless broadband routers.
  • the wireless broadband router still works in the bridge mode, and it is not necessary to change the working mode of the wireless broadband router and the on-site networking environment.
  • the methods provided in the embodiments of the present application can be applied to the bridging scenario of the "wireless broadband router + home router" networking scenario, and can also be applied to the bridging scenario of all routing devices, without limitation.
  • a first IP address can be set for the wireless broadband router (the first IP address is the pseudo IP address of the wireless broadband router in the LAN, not the real IP address, this In the specific implementation manner of the application, the first IP address is called a pseudo IP address), and the pseudo IP address and the second IP address (the second IP address is the wireless broadband) in the message (for example, the handshake message) are analyzed by using the firewall SNAT technology.
  • the IP address of the router in the WAN that is, the WAN side IP address of the wireless broadband router, the second IP address is referred to as the WAN side IP address in the specific implementation of this application
  • the IP address of the WAN side is converted, that is, the pseudo IP address is used inside the wireless broadband router,
  • the IP address of the WAN side is used, so as to achieve the purpose of identifying the wireless broadband router by the WAN, and then realize the normal operation of the local service of the communication between the wireless broadband router and the server in the WAN.
  • the functional modules of the wireless broadband router involved in the message processing method provided by the first embodiment include: a local service module located in the application state (the local service module can provide local services such as OTA services, TR069 services, etc.) ) and bridging modules, firewall modules (eg, Netfilter modules) located in the Linux kernel routing stack.
  • Embodiment 1 mainly improves the bridge module and the firewall module.
  • the functions of each module are as follows:
  • Bridge module used to set a pseudo IP address for the wireless broadband router in bridge mode.
  • Firewall module This module is a standard open source module of the Linux kernel routing protocol stack, which is used to handle common functions such as packet filtering, address translation (NAT) translation, and packet forwarding of the firewall. In the first embodiment, it is mainly used for the processing of SNAT rules, for example, to determine when to use the WAN side IP address and when to use the pseudo IP address, and to convert the WAN side IP address and the pseudo IP address.
  • the SNAT rules of the firewall module can be configured and managed through configuration tools (for example, application-mode iptables). Specifically, the bridging module can send SNAT rules to iptables, and iptables receives the SNAT rules set by the bridging module, and then sends them to the firewall module to take effect.
  • Local service refers to the service of the wireless broadband router itself, such as OTA online upgrade, TR069 device management, etc. These services need to establish communication with the corresponding service server in the WAN to transmit data. There is no data exchange between the local service and the home router and the terminal in the LAN.
  • the packet processing method provided by Embodiment 1 includes:
  • the bridging module sets the IP address of the wireless broadband router in the LAN as a pseudo IP address.
  • the bridging module may perform step 701 after the wireless broadband router is powered on, the system is started, and the wireless broadband router works in the bridge mode.
  • the pseudo IP address belongs to the IP address of the private network segment.
  • the IP address of the private network segment is used in the LAN, and the IP address of the private network segment cannot be accessed through the WAN.
  • the pseudo IP address can be stored in the bridge module.
  • the bridge module sets the IP address of the wireless broadband router in the LAN as a pseudo IP address (it can be understood as making the pseudo IP address effective).
  • the IP address of the wireless broadband router in the LAN can be the maintenance IP address by default, or the bridge module can set the IP address of the wireless broadband router in the LAN as the maintenance IP address (which can be understood as Make the maintenance IP address take effect).
  • the pseudo IP address may be 172.28.28.28.
  • the bridging module delivers the SNAT rule to the firewall module.
  • the bridging module may issue SNAT rules to the firewall module through iptables.
  • the SNAT rule is used to convert the pseudo IP address in the packet to the WAN side IP address.
  • the SNAT rule is used to convert the pseudo IP address in the packet whose source IP address is the pseudo IP address to the WAN side IP address.
  • the message here may be a handshake message hereinafter.
  • the WAN side IP address of the wireless broadband router is 10.62.17.183.
  • the SNAT rule can be expressed as: iptables-t nat-A POSTROUTING-s 172.28.28.28-j SNAT--to-source 10.62.17.183.
  • iptables indicates that the configuration tool is iptables
  • t nat-A POSTROUTING indicates that the rule is added to the main chain named POSTROUTING in the table named nat
  • s 172.28.28.28 indicates the IP address before modification It is 172.28.28.28
  • SNAT indicates that the firewall rule is a SNAT rule
  • to-source 10.62.17.183 indicates that the modified IP address is 10.62.17.183.
  • the firewall module takes the received SNAT rule into effect.
  • validating the SNAT rule includes: storing the correspondence between the pseudo IP address and the WAN side IP address.
  • the firewall module parses the SNAT rule, and generates a first translation rule and a second translation rule according to the SNAT rule.
  • the first conversion rule is used to carry the pseudo IP in the judgment packet (for example, the handshake packet received by the firewall module from the local service module, such as the first handshake packet and the third handshake packet below)
  • the pseudo IP address in the message is converted into the WAN side IP address
  • the second conversion rule is used to determine the message (for example, the handshake message received by the firewall module from the service server, such as the following In the case that the WAN side IP address is carried in the second handshake message), the WAN side IP address in the message is converted into a pseudo IP address.
  • the firewall module may establish an internal hook function (hook function) corresponding to the SNAT rule to detect whether the packet satisfies the SNAT rule, so as to precisely match the packet.
  • hook function an internal hook function
  • the bridging module sends a pseudo IP address to the local service module.
  • the bridging module may spontaneously send a pseudo IP address to the local service module after step 701. At this time, step 704, step 702 and step 703 are executed in no particular order.
  • the local service module can send a request message to the bridging module when needed (for example, when it is determined to establish a connection with the service server), the request message is used to request a pseudo IP address, and the bridging module can The request message sends a pseudo IP address to the local service module, and the pseudo IP address may be carried in the response message of the request message.
  • the local service module establishes a connection with the service server.
  • the local service is generally a self-starting, fixed-cycle service, such as OTA online upgrade. Every 24 hours, the local OTA upgrade module actively establishes a connection with the OTA server in the WAN to check whether there is new firmware.
  • the local service module may establish a connection with the service server when the execution period of the service arrives.
  • the local OTA upgrade module can establish a connection with the OTA server in the WAN when the execution period of the OTA online upgrade service arrives.
  • the local service module and the service server can perform three-way handshake, and in the process of the three-way handshake, the firewall module will receive the received data from the local service module according to the SNAT rule (specifically according to the first conversion rule).
  • the pseudo IP address in the handshake packet is replaced with the WAN side IP address, and sent to the service server, and the WAN side IP address in the received handshake packet from the service server is also changed according to the SNAT rule (specifically according to the second conversion rule).
  • the address is replaced with a pseudo IP address and sent to the local service module.
  • step 705 includes:
  • the local service module sends a first handshake message to the firewall module, and the first handshake message is used to request to establish a connection with the service server.
  • the source IP address carried in the header of the first handshake packet is a pseudo IP address (ie 172.28.28.28), and the destination IP address is the IP address of the service server (it is assumed to be 118.194.55.121 in this application).
  • the first handshake message may be referred to as a connection establishment (synchronous, SYN) message.
  • the firewall module replaces the pseudo IP address (ie 172.28.28.28) in the first handshake message with the WAN side IP address (ie 10.62.17.183) according to the SNAT rule.
  • Step 12 the firewall module replaces the pseudo IP address (ie 172.28.28.28) in the first handshake message with the WAN side IP address (ie 10.62.17.183) according to the first translation rule generated by the SNAT rule. .
  • the firewall module By converting the pseudo IP address in the first handshake packet to the WAN side IP address, the first handshake packet sent to the service server can carry the WAN side IP address, so that the service server can identify the packet.
  • Step 12 the firewall module can determine whether the first handshake message matches the first conversion rule or the second conversion rule according to the source IP address and the destination IP address in the first handshake message, because the source IP If the address is a pseudo IP address, it is determined that the first handshake packet matches the first translation rule. In this case, go to step 12).
  • the firewall module sends the first handshake message to the service server.
  • the source IP address in the packet header of the first handshake packet is the WAN side IP address (ie, 10.62.17.183).
  • the service server After receiving the first handshake packet, the service server parses the first handshake packet, determines that the destination IP address in the first handshake packet is the same as the IP address of the service server, and determines that the first handshake is completed.
  • the service server sends a second handshake message to the firewall module (which can also be considered as a response message to the first handshake message), and the source IP address in the header of the second handshake message is the service server's source IP address.
  • the IP address ie 118.194.55.121
  • the destination IP address is the WAN side IP address (ie 10.62.17.183).
  • the second handshake message may be referred to as establishing a connection confirmation (synchronous-acknowledgement, SYN-ACK).
  • SYN-ACK synchronous-acknowledgement
  • the firewall module After receiving the second handshake message, the firewall module replaces the WAN side IP address (ie 10.62.17.183) in the second handshake message with a pseudo IP address (ie 172.28.28.28) according to the SNAT rule.
  • Step 15 the firewall module replaces the WAN side IP address (ie 10.62.17.183) in the second handshake message with a pseudo IP address (ie 172.28.28.28) according to the second translation rule generated by the SNAT rule .
  • the firewall module By converting the WAN side IP address in the second handshake packet into a pseudo IP address, the second handshake packet sent to the local service module can carry the pseudo IP address, so that the local service module can identify the fake IP address. message.
  • Step 15) when concretely realized, the firewall module can determine whether the second handshake message matches the first conversion rule or the second conversion rule according to the source IP address and the destination IP address in the second handshake message, because the destination IP If the address is the WAN side IP address, it is determined that the second handshake packet matches the second translation rule. In this case, go to step 15).
  • the firewall module sends a second handshake message to the local service module.
  • the destination IP address in the packet header of the second handshake packet is a pseudo IP address (ie, 172.28.28.28).
  • the local service module After receiving the second handshake packet, the local service module parses the second handshake packet, determines that the destination IP address in the second handshake packet is the same as the pseudo IP address, and determines to complete the second handshake.
  • the local service module sends the third handshake message to the firewall module.
  • the source IP address carried in the header of the third handshake message is the pseudo IP address (ie 172.28.28.28), and the destination IP address is the service server's. IP address (ie 118.194.55.121).
  • the third handshake message may be called an ACK message.
  • the third handshake message is sent by the local service module to the firewall module after receiving the second handshake message.
  • the firewall module replaces the pseudo IP address (ie 172.28.28.28) in the third handshake message with the WAN side IP address (ie 10.62.17.183) according to the SNAT rule.
  • step 18 is similar to that of step 12), which can be understood by reference, and will not be repeated here.
  • the firewall module sends a third handshake message to the service server.
  • the source IP address in the packet header of the third handshake packet is the WAN side IP address (ie, 10.62.17.183).
  • the service server After receiving the third handshake packet, the service server parses the third handshake packet, determines that the destination IP address in the third handshake packet is the same as the IP address of the service server, and determines that the third handshake is completed.
  • the local service module can perform data communication with the service server to realize local service.
  • the wireless broadband router and the service server communicate through the transmission control protocol (transmission control protocol, TCP) communication protocol.
  • TCP transmission control protocol
  • the Request For Comments (RFC) 793 specification issued by Engineering Task Force, IETF) does not involve changes in the message format and the TCP connection establishment process in Embodiment 1, so it will not be described in detail.
  • the IP address configured on the current WAN port network card eth_x (network card name) of the wireless broadband router can be obtained, according to which the IP address of the wireless broadband router can be determined.
  • the IP address of the wireless broadband router is the IP address of the WAN side
  • the wireless broadband router works in bridge mode the IP address of the wireless broadband router is a pseudo address.
  • the network card information of eth_x as follows:
  • TX packets 25 errors: 0 dropped: 7 overruns() carrier: 0
  • root:/$ifconfig means "enter the command ifconfig in the root directory”.
  • Scope:Link is used to indicate the IPv6 address of the network card fe80::5a02:3ff:fe04:506/64, and indicates that the IPv6 address is a link address.
  • TX packets 25 errors: 0 dropped: 7 overruns() carrier: 0
  • RX bytes:8618(8.4KiB)TX bytes:2629(2.5KiB)" is used to indicate the status of the current network card's sending and receiving data packets.
  • the IP address is 172.28.28.28.
  • the specific meanings of the parameters in this example are existing and will not be described again.
  • SNAT rules can also be obtained through the maintenance test interface of the wireless broadband router.
  • the firewall rules that can be viewed are as follows:
  • root:/$iptables-t nat-nvl means "enter the command iptables-t nat-nvl in the root directory”.
  • BRIDGE_LOCAL_SERVICE all--**0.0.0.0/0 0.0.0.0/0 means that the firewall rule of the main chain of POSTROUTING contains a sub-chain of BRIDGE_LOCAL_SERVICE.
  • firewall rule of the subchain of BRIDGE_LOCAL_SERVICE is the SNAT rule above.
  • the method provided by the first embodiment by setting the local IP address of the wireless broadband router as a pseudo IP address, and using SNAT rules to convert the pseudo IP address and the WAN side IP address, can make the wireless broadband working in bridge mode.
  • the router normally performs local services, such as OTA online upgrade, so as to ensure the timely integration of major technical defects, requirements changes, security loopholes, etc., and improve product reliability.
  • the packet processing method provided by the present application is described by taking each module in the wireless broadband router as an example to perform the above method interactively.
  • the process shown in 8 is realized, including:
  • the wireless broadband router sends a first handshake packet carrying the IP address of the WAN side to the service server, the first handshake packet carrying the IP address of the WAN side is used to request to establish a connection with the service server, and the first handshake packet carrying the IP address of the WAN side is used to request the establishment of a connection with the service server.
  • the source IP address in the one-time handshake packet is the IP address of the WAN side
  • the destination IP address is the IP address of the service server.
  • the service server receives the first handshake message carrying the WAN side IP address from the wireless broadband router.
  • the wireless broadband router works in bridge mode, and the wireless broadband router stores pseudo IP addresses and SNAT rules, and the SNAT rules are used to convert the pseudo IP addresses into WAN side IP addresses.
  • step 801 the method further includes step 800a and step 800b:
  • the wireless broadband router generates a first handshake packet carrying a pseudo IP address, where the source IP address in the first handshake packet carrying the pseudo IP address is the pseudo IP address, and the destination IP address is the IP address of the service server.
  • the wireless broadband router converts the pseudo IP address in the first handshake packet carrying the pseudo IP address into the WAN side IP address according to the SNAT rule, and obtains the first handshake packet carrying the WAN side IP address.
  • the service server sends a second handshake packet carrying the IP address of the WAN side to the wireless broadband router.
  • the second handshake packet is sent by the service server to the wireless broadband router after receiving the first handshake packet, and the second handshake packet is sent to the wireless broadband router.
  • the source IP address in the second handshake packet is the IP address of the service server, and the destination IP address is the WAN side IP address.
  • the wireless broadband router receives the second handshake message that carries the IP address of the WAN side and is sent by the service server.
  • the wireless broadband router converts the WAN side IP address in the received second handshake message carrying the WAN side IP address into a pseudo IP address according to the SNAT rule.
  • the method further includes:
  • the wireless broadband router sends a third handshake packet carrying the IP address of the WAN side to the service server, and the source IP address in the third handshake packet carrying the IP address of the WAN side is the IP address of the WAN side, and the destination IP address is the service The IP address of the server.
  • the service server receives the third handshake message carrying the IP address of the WAN side from the wireless broadband router.
  • the third handshake packet carrying the WAN side IP address can also be obtained by converting the pseudo IP address in the third handshake packet carrying the pseudo IP address into the WAN side IP address. of.
  • the third-way handshake message carrying the pseudo IP address can be generated by the wireless broadband router.
  • the wireless broadband router may also generate the above-mentioned first conversion rule and the above-mentioned second conversion rule according to the SNAT rule.
  • the wireless broadband router may also generate the above-mentioned first conversion rule and the above-mentioned second conversion rule according to the SNAT rule.
  • the terminal connected to the home router sends the first domain name (that is, the local domain name) to the wireless broadband router through the home router.
  • the wireless broadband router will no longer transparently transmit the DNS domain name resolution request, but will intercept it, and resolve the local domain name to the maintenance IP address of the wireless broadband router, and then resolve the DNS domain name to the requested address.
  • the response is returned to the terminal accessing the local domain name, so that the terminal connected to the home router can access the web maintenance page through the local domain name, and configure and view operating parameters.
  • the functional modules of the wireless broadband router involved in the domain name resolution method provided by the second embodiment include: a bridge module and a DNS domain name resolution proxy module located in the application state, and a DNS domain name request interception module located in the Linux kernel routing protocol stack. And DNS domain name resolution response module.
  • the second embodiment adds a DNS domain name request interception module, and also improves the bridging module and the DNS domain name resolution response module.
  • the functions of each module are as follows:
  • Bridging module used to issue the local domain name to the DNS domain name request interception module.
  • DNS domain name resolution proxy module used to receive the DNS domain name resolution request of the local domain name, and after successful resolution, send the resolution result to the DNS domain name resolution response module.
  • the DNS domain name resolution proxy module stores the corresponding relationship between the local domain name and the maintenance IP address, and the corresponding relationship can be factory-set.
  • DNS domain name request interception module used to filter all received DNS domain name resolution requests, intercept DNS domain name resolution requests for local domain names, and forward them to the DNS domain name resolution proxy module for resolution.
  • DNS domain name resolution response module used to receive the resolution result after the DNS domain name resolution proxy module parses, generate a response to the DNS domain name resolution request according to the resolution result, and send it to the terminal that sends the DNS domain name resolution request.
  • the application scenario of the second embodiment may be: the user uses a terminal (for example, a PC, a mobile phone, a tablet computer, etc.) to enter the local domain name in the address bar of the browser, access the web maintenance page of the wireless broadband router, and view and set the wireless broadband router. operating network parameters.
  • a terminal for example, a PC, a mobile phone, a tablet computer, etc.
  • the domain name resolution method includes:
  • the bridge module After the wireless broadband router is started, the bridge module sends the local domain name to the DNS domain name request interception module.
  • the local domain name may be cpe.win.
  • the bridging module can read the local domain name from the factory configuration of the wireless broadband router.
  • the DNS domain name request interception module saves the domain name of the local machine for subsequent determination of which DNS domain name resolution request to intercept.
  • the local domain name may be stored in the global memory of the wireless broadband router.
  • the user enters the local domain name cpe.win in the address bar of the browser on the terminal (assumed to be the first terminal) connected to the home router to access the web maintenance page of the wireless broadband router.
  • the first terminal sends a first DNS domain name resolution request to the DNS domain name request interception module in the wireless broadband router, where the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request to resolve the second domain name .
  • the second domain name is cpe.win.
  • the source IP address in the first DNS domain name resolution request is the IP address of the first terminal (assumed to be 192.168.9.100), the destination IP address is the DNS server IP address (assumed to be 10.98.48.123), and the query name is cpe.win.
  • the DNS domain name request interception module compares the domain name (that is, the second domain name) queried by the first DNS domain name resolution request with the saved local domain name.
  • the DNS domain name request interception module obtains the queried domain name (obtained through the query name field) after receiving the first DNS domain name resolution request, and compares the queried domain name with the saved local domain name.
  • the DNS domain name request interception module sends a second DNS domain name resolution request to the DNS domain name resolution proxy module.
  • the source IP address in the second DNS domain name resolution request is the IP address of the first terminal (ie 192.168.9.100), the destination IP address is the DNS server IP address (ie 10.98.48.123), and the query name is cpe. win.
  • the first DNS domain name resolution request and the second DNS domain name resolution request may be the same DNS domain name resolution request, or may be different DNS domain name resolution requests.
  • the DNS domain name resolution proxy module resolves the local domain name in the second DNS domain name resolution request into a maintenance IP address (ie, 192.168.8.1). That is to say, the DNS domain name resolution proxy module determines the maintenance IP address of the wireless broadband router corresponding to the local domain name.
  • the DNS domain name resolution proxy module resolves the local domain name to the maintenance IP address according to the corresponding relationship between the local domain name and the maintenance IP address.
  • the DNS domain name resolution proxy module sends a first message to the DNS domain name resolution response module, where the first message carries the maintenance IP address.
  • the first message also carries the source IP address as the DNS server IP address (ie 10.98.48.123), the destination IP address as the IP address of the first terminal (ie 192.168.9.100), and the query domain name (query name) as cpe .win and other information.
  • the source IP address as the DNS server IP address (ie 10.98.48.123)
  • the destination IP address as the IP address of the first terminal (ie 192.168.9.100)
  • query domain name query name
  • the DNS domain name resolution response module generates a response to the first DNS domain name resolution request according to the received first message.
  • the response to the first DNS domain name resolution request includes the maintenance IP address.
  • the DNS domain name resolution response module parses the first message, and generates a response to the first DNS domain name resolution request according to the parsed maintenance IP address.
  • the DNS domain name resolution response module sends a response to the first DNS domain name resolution request to the first terminal.
  • the source IP address in the response of the first DNS domain name resolution request is the DNS server IP address (ie 10.98.48.123), the destination IP address is the IP address of the first terminal (ie 192.168.9.100), and the query name is cpe.win, the query result (answer) is the maintenance IP address (ie 192.168.8.1).
  • the first terminal uses the maintenance IP address to access the web maintenance page of the wireless broadband router.
  • the DNS domain name request interception module only intercepts DNS domain name resolution requests whose queried domain names are stored local domain names, and does not intercept DNS domain name resolution requests whose queried domain names are other domain names (that is, does not intercept queried domain names that are non-local. DNS domain name resolution request of the machine domain name).
  • the following is an exemplary description of the process of a user accessing a non-local domain name, referring to FIG. 11 , including:
  • step 1101-1102 are the same as step 1001 and step 1002, respectively.
  • the first terminal sends a third DNS domain name resolution request to the DNS domain name request interception module in the wireless broadband router, where the third DNS domain name resolution request carries the second domain name, and the third DNS domain name resolution request is used to request to resolve the second domain name .
  • the second domain name is www.XXX.com.
  • the source IP address in the third DNS domain name resolution request is the IP address of the first terminal (assumed to be 192.168.9.100), the destination IP address is the DNS server IP address (assumed to be 10.98.48.123), and the query name is www.XXX.com.
  • the DNS domain name request interception module compares the domain name (that is, the second domain name) queried by the third DNS domain name resolution request with the saved local domain name.
  • Step 1105 is the same as step 1005 described above.
  • the DNS domain name request interception module sends a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries the second domain name.
  • the DNS server determines the IP address corresponding to the second domain name. Specifically, the DNS server stores the correspondence between the second domain name and the IP address. The DNS server may determine the IP address corresponding to the second domain name according to the corresponding relationship.
  • the DNS server resolves www.XXX.com to an IP address (assuming 10.3.42.32) according to the third DNS domain name resolution request, and generates a response to the third DNS domain name resolution request.
  • the corresponding relationship between www.XXX.com and the IP address is stored in the DNS server.
  • the DNS server determines that the domain name included in the third DNS domain name resolution request is www.XXX.com, it can www.XXX.com resolves to the corresponding IP address.
  • the DNS server sends a response to the third DNS domain name resolution request to the first terminal.
  • the DNS server may send a response to the third DNS domain name resolution request to the DNS domain name resolution response module, and the DNS domain name resolution response module sends the response to the third DNS domain name resolution request to the first terminal.
  • the source IP address in the response of the third DNS domain name resolution request is the DNS server IP address (ie 10.98.48.123), the destination IP address is the IP address of the first terminal (ie 192.168.9.100), the query domain name (query name) ) is www.XXX.com, and the query result (answer) is the IP address corresponding to www.XXX.com (ie 10.3.42.32).
  • the first terminal After obtaining the IP address corresponding to www.XXX.com (ie, 10.3.42.32), the first terminal uses the IP address 10.3.42.32 to access the public website.
  • the communication message when the communication message is captured on the WAN port eth_x of the wireless broadband router through the dimension testing interface of the wireless broadband router, since the DNS domain name resolution request of cpe.win is intercepted by the DNS domain name request interception module, the It will be forwarded to the WAN side for processing through the WAN port eth_x, so the DNS domain name resolution request of cpe.win and the response of the DNS domain name resolution request will not exist in these communication packets.
  • the DNS domain name resolution in the second embodiment the format of the request message and the response message in the DNS domain name resolution process, refer to the RFC1034 and RFC1035 specifications issued by the IETF.
  • the second embodiment does not involve the change of the message format, so it will not be described in detail.
  • the user can normally access the web maintenance page of the local domain name through the terminal, and configure And view the operating parameters of the wireless broadband router, which reduces the maintenance complexity of the wireless broadband router, improves the upgrade efficiency of the wireless broadband router, and improves the user experience.
  • the domain name resolution method provided by the present application is described by taking each module in the wireless broadband router as an example to perform the above method interactively.
  • the shown process is realized, including:
  • the first terminal sends a first DNS domain name resolution request to the wireless broadband router, where the first DNS domain name resolution request carries the second domain name.
  • the wireless broadband router receives the first DNS domain name resolution request from the first terminal.
  • the wireless broadband router works in a bridge mode, and the wireless broadband router stores a local domain name.
  • the first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
  • the wireless broadband router determines that the second domain name is the same as the local domain name, go to steps 1202 to 1204, and when the wireless broadband router determines that the second domain name is different from the local domain name, go to steps 1205 to 1208.
  • the wireless broadband router determines the maintenance IP address of the wireless broadband router corresponding to the domain name of the local machine.
  • the wireless broadband router may store the correspondence between the local domain name and the maintenance IP address.
  • the wireless broadband router can determine the maintenance IP address of the wireless broadband router corresponding to the local domain name according to the corresponding relationship.
  • the wireless broadband router sends a response to the first DNS domain name resolution request to the first terminal, where the response to the first DNS domain name resolution request includes the maintenance IP address.
  • the first terminal receives a response to the first DNS domain name resolution request from the wireless broadband router.
  • the first terminal accesses the Web maintenance page of the wireless broadband router according to the maintenance IP address.
  • the wireless broadband router sends a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries the second domain name.
  • the DNS server receives the third DNS domain name resolution request from the wireless broadband router.
  • the DNS server determines an IP address corresponding to the second domain name.
  • the DNS server may store the correspondence between the second domain name and the IP address.
  • the DNS server may determine the IP address corresponding to the second domain name according to the corresponding relationship.
  • the DNS server sends a response to the third DNS domain name resolution request to the first terminal, where the response to the third DNS domain name resolution request includes an IP address corresponding to the second domain name.
  • the first terminal receives a response to the third DNS domain name resolution request from the DNS server.
  • the first terminal accesses a webpage corresponding to the second domain name according to the IP address corresponding to the second domain name (ie, accesses a public network website).
  • the terminal connected to the home router and the wireless broadband router may communicate through the home router.
  • the methods provided in the first embodiment and the second embodiment may be combined.
  • the modules included in the wireless broadband router are shown in FIG. 13 , and the functions of each module can be referred to above, and will not be repeated.
  • the wireless broadband router includes at least one of the corresponding hardware structure and software module for executing each function.
  • the present application can be implemented in hardware or a combination of hardware and computer software with the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein. Whether a function is performed by hardware or computer software driving hardware depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.
  • the wireless broadband router includes a processor 1401, and optionally, further includes Memory 1402 connected to processor 1401.
  • the processor 1401 can be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more processors for controlling the execution of the programs of the present application. integrated circuit.
  • the processor 1401 may also include multiple CPUs, and the processor 1401 may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor.
  • a processor herein may refer to one or more devices, circuits, or processing cores for processing data (eg, computer program instructions).
  • the memory 1402 may be read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (RAM), or other type of static storage device that can store information and instructions It can also be an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, CD-ROM storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of being executed by a computer Any other medium accessed is not limited in this embodiment of the present application.
  • ROM read-only memory
  • RAM random access memory
  • EEPROM electrically erasable programmable read-only memory
  • CD-ROM compact disc read-only memory
  • CD-ROM storage including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.
  • the memory 1402 may exist independently (in this case, the memory 1402 may be located outside the wireless broadband router, or may be located in the wireless broadband router), or may be integrated with the processor 1401 . Among them, the memory 1402 may contain computer program code.
  • the processor 1401 is configured to execute the computer program code stored in the memory 1402, thereby implementing the method provided by the embodiments of the present application.
  • the wireless broadband router further includes a transceiver 1403 .
  • the processor 1401, the memory 1402 and the transceiver 1403 are connected by a bus.
  • the transceiver 1403 is used to communicate with other devices or communication networks.
  • the transceiver 1403 may include a transmitter and a receiver.
  • a device in the transceiver 1403 for implementing the receiving function may be regarded as a receiver, and the receiver is configured to perform the receiving steps in the embodiments of the present application.
  • a device in the transceiver 1403 for implementing the sending function may be regarded as a transmitter, and the transmitter is used to perform the sending step in the embodiment of the present application.
  • the processor 1401 is configured to control and manage the actions of the wireless broadband router, for example, the processor 1401 is configured to control the execution of each step in the above method.
  • the processor 1401 may communicate with other network entities through the transceiver 1403, eg, with a DNS server.
  • the memory 1402 is used to store program codes and data of the wireless broadband router.
  • the processor 1401 includes a logic circuit and an input interface and/or an output interface.
  • the output interface is used for performing the sending action in the corresponding method
  • the input interface is used for performing the receiving action in the corresponding method.
  • the processor 1401 is used to control and manage the actions of the wireless broadband router.
  • the processor 1401 is used to control and execute each step in the above method.
  • the processor 1401 may communicate with other network entities, eg, with a DNS server, through an input interface and/or an output interface.
  • the memory 1402 is used to store program codes and data of the wireless broadband router.
  • each step in the method provided in this embodiment may be completed by an integrated logic circuit of hardware in a processor or an instruction in the form of software.
  • the steps of the methods disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor.
  • Embodiments of the present application further provide a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to execute any of the foregoing methods.
  • Embodiments of the present application also provide a computer program product containing instructions, which, when run on a computer, enables the computer to execute any of the above methods.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website site, computer, server, or data center over a wire (e.g.
  • coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg infrared, wireless, microwave, etc.) means to transmit to another website site, computer, server or data center.
  • Computer-readable storage media can be any available media that can be accessed by a computer or data storage devices including one or more servers, data centers, etc., that can be integrated with the media.
  • Useful media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), and the like.

Abstract

Provided are a wireless broadband router, a message processing method and apparatus, and a domain name resolution method and apparatus, which relate to the technical field of communications. The wireless broadband router operates in a bridge mode and stores a pseudo IP address in a local area network and an SNAT rule which is used for converting the pseudo IP address into a WAN side IP address of the wireless broadband router. The wireless broadband router is used for sending, to a service server, a first handshake message carrying a source IP address that is the WAN side IP address. The wireless broadband router is also used for receiving a second handshake message, which is sent by the service server and carries a destination IP address that is the WAN side IP address, and converting the WAN side IP address in the received second handshake message into the pseudo IP address according to the SNAT rule. A wireless broadband router performs conversion between a pseudo IP address and a WAN side IP address, such that the wireless broadband router that operates in a bridge mode can normally perform a native service, thereby ensuring that a major technical defect, a requirement change, security vulnerabilities, etc. are incorporated in a timely manner, thus improving the product reliability.

Description

无线宽带路由器、报文处理和域名解析方法及装置Wireless broadband router, message processing and domain name resolution method and device
“本申请要求于2020年12月18日提交国家知识产权局、申请号为202011507318.0、发明名称为“无线宽带路由器、报文处理和域名解析方法及装置”的专利申请的优先权,其全部内容通过引用结合在本申请中”。"This application claims the priority of the patent application submitted to the State Intellectual Property Office on December 18, 2020, the application number is 202011507318.0, and the invention name is "Wireless Broadband Router, Message Processing and Domain Name Resolution Method and Device", and its entire content incorporated herein by reference".
技术领域technical field
本申请涉及通信技术领域,尤其涉及一种无线宽带路由器、报文处理和域名解析方法及装置。The present application relates to the field of communication technologies, and in particular, to a wireless broadband router, a packet processing and domain name resolution method and device.
背景技术Background technique
随着第五代(5th Generation,5G)移动通信技术的发展,全球各大运营商开始逐步部署5G系统,移动终端的使用方式也随之发生巨大变化。无线宽带路由器,与传统的使用光纤接入的家庭路由器不同,无线宽带路由器安装了用户识别卡(subscriber identity module,SIM)卡,无线宽带路由器通过SIM卡拨号,与接入网设备建立通信后接入网络,无线宽带路由器的使用大大降低了布线成本,且移动灵活,市场占有率逐年提升。With the development of the 5th Generation (5G) mobile communication technology, major operators around the world have begun to gradually deploy 5G systems, and the use of mobile terminals has also undergone tremendous changes. The wireless broadband router is different from the traditional home router using optical fiber access. The wireless broadband router is installed with a subscriber identity module (SIM) card. The wireless broadband router dials up through the SIM card and establishes communication with the access network equipment. The use of wireless broadband routers greatly reduces the wiring cost, and the mobility is flexible, and the market share is increasing year by year.
但是无线宽带路由器工作在桥模式(也可以称为桥接模式)下时,无线宽带路由器和广域网(wide area network,WAN)中的服务器通信的本机业务无法正常进行。However, when the wireless broadband router works in a bridge mode (also called a bridge mode), the local business of the wireless broadband router and the server in the wide area network (WAN) communication cannot be performed normally.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种无线宽带路由器、报文处理和域名解析方法及装置,用于使得工作在桥模式下的无线宽带路由器和WAN中的服务器通信的本机业务正常进行。The embodiments of the present application provide a wireless broadband router, a packet processing and domain name resolution method and device, which are used to enable the local service of the wireless broadband router working in bridge mode to communicate with a server in a WAN to proceed normally.
第一方面,提供了一种无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器中存储有第一IP地址和用于将第一IP地址转换为第二IP地址的SNAT规则,第一IP地址为无线宽带路由器在局域网中的伪地址,第二IP地址为无线宽带路由器在广域网中的IP地址;无线宽带路由器,用于向业务服务器发送携带第二IP地址的第一次握手报文,携带第二IP地址的第一次握手报文用于请求与业务服务器建立连接,携带第二IP地址的第一次握手报文中的源IP地址为第二IP地址,目的IP地址为业务服务器的IP地址;无线宽带路由器,还用于接收业务服务器发送的携带第二IP地址的第二次握手报文,携带第二IP地址的第二次握手报文是业务服务器在接收到携带第二IP地址的第一次握手报文后,向无线宽带路由器发送的,携带第二IP地址的第二次握手报文中的源IP地址为业务服务器的IP地址,目的IP地址为第二IP地址;无线宽带路由器,还用于根据SNAT规则将接收到的携带第二IP地址的第二次握手报文中的第二IP地址转换为第一IP地址,得到携带第一IP地址的第二次握手报文。第一方面中的无线宽带路由器通过将LAN中的IP地址设定为伪IP地址,并采用SNAT规则进行伪IP地址和WAN侧IP地址的转换,可以使得工作在桥模式下的无线宽带路由器正常的进行本机业务,例 如,进行OTA在线升级,从而保证重大技术缺陷、需求变更、安全漏洞等及时合入,提升了产品可靠性。In a first aspect, a wireless broadband router is provided. The wireless broadband router works in a bridge mode. The wireless broadband router stores a first IP address and a SNAT rule for converting the first IP address to the second IP address. The first IP address is stored in the wireless broadband router. The IP address is the pseudo address of the wireless broadband router in the local area network, and the second IP address is the IP address of the wireless broadband router in the WAN; the wireless broadband router is used to send the first handshake message carrying the second IP address to the service server , the first handshake message carrying the second IP address is used to request the establishment of a connection with the service server, the source IP address in the first handshake message carrying the second IP address is the second IP address, and the destination IP address is the service The IP address of the server; the wireless broadband router is also used to receive the second handshake message carrying the second IP address sent by the service server, and the second handshake message carrying the second IP address After the first handshake packet with the second IP address is sent to the wireless broadband router, the source IP address in the second handshake packet carrying the second IP address is the IP address of the service server, and the destination IP address is the second IP address. address; the wireless broadband router is also used to convert the second IP address in the received second handshake message carrying the second IP address into the first IP address according to the SNAT rule, and obtain the second IP address carrying the first IP address. Second handshake message. The wireless broadband router in the first aspect can make the wireless broadband router working in bridge mode normal by setting the IP address in the LAN as a pseudo IP address, and using SNAT rules to convert the pseudo IP address and the WAN side IP address. To carry out local business, for example, to carry out OTA online upgrade, so as to ensure the timely integration of major technical defects, demand changes, security loopholes, etc., and improve product reliability.
在一种可能的实现方式中,无线宽带路由器,还用于生成携带第一IP地址的第一次握手报文,携带第一IP地址的第一次握手报文中的源IP地址为第一IP地址,目的IP地址为业务服务器的IP地址;无线宽带路由器,还用于根据SNAT规则将携带第一IP地址的第一次握手报文中的第一IP地址转换为第二IP地址,得到携带第二IP地址的第一次握手报文。该种可能的实现方式,通过将生成的携带第一IP地址的第一次握手报文中的第一IP地址转换为第二IP地址,可以使得发送给业务服务器的第一次握手报文中携带第二IP地址,由于第二IP地址为WAN侧IP地址,从而可以使得业务服务器识别该报文。In a possible implementation manner, the wireless broadband router is further configured to generate a first handshake packet carrying the first IP address, and the source IP address in the first handshake packet carrying the first IP address is the first IP address, the destination IP address is the IP address of the service server; the wireless broadband router is also used to convert the first IP address in the first handshake packet carrying the first IP address into the second IP address according to the SNAT rule, and obtain The first handshake packet carrying the second IP address. In this possible implementation manner, by converting the first IP address in the generated first handshake message carrying the first IP address into the second IP address, the first handshake message sent to the service server can be Carrying the second IP address, because the second IP address is the IP address of the WAN side, so that the service server can identify the packet.
在一种可能的实现方式中,无线宽带路由器包括:桥接模块和防火墙模块;桥接模块,用于向防火墙模块发送SNAT规则;防火墙模块,用于根据SNAT规则生成第一转换规则和第二转换规则,第一转换规则用于,在判断报文中携带第一IP地址的情况下,将报文中的第一IP地址转换为第二IP地址,第二转换规则用于,在判断报文中携带第二IP地址的情况下,将报文中的第二IP地址转换为第一IP地址。该种可能的实现方式,通过将SNAT规则转化为第一转换规则和第二转换规则,可以使得无线宽带路由器实现第一IP地址和第二IP地址的双向转换,从而保证发送给业务服务器的报文被业务服务器识别,从业务服务器接收到的报文被无线宽带路由器中的本机业务模块识别。In a possible implementation manner, the wireless broadband router includes: a bridging module and a firewall module; the bridging module is used to send the SNAT rule to the firewall module; the firewall module is used to generate the first translation rule and the second translation rule according to the SNAT rule , the first conversion rule is used to convert the first IP address in the message to the second IP address when the first IP address is carried in the judgment message, and the second conversion rule is used to judge the message in the message. In the case of carrying the second IP address, the second IP address in the packet is converted into the first IP address. In this possible implementation manner, by converting the SNAT rule into the first conversion rule and the second conversion rule, the wireless broadband router can realize the bidirectional conversion of the first IP address and the second IP address, thereby ensuring the report sent to the service server. The message is recognized by the service server, and the message received from the service server is recognized by the local service module in the wireless broadband router.
在一种可能的实现方式中,无线宽带路由器还包括:本机业务模块;本机业务模块,用于向防火墙模块发送携带第一IP地址的第一次握手报文;响应于接收携带第一IP地址的第一次握手报文,防火墙模块,还用于根据第一转换规则将携带第一IP地址的第一次握手报文中的第一IP地址转换为第二IP地址,得到携带第二IP地址的第一次握手报文;防火墙模块,还用于向业务服务器发送携带第二IP地址的第一次握手报文;防火墙模块,还用于接收来自于业务服务器的携带第二IP地址的第二次握手报文;响应于接收携带第二IP地址的第二次握手报文,防火墙模块,还用于根据第二转换规则将携带第二IP地址的第二次握手报文中的第二IP地址转换为第一IP地址,得到携带第一IP地址的第二次握手报文;防火墙模块,还用于向本机业务模块发送携带第一IP地址的第二次握手报文。该种可能的实现方式,通过采用第一转换规则和第二转换规则实现第一IP地址和第二IP地址的双向转换,从而保证发送给业务服务器的报文被业务服务器识别,从业务服务器接收到的报文被无线宽带路由器中的本机业务模块识别。In a possible implementation manner, the wireless broadband router further includes: a local service module; a local service module, configured to send a first handshake message carrying the first IP address to the firewall module; In the first handshake packet of the IP address, the firewall module is further configured to convert the first IP address in the first handshake packet carrying the first IP address into the second IP address according to the first conversion rule, and obtain the first handshake packet carrying the first IP address. The first handshake packet with the second IP address; the firewall module is further configured to send the first handshake packet carrying the second IP address to the service server; the firewall module is further configured to receive the second IP address from the service server. The second handshake packet of the address; in response to receiving the second handshake packet carrying the second IP address, the firewall module is further configured to include the second handshake packet carrying the second IP address in the second handshake packet carrying the second IP address according to the second conversion rule The second IP address is converted into the first IP address, and the second handshake message carrying the first IP address is obtained; the firewall module is also used to send the second handshake message carrying the first IP address to the local service module. . In this possible implementation manner, the bidirectional conversion between the first IP address and the second IP address is realized by adopting the first conversion rule and the second conversion rule, thereby ensuring that the message sent to the service server is recognized by the service server and received from the service server. The received message is recognized by the local service module in the wireless broadband router.
在一种可能的实现方式中,第一IP地址存储在桥接模块中。In a possible implementation manner, the first IP address is stored in the bridge module.
第二方面,提供了一种报文处理方法,应用于无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器中存储有第一IP地址和用于将第一IP地址转换为第二IP地址的SNAT规则,第一IP地址为无线宽带路由器在局域网中的伪地址,第二IP地址为无线宽带路由器在广域网中的IP地址;该方法包括:无线宽带路由器向业务服务器发送携带第二IP地址的第一次握手报文,携带第二IP地址的第一次握手报文用于请求与业务服务器建立连接,携带第二IP地址的第一次握手 报文中的源IP地址为第二IP地址,目的IP地址为业务服务器的IP地址;无线宽带路由器接收业务服务器发送的携带第二IP地址的第二次握手报文,携带第二IP地址的第二次握手报文是业务服务器在接收到携带第二IP地址的第一次握手报文后,向无线宽带路由器发送的,携带第二IP地址的第二次握手报文中的源IP地址为业务服务器的IP地址,目的IP地址为第二IP地址;无线宽带路由器根据SNAT规则将接收到的携带第二IP地址的第二次握手报文中的第二IP地址转换为第一IP地址,得到携带第一IP地址的第二次握手报文。In a second aspect, a packet processing method is provided, which is applied to a wireless broadband router. The wireless broadband router works in a bridge mode. The wireless broadband router stores a first IP address and a method for converting the first IP address into a second IP address. The SNAT rule of the address, the first IP address is the pseudo address of the wireless broadband router in the local area network, and the second IP address is the IP address of the wireless broadband router in the wide area network; the method includes: the wireless broadband router sends a message carrying the second IP address to the service server. The first handshake packet carrying the second IP address is used to request the establishment of a connection with the service server, and the source IP address in the first handshake packet carrying the second IP address is the second IP address. IP address, the destination IP address is the IP address of the service server; the wireless broadband router receives the second handshake message carrying the second IP address sent by the service server, and the second handshake message carrying the second IP address is the service server in After receiving the first handshake packet carrying the second IP address, and sent to the wireless broadband router, the source IP address in the second handshake packet carrying the second IP address is the IP address of the service server, and the destination IP address is the second IP address; the wireless broadband router converts the second IP address in the received second handshake message carrying the second IP address into the first IP address according to the SNAT rule, and obtains the second IP address carrying the first IP address. Second handshake message.
在一种可能的实现方式中,该方法还包括:无线宽带路由器生成携带第一IP地址的第一次握手报文,根据SNAT规则将携带第一IP地址的第一次握手报文中的第一IP地址转换为第二IP地址,得到携带第二IP地址的第一次握手报文,携带第一IP地址的第一次握手报文中的源IP地址为第一IP地址,目的IP地址为业务服务器的IP地址。In a possible implementation manner, the method further includes: the wireless broadband router generates a first handshake packet carrying the first IP address, and according to SNAT rules, the first handshake packet in the first handshake packet carrying the first IP address An IP address is converted into a second IP address, and a first handshake packet carrying the second IP address is obtained. The source IP address in the first handshake packet carrying the first IP address is the first IP address, and the destination IP address is the IP address of the service server.
在一种可能的实现方式中,无线宽带路由器包括:桥接模块和防火墙模块;该方法还包括:桥接模块向防火墙模块发送SNAT规则;防火墙模块根据SNAT规则生成第一转换规则和第二转换规则,第一转换规则用于,在判断报文中携带第一IP地址的情况下,将报文中的第一IP地址转换为第二IP地址,第二转换规则用于,在判断报文中携带第二IP地址的情况下,将报文中的第二IP地址转换为第一IP地址。In a possible implementation, the wireless broadband router includes: a bridge module and a firewall module; the method further includes: the bridge module sends an SNAT rule to the firewall module; the firewall module generates a first translation rule and a second translation rule according to the SNAT rule, The first conversion rule is used to convert the first IP address in the packet to the second IP address when the judgment packet carries the first IP address, and the second conversion rule is used to carry the first IP address in the judgment packet. In the case of the second IP address, the second IP address in the packet is converted into the first IP address.
在一种可能的实现方式中,无线宽带路由器还包括:本机业务模块;该方法还包括:本机业务模块向防火墙模块发送携带第一IP地址的第一次握手报文;响应于接收携带第一IP地址的第一次握手报文,防火墙模块根据第一转换规则将携带第一IP地址的第一次握手报文中的第一IP地址转换为第二IP地址,得到携带第二IP地址的第一次握手报文;防火墙模块向业务服务器发送携带第二IP地址的第一次握手报文;防火墙模块接收来自于业务服务器的携带第二IP地址的第二次握手报文;响应于接收携带第二IP地址的第二次握手报文,防火墙模块根据第二转换规则将携带第二IP地址的第二次握手报文中的第二IP地址转换为第一IP地址,得到携带第一IP地址的第二次握手报文;防火墙模块向本机业务模块发送携带第一IP地址的第二次握手报文。In a possible implementation manner, the wireless broadband router further includes: a local service module; the method further includes: the local service module sends a first handshake message carrying the first IP address to the firewall module; In the first handshake packet of the first IP address, the firewall module converts the first IP address in the first handshake packet carrying the first IP address into the second IP address according to the first conversion rule, and obtains the second IP address. The first handshake packet of the address; the firewall module sends the first handshake packet carrying the second IP address to the service server; the firewall module receives the second handshake packet carrying the second IP address from the service server; response After receiving the second handshake message carrying the second IP address, the firewall module converts the second IP address in the second handshake message carrying the second IP address into the first IP address according to the second conversion rule, and obtains the first IP address. The second handshake packet of the first IP address; the firewall module sends the second handshake packet carrying the first IP address to the local service module.
在一种可能的实现方式中,第一IP地址存储在桥接模块中。In a possible implementation manner, the first IP address is stored in the bridge module.
第三方面,提供了一种无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器中存储有第一IP地址和SNAT规则,SNAT规则用于将第一IP地址转换为第二IP地址,第一IP地址为无线宽带路由器在局域网中的伪地址,第二IP地址为无线宽带路由器在广域网中的IP地址;无线宽带路由器包括:处理单元和通信单元;通信单元,用于向业务服务器发送携带第二IP地址的第一次握手报文,携带第二IP地址的第一次握手报文用于请求与业务服务器建立连接,携带第二IP地址的第一次握手报文中的源IP地址为第二IP地址,目的IP地址为业务服务器的IP地址;通信单元,还用于接收业务服务器发送的携带第二IP地址的第二次握手报文,携带第二IP地址的第二次握手报文是业务服务器在接收到携带第二IP地址的第一次握手报文后,向无线宽带路由器发送的,携带第二IP地址的第二次握 手报文中的源IP地址为业务服务器的IP地址,目的IP地址为第二IP地址;处理单元,用于根据SNAT规则将接收到的携带第二IP地址的第二次握手报文中的第二IP地址转换为第一IP地址,得到携带第一IP地址的第二次握手报文。In a third aspect, a wireless broadband router is provided, the wireless broadband router works in a bridge mode, a first IP address and an SNAT rule are stored in the wireless broadband router, and the SNAT rule is used to convert the first IP address to the second IP address, The first IP address is the pseudo address of the wireless broadband router in the local area network, and the second IP address is the IP address of the wireless broadband router in the wide area network; the wireless broadband router includes: a processing unit and a communication unit; the communication unit is used for sending to the service server. The first handshake packet carrying the second IP address, the first handshake packet carrying the second IP address is used to request the establishment of a connection with the service server, and the source IP in the first handshake packet carrying the second IP address The address is the second IP address, and the destination IP address is the IP address of the service server; the communication unit is further configured to receive the second handshake message carrying the second IP address sent by the service server, and the second handshake message carrying the second IP address The handshake packet is sent by the service server to the wireless broadband router after receiving the first handshake packet carrying the second IP address. The source IP address in the second handshake packet carrying the second IP address is the service server. The IP address, the destination IP address is the second IP address; the processing unit is used to convert the second IP address in the received second handshake message carrying the second IP address into the first IP address according to the SNAT rule, A second handshake packet carrying the first IP address is obtained.
在一种可能的实现方式中,处理单元,还用于生成携带第一IP地址的第一次握手报文,根据SNAT规则将携带第一IP地址的第一次握手报文中的第一IP地址转换为第二IP地址,得到携带第二IP地址的第一次握手报文,携带第一IP地址的第一次握手报文中的源IP地址为第一IP地址,目的IP地址为业务服务器的IP地址。In a possible implementation manner, the processing unit is further configured to generate a first handshake packet carrying the first IP address, and according to the SNAT rule, the first IP address in the first handshake packet carrying the first IP address is The address is converted into the second IP address, and the first handshake packet carrying the second IP address is obtained. The source IP address in the first handshake packet carrying the first IP address is the first IP address, and the destination IP address is the service The IP address of the server.
第四方面,提供了一种报文处理装置,包括:处理器;处理器与存储器连接,存储器用于存储计算机执行指令,处理器执行存储器存储的计算机执行指令,以使报文处理装置实现第二方面提供的任意一种方法。示例性的,存储器和处理器可以集成在一起,也可以为独立的器件。若为后者,存储器可以位于报文处理装置内,也可以位于报文处理装置外。该报文处理装置可以以芯片的产品形态存在。In a fourth aspect, a message processing device is provided, comprising: a processor; the processor is connected to a memory, the memory is used to store computer-executed instructions, and the processor executes the computer-executed instructions stored in the memory, so that the message processing device realizes the first Any of the two methods provided. Exemplarily, the memory and the processor may be integrated together, or may be independent devices. In the latter case, the memory may be located in the message processing device or outside the message processing device. The message processing device may exist in the form of a chip product.
第五方面,提供了一种报文处理装置,包括:处理器和接口,处理器通过接口与存储器耦合,当处理器执行存储器中的计算机程序或指令时,使得第二方面提供的任意一种方法被执行。A fifth aspect provides a message processing device, comprising: a processor and an interface, the processor is coupled to the memory through the interface, and when the processor executes the computer program or instructions in the memory, any one of the methods provided in the second aspect is made method is executed.
第六方面,提供了一种计算机可读存储介质,包括指令,当该指令在计算机上运行时,使得计算机实现第二方面提供的任意一种方法。In a sixth aspect, a computer-readable storage medium is provided, including instructions, which, when executed on a computer, cause the computer to implement any one of the methods provided in the second aspect.
第七方面,提供了一种包含指令的计算机程序产品,当该指令在计算机上运行时,使得计算机实现第二方面提供的任意一种方法。第二方面至第七方面中的任一种实现方式所带来的技术效果可参见第一方面中对应实现方式所带来的技术效果,此处不再赘述。In a seventh aspect, there is provided a computer program product comprising instructions, which, when the instructions are executed on a computer, enable the computer to implement any one of the methods provided in the second aspect. For the technical effects brought by any one of the implementation manners of the second aspect to the seventh aspect, reference may be made to the technical effects brought by the corresponding implementation manners in the first aspect, which will not be repeated here.
第八方面,提供了一种无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器包括:DNS域名请求拦截模块、DNS域名解析代理模块和DNS域名解析响应模块,DNS域名请求拦截模块存储有第一域名;DNS域名请求拦截模块,用于接收第一终端发送的第一DNS域名解析请求,第一DNS域名解析请求中携带有第二域名,第一DNS域名解析请求用于请求解析第二域名;DNS域名请求拦截模块,还用于在确定第二域名与第一域名相同的情况下,向DNS域名解析代理模块发送第二DNS域名解析请求,第二DNS域名解析请求中携带有第一域名;响应于接收第二DNS域名解析请求,DNS域名解析代理模块,用于确定与第一域名相对应的无线宽带路由器的维护IP地址;DNS域名解析代理模块,还用于向DNS域名解析响应模块发送第一消息,第一消息携带有维护IP地址;DNS域名解析响应模块,用于接收第一消息;DNS域名解析响应模块,还用于向第一终端发送第一DNS域名解析请求的响应,第一DNS域名解析请求的响应中包括维护IP地址。第八方面提供的无线宽带路由器,通过对访问本机域名的DNS域名解析请求进行拦截和解析,可以使得无线宽带路由器工作在桥模式下时,用户通过终端正常的访问本机域名的web维护页面,配置和查看无线宽带路由器的运行参数,降低了无线宽带路由器的维护复杂度,提升了无线宽带路由器的升级效率,提高了用户体验。In an eighth aspect, a wireless broadband router is provided. The wireless broadband router works in a bridge mode. The wireless broadband router includes a DNS domain name request interception module, a DNS domain name resolution proxy module, and a DNS domain name resolution response module. The DNS domain name request interception module stores a The first domain name; the DNS domain name request interception module, configured to receive the first DNS domain name resolution request sent by the first terminal, the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request to resolve the second domain name domain name; the DNS domain name request interception module is further configured to send a second DNS domain name resolution request to the DNS domain name resolution proxy module when it is determined that the second domain name is the same as the first domain name, where the second DNS domain name resolution request carries the first domain name resolution request domain name; in response to receiving the second DNS domain name resolution request, the DNS domain name resolution proxy module is used to determine the maintenance IP address of the wireless broadband router corresponding to the first domain name; the DNS domain name resolution proxy module is also used to respond to the DNS domain name resolution The module sends a first message, and the first message carries the maintenance IP address; the DNS domain name resolution response module is used to receive the first message; the DNS domain name resolution response module is further configured to send a response to the first DNS domain name resolution request to the first terminal , the response of the first DNS domain name resolution request includes the maintenance IP address. The wireless broadband router provided in the eighth aspect, by intercepting and parsing the DNS domain name resolution request for accessing the local domain name, can make the wireless broadband router work in the bridge mode, the user can normally access the web maintenance page of the local domain name through the terminal , configure and view the operating parameters of the wireless broadband router, reduce the maintenance complexity of the wireless broadband router, improve the upgrade efficiency of the wireless broadband router, and improve the user experience.
在一种可能的实现方式中,DNS域名请求拦截模块,还用于在确定第二域名与第 一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,第三DNS域名解析请求中携带有第二域名。该种可能的实现方式,在用户访问非第一域名(即非本机域名)时,DNS域名请求拦截模块不拦截DNS域名解析请求,而是将DNS域名解析请求发送给DNS服务器,以便DNS服务器确定用户访问的域名对应的IP地址,保证用户对非本机域名的正常访问。In a possible implementation manner, the DNS domain name request interception module is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name, and the third DNS domain name resolution request is Carry a second domain name. In this possible implementation, when the user accesses a non-first domain name (ie, a non-local domain name), the DNS domain name request interception module does not intercept the DNS domain name resolution request, but sends the DNS domain name resolution request to the DNS server, so that the DNS server Determine the IP address corresponding to the domain name accessed by the user to ensure that the user can access non-local domain names normally.
在一种可能的实现方式中,DNS域名解析代理模块中存储有第一域名与维护IP地址之间的对应关系;DNS域名解析代理模块,具体用于根据对应关系确定与第一域名相对应的维护IP地址。该种可能的实现方式,通过在DNS域名解析代理模块中存储第一域名(即本机域名)与维护IP地址之间的对应关系,从而可以使得DNS域名解析代理模块根据本机域名确定本机域名对应的维护IP地址,保证用户对本机域名的正常访问。In a possible implementation manner, the DNS domain name resolution proxy module stores a corresponding relationship between the first domain name and the maintenance IP address; the DNS domain name resolution proxy module is specifically configured to determine the corresponding relationship with the first domain name according to the corresponding relationship. Maintain IP addresses. In this possible implementation, by storing the correspondence between the first domain name (that is, the local domain name) and the maintenance IP address in the DNS domain name resolution proxy module, the DNS domain name resolution proxy module can determine the local machine according to the local domain name The maintenance IP address corresponding to the domain name ensures that users can access the local domain name normally.
在一种可能的实现方式中,无线宽带路由器还包括桥接模块;桥接模块,用于向DNS域名请求拦截模块发送第一域名;响应于接收第一域名,DNS域名请求拦截模块,还用于保存第一域名。该种可能的实现方式,DNS域名请求拦截模块通过保存第一域名,可以在接收到DNS域名解析请求时,实现对第一域名和第二域名的比对,以便确定是否拦截DNS域名解析请求。In a possible implementation manner, the wireless broadband router further includes a bridging module; the bridging module is used to send the first domain name to the DNS domain name request interception module; in response to receiving the first domain name, the DNS domain name request interception module is also used to save first domain name. In this possible implementation, the DNS domain name request interception module can compare the first domain name with the second domain name when receiving the DNS domain name resolution request by saving the first domain name, so as to determine whether to intercept the DNS domain name resolution request.
在一种可能的实现方式中,DNS域名解析响应模块,还用于对第一消息进行解析,并根据解析出的维护IP地址生成第一DNS域名解析请求的响应。In a possible implementation manner, the DNS domain name resolution response module is further configured to parse the first message, and generate a response to the first DNS domain name resolution request according to the parsed maintenance IP address.
在一种可能的实现方式中,第一DNS域名解析请求和第二DNS域名解析请求中还包括源IP地址和目的IP地址,源IP地址为第一终端的IP地址,目的IP地址为DNS服务器的IP地址。该种可能的实现方式,通过在DNS域名解析请求中携带源IP地址和目的IP地址,可以使得接收DNS域名解析请求的设备确定该请求是哪个设备发送,以及要发送给哪个设备的,从而正确的在设备上进行转发或处理。In a possible implementation manner, the first DNS domain name resolution request and the second DNS domain name resolution request further include a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the DNS server IP address. In this possible implementation manner, by carrying the source IP address and the destination IP address in the DNS domain name resolution request, the device receiving the DNS domain name resolution request can determine which device sent the request and to which device, so that the correct is forwarded or processed on the device.
第九方面,提供了一种域名解析方法,应用于无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器包括:DNS域名请求拦截模块、DNS域名解析代理模块和DNS域名解析响应模块,DNS域名请求拦截模块存储有第一域名,该方法包括:DNS域名请求拦截模块接收第一终端发送的第一DNS域名解析请求,第一DNS域名解析请求中携带有第二域名,第一DNS域名解析请求用于请求解析第二域名;DNS域名请求拦截模块在确定第二域名与第一域名相同的情况下,向DNS域名解析代理模块发送第二DNS域名解析请求,第二DNS域名解析请求中携带有第一域名;响应于接收第二DNS域名解析请求,DNS域名解析代理模块确定与第一域名相对应的无线宽带路由器的维护IP地址;DNS域名解析代理模块向DNS域名解析响应模块发送第一消息,第一消息携带有维护IP地址;DNS域名解析响应模块接收第一消息;DNS域名解析响应模块向第一终端发送第一DNS域名解析请求的响应,第一DNS域名解析请求的响应中包括维护IP地址。A ninth aspect provides a domain name resolution method, which is applied to a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router includes: a DNS domain name request interception module, a DNS domain name resolution proxy module, and a DNS domain name resolution response module, DNS The domain name request interception module stores the first domain name, and the method includes: the DNS domain name request interception module receives the first DNS domain name resolution request sent by the first terminal, the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request The request is used to request to resolve the second domain name; the DNS domain name request interception module sends a second DNS domain name resolution request to the DNS domain name resolution proxy module when it is determined that the second domain name is the same as the first domain name, and the second DNS domain name resolution request carries There is a first domain name; in response to receiving the second DNS domain name resolution request, the DNS domain name resolution proxy module determines the maintenance IP address of the wireless broadband router corresponding to the first domain name; the DNS domain name resolution proxy module sends the first DNS domain name resolution response module. message, the first message carries the maintenance IP address; the DNS domain name resolution response module receives the first message; the DNS domain name resolution response module sends a response to the first DNS domain name resolution request to the first terminal, and the response to the first DNS domain name resolution request includes Maintain IP addresses.
在一种可能的实现方式中,该方法还包括:DNS域名请求拦截模块在确定第二域名与第一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,第三DNS域名解析请求中携带有第二域名。In a possible implementation manner, the method further includes: when the DNS domain name request interception module determines that the second domain name is different from the first domain name, sending a third DNS domain name resolution request to the DNS server, the third DNS domain name resolution request carries the second domain name in the .
在一种可能的实现方式中,DNS域名解析代理模块中存储有第一域名与维护IP 地址之间的对应关系,DNS域名解析代理模块确定与第一域名相对应的无线宽带路由器的维护IP地址,包括:DNS域名解析代理模块根据对应关系确定与第一域名相对应的维护IP地址。In a possible implementation manner, the DNS domain name resolution proxy module stores the correspondence between the first domain name and the maintenance IP address, and the DNS domain name resolution proxy module determines the maintenance IP address of the wireless broadband router corresponding to the first domain name , including: the DNS domain name resolution proxy module determines the maintenance IP address corresponding to the first domain name according to the corresponding relationship.
在一种可能的实现方式中,无线宽带路由器还包括桥接模块;该方法还包括:桥接模块向DNS域名请求拦截模块发送第一域名;响应于接收第一域名,DNS域名请求拦截模块保存第一域名。In a possible implementation manner, the wireless broadband router further includes a bridging module; the method further includes: the bridging module sends the first domain name to the DNS domain name request interception module; in response to receiving the first domain name, the DNS domain name request interception module saves the first domain name domain name.
在一种可能的实现方式中,在DNS域名解析响应模块向第一终端发送第一DNS域名解析请求的响应之前,该方法还包括:DNS域名解析响应模块对第一消息进行解析,并根据解析出的维护IP地址生成第一DNS域名解析请求的响应。In a possible implementation manner, before the DNS domain name resolution response module sends a response to the first DNS domain name resolution request to the first terminal, the method further includes: the DNS domain name resolution response module parses the first message, and analyzes the first message according to the resolution. The output maintenance IP address generates a response to the first DNS domain name resolution request.
在一种可能的实现方式中,第一DNS域名解析请求和第二DNS域名解析请求中还包括源IP地址和目的IP地址,源IP地址为第一终端的IP地址,目的IP地址为DNS服务器的IP地址。In a possible implementation manner, the first DNS domain name resolution request and the second DNS domain name resolution request further include a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the DNS server IP address.
第十方面,提供了一种域名解析方法,应用于无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器存储有第一域名;该方法包括:无线宽带路由器接收来自于第一终端的第一DNS域名解析请求,第一DNS域名解析请求中携带有第二域名,第一DNS域名解析请求用于请求解析第二域名;无线宽带路由器在确定第二域名与第一域名相同的情况下,确定与第一域名相对应的无线宽带路由器的维护IP地址;无线宽带路由器向第一终端发送第一DNS域名解析请求的响应,第一DNS域名解析请求的响应中包括维护IP地址。A tenth aspect provides a domain name resolution method, which is applied to a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name; the method includes: the wireless broadband router receives a first domain name from a first terminal. A DNS domain name resolution request, the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request resolution of the second domain name; when the wireless broadband router determines that the second domain name is the same as the first domain name, Determine the maintenance IP address of the wireless broadband router corresponding to the first domain name; the wireless broadband router sends a response to the first DNS domain name resolution request to the first terminal, and the response to the first DNS domain name resolution request includes the maintenance IP address.
在一种可能的实现方式中,该方法还包括:无线宽带路由器在确定第二域名与第一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,第三DNS域名解析请求中携带有第二域名。In a possible implementation manner, the method further includes: when the wireless broadband router determines that the second domain name is different from the first domain name, sending a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries There is a second domain name.
在一种可能的实现方式中,无线宽带路由器中存储有第一域名和维护IP地址之间的对应关系。In a possible implementation manner, the wireless broadband router stores the correspondence between the first domain name and the maintenance IP address.
在一种可能的实现方式中,第一DNS域名解析请求还包括源IP地址和目的IP地址,源IP地址为第一终端的IP地址,目的IP地址为DNS服务器的IP地址。In a possible implementation manner, the first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
第十一方面,提供了一种无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器存储有第一域名;无线宽带路由器包括:处理单元和通信单元;通信单元,用于接收来自于第一终端的第一DNS域名解析请求,第一DNS域名解析请求中携带有第二域名,第一DNS域名解析请求用于请求解析第二域名;处理单元,用于在确定第二域名与第一域名相同的情况下,确定与第一域名相对应的无线宽带路由器的维护IP地址;通信单元,还用于向第一终端发送第一DNS域名解析请求的响应,第一DNS域名解析请求的响应中包括维护IP地址。In an eleventh aspect, a wireless broadband router is provided, the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name; the wireless broadband router includes: a processing unit and a communication unit; A first DNS domain name resolution request from a terminal, the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request to resolve the second domain name; the processing unit is used to determine the relationship between the second domain name and the first domain name. In the case of the same domain name, determine the maintenance IP address of the wireless broadband router corresponding to the first domain name; the communication unit is further configured to send to the first terminal a response to the first DNS domain name resolution request, a response to the first DNS domain name resolution request This includes maintaining IP addresses.
在一种可能的实现方式中,通信单元,还用于在确定第二域名与第一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,第三DNS域名解析请求中携带有第二域名。In a possible implementation manner, the communication unit is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name, where the third DNS domain name resolution request carries the third DNS domain name resolution request. Second domain name.
在一种可能的实现方式中,无线宽带路由器中存储有第一域名和维护IP地址之间的对应关系。In a possible implementation manner, the wireless broadband router stores the correspondence between the first domain name and the maintenance IP address.
在一种可能的实现方式中,第一DNS域名解析请求还包括源IP地址和目的IP 地址,源IP地址为第一终端的IP地址,目的IP地址为DNS服务器的IP地址。In a possible implementation manner, the first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
第十二方面,提供了一种域名解析装置,包括:处理器;处理器与存储器连接,存储器用于存储计算机执行指令,处理器执行存储器存储的计算机执行指令,以使域名解析装置实现第九方面提供的任意一种方法,或者,实现第十方面提供的任意一种方法。示例性的,存储器和处理器可以集成在一起,也可以为独立的器件。若为后者,存储器可以位于域名解析装置内,也可以位于域名解析装置外。该域名解析装置可以以芯片的产品形态存在。A twelfth aspect provides a domain name resolution device, comprising: a processor; the processor is connected to a memory, the memory is used to store computer execution instructions, and the processor executes the computer execution instructions stored in the memory, so that the domain name resolution device realizes the ninth Any one of the methods provided in the aspect, or, implement any one of the methods provided by the tenth aspect. Exemplarily, the memory and the processor may be integrated together, or may be independent devices. In the latter case, the memory may be located in the domain name resolution device or outside the domain name resolution device. The domain name resolution device may exist in the form of a chip.
第十三方面,提供了一种域名解析装置,包括:处理器和接口,处理器通过接口与存储器耦合,当处理器执行存储器中的计算机程序或指令时,使得第九方面提供的任意一种方法,或者,第十方面提供的任意一种方法被执行。A thirteenth aspect provides a domain name resolution apparatus, comprising: a processor and an interface, the processor is coupled with the memory through the interface, and when the processor executes the computer program or instructions in the memory, any one of the methods provided in the ninth aspect is made The method, or any one of the methods provided by the tenth aspect is performed.
第十四方面,提供了一种计算机可读存储介质,包括指令,当该指令在计算机上运行时,使得计算机执行第九方面提供的任意一种方法,或者,第十方面提供的任意一种方法。A fourteenth aspect provides a computer-readable storage medium, comprising instructions that, when the instructions are run on a computer, cause the computer to execute any one of the methods provided in the ninth aspect, or, any one of the methods provided in the tenth aspect method.
第十五方面,提供了一种包含指令的计算机程序产品,当该指令在计算机上运行时,使得计算机执行第九方面提供的任意一种方法,或者,第十方面提供的任意一种方法。A fifteenth aspect provides a computer program product containing instructions that, when the instructions are run on a computer, cause the computer to execute any one of the methods provided in the ninth aspect, or any one of the methods provided in the tenth aspect.
第九方面至第十五方面中的任一种实现方式所带来的技术效果可参见第八方面中对应实现方式所带来的技术效果,此处不再赘述。For the technical effect brought by any one of the implementation manners of the ninth aspect to the fifteenth aspect, reference may be made to the technical effect brought by the corresponding implementation manner in the eighth aspect, which will not be repeated here.
第十六方面,提供了一种域名解析系统,包括:第一终端和无线宽带路由器,无线宽带路由器工作在桥模式,无线宽带路由器存储有第一域名;第一终端,用于向无线宽带路由器发送第一DNS域名解析请求,第一DNS域名解析请求中携带有第二域名,第一DNS域名解析请求用于请求解析第二域名;响应于接收第一DNS域名解析请求,无线宽带路由器,用于在确定第二域名与第一域名相同的情况下,确定与第一域名相对应的无线宽带路由器的维护IP地址;无线宽带路由器,还用于向第一终端发送第一DNS域名解析请求的响应,第一DNS域名解析请求的响应中包括维护IP地址;响应于接收第一DNS域名解析请求的响应,第一终端,还用于根据维护IP地址访问无线宽带路由器的Web维护页面。A sixteenth aspect provides a domain name resolution system, including: a first terminal and a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name; Send a first DNS domain name resolution request, where the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request resolution of the second domain name; in response to receiving the first DNS domain name resolution request, the wireless broadband router uses In the case where it is determined that the second domain name is the same as the first domain name, the maintenance IP address of the wireless broadband router corresponding to the first domain name is determined; the wireless broadband router is also used to send the first DNS domain name resolution request to the first terminal. In response, the response of the first DNS domain name resolution request includes the maintenance IP address; in response to receiving the response of the first DNS domain name resolution request, the first terminal is further configured to access the Web maintenance page of the wireless broadband router according to the maintenance IP address.
在一种可能的实现方式中,域名解析系统还包括:DNS服务器;无线宽带路由器,还用于在确定第二域名与第一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,第三DNS域名解析请求中携带有第二域名;响应于接收第三DNS域名解析请求,DNS服务器,用于确定与第二域名相对应的IP地址;DNS服务器,还用于向第一终端发送第三DNS域名解析请求的响应,第三DNS域名解析请求的响应中包括第二域名相对应的IP地址;响应于接收第三DNS域名解析请求的响应,第一终端,还用于根据第二域名相对应的IP地址访问第二域名对应的网页。In a possible implementation manner, the domain name resolution system further includes: a DNS server; and a wireless broadband router, which is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name, The third DNS domain name resolution request carries the second domain name; in response to receiving the third DNS domain name resolution request, the DNS server is used to determine the IP address corresponding to the second domain name; the DNS server is also used to send to the first terminal In response to the third DNS domain name resolution request, the response to the third DNS domain name resolution request includes the IP address corresponding to the second domain name; in response to receiving the response to the third DNS domain name resolution request, the first terminal is further configured to The IP address corresponding to the domain name accesses the web page corresponding to the second domain name.
在一种可能的实现方式中,无线宽带路由器中存储有第一域名和维护IP地址之间的对应关系。In a possible implementation manner, the wireless broadband router stores the correspondence between the first domain name and the maintenance IP address.
在一种可能的实现方式中,第一DNS域名解析请求还包括源IP地址和目的IP地址,源IP地址为第一终端的IP地址,目的IP地址为DNS服务器的IP地址。In a possible implementation manner, the first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
第十六方面中的任一种实现方式所带来的技术效果可参见第八方面中对应实现方 式所带来的技术效果,此处不再赘述。For the technical effects brought by any one of the implementations in the sixteenth aspect, reference may be made to the technical effects brought by the corresponding implementations in the eighth aspect, which will not be repeated here.
需要说明的是,在方案不矛盾的前提下,上述各个方面中的方案均可以结合。It should be noted that, on the premise that the solutions are not contradictory, the solutions in the above aspects can be combined.
附图说明Description of drawings
图1为本申请实施例提供的一种无线宽带路由器为路由模式下时网络架构的示意图;1 is a schematic diagram of a network architecture when a wireless broadband router provided by an embodiment of the present application is in a routing mode;
图2为本申请实施例提供的一种无线宽带路由器为路由模式下时域名解析的流程示意图;2 is a schematic flowchart of domain name resolution when a wireless broadband router provided by an embodiment of the present application is in routing mode;
图3为本申请实施例提供的一种无线宽带路由器为桥模式下时网络架构的示意图;3 is a schematic diagram of a network architecture when a wireless broadband router provided by an embodiment of the present application is in a bridge mode;
图4为本申请实施例提供的一种无线宽带路由器为桥模式下时IP地址分配的示意图;4 is a schematic diagram of IP address allocation when a wireless broadband router provided by an embodiment of the present application is in bridge mode;
图5为本申请实施例提供的一种无线宽带路由器为桥模式下时域名解析的流程图;5 is a flowchart of domain name resolution when a wireless broadband router provided by an embodiment of the present application is in bridge mode;
图6为本申请实施例提供的一种无线宽带路由器的组成示意图;6 is a schematic diagram of the composition of a wireless broadband router according to an embodiment of the present application;
图7为本申请实施例提供的一种报文处理方法的流程图;FIG. 7 is a flowchart of a message processing method provided by an embodiment of the present application;
图8为本申请实施例提供的又一种报文处理方法的流程图;8 is a flowchart of another packet processing method provided by an embodiment of the present application;
图9为本申请实施例提供的又一种无线宽带路由器的组成示意图;FIG. 9 is a schematic diagram of the composition of another wireless broadband router provided by an embodiment of the present application;
图10为本申请实施例提供的一种域名解析方法的流程图;10 is a flowchart of a method for domain name resolution provided by an embodiment of the present application;
图11为本申请实施例提供的又一种域名解析方法的流程图;11 is a flowchart of another method for domain name resolution provided by an embodiment of the present application;
图12为本申请实施例提供的又一种域名解析方法的流程图;12 is a flowchart of another method for domain name resolution provided by an embodiment of the present application;
图13为本申请实施例提供的又一种无线宽带路由器的组成示意图;13 is a schematic diagram of the composition of another wireless broadband router provided by an embodiment of the present application;
图14为本申请实施例提供的一种无线宽带路由器的硬件结构示意图;14 is a schematic diagram of a hardware structure of a wireless broadband router provided by an embodiment of the application;
图15为本申请实施例提供的又一种无线宽带路由器的硬件结构示意图。FIG. 15 is a schematic diagram of a hardware structure of another wireless broadband router provided by an embodiment of the present application.
具体实施方式Detailed ways
在本申请的描述中,除非另有说明,“/”表示或的意思,例如,A/B可以表示A或B。本文中的“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。在本申请的描述中,除非另有说明,“至少一个”是指一个或多个,“多个”是指两个或多于两个。In the description of this application, unless otherwise specified, "/" means or means, for example, A/B can mean A or B. In this article, "and/or" is only an association relationship to describe the associated objects, which means that there can be three kinds of relationships, for example, A and/or B, which can mean that A exists alone, A and B exist at the same time, and B exists alone these three situations. In the description of this application, unless stated otherwise, "at least one" means one or more, and "plurality" means two or more.
另外,为了便于清楚描述本申请实施例的技术方案,在本申请的实施例中,采用了“第一”、“第二”等字样对功能和作用基本相同的相同项或相似项进行区分。本领域技术人员可以理解“第一”、“第二”等字样并不对数量和执行次序进行限定,并且“第一”、“第二”等字样也并不限定一定不同。In addition, in order to clearly describe the technical solutions of the embodiments of the present application, in the embodiments of the present application, words such as "first" and "second" are used to distinguish the same or similar items with basically the same function and effect. Those skilled in the art can understand that the words "first", "second" and the like do not limit the quantity and execution order, and the words "first", "second" and the like are not necessarily different.
其中,本申请实施例的技术方案可以应用于4G系统、基于4G系统演进的各种系统、5G系统、基于5G系统演进的各种系统中。其中,4G系统也可以称为演进分组系统(evolved packet system,EPS)。4G系统的核心网(core network,CN)可以称为演进分组核心网(evolved packet core,EPC),接入网可以称为长期演进(long term evolution,LTE)。5G系统的核心网可以称为5GC(5G core),接入网可以称为新无线(new radio,NR)。The technical solutions of the embodiments of the present application can be applied to 4G systems, various systems based on 4G system evolution, 5G systems, and various systems based on 5G system evolution. The 4G system may also be called an evolved packet system (EPS). The core network (CN) of the 4G system may be called an evolved packet core (EPC), and the access network may be called long term evolution (LTE). The core network of the 5G system can be called 5GC (5G core), and the access network can be called new radio (NR).
为了方便理解下文,首先对本申请涉及到的部分概念进行简单介绍。For the convenience of understanding the following, some concepts involved in this application are briefly introduced first.
域名(Domain Name):又称网域,是由一串用点分隔的名字组成的网络上某一台计算机或计算机组的名称,用于在数据传输时对计算机进行定位和标识(有时也指地理位置)。域名包括本机域名和公网域名。公网域名例如可以为www.XXX.com、www.XXX.cn等。本机域名没有固定的形式。Domain Name: Also known as a domain, it is the name of a computer or computer group on a network consisting of a string of names separated by dots, which is used to locate and identify computers during data transmission (sometimes also referred to as geographic location). Domain names include local domain names and public domain names. The public domain name may be, for example, www.XXX.com, www.XXX.cn, and the like. There is no fixed form for native domain names.
域名解析:是把域名解析为IP地址,让用户通过访问域名可以方便地访问到网站的一种服务,由域名系统(domain name system,DNS)完成。虽然网络互连协议(internet protocol,IP)地址能够唯一的标识网络上的计算机,但IP地址是一长串数字,例如,14.215.177.39、111.230.159.21、192.168.8.200、192.168.8.100等,不够直观,而且用户记忆十分不方便,通过DNS来将域名和IP地址相互映射,使用户更方便地访问到网站,用户只需了解易记的域名,而不用去记住能够被机器直接读取的IP地址。例如,若域名www.XXX.com和IP地址14.215.177.39相互映射,用户通过终端访问www.XXX.com时,DNS可以将域名www.XXX.com解析为IP地址14.215.177.39,返回给终端,终端可以通过访问该IP地址14.215.177.39访问网站。Domain name resolution: It is a service that resolves a domain name into an IP address, allowing users to easily access a website by accessing the domain name. It is completed by the domain name system (DNS). Although an internet protocol (IP) address can uniquely identify a computer on a network, an IP address is a long string of numbers, such as 14.215.177.39, 111.230.159.21, 192.168.8.200, 192.168.8.100, etc., which is not enough. Intuitive, and it is very inconvenient for users to remember. The domain name and IP address are mapped to each other through DNS, so that users can access the website more conveniently. Users only need to know the easy-to-remember domain name, instead of memorizing the domain name that can be directly read by the machine. IP address. For example, if the domain name www.XXX.com and the IP address 14.215.177.39 are mapped to each other, when the user accesses www.XXX.com through the terminal, the DNS can resolve the domain name www.XXX.com to the IP address 14.215.177.39 and return it to the terminal, The terminal can access the website by visiting the IP address 14.215.177.39.
本机域名:设备(例如,设备1)的本机域名是指设备1所在本地域(设备1附着的当前网络所在的域)的域名。不在公网中备案,只有局域网(local area network,LAN)中的其他设备(例如,设备2)可以访问。设备1的本机域名和IP地址的映射通过设备1中的DNS域名解析代理模块实现。LAN也可以称为私网或内网。针对本机域名的互联网访问的方式是:用户在设备2输入本机域名——设备2发送DNS域名解析请求给设备1——设备1中的DNS域名解析代理模块将本机域名解析为IP地址并返回给设备2——设备2访问该IP地址——到达访问目的地。Local domain name: The local domain name of a device (eg, device 1 ) refers to the domain name of the local domain where device 1 is located (the domain where the current network to which device 1 is attached is located). Not filed in the public network, only other devices (eg, device 2) in the local area network (LAN) can access. The mapping between the local domain name and the IP address of the device 1 is implemented by the DNS domain name resolution proxy module in the device 1 . A LAN can also be called a private network or an intranet. The method of Internet access for the local domain name is: the user enters the local domain name in device 2 - device 2 sends a DNS domain name resolution request to device 1 - the DNS domain name resolution proxy module in device 1 resolves the local domain name into an IP address And return to the device 2 - the device 2 accesses the IP address - to the access destination.
公网域名:在WAN中备案的域名,任何人都可以访问。WAN也可以称为公网或外网。公网域名和IP地址的映射通过WAN中的DNS服务器实现。DNS服务器就是提供IP地址和域名之间的转换服务的服务器。针对公网域名的互联网访问的方式是:用户在设备3输入公网域名——设备3发送DNS域名解析请求给DNS服务器——DNS服务器将公网域名解析为IP地址并返回给设备3——设备3访问该IP地址——到达访问目的地。Public domain name: The domain name registered in the WAN can be accessed by anyone. WAN can also be called public network or external network. The mapping between the public domain name and the IP address is realized by the DNS server in the WAN. A DNS server is a server that provides translation services between IP addresses and domain names. The Internet access method for the public domain name is as follows: the user enters the public domain name on the device 3 - the device 3 sends a DNS domain name resolution request to the DNS server - the DNS server parses the public domain name into an IP address and returns it to the device 3 - Device 3 accesses the IP address—reaches the access destination.
防火墙:防火墙技术是通过有机结合各类用于安全管理与筛选的软件和硬件设备,帮助计算机网络在其内、外网之间构建一道相对隔绝的保护屏障,以保护用户资料与信息安全性的一种技术。Firewall: Firewall technology is to help computer networks build a relatively isolated protective barrier between internal and external networks by organically combining various software and hardware devices for security management and screening to protect user data and information security. a technology.
防火墙规则:防火墙规则是用于隔绝内、外网之间的一些信息的规则。例如,源网络地址转换(source network address translation,SNAT)规则,可以避免外网获取到设备在内网中的IP地址。Firewall rules: Firewall rules are rules used to isolate some information between internal and external networks. For example, the source network address translation (SNAT) rule can prevent the external network from obtaining the IP address of the device in the internal network.
无线宽带路由器的WAN侧IP地址:运营商分配的IP地址,用于在WAN中标识无线宽带路由器。WAN side IP address of the wireless broadband router: The IP address assigned by the operator is used to identify the wireless broadband router in the WAN.
无线宽带路由器的维护IP地址:无线宽带路由器的出厂设置的IP地址,用于在LAN中标识无线宽带路由器,每个无线宽带路由器有唯一的维护IP地址。无线宽带路由器的维护IP地址也可以称为无线宽带路由器的网关地址。Maintenance IP address of the wireless broadband router: The factory-set IP address of the wireless broadband router is used to identify the wireless broadband router in the LAN. Each wireless broadband router has a unique maintenance IP address. The maintenance IP address of the wireless broadband router may also be called the gateway address of the wireless broadband router.
以上是对本申请涉及到的部分概念进行的简单介绍。The above is a brief introduction to some concepts involved in this application.
为了降低布线成本,提高路由器的移动灵活性,路由器从传统的使用光纤接 入的家庭路由器发展到无线宽带路由器。以无线宽带路由器为界限,无线宽带路由器以及连接的设备(例如,家庭路由器,终端等)属于LAN,无线宽带路由器以上的属于WAN。无线宽带路由器可以工作在两种模式下。一种模式为路由模式,另一种模式为桥模式。In order to reduce wiring costs and improve the mobility of routers, routers have evolved from traditional home routers using optical fiber access to wireless broadband routers. Taking the wireless broadband router as a boundary, the wireless broadband router and connected devices (eg, home routers, terminals, etc.) belong to the LAN, and the wireless broadband router and above belong to the WAN. Wireless broadband routers can work in two modes. One mode is routing mode and the other mode is bridge mode.
无线宽带路由器工作在路由模式时,参见图1,无线宽带路由器占有DNS服务器IP地址和运营商(例如,动态主机设置协议(dynamic host configuration protocol,DHCP)服务器)为无线宽带路由器分配的WAN侧IP地址,无线宽带路由器为与其连接的终端(例如,个人计算机(personal computer,PC)、手机或平板电脑等)分配WAN侧IP地址和DNS服务器IP地址,为终端分配的DNS服务器IP地址为终端进行域名请求时的目的IP地址。例如,参见图1,无线宽带路由器为PC分配IP地址192.168.9.100和DNS服务器IP地址192.168.8.1。在路由模式下,无线宽带路由器为终端分配的DNS服务器IP地址可以与无线宽带路由器的维护IP地址相同,也可以与无线宽带路由器的维护IP地址不同,由于一般是相同的,因此,本申请中以为终端分配的DNS服务器IP地址与无线宽带路由器的维护IP地址相同为例对本申请提供的方法作示例性说明。以PC为例,用户在PC上使用无线宽带路由器的本机域名(本申请中假设为cpe.win)登陆无线宽带路由器的全球广域网(World Wide Web,web)维护页面时,PC向无线宽带路由器发送的DNS域名解析请求中的目的IP地址是无线宽带路由器为PC分配的DNS服务器IP地址(也就是无线宽带路由器的维护IP地址192.168.8.1)。该DNS域名解析请求经过无线宽带路由器时,会被直接转到无线宽带路由器的DNS域名解析代理模块解析,DNS域名解析代理模块根据出厂配置将本机域名解析为无线宽带路由器的维护IP地址并返回给PC,PC接收到域名解析的结果后,再使用维护IP地址访问无线宽带路由器的web维护页面。该情况下,参见图2,以PC为例,具体过程包括:When the wireless broadband router works in routing mode, see Figure 1, the wireless broadband router occupies the DNS server IP address and the WAN side IP assigned by the operator (for example, a dynamic host configuration protocol (DHCP) server) to the wireless broadband router address, the wireless broadband router assigns the WAN side IP address and the DNS server IP address to the terminal (for example, personal computer (PC), mobile phone or tablet computer, etc.) connected to it, and the DNS server IP address assigned to the terminal is used for the terminal. The destination IP address of the domain name request. For example, referring to Figure 1, the wireless broadband router assigns the PC an IP address of 192.168.9.100 and a DNS server IP address of 192.168.8.1. In routing mode, the DNS server IP address assigned by the wireless broadband router to the terminal may be the same as the maintenance IP address of the wireless broadband router, or it may be different from the maintenance IP address of the wireless broadband router. Since it is generally the same, therefore, in this application The method provided by the present application is exemplified by taking that the IP address of the DNS server allocated to the terminal is the same as the maintenance IP address of the wireless broadband router as an example. Taking a PC as an example, when a user logs in to the World Wide Web (web) maintenance page of the wireless broadband router on the PC using the local domain name of the wireless broadband router (it is assumed to be cpe.win in this application), the PC sends a message to the wireless broadband router. The destination IP address in the sent DNS domain name resolution request is the DNS server IP address assigned by the wireless broadband router to the PC (that is, the maintenance IP address 192.168.8.1 of the wireless broadband router). When the DNS domain name resolution request passes through the wireless broadband router, it will be directly transferred to the DNS domain name resolution proxy module of the wireless broadband router for resolution. The DNS domain name resolution proxy module resolves the local domain name to the maintenance IP address of the wireless broadband router according to the factory configuration and returns To the PC, after receiving the result of domain name resolution, the PC uses the maintenance IP address to access the web maintenance page of the wireless broadband router. In this case, referring to Figure 2, taking a PC as an example, the specific process includes:
201、无线宽带路由器中的DNS域名解析代理模块获取出厂设置中本机域名与维护IP地址的绑定设置。也就是说,DNS域名解析代理模块中会存储cpe.win和维护IP地址的对应关系。示例性的,本机域名与维护IP地址的对应关系可以表示为:cpe.win→192.168.8.1。201. The DNS domain name resolution proxy module in the wireless broadband router obtains the binding setting of the local domain name and the maintenance IP address in the factory setting. That is to say, the corresponding relationship between cpe.win and the maintenance IP address will be stored in the DNS domain name resolution proxy module. Exemplarily, the correspondence between the local domain name and the maintenance IP address may be expressed as: cpe.win→192.168.8.1.
202、用户打开PC的浏览器,在浏览器的地址栏输入本机域名cpe.win。202. The user opens the browser of the PC, and enters the local domain name cpe.win in the address bar of the browser.
203、PC向无线宽带路由器中的DNS域名解析代理模块发送DNS域名解析请求。其中,DNS域名解析请求中包括源IP地址(src ip,即PC的IP地址192.168.9.100)、目的IP地址(dst ip,即为PC配置的DNS服务器IP地址192.168.8.1)和查询的域名(query name,即cpe.win)。203. The PC sends a DNS domain name resolution request to the DNS domain name resolution proxy module in the wireless broadband router. Among them, the DNS domain name resolution request includes the source IP address (src ip, that is, the IP address of the PC 192.168.9.100), the destination IP address (dst ip, that is, the DNS server IP address 192.168.8.1 configured for the PC) and the queried domain name ( query name, i.e. cpe.win).
204、无线宽带路由器中的DNS域名解析代理模块将本机域名cpe.win解析为维护IP地址192.168.8.1。具体的DNS域名解析代理模块可根据出厂设置的本机域名与维护IP地址的绑定关系,本机域名cpe.win解析为对应的维护IP地址192.168.8.1。204. The DNS domain name resolution proxy module in the wireless broadband router resolves the local domain name cpe.win to the maintenance IP address 192.168.8.1. The specific DNS domain name resolution proxy module can resolve the local domain name cpe.win to the corresponding maintenance IP address 192.168.8.1 according to the binding relationship between the local domain name and the maintenance IP address set by the factory.
205、无线宽带路由器中的DNS域名解析代理模块将维护IP地址发送给无线宽带路由器中的DNS域名解析响应模块。205. The DNS domain name resolution proxy module in the wireless broadband router sends the maintenance IP address to the DNS domain name resolution response module in the wireless broadband router.
206、无线宽带路由器中的DNS域名解析响应模块生成(也可以描述为组装)DNS域名解析请求的响应,DNS域名解析请求的响应中包括的解析结果为维护IP地址 192.168.8.1。206. The DNS domain name resolution response module in the wireless broadband router generates (also can be described as assembling) a response to the DNS domain name resolution request, and the resolution result included in the response to the DNS domain name resolution request is the maintenance IP address 192.168.8.1.
207、无线宽带路由器中的DNS域名解析响应模块向PC返回DNS域名解析请求的响应。其中,DNS域名解析请求的响应中包括源IP地址(src ip,即维护IP地址192.168.8.1)、目的IP地址(dst ip,即PC的IP地址192.168.9.100)、查询的域名(query name,即cpe.win)和查询结果(answer,即维护IP地址192.168.8.1)。207. The DNS domain name resolution response module in the wireless broadband router returns a response to the DNS domain name resolution request to the PC. Among them, the response of the DNS domain name resolution request includes the source IP address (src ip, that is, the maintenance IP address 192.168.8.1), the destination IP address (dst ip, that is, the IP address of the PC 192.168.9.100), the query domain name (query name, i.e. cpe.win) and the query result (answer, i.e. maintain the IP address 192.168.8.1).
208、PC后续使用维护IP地址192.168.8.1访问无线宽带路由器的web维护页面。208. The PC subsequently uses the maintenance IP address 192.168.8.1 to access the web maintenance page of the wireless broadband router.
随着5G移动通信技术的发展,各大运营商开始逐步部署5G网络。相比于第四代(4th Generation,4G)网络,5G网络的工作频段更高,电磁波的工作频率越高,绕过障碍物的能力就越差。尤其在建筑物密集的城市里,室内通信质量受到很大影响。因此,参见图3,各大运营商推出了“无线宽带路由器(室外)+家庭路由器(室内)”的组网方案。无线宽带路由器工作在室外近窗,可以避免室内信号衰减的问题,同时家庭路由器以桥接方式通过网线连接到无线宽带路由器(此时无线宽带路由器工作在桥模式下)。此方案中,以太网供电(power over Ethernet,POE)用于转发无线宽带路由器和家庭路由器之间的数据,并为无线宽带路由器和家庭路由器供电,无线宽带路由器提供了上网的能力,家庭路由器提供了终端接入的能力,两个路由器以桥接方式打通了上网通路,充分发挥了5G网络高带宽、低时延的优势。With the development of 5G mobile communication technology, major operators have begun to gradually deploy 5G networks. Compared with the fourth generation (4th Generation, 4G) network, the working frequency of the 5G network is higher, and the higher the working frequency of electromagnetic waves, the worse the ability to bypass obstacles. Especially in cities with dense buildings, the quality of indoor communication is greatly affected. Therefore, referring to Figure 3, major operators have introduced a networking scheme of "wireless broadband router (outdoor) + home router (indoor)". The wireless broadband router works outdoors near the window, which can avoid the problem of indoor signal attenuation. At the same time, the home router is connected to the wireless broadband router through a network cable in a bridge mode (the wireless broadband router works in bridge mode at this time). In this solution, power over Ethernet (POE) is used to forward data between the wireless broadband router and the home router, and supply power to the wireless broadband router and the home router. The wireless broadband router provides the ability to access the Internet, and the home router provides The ability of terminal access is improved, and the two routers open up the Internet access in a bridge mode, giving full play to the advantages of high bandwidth and low latency of the 5G network.
室外无线宽带路由器工作在桥模式下时,参见图4,会将DNS服务器IP地址和运营商为无线宽带路由器分配的WAN侧IP地址发送给室内家庭路由器,也就是说,无线宽带路由器不占用为自己分配的WAN侧IP地址,也不占用DNS服务器IP地址,对WAN完全透明化,仅提供无线上网的透传能力,对接收到的所有报文都是透传的。例如,参见图4,无线宽带路由器将DNS服务器IP地址10.98.48.123和运营商为无线宽带路由器分配的WAN侧IP地址10.62.17.183发送给室内家庭路由器。家庭路由器为连接的终端分配IP地址和DNS服务器IP地址,例如,为PC分配IP地址192.168.9.100。此处,由于无线宽带路由器不具备网关能力,无法分配DNS服务器IP地址,因此,家庭路由器为连接的终端分配DNS服务器IP地址(此处为终端分配的DNS服务器IP地址为从无线宽带路由器接收到的DNS服务器IP地址10.98.48.123)。以PC为例,PC上使用无线宽带路由器的本机域名cpe.win登陆无线宽带路由器的web维护页面时,DNS域名解析请求中目的IP地址是为终端分配的DNS服务器IP地址10.98.48.123,但由于cpe.win是一个本机域名,不在WAN中备案,即DNS服务器不会存储本机域名cpe.win和维护IP地址的对应关系。因此,DNS服务器无法解析本机域名。因此,PC无法使用cpe.win访问无线宽带路由器的web维护页面,从而无法查看和配置无线宽带路由器的运行网络参数(例如,存储拨号参数、查看设备状态、查看无线保真(wireless fidelity,wifi)参数、查看是否有新固件可以升级等),给用户和维护人员带来了困难。参见图5,以PC为例,具体过程包括:When the outdoor wireless broadband router works in bridge mode, see Figure 4, it will send the DNS server IP address and the WAN side IP address assigned by the operator to the wireless broadband router to the indoor home router. The WAN side IP address assigned by itself does not occupy the IP address of the DNS server. It is completely transparent to the WAN. It only provides the transparent transmission capability of wireless Internet access, and transparently transmits all received packets. For example, referring to Figure 4, the wireless broadband router sends the DNS server IP address 10.98.48.123 and the WAN side IP address 10.62.17.183 assigned by the operator to the wireless broadband router to the indoor home router. The home router assigns an IP address and a DNS server IP address to the connected terminal, for example, assigns the PC an IP address of 192.168.9.100. Here, because the wireless broadband router does not have the gateway capability and cannot assign the DNS server IP address, the home router assigns the DNS server IP address to the connected terminal (here, the DNS server IP address assigned to the terminal is the one received from the wireless broadband router. DNS server IP address 10.98.48.123). Taking a PC as an example, when using the local domain name cpe.win of the wireless broadband router to log in to the web maintenance page of the wireless broadband router, the destination IP address in the DNS domain name resolution request is the DNS server IP address 10.98.48.123 assigned to the terminal, but Since cpe.win is a local domain name, it is not recorded in the WAN, that is, the DNS server will not store the corresponding relationship between the local domain name cpe.win and the maintenance IP address. Therefore, the DNS server cannot resolve the native domain name. Therefore, the PC cannot use cpe.win to access the web maintenance page of the wireless broadband router, and thus cannot view and configure the running network parameters of the wireless broadband router (for example, store dial-up parameters, view device status, view wireless fidelity, wifi) parameters, check if there is new firmware to upgrade, etc.), which brings difficulties to users and maintainers. Referring to Figure 5, taking a PC as an example, the specific process includes:
501、与步骤201相同,参见步骤201。501 , same as step 201 , see step 201 .
502、与步骤202相同,参见步骤202。502 , same as step 202 , see step 202 .
503、PC向DNS服务器发送DNS域名解析请求。其中,DNS域名解析请求中包括源IP地址(src ip,即PC的IP地址192.168.9.100)、目的IP地址(dst ip,即DNS 服务器IP地址10.98.48.123)和查询的域名(query name,即cpe.win)。503. The PC sends a DNS domain name resolution request to the DNS server. Among them, the DNS domain name resolution request includes the source IP address (src ip, that is, the IP address of the PC 192.168.9.100), the destination IP address (dst ip, that is, the DNS server IP address 10.98.48.123) and the query domain name (query name, that is, cpe.win).
步骤503在具体实现时,PC发送的DNS域名解析请求先到达无线宽带路由器,由于无线宽带路由器工作在桥模式下时,不占用为自己分配的WAN侧IP地址,也不占用DNS服务器IP地址,对WAN完全透明化,仅提供无线上网的透传能力,对接收到的所有报文都是透传的,因此,无线宽带路由器接收到DNS域名解析请求后,会将接收到的DNS域名解析请求发送给DNS服务器。When step 503 is specifically implemented, the DNS domain name resolution request sent by the PC first reaches the wireless broadband router, because when the wireless broadband router works in bridge mode, it does not occupy the WAN side IP address allocated for itself, nor does it occupy the DNS server IP address, It is completely transparent to the WAN, only provides the transparent transmission capability of wireless Internet access, and transparently transmits all received packets. Therefore, after receiving the DNS domain name resolution request, the wireless broadband router will send the received DNS domain name resolution request. Sent to the DNS server.
504、由于cpe.win未在WAN中备案,DNS服务器解析失败。504. Since cpe.win is not registered in the WAN, the DNS server resolution fails.
505、DNS服务器向PC返回DNS域名解析请求的响应。其中,DNS域名解析请求的响应中包括源IP地址(src ip,即DNS服务器IP地址10.98.48.123)、目的IP地址(dst ip,即PC的IP地址192.168.9.100)、查询的域名(query name,即cpe.win)和查询结果(answer)。此处查询结果是出错(error)。505. The DNS server returns a response to the DNS domain name resolution request to the PC. Among them, the response of the DNS domain name resolution request includes the source IP address (src ip, that is, the DNS server IP address 10.98.48.123), the destination IP address (dst ip, that is, the IP address of the PC 192.168.9.100), the query domain name (query name) , namely cpe.win) and the query result (answer). The query result here is an error.
506、由于解析失败,PC无法登录无线宽带路由器的web维护页面。506. Because the parsing fails, the PC cannot log in to the web maintenance page of the wireless broadband router.
无线宽带路由器工作在路由模式时,用户可以通过终端正常登陆无线宽带路由器的web维护页面。无线宽带路由器工作在桥模式时,用户无法通过终端正常登陆无线宽带路由器的web维护页面。但是,因安全漏洞等原因,对无线宽带路由器进行固件升级的场景比较多。由于在桥模式下,无法查看和配置运行网络参数。因此,只有由运营商维护人员定期访问用户,将“无线宽带路由器+家庭路由器”的组网方案临时拆分,断开二者连接。在无线宽带路由器下接入PC并将工作模式从桥模式修改为路由模式,通过维护IP地址登陆无线宽带路由器的web维护页面,进入升级管理维护页面,手动进行在线固件升级的操作。固件升级完成后,再恢复到桥模式和“无线宽带路由器+家庭路由器”的组网方式。该解决方案,为了对无线宽带路由器进行维护和升级,需要运营商维护人员到用户家里,对组网方案进行变更,对用户使用影响较大;同时手动维护存在一定延时性,对重大安全漏洞升级不及时,容易造成网络安全问题;维护方式较复杂,用户操作困难体验差。When the wireless broadband router works in the routing mode, the user can normally log in to the web maintenance page of the wireless broadband router through the terminal. When the wireless broadband router works in bridge mode, the user cannot log in to the web maintenance page of the wireless broadband router normally through the terminal. However, due to security loopholes and other reasons, there are many scenarios in which the firmware of wireless broadband routers is upgraded. Since it is in bridge mode, it is not possible to view and configure operating network parameters. Therefore, only the maintenance personnel of the operator regularly visit users, temporarily split the networking scheme of "wireless broadband router + home router", and disconnect the two. Access the PC under the wireless broadband router and change the working mode from bridge mode to routing mode, log in to the web maintenance page of the wireless broadband router through the maintenance IP address, enter the upgrade management and maintenance page, and manually perform online firmware upgrade operations. After the firmware upgrade is completed, it will return to the bridge mode and the networking mode of "wireless broadband router + home router". This solution, in order to maintain and upgrade the wireless broadband router, requires the operator's maintenance personnel to go to the user's home to change the networking scheme, which has a great impact on the user's use; at the same time, there is a certain delay in manual maintenance, which is a major security vulnerability. If the upgrade is not timely, it is easy to cause network security problems; the maintenance method is complicated, and the user experience is difficult to operate.
并且,无线宽带路由器工作在桥模式时,运营商有对无线宽带路由器进行设备管理的需求。但无线宽带路由器没有WAN侧IP地址后,失去了在WAN中独立的身份识别,导致无线宽带路由器需要和WAN中的服务器(例如,空中下载(Over-The-Air,OTA)服务器、运营商技术报告069(Technical Report–069,TR069)服务器)通信的本机业务(无线宽带路由器自身的业务,例如,OTA在线升级、TR069设备管理)无法正常进行。In addition, when the wireless broadband router works in the bridge mode, the operator has a requirement for device management of the wireless broadband router. However, after the wireless broadband router does not have an IP address on the WAN side, it loses its independent identity in the WAN, so that the wireless broadband router needs to communicate with the server in the WAN (for example, Over-The-Air (OTA) server, operator technology Report 069 (Technical Report-069, TR069) server) communication's local business (wireless broadband router's own business, such as OTA online upgrade, TR069 device management) cannot be performed normally.
也就是说,由于采用桥模式,无线宽带路由器会存在两个问题:That is to say, due to the bridge mode, the wireless broadband router will have two problems:
问题1、无线宽带路由器和WAN中的服务器通信的本机业务无法正常进行。 Problem 1. The local business of the wireless broadband router and the server in the WAN cannot be carried out normally.
问题2、无线宽带路由器维护复杂和升级滞后等问题。Problem 2. The maintenance of wireless broadband routers is complicated and the upgrade lags.
其中,导致问题1的原因在于无线宽带路由器不占用WAN侧IP地址,失去了在WAN中独立的身份识别。导致问题2的原因在于由于无线宽带路由器不占用WAN侧IP地址,失去了在WAN中独立的身份识别后,只能提供无线上网的透传能力,无线宽带路由器接收到DNS域名解析请求后,透传给WAN中的DNS服务器,而DNS服务器无法解析DNS域名解析请求中的本机域名,从而导致用户无法访问无线宽带路由器的web维护页面。Among them, the reason for problem 1 is that the wireless broadband router does not occupy the IP address on the WAN side and loses its independent identity in the WAN. The reason for problem 2 is that because the wireless broadband router does not occupy the IP address on the WAN side and loses its independent identification in the WAN, it can only provide the transparent transmission capability of wireless Internet access. After the wireless broadband router receives the DNS domain name resolution request, it transparently It is transmitted to the DNS server in the WAN, but the DNS server cannot resolve the local domain name in the DNS domain name resolution request, so that the user cannot access the web maintenance page of the wireless broadband router.
为了解决这两个问题,本申请提供了以下实施例一和实施例二,实施例一用于解决无线宽带路由器和WAN中的服务器通信的本机业务无法正常进行的问题,实施例二用于解决无线宽带路由器维护复杂和升级滞后等问题。在实施例一和实施例二中无线宽带路由器仍然工作在桥模式下,不需要改变无线宽带路由器的工作模式和现场组网环境。本申请实施例提供的方法可以应用在“无线宽带路由器+家庭路由器”的组网场景的桥接场景中,也可以应用在所有路由设备桥接场景中,不作限制。In order to solve these two problems, the present application provides the following first and second embodiments. Solve problems such as complicated maintenance and lagging upgrade of wireless broadband routers. In the first embodiment and the second embodiment, the wireless broadband router still works in the bridge mode, and it is not necessary to change the working mode of the wireless broadband router and the on-site networking environment. The methods provided in the embodiments of the present application can be applied to the bridging scenario of the "wireless broadband router + home router" networking scenario, and can also be applied to the bridging scenario of all routing devices, without limitation.
实施例一Example 1
在实施例一中,无线宽带路由器工作在桥模式时,可以为无线宽带路由器设定第一IP地址(第一IP地址为无线宽带路由器在LAN中的伪IP地址,不是真实的IP地址,本申请具体实施方式中将第一IP地址称为伪IP地址),并利用防火墙SNAT技术对报文(例如,握手报文)中的伪IP地址和第二IP地址(第二IP地址为无线宽带路由器在WAN中的IP地址,即无线宽带路由器的WAN侧IP地址,本申请具体实施方式中将第二IP地址称为WAN侧IP地址)进行转换,即在无线宽带路由器内部使用伪IP地址,报文发送到WAN中时,使用WAN侧IP地址,从而达到WAN识别无线宽带路由器的目的,进而实现无线宽带路由器和WAN中的服务器通信的本机业务的正常工作。In the first embodiment, when the wireless broadband router works in bridge mode, a first IP address can be set for the wireless broadband router (the first IP address is the pseudo IP address of the wireless broadband router in the LAN, not the real IP address, this In the specific implementation manner of the application, the first IP address is called a pseudo IP address), and the pseudo IP address and the second IP address (the second IP address is the wireless broadband) in the message (for example, the handshake message) are analyzed by using the firewall SNAT technology. The IP address of the router in the WAN, that is, the WAN side IP address of the wireless broadband router, the second IP address is referred to as the WAN side IP address in the specific implementation of this application) is converted, that is, the pseudo IP address is used inside the wireless broadband router, When the message is sent to the WAN, the IP address of the WAN side is used, so as to achieve the purpose of identifying the wireless broadband router by the WAN, and then realize the normal operation of the local service of the communication between the wireless broadband router and the server in the WAN.
参见图6,实施例一提供的报文处理方法涉及到的无线宽带路由器的功能模块包括:位于应用态中的本机业务模块(本机业务模块可以提供例如OTA业务、TR069业务等本机业务)和桥接模块,位于Linux内核路由协议栈中的防火墙模块(例如,网络过滤器(Netfilter)模块)。实施例一主要对桥接模块和防火墙模块进行了改进。各个模块的功能如下:Referring to FIG. 6 , the functional modules of the wireless broadband router involved in the message processing method provided by the first embodiment include: a local service module located in the application state (the local service module can provide local services such as OTA services, TR069 services, etc.) ) and bridging modules, firewall modules (eg, Netfilter modules) located in the Linux kernel routing stack. Embodiment 1 mainly improves the bridge module and the firewall module. The functions of each module are as follows:
桥接模块:用于在桥模式下,为无线宽带路由器设定伪IP地址。Bridge module: used to set a pseudo IP address for the wireless broadband router in bridge mode.
防火墙模块:该模块为Linux内核路由协议栈的标准开源模块,用于处理防火墙的包过滤、地址转换(network address translation,NAT)转换、包转发等常见功能。在实施例一中,主要用于SNAT规则的处理,例如,确定什么时候用WAN侧IP地址,什么时候用伪IP地址,并进行WAN侧IP地址以及伪IP地址的转换。可以通过配置工具(例如,应用态的iptables)对防火墙模块的SNAT规则进行配置和管理。具体的,桥接模块可以发送SNAT规则给iptables,iptables接收桥接模块设定的SNAT规则,然后下发给防火墙模块进行生效。Firewall module: This module is a standard open source module of the Linux kernel routing protocol stack, which is used to handle common functions such as packet filtering, address translation (NAT) translation, and packet forwarding of the firewall. In the first embodiment, it is mainly used for the processing of SNAT rules, for example, to determine when to use the WAN side IP address and when to use the pseudo IP address, and to convert the WAN side IP address and the pseudo IP address. The SNAT rules of the firewall module can be configured and managed through configuration tools (for example, application-mode iptables). Specifically, the bridging module can send SNAT rules to iptables, and iptables receives the SNAT rules set by the bridging module, and then sends them to the firewall module to take effect.
本机业务模块:本机业务是指无线宽带路由器自身的业务,例如,OTA在线升级、TR069设备管理等,这些业务需要和WAN中对应的业务服务器建立通信,传输数据。本机业务与家庭路由器以及LAN中的终端没有数据往来。Local service module: Local service refers to the service of the wireless broadband router itself, such as OTA online upgrade, TR069 device management, etc. These services need to establish communication with the corresponding service server in the WAN to transmit data. There is no data exchange between the local service and the home router and the terminal in the LAN.
各个模块更具体的作用可参见下文中的各个步骤。参见图7,实施例一提供的报文处理方法包括:For more specific functions of each module, please refer to each step below. Referring to FIG. 7 , the packet processing method provided by Embodiment 1 includes:
701、桥接模块设定无线宽带路由器在LAN中的IP地址为伪IP地址。701. The bridging module sets the IP address of the wireless broadband router in the LAN as a pseudo IP address.
具体的,桥接模块可以在无线宽带路由器上电,系统启动后,且无线宽带路由器工作在桥模式下的情况下,执行步骤701。其中,伪IP地址属于私网段IP地址。私网段IP地址是LAN中使用的,通过WAN不能访问私网段IP地址。伪IP地址可以 存储在桥接模块中。在无线宽带路由器工作在桥模式下时,桥接模块设定无线宽带路由器在LAN中的IP地址为伪IP地址(可以理解为使得伪IP地址生效)。在无线宽带路由器工作在路由模式下时,可以默认无线宽带路由器在LAN中的IP地址为维护IP地址,或者,桥接模块设定无线宽带路由器在LAN中的IP地址为维护IP地址(可以理解为使得维护IP地址生效)。示例性的,伪IP地址可以为172.28.28.28。Specifically, the bridging module may perform step 701 after the wireless broadband router is powered on, the system is started, and the wireless broadband router works in the bridge mode. The pseudo IP address belongs to the IP address of the private network segment. The IP address of the private network segment is used in the LAN, and the IP address of the private network segment cannot be accessed through the WAN. The pseudo IP address can be stored in the bridge module. When the wireless broadband router works in bridge mode, the bridge module sets the IP address of the wireless broadband router in the LAN as a pseudo IP address (it can be understood as making the pseudo IP address effective). When the wireless broadband router works in routing mode, the IP address of the wireless broadband router in the LAN can be the maintenance IP address by default, or the bridge module can set the IP address of the wireless broadband router in the LAN as the maintenance IP address (which can be understood as Make the maintenance IP address take effect). Exemplarily, the pseudo IP address may be 172.28.28.28.
702、桥接模块向防火墙模块下发SNAT规则。702. The bridging module delivers the SNAT rule to the firewall module.
步骤702在具体实现时,桥接模块可以通过iptables向防火墙模块下发SNAT规则。SNAT规则用于将报文中的伪IP地址转换为WAN侧IP地址,具体的,SNAT规则用于将源IP地址为伪IP地址的报文中的伪IP地址转换为WAN侧IP地址。此处的报文可以为下文中的握手报文。示例性的,无线宽带路由器的WAN侧IP地址为10.62.17.183。示例性的,SNAT规则可以表示为:iptables-t nat-A POSTROUTING-s 172.28.28.28-j SNAT--to-source 10.62.17.183。其中,“iptables”表示配置工具为iptables,“t nat-A POSTROUTING”表示该规则添加到名为nat的表中的名为POSTROUTING的主链中,“s 172.28.28.28”表示修改前的IP地址为172.28.28.28,“SNAT”表示防火墙规则为SNAT规则,“to-source 10.62.17.183”表示修改后的IP地址为10.62.17.183。When step 702 is specifically implemented, the bridging module may issue SNAT rules to the firewall module through iptables. The SNAT rule is used to convert the pseudo IP address in the packet to the WAN side IP address. Specifically, the SNAT rule is used to convert the pseudo IP address in the packet whose source IP address is the pseudo IP address to the WAN side IP address. The message here may be a handshake message hereinafter. Exemplarily, the WAN side IP address of the wireless broadband router is 10.62.17.183. Exemplarily, the SNAT rule can be expressed as: iptables-t nat-A POSTROUTING-s 172.28.28.28-j SNAT--to-source 10.62.17.183. Among them, "iptables" indicates that the configuration tool is iptables, "t nat-A POSTROUTING" indicates that the rule is added to the main chain named POSTROUTING in the table named nat, and "s 172.28.28.28" indicates the IP address before modification It is 172.28.28.28, "SNAT" indicates that the firewall rule is a SNAT rule, and "to-source 10.62.17.183" indicates that the modified IP address is 10.62.17.183.
703、防火墙模块将接收到的SNAT规则生效。703. The firewall module takes the received SNAT rule into effect.
步骤703在具体实现时,生效SNAT规则包括:存储伪IP地址和WAN侧IP地址之间的对应关系。防火墙模块接收到桥接模块发送的SNAT规则后,解析该SNAT规则,根据SNAT规则生成第一转换规则和第二转换规则。第一转换规则用于,在判断报文(例如,防火墙模块从本机业务模块接收到的握手报文,比如下文中的第一次握手报文和第三次握手报文)中携带伪IP地址的情况下,将报文中的伪IP地址转换为WAN侧IP地址,第二转换规则用于,在判断报文(例如,防火墙模块从业务服务器接收到的握手报文,比如下文中的第二次握手报文)中携带WAN侧IP地址的情况下,将报文中的WAN侧IP地址转换为伪IP地址。When step 703 is specifically implemented, validating the SNAT rule includes: storing the correspondence between the pseudo IP address and the WAN side IP address. After receiving the SNAT rule sent by the bridging module, the firewall module parses the SNAT rule, and generates a first translation rule and a second translation rule according to the SNAT rule. The first conversion rule is used to carry the pseudo IP in the judgment packet (for example, the handshake packet received by the firewall module from the local service module, such as the first handshake packet and the third handshake packet below) In the case of an address, the pseudo IP address in the message is converted into the WAN side IP address, and the second conversion rule is used to determine the message (for example, the handshake message received by the firewall module from the service server, such as the following In the case that the WAN side IP address is carried in the second handshake message), the WAN side IP address in the message is converted into a pseudo IP address.
示例性的,防火墙模块可以建立与SNAT规则对应的内部钩子函数(hook函数)来检测报文是否满足SNAT规则,以便对报文进行精确匹配。Exemplarily, the firewall module may establish an internal hook function (hook function) corresponding to the SNAT rule to detect whether the packet satisfies the SNAT rule, so as to precisely match the packet.
704、桥接模块向本机业务模块发送伪IP地址。704. The bridging module sends a pseudo IP address to the local service module.
步骤704在具体实现时,桥接模块可以在步骤701之后,自发向本机业务模块发送伪IP地址,此时,步骤704与步骤702和步骤703的执行顺序不分先后。在另一种情况下,本机业务模块可以在需要时(例如,在确定与业务服务器建立连接时),向桥接模块发送请求消息,该请求消息用于请求伪IP地址,桥接模块可以基于该请求消息向本机业务模块发送伪IP地址,伪IP地址可以携带在该请求消息的响应消息中。When step 704 is specifically implemented, the bridging module may spontaneously send a pseudo IP address to the local service module after step 701. At this time, step 704, step 702 and step 703 are executed in no particular order. In another case, the local service module can send a request message to the bridging module when needed (for example, when it is determined to establish a connection with the service server), the request message is used to request a pseudo IP address, and the bridging module can The request message sends a pseudo IP address to the local service module, and the pseudo IP address may be carried in the response message of the request message.
705、本机业务模块与业务服务器建立连接。705. The local service module establishes a connection with the service server.
需要说明的是,本机业务一般属于自启动、固定周期业务,比如OTA在线升级,每隔24小时,本机的OTA升级模块主动和WAN中的OTA服务器建立连接,查询是否存在新固件。It should be noted that the local service is generally a self-starting, fixed-cycle service, such as OTA online upgrade. Every 24 hours, the local OTA upgrade module actively establishes a connection with the OTA server in the WAN to check whether there is new firmware.
步骤705在具体实现时,本机业务模块可以在业务的执行周期到达时,与业务 服务器建立连接。以OTA在线升级为例,本机的OTA升级模块可以在OTA在线升级业务的执行周期到达时,与WAN中的OTA服务器建立连接。When step 705 is specifically implemented, the local service module may establish a connection with the service server when the execution period of the service arrives. Taking the OTA online upgrade as an example, the local OTA upgrade module can establish a connection with the OTA server in the WAN when the execution period of the OTA online upgrade service arrives.
步骤705在具体实现时,本机业务模块与业务服务器可以执行三次握手,在三次握手的过程中,防火墙模块根据SNAT规则(具体根据第一转换规则)将接收到的来自于本机业务模块的握手报文中的伪IP地址替换为WAN侧IP地址,并发送给业务服务器,还根据SNAT规则(具体根据第二转换规则)将接收到的来自于业务服务器的握手报文中的WAN侧IP地址替换为伪IP地址,并发送给本机业务模块。When step 705 is specifically implemented, the local service module and the service server can perform three-way handshake, and in the process of the three-way handshake, the firewall module will receive the received data from the local service module according to the SNAT rule (specifically according to the first conversion rule). The pseudo IP address in the handshake packet is replaced with the WAN side IP address, and sent to the service server, and the WAN side IP address in the received handshake packet from the service server is also changed according to the SNAT rule (specifically according to the second conversion rule). The address is replaced with a pseudo IP address and sent to the local service module.
其中,步骤705的具体实现过程包括:Wherein, the specific implementation process of step 705 includes:
11)本机业务模块向防火墙模块发送第一次握手报文,第一次握手报文用于请求与业务服务器建立连接。其中,第一次握手报文的报文头携带的源IP地址为伪IP地址(即172.28.28.28),目的IP地址为业务服务器的IP地址(本申请中假设为118.194.55.121)。11) The local service module sends a first handshake message to the firewall module, and the first handshake message is used to request to establish a connection with the service server. The source IP address carried in the header of the first handshake packet is a pseudo IP address (ie 172.28.28.28), and the destination IP address is the IP address of the service server (it is assumed to be 118.194.55.121 in this application).
其中,第一次握手报文可以称为建立联机(synchronous,SYN)报文。The first handshake message may be referred to as a connection establishment (synchronous, SYN) message.
12)防火墙模块根据SNAT规则,将第一次握手报文中的伪IP地址(即172.28.28.28)替换为WAN侧IP地址(即10.62.17.183)。12) The firewall module replaces the pseudo IP address (ie 172.28.28.28) in the first handshake message with the WAN side IP address (ie 10.62.17.183) according to the SNAT rule.
步骤12)在具体实现时,防火墙模块根据由SNAT规则生成的第一转换规则将第一次握手报文中的伪IP地址(即172.28.28.28)替换为WAN侧IP地址(即10.62.17.183)。通过将第一次握手报文中的伪IP地址转换为WAN侧IP地址,可以使得发送给业务服务器的第一次握手报文中携带WAN侧IP地址,从而可以使得业务服务器识别该报文。Step 12) During specific implementation, the firewall module replaces the pseudo IP address (ie 172.28.28.28) in the first handshake message with the WAN side IP address (ie 10.62.17.183) according to the first translation rule generated by the SNAT rule. . By converting the pseudo IP address in the first handshake packet to the WAN side IP address, the first handshake packet sent to the service server can carry the WAN side IP address, so that the service server can identify the packet.
步骤12)在具体实现时,防火墙模块可以根据第一次握手报文中的源IP地址和目的IP地址确定第一次握手报文是否与第一转换规则或第二转换规则匹配,由于源IP地址为伪IP地址,则确定第一次握手报文与第一转换规则匹配。该情况下,执行步骤12)。Step 12) During concrete realization, the firewall module can determine whether the first handshake message matches the first conversion rule or the second conversion rule according to the source IP address and the destination IP address in the first handshake message, because the source IP If the address is a pseudo IP address, it is determined that the first handshake packet matches the first translation rule. In this case, go to step 12).
13)防火墙模块向业务服务器发送第一次握手报文。此时,第一次握手报文的报文头中的源IP地址为WAN侧IP地址(即10.62.17.183)。13) The firewall module sends the first handshake message to the service server. At this time, the source IP address in the packet header of the first handshake packet is the WAN side IP address (ie, 10.62.17.183).
业务服务器接收到第一次握手报文之后,解析第一次握手报文,确定第一次握手报文中的目的IP地址与业务服务器的IP地址相同,确定完成第一次握手。After receiving the first handshake packet, the service server parses the first handshake packet, determines that the destination IP address in the first handshake packet is the same as the IP address of the service server, and determines that the first handshake is completed.
14)业务服务器向防火墙模块发送第二次握手报文(也可以认为是第一次握手报文的响应报文),第二次握手报文的报文头中的源IP地址为业务服务器的IP地址(即118.194.55.121),目的IP地址为WAN侧IP地址(即10.62.17.183)。14) The service server sends a second handshake message to the firewall module (which can also be considered as a response message to the first handshake message), and the source IP address in the header of the second handshake message is the service server's source IP address. The IP address (ie 118.194.55.121), and the destination IP address is the WAN side IP address (ie 10.62.17.183).
其中,第二次握手报文可以称为建立联机确定(synchronous-acknowledgement,SYN-ACK)。第二次握手报文是业务服务器在接收到第一次握手报文后,向无线宽带路由器发送的。The second handshake message may be referred to as establishing a connection confirmation (synchronous-acknowledgement, SYN-ACK). The second handshake message is sent by the service server to the wireless broadband router after receiving the first handshake message.
15)防火墙模块接收到第二次握手报文后,根据SNAT规则将第二次握手报文中的WAN侧IP地址(即10.62.17.183)替换为伪IP地址(即172.28.28.28)。15) After receiving the second handshake message, the firewall module replaces the WAN side IP address (ie 10.62.17.183) in the second handshake message with a pseudo IP address (ie 172.28.28.28) according to the SNAT rule.
步骤15)在具体实现时,防火墙模块根据由SNAT规则生成的第二转换规则将第二次握手报文中的WAN侧IP地址(即10.62.17.183)替换为伪IP地址(即172.28.28.28)。通过将第二次握手报文中的WAN侧IP地址转换为伪IP地址,可以 使得发送给本机业务模块的第二次握手报文中携带伪IP地址,从而可以使得本机业务模块识别该报文。Step 15) During specific implementation, the firewall module replaces the WAN side IP address (ie 10.62.17.183) in the second handshake message with a pseudo IP address (ie 172.28.28.28) according to the second translation rule generated by the SNAT rule . By converting the WAN side IP address in the second handshake packet into a pseudo IP address, the second handshake packet sent to the local service module can carry the pseudo IP address, so that the local service module can identify the fake IP address. message.
步骤15)在具体实现时,防火墙模块可以根据第二次握手报文中的源IP地址和目的IP地址确定第二次握手报文是否与第一转换规则或第二转换规则匹配,由于目的IP地址为WAN侧IP地址,则确定第二次握手报文与第二转换规则匹配。该情况下,执行步骤15)。Step 15) when concretely realized, the firewall module can determine whether the second handshake message matches the first conversion rule or the second conversion rule according to the source IP address and the destination IP address in the second handshake message, because the destination IP If the address is the WAN side IP address, it is determined that the second handshake packet matches the second translation rule. In this case, go to step 15).
16)防火墙模块向本机业务模块发送第二次握手报文。此时,第二次握手报文的报文头中的目的IP地址为伪IP地址(即172.28.28.28)。16) The firewall module sends a second handshake message to the local service module. At this time, the destination IP address in the packet header of the second handshake packet is a pseudo IP address (ie, 172.28.28.28).
本机业务模块接收到第二次握手报文之后,解析第二次握手报文,确定第二次握手报文中的目的IP地址与伪IP地址相同,确定完成第二次握手。After receiving the second handshake packet, the local service module parses the second handshake packet, determines that the destination IP address in the second handshake packet is the same as the pseudo IP address, and determines to complete the second handshake.
17)本机业务模块向防火墙模块发送第三次握手报文,第三次握手报文的报文头携带的源IP地址为伪IP地址(即172.28.28.28),目的IP地址为业务服务器的IP地址(即118.194.55.121)。17) The local service module sends the third handshake message to the firewall module. The source IP address carried in the header of the third handshake message is the pseudo IP address (ie 172.28.28.28), and the destination IP address is the service server's. IP address (ie 118.194.55.121).
其中,第三次握手报文可以称为ACK报文。第三次握手报文是本机业务模块在接收到第二次握手报文后,向防火墙模块发送的。The third handshake message may be called an ACK message. The third handshake message is sent by the local service module to the firewall module after receiving the second handshake message.
18)防火墙模块根据SNAT规则,将第三次握手报文中的伪IP地址(即172.28.28.28)替换为WAN侧IP地址(即10.62.17.183)。18) The firewall module replaces the pseudo IP address (ie 172.28.28.28) in the third handshake message with the WAN side IP address (ie 10.62.17.183) according to the SNAT rule.
步骤18)的具体实现与步骤12)类似,可参考进行理解,不再赘述。The specific implementation of step 18) is similar to that of step 12), which can be understood by reference, and will not be repeated here.
19)防火墙模块向业务服务器发送第三次握手报文。此时,第三次握手报文的报文头中的源IP地址为WAN侧IP地址(即10.62.17.183)。19) The firewall module sends a third handshake message to the service server. At this time, the source IP address in the packet header of the third handshake packet is the WAN side IP address (ie, 10.62.17.183).
业务服务器接收到第三次握手报文之后,解析第三次握手报文,确定第三次握手报文中的目的IP地址与业务服务器的IP地址相同,确定完成第三次握手。After receiving the third handshake packet, the service server parses the third handshake packet, determines that the destination IP address in the third handshake packet is the same as the IP address of the service server, and determines that the third handshake is completed.
三次握手成功后,本机业务模块可以与业务服务器之间进行数据通信,实现本机业务。After the three-way handshake is successful, the local service module can perform data communication with the service server to realize local service.
实施例一中无线宽带路由器和业务服务器通过传输控制协议(transmission control protocol,TCP)通信协议通信,TCP通信协议的三次握手、TCP协议本身的报文格式等参见国际组织互联网工程任务组(The Internet Engineering Task Force,IETF)发布的请求评论文档(Request For Comments,RFC)793规范,实施例一中不涉及报文格式、TCP连接建立流程的变更,因此,不再详细描述。In the first embodiment, the wireless broadband router and the service server communicate through the transmission control protocol (transmission control protocol, TCP) communication protocol. The Request For Comments (RFC) 793 specification issued by Engineering Task Force, IETF) does not involve changes in the message format and the TCP connection establishment process in Embodiment 1, so it will not be described in detail.
需要说明的是,通过无线宽带路由器的维测接口,可以获取无线宽带路由器当前WAN口网卡eth_x(网卡名称)上配置的IP地址,据此可以确定无线宽带路由器的IP地址为哪个IP地址。其中,当无线宽带路由器工作在路由模式时,无线宽带路由器的IP地址为WAN侧IP地址,当无线宽带路由器工作在桥模式时,无线宽带路由器的IP地址为伪地址。示例性的,通过在无线宽带路由器的维测接口上输入“ifconfig”命令,可以查看到eth_x的网卡信息如下:It should be noted that through the maintenance test interface of the wireless broadband router, the IP address configured on the current WAN port network card eth_x (network card name) of the wireless broadband router can be obtained, according to which the IP address of the wireless broadband router can be determined. Wherein, when the wireless broadband router works in routing mode, the IP address of the wireless broadband router is the IP address of the WAN side, and when the wireless broadband router works in bridge mode, the IP address of the wireless broadband router is a pseudo address. Exemplarily, by entering the "ifconfig" command on the maintenance test interface of the wireless broadband router, you can view the network card information of eth_x as follows:
root:/$ifconfigroot:/$ifconfig
eth_x Link encap:Ethernet HWaddr 58:02:03:04:05:06eth_x Link encap:Ethernet HWaddr 58:02:03:04:05:06
inet addr:172.28.28.28 Mask:255.255.0.0inet addr: 172.28.28.28 Mask: 255.255.0.0
inet6 addr:fe80::5a02:3ff:fe04:506/64 Scope:Linkinet6 addr:fe80::5a02:3ff:fe04:506/64 Scope:Link
UP RUNNING MTU:1500 Metric:1UP RUNNING MTU:1500 Metric:1
RX packets:25 errors:0 dropped:0 overruns()frame:0RX packets: 25 errors: 0 dropped: 0 overruns() frame: 0
TX packets:25 errors:0 dropped:7 overruns()carrier:0TX packets: 25 errors: 0 dropped: 7 overruns() carrier: 0
collisions:()txqueuelen:1000collisions:()txqueuelen:1000
RX bytes:8618(8.4KiB)TX bytes:2629(2.5KiB)RX bytes: 8618(8.4KiB)TX bytes: 2629(2.5KiB)
其中,“root:/$ifconfig”表示“在root目录下输入命令ifconfig”。Among them, "root:/$ifconfig" means "enter the command ifconfig in the root directory".
“eth_x Link encap:Ethernet HWaddr 58:02:03:04:05:06”用于指示网卡的硬件类型。"eth_x Link encap:Ethernet HWaddr 58:02:03:04:05:06" is used to indicate the hardware type of the network card.
“inet addr:172.28.28.28 Mask:255.255.0.0”用于指示网卡的IP地址(IPv4地址)172.28.28.28以及IP地址对应的掩码255.255.0.0。"inet addr: 172.28.28.28 Mask: 255.255.0.0" is used to indicate the IP address (IPv4 address) 172.28.28.28 of the network card and the mask 255.255.0.0 corresponding to the IP address.
“inet6 addr:fe80::5a02:3ff:fe04:506/64 Scope:Link”用于指示网卡的IPv6地址fe80::5a02:3ff:fe04:506/64,并且指示该IPv6地址为链路地址。"inet6 addr:fe80::5a02:3ff:fe04:506/64 Scope:Link" is used to indicate the IPv6 address of the network card fe80::5a02:3ff:fe04:506/64, and indicates that the IPv6 address is a link address.
“UP RUNNING MTU:1500 Metric:1”用于指示当前网卡的运行状态。"UP RUNNING MTU:1500 Metric:1" is used to indicate the running status of the current network card.
“RX packets:25 errors:0 dropped:0 overruns()frame:0"RX packets: 25 errors: 0 dropped: 0 overruns() frame: 0
TX packets:25 errors:0 dropped:7 overruns()carrier:0TX packets: 25 errors: 0 dropped: 7 overruns() carrier: 0
collisions:()txqueuelen:1000collisions:()txqueuelen:1000
RX bytes:8618(8.4KiB)TX bytes:2629(2.5KiB)”用于指示当前网卡的收发数据包的状态。RX bytes:8618(8.4KiB)TX bytes:2629(2.5KiB)" is used to indicate the status of the current network card's sending and receiving data packets.
由此可知,通过在无线宽带路由器的维测接口上输入“ifconfig”命令,可以查看无线宽带路由器的IP地址,该示例中,IP地址为172.28.28.28。该示例中各个参数的具体含义为现有的,不再赘述。It can be seen that by entering the "ifconfig" command on the maintenance test interface of the wireless broadband router, you can view the IP address of the wireless broadband router. In this example, the IP address is 172.28.28.28. The specific meanings of the parameters in this example are existing and will not be described again.
需要说明的是,通过无线宽带路由器的维测接口,还可以获取SNAT规则。示例性的,通过在无线宽带路由器的维测接口上输入“iptables-t nat-nvl”命令,可以查看到的防火墙规则如下:It should be noted that SNAT rules can also be obtained through the maintenance test interface of the wireless broadband router. Exemplarily, by entering the "iptables-t nat-nvl" command on the maintenance interface of the wireless broadband router, the firewall rules that can be viewed are as follows:
root:/$iptables-t nat-nvlroot:/$iptables-t nat-nvl
Chain POSTROUTING(policy ACCEPT 93 packets,5588bytes)Chain POSTROUTING(policy ACCEPT 93 packets,5588bytes)
pkts bytes target prot opt in out source destinationpkts bytes target prot opt in out source destination
101 6072 BRIDGE_LOCAL_SERVICE all--**0.0.0.0/0 0.0.0.0/0101 6072 BRIDGE_LOCAL_SERVICE all--**0.0.0.0/0 0.0.0.0/0
Chain BRIDGE_LOCAL_SERVICE(1 references)Chain BRIDGE_LOCAL_SERVICE(1 references)
pkts bytes target prot opt in out source destinationpkts bytes target prot opt in out source destination
40 2748 SNAT all--**172.28.28.28 0.0.0.0/0 to:10.62.17.18340 2748 SNAT all--**172.28.28.28 0.0.0.0/0 to:10.62.17.183
其中,“root:/$iptables-t nat-nvl”表示“在root目录下输入命令iptables-t nat-nvl”。Among them, "root:/$iptables-t nat-nvl" means "enter the command iptables-t nat-nvl in the root directory".
“Chain POSTROUTING(policy ACCEPT 93 packets,5588bytes)"Chain POSTROUTING(policy ACCEPT 93 packets, 5588bytes)
pkts bytes target prot opt in out source destinationpkts bytes target prot opt in out source destination
101 6072 BRIDGE_LOCAL_SERVICE all--**0.0.0.0/0 0.0.0.0/0”表示POSTROUTING的主链的防火墙规则中包含一个BRIDGE_LOCAL_SERVICE的子链。101 6072 BRIDGE_LOCAL_SERVICE all--**0.0.0.0/0 0.0.0.0/0" means that the firewall rule of the main chain of POSTROUTING contains a sub-chain of BRIDGE_LOCAL_SERVICE.
“Chain BRIDGE_LOCAL_SERVICE(1 references)"Chain BRIDGE_LOCAL_SERVICE(1 references)
pkts bytes target prot opt in out source destinationpkts bytes target prot opt in out source destination
40 2748 SNAT all--**172.28.28.28 0.0.0.0/0 to:10.62.17.183”表示BRIDGE_LOCAL_SERVICE的子链的防火墙规则。具体的,“Chain BRIDGE_LOCAL_SERVICE”表示“防火墙规则所在的链,此处BRIDGE_LOCAL_SERVICE为桥模式本机服务的子链,该子链挂接在防火墙的主链POSTROUTING上”;“1 references”表示被别的链引用的次数;“pkts”表示接收到的数据包的个数,此处为40;“bytes”表示接收到的数据包的总字节数,此处为2748;“target”表示防火墙命中的目标规则,此处为SNAT规则;“prot”表示防火墙规则适用的网络协议,此处为all,表示适用所有的网络协议;“opt”表示防火墙规则的可选项,此处为“--”号表示不存在;“in”和“out”分别表示报文从哪个网卡接收进来,从哪个网卡发送出去,此处均为*表示任意网卡均可;“source”表示防火墙规则中需要替换的源IP地址,此处为伪IP地址172.28.28.28;“destination”表示防火墙规则中替换后源IP地址,此处为WAN侧IP地址10.62.17.183;“0.0.0.0/0”表示防火墙规则适用于所有的目的IP地址。40 2748 SNAT all--**172.28.28.28 0.0.0.0/0 to:10.62.17.183" indicates the firewall rules of the sub-chain of BRIDGE_LOCAL_SERVICE. Specifically, "Chain BRIDGE_LOCAL_SERVICE" indicates "the chain where the firewall rules are located, where BRIDGE_LOCAL_SERVICE is The sub-chain of the bridge mode local service, the sub-chain is attached to the main chain POSTROUTING of the firewall"; "1 references" indicates the number of times it is referenced by other chains; "pkts" indicates the number of received packets, this is 40; "bytes" indicates the total number of bytes of received packets, here is 2748; "target" indicates the target rule hit by the firewall, here is the SNAT rule; "prot" indicates the network protocol applicable to the firewall rule , here is all, indicating that all network protocols are applicable; "opt" indicates an optional option for firewall rules, where "--" means it does not exist; "in" and "out" indicate which network card the packet is received from. In, which network card to send from, here are all * means any network card can be; "source" means the source IP address that needs to be replaced in the firewall rule, here is the pseudo IP address 172.28.28.28; "destination" means in the firewall rule Replace the source IP address, here is the WAN side IP address 10.62.17.183; "0.0.0.0/0" indicates that the firewall rule applies to all destination IP addresses.
在该示例中,BRIDGE_LOCAL_SERVICE的子链的防火墙规则为上文中的SNAT规则。In this example, the firewall rule of the subchain of BRIDGE_LOCAL_SERVICE is the SNAT rule above.
实施例一提供的方法,通过将无线宽带路由器的本机IP地址设定为伪IP地址,并采用SNAT规则进行伪IP地址和WAN侧IP地址的转换,可以使得工作在桥模式下的无线宽带路由器正常的进行本机业务,例如,进行OTA在线升级,从而保证重大技术缺陷、需求变更、安全漏洞等及时合入,提升了产品可靠性。The method provided by the first embodiment, by setting the local IP address of the wireless broadband router as a pseudo IP address, and using SNAT rules to convert the pseudo IP address and the WAN side IP address, can make the wireless broadband working in bridge mode. The router normally performs local services, such as OTA online upgrade, so as to ensure the timely integration of major technical defects, requirements changes, security loopholes, etc., and improve product reliability.
上述实施例一中以无线宽带路由器中的各个模块通过交互执行上述方法为例对本申请提供的报文处理方法进行描述,若不划分上述各个模块,实施例一提供的报文处理方法可以通过图8所示的过程实现,具体包括:In the first embodiment, the packet processing method provided by the present application is described by taking each module in the wireless broadband router as an example to perform the above method interactively. The process shown in 8 is realized, including:
801、无线宽带路由器向业务服务器发送携带WAN侧IP地址的第一次握手报文,携带WAN侧IP地址的第一次握手报文用于请求与业务服务器建立连接,携带WAN侧IP地址的第一次握手报文中的源IP地址为WAN侧IP地址,目的IP地址为业务服务器的IP地址。相应的,业务服务器接收来自于无线宽带路由器的携带WAN侧IP地址的第一次握手报文。801. The wireless broadband router sends a first handshake packet carrying the IP address of the WAN side to the service server, the first handshake packet carrying the IP address of the WAN side is used to request to establish a connection with the service server, and the first handshake packet carrying the IP address of the WAN side is used to request the establishment of a connection with the service server. The source IP address in the one-time handshake packet is the IP address of the WAN side, and the destination IP address is the IP address of the service server. Correspondingly, the service server receives the first handshake message carrying the WAN side IP address from the wireless broadband router.
其中,无线宽带路由器工作在桥模式,无线宽带路由器中存储有伪IP地址和SNAT规则,SNAT规则用于将伪IP地址转换为WAN侧IP地址。The wireless broadband router works in bridge mode, and the wireless broadband router stores pseudo IP addresses and SNAT rules, and the SNAT rules are used to convert the pseudo IP addresses into WAN side IP addresses.
可选的,参见图8,在步骤801之前,该方法还包括步骤800a和步骤800b:Optionally, referring to FIG. 8, before step 801, the method further includes step 800a and step 800b:
800a、无线宽带路由器生成携带伪IP地址的第一次握手报文,携带伪IP地址的第一次握手报文中的源IP地址为伪IP地址,目的IP地址为业务服务器的IP地址。800a. The wireless broadband router generates a first handshake packet carrying a pseudo IP address, where the source IP address in the first handshake packet carrying the pseudo IP address is the pseudo IP address, and the destination IP address is the IP address of the service server.
800b、无线宽带路由器根据SNAT规则将携带伪IP地址的第一次握手报文中的伪IP地址转换为WAN侧IP地址,得到携带WAN侧IP地址的第一次握手报文。800b, the wireless broadband router converts the pseudo IP address in the first handshake packet carrying the pseudo IP address into the WAN side IP address according to the SNAT rule, and obtains the first handshake packet carrying the WAN side IP address.
802、业务服务器向无线宽带路由器发送携带WAN侧IP地址的第二次握手报文,第二次握手报文是业务服务器在接收到第一次握手报文后,向无线宽带路由器发送的,第二次握手报文中的源IP地址为业务服务器的IP地址,目的IP地址为WAN侧IP地址。相应的,无线宽带路由器接收业务服务器发送的携带WAN 侧IP地址的第二次握手报文。802. The service server sends a second handshake packet carrying the IP address of the WAN side to the wireless broadband router. The second handshake packet is sent by the service server to the wireless broadband router after receiving the first handshake packet, and the second handshake packet is sent to the wireless broadband router. The source IP address in the second handshake packet is the IP address of the service server, and the destination IP address is the WAN side IP address. Correspondingly, the wireless broadband router receives the second handshake message that carries the IP address of the WAN side and is sent by the service server.
803、无线宽带路由器根据SNAT规则将接收到的携带WAN侧IP地址的第二次握手报文中的WAN侧IP地址转换为伪IP地址。803. The wireless broadband router converts the WAN side IP address in the received second handshake message carrying the WAN side IP address into a pseudo IP address according to the SNAT rule.
可选的,在步骤803之后,参见图8,该方法还包括:Optionally, after step 803, referring to FIG. 8, the method further includes:
804、无线宽带路由器向业务服务器发送携带WAN侧IP地址的第三次握手报文,携带WAN侧IP地址的第三次握手报文中的源IP地址为WAN侧IP地址,目的IP地址为业务服务器的IP地址。相应的,业务服务器接收来自于无线宽带路由器的携带WAN侧IP地址的第三次握手报文。804. The wireless broadband router sends a third handshake packet carrying the IP address of the WAN side to the service server, and the source IP address in the third handshake packet carrying the IP address of the WAN side is the IP address of the WAN side, and the destination IP address is the service The IP address of the server. Correspondingly, the service server receives the third handshake message carrying the IP address of the WAN side from the wireless broadband router.
与第一次握手报文类似的,携带WAN侧IP地址的第三次握手报文也可以是对携带伪IP地址的第三次握手报文中的伪IP地址转换为WAN侧IP地址后得到的。携带伪IP地址的第三次握手报文可以为无线宽带路由器生成的。Similar to the first handshake packet, the third handshake packet carrying the WAN side IP address can also be obtained by converting the pseudo IP address in the third handshake packet carrying the pseudo IP address into the WAN side IP address. of. The third-way handshake message carrying the pseudo IP address can be generated by the wireless broadband router.
另外,无线宽带路由器还可以根据SNAT规则生成上述第一转换规则和上述第二转换规则。图8所示的方法的相关解释以及具体实现可参见图7所示的实施例,只需认为无线宽带路由器中的各个模块之间的交互不存在,并且将无线宽带路由器中的各个模块执行的动作均理解为无线宽带路由器执行的动作即可,不再赘述。In addition, the wireless broadband router may also generate the above-mentioned first conversion rule and the above-mentioned second conversion rule according to the SNAT rule. For the related explanation and specific implementation of the method shown in FIG. 8 , refer to the embodiment shown in FIG. 7 . It only needs to be considered that the interaction between the various modules in the wireless broadband router does not exist, and the execution of the various modules in the wireless broadband router is performed. The actions can be understood as actions performed by the wireless broadband router, and will not be repeated here.
实施例二Embodiment 2
在实施例二中,无线宽带路由器工作在桥模式时,家庭路由器连接的终端通过家庭路由器向无线宽带路由器发送第一域名(即本机域名,本申请具体实施方式中将第一域名称为本机域名)的DNS域名解析请求,无线宽带路由器对该DNS域名解析请求不再透传,而是进行拦截,并将本机域名解析为无线宽带路由器的维护IP地址,然后将DNS域名解析请求的响应返回给访问本机域名的终端,从而使得家庭路由器连接的终端可以通过本机域名访问web维护页面,配置和查看运行参数。In the second embodiment, when the wireless broadband router works in the bridge mode, the terminal connected to the home router sends the first domain name (that is, the local domain name) to the wireless broadband router through the home router. The wireless broadband router will no longer transparently transmit the DNS domain name resolution request, but will intercept it, and resolve the local domain name to the maintenance IP address of the wireless broadband router, and then resolve the DNS domain name to the requested address. The response is returned to the terminal accessing the local domain name, so that the terminal connected to the home router can access the web maintenance page through the local domain name, and configure and view operating parameters.
参见图9,实施例二提供的域名解析方法涉及到的无线宽带路由器的功能模块包括:位于应用态中的桥接模块和DNS域名解析代理模块,位于Linux内核路由协议栈中的DNS域名请求拦截模块和DNS域名解析响应模块。实施例二新增了DNS域名请求拦截模块,还改进了桥接模块和DNS域名解析响应模块。各个模块的功能如下:Referring to FIG. 9 , the functional modules of the wireless broadband router involved in the domain name resolution method provided by the second embodiment include: a bridge module and a DNS domain name resolution proxy module located in the application state, and a DNS domain name request interception module located in the Linux kernel routing protocol stack. And DNS domain name resolution response module. The second embodiment adds a DNS domain name request interception module, and also improves the bridging module and the DNS domain name resolution response module. The functions of each module are as follows:
桥接模块:用于下发本机域名给DNS域名请求拦截模块。Bridging module: used to issue the local domain name to the DNS domain name request interception module.
DNS域名解析代理模块:用于接收本机域名的DNS域名解析请求,并在解析成功后,将解析结果发送给DNS域名解析响应模块。DNS域名解析代理模块存储有本机域名与维护IP地址的对应关系,该对应关系可以为出厂设置的。DNS domain name resolution proxy module: used to receive the DNS domain name resolution request of the local domain name, and after successful resolution, send the resolution result to the DNS domain name resolution response module. The DNS domain name resolution proxy module stores the corresponding relationship between the local domain name and the maintenance IP address, and the corresponding relationship can be factory-set.
DNS域名请求拦截模块:用于对接收到的所有DNS域名解析请求进行过滤,针对本机域名的DNS域名解析请求进行拦截,并转发到DNS域名解析代理模块进行解析。DNS domain name request interception module: used to filter all received DNS domain name resolution requests, intercept DNS domain name resolution requests for local domain names, and forward them to the DNS domain name resolution proxy module for resolution.
DNS域名解析响应模块:用于接收DNS域名解析代理模块解析后的解析结果,根据解析结果生成DNS域名解析请求的响应,并发送给发出DNS域名解析请求的终端。DNS domain name resolution response module: used to receive the resolution result after the DNS domain name resolution proxy module parses, generate a response to the DNS domain name resolution request according to the resolution result, and send it to the terminal that sends the DNS domain name resolution request.
各个模块更具体的作用可参见下文中的各个步骤。实施例二的应用场景可以为:用户使用终端(例如,PC、手机、平板电脑等)在浏览器的地址栏中输入本 机域名,访问无线宽带路由器的web维护页面,查看和设置无线宽带路由器的运行网络参数。参见图10,实施例二提供的域名解析方法包括:For more specific functions of each module, please refer to each step below. The application scenario of the second embodiment may be: the user uses a terminal (for example, a PC, a mobile phone, a tablet computer, etc.) to enter the local domain name in the address bar of the browser, access the web maintenance page of the wireless broadband router, and view and set the wireless broadband router. operating network parameters. Referring to FIG. 10 , the domain name resolution method provided by the second embodiment includes:
1001、无线宽带路由器启动后,桥接模块发送本机域名给DNS域名请求拦截模块。示例性的,本机域名可以为cpe.win。1001. After the wireless broadband router is started, the bridge module sends the local domain name to the DNS domain name request interception module. Exemplarily, the local domain name may be cpe.win.
其中,桥接模块可以从无线宽带路由器的出厂配置中读取本机域名。Among them, the bridging module can read the local domain name from the factory configuration of the wireless broadband router.
1002、DNS域名请求拦截模块保存本机域名,用于后续确定拦截哪个DNS域名解析请求。1002. The DNS domain name request interception module saves the domain name of the local machine for subsequent determination of which DNS domain name resolution request to intercept.
具体的,本机域名可以保存在无线宽带路由器的全局内存中。Specifically, the local domain name may be stored in the global memory of the wireless broadband router.
1003、用户在家庭路由器连接的终端(假设为第一终端)上的浏览器的地址栏输入本机域名cpe.win访问无线宽带路由器的web维护页面。1003 , the user enters the local domain name cpe.win in the address bar of the browser on the terminal (assumed to be the first terminal) connected to the home router to access the web maintenance page of the wireless broadband router.
1004、第一终端发送第一DNS域名解析请求给无线宽带路由器中的DNS域名请求拦截模块,第一DNS域名解析请求中携带有第二域名,第一DNS域名解析请求用于请求解析第二域名。1004. The first terminal sends a first DNS domain name resolution request to the DNS domain name request interception module in the wireless broadband router, where the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request to resolve the second domain name .
在图10所示的实施例中,第二域名也就是cpe.win。第一DNS域名解析请求中的源IP地址为第一终端的IP地址(假设为192.168.9.100),目的IP地址为DNS服务器IP地址(假设为10.98.48.123),查询的域名(query name)为cpe.win。In the embodiment shown in FIG. 10, the second domain name is cpe.win. The source IP address in the first DNS domain name resolution request is the IP address of the first terminal (assumed to be 192.168.9.100), the destination IP address is the DNS server IP address (assumed to be 10.98.48.123), and the query name is cpe.win.
1005、DNS域名请求拦截模块比较第一DNS域名解析请求查询的域名(也就是第二域名)与保存的本机域名。1005. The DNS domain name request interception module compares the domain name (that is, the second domain name) queried by the first DNS domain name resolution request with the saved local domain name.
具体的,步骤1005在具体实现时,DNS域名请求拦截模块在接收第一DNS域名解析请求之后,获取查询的域名(通过query name字段获取),并比较查询的域名与保存的本机域名。Specifically, when step 1005 is specifically implemented, the DNS domain name request interception module obtains the queried domain name (obtained through the query name field) after receiving the first DNS domain name resolution request, and compares the queried domain name with the saved local domain name.
1006、若查询的域名与保存的本机域名相同,DNS域名请求拦截模块发送第二DNS域名解析请求给DNS域名解析代理模块。1006. If the queried domain name is the same as the saved local domain name, the DNS domain name request interception module sends a second DNS domain name resolution request to the DNS domain name resolution proxy module.
第二DNS域名解析请求中的源IP地址为第一终端的IP地址(即192.168.9.100),目的IP地址为DNS服务器IP地址(即10.98.48.123),查询的域名(query name)为cpe.win。The source IP address in the second DNS domain name resolution request is the IP address of the first terminal (ie 192.168.9.100), the destination IP address is the DNS server IP address (ie 10.98.48.123), and the query name is cpe. win.
其中,第一DNS域名解析请求和第二DNS域名解析请求可以为相同的DNS域名解析请求,也可以为不同的DNS域名解析请求。The first DNS domain name resolution request and the second DNS domain name resolution request may be the same DNS domain name resolution request, or may be different DNS domain name resolution requests.
1007、DNS域名解析代理模块将第二DNS域名解析请求中的本机域名解析为维护IP地址(即192.168.8.1)。也就是说,DNS域名解析代理模块确定与本机域名相对应的无线宽带路由器的维护IP地址。1007. The DNS domain name resolution proxy module resolves the local domain name in the second DNS domain name resolution request into a maintenance IP address (ie, 192.168.8.1). That is to say, the DNS domain name resolution proxy module determines the maintenance IP address of the wireless broadband router corresponding to the local domain name.
其中,DNS域名解析代理模块根据本机域名与维护IP地址的对应关系将本机域名解析为维护IP地址。The DNS domain name resolution proxy module resolves the local domain name to the maintenance IP address according to the corresponding relationship between the local domain name and the maintenance IP address.
1008、DNS域名解析代理模块向DNS域名解析响应模块发送第一消息,第一消息携带有维护IP地址。1008. The DNS domain name resolution proxy module sends a first message to the DNS domain name resolution response module, where the first message carries the maintenance IP address.
进一步的,第一消息还携带有源IP地址为DNS服务器IP地址(即10.98.48.123),目的IP地址为第一终端的IP地址(即192.168.9.100),查询的域名(query name)为cpe.win等信息。Further, the first message also carries the source IP address as the DNS server IP address (ie 10.98.48.123), the destination IP address as the IP address of the first terminal (ie 192.168.9.100), and the query domain name (query name) as cpe .win and other information.
1009、DNS域名解析响应模块根据接收到的第一消息生成第一DNS域名解析请 求的响应。第一DNS域名解析请求的响应中包括维护IP地址。1009. The DNS domain name resolution response module generates a response to the first DNS domain name resolution request according to the received first message. The response to the first DNS domain name resolution request includes the maintenance IP address.
具体的,DNS域名解析响应模块对第一消息进行解析,并根据解析出的维护IP地址生成第一DNS域名解析请求的响应。Specifically, the DNS domain name resolution response module parses the first message, and generates a response to the first DNS domain name resolution request according to the parsed maintenance IP address.
1010、DNS域名解析响应模块向第一终端发送第一DNS域名解析请求的响应。1010. The DNS domain name resolution response module sends a response to the first DNS domain name resolution request to the first terminal.
第一DNS域名解析请求的响应中的源IP地址为DNS服务器IP地址(即10.98.48.123),目的IP地址为第一终端的IP地址(即192.168.9.100),查询的域名(query name)为cpe.win,查询结果(answer)为维护IP地址(即192.168.8.1)。The source IP address in the response of the first DNS domain name resolution request is the DNS server IP address (ie 10.98.48.123), the destination IP address is the IP address of the first terminal (ie 192.168.9.100), and the query name is cpe.win, the query result (answer) is the maintenance IP address (ie 192.168.8.1).
1011、第一终端使用维护IP地址访问无线宽带路由器的web维护页面。1011. The first terminal uses the maintenance IP address to access the web maintenance page of the wireless broadband router.
需要说明的是,DNS域名请求拦截模块仅拦截查询的域名为存储的本机域名的DNS域名解析请求,不拦截查询的域名为其他域名的DNS域名解析请求(即不拦截查询的域名为非本机域名的DNS域名解析请求)。为了使得上述实施例更加的清楚,以下对用户访问非本机域名的过程作示例性说明,参见图11,包括:It should be noted that the DNS domain name request interception module only intercepts DNS domain name resolution requests whose queried domain names are stored local domain names, and does not intercept DNS domain name resolution requests whose queried domain names are other domain names (that is, does not intercept queried domain names that are non-local. DNS domain name resolution request of the machine domain name). In order to make the above-mentioned embodiment more clear, the following is an exemplary description of the process of a user accessing a non-local domain name, referring to FIG. 11 , including:
1101-1102、与步骤1001和步骤1002分别相同。1101-1102 are the same as step 1001 and step 1002, respectively.
1103、用户在第一终端上的浏览器的地址栏输入www.XXX.com访问公网网站。1103. The user enters www.XXX.com in the address bar of the browser on the first terminal to access the public website.
1104、第一终端发送第三DNS域名解析请求给无线宽带路由器中的DNS域名请求拦截模块,第三DNS域名解析请求中携带有第二域名,第三DNS域名解析请求用于请求解析第二域名。1104. The first terminal sends a third DNS domain name resolution request to the DNS domain name request interception module in the wireless broadband router, where the third DNS domain name resolution request carries the second domain name, and the third DNS domain name resolution request is used to request to resolve the second domain name .
在图11所示的实施例中,第二域名也就是www.XXX.com。第三DNS域名解析请求中的源IP地址为第一终端的IP地址(假设为192.168.9.100),目的IP地址为DNS服务器IP地址(假设为10.98.48.123),查询的域名(query name)为www.XXX.com。In the embodiment shown in FIG. 11 , the second domain name is www.XXX.com. The source IP address in the third DNS domain name resolution request is the IP address of the first terminal (assumed to be 192.168.9.100), the destination IP address is the DNS server IP address (assumed to be 10.98.48.123), and the query name is www.XXX.com.
1105、DNS域名请求拦截模块比较第三DNS域名解析请求查询的域名(也就是第二域名)与保存的本机域名。步骤1105与上述步骤1005相同。1105. The DNS domain name request interception module compares the domain name (that is, the second domain name) queried by the third DNS domain name resolution request with the saved local domain name. Step 1105 is the same as step 1005 described above.
1106、若查询的域名与保存的本机域名不同,DNS域名请求拦截模块向DNS服务器发送第三DNS域名解析请求,第三DNS域名解析请求中携带有第二域名。1106. If the queried domain name is different from the saved local domain name, the DNS domain name request interception module sends a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries the second domain name.
在步骤1106之前,DNS服务器确定与第二域名相对应的IP地址。具体的,DNS服务器中存储有第二域名和IP地址之间的对应关系。DNS服务器可以根据该对应关系确定与第二域名相对应的IP地址。Before step 1106, the DNS server determines the IP address corresponding to the second domain name. Specifically, the DNS server stores the correspondence between the second domain name and the IP address. The DNS server may determine the IP address corresponding to the second domain name according to the corresponding relationship.
1107、DNS服务器根据第三DNS域名解析请求将www.XXX.com解析为IP地址(假设为10.3.42.32),并生成第三DNS域名解析请求的响应。步骤1107中,DNS服务器中存储有www.XXX.com与IP地址之间的对应关系,DNS服务器确定第三DNS域名解析请求中包括的域名为www.XXX.com时,可以根据该对应关系将www.XXX.com解析为对应的IP地址。1107. The DNS server resolves www.XXX.com to an IP address (assuming 10.3.42.32) according to the third DNS domain name resolution request, and generates a response to the third DNS domain name resolution request. In step 1107, the corresponding relationship between www.XXX.com and the IP address is stored in the DNS server. When the DNS server determines that the domain name included in the third DNS domain name resolution request is www.XXX.com, it can www.XXX.com resolves to the corresponding IP address.
1108、DNS服务器向第一终端发送第三DNS域名解析请求的响应。1108. The DNS server sends a response to the third DNS domain name resolution request to the first terminal.
步骤1108具体实现时,DNS服务器可以向DNS域名解析响应模块发送第三DNS域名解析请求的响应,DNS域名解析响应模块将第三DNS域名解析请求的响应发送给第一终端。When step 1108 is specifically implemented, the DNS server may send a response to the third DNS domain name resolution request to the DNS domain name resolution response module, and the DNS domain name resolution response module sends the response to the third DNS domain name resolution request to the first terminal.
其中,第三DNS域名解析请求的响应中的源IP地址为DNS服务器IP地址(即10.98.48.123),目的IP地址为第一终端的IP地址(即192.168.9.100),查询的域名(query name)为www.XXX.com,查询结果(answer)为www.XXX.com对应的IP地址(即 10.3.42.32)。The source IP address in the response of the third DNS domain name resolution request is the DNS server IP address (ie 10.98.48.123), the destination IP address is the IP address of the first terminal (ie 192.168.9.100), the query domain name (query name) ) is www.XXX.com, and the query result (answer) is the IP address corresponding to www.XXX.com (ie 10.3.42.32).
1109、第一终端获取到www.XXX.com对应的IP地址(即10.3.42.32)后,使用IP地址10.3.42.32访问公网网站。1109. After obtaining the IP address corresponding to www.XXX.com (ie, 10.3.42.32), the first terminal uses the IP address 10.3.42.32 to access the public website.
实施例二提供的方法,通过无线宽带路由器的维测接口,在无线宽带路由器的WAN口eth_x上抓取通信报文时,由于cpe.win的DNS域名解析请求被DNS域名请求拦截模块拦截,不会通过WAN口eth_x转发到WAN侧处理,所以这些通信报文中不会存在cpe.win的DNS域名解析请求以及该DNS域名解析请求的响应。In the method provided by the second embodiment, when the communication message is captured on the WAN port eth_x of the wireless broadband router through the dimension testing interface of the wireless broadband router, since the DNS domain name resolution request of cpe.win is intercepted by the DNS domain name request interception module, the It will be forwarded to the WAN side for processing through the WAN port eth_x, so the DNS domain name resolution request of cpe.win and the response of the DNS domain name resolution request will not exist in these communication packets.
实施例二中的DNS域名解析,DNS域名解析过程中的请求报文、响应报文格式参见IETF发布的RFC1034、RFC1035规范,实施例二不涉及报文格式的变更,因此,不再详细描述。The DNS domain name resolution in the second embodiment, the format of the request message and the response message in the DNS domain name resolution process, refer to the RFC1034 and RFC1035 specifications issued by the IETF. The second embodiment does not involve the change of the message format, so it will not be described in detail.
实施例二提供的方法,通过对访问本机域名的DNS域名解析请求进行拦截和解析,可以使得无线宽带路由器工作在桥模式下时,用户通过终端正常的访问本机域名的web维护页面,配置和查看无线宽带路由器的运行参数,降低了无线宽带路由器的维护复杂度,提升了无线宽带路由器的升级效率,提高了用户体验。In the method provided by the second embodiment, by intercepting and parsing the DNS domain name resolution request for accessing the local domain name, when the wireless broadband router works in the bridge mode, the user can normally access the web maintenance page of the local domain name through the terminal, and configure And view the operating parameters of the wireless broadband router, which reduces the maintenance complexity of the wireless broadband router, improves the upgrade efficiency of the wireless broadband router, and improves the user experience.
上述实施例二中以无线宽带路由器中的各个模块通过交互执行上述方法为例对本申请提供的域名解析方法进行描述,若不划分上述各个模块,实施例二提供的域名解析方法可以通过图12所示的过程实现,具体包括:In the second embodiment, the domain name resolution method provided by the present application is described by taking each module in the wireless broadband router as an example to perform the above method interactively. The shown process is realized, including:
1201、第一终端向无线宽带路由器发送第一DNS域名解析请求,第一DNS域名解析请求中携带有第二域名。相应的,无线宽带路由器从第一终端接收第一DNS域名解析请求。1201. The first terminal sends a first DNS domain name resolution request to the wireless broadband router, where the first DNS domain name resolution request carries the second domain name. Correspondingly, the wireless broadband router receives the first DNS domain name resolution request from the first terminal.
其中,无线宽带路由器工作在桥模式,无线宽带路由器存储有本机域名。第一DNS域名解析请求还包括源IP地址和目的IP地址,源IP地址为第一终端的IP地址,目的IP地址为DNS服务器的IP地址。The wireless broadband router works in a bridge mode, and the wireless broadband router stores a local domain name. The first DNS domain name resolution request further includes a source IP address and a destination IP address, where the source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
在无线宽带路由器确定第二域名与本机域名相同的情况下,执行步骤1202至步骤1204,在无线宽带路由器确定第二域名与本机域名不同的情况下,执行步骤1205至步骤1208。When the wireless broadband router determines that the second domain name is the same as the local domain name, go to steps 1202 to 1204, and when the wireless broadband router determines that the second domain name is different from the local domain name, go to steps 1205 to 1208.
1202、无线宽带路由器确定与本机域名相对应的无线宽带路由器的维护IP地址。1202. The wireless broadband router determines the maintenance IP address of the wireless broadband router corresponding to the domain name of the local machine.
其中,无线宽带路由器中可以存储有本机域名和维护IP地址之间的对应关系。无线宽带路由器可以根据该对应关系确定与本机域名相对应的无线宽带路由器的维护IP地址。The wireless broadband router may store the correspondence between the local domain name and the maintenance IP address. The wireless broadband router can determine the maintenance IP address of the wireless broadband router corresponding to the local domain name according to the corresponding relationship.
1203、无线宽带路由器向第一终端发送第一DNS域名解析请求的响应,第一DNS域名解析请求的响应中包括维护IP地址。相应的,第一终端从无线宽带路由器接收第一DNS域名解析请求的响应。1203. The wireless broadband router sends a response to the first DNS domain name resolution request to the first terminal, where the response to the first DNS domain name resolution request includes the maintenance IP address. Correspondingly, the first terminal receives a response to the first DNS domain name resolution request from the wireless broadband router.
1204、第一终端根据维护IP地址访问无线宽带路由器的Web维护页面。1204. The first terminal accesses the Web maintenance page of the wireless broadband router according to the maintenance IP address.
1205、无线宽带路由器向DNS服务器发送第三DNS域名解析请求,第三DNS域名解析请求中携带有第二域名。相应的,DNS服务器从无线宽带路由器接收第三DNS域名解析请求。1205. The wireless broadband router sends a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries the second domain name. Correspondingly, the DNS server receives the third DNS domain name resolution request from the wireless broadband router.
1206、DNS服务器确定与第二域名相对应的IP地址。1206. The DNS server determines an IP address corresponding to the second domain name.
其中,DNS服务器中可以存储有第二域名和IP地址之间的对应关系。DNS服务 器可以根据该对应关系确定与第二域名相对应的IP地址。The DNS server may store the correspondence between the second domain name and the IP address. The DNS server may determine the IP address corresponding to the second domain name according to the corresponding relationship.
1207、DNS服务器向第一终端发送第三DNS域名解析请求的响应,第三DNS域名解析请求的响应中包括第二域名相对应的IP地址。相应的,第一终端从DNS服务器接收第三DNS域名解析请求的响应。1207. The DNS server sends a response to the third DNS domain name resolution request to the first terminal, where the response to the third DNS domain name resolution request includes an IP address corresponding to the second domain name. Correspondingly, the first terminal receives a response to the third DNS domain name resolution request from the DNS server.
1208、第一终端根据第二域名相对应的IP地址访问第二域名对应的网页(即访问公网网站)。1208. The first terminal accesses a webpage corresponding to the second domain name according to the IP address corresponding to the second domain name (ie, accesses a public network website).
图12所示的方法的相关解释以及具体实现可参见图10和图11所示的实施例,只需认为无线宽带路由器中的各个模块之间的交互不存在,并且将无线宽带路由器中的各个模块执行的动作均理解为无线宽带路由器执行的动作即可,不再赘述。For the related explanation and specific implementation of the method shown in FIG. 12, refer to the embodiments shown in FIG. 10 and FIG. 11. It only needs to be considered that the interaction between various modules in the wireless broadband router does not exist, and the various modules in the wireless broadband router The actions performed by the module can be understood as actions performed by the wireless broadband router, and details are not repeated here.
上述实施例一和实施例二中,家庭路由器连接的终端和无线宽带路由器之间可以通过家庭路由器通信。上述实施例一和实施例二提供的方法可以结合,该情况下,无线宽带路由器包括的模块参见图13,各个模块的作用可参见上文,不再赘述。In the above-mentioned first and second embodiments, the terminal connected to the home router and the wireless broadband router may communicate through the home router. The methods provided in the first embodiment and the second embodiment may be combined. In this case, the modules included in the wireless broadband router are shown in FIG. 13 , and the functions of each module can be referred to above, and will not be repeated.
无线宽带路由器为了实现上述功能,其包含了执行各个功能相应的硬件结构和软件模块中的至少一个。本领域技术人员应该很容易意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。In order to realize the above-mentioned functions, the wireless broadband router includes at least one of the corresponding hardware structure and software module for executing each function. Those skilled in the art should easily realize that the present application can be implemented in hardware or a combination of hardware and computer software with the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein. Whether a function is performed by hardware or computer software driving hardware depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.
例如,本申请以硬件形式来实现时,本申请实施例还提供了一种无线宽带路由器的硬件结构示意图,参见图14或图15,该无线宽带路由器包括处理器1401,可选的,还包括与处理器1401连接的存储器1402。For example, when the present application is implemented in the form of hardware, an embodiment of the present application further provides a schematic diagram of the hardware structure of a wireless broadband router, see FIG. 14 or FIG. 15 , the wireless broadband router includes a processor 1401, and optionally, further includes Memory 1402 connected to processor 1401.
处理器1401可以是一个通用中央处理器(central processing unit,CPU)、微处理器、特定应用集成电路(application-specific integrated circuit,ASIC),或者一个或多个用于控制本申请方案程序执行的集成电路。处理器1401也可以包括多个CPU,并且处理器1401可以是一个单核(single-CPU)处理器,也可以是多核(multi-CPU)处理器。这里的处理器可以指一个或多个设备、电路或用于处理数据(例如计算机程序指令)的处理核。The processor 1401 can be a general-purpose central processing unit (central processing unit, CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more processors for controlling the execution of the programs of the present application. integrated circuit. The processor 1401 may also include multiple CPUs, and the processor 1401 may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, or processing cores for processing data (eg, computer program instructions).
存储器1402可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备、随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,本申请实施例对此不作任何限制。存储器1402可以是独立存在(此时,存储器1402可以位于无线宽带路由器外,也可以位于无线宽带路由器内),也可以和处理器1401集成在一起。其中,存储器1402中可以包含计算机程序代码。处理器1401用于执行存储器1402中存储的计算机程序代码,从而实现本申请实施例提供的方 法。The memory 1402 may be read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (RAM), or other type of static storage device that can store information and instructions It can also be an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, CD-ROM storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of being executed by a computer Any other medium accessed is not limited in this embodiment of the present application. The memory 1402 may exist independently (in this case, the memory 1402 may be located outside the wireless broadband router, or may be located in the wireless broadband router), or may be integrated with the processor 1401 . Among them, the memory 1402 may contain computer program code. The processor 1401 is configured to execute the computer program code stored in the memory 1402, thereby implementing the method provided by the embodiments of the present application.
在第一种可能的实现方式中,参见图14,无线宽带路由器还包括收发器1403。处理器1401、存储器1402和收发器1403通过总线相连接。收发器1403用于与其他设备或通信网络通信。可选的,收发器1403可以包括发射机和接收机。收发器1403中用于实现接收功能的器件可以视为接收机,接收机用于执行本申请实施例中的接收的步骤。收发器1403中用于实现发送功能的器件可以视为发射机,发射机用于执行本申请实施例中的发送的步骤。示例性的,处理器1401用于对无线宽带路由器的动作进行控制管理,例如,处理器1401用于控制执行上述方法中的各个步骤。处理器1401可以通过收发器1403与其他网络实体通信,例如,与DNS服务器通信。存储器1402用于存储无线宽带路由器的程序代码和数据。In a first possible implementation manner, referring to FIG. 14 , the wireless broadband router further includes a transceiver 1403 . The processor 1401, the memory 1402 and the transceiver 1403 are connected by a bus. The transceiver 1403 is used to communicate with other devices or communication networks. Optionally, the transceiver 1403 may include a transmitter and a receiver. A device in the transceiver 1403 for implementing the receiving function may be regarded as a receiver, and the receiver is configured to perform the receiving steps in the embodiments of the present application. A device in the transceiver 1403 for implementing the sending function may be regarded as a transmitter, and the transmitter is used to perform the sending step in the embodiment of the present application. Exemplarily, the processor 1401 is configured to control and manage the actions of the wireless broadband router, for example, the processor 1401 is configured to control the execution of each step in the above method. The processor 1401 may communicate with other network entities through the transceiver 1403, eg, with a DNS server. The memory 1402 is used to store program codes and data of the wireless broadband router.
在第二种可能的实现方式中,参见图15,处理器1401包括逻辑电路以及输入接口和/或输出接口。示例性的,输出接口用于执行相应方法中的发送的动作,输入接口用于执行相应方法中的接收的动作。处理器1401用于对无线宽带路由器的动作进行控制管理,例如,处理器1401用于控制执行上述方法中的各个步骤。处理器1401可以通过输入接口和/或输出接口与其他网络实体通信,例如,与DNS服务器通信。存储器1402用于存储无线宽带路由器的程序代码和数据。In a second possible implementation, referring to FIG. 15 , the processor 1401 includes a logic circuit and an input interface and/or an output interface. Exemplarily, the output interface is used for performing the sending action in the corresponding method, and the input interface is used for performing the receiving action in the corresponding method. The processor 1401 is used to control and manage the actions of the wireless broadband router. For example, the processor 1401 is used to control and execute each step in the above method. The processor 1401 may communicate with other network entities, eg, with a DNS server, through an input interface and/or an output interface. The memory 1402 is used to store program codes and data of the wireless broadband router.
在实现过程中,本实施例提供的方法中的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。结合本申请实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。In the implementation process, each step in the method provided in this embodiment may be completed by an integrated logic circuit of hardware in a processor or an instruction in the form of software. The steps of the methods disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor.
本申请实施例还提供了一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行上述任一方法。Embodiments of the present application further provide a computer-readable storage medium, including instructions, which, when executed on a computer, cause the computer to execute any of the foregoing methods.
本申请实施例还提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行上述任一方法。Embodiments of the present application also provide a computer program product containing instructions, which, when run on a computer, enables the computer to execute any of the above methods.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件程序实现时,可以全部或部分地以计算机程序产品的形式来实现。该计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,计算机指令可以从一个网站站点、计算机、服务器或者数据中心通过有线(例如同轴电缆、光纤、数字用户线(digital subscriber line,DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可以用介质集成的服务器、数据中心等数据存储设备。可用介质可以是磁性介质(例如,软盘、硬盘、磁带),光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented using a software program, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, all or part of the processes or functions described in the embodiments of the present application are generated. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website site, computer, server, or data center over a wire (e.g. coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg infrared, wireless, microwave, etc.) means to transmit to another website site, computer, server or data center. Computer-readable storage media can be any available media that can be accessed by a computer or data storage devices including one or more servers, data centers, etc., that can be integrated with the media. Useful media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVDs), or semiconductor media (eg, solid state disks (SSDs)), and the like.
尽管在此结合各实施例对本申请进行了描述,然而,在实施所要求保护的本申请过程中,本领域技术人员通过查看附图、公开内容、以及所附权利要求书,可理解并实现公开实施例的其他变化。在权利要求中,“包括”(comprising)一词不排除其他组 成部分或步骤,“一”或“一个”不排除多个的情况。单个处理器或其他单元可以实现权利要求中列举的若干项功能。相互不同的从属权利要求中记载了某些措施,但这并不表示这些措施不能组合起来产生良好的效果。Although the application is described herein in conjunction with various embodiments, in practicing the claimed application, those skilled in the art can understand and implement the disclosure by reviewing the drawings, the disclosure, and the appended claims Other variations of the embodiment. In the claims, the word "comprising" (comprising) does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that these measures cannot be combined to advantage.
尽管结合具体特征及其实施例对本申请进行了描述,显而易见的,在不脱离本申请的精神和范围的情况下,可对其进行各种修改和组合。相应地,本说明书和附图仅仅是所附权利要求所界定的本申请的示例性说明,且视为已覆盖本申请范围内的任意和所有修改、变化、组合或等同物。显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Although the application has been described in conjunction with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made therein without departing from the spirit and scope of the application. Accordingly, this specification and drawings are merely exemplary illustrations of the application as defined by the appended claims, and are deemed to cover any and all modifications, variations, combinations or equivalents within the scope of this application. Obviously, those skilled in the art can make various changes and modifications to the present application without departing from the spirit and scope of the present application. Thus, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.

Claims (32)

  1. 一种无线宽带路由器,其特征在于,所述无线宽带路由器工作在桥模式,所述无线宽带路由器中存储有第一网络互连协议IP地址和源网络地址转换SNAT规则,所述SNAT规则用于将第一IP地址转换为第二IP地址,所述第一IP地址为所述无线宽带路由器在局域网中的伪地址,所述第二IP地址为所述无线宽带路由器在广域网中的IP地址;A wireless broadband router, characterized in that the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first network interconnection protocol IP address and a source network address translation SNAT rule, and the SNAT rule is used for Converting the first IP address into a second IP address, where the first IP address is the pseudo address of the wireless broadband router in the local area network, and the second IP address is the IP address of the wireless broadband router in the wide area network;
    所述无线宽带路由器,用于向业务服务器发送携带所述第二IP地址的第一次握手报文,所述携带所述第二IP地址的第一次握手报文用于请求与所述业务服务器建立连接,所述携带所述第二IP地址的第一次握手报文中的源IP地址为所述第二IP地址,目的IP地址为所述业务服务器的IP地址;The wireless broadband router is configured to send a first handshake message carrying the second IP address to a service server, and the first handshake message carrying the second IP address is used to request a connection with the service The server establishes a connection, the source IP address in the first handshake message carrying the second IP address is the second IP address, and the destination IP address is the IP address of the service server;
    所述无线宽带路由器,还用于接收所述业务服务器发送的携带所述第二IP地址的第二次握手报文,所述携带所述第二IP地址的第二次握手报文是所述业务服务器在接收到所述携带所述第二IP地址的第一次握手报文后,向所述无线宽带路由器发送的,所述携带所述第二IP地址的第二次握手报文中的源IP地址为所述业务服务器的IP地址,目的IP地址为所述第二IP地址;The wireless broadband router is further configured to receive a second handshake message carrying the second IP address sent by the service server, where the second handshake message carrying the second IP address is the After receiving the first handshake message carrying the second IP address, the service server sends it to the wireless broadband router, and the second handshake message carrying the second IP address is sent to the wireless broadband router. The source IP address is the IP address of the service server, and the destination IP address is the second IP address;
    所述无线宽带路由器,还用于根据所述SNAT规则将接收到的所述携带所述第二IP地址的第二次握手报文中的所述第二IP地址转换为所述第一IP地址,得到携带所述第一IP地址的第二次握手报文。The wireless broadband router is further configured to convert the second IP address in the received second handshake message carrying the second IP address into the first IP address according to the SNAT rule , and obtain the second handshake packet carrying the first IP address.
  2. 根据权利要求1所述的无线宽带路由器,其特征在于,The wireless broadband router according to claim 1, wherein,
    所述无线宽带路由器,还用于生成携带所述第一IP地址的第一次握手报文,所述携带所述第一IP地址的第一次握手报文中的源IP地址为所述第一IP地址,目的IP地址为所述业务服务器的IP地址;The wireless broadband router is further configured to generate a first handshake message carrying the first IP address, and the source IP address in the first handshake message carrying the first IP address is the first handshake message. an IP address, where the destination IP address is the IP address of the service server;
    所述无线宽带路由器,还用于根据所述SNAT规则将所述携带所述第一IP地址的第一次握手报文中的所述第一IP地址转换为所述第二IP地址,得到所述携带所述第二IP地址的第一次握手报文。The wireless broadband router is further configured to convert the first IP address in the first handshake message carrying the first IP address into the second IP address according to the SNAT rule, and obtain the the first handshake message carrying the second IP address.
  3. 根据权利要求1或2所述的无线宽带路由器,其特征在于,所述无线宽带路由器包括:桥接模块和防火墙模块;The wireless broadband router according to claim 1 or 2, wherein the wireless broadband router comprises: a bridge module and a firewall module;
    所述桥接模块,用于向所述防火墙模块发送所述SNAT规则;The bridging module is configured to send the SNAT rule to the firewall module;
    所述防火墙模块,用于根据所述SNAT规则生成第一转换规则和第二转换规则,所述第一转换规则用于,在判断报文中携带所述第一IP地址的情况下,将所述报文中的所述第一IP地址转换为所述第二IP地址,所述第二转换规则用于,在判断报文中携带所述第二IP地址的情况下,将所述报文中的所述第二IP地址转换为所述第一IP地址。The firewall module is configured to generate a first translation rule and a second translation rule according to the SNAT rule, and the first translation rule is used to, when judging that the first IP address is carried in the message, convert the The first IP address in the packet is converted into the second IP address, and the second translation rule is used to convert the packet into the second IP address when it is determined that the packet carries the second IP address. The second IP address in is converted into the first IP address.
  4. 根据权利要求3所述的无线宽带路由器,其特征在于,所述无线宽带路由器还包括:本机业务模块;The wireless broadband router according to claim 3, wherein the wireless broadband router further comprises: a local service module;
    所述本机业务模块,用于向所述防火墙模块发送携带所述第一IP地址的第一次握手报文,所述携带所述第一IP地址的第一次握手报文中的源IP地址为所述第一IP地址,目的IP地址为所述业务服务器的IP地址;The local service module is configured to send the first handshake message carrying the first IP address to the firewall module, and the source IP address in the first handshake message carrying the first IP address The address is the first IP address, and the destination IP address is the IP address of the service server;
    响应于接收所述携带所述第一IP地址的所述第一次握手报文,所述防火墙模块, 还用于根据所述第一转换规则将所述携带所述第一IP地址的第一次握手报文中的所述第一IP地址转换为所述第二IP地址,得到所述携带所述第二IP地址的第一次握手报文;In response to receiving the first handshake message carrying the first IP address, the firewall module is further configured to convert the first handshake message carrying the first IP address according to the first conversion rule. Converting the first IP address in the second handshake message to the second IP address, and obtaining the first handshake message carrying the second IP address;
    所述防火墙模块,还用于向所述业务服务器发送所述携带所述第二IP地址的第一次握手报文;The firewall module is further configured to send the first handshake message carrying the second IP address to the service server;
    所述防火墙模块,还用于接收来自于所述业务服务器的所述携带所述第二IP地址的第二次握手报文;The firewall module is further configured to receive the second handshake message carrying the second IP address from the service server;
    响应于接收所述携带所述第二IP地址的第二次握手报文,所述防火墙模块,还用于根据所述第二转换规则将所述携带所述第二IP地址的第二次握手报文中的所述第二IP地址转换为所述第一IP地址,得到所述携带所述第一IP地址的第二次握手报文;In response to receiving the second handshake message carrying the second IP address, the firewall module is further configured to convert the second handshake message carrying the second IP address according to the second conversion rule. The second IP address in the message is converted into the first IP address, and the second handshake message carrying the first IP address is obtained;
    所述防火墙模块,还用于向所述本机业务模块发送所述携带所述第一IP地址的所述第二次握手报文。The firewall module is further configured to send the second handshake message carrying the first IP address to the local service module.
  5. 根据权利要求3或4所述的无线宽带路由器,其特征在于,所述第一IP地址存储在所述桥接模块中。The wireless broadband router according to claim 3 or 4, wherein the first IP address is stored in the bridge module.
  6. 一种报文处理方法,其特征在于,应用于无线宽带路由器,所述无线宽带路由器工作在桥模式,所述无线宽带路由器中存储有第一网络互连协议IP地址和源网络地址转换SNAT规则,所述SNAT规则用于将第一IP地址转换为第二IP地址,所述第一IP地址为所述无线宽带路由器在局域网中的伪地址,所述第二IP地址为所述无线宽带路由器在广域网中的IP地址;所述方法包括:A message processing method, characterized in that it is applied to a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first network interconnection protocol IP address and a source network address translation SNAT rule , the SNAT rule is used to convert the first IP address into a second IP address, where the first IP address is the pseudo address of the wireless broadband router in the local area network, and the second IP address is the wireless broadband router an IP address in a wide area network; the method includes:
    所述无线宽带路由器向业务服务器发送携带所述第二IP地址的第一次握手报文,携带所述第二IP地址的第一次握手报文用于请求与所述业务服务器建立连接,携带所述第二IP地址的第一次握手报文中的源IP地址为所述第二IP地址,目的IP地址为所述业务服务器的IP地址;The wireless broadband router sends a first handshake message carrying the second IP address to the service server, and the first handshake message carrying the second IP address is used to request to establish a connection with the service server, carrying The source IP address in the first handshake message of the second IP address is the second IP address, and the destination IP address is the IP address of the service server;
    所述无线宽带路由器接收所述业务服务器发送的携带所述第二IP地址的第二次握手报文,所述携带所述第二IP地址的第二次握手报文是所述业务服务器在接收到所述携带所述第二IP地址的第一次握手报文后,向所述无线宽带路由器发送的,所述携带所述第二IP地址的第二次握手报文中的源IP地址为所述业务服务器的IP地址,目的IP地址为所述第二IP地址;The wireless broadband router receives the second handshake message that carries the second IP address and is sent by the service server, and the second handshake message that carries the second IP address is received by the service server. After the first handshake message carrying the second IP address is sent to the wireless broadband router, the source IP address in the second handshake message carrying the second IP address is: The IP address of the service server, and the destination IP address is the second IP address;
    所述无线宽带路由器根据所述SNAT规则将接收到的所述携带所述第二IP地址的第二次握手报文中的所述第二IP地址转换为所述第一IP地址,得到携带所述第一IP地址的第二次握手报文。The wireless broadband router converts the second IP address in the received second handshake message carrying the second IP address into the first IP address according to the SNAT rule, and obtains the first IP address. The second handshake message for the first IP address.
  7. 根据权利要求6所述的方法,其特征在于,所述方法还包括:The method according to claim 6, wherein the method further comprises:
    所述无线宽带路由器生成携带所述第一IP地址的第一次握手报文,携带所述第一IP地址的第一次握手报文中的源IP地址为所述第一IP地址,目的IP地址为所述业务服务器的IP地址;The wireless broadband router generates a first handshake packet carrying the first IP address, and the source IP address in the first handshake packet carrying the first IP address is the first IP address, and the destination IP address is the first IP address. The address is the IP address of the service server;
    所述无线宽带路由器根据所述SNAT规则将携带所述第一IP地址的第一次握手报文中的所述第一IP地址转换为所述第二IP地址,得到携带所述第二IP地址的第一次握手报文。The wireless broadband router converts the first IP address in the first handshake message carrying the first IP address into the second IP address according to the SNAT rule, and obtains the second IP address carrying the second IP address The first handshake message.
  8. 根据权利要求6或7所述的方法,其特征在于,所述无线宽带路由器包括:桥接模块和防火墙模块;所述方法还包括:The method according to claim 6 or 7, wherein the wireless broadband router comprises: a bridge module and a firewall module; the method further comprises:
    所述桥接模块向所述防火墙模块发送所述SNAT规则;The bridging module sends the SNAT rule to the firewall module;
    所述防火墙模块根据所述SNAT规则生成第一转换规则和第二转换规则,所述第一转换规则用于,在判断报文中携带所述第一IP地址的情况下,将所述报文中的所述第一IP地址转换为所述第二IP地址,所述第二转换规则用于,在判断报文中携带所述第二IP地址的情况下,将所述报文中的所述第二IP地址转换为所述第一IP地址。The firewall module generates a first translation rule and a second translation rule according to the SNAT rule, and the first translation rule is used for, in the case of judging that the first IP address is carried in the packet, the packet is The first IP address is converted into the second IP address, and the second conversion rule is used to convert all the The second IP address is converted into the first IP address.
  9. 根据权利要求8所述的方法,其特征在于,所述无线宽带路由器还包括:本机业务模块;所述方法还包括:The method according to claim 8, wherein the wireless broadband router further comprises: a local service module; the method further comprises:
    所述本机业务模块向所述防火墙模块发送携带所述第一IP地址的第一次握手报文,所述携带所述第一IP地址的第一次握手报文中的源IP地址为所述第一IP地址,目的IP地址为所述业务服务器的IP地址;The local service module sends a first handshake message carrying the first IP address to the firewall module, and the source IP address in the first handshake message carrying the first IP address is the the first IP address, and the destination IP address is the IP address of the service server;
    响应于接收所述携带所述第一IP地址的所述第一次握手报文,所述防火墙模块根据所述第一转换规则将所述携带所述第一IP地址的第一次握手报文中的所述第一IP地址转换为所述第二IP地址,得到所述携带所述第二IP地址的第一次握手报文;In response to receiving the first handshake message carrying the first IP address, the firewall module converts the first handshake message carrying the first IP address according to the first translation rule. The first IP address in is converted into the second IP address, and the first handshake message carrying the second IP address is obtained;
    所述防火墙模块向所述业务服务器发送所述携带所述第二IP地址的第一次握手报文;The firewall module sends the first handshake message carrying the second IP address to the service server;
    所述防火墙模块接收来自于所述业务服务器的所述携带所述第二IP地址的第二次握手报文;The firewall module receives the second handshake message carrying the second IP address from the service server;
    响应于接收所述携带所述第二IP地址的第二次握手报文,所述防火墙模块根据所述第二转换规则将所述携带所述第二IP地址的第二次握手报文中的所述第二IP地址转换为所述第一IP地址,得到所述携带所述第一IP地址的第二次握手报文;In response to receiving the second handshake message carrying the second IP address, the firewall module converts the second handshake message carrying the second IP address according to the second translation rule. Converting the second IP address to the first IP address, and obtaining the second handshake message carrying the first IP address;
    所述防火墙模块向所述本机业务模块发送所述携带所述第一IP地址的所述第二次握手报文。The firewall module sends the second handshake message carrying the first IP address to the local service module.
  10. 根据权利要求8或9所述的方法,其特征在于,所述第一IP地址存储在所述桥接模块中。The method according to claim 8 or 9, wherein the first IP address is stored in the bridge module.
  11. 一种无线宽带路由器,其特征在于,所述无线宽带路由器工作在桥模式,所述无线宽带路由器包括:域名系统DNS域名请求拦截模块、DNS域名解析代理模块和DNS域名解析响应模块,所述DNS域名请求拦截模块存储有第一域名;A wireless broadband router, characterized in that the wireless broadband router works in a bridge mode, and the wireless broadband router comprises: a domain name system DNS domain name request interception module, a DNS domain name resolution proxy module and a DNS domain name resolution response module, the DNS The domain name request interception module stores the first domain name;
    所述DNS域名请求拦截模块,用于接收第一终端发送的第一DNS域名解析请求,所述第一DNS域名解析请求中携带有第二域名,所述第一DNS域名解析请求用于请求解析所述第二域名;The DNS domain name request interception module is configured to receive a first DNS domain name resolution request sent by a first terminal, the first DNS domain name resolution request carries a second domain name, and the first DNS domain name resolution request is used for requesting resolution the second domain name;
    所述DNS域名请求拦截模块,还用于在确定所述第二域名与所述第一域名相同的情况下,向所述DNS域名解析代理模块发送第二DNS域名解析请求,所述第二DNS域名解析请求中携带有所述第一域名;The DNS domain name request interception module is further configured to send a second DNS domain name resolution request to the DNS domain name resolution proxy module when it is determined that the second domain name is the same as the first domain name, the second DNS The domain name resolution request carries the first domain name;
    响应于接收所述第二DNS域名解析请求,所述DNS域名解析代理模块,用于确定与所述第一域名相对应的所述无线宽带路由器的维护网络互连协议IP地址;In response to receiving the second DNS domain name resolution request, the DNS domain name resolution proxy module is configured to determine the maintenance network interconnection protocol IP address of the wireless broadband router corresponding to the first domain name;
    所述DNS域名解析代理模块,还用于向所述DNS域名解析响应模块发送第一消 息,所述第一消息携带有所述维护IP地址;The DNS domain name resolution proxy module is also used to send a first message to the DNS domain name resolution response module, and the first message carries the maintenance IP address;
    所述DNS域名解析响应模块,用于接收所述第一消息;The DNS domain name resolution response module is configured to receive the first message;
    所述DNS域名解析响应模块,还用于向所述第一终端发送所述第一DNS域名解析请求的响应,所述第一DNS域名解析请求的响应中包括所述维护IP地址。The DNS domain name resolution response module is further configured to send a response to the first DNS domain name resolution request to the first terminal, where the response to the first DNS domain name resolution request includes the maintenance IP address.
  12. 根据权利要求11所述的无线宽带路由器,其特征在于,The wireless broadband router according to claim 11, wherein,
    所述DNS域名请求拦截模块,还用于在确定所述第二域名与所述第一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,所述第三DNS域名解析请求中携带有所述第二域名。The DNS domain name request interception module is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name, where the third DNS domain name resolution request carries There is the second domain name.
  13. 根据权利要求11或12所述的无线宽带路由器,其特征在于,所述DNS域名解析代理模块中存储有所述第一域名与所述维护IP地址之间的对应关系;The wireless broadband router according to claim 11 or 12, wherein the DNS domain name resolution proxy module stores a correspondence between the first domain name and the maintenance IP address;
    所述DNS域名解析代理模块,具体用于根据所述对应关系确定与所述第一域名相对应的所述维护IP地址。The DNS domain name resolution proxy module is specifically configured to determine the maintenance IP address corresponding to the first domain name according to the corresponding relationship.
  14. 根据权利要求11-13任一项所述的无线宽带路由器,其特征在于,所述无线宽带路由器还包括桥接模块;The wireless broadband router according to any one of claims 11-13, wherein the wireless broadband router further comprises a bridge module;
    所述桥接模块,用于向所述DNS域名请求拦截模块发送所述第一域名;The bridging module is configured to send the first domain name to the DNS domain name request interception module;
    响应于接收所述第一域名,所述DNS域名请求拦截模块,还用于保存所述第一域名。In response to receiving the first domain name, the DNS domain name request interception module is further configured to save the first domain name.
  15. 根据权利要求11-14任一项所述的无线宽带路由器,其特征在于,The wireless broadband router according to any one of claims 11-14, wherein,
    所述DNS域名解析响应模块,还用于对所述第一消息进行解析,并根据解析出的所述维护IP地址生成所述第一DNS域名解析请求的响应。The DNS domain name resolution response module is further configured to parse the first message, and generate a response to the first DNS domain name resolution request according to the parsed maintenance IP address.
  16. 根据权利要求11-15任一项所述的无线宽带路由器,其特征在于,所述第一DNS域名解析请求和所述第二DNS域名解析请求中还包括源IP地址和目的IP地址,所述源IP地址为所述第一终端的IP地址,所述目的IP地址为DNS服务器的IP地址。The wireless broadband router according to any one of claims 11-15, wherein the first DNS domain name resolution request and the second DNS domain name resolution request further include a source IP address and a destination IP address, and the The source IP address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
  17. 一种域名解析方法,其特征在于,应用于无线宽带路由器,所述无线宽带路由器工作在桥模式,所述无线宽带路由器包括:域名系统DNS域名请求拦截模块、DNS域名解析代理模块和DNS域名解析响应模块,所述DNS域名请求拦截模块存储有第一域名,所述方法包括:A method for domain name resolution, characterized in that it is applied to a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router comprises: a domain name system DNS domain name request interception module, a DNS domain name resolution proxy module, and a DNS domain name resolution The response module, the DNS domain name request interception module stores the first domain name, and the method includes:
    所述DNS域名请求拦截模块接收第一终端发送的第一DNS域名解析请求,所述第一DNS域名解析请求中携带有第二域名,所述第一DNS域名解析请求用于请求解析所述第二域名;The DNS domain name request interception module receives the first DNS domain name resolution request sent by the first terminal, the first DNS domain name resolution request carries the second domain name, and the first DNS domain name resolution request is used to request to resolve the first DNS domain name resolution request. Second domain name;
    所述DNS域名请求拦截模块在确定所述第二域名与所述第一域名相同的情况下,向所述DNS域名解析代理模块发送第二DNS域名解析请求,所述第二DNS域名解析请求中携带有所述第一域名;When determining that the second domain name is the same as the first domain name, the DNS domain name request interception module sends a second DNS domain name resolution request to the DNS domain name resolution proxy module, in which the second DNS domain name resolution request is carrying the first domain name;
    响应于接收所述第二DNS域名解析请求,所述DNS域名解析代理模块确定与所述第一域名相对应的所述无线宽带路由器的维护网络互连协议IP地址;In response to receiving the second DNS domain name resolution request, the DNS domain name resolution proxy module determines the maintenance network interconnection protocol IP address of the wireless broadband router corresponding to the first domain name;
    所述DNS域名解析代理模块向所述DNS域名解析响应模块发送第一消息,所述第一消息携带有所述维护IP地址;The DNS domain name resolution proxy module sends a first message to the DNS domain name resolution response module, where the first message carries the maintenance IP address;
    所述DNS域名解析响应模块接收所述第一消息;The DNS domain name resolution response module receives the first message;
    所述DNS域名解析响应模块向所述第一终端发送所述第一DNS域名解析请求的响应,所述第一DNS域名解析请求的响应中包括所述维护IP地址。The DNS domain name resolution response module sends a response to the first DNS domain name resolution request to the first terminal, where the response to the first DNS domain name resolution request includes the maintenance IP address.
  18. 根据权利要求17所述的方法,其特征在于,所述方法还包括:The method of claim 17, wherein the method further comprises:
    所述DNS域名请求拦截模块在确定所述第二域名与所述第一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,所述第三DNS域名解析请求中携带有所述第二域名。When determining that the second domain name is different from the first domain name, the DNS domain name request interception module sends a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries the first DNS domain name resolution request. Second domain name.
  19. 根据权利要求17或18所述的方法,其特征在于,所述DNS域名解析代理模块中存储有所述第一域名与所述维护IP地址之间的对应关系,所述DNS域名解析代理模块确定与所述第一域名相对应的所述无线宽带路由器的维护IP地址,包括:The method according to claim 17 or 18, wherein the DNS domain name resolution proxy module stores a correspondence between the first domain name and the maintenance IP address, and the DNS domain name resolution proxy module determines The maintenance IP address of the wireless broadband router corresponding to the first domain name, including:
    所述DNS域名解析代理模块根据所述对应关系确定与所述第一域名相对应的所述维护IP地址。The DNS domain name resolution proxy module determines the maintenance IP address corresponding to the first domain name according to the corresponding relationship.
  20. 根据权利要求17-19任一项所述的方法,其特征在于,所述无线宽带路由器还包括桥接模块;所述方法还包括:The method according to any one of claims 17-19, wherein the wireless broadband router further comprises a bridge module; the method further comprises:
    所述桥接模块向所述DNS域名请求拦截模块发送所述第一域名;The bridging module sends the first domain name to the DNS domain name request interception module;
    响应于接收所述第一域名,所述DNS域名请求拦截模块保存所述第一域名。In response to receiving the first domain name, the DNS domain name request interception module stores the first domain name.
  21. 根据权利要求17-20任一项所述的方法,其特征在于,在所述DNS域名解析响应模块向所述第一终端发送所述第一DNS域名解析请求的响应之前,所述方法还包括:The method according to any one of claims 17-20, wherein before the DNS domain name resolution response module sends a response to the first DNS domain name resolution request to the first terminal, the method further comprises: :
    所述DNS域名解析响应模块对所述第一消息进行解析,并根据解析出的所述维护IP地址生成所述第一DNS域名解析请求的响应。The DNS domain name resolution response module parses the first message, and generates a response to the first DNS domain name resolution request according to the parsed maintenance IP address.
  22. 根据权利要求17-21任一项所述的方法,其特征在于,所述第一DNS域名解析请求和所述第二DNS域名解析请求中还包括源IP地址和目的IP地址,所述源IP地址为所述第一终端的IP地址,所述目的IP地址为DNS服务器的IP地址。The method according to any one of claims 17-21, wherein the first DNS domain name resolution request and the second DNS domain name resolution request further include a source IP address and a destination IP address, and the source IP address The address is the IP address of the first terminal, and the destination IP address is the IP address of the DNS server.
  23. 一种域名解析方法,其特征在于,应用于无线宽带路由器,所述无线宽带路由器工作在桥模式,所述无线宽带路由器存储有第一域名;所述方法包括:A domain name resolution method, characterized in that it is applied to a wireless broadband router, the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name; the method includes:
    所述无线宽带路由器接收来自于第一终端的第一域名系统DNS域名解析请求,所述第一DNS域名解析请求中携带有第二域名,所述第一DNS域名解析请求用于请求解析所述第二域名;The wireless broadband router receives a first domain name system DNS domain name resolution request from the first terminal, the first DNS domain name resolution request carries a second domain name, and the first DNS domain name resolution request is used to request to resolve the second domain name;
    所述无线宽带路由器在确定所述第二域名与所述第一域名相同的情况下,确定与所述第一域名相对应的所述无线宽带路由器的维护网络互连协议IP地址;When determining that the second domain name is the same as the first domain name, the wireless broadband router determines the maintenance network interconnection protocol IP address of the wireless broadband router corresponding to the first domain name;
    所述无线宽带路由器向所述第一终端发送所述第一DNS域名解析请求的响应,所述第一DNS域名解析请求的响应中包括所述维护IP地址。The wireless broadband router sends a response to the first DNS domain name resolution request to the first terminal, where the response to the first DNS domain name resolution request includes the maintenance IP address.
  24. 根据权利要求23所述的方法,其特征在于,所述方法还包括:The method of claim 23, wherein the method further comprises:
    所述无线宽带路由器在确定所述第二域名与所述第一域名不同的情况下,向DNS服务器发送第三DNS域名解析请求,所述第三DNS域名解析请求中携带有所述第二域名。When determining that the second domain name is different from the first domain name, the wireless broadband router sends a third DNS domain name resolution request to the DNS server, where the third DNS domain name resolution request carries the second domain name .
  25. 根据权利要求23或24所述的方法,其特征在于,所述无线宽带路由器中存储有所述第一域名和所述维护IP地址之间的对应关系。The method according to claim 23 or 24, wherein the wireless broadband router stores a correspondence between the first domain name and the maintenance IP address.
  26. 根据权利要求23-25任一项所述的方法,其特征在于,所述第一DNS域名解 析请求还包括源IP地址和目的IP地址,所述源IP地址为所述第一终端的IP地址,所述目的IP地址为DNS服务器的IP地址。The method according to any one of claims 23-25, wherein the first DNS domain name resolution request further includes a source IP address and a destination IP address, and the source IP address is the IP address of the first terminal , the destination IP address is the IP address of the DNS server.
  27. 一种域名解析系统,其特征在于,包括:第一终端和无线宽带路由器,所述无线宽带路由器工作在桥模式,所述无线宽带路由器存储有第一域名;A domain name resolution system, comprising: a first terminal and a wireless broadband router, wherein the wireless broadband router works in a bridge mode, and the wireless broadband router stores a first domain name;
    所述第一终端,用于向所述无线宽带路由器发送第一域名系统DNS域名解析请求,所述第一DNS域名解析请求中携带有第二域名,所述第一DNS域名解析请求用于请求解析所述第二域名;The first terminal is configured to send a first domain name system DNS domain name resolution request to the wireless broadband router, where the first DNS domain name resolution request carries a second domain name, and the first DNS domain name resolution request is used to request resolve the second domain name;
    响应于接收所述第一DNS域名解析请求,所述无线宽带路由器,用于在确定所述第二域名与所述第一域名相同的情况下,确定与所述第一域名相对应的所述无线宽带路由器的维护网络互连协议IP地址;In response to receiving the first DNS domain name resolution request, the wireless broadband router is configured to, in the case of determining that the second domain name is the same as the first domain name, determine the The maintenance network interconnection protocol IP address of the wireless broadband router;
    所述无线宽带路由器,还用于向所述第一终端发送所述第一DNS域名解析请求的响应,所述第一DNS域名解析请求的响应中包括所述维护IP地址;The wireless broadband router is further configured to send a response to the first DNS domain name resolution request to the first terminal, where the response to the first DNS domain name resolution request includes the maintenance IP address;
    响应于接收所述第一DNS域名解析请求的响应,所述第一终端,还用于根据所述维护IP地址访问所述无线宽带路由器的全球广域网Web维护页面。In response to receiving the response of the first DNS domain name resolution request, the first terminal is further configured to access the global wide area network Web maintenance page of the wireless broadband router according to the maintenance IP address.
  28. 根据权利要求27所述的域名解析系统,其特征在于,所述域名解析系统还包括:DNS服务器;The domain name resolution system according to claim 27, wherein the domain name resolution system further comprises: a DNS server;
    所述无线宽带路由器,还用于在确定所述第二域名与所述第一域名不同的情况下,向所述DNS服务器发送第三DNS域名解析请求,所述第三DNS域名解析请求中携带有所述第二域名;The wireless broadband router is further configured to send a third DNS domain name resolution request to the DNS server when it is determined that the second domain name is different from the first domain name, where the third DNS domain name resolution request carries having the second domain name;
    响应于接收所述第三DNS域名解析请求,所述DNS服务器,用于确定与所述第二域名相对应的IP地址;In response to receiving the third DNS domain name resolution request, the DNS server is configured to determine an IP address corresponding to the second domain name;
    所述DNS服务器,还用于向所述第一终端发送所述第三DNS域名解析请求的响应,所述第三DNS域名解析请求的响应中包括所述第二域名相对应的IP地址;The DNS server is further configured to send a response to the third DNS domain name resolution request to the first terminal, where the response to the third DNS domain name resolution request includes an IP address corresponding to the second domain name;
    响应于接收所述第三DNS域名解析请求的响应,所述第一终端,还用于根据所述第二域名相对应的IP地址访问所述第二域名对应的网页。In response to receiving the response of the third DNS domain name resolution request, the first terminal is further configured to access the webpage corresponding to the second domain name according to the IP address corresponding to the second domain name.
  29. 根据权利要求27或28所述的域名解析系统,其特征在于,所述无线宽带路由器中存储有所述第一域名和所述维护IP地址之间的对应关系。The domain name resolution system according to claim 27 or 28, wherein the wireless broadband router stores the correspondence between the first domain name and the maintenance IP address.
  30. 根据权利要求27-29任一项所述的域名解析系统,其特征在于,所述第一DNS域名解析请求还包括源IP地址和目的IP地址,所述源IP地址为所述第一终端的IP地址,所述目的IP地址为DNS服务器的IP地址。The domain name resolution system according to any one of claims 27 to 29, wherein the first DNS domain name resolution request further includes a source IP address and a destination IP address, and the source IP address is the address of the first terminal. IP address, where the destination IP address is the IP address of the DNS server.
  31. 一种报文处理装置,其特征在于,包括:处理器;A message processing device, comprising: a processor;
    所述处理器与存储器连接,所述存储器用于存储计算机执行指令,所述处理器执行所述存储器存储的所述计算机执行指令,以使所述报文处理装置实现如权利要求6-10任一项所述的方法。The processor is connected to a memory, and the memory is used to store computer-executed instructions, and the processor executes the computer-executed instructions stored in the memory, so that the message processing apparatus can implement any one of claims 6-10. one of the methods described.
  32. 一种域名解析装置,其特征在于,包括:处理器;A domain name resolution device, characterized in that it comprises: a processor;
    所述处理器与存储器连接,所述存储器用于存储计算机执行指令,所述处理器执行所述存储器存储的所述计算机执行指令,以使所述域名解析装置实现如权利要求17-22任一项所述的方法,或者,实现如权利要求23-26任一项所述的方法。The processor is connected to a memory, the memory is used to store computer-executed instructions, and the processor executes the computer-executed instructions stored in the memory, so that the domain name resolution apparatus can implement any one of claims 17-22. The method of claim 23, alternatively, implement the method of any one of claims 23-26.
PCT/CN2021/136357 2020-12-18 2021-12-08 Wireless broadband router, message processing method and apparatus, and domain name resolution method and apparatus WO2022127663A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011507318.0A CN114726824B (en) 2020-12-18 2020-12-18 Wireless broadband router, message processing and domain name resolution method and device
CN202011507318.0 2020-12-18

Publications (1)

Publication Number Publication Date
WO2022127663A1 true WO2022127663A1 (en) 2022-06-23

Family

ID=82060040

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/136357 WO2022127663A1 (en) 2020-12-18 2021-12-08 Wireless broadband router, message processing method and apparatus, and domain name resolution method and apparatus

Country Status (2)

Country Link
CN (1) CN114726824B (en)
WO (1) WO2022127663A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130304887A1 (en) * 2012-05-11 2013-11-14 Qualcomm Incorporated Systems and methods for domain name system querying
CN104079497A (en) * 2014-07-21 2014-10-01 北京信诺瑞得软件系统有限公司 High-availability loading balancing equipment and method under transparent network bridge mode
CN106302838A (en) * 2015-05-12 2017-01-04 中兴通讯股份有限公司 Domain name system DNS analyzing and processing method and device
CN107872544A (en) * 2016-09-28 2018-04-03 中兴通讯股份有限公司 A kind of domain name analytic method, device, gateway and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109151084A (en) * 2017-06-15 2019-01-04 中兴通讯股份有限公司 File transmitting method and device, system, CGN equipment
CN110505316B (en) * 2018-05-17 2022-03-01 中兴通讯股份有限公司 Internet protocol IP address allocation method and wireless routing equipment
CN111262762B (en) * 2020-01-20 2021-08-03 烽火通信科技股份有限公司 vCPE tenant-based SFC service chain multi-WAN service realization method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130304887A1 (en) * 2012-05-11 2013-11-14 Qualcomm Incorporated Systems and methods for domain name system querying
CN104079497A (en) * 2014-07-21 2014-10-01 北京信诺瑞得软件系统有限公司 High-availability loading balancing equipment and method under transparent network bridge mode
CN106302838A (en) * 2015-05-12 2017-01-04 中兴通讯股份有限公司 Domain name system DNS analyzing and processing method and device
CN107872544A (en) * 2016-09-28 2018-04-03 中兴通讯股份有限公司 A kind of domain name analytic method, device, gateway and system

Also Published As

Publication number Publication date
CN114726824B (en) 2023-03-03
CN114726824A (en) 2022-07-08

Similar Documents

Publication Publication Date Title
US11128493B2 (en) Method for implementing residential gateway service function, and server
US8526467B2 (en) Facilitating transition of network operations from IP version 4 to IP version 6
US8805977B2 (en) Method and system for address conflict resolution
EP2536092A1 (en) Method and device for port mapping, and communications system
US9185072B2 (en) Stateless NAT44
WO2020248963A1 (en) Method and apparatus for establishing end-to-end network connection, and network system
US20090016360A1 (en) Storage media storing a network relay control program, apparatus, and method
Ng et al. A Waypoint Service Approach to Connect Heterogeneous Internet Address Spaces.
CA2774281C (en) User access method, system, access server, and access device
JP5930449B2 (en) Data interaction method, apparatus, and system
JP2023530190A (en) IPv6 network communication method, device and system
US10805260B2 (en) Method for transmitting at least one IP data packet, related system and computer program product
CN111565237B (en) Network parameter determination method and device, computer equipment and storage medium
WO2022127663A1 (en) Wireless broadband router, message processing method and apparatus, and domain name resolution method and apparatus
Wang et al. Supporting tcp-based remote managements of lora/lorawan devices
CN113472625B (en) Transparent bridging method, system, equipment and storage medium based on mobile internet
EP3235188B1 (en) Method for resolving a host name, related system and computer program product
KR101807695B1 (en) Mobile communication router apparatus and ip sharing system comprising the same
CN114422301B (en) Gateway for traversing NAT based on P2P-VPN technology
JP2023072425A (en) Communication device, communication method, and program
Lencse et al. RFC 9313: Pros and Cons of IPv6 Transition Technologies for IPv4-as-a-Service (IPv4aaS)
Laite Developing Customer Edge Switching Test Framework
US8572283B2 (en) Selectively applying network address port translation to data traffic through a gateway in a communications network
Geng et al. Research on interconnection mechanism between 6LoWPAN and Internet
CN116346383A (en) Method and device for determining collapse host

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21905592

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21905592

Country of ref document: EP

Kind code of ref document: A1