[go: up one dir, main page]

CN105338528A - Data packet redirecting method, system and AP (AccessPoint) - Google Patents

Data packet redirecting method, system and AP (AccessPoint) Download PDF

Info

Publication number
CN105338528A
CN105338528A CN201510678841.2A CN201510678841A CN105338528A CN 105338528 A CN105338528 A CN 105338528A CN 201510678841 A CN201510678841 A CN 201510678841A CN 105338528 A CN105338528 A CN 105338528A
Authority
CN
China
Prior art keywords
data packet
packet
http
mac
processing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510678841.2A
Other languages
Chinese (zh)
Other versions
CN105338528B (en
Inventor
韩海锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Huaxun Ark Photoelectric Technology Co ltd
Original Assignee
Shenzhen Cct Software Information Co Ltd
Shenzhen Huaxun Ark Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Cct Software Information Co Ltd, Shenzhen Huaxun Ark Technology Co Ltd filed Critical Shenzhen Cct Software Information Co Ltd
Priority to CN201510678841.2A priority Critical patent/CN105338528B/en
Publication of CN105338528A publication Critical patent/CN105338528A/en
Priority to PCT/CN2016/092123 priority patent/WO2017067267A1/en
Application granted granted Critical
Publication of CN105338528B publication Critical patent/CN105338528B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明适用于无线通信技术领域,提供了一种数据包重定向的方法、系统及AP,所述方法包括:无线网卡驱动程序对上行数据包进行处理,修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP;无线网卡驱动程序对下行数据包进行处理,修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP。本发明,相比现有的在应用层实现数据包重定向的方法,当用户数比较多的时候,不会出现页面数据包重定向缓慢的现象,效率上比现有的在应用层实现数据包重定向的方法有一定提高。

The present invention is applicable to the technical field of wireless communication, and provides a data packet redirection method, system and AP. The method includes: the wireless network card driver processes the uplink data packet, and modifies the destination MAC of the uplink http data packet to the AP The MAC, the destination port is 9000, and the destination IP is the IP of the AP; the wireless network card driver processes the downlink data packet, and modifies the source MAC of the downlink http data packet to the original destination MAC in the uplink http data packet, and the source port is the uplink http The original destination port and source IP in the data packet are the original destination IP in the uplink http data packet. Compared with the existing method for implementing data packet redirection at the application layer, the present invention does not cause slow page data packet redirection when the number of users is large, and is more efficient than the existing method for implementing data packet redirection at the application layer. The method of packet redirection has been improved.

Description

数据包重定向的方法、系统及APData packet redirection method, system and AP

技术领域technical field

本发明属于无线通信技术领域,尤其涉及一种数据包重定向的方法、系统及AP。The invention belongs to the technical field of wireless communication, and in particular relates to a data packet redirection method, system and AP.

背景技术Background technique

在商业wifi解决方案中,用户进行portal认证过程中,都会涉及到数据包重定向的问题。在无线用户进行portal认证未通过时,将原本访问互联网的http数据包重定向至无线访问节点(AccessPoint,AP),再由AP对该http数据包做出错误码为302的响应,该响应中包含portal服务器的IP地址,按照http协议规定,用户接下来会自动访问portal服务器。In the commercial wifi solution, the process of portal authentication for users will always involve the problem of data packet redirection. When the wireless user fails the portal authentication, the http data packet that originally accessed the Internet is redirected to the wireless access node (AccessPoint, AP), and then the AP responds to the http data packet with an error code of 302. In the response Contains the IP address of the portal server. According to the http protocol, the user will automatically access the portal server next.

然而,在实现本发明过程中,发明人发现现有技术提供的数据包重定向的方法,是用iptables命令在应用层实现页面数据包重定向,当用户数比较多的时候,会出现页面数据包重定向缓慢的现象,导致用户体验不佳。However, in the process of realizing the present invention, the inventor found that the method of data packet redirection provided by the prior art is to use the iptables command to implement page data packet redirection at the application layer. When the number of users is relatively large, page data will appear. Slow packet redirection, resulting in poor user experience.

发明内容Contents of the invention

有鉴于此,本发明实施例提供一种数据包重定向的方法、系统及AP,以解决现有技术提供的数据包重定向的方法,当用户数比较多的时候,会出现页面数据包重定向缓慢的现象,导致用户体验不佳的问题。In view of this, the embodiment of the present invention provides a data packet redirection method, system and AP to solve the data packet redirection method provided by the prior art. Orientation is slow, resulting in poor user experience.

第一方面,提供一种数据包重定向的方法,所述方法包括:无线网卡驱动程序对上行数据包进行处理,修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP;In the first aspect, a method for data packet redirection is provided. The method includes: the wireless network card driver processes the uplink data packet, and modifies the destination MAC of the uplink http data packet to be the MAC of the AP, the destination port is 9000, and the destination IP is the IP of the AP;

无线网卡驱动程序对下行数据包进行处理,修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP。The wireless network card driver processes the downlink data packets, and modifies the source MAC of the downlink http data packets to the original destination MAC in the uplink http data packets, the source port to the original destination port in the uplink http data packets, and the source IP to the uplink http data packets The original destination IP in .

进一步地,在所述修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP之前,所述方法还包括:Further, before the destination MAC of the modified uplink http data packet is the MAC of the AP, the destination port is 9000, and the destination IP is the IP of the AP, the method also includes:

无线网卡驱动程序接收到来自空口的STA数据包后,对所述STA数据包进行解析;After the wireless network card driver receives the STA data packet from the air interface, the STA data packet is analyzed;

无线网卡驱动程序根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述STA数据包是否是白名单中的数据包。The wireless network card driver judges whether the wireless user has passed the portal authentication according to the parsing result, and if the authentication fails, then judges whether the STA data packet is a data packet in the whitelist.

进一步地,在所述修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP之前,所述方法还包括:Further, the source MAC of the modified downlink http data packet is the original destination MAC in the uplink http data packet, the source port is the original destination port in the uplink http data packet, and the source IP is the original destination IP in the uplink http data packet Previously, the method further included:

无线网卡驱动程序对来自无线网卡的以太类型数据帧进行解析;The wireless network card driver parses the Ethernet data frame from the wireless network card;

无线网卡驱动程序根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述以太类型数据帧是否是白名单中的数据包。The wireless network card driver judges whether the wireless user has passed the portal authentication according to the parsing result, and if the authentication fails, then judges whether the Ethernet type data frame is a data packet in the whitelist.

进一步地,在无线网卡驱动的收包函数ieee80211_input中对上行数据包进行处理。Further, the uplink data packet is processed in the packet receiving function ieee80211_input driven by the wireless network card.

进一步地,在无线网卡驱动的发包函数wlan_vap_send中对下行数据包进行处理。Further, the downlink data packets are processed in the packet sending function wlan_vap_send driven by the wireless network card.

第二方面,提供一种AP,所述AP包括无线网卡驱动程序,所述无线网卡驱动程序包括上行数据包处理单元和下行数据包处理单元;In a second aspect, an AP is provided, the AP includes a wireless network card driver, and the wireless network card driver includes an uplink data packet processing unit and a downlink data packet processing unit;

所述上行数据包处理单元,用于对上行数据包进行处理;The uplink data packet processing unit is configured to process the uplink data packet;

所述上行数据包处理单元包括:The uplink data packet processing unit includes:

上行修改模块,用于修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP;The upstream modification module is used to modify the destination MAC of the upstream http data packet to be the MAC of the AP, the destination port to be 9000, and the destination IP to be the IP of the AP;

所述下行数据包处理单元,用于对下行数据包进行处理;The downlink data packet processing unit is used to process downlink data packets;

所述下行数据包处理单元包括:The downlink data packet processing unit includes:

下行修改模块,用于修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP。The downlink modification module is used to modify the source MAC of the downlink http data packet to be the original destination MAC in the uplink http data packet, the source port to be the original destination port in the uplink http data packet, and the source IP to be the original destination IP in the uplink http data packet .

进一步地,所述上行数据包处理单元还包括:Further, the uplink data packet processing unit also includes:

上行解析模块,用于接收到来自空口的STA数据包后,对所述STA数据包进行解析;An uplink parsing module, configured to parse the STA data packets after receiving the STA data packets from the air interface;

上行判断模块,用于根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述STA数据包是否是白名单中的数据包。The uplink judging module is used to judge whether the wireless user has passed the portal authentication according to the analysis result, and if the authentication fails, judge whether the STA data packet is a data packet in the white list.

进一步地,所述下行数据包处理单元还包括:Further, the downlink data packet processing unit also includes:

下行解析模块,用于对来自无线网卡的以太类型数据帧进行解析;The downlink parsing module is used for parsing the Ethernet type data frame from the wireless network card;

下行判断模块,用于根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述以太类型数据帧是否是白名单中的数据包。The downlink judging module is used to judge whether the wireless user has passed the portal authentication according to the parsing result, and if the authentication fails, then judge whether the Ethernet type data frame is a data packet in the whitelist.

进一步地,所述上行数据包处理单元在无线网卡驱动的收包函数ieee80211_input中对上行数据包进行处理。Further, the uplink data packet processing unit processes the uplink data packet in the packet receiving function ieee80211_input driven by the wireless network card.

进一步地,所述下行数据包处理单元在无线网卡驱动的发包函数wlan_vap_send中对下行数据包进行处理。Further, the downlink data packet processing unit processes the downlink data packet in the packet sending function wlan_vap_send driven by the wireless network card.

第三方面,提供一种数据包重定向的系统,包括用户终端和portal服务器,所述系统还包括如第二方面所述的AP。In a third aspect, a data packet redirection system is provided, including a user terminal and a portal server, and the system further includes the AP as described in the second aspect.

在本发明实施例,数据包重定向的方法是在无线网卡的驱动程序中实现,因此是一种在驱动层实现数据包重定向的方法,相比现有的在应用层实现数据包重定向的方法,当用户数比较多的时候,不会出现页面数据包重定向缓慢的现象,效率上比现有的在应用层实现数据包重定向的方法有一定提高。In the embodiment of the present invention, the method for data packet redirection is implemented in the driver program of the wireless network card, so it is a method for realizing data packet redirection at the driver layer, compared to the existing implementation of data packet redirection at the application layer With the method, when the number of users is relatively large, there will be no slow phenomenon of page data packet redirection, and the efficiency is improved to a certain extent compared with the existing method of realizing data packet redirection at the application layer.

附图说明Description of drawings

图1是本发明数据包重定向的方法实施例的实现流程图;Fig. 1 is the realization flowchart of the method embodiment of data packet redirection of the present invention;

图2是本发明数据包重定向的方法实施例中,无线网卡驱动程序对上行数据包进行处理的实现流程图;Fig. 2 is in the embodiment of the method for data packet redirection of the present invention, the implementation flowchart of wireless network card driver processing uplink data packet;

图3是本发明数据包重定向的方法实施例中,无线网卡驱动程序对下行数据包进行处理的实现流程图;Fig. 3 is in the embodiment of the method for data packet redirection of the present invention, the implementation flowchart of wireless network card driver processing downlink data packet;

图4是本发明AP实施例的结构框图;FIG. 4 is a structural block diagram of an AP embodiment of the present invention;

图5是本发明数据包重定向的系统实施例的结构示意图。Fig. 5 is a schematic structural diagram of a system embodiment of data packet redirection in the present invention.

具体实施方式detailed description

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

在本发明实施例中,无线网卡驱动程序对上行数据包进行处理,修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP,使上行http数据包可以重定向到AP;无线网卡驱动程序对下行数据包进行处理,修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP,用户就可以接收到重定向后的http数据包。In the embodiment of the present invention, the wireless network card driver processes the uplink data packet, and modifies the destination MAC of the uplink http data packet to be the MAC of the AP, the destination port to be 9000, and the destination IP to be the IP of the AP, so that the uplink http data packet can be repeated. Directed to the AP; the wireless network card driver processes the downlink data packet, and modifies the source MAC of the downlink http data packet to the original destination MAC in the uplink http data packet, the source port is the original destination port in the uplink http data packet, and the source IP is The original destination IP in the upstream http data packet, the user can receive the redirected http data packet.

以下结合具体实施例对本发明的实现进行详细描述:The realization of the present invention is described in detail below in conjunction with specific embodiment:

实施例一Embodiment one

图1示出了本发明实施例一提供的数据包重定向的方法的实现流程,详述如下:Fig. 1 shows the implementation process of the method for redirecting data packets provided by Embodiment 1 of the present invention, which is described in detail as follows:

在步骤S101中,无线网卡驱动程序对上行数据包进行处理,修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP。In step S101, the wireless network card driver processes the uplink data packet, and modifies the destination MAC of the uplink http data packet to be the MAC of the AP, the destination port to be 9000, and the destination IP to be the IP of the AP.

在本发明实施例中,AP的无线网卡驱动程序的收包函数ieee80211_input接收到来自空口的STA数据包后,对所述STA数据包进行解析,根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述STA数据包是否是白名单中的数据包,如果不是,则表示所述STA数据包是http数据包,修改所述http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP,如此一来,所述http数据包可以重定向到AP。In the embodiment of the present invention, after the receiving function ieee80211_input of the wireless network card driver of the AP receives the STA data packet from the air interface, it analyzes the STA data packet, and judges whether the wireless user has passed the portal authentication according to the analysis result. Fail, then judge whether described STA data packet is the data packet in the white list, if not, then represent that described STA data packet is http data packet, modify the destination MAC of described http data packet to be the MAC of AP, destination port is 9000, and the destination IP is the IP of the AP, so that the http data packet can be redirected to the AP.

其中,白名单中的数据包包括地址解析协议(ARP,AddressResolutionProtocol)数据包,动态主机分配协议(DHCP,DynamicHostConfigurationProtocol)数据包和域名系统(DNS,DomainNameSystem)数据包。Wherein, the data packets in the whitelist include Address Resolution Protocol (ARP, Address Resolution Protocol) data packets, Dynamic Host Configuration Protocol (DHCP, Dynamic Host Configuration Protocol) data packets and Domain Name System (DNS, Domain Name System) data packets.

其中,收包函数ieee80211_input在http数据包的以太头中修改http数据包的目的MAC为AP的MAC,在http数据包的TCP头中修改http数据包的目的端口为9000,在http数据包的IP头中修改http数据包的目的IP为AP的IP。Among them, the packet receiving function ieee80211_input modifies the destination MAC of the http data packet in the Ethernet header of the http data packet to be the MAC of the AP, modifies the destination port of the http data packet in the TCP header of the http data packet to 9000, and modifies the destination port of the http data packet to 9000 in the Ethernet header of the http data packet. Modify the destination IP of the http packet in the header to the IP of the AP.

具体的,无线网卡驱动程序对来自空口的STA数据包进行处理的流程如图2所示。在图2中,无线网卡驱动程序接收到来自空口的STA数据包后,先判断无线用户的portal认证是否通过,如果通过,则不进行后续处理,如果没有通过,则判断所述STA数据包是否是白名单中的数据包,如果是,则不进行后续处理,如果不是,则表示所述STA数据包是http数据包,可以在http数据包的以太头中修改http数据包的目的MAC为AP的MAC,在http数据包的TCP头中修改http数据包的目的端口为9000,在http数据包的IP头中修改http数据包的目的IP为AP的IP,并继续原有无线网卡驱动程序的收包流程。Specifically, the flow of the wireless network card driver processing the STA data packets from the air interface is shown in FIG. 2 . In Figure 2, after the wireless network card driver receives the STA data packet from the air interface, it first judges whether the portal authentication of the wireless user passes, if it passes, then does not perform subsequent processing, if not, then judges whether the STA data packet is It is a data packet in the whitelist, if it is, no subsequent processing will be performed, if not, it means that the STA data packet is an http data packet, and the destination MAC of the http data packet can be modified in the Ethernet header of the http data packet to be AP MAC, modify the destination port of the http data packet in the TCP header of the http data packet to 9000, modify the destination IP of the http data packet in the IP header of the http data packet to the IP of the AP, and continue the original wireless network card driver Receiving process.

在步骤S102中,无线网卡驱动程序对下行数据包进行处理,修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP。In step S102, the wireless network card driver processes the downlink data packet, modifying the source MAC of the downlink http data packet to be the original destination MAC in the uplink http data packet, and the source port to be the original destination port and source IP in the uplink http data packet It is the original destination IP in the uplink http data packet.

在本发明实施例中,AP的无线网卡驱动程序的发包函数wlan_vap_send对来自无线网卡的以太类型数据帧进行解析,根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述以太类型数据帧是否是白名单中的数据包,如果不是,则表示所述以太类型数据帧是http数据包,修改所述http数据包的源MAC为上行数据包中的原目的MAC、源端口为上行数据包中的原目的端口、源IP为上行数据包中的原目的IP,如此一来,无线用户可以接收到重定向的http数据包。In the embodiment of the present invention, the packet sending function wlan_vap_send of the wireless network card driver of the AP analyzes the Ethernet type data frame from the wireless network card, and judges whether the wireless user has passed the portal authentication according to the analysis result, and if the authentication fails, then judges whether the Ethernet type data frame is a data packet in the white list, if not, it means that the Ethernet type data frame is an http data packet, and the source MAC of the http data packet is modified to be the original destination MAC and source port in the uplink data packet The original destination port and source IP in the uplink data packet are the original destination IP in the uplink data packet, so that the wireless user can receive the redirected http data packet.

其中,原目的MAC、原目的端口和原目的IP是在对上行数据包处理的过程中,从上行http数据包中提取,并按无线用户保存记录下来相关信息。Wherein, the original destination MAC, original destination port and original destination IP are extracted from the uplink http data packet during the process of processing the uplink data packet, and the relevant information is saved and recorded according to the wireless user.

具体的,无线网卡驱动程序对以太类型数据帧进行处理的流程如图3所示。在图3中,无线网卡驱动程序接收到来自无线网卡的以太类型数据帧后,先判断无线用户的portal认证是否通过,如果通过,则不进行后续处理,如果没有通过,则判断所述以太类型数据帧是否是白名单中的数据包,如果是,则不进行后续处理,如果不是,则表示所述以太类型数据帧是http数据包,可以在http数据包的以太头中修改http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP,并继续原有无线网卡驱动程序的发包流程,如此一来,无线用户可以接收到重定向的http数据包。Specifically, the flow of the wireless network card driver processing the Ethernet data frame is shown in FIG. 3 . In Fig. 3, after the wireless network card driver receives the Ethernet type data frame from the wireless network card, it first judges whether the portal authentication of the wireless user passes, if it passes, then does not perform subsequent processing, if not, then judges the Ethernet type Whether the data frame is a data packet in the whitelist, if yes, no subsequent processing is performed, if not, it means that the ether type data frame is an http data packet, and the http data packet can be modified in the ether header of the http data packet The source MAC is the original destination MAC in the uplink http data packet, the source port is the original destination port in the uplink http data packet, the source IP is the original destination IP in the uplink http data packet, and continue the packet sending process of the original wireless network card driver , so that wireless users can receive redirected http data packets.

本实施例,数据包重定向的方法是在无线网卡的驱动程序中实现,因此是一种在驱动层实现数据包重定向的方法,相比现有的在应用层实现数据包重定向的方法,当用户数比较多的时候,不会出现页面数据包重定向缓慢的现象,效率上比现有的在应用层实现数据包重定向的方法有一定提高。In this embodiment, the method for data packet redirection is implemented in the driver program of the wireless network card, so it is a method for realizing data packet redirection at the driver layer, compared to the existing method for realizing data packet redirection at the application layer , when the number of users is relatively large, there will be no slow phenomenon of page data packet redirection, and the efficiency is improved compared with the existing method of realizing data packet redirection at the application layer.

应理解,在本发明实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本发明实施例的实施过程构成任何限定。It should be understood that in the embodiment of the present invention, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the execution order of each process should be determined by its function and internal logic, rather than the implementation process of the embodiment of the present invention. constitute any limitation.

本领域普通技术人员可以理解实现上述各实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,相应的程序可以存储于一计算机可读取存储介质中,所述的存储介质,如ROM/RAM、磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the methods of the above-mentioned embodiments can be completed by instructing related hardware through a program, and the corresponding program can be stored in a computer-readable storage medium. Media, such as ROM/RAM, magnetic disk or optical disk, etc.

实施例二Embodiment two

图4示出了本发明实施例二提供的AP的具体结构框图,为了便于说明,仅示出了与本发明实施例相关的部分。该AP4包括:无线网卡驱动程序41,所述无线网卡驱动程序41包括:上行数据包处理单元411和下行数据包处理单元412。FIG. 4 shows a specific structural block diagram of an AP provided in Embodiment 2 of the present invention. For ease of description, only parts related to the embodiment of the present invention are shown. The AP4 includes: a wireless network card driver 41 , and the wireless network card driver 41 includes: an uplink data packet processing unit 411 and a downlink data packet processing unit 412 .

其中,所述上行数据包处理单元411,用于对上行数据包进行处理;Wherein, the uplink data packet processing unit 411 is configured to process the uplink data packet;

所述上行数据包处理单元411包括:The uplink data packet processing unit 411 includes:

上行修改模块,用于修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP;The upstream modification module is used to modify the destination MAC of the upstream http data packet to be the MAC of the AP, the destination port to be 9000, and the destination IP to be the IP of the AP;

所述下行数据包处理单元412,用于对下行数据包进行处理;The downlink data packet processing unit 412 is configured to process the downlink data packet;

所述下行数据包处理单元412包括:The downlink data packet processing unit 412 includes:

下行修改模块,用于修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP。The downlink modification module is used to modify the source MAC of the downlink http data packet to be the original destination MAC in the uplink http data packet, the source port to be the original destination port in the uplink http data packet, and the source IP to be the original destination IP in the uplink http data packet .

进一步地,所述上行数据包处理单元411还包括:Further, the uplink data packet processing unit 411 also includes:

上行解析模块,用于接收到来自空口的STA数据包后,对所述STA数据包进行解析;An uplink parsing module, configured to parse the STA data packets after receiving the STA data packets from the air interface;

上行判断模块,用于根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述STA数据包是否是白名单中的数据包,如果所述STA数据包不是白名单中的数据包,则可以确定所述STA数据包是http数据包,可以调用上行修改模块修改上行http数据包的目的MAC为AP的MAC、目的端口为9000、目的IP为AP的IP。The uplink judging module is used to judge whether the wireless user has passed the portal authentication according to the analysis result, if the authentication fails, then judge whether the STA data packet is a data packet in the whitelist, if the STA data packet is not the data in the whitelist package, then it can be determined that the STA data packet is an http data packet, and the uplink modification module can be called to modify the destination MAC of the uplink http data packet to be the MAC of the AP, the destination port to be 9000, and the destination IP to be the IP of the AP.

进一步地,所述下行数据包处理单元412还包括:Further, the downlink data packet processing unit 412 also includes:

下行解析模块,用于对来自无线网卡的以太类型数据帧进行解析;The downlink parsing module is used for parsing the Ethernet type data frame from the wireless network card;

下行判断模块,用于根据解析结果判断无线用户是否通过portal认证,如果认证未通过,则判断所述以太类型数据帧是否是白名单中的数据包,如果所述以太类型数据帧不是白名单中的数据包,则可以确定所述以太类型数据帧是http数据包,可以调用下行修改模块修改下行http数据包的源MAC为上行http数据包中的原目的MAC、源端口为上行http数据包中的原目的端口、源IP为上行http数据包中的原目的IP。The downlink judging module is used to judge whether the wireless user has passed the portal authentication according to the analysis result, if the authentication fails, then judge whether the Ethernet type data frame is a packet in the whitelist, if the Ethernet type data frame is not in the whitelist data packet, then it can be determined that the Ethernet type data frame is an http data packet, and the downlink modification module can be called to modify the source MAC of the downlink http data packet to be the original destination MAC in the uplink http data packet, and the source port is in the uplink http data packet The original destination port and source IP are the original destination IP in the uplink http data packet.

进一步地,所述上行数据包处理单元411在无线网卡驱动的收包函数ieee80211_input中对上行数据包进行处理。Further, the uplink data packet processing unit 411 processes the uplink data packet in the packet receiving function ieee80211_input driven by the wireless network card.

进一步地,所述下行数据包处理单元412在无线网卡驱动的发包函数wlan_vap_send中对下行数据包进行处理。Further, the downlink data packet processing unit 412 processes the downlink data packet in the packet sending function wlan_vap_send driven by the wireless network card.

本发明实施例提供的AP可以应用在前述对应的方法实施例一中,详情参见上述实施例一的描述,在此不再赘述。The AP provided in this embodiment of the present invention may be applied in the foregoing first corresponding method embodiment. For details, refer to the description of the foregoing first embodiment, which will not be repeated here.

实施例三Embodiment three

图5示出了本发明实施例三提供的数据包重定向的系统的结构示意图,为了便于说明,仅示出了与本发明实施例相关的部分。该数据包重定向的系统包括用户终端station和portal服务器,还包括实施例二中所述的AP。无线用户portal认证未通过时,在AP的无线网卡驱动程序中对无线用户上下行数据的TCP头、IP头和以太头进行修改,这样一来,原本访问互联网的http数据重定向到AP,再由AP对该http做出错误码为302的响应,该响应中包含portal服务器的IP地址,按照http协议规定,无线用户接下来会自动访问portal服务器,这样就实现了商业wifi解决方案中常用的在用户终端弹出portal页面的功能。FIG. 5 shows a schematic structural diagram of a data packet redirection system provided by Embodiment 3 of the present invention. For ease of description, only parts related to the embodiment of the present invention are shown. The data packet redirection system includes a user terminal station and a portal server, and also includes the AP described in the second embodiment. When the wireless user portal authentication fails, modify the TCP header, IP header, and Ethernet header of the wireless user's uplink and downlink data in the AP's wireless network card driver. In this way, the http data that originally accessed the Internet is redirected to the AP, and then The AP responds to the http with an error code of 302, which contains the IP address of the portal server. According to the http protocol, the wireless user will automatically access the portal server next, thus realizing the common use in commercial wifi solutions. The function of popping up the portal page on the user terminal.

本发明实施例提供的数据包重定向的系统可以应用在前述对应的方法实施例一中,详情参见上述实施例一的描述,在此不再赘述。The data packet redirection system provided by the embodiment of the present invention can be applied in the aforementioned first corresponding method embodiment. For details, refer to the description of the aforementioned first embodiment, which will not be repeated here.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present invention.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.

所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,RandomAccessMemory)、磁碟或者光盘等各种可以存储程序代码的介质。If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), magnetic disk or optical disk and other media that can store program codes.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应所述以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (11)

1. the method that packet is redirected, it is characterized in that, described method comprises:
WLAN Device Driver processes upstream data bag, and the object MAC revising up http packet is the MAC of AP, destination interface is 9000, object IP is the IP of AP;
WLAN Device Driver processes downlink data packet, and the source MAC revising descending http packet is former object MAC in up http packet, source port is former destination interface in up http packet, source IP is former object IP in up http packet.
2. the method for claim 1, is characterized in that, the object MAC of the up http packet of described amendment be the MAC of AP, before destination interface is 9000, object IP is the IP of AP, described method also comprises:
WLAN Device Driver receives from after the STA packet of eating dishes without rice or wine, and resolves described STA packet;
According to analysis result, WLAN Device Driver judges that whether wireless user is by portal certification, if certification is not passed through, then judge that whether described STA packet is the packet in white list.
3. the method for claim 1, it is characterized in that, the source MAC of described amendment descending http packet be former object MAC in up http packet, before source port is former destination interface in up http packet, source IP is the former object IP in up http packet, described method also comprises:
WLAN Device Driver is resolved the EtherType Frame from wireless network card;
According to analysis result, WLAN Device Driver judges that whether wireless user is by portal certification, if certification is not passed through, then judge that whether described EtherType Frame is the packet in white list.
4. method as claimed in claim 2, is characterized in that, processes in the packet receiving function ieee80211_input that wireless network card drives to upstream data bag.
5. method as claimed in claim 3, is characterized in that, processes in the function wlan_vap_send that gives out a contract for a project that wireless network card drives to downlink data packet.
6. an AP, is characterized in that, described AP comprises WLAN Device Driver, and described WLAN Device Driver comprises upstream data bag processing unit and downlink data packet processing unit;
Described upstream data bag processing unit, for processing upstream data bag;
Described upstream data bag processing unit comprises:
Up modified module, for revising MAC that the object MAC of up http packet is AP, destination interface is 9000, object IP is the IP of AP;
Described downlink data packet processing unit, for processing downlink data packet;
Described downlink data packet processing unit comprises:
Descending modified module, for revising, the source MAC of descending http packet is former object MAC in up http packet, source port is former destination interface in up http packet, source IP is former object IP in up http packet.
7. AP as claimed in claim 6, it is characterized in that, described upstream data bag processing unit also comprises:
Up parsing module, for receiving from after the STA packet of eating dishes without rice or wine, resolves described STA packet;
Up judge module, for judging that according to analysis result whether wireless user is by portal certification, if certification is not passed through, then judges that whether described STA packet is the packet in white list.
8. AP as claimed in claim 6, it is characterized in that, described downlink data packet processing unit also comprises:
Descending parsing module, for resolving the EtherType Frame from wireless network card;
Descending judge module, for judging that according to analysis result whether wireless user is by portal certification, if certification is not passed through, then judges that whether described EtherType Frame is the packet in white list.
9. AP as claimed in claim 7, is characterized in that, processes in the packet receiving function ieee80211_input that described upstream data bag processing unit drives at wireless network card to upstream data bag.
10. AP as claimed in claim 8, is characterized in that, processes in the function wlan_vap_send that gives out a contract for a project that described downlink data packet processing unit drives at wireless network card to downlink data packet.
The system that 11. 1 kinds of packets are redirected, comprise user terminal and portal server, it is characterized in that, described system also comprises the AP as described in any one of claim 5 to 10.
CN201510678841.2A 2015-10-19 2015-10-19 Method, system and the wireless access node that packet redirects Active CN105338528B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510678841.2A CN105338528B (en) 2015-10-19 2015-10-19 Method, system and the wireless access node that packet redirects
PCT/CN2016/092123 WO2017067267A1 (en) 2015-10-19 2016-07-28 Data packet redirection method, system and ap

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510678841.2A CN105338528B (en) 2015-10-19 2015-10-19 Method, system and the wireless access node that packet redirects

Publications (2)

Publication Number Publication Date
CN105338528A true CN105338528A (en) 2016-02-17
CN105338528B CN105338528B (en) 2017-11-10

Family

ID=55288730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510678841.2A Active CN105338528B (en) 2015-10-19 2015-10-19 Method, system and the wireless access node that packet redirects

Country Status (2)

Country Link
CN (1) CN105338528B (en)
WO (1) WO2017067267A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017067267A1 (en) * 2015-10-19 2017-04-27 华讯方舟科技有限公司 Data packet redirection method, system and ap
CN108848198A (en) * 2018-05-07 2018-11-20 上海中兴易联通讯股份有限公司 A kind of Portal differentiation method for pushing of multi-service forward mode AP

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553448B (en) * 2020-11-18 2024-05-17 上海汽车集团股份有限公司 Vehicle-mounted network information security system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101064659A (en) * 2006-04-28 2007-10-31 腾讯科技(深圳)有限公司 Data transmission system and method
US20110173682A1 (en) * 2003-08-13 2011-07-14 Verizon Corporate Services Group, Inc. System and Method for Wide Area Wireless Connectivity to the Internet
CN103491065A (en) * 2012-06-14 2014-01-01 中兴通讯股份有限公司 Transparent proxy and transparent proxy realization method
CN103825881A (en) * 2013-12-13 2014-05-28 福建三元达通讯股份有限公司 Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130007286A1 (en) * 2011-06-29 2013-01-03 Juniper Networks, Inc. User session routing between mobile network gateways
CN104283972B (en) * 2014-10-28 2018-06-08 成都西加云杉科技有限公司 Information push method, equipment and system based on browser
CN105338528B (en) * 2015-10-19 2017-11-10 华讯方舟科技有限公司 Method, system and the wireless access node that packet redirects

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110173682A1 (en) * 2003-08-13 2011-07-14 Verizon Corporate Services Group, Inc. System and Method for Wide Area Wireless Connectivity to the Internet
CN101064659A (en) * 2006-04-28 2007-10-31 腾讯科技(深圳)有限公司 Data transmission system and method
CN103491065A (en) * 2012-06-14 2014-01-01 中兴通讯股份有限公司 Transparent proxy and transparent proxy realization method
CN103825881A (en) * 2013-12-13 2014-05-28 福建三元达通讯股份有限公司 Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017067267A1 (en) * 2015-10-19 2017-04-27 华讯方舟科技有限公司 Data packet redirection method, system and ap
CN108848198A (en) * 2018-05-07 2018-11-20 上海中兴易联通讯股份有限公司 A kind of Portal differentiation method for pushing of multi-service forward mode AP
CN108848198B (en) * 2018-05-07 2021-06-29 上海中兴易联通讯股份有限公司 A Portal Differential Push Method for APs in Multi-Service Forwarding Mode

Also Published As

Publication number Publication date
CN105338528B (en) 2017-11-10
WO2017067267A1 (en) 2017-04-27

Similar Documents

Publication Publication Date Title
CN101227407B (en) Method and apparatus for sending message based on two layer tunnel protocol
EP3032859B1 (en) Access control method and system, and access point
CN103918246B (en) For being segmented the system and method for carrying out packet processing to IP using network address translation function
CN103825821B (en) A kind of message forwarding method and a kind of network access equipment
US20170289065A1 (en) Interworking between physical network and virtual network
US11337211B2 (en) Operation request generating method, device, and system
CN107819732A (en) The method and apparatus of user terminal access local network
WO2016086670A1 (en) Vxlan packet transmission method and apparatus, and storage medium
US10075441B2 (en) Method for transferring authorization information, relay device, and server
US20230006937A1 (en) Packet flow identification with reduced decode operations
CN110855804A (en) Network access method, wireless terminal access device and downlink device
CN105338528B (en) Method, system and the wireless access node that packet redirects
US20200112870A1 (en) Method for transmitting information, method for receiving information, pdcp entity, and computer storage medium
CN114556894A (en) Method, apparatus and computer program product for packet forwarding control protocol message bundling
CN107820246B (en) User authentication method, device and system
JP2016208513A (en) Relay method and corresponding communication network device, system, computer program, and computer-readable storage medium
CN107645391B (en) Port configuration method and device of interface expansion equipment
CN103609050A (en) An air interface transmission method and related equipment and system
WO2025036184A1 (en) Dns information processing method and apparatus, address overlapping processing method and apparatus, and communication device
CN103619032B (en) Wireless routing device optimization method and device
CN103796195B (en) Data transmission processing method, data transmission processing system and data service gateway
CN114500028A (en) Network access control method and device and computer equipment
CN105763414A (en) Method and device for learning table entry
CN105119829B (en) Data transmission method, device and system
JP6213028B2 (en) Communication system, communication method, communication program, and communication apparatus

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 518000 Guangdong city of Shenzhen province Baoan District Xixiang Bao Tian Yi Lu Chen Tian Industrial District 37 Building 1 floor

Applicant after: CHINA COMMUNICATION TECHNOLOGY Co.,Ltd.

Applicant after: SHENZHEN CCT SOFTWARE INFORMATION Co.,Ltd.

Address before: 518000 Guangdong city of Shenzhen province Baoan District Xixiang Bao Tian Yi Lu Chen Tian Industrial District 37 Building 1 floor

Applicant before: CHINA COMMUNICATION TECHNOLOGY Co.,Ltd.

Applicant before: SHENZHEN CCT SOFTWARE INFORMATION Co.,Ltd.

COR Change of bibliographic data
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Han Haifeng

Inventor after: Zhao Shukai

Inventor after: Fan Congming

Inventor before: Han Haifeng

GR01 Patent grant
GR01 Patent grant
PP01 Preservation of patent right
PP01 Preservation of patent right

Effective date of registration: 20210630

Granted publication date: 20171110

PD01 Discharge of preservation of patent
PD01 Discharge of preservation of patent

Date of cancellation: 20230421

Granted publication date: 20171110

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230713

Address after: 518000 404, building 37, chentian Industrial Zone, chentian community, Xixiang street, Bao'an District, Shenzhen City, Guangdong Province

Patentee after: Shenzhen Huaxun ark Photoelectric Technology Co.,Ltd.

Address before: 518000 1st floor, building 37, chentian Industrial Zone, Baoan District, Shenzhen City, Guangdong Province

Patentee before: CHINA COMMUNICATION TECHNOLOGY Co.,Ltd.

Patentee before: SHENZHEN CCT SOFTWARE INFORMATION Co.,Ltd.