[go: up one dir, main page]

WO2017054526A1 - Arp entry generation method and device - Google Patents

Arp entry generation method and device Download PDF

Info

Publication number
WO2017054526A1
WO2017054526A1 PCT/CN2016/086454 CN2016086454W WO2017054526A1 WO 2017054526 A1 WO2017054526 A1 WO 2017054526A1 CN 2016086454 W CN2016086454 W CN 2016086454W WO 2017054526 A1 WO2017054526 A1 WO 2017054526A1
Authority
WO
WIPO (PCT)
Prior art keywords
dhcp
arp entry
client
address
arp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/086454
Other languages
French (fr)
Chinese (zh)
Inventor
张玉磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2017054526A1 publication Critical patent/WO2017054526A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Definitions

  • the present application relates to, but is not limited to, the field of communications, and in particular, to an address resolution protocol ARP entry generation method and apparatus.
  • the Dynamic Host Configuration Protocol is a network configuration protocol that is optimized and extended based on the Bootstrap Protocol (BOOTP). With the development of the network and the expansion of the network, the network complexity is getting higher and higher, and the network configuration is more and more complicated.
  • the network device generally uses the DHCP protocol to allocate the host address.
  • DHCP snooping is a DHCP security feature that filters untrusted DHCP information by establishing and maintaining a DHCP snooping binding table. This information refers to DHCP information from untrusted areas.
  • the DHCP snooping binding table contains the Media Access Control (MAC) address, the Internet Protocol (IP) address, the lease period, and the virtual local area network identity (Virtual Local Area Network). -Identity, abbreviated as VLAN-ID) interface and other information.
  • MAC Media Access Control
  • IP Internet Protocol
  • VLAN-ID Virtual Local Area Network
  • the Address Resolution Protocol is a Transmission Control Protocol/Internet Protocol (TCP/IP) that acquires a physical address based on an IP address.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the host sends the information, it broadcasts the ARP request containing the target IP address to all hosts on the network, and receives the return message to determine the physical address of the target. After receiving the return message, the IP address and physical address are stored in the local ARP.
  • the cache keeps a certain amount of time, and the next time the request is made, the ARP cache is directly queried to save resources.
  • a Layer 3 gateway also has ARP entries. After the host obtains an IP address, the host learns ARP through ARP. In the case of the ARP entry, the ARP entry in the network may be overwritten by the ARP entry. The ARP entry on the Layer 3 gateway device may be overwritten. , resulting in a host of abnormal Internet access, reduced call quality and other quality of service defects and security risks.
  • the embodiment of the invention provides a method and a device for generating an ARP entry, which solves the problem that the reliability of the ARP entry in the related art is low.
  • a method for generating an ARP entry including: obtaining a dynamic host configuration protocol requesting a DHCP REQUEST message, and parsing a MAC address of the client carried in the DHCP REQUEST message and the client request The assigned IP address, wherein the DHCP REQUEST message is sent by the client to the DHCP server; determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; When the first DHCP ACK packet is received, the MAC address and the IP address assigned by the client request are written into the ARP entry as an ARP entry.
  • the method further includes: obtaining a dynamic host configuration protocol requesting a DHCP DISCOVER message in a broadcast form, and parsing the MAC address carried in the DHCP DISCOVER message, before acquiring the DHCP REQUEST message,
  • the DHCP DISCOVER packet is sent by the client to the DHCP server, and one or more dynamic host configuration protocol IP addresses carrying the MAC address are used to supply a DHCP OFFER packet, and the one is parsed.
  • one or more IP addresses carried in the multiple DHCP OFFER messages where the one or more DHCP OFFER messages are sent by the DHCP server to the client.
  • the method further includes: following the DHCP address lease after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry. Aging time, aging the ARP entry.
  • the method further includes: after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry, obtaining a DHCP REQUEST carrying the MAC address. a renewal lease message, wherein the DHCP REQUEST renewal message is sent by the client to the DHCP server; and determining whether the DHCP server receives a second DHCP response to the DHCP REQUEST renewal message
  • the ACK packet is updated, and the aging time of the ARP entry is updated when it is determined that the second DHCP ACK packet is received.
  • the method further includes: after the MAC address and the IP address assigned by the client request are used as the ARP entry, the dynamic host that carries the MAC address is obtained.
  • the configuration protocol releases the DHCP RELEASE message; the ARP entry is deleted.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • the method further includes: receiving an ARP learning report sent by the client after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry. Determining whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request; determining the ARP learning The source MAC address and the source IP address carried in the packet are the same as the MAC address recorded in the ARP entry and the IP address allocated by the client, and the ARP response packet is sent to the client.
  • the method further includes: after aging the ARP entry according to the aging time of the DHCP address lease, determining whether the ARP entry has aged; and determining that the ARP entry is aged, Checking whether the client is online; in the case that the client is checked to be online, the ARP entry is converted into a dynamic ARP entry; and when it is checked that the client is not online, the ARP entry is deleted.
  • An ARP entry generating apparatus includes: a first processing module, a first determining module, and a writing module.
  • the first processing module is configured to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address allocated by the client request Address, wherein the DHCP REQUEST message is sent by the client to a DHCP server.
  • the first determining module is configured to determine whether the first DHCP ACK message of the DHCP server in response to the DHCP REQUEST message is received.
  • Writing to the module configured to: when the first determining module determines that the first DHCP ACK message is received, writing the MAC address and the IP address allocated by the client request to the ARP table as an ARP entry item.
  • the first processing module is further configured to:
  • the dynamic host configuration protocol in the broadcast form requests the DHCP DISCOVER packet, and parses the MAC address carried in the DHCP DISCOVER packet, where the DHCP DISCOVER packet is The client sends the message to the DHCP server.
  • IP addresses carrying the MAC address to provide a DHCP OFFER message
  • IP addresses carrying the MAC address to provide a DHCP OFFER message
  • parsing one or more IP addresses carried in the one or more DHCP OFFER messages where One or more DHCP OFFER messages are sent by the DHCP server to the client.
  • the device further includes: an aging module.
  • An aging module configured to: after the write module writes the MAC address and the IP address assigned by the client request to the ARP entry as the ARP entry, according to a DHCP address lease aging time, ARP entries are aged.
  • the device further includes: a first obtaining module, a second determining module, and an updating module.
  • a first obtaining module configured to acquire, after the writing module writes the MAC address and the IP address that is requested by the client as the ARP entry into the ARP entry, acquiring the MAC address A DHCP REQUEST renewal message, wherein the DHCP REQUEST renewal message is sent by the client to the DHCP server.
  • the second determining module is configured to determine whether the second DHCP ACK message of the DHCP server in response to the DHCP REQUEST renewal message is received.
  • an update module configured to update an aging time of the ARP entry if it is determined that the second DHCP ACK message is received.
  • the device further includes: a second acquiring module.
  • a second obtaining module configured to acquire, after the writing module writes the MAC address and the IP address that is requested by the client to the ARP entry as the ARP entry, to obtain the MAC address DHCP RELEASE message.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • the device further includes: a receiving module, a third determining module, and a sending module.
  • the receiving module is configured to receive the ARP learning report sent by the client after the writing module writes the MAC address and the IP address that the client requests to be the ARP entry to the ARP entry. Text.
  • the third determining module is configured to determine whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request.
  • a sending module configured to determine, by the third determining module, a source MAC address and a source IP address carried in the ARP learning packet, and the MAC address recorded in the ARP entry and the IP address allocated by the client request If the addresses are the same, an ARP response packet is sent to the client.
  • the device further includes: a fourth determining module.
  • the fourth judging module is configured to determine whether the ARP entry has aged after the aging module ages the ARP entry according to the aging time of the DHCP address lease.
  • the checking module is configured to check whether the client is online if the fourth determining module determines that the ARP entry has aged.
  • a second processing module configured to: when the check module checks that the client is online, convert the ARP entry into a dynamic ARP entry; if the check module detects that the client is offline , delete the ARP entry.
  • a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the address resolution protocol ARP entry generation method.
  • the solution of the embodiment of the present invention is to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address requested by the client, where the DHCP REQUEST packet is sent by the client to the DHCP server. Determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; if it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written as the ARP entry.
  • the method of entering ARP entries solves the problem of low reliability of ARP entries in related technologies and improves the reliability of ARP entries.
  • FIG. 1 is a flowchart of a method for generating an ARP entry according to an embodiment of the present invention
  • FIG. 2 is a structural block diagram of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 3 is a block diagram 1 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention
  • FIG. 4 is a block diagram 2 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention
  • FIG. 5 is a block diagram 3 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 6 is a block diagram 4 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 7 is a block diagram 5 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • FIG. 8 is a block diagram 1 of a networking structure according to an alternative embodiment of the present invention.
  • FIG. 9 is a block diagram 2 of a networking structure according to an alternative embodiment of the present invention.
  • FIG. 10 is a timing diagram of a method for generating an ARP entry in accordance with an alternative embodiment of the present invention.
  • FIG. 11 is a flowchart of an ARP learning method according to an alternative embodiment of the present invention.
  • FIG. 12 is a flow chart of an ARP entry aging method in accordance with an alternate embodiment of the present invention.
  • FIG. 1 is a flowchart of a method for generating an ARP entry according to an embodiment of the present invention. As shown in FIG. 1, the process includes steps S101-S103:
  • Step S101 Acquire a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address that the client requests to allocate, where the DHCP REQUEST packet is sent by the client to the DHCP server.
  • Step S102 Determine whether the first DHCP ACK message of the DHCP server in response to the DHCP REQUEST message is received.
  • Step S103 In the case that it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written into the ARP entry as an ARP entry.
  • the client MAC address carried in the DHCP REQUEST packet and the IP address that has been confirmed to be assigned to the client are written into the ARP entry as the ARP entry.
  • the ARP entry generated by the method only updates the ARP entry when the client requests the IP address allocation from the DHCP server. Therefore, there is no problem that the reliability of the ARP entry caused by learning ARP in the address resolution protocol is low. It can be seen that the above steps solve the problem that the reliability of the ARP entry in the related art is low, and the reliability of the ARP entry is improved.
  • the ARP entry includes the VLAN and the interface information of the virtual local area network.
  • the VLAN and the interface information are information about the VLAN and interface used by the client to send DHCP packets.
  • the foregoing method may be applied to a Layer 3 gateway device, where the Layer 3 gateway may be a DHCP relay or a DHCP server.
  • the MAC address of the client carried in the DHCP DISCOVER packet can be obtained.
  • the DHCP server that receives the DHCP DISCOVER packet sends a DHCP OFFER packet to the client, so that the client can be obtained.
  • One or more DHCP OFFER packet methods of the MAC address, and parsing one or more IP addresses carried in one or more DHCP OFFER packets.
  • the access information consistency check may be performed after intercepting the DHCP request message; Reaching DHCP with the same MAC address If the access information is inconsistent, the ARP entry is not generated based on the intercepted two DHCP DISCOVER messages and the DHCP REQUEST message.
  • the DHCP address lease and the ARP entry are controlled by the aging time.
  • the ARP entry can be obtained according to the DHCP address lease aging time after the step S103. Perform aging.
  • the client can send a DHCP REQUEST renewal request to the DHCP server. Therefore, the second DHCP can be received by the DHCP server in response to the DHCP REQUEST renewal message.
  • the aging time of the ARP entry is updated according to the client's renewal request. For example, after the step S103, the DHCP REQUEST renewal message carrying the MAC address may be acquired, where the DHCP REQUEST renews the lease.
  • the message is sent by the client to the DHCP server; it is determined whether the second DHCP ACK message of the DHCP server responding to the DHCP REQUEST renewal message is received; and the ARP entry is updated when it is determined that the second DHCP ACK message is received. Aging time.
  • the DHCP server may release the IP address assigned to the client. Therefore, the ARP entry corresponding to the MAC address of the client may be deleted, for example, in the foregoing steps. After S103, the DHCP RELEASE packet carrying the MAC address may also be obtained; and the ARP entry is deleted.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol, wherein the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol, and the ARP entry cannot be represented as an ARP entry according to the address resolution protocol.
  • the generated dynamic ARP entry is overwritten.
  • the ARP learning packet sent by the client may be received, and the validity of the client is confirmed according to the MAC address and the IP address of the client, and the ARP response is sent to the client when the client is legal.
  • the packet is not acknowledged if the client is not legal.
  • the ARP learning packet sent by the client can be received.
  • the source MAC address and the source IP address carried in the ARP learning packet are recorded in the ARP entry.
  • the MAC address is the same as the IP address assigned by the client request.
  • the source MAC address and source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address assigned by the client request.
  • the ARP entry may be aged according to the aging time of the DHCP address lease, and the ARP entry may be aged. If the ARP entry is aged, the aging ARP entry may be processed according to whether the client is online. For example, after aging the ARP entry according to the aging time of the DHCP address lease, you can determine whether the ARP entry is aged. If the ARP entry is aged, check whether the client is online. Check the client online. In the case of ARP entries, the ARP entries are converted to dynamic ARP entries; in the case where the client is not online, the ARP entries are deleted.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, disk).
  • the optical disc includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in various embodiments of the present invention.
  • An ARP entry generating device is also provided in this embodiment, and the device is configured to implement the foregoing embodiments and optional embodiments, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the apparatus includes: a first processing module 21, a first judging module 22, and a writing module 23, wherein the first processing module 21: Set to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address assigned by the client request, where the DHCP REQUEST packet is sent by the client to the DHCP server;
  • the module 22 is coupled to the first processing module 21 and configured to determine whether the first DHCP ACK message of the DHCP server is received in response to the DHCP REQUEST message.
  • the writing module 23 is coupled to the first determining module 22 and configured to determine When the first DHCP ACK message is received, the MAC address is The IP address that the client requests to be assigned is the ARP entry to be written to the ARP entry.
  • the device may further include: a third processing module, configured to obtain a DHCP DISCOVER message, and parse the MAC address carried in the DHCP DISCOVER message, where the DHCP DISCOVER message is sent by the client to the DHCP server;
  • the fourth processing module is coupled to the third processing module and the first processing module 21, configured to acquire one or more DHCP OFFER messages carrying the MAC address, and parse the one or more DHCP OFFER messages.
  • FIG. 3 is a block diagram of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: an aging module 31 coupled to the writing module 23, configured to follow a DHCP address. Aging entries are aged and the ARP entries are aged.
  • FIG. 4 is a block diagram 2 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a first obtaining module 41, a second determining module 42, and an updating module 43.
  • the first obtaining module 41 is coupled to the aging module 31 and configured to obtain a DHCP REQUEST renewal message carrying a MAC address, where the DHCP REQUEST renewal message is sent by the client to the DHCP server;
  • the module 42 is coupled to the first obtaining module 41, and configured to determine whether the second DHCP ACK message of the DHCP server responding to the DHCP REQUEST renewal message is received.
  • the updating module 43 is coupled to the second determining module 42 and configured to be When it is determined that the second DHCP ACK packet is received, the aging time of the ARP entry is updated.
  • FIG. 5 is a block diagram 3 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a second obtaining module 51 and a deleting module 52, wherein the second acquiring module 51, coupled to the write module 23, configured to acquire a DHCP RELEASE message carrying a MAC address; the deletion module 52, coupled to the second acquisition module 51, configured to delete the ARP entry.
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • FIG. 6 is a block diagram of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a receiving module 61, a third determining module 62, and a sending module 63, where The receiving module 61 is coupled to the writing module 23 and configured to receive the ARP sent by the client.
  • the third message determining module 62 is coupled to the receiving module 61 and configured to determine whether the source MAC address and the source IP address carried in the ARP learning packet are the MAC address recorded in the ARP entry and the IP address assigned by the client request.
  • the sending module 63 is coupled to the third determining module 62, and is configured to determine that the source MAC address and the source IP address carried in the ARP learning packet are the same as the MAC address recorded in the ARP entry and the IP address assigned by the client request. In case, an ARP response packet is sent to the client.
  • FIG. 7 is a block diagram 5 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a fourth determining module 71, an inspecting module 72, and a second processing module 73.
  • the fourth determining module 71 is coupled to the aging module 31, configured to determine whether the ARP entry has aged;
  • the checking module 72 is coupled to the fourth determining module 71, and configured to check if the ARP entry is aged. Whether the client is online;
  • the second processing module 73 coupled to the checking module 72, is configured to convert the ARP entry to a dynamic ARP entry if the client is checked online; otherwise, delete the ARP entry.
  • each of the foregoing modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
  • the embodiment of the invention further provides a software, which is arranged to perform the technical solutions described in the above embodiments and preferred embodiments.
  • the storage medium is further arranged to store program code arranged to perform the following steps:
  • S100 Obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address allocated by the client request, where the DHCP REQUEST packet is sent by the client to the DHCP server.
  • the storage medium is further arranged to store program code for performing the following steps:
  • S110 Acquire a DHCP DISCOVER packet and parse the DHCP DISCOVER packet.
  • S120 Obtain one or more DHCP OFFER messages carrying a MAC address, and parse one or more IP addresses carried in one or more DHCP OFFER messages, where one or more DHCP OFFER messages are DHCP servers. Sent to the client.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the ARP entry is aged according to the aging time of the DHCP address lease.
  • the storage medium is further arranged to store program code for performing the following steps:
  • S710 Obtain a DHCP REQUEST renewal message carrying a MAC address, where the DHCP REQUEST renewal message is sent by the client to the DHCP server.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the storage medium is further arranged to store program code for performing the following steps:
  • the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.
  • the storage medium is further arranged to store program code for performing the following steps:
  • S902 Determine whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request.
  • the ARP response packet is sent to the client.
  • a computer readable storage medium storing computer executable instructions, the computer being executable
  • the address resolution protocol ARP entry generation method is implemented when the row instruction is executed by the processor.
  • Embodiments of the present invention also provide a storage medium.
  • the above storage medium may be configured to store program code for performing the following steps:
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a read-only memory (ROM), a random access memory (RAM), and a mobile device.
  • ROM read-only memory
  • RAM random access memory
  • An alternative embodiment of the present invention provides a method for generating an ARP entry on a Layer 3 gateway device.
  • the device intercepts and intercepts DHCP packets, and extracts the IP and MAC information required for the ARP entry.
  • the Layer 3 The gateway device adds the ARP entry to the ARP entry.
  • the ARP entry is aged according to the address assigned by the DHCP.
  • the ARP entry aging time is updated.
  • the priority of the ARP entry is greater than the dynamic ARP entry priority and cannot be overwritten by the dynamic ARP entry. Therefore, the legality of the ARP entry is ensured, the security is improved, and the burden of the device for dynamic host ARP learning is also reduced.
  • FIG. 8 is a block diagram of a networking structure according to an alternative embodiment of the present invention.
  • the Layer 3 gateway may be a DHCP relay.
  • FIG. 9 is a block diagram 2 of a networking structure according to an alternative embodiment of the present invention. As shown in FIG. 9, a Layer 3 gateway may also be deployed on a same device as a DHCP server.
  • FIG. 10 is a timing diagram of a method for generating an ARP entry according to an alternative embodiment of the present invention. As shown in FIG. 10, the flow includes steps S1001-S1007:
  • step S1001 the host (equivalent to the above client) provides DHCP to the DHCP protocol.
  • the device sends a DHCP DISCOVER packet, and listens to or intercepts the DHCP DISCOVER packet on the Layer 3 gateway device to extract the legal access information and MAC information of the host.
  • Step S1002 The DHCP server receives the DHCP DISCOVER message for protocol processing, and returns a DHCP OFFER message to the host, and listens to or intercepts the DHCP OFFER message on the Layer 3 gateway device to extract the MAC information, performs matching, finds the entry generated in step S1002, and extracts the entry.
  • the IP address information is written to the entry.
  • step S1003 the host receives the DHCP OFFER packet for protocol processing, and sends a DHCP REQUEST packet to the DHCP server, and listens to or intercepts the DHCP REQUEST packet on the Layer 3 gateway device to extract the MAC information, and finds the entry generated in step S1002, and performs the connection. Into the information consistency check.
  • Step S1004 After receiving the DHCP REQUEST, the DHCP server performs protocol processing to return a DHCP ACK message to the host, and listens to or intercepts the DHCP ACK message on the Layer 3 gateway device to extract the MAC information, and matches the entry generated in step S1002, and simultaneously obtains the IP address. Performs a consistency check and writes the legal IP and MAC address information to the ARP entry.
  • step S1005 the host sends a DHCP REQUEST renewal packet to the DHCP server, and the DHCP REQUEST packet is extracted or intercepted on the Layer 3 gateway device to extract the MAC address, and the entry is found to be found in step S1001, and the access information consistency check is performed.
  • Step S1006 After receiving the DHCP REQUEST renewal packet, the DHCP server returns a DHCP ACK packet to the host, and listens to or intercepts the DHCP ACK packet on the Layer 3 gateway device to extract the MAC information, and performs matching to find the entry generated in step S1002. At the same time, the IP is checked for consistency, and the aging time of the ARP entry is updated.
  • Step S1007 The host sends a DHCP RELEASE packet to the DHCP server, and the DHCP RELEASE packet is intercepted or intercepted on the Layer 3 gateway device to extract the MAC address, and the entry generated in step S1001 is found, and the access information consistency check is performed, and the corresponding information is deleted. ARP entry.
  • FIG. 11 is a flowchart of an ARP learning method according to an alternative embodiment of the present invention. As shown in FIG. 11, the process includes steps S1101-S1104:
  • Step S1101 The Layer 3 gateway device receives the ARP learning packet of the user terminal.
  • Step S1102 according to the IP and MAC and the ARP entry added in the ARP table. Correct.
  • step S1103 if it is legal, the ARP response is returned.
  • step S1104 if it is illegal, no response is received.
  • FIG. 12 is a flowchart of an ARP entry aging method according to an alternative embodiment of the present invention. As shown in FIG. 12, the process includes steps S1201-S1204:
  • step S1201 the ARP entry added in the ARP table is aged according to the DHCP lease, and the aging time is up.
  • step S1202 the Layer 3 gateway device triggers ARP learning to check whether the host is still online.
  • step S1203 if the host is still online, the ARP entry is converted into a normal dynamic ARP entry.
  • step S1204 if the host is not online, the ARP entry is deleted.
  • the ARP entry generation mode is added by using the foregoing embodiment and the optional embodiment of the present invention.
  • the ARP is extracted by intercepting and intercepting DHCP packets on the Layer 3 gateway device.
  • the Layer 3 device adds the ARP entry to the ARP table.
  • the ARP entry is aged according to the address assigned by the DHCP.
  • the priority of the ARP entry is greater than that of the dynamic ARP entry and cannot be overwritten by the dynamic ARP entry. This ensures the validity of the ARP entry, improves the security, and reduces the burden on the device for dynamic host ARP learning.
  • each of the above-described modules or steps of the present invention can be implemented by a general-purpose computing device, which can be centralized on a single computing device or distributed over a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • embodiments of the invention are not limited to any specific combination of hardware and software.
  • the solution of the embodiment of the present invention is to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address requested by the client, where the DHCP REQUEST packet is sent by the client to the DHCP server. Determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; if it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written as the ARP entry.
  • the method of entering ARP entries solves the problem of low reliability of ARP entries in related technologies and improves the reliability of ARP entries.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are an address resolution protocol (ARP) entry generation method and device. The method comprises: acquiring a dynamic host configuration protocol request (DHCP REQUEST) message, and parsing a media access control (MAC) address of a client and an Internet protocol (IP) address requested by the client for allocation which are carried in the DHCP REQUEST message, wherein the DHCP REQUEST message is sent by the client to a dynamic host configuration protocol (DHCP) server; judging whether to receive a first dynamic host configuration protocol acknowledgement (DHCP ACK) message of the DHCP server responsive to the DHCP REQUEST message; and when it is determined that the first DHCP ACK message is received, writing the MAC address and the IP address requested by the client for allocation into an ARP table entry as ARP entries.

Description

一种ARP条目生成方法和装置Method and device for generating ARP entry 技术领域Technical field

本申请涉及但不限于通信领域,尤其涉及一种地址解析协议ARP条目生成方法和装置。The present application relates to, but is not limited to, the field of communications, and in particular, to an address resolution protocol ARP entry generation method and apparatus.

背景技术Background technique

动态主机配置协议(Dynamic Host Configuration Protocol,简称为DHCP)是在引导程序协议(Bootstrap Protocol,简称为BOOTP)基础上进行了优化和扩展而产生的一种网络配置协议。随着网络发展和规模的扩大,网络复杂度越来越高,进行网络配置也越来越复杂,网络设备一般采用DHCP协议来进行主机地址的分配。The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol that is optimized and extended based on the Bootstrap Protocol (BOOTP). With the development of the network and the expansion of the network, the network complexity is getting higher and higher, and the network configuration is more and more complicated. The network device generally uses the DHCP protocol to allocate the host address.

DHCP监听(DHCP Snooping)技术是DHCP安全特性,通过建立和维护DHCP Snooping绑定表过滤不可信任的DHCP信息,这些信息是指来自不信任区域的DHCP信息。DHCP Snooping绑定表包含不信任区域的用户媒体接入控制(Media Access Control,简称为MAC)地址、因特网协议(Internet Protocol,简称为IP)地址、租用期、虚拟局域网身份标识(Virtual Local Area Network-Identity,简称为VLAN-ID)接口等信息。DHCP snooping (DHCP snooping) is a DHCP security feature that filters untrusted DHCP information by establishing and maintaining a DHCP snooping binding table. This information refers to DHCP information from untrusted areas. The DHCP snooping binding table contains the Media Access Control (MAC) address, the Internet Protocol (IP) address, the lease period, and the virtual local area network identity (Virtual Local Area Network). -Identity, abbreviated as VLAN-ID) interface and other information.

地址解析协议(Address Resolution Protocol,简称为ARP)是根据IP地址获取物理地址的一个传输控制协议/互联网协议(Transmission Control Protocol/Internet Protocol,简称为TCP/IP)。主机发送信息时将包含目标IP地址的ARP请求广播到网络上的所有主机,并接收返回消息,以此确定目标的物理地址;收到返回消息后将该IP地址和物理地址存入本机ARP缓存中并保留一定时间,下次请求时直接查询ARP缓存以节约资源。The Address Resolution Protocol (ARP) is a Transmission Control Protocol/Internet Protocol (TCP/IP) that acquires a physical address based on an IP address. When the host sends the information, it broadcasts the ARP request containing the target IP address to all hosts on the network, and receives the return message to determine the physical address of the target. After receiving the return message, the IP address and physical address are stored in the local ARP. The cache keeps a certain amount of time, and the next time the request is made, the ARP cache is directly queried to save resources.

本申请的发明人在研究过程中发现,地址解析协议是建立在网络中每个主机互相信任的基础上的,网络上的主机可以自主发送ARP应答消息,其他主机收到应答报文时不会检测该报文的真实性就会将其记入本机ARP缓存;由此攻击者就可以向某一主机发送伪ARP应答报文,使其发送的信息无法到达预期的主机或到达错误的主机,这就构成了一个ARP欺骗。对于三层网关同样存在ARP表项,在主机获取IP地址之后通过ARP协议学习到主机ARP 条目,由于动态学习到的ARP条目缺少优先级控制,所以在网络中可能出现仿冒主机发送同样IP的ARP请求造成三层网关设备上的ARP条目被覆盖,导致ARP表信息错误或者ARP条目相互覆盖,造成主机上网异常,通话质量下降等多种服务质量的缺陷和安全隐患。The inventor of the present application found in the research process that the address resolution protocol is based on mutual trust of each host in the network, and the host on the network can independently send an ARP reply message, and other hosts will not receive the response message. Detecting the authenticity of the message will record it in the local ARP cache; thus the attacker can send a pseudo ARP reply message to a host, so that the information sent cannot reach the expected host or reach the wrong host. This constitutes an ARP spoof. A Layer 3 gateway also has ARP entries. After the host obtains an IP address, the host learns ARP through ARP. In the case of the ARP entry, the ARP entry in the network may be overwritten by the ARP entry. The ARP entry on the Layer 3 gateway device may be overwritten. , resulting in a host of abnormal Internet access, reduced call quality and other quality of service defects and security risks.

针对相关技术中ARP条目可靠性低的问题,目前尚未提出有效的解决方案。In view of the low reliability of ARP entries in the related art, no effective solution has been proposed yet.

发明内容Summary of the invention

以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.

本发明实施例提供了一种ARP条目生成方法和装置,解决了相关技术中ARP条目可靠性低的问题。The embodiment of the invention provides a method and a device for generating an ARP entry, which solves the problem that the reliability of the ARP entry in the related art is low.

根据本发明的一个方面,提供了一种ARP条目生成方法,包括:获取动态主机配置协议请求DHCP REQUEST报文,并解析所述DHCP REQUEST报文中携带的客户端的MAC地址和所述客户端请求分配的IP地址,其中,所述DHCP REQUEST报文是所述客户端向DHCP服务器发送的;判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST报文的第一DHCP ACK报文;在判定接收到所述第一DHCP ACK报文的情况下,将所述MAC地址与所述客户端请求分配的IP地址作为ARP条目写入ARP表项。According to an aspect of the present invention, a method for generating an ARP entry is provided, including: obtaining a dynamic host configuration protocol requesting a DHCP REQUEST message, and parsing a MAC address of the client carried in the DHCP REQUEST message and the client request The assigned IP address, wherein the DHCP REQUEST message is sent by the client to the DHCP server; determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; When the first DHCP ACK packet is received, the MAC address and the IP address assigned by the client request are written into the ARP entry as an ARP entry.

可选地,所述方法还包括:在获取所述DHCP REQUEST报文之前,获取广播形式的动态主机配置协议请求DHCP DISCOVER报文,并解析所述DHCP DISCOVER报文中携带的所述MAC地址,其中,所述DHCP DISCOVER报文是所述客户端向所述DHCP服务器发送的;获取携带有所述MAC地址的一个或者多个动态主机配置协议IP地址供应DHCP OFFER报文,并解析所述一个或者多个DHCP OFFER报文中携带的一个或者多个IP地址,其中,所述一个或者多个DHCP OFFER报文是所述DHCP服务器向所述客户端发送的。Optionally, the method further includes: obtaining a dynamic host configuration protocol requesting a DHCP DISCOVER message in a broadcast form, and parsing the MAC address carried in the DHCP DISCOVER message, before acquiring the DHCP REQUEST message, The DHCP DISCOVER packet is sent by the client to the DHCP server, and one or more dynamic host configuration protocol IP addresses carrying the MAC address are used to supply a DHCP OFFER packet, and the one is parsed. Or one or more IP addresses carried in the multiple DHCP OFFER messages, where the one or more DHCP OFFER messages are sent by the DHCP server to the client.

可选地,所述方法还包括:在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,按照DHCP地址租约 老化时间,对所述ARP条目进行老化。Optionally, the method further includes: following the DHCP address lease after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry. Aging time, aging the ARP entry.

可选地,所述方法还包括:在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携带有所述MAC地址的DHCP REQUEST续租报文,其中,所述DHCP REQUEST续租报文是所述客户端向所述DHCP服务器发送的;判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST续租报文的第二DHCP ACK报文;在判定接收到所述第二DHCP ACK报文的情况下,更新所述ARP条目的老化时间。Optionally, the method further includes: after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry, obtaining a DHCP REQUEST carrying the MAC address. a renewal lease message, wherein the DHCP REQUEST renewal message is sent by the client to the DHCP server; and determining whether the DHCP server receives a second DHCP response to the DHCP REQUEST renewal message The ACK packet is updated, and the aging time of the ARP entry is updated when it is determined that the second DHCP ACK packet is received.

可选地,所述方法还包括:在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携带有所述MAC地址的动态主机配置协议释放DHCP RELEASE报文;删除所述ARP条目。Optionally, the method further includes: after the MAC address and the IP address assigned by the client request are used as the ARP entry, the dynamic host that carries the MAC address is obtained. The configuration protocol releases the DHCP RELEASE message; the ARP entry is deleted.

可选地,所述ARP条目的优先级高于根据地址解析协议生成的动态ARP条目。Optionally, the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.

可选地,所述方法还包括:在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,接收所述客户端发送的ARP学习报文;判断所述ARP学习报文中携带的源MAC地址和源IP地址是否与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致;在判定所述ARP学习报文中携带的源MAC地址和源IP地址与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致的情况下,发送ARP响应报文至所述客户端。Optionally, the method further includes: receiving an ARP learning report sent by the client after the MAC address and the IP address assigned by the client request are used as the ARP entry to be written into the ARP entry. Determining whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request; determining the ARP learning The source MAC address and the source IP address carried in the packet are the same as the MAC address recorded in the ARP entry and the IP address allocated by the client, and the ARP response packet is sent to the client.

可选地,所述方法还包括:在按照所述DHCP地址租约老化时间,对所述ARP条目进行老化之后,判断所述ARP条目是否已老化;在判定所述ARP条目已老化的情况下,检查所述客户端是否在线;在检查到所述客户端在线的情况下,将所述ARP条目转换为动态ARP条目;在检查到所述客户端不在线的情况下,删除所述ARP条目。Optionally, the method further includes: after aging the ARP entry according to the aging time of the DHCP address lease, determining whether the ARP entry has aged; and determining that the ARP entry is aged, Checking whether the client is online; in the case that the client is checked to be online, the ARP entry is converted into a dynamic ARP entry; and when it is checked that the client is not online, the ARP entry is deleted.

一种ARP条目生成装置,包括:第一处理模块、第一判断模块和写入模块。An ARP entry generating apparatus includes: a first processing module, a first determining module, and a writing module.

第一处理模块,设置为获取DHCP REQUEST报文,并解析所述DHCP REQUEST报文中携带的客户端的MAC地址和所述客户端请求分配的IP地 址,其中,所述DHCP REQUEST报文是所述客户端向DHCP服务器发送的。The first processing module is configured to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address allocated by the client request Address, wherein the DHCP REQUEST message is sent by the client to a DHCP server.

第一判断模块,设置为判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST报文的第一DHCP ACK报文。The first determining module is configured to determine whether the first DHCP ACK message of the DHCP server in response to the DHCP REQUEST message is received.

写入模块,设置为在所述第一判断模块判定接收到所述第一DHCP ACK报文的情况下,将所述MAC地址与所述客户端请求分配的IP地址作为ARP条目写入ARP表项。Writing to the module, configured to: when the first determining module determines that the first DHCP ACK message is received, writing the MAC address and the IP address allocated by the client request to the ARP table as an ARP entry item.

可选地,所述第一处理模块还设置为:Optionally, the first processing module is further configured to:

在获取所述DHCP REQUEST报文之前,获取广播形式的动态主机配置协议请求DHCP DISCOVER报文,并解析所述DHCP DISCOVER报文中携带的所述MAC地址,其中,所述DHCP DISCOVER报文是所述客户端向所述DHCP服务器发送的。Before obtaining the DHCP REQUEST packet, the dynamic host configuration protocol in the broadcast form requests the DHCP DISCOVER packet, and parses the MAC address carried in the DHCP DISCOVER packet, where the DHCP DISCOVER packet is The client sends the message to the DHCP server.

获取携带有所述MAC地址的一个或者多个动态主机配置协议IP地址供应DHCP OFFER报文,并解析所述一个或者多个DHCP OFFER报文中携带的一个或者多个IP地址,其中,所述一个或者多个DHCP OFFER报文是所述DHCP服务器向所述客户端发送的。Acquiring one or more dynamic host configuration protocol IP addresses carrying the MAC address to provide a DHCP OFFER message, and parsing one or more IP addresses carried in the one or more DHCP OFFER messages, where One or more DHCP OFFER messages are sent by the DHCP server to the client.

可选地,所述装置还包括:老化模块。Optionally, the device further includes: an aging module.

老化模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,按照DHCP地址租约老化时间,对所述ARP条目进行老化。An aging module, configured to: after the write module writes the MAC address and the IP address assigned by the client request to the ARP entry as the ARP entry, according to a DHCP address lease aging time, ARP entries are aged.

可选地,所述装置还包括:第一获取模块、第二判断模块和更新模块。Optionally, the device further includes: a first obtaining module, a second determining module, and an updating module.

第一获取模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携带有所述MAC地址的DHCP REQUEST续租报文,其中,所述DHCP REQUEST续租报文是所述客户端向所述DHCP服务器发送的。a first obtaining module, configured to acquire, after the writing module writes the MAC address and the IP address that is requested by the client as the ARP entry into the ARP entry, acquiring the MAC address A DHCP REQUEST renewal message, wherein the DHCP REQUEST renewal message is sent by the client to the DHCP server.

第二判断模块,设置为判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST续租报文的第二DHCP ACK报文。The second determining module is configured to determine whether the second DHCP ACK message of the DHCP server in response to the DHCP REQUEST renewal message is received.

更新模块,设置为在判定接收到所述第二DHCP ACK报文的情况下,更新所述ARP条目的老化时间。 And an update module, configured to update an aging time of the ARP entry if it is determined that the second DHCP ACK message is received.

可选地,所述装置还包括:第二获取模块。Optionally, the device further includes: a second acquiring module.

第二获取模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携带有所述MAC地址的DHCP RELEASE报文。a second obtaining module, configured to acquire, after the writing module writes the MAC address and the IP address that is requested by the client to the ARP entry as the ARP entry, to obtain the MAC address DHCP RELEASE message.

删除模块,设置为删除所述ARP条目。Delete the module and set to delete the ARP entry.

可选地,所述ARP条目的优先级高于根据地址解析协议生成的动态ARP条目。Optionally, the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.

可选地,所述装置还包括:接收模块、第三判断模块和发送模块。Optionally, the device further includes: a receiving module, a third determining module, and a sending module.

接收模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,接收所述客户端发送的ARP学习报文。The receiving module is configured to receive the ARP learning report sent by the client after the writing module writes the MAC address and the IP address that the client requests to be the ARP entry to the ARP entry. Text.

第三判断模块,设置为判断所述ARP学习报文中携带的源MAC地址和源IP地址是否与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致。The third determining module is configured to determine whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request.

发送模块,设置为在所述第三判断模块判定所述ARP学习报文中携带的源MAC地址和源IP地址与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致的情况下,发送ARP响应报文至所述客户端。a sending module, configured to determine, by the third determining module, a source MAC address and a source IP address carried in the ARP learning packet, and the MAC address recorded in the ARP entry and the IP address allocated by the client request If the addresses are the same, an ARP response packet is sent to the client.

可选地,所述装置还包括:第四判断模块。Optionally, the device further includes: a fourth determining module.

第四判断模块,设置为在所述老化模块按照所述DHCP地址租约老化时间,对所述ARP条目进行老化之后,判断所述ARP条目是否已老化。The fourth judging module is configured to determine whether the ARP entry has aged after the aging module ages the ARP entry according to the aging time of the DHCP address lease.

检查模块,设置为在所述第四判断模块判定所述ARP条目已老化的情况下,检查所述客户端是否在线。The checking module is configured to check whether the client is online if the fourth determining module determines that the ARP entry has aged.

第二处理模块,设置为在所述检查模块检查到所述客户端在线的情况下,将所述ARP条目转换为动态ARP条目;在所述检查模块检查到所述客户端不在线的情况下,删除所述ARP条目。a second processing module, configured to: when the check module checks that the client is online, convert the ARP entry into a dynamic ARP entry; if the check module detects that the client is offline , delete the ARP entry.

一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现所述的地址解析协议ARP条目生成方法。 A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the address resolution protocol ARP entry generation method.

通过本发明实施例方案,采用获取DHCP REQUEST报文,并解析DHCP REQUEST报文中携带的客户端的MAC地址和客户端请求分配的IP地址,其中,DHCP REQUEST报文是客户端向DHCP服务器发送的;判断是否接收到DHCP服务器响应于DHCP REQUEST报文的第一DHCP ACK报文;在判定接收到第一DHCP ACK报文的情况下,将MAC地址与客户端请求分配的IP地址作为ARP条目写入ARP表项的方式,解决了相关技术中ARP条目可靠性低的问题,提高了ARP条目的可靠性。The solution of the embodiment of the present invention is to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address requested by the client, where the DHCP REQUEST packet is sent by the client to the DHCP server. Determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; if it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written as the ARP entry. The method of entering ARP entries solves the problem of low reliability of ARP entries in related technologies and improves the reliability of ARP entries.

附图概述BRIEF abstract

图1是根据本发明实施例的ARP条目生成方法的流程图;1 is a flowchart of a method for generating an ARP entry according to an embodiment of the present invention;

图2是根据本发明实施例的ARP条目生成装置的结构框图;2 is a structural block diagram of an ARP entry generating apparatus according to an embodiment of the present invention;

图3是根据本发明实施例的ARP条目生成装置的优选结构框图一;3 is a block diagram 1 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention;

图4是根据本发明实施例的ARP条目生成装置的优选结构框图二;4 is a block diagram 2 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention;

图5是根据本发明实施例的ARP条目生成装置的优选结构框图三;FIG. 5 is a block diagram 3 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention; FIG.

图6是根据本发明实施例的ARP条目生成装置的优选结构框图四;6 is a block diagram 4 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention;

图7是根据本发明实施例的ARP条目生成装置的优选结构框图五;7 is a block diagram 5 of a preferred structure of an ARP entry generating apparatus according to an embodiment of the present invention;

图8是根据本发明可选实施例的组网结构框图一;FIG. 8 is a block diagram 1 of a networking structure according to an alternative embodiment of the present invention; FIG.

图9是根据本发明可选实施例的组网结构框图二;9 is a block diagram 2 of a networking structure according to an alternative embodiment of the present invention;

图10是根据本发明可选实施例的ARP条目生成方法的时序流程图;10 is a timing diagram of a method for generating an ARP entry in accordance with an alternative embodiment of the present invention;

图11是根据本发明可选实施例的ARP学习方法的流程图;11 is a flowchart of an ARP learning method according to an alternative embodiment of the present invention;

图12是根据本发明可选实施例的ARP条目老化方法的流程图。12 is a flow chart of an ARP entry aging method in accordance with an alternate embodiment of the present invention.

本发明的实施方式Embodiments of the invention

下文中将结合附图对本发明的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.

需要说明的是,本发明实施例的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。 It should be noted that the terms "first", "second" and the like in the specification and claims of the embodiments of the present invention and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. order.

在本实施例中提供了一种ARP条目生成方法,图1是根据本发明实施例的ARP条目生成方法的流程图,如图1所示,该流程包括步骤S101-S103:In this embodiment, a method for generating an ARP entry is provided. FIG. 1 is a flowchart of a method for generating an ARP entry according to an embodiment of the present invention. As shown in FIG. 1, the process includes steps S101-S103:

步骤S101,获取DHCP REQUEST报文,并解析DHCP REQUEST报文中携带的客户端的MAC地址和客户端请求分配的IP地址,其中,DHCP REQUEST报文是客户端向DHCP服务器发送的。Step S101: Acquire a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address that the client requests to allocate, where the DHCP REQUEST packet is sent by the client to the DHCP server.

步骤S102,判断是否接收到DHCP服务器响应于DHCP REQUEST报文的第一DHCP ACK报文。Step S102: Determine whether the first DHCP ACK message of the DHCP server in response to the DHCP REQUEST message is received.

步骤S103,在判定接收到第一DHCP ACK报文的情况下,将MAC地址与客户端请求分配的IP地址作为ARP条目写入ARP表项。Step S103: In the case that it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written into the ARP entry as an ARP entry.

通过上述步骤,在接收到第一DHCP ACK报文的情况下,将DHCP REQUEST报文中携带的客户端MAC地址和已经确认分配给客户端的IP地址作为ARP条目写入ARP表项,通过这种方式生成的ARP条目,只有在客户端向DHCP服务器请求IP地址分配时才会对ARP条目进行更新,因此不存在地址解析协议中学习ARP所导致的ARP条目可靠性低的问题。可见,采用上述步骤,解决了相关技术中ARP条目可靠性低的问题,提高了ARP条目的可靠性。After the first DHCP ACK message is received, the client MAC address carried in the DHCP REQUEST packet and the IP address that has been confirmed to be assigned to the client are written into the ARP entry as the ARP entry. The ARP entry generated by the method only updates the ARP entry when the client requests the IP address allocation from the DHCP server. Therefore, there is no problem that the reliability of the ARP entry caused by learning ARP in the address resolution protocol is low. It can be seen that the above steps solve the problem that the reliability of the ARP entry in the related art is low, and the reliability of the ARP entry is improved.

可选地,ARP条目中还包括:虚拟局域网VLAN和接口信息等,VLAN和接口信息是客户端发送DHCP报文时所用的VLAN和接口的信息。Optionally, the ARP entry includes the VLAN and the interface information of the virtual local area network. The VLAN and the interface information are information about the VLAN and interface used by the client to send DHCP packets.

可选地,上述方法可以应用于三层网关设备,其中,上述三层网关可以是DHCP中继,也可以是DHCP服务器。Optionally, the foregoing method may be applied to a Layer 3 gateway device, where the Layer 3 gateway may be a DHCP relay or a DHCP server.

可选地,在上述步骤S101之前,可以获取DHCP DISCOVER报文中携带的客户端的MAC地址,由于接收到DHCP DISCOVER报文的DHCP服务器都会向客户端发送DHCP OFFER报文,因此可以获取携带有客户端MAC地址的一个或者多个DHCP OFFER报文方法,并解析出一个或者多个DHCP OFFER报文中携带的一个或者多个IP地址。Optionally, before the step S101, the MAC address of the client carried in the DHCP DISCOVER packet can be obtained. The DHCP server that receives the DHCP DISCOVER packet sends a DHCP OFFER packet to the client, so that the client can be obtained. One or more DHCP OFFER packet methods of the MAC address, and parsing one or more IP addresses carried in one or more DHCP OFFER packets.

可选地,为了保证三层网关设备接收到的携带有相同的MAC地址的DHCP请求报文都来自相同的接口或者VLAN,在截获DHCP请求报文之后可以进行接入信息一致性检查;对于截获到的携带有相同MAC地址的DHCP  DISCOVER报文和DHCP REQUEST报文,如果接入信息不一致,则不根据截获到的这两个DHCP DISCOVER报文和DHCP REQUEST报文生成ARP条目。Optionally, in order to ensure that the DHCP request messages that are received by the Layer 3 gateway device that carry the same MAC address are from the same interface or the VLAN, the access information consistency check may be performed after intercepting the DHCP request message; Reaching DHCP with the same MAC address If the access information is inconsistent, the ARP entry is not generated based on the intercepted two DHCP DISCOVER messages and the DHCP REQUEST message.

可选地,DHCP地址租约和ARP条目都会有老化时间的控制,为了使DHCP地址租约和ARP条目的老化过程统一,避免冲突,在上述步骤S103之后,可以按照DHCP地址租约老化时间,对ARP条目进行老化。Optionally, the DHCP address lease and the ARP entry are controlled by the aging time. To make the DHCP address lease and the ARP entry aging process uniform and avoid conflicts, the ARP entry can be obtained according to the DHCP address lease aging time after the step S103. Perform aging.

可选地,由于ARP条目可以按照DHCP地址租约老化时间进行老化,客户端可以向DHCP服务器发送DHCP REQUEST续租请求,因此,可以在接收到DHCP服务器响应于DHCP REQUEST续租报文的第二DHCP ACK报文的情况下,根据客户端的续租请求,更新ARP条目的老化时间,例如,在上述步骤S103之后,还可以获取携带有MAC地址的DHCP REQUEST续租报文,其中,DHCP REQUEST续租报文是客户端向DHCP服务器发送的;判断是否接收到DHCP服务器响应于DHCP REQUEST续租报文的第二DHCP ACK报文;在判定接收到第二DHCP ACK报文的情况下,更新ARP条目的老化时间。Optionally, since the ARP entry can be aged according to the aging time of the DHCP address lease, the client can send a DHCP REQUEST renewal request to the DHCP server. Therefore, the second DHCP can be received by the DHCP server in response to the DHCP REQUEST renewal message. In the case of the ACK packet, the aging time of the ARP entry is updated according to the client's renewal request. For example, after the step S103, the DHCP REQUEST renewal message carrying the MAC address may be acquired, where the DHCP REQUEST renews the lease. The message is sent by the client to the DHCP server; it is determined whether the second DHCP ACK message of the DHCP server responding to the DHCP REQUEST renewal message is received; and the ARP entry is updated when it is determined that the second DHCP ACK message is received. Aging time.

可选地,在客户端向在DHCP服务器发送DHCP RELEASE报文的情况下,DHCP服务器可以释放分配给客户端的IP地址,因此,可以将客户端的MAC地址对应的ARP条目删除,例如,在上述步骤S103之后,还可以获取携带有MAC地址的DHCP RELEASE报文;删除ARP条目。Optionally, in the case that the client sends a DHCP RELEASE message to the DHCP server, the DHCP server may release the IP address assigned to the client. Therefore, the ARP entry corresponding to the MAC address of the client may be deleted, for example, in the foregoing steps. After S103, the DHCP RELEASE packet carrying the MAC address may also be obtained; and the ARP entry is deleted.

可选地,ARP条目的优先级高于根据地址解析协议生成的动态ARP条目,其中,ARP条目的优先级高于根据地址解析协议生成的动态ARP条目可以表示为ARP条目无法被根据地址解析协议生成的动态ARP条目覆盖。Optionally, the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol, wherein the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol, and the ARP entry cannot be represented as an ARP entry according to the address resolution protocol. The generated dynamic ARP entry is overwritten.

可选地,在上述步骤S103之后,可以接收客户端发送的ARP学习报文,并根据客户端的MAC地址和IP地址确认客户端的合法性,在客户端合法的情况下,向客户端发送ARP响应报文,在客户端不合法的情况下,不予应答,例如,可以接收客户端发送的ARP学习报文;判断ARP学习报文中携带的源MAC地址和源IP地址是否与ARP条目中记录的MAC地址和客户端请求分配的IP地址一致;在判定ARP学习报文中携带的源MAC地址和源IP地址与ARP条目中记录的MAC地址和客户端请求分配的IP地址一致的情况 下,发送ARP响应报文至客户端。Optionally, after the step S103, the ARP learning packet sent by the client may be received, and the validity of the client is confirmed according to the MAC address and the IP address of the client, and the ARP response is sent to the client when the client is legal. The packet is not acknowledged if the client is not legal. For example, the ARP learning packet sent by the client can be received. The source MAC address and the source IP address carried in the ARP learning packet are recorded in the ARP entry. The MAC address is the same as the IP address assigned by the client request. The source MAC address and source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address assigned by the client request. Send an ARP response packet to the client.

可选地,由于ARP条目可以按照DHCP地址租约老化时间进行老化,可以对ARP条目是否老化进行判断,在判断到ARP条目已老化的情况下,可以根据客户端是否在线对老化的ARP条目进行处理,例如,在按照DHCP地址租约老化时间,对ARP条目进行老化之后,可以通过判断ARP条目是否已老化;在判断到ARP条目已老化的情况下,检查客户端是否在线;在检查到客户端在线的情况下,将ARP条目转换为动态ARP条目;在检查到客户端不在线的情况下,删除ARP条目。Optionally, the ARP entry may be aged according to the aging time of the DHCP address lease, and the ARP entry may be aged. If the ARP entry is aged, the aging ARP entry may be processed according to whether the client is online. For example, after aging the ARP entry according to the aging time of the DHCP address lease, you can determine whether the ARP entry is aged. If the ARP entry is aged, check whether the client is online. Check the client online. In the case of ARP entries, the ARP entries are converted to dynamic ARP entries; in the case where the client is not online, the ARP entries are deleted.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明实施例的技术方案本质上或者说对相关技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, disk). The optical disc includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in various embodiments of the present invention.

在本实施例中还提供了一种ARP条目生成装置,该装置设置为实现上述实施例及可选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。An ARP entry generating device is also provided in this embodiment, and the device is configured to implement the foregoing embodiments and optional embodiments, and details are not described herein. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.

图2是根据本发明实施例的ARP条目生成装置的结构框图,如图2所示,该装置包括:第一处理模块21、第一判断模块22和写入模块23,其中,第一处理模块21,设置为获取DHCP REQUEST报文,并解析DHCP REQUEST报文中携带的客户端的MAC地址和客户端请求分配的IP地址,其中,DHCP REQUEST报文是客户端向DHCP服务器发送的;第一判断模块22,耦合至第一处理模块21,设置为判断是否接收到DHCP服务器响应于DHCP REQUEST报文的第一DHCP ACK报文;写入模块23,耦合至第一判断模块22,设置为在判断到接收到第一DHCP ACK报文的情况下,将MAC地址与 客户端请求分配的IP地址作为ARP条目写入ARP表项。2 is a structural block diagram of an ARP entry generating apparatus according to an embodiment of the present invention. As shown in FIG. 2, the apparatus includes: a first processing module 21, a first judging module 22, and a writing module 23, wherein the first processing module 21: Set to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address assigned by the client request, where the DHCP REQUEST packet is sent by the client to the DHCP server; The module 22 is coupled to the first processing module 21 and configured to determine whether the first DHCP ACK message of the DHCP server is received in response to the DHCP REQUEST message. The writing module 23 is coupled to the first determining module 22 and configured to determine When the first DHCP ACK message is received, the MAC address is The IP address that the client requests to be assigned is the ARP entry to be written to the ARP entry.

可选地,该装置还可以包括:第三处理模块,设置为获取DHCP DISCOVER报文,并解析DHCP DISCOVER报文中携带的MAC地址,其中,DHCP DISCOVER报文是客户端向DHCP服务器发送的;第四处理模块,耦合至第三处理模块和第一处理模块21之间,设置为获取携带有MAC地址的一个或者多个DHCP OFFER报文,并解析一个或者多个DHCP OFFER报文中携带的一个或者多个IP地址,其中,一个或者多个DHCP OFFER报文是DHCP服务器向客户端发送的。Optionally, the device may further include: a third processing module, configured to obtain a DHCP DISCOVER message, and parse the MAC address carried in the DHCP DISCOVER message, where the DHCP DISCOVER message is sent by the client to the DHCP server; The fourth processing module is coupled to the third processing module and the first processing module 21, configured to acquire one or more DHCP OFFER messages carrying the MAC address, and parse the one or more DHCP OFFER messages. One or more IP addresses, where one or more DHCP OFFER messages are sent by the DHCP server to the client.

图3是根据本发明实施例的ARP条目生成装置的可选结构框图一,如图3所示,优选地,该装置还包括:老化模块31,耦合至写入模块23,设置为按照DHCP地址租约老化时间,对ARP条目进行老化。FIG. 3 is a block diagram of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention. As shown in FIG. 3, preferably, the apparatus further includes: an aging module 31 coupled to the writing module 23, configured to follow a DHCP address. Aging entries are aged and the ARP entries are aged.

图4是根据本发明实施例的ARP条目生成装置的可选结构框图二,如图4所示,可选地,该装置还包括:第一获取模块41、第二判断模块42和更新模块43,其中,第一获取模块41,耦合至老化模块31,设置为获取携带有MAC地址的DHCP REQUEST续租报文,其中,DHCP REQUEST续租报文是客户端向DHCP服务器发送的;第二判断模块42,耦合至第一获取模块41,设置为判断是否接收到DHCP服务器响应于DHCP REQUEST续租报文的第二DHCP ACK报文;更新模块43,耦合至第二判断模块42,设置为在判断到接收到第二DHCP ACK报文的情况下,更新ARP条目的老化时间。FIG. 4 is a block diagram 2 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention. As shown in FIG. 4, the apparatus further includes: a first obtaining module 41, a second determining module 42, and an updating module 43. The first obtaining module 41 is coupled to the aging module 31 and configured to obtain a DHCP REQUEST renewal message carrying a MAC address, where the DHCP REQUEST renewal message is sent by the client to the DHCP server; The module 42 is coupled to the first obtaining module 41, and configured to determine whether the second DHCP ACK message of the DHCP server responding to the DHCP REQUEST renewal message is received. The updating module 43 is coupled to the second determining module 42 and configured to be When it is determined that the second DHCP ACK packet is received, the aging time of the ARP entry is updated.

图5是根据本发明实施例的ARP条目生成装置的可选结构框图三,如图5所示,优选地,该装置还包括:第二获取模块51和删除模块52,其中,第二获取模块51,耦合至写入模块23,设置为获取携带有MAC地址的DHCP RELEASE报文;删除模块52,耦合至第二获取模块51,设置为删除ARP条目。FIG. 5 is a block diagram 3 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention. As shown in FIG. 5, the apparatus further includes: a second obtaining module 51 and a deleting module 52, wherein the second acquiring module 51, coupled to the write module 23, configured to acquire a DHCP RELEASE message carrying a MAC address; the deletion module 52, coupled to the second acquisition module 51, configured to delete the ARP entry.

可选地,ARP条目的优先级高于根据地址解析协议生成的动态ARP条目。Optionally, the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.

图6是根据本发明实施例的ARP条目生成装置的可选结构框图四,如图6所示,可选地,该装置还包括:接收模块61、第三判断模块62和发送模块63,其中,接收模块61,耦合至写入模块23,设置为接收客户端发送的ARP 学习报文;第三判断模块62,耦合至接收模块61,设置为判断ARP学习报文中携带的源MAC地址和源IP地址是否与ARP条目中记录的MAC地址和客户端请求分配的IP地址一致;发送模块63,耦合至第三判断模块62,设置为在判断到ARP学习报文中携带的源MAC地址和源IP地址与ARP条目中记录的MAC地址和客户端请求分配的IP地址一致的情况下,发送ARP响应报文至客户端。FIG. 6 is a block diagram of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention. As shown in FIG. 6, the apparatus further includes: a receiving module 61, a third determining module 62, and a sending module 63, where The receiving module 61 is coupled to the writing module 23 and configured to receive the ARP sent by the client. The third message determining module 62 is coupled to the receiving module 61 and configured to determine whether the source MAC address and the source IP address carried in the ARP learning packet are the MAC address recorded in the ARP entry and the IP address assigned by the client request. The sending module 63 is coupled to the third determining module 62, and is configured to determine that the source MAC address and the source IP address carried in the ARP learning packet are the same as the MAC address recorded in the ARP entry and the IP address assigned by the client request. In case, an ARP response packet is sent to the client.

图7是根据本发明实施例的ARP条目生成装置的可选结构框图五,如图7所示,可选地,该装置还包括:第四判断模块71、检查模块72和第二处理模块73,其中,第四判断模块71,耦合至老化模块31,设置为判断ARP条目是否已老化;检查模块72,耦合至第四判断模块71,设置为在判断到ARP条目已老化的情况下,检查客户端是否在线;第二处理模块73,耦合至检查模块72,设置为在检查到客户端在线的情况下,将ARP条目转换为动态ARP条目;否则,删除ARP条目。FIG. 7 is a block diagram 5 of an optional structure of an ARP entry generating apparatus according to an embodiment of the present invention. As shown in FIG. 7, the apparatus further includes: a fourth determining module 71, an inspecting module 72, and a second processing module 73. The fourth determining module 71 is coupled to the aging module 31, configured to determine whether the ARP entry has aged; the checking module 72 is coupled to the fourth determining module 71, and configured to check if the ARP entry is aged. Whether the client is online; the second processing module 73, coupled to the checking module 72, is configured to convert the ARP entry to a dynamic ARP entry if the client is checked online; otherwise, delete the ARP entry.

需要说明的是,上述每个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述模块分别位于多个处理器中。It should be noted that each of the foregoing modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.

本发明实施例还提供了一种软件,该软件设置为执行上述实施例及优选实施方式中描述的技术方案。The embodiment of the invention further provides a software, which is arranged to perform the technical solutions described in the above embodiments and preferred embodiments.

可选地,存储介质还被设置为存储设置为执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code arranged to perform the following steps:

S100,获取DHCP REQUEST报文,并解析DHCP REQUEST报文中携带的客户端的MAC地址和客户端请求分配的IP地址,其中,DHCP REQUEST报文是客户端向DHCP服务器发送的。S100: Obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address allocated by the client request, where the DHCP REQUEST packet is sent by the client to the DHCP server.

S200,判断是否接收到DHCP服务器响应于DHCP REQUEST报文的第一DHCP ACK报文。S200. Determine whether the first DHCP ACK message of the DHCP server in response to the DHCP REQUEST message is received.

S300,在判断到接收到第一DHCP ACK报文的情况下,将MAC地址与客户端请求分配的IP地址作为ARP条目写入ARP表项。S300: When it is determined that the first DHCP ACK packet is received, the MAC address and the IP address that the client requests to be assigned are used as ARP entries to be written into the ARP entry.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:

S110,获取DHCP DISCOVER报文,并解析DHCP DISCOVER报文中 携带的MAC地址,其中,DHCP DISCOVER报文是客户端向DHCP服务器发送的。S110: Acquire a DHCP DISCOVER packet and parse the DHCP DISCOVER packet. The MAC address carried, where the DHCP DISCOVER packet is sent by the client to the DHCP server.

S120,获取携带有MAC地址的一个或者多个DHCP OFFER报文,并解析一个或者多个DHCP OFFER报文中携带的一个或者多个IP地址,其中,一个或者多个DHCP OFFER报文是DHCP服务器向客户端发送的。S120: Obtain one or more DHCP OFFER messages carrying a MAC address, and parse one or more IP addresses carried in one or more DHCP OFFER messages, where one or more DHCP OFFER messages are DHCP servers. Sent to the client.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:

S700,按照DHCP地址租约老化时间,对ARP条目进行老化。On the S700, the ARP entry is aged according to the aging time of the DHCP address lease.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:

S710,获取携带有MAC地址的DHCP REQUEST续租报文,其中,DHCP REQUEST续租报文是客户端向DHCP服务器发送的;S710: Obtain a DHCP REQUEST renewal message carrying a MAC address, where the DHCP REQUEST renewal message is sent by the client to the DHCP server.

S711,判断是否接收到DHCP服务器响应于DHCP REQUEST续租报文的第二DHCP ACK报文;S711, determining whether a second DHCP ACK message of the DHCP server responding to the DHCP REQUEST renewal message is received;

S712,在判断到接收到第二DHCP ACK报文的情况下,更新ARP条目的老化时间。S712. Update the aging time of the ARP entry when it is determined that the second DHCP ACK packet is received.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:

S801,获取携带有MAC地址的DHCP RELEASE报文。S801. Obtain a DHCP RELEASE packet carrying a MAC address.

S802,删除ARP条目。S802, deleting an ARP entry.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:

S610,ARP条目的优先级高于根据地址解析协议生成的动态ARP条目。S610, the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol.

可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:

S901,接收客户端发送的ARP学习报文。S901. Receive an ARP learning packet sent by the client.

S902,判断ARP学习报文中携带的源MAC地址和源IP地址是否与ARP条目中记录的MAC地址和客户端请求分配的IP地址一致。S902: Determine whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request.

S903,在判定ARP学习报文中携带的源MAC地址和源IP地址与ARP条目中记录的MAC地址和客户端请求分配的IP地址一致的情况下,发送ARP响应报文至客户端。S903. If it is determined that the source MAC address and the source IP address carried in the ARP learning packet are the same as the MAC address recorded in the ARP entry and the IP address that is requested by the client, the ARP response packet is sent to the client.

一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执 行指令被处理器执行时实现所述的地址解析协议ARP条目生成方法。A computer readable storage medium storing computer executable instructions, the computer being executable The address resolution protocol ARP entry generation method is implemented when the row instruction is executed by the processor.

本发明的实施例还提供了一种存储介质。在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. In this embodiment, the above storage medium may be configured to store program code for performing the following steps:

S741,判断ARP条目是否已老化。S741, determining whether the ARP entry has aged.

S742,在判断到ARP条目已老化的情况下,检查客户端是否在线。S742: If it is determined that the ARP entry has deteriorated, check whether the client is online.

S743,在检查到客户端在线的情况下,将ARP条目转换为动态ARP条目;否则,删除ARP条目。S743, converting the ARP entry into a dynamic ARP entry when checking that the client is online; otherwise, deleting the ARP entry.

可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in this embodiment, the foregoing storage medium may include, but is not limited to, a USB flash drive, a read-only memory (ROM), a random access memory (RAM), and a mobile device. A variety of media that can store program code, such as hard disks, disks, or optical disks.

为了使本发明实施例的描述更加清楚,下面结合优选实施例进行描述和说明。In order to make the description of the embodiments of the present invention more clear, the following description and description are given in conjunction with the preferred embodiments.

本发明可选实施例在三层网关设备上提供了一种ARP条目的生成方法,通过监听和截取DHCP报文,提取ARP条目所需IP、MAC等信息,在主机获取IP地址时,三层网关设备将ARP条目加入到ARP表中,该ARP条目按照DHCP分配的地址租约老化,可以进行ARP条目老化时间的更新,该ARP条目的优先级大于动态ARP条目优先级,无法被动态ARP条目覆盖,从而保证了ARP条目的合法性,提高了安全性,也减少了设备对于动态主机ARP学习的负担。An alternative embodiment of the present invention provides a method for generating an ARP entry on a Layer 3 gateway device. The device intercepts and intercepts DHCP packets, and extracts the IP and MAC information required for the ARP entry. When the host obtains an IP address, the Layer 3 The gateway device adds the ARP entry to the ARP entry. The ARP entry is aged according to the address assigned by the DHCP. The ARP entry aging time is updated. The priority of the ARP entry is greater than the dynamic ARP entry priority and cannot be overwritten by the dynamic ARP entry. Therefore, the legality of the ARP entry is ensured, the security is improved, and the burden of the device for dynamic host ARP learning is also reduced.

下面结合附图对本发明可选实施例进行说明。The optional embodiments of the present invention are described below with reference to the accompanying drawings.

图8是根据本发明可选实施例的组网结构框图一,如图8所示,三层网关可以是DHCP中继(DHCP Relay)。FIG. 8 is a block diagram of a networking structure according to an alternative embodiment of the present invention. As shown in FIG. 8, the Layer 3 gateway may be a DHCP relay.

图9是根据本发明可选实施例的组网结构框图二,如图9所示,三层网关也可以与DHCP服务器(DHCP Server)部署在同一台设备上。FIG. 9 is a block diagram 2 of a networking structure according to an alternative embodiment of the present invention. As shown in FIG. 9, a Layer 3 gateway may also be deployed on a same device as a DHCP server.

图10是根据本发明可选实施例的ARP条目生成方法的时序流程图,如图10所示,该流程包括步骤S1001-S1007:FIG. 10 is a timing diagram of a method for generating an ARP entry according to an alternative embodiment of the present invention. As shown in FIG. 10, the flow includes steps S1001-S1007:

步骤S1001,主机(相当于上述客户端)通过DHCP协议向DHCP服务 器发出DHCP DISCOVER报文,在三层网关设备上监听或截获DHCP DISCOVER报文提取主机的合法接入信息以及MAC信息。In step S1001, the host (equivalent to the above client) provides DHCP to the DHCP protocol. The device sends a DHCP DISCOVER packet, and listens to or intercepts the DHCP DISCOVER packet on the Layer 3 gateway device to extract the legal access information and MAC information of the host.

步骤S1002,DHCP服务器接收到DHCP DISCOVER报文进行协议处理向主机回复DHCP OFFER报文,在三层网关设备上监听或截获DHCP OFFER报文提取MAC信息进行匹配找到步骤S1002生成的表项,同时提取IP地址信息写入表项。Step S1002: The DHCP server receives the DHCP DISCOVER message for protocol processing, and returns a DHCP OFFER message to the host, and listens to or intercepts the DHCP OFFER message on the Layer 3 gateway device to extract the MAC information, performs matching, finds the entry generated in step S1002, and extracts the entry. The IP address information is written to the entry.

步骤S1003,主机接收到DHCP OFFER报文进行协议处理向DHCP服务器发送DHCP REQUEST报文,在三层网关设备上监听或截获DHCP REQUEST报文提取MAC信息进行匹配找到步骤S1002生成的表项,进行接入信息一致性检查。In step S1003, the host receives the DHCP OFFER packet for protocol processing, and sends a DHCP REQUEST packet to the DHCP server, and listens to or intercepts the DHCP REQUEST packet on the Layer 3 gateway device to extract the MAC information, and finds the entry generated in step S1002, and performs the connection. Into the information consistency check.

步骤S1004,DHCP服务器收到DHCP REQUEST后进行协议处理向主机返回DHCP ACK报文,在三层网关设备上监听或截获DHCP ACK报文提取MAC信息进行匹配找到步骤S1002生成的表项,同时对IP进行一致性校验,将合法的IP和MAC信息写入ARP表项。Step S1004: After receiving the DHCP REQUEST, the DHCP server performs protocol processing to return a DHCP ACK message to the host, and listens to or intercepts the DHCP ACK message on the Layer 3 gateway device to extract the MAC information, and matches the entry generated in step S1002, and simultaneously obtains the IP address. Performs a consistency check and writes the legal IP and MAC address information to the ARP entry.

步骤S1005,主机向DHCP服务器发送DHCP REQUEST续租报文,在三层网关设备上监听或截获DHCP REQUEST报文提取MAC信息进行匹配找到步骤S1001生成的表项,进行接入信息一致性检查。In step S1005, the host sends a DHCP REQUEST renewal packet to the DHCP server, and the DHCP REQUEST packet is extracted or intercepted on the Layer 3 gateway device to extract the MAC address, and the entry is found to be found in step S1001, and the access information consistency check is performed.

步骤S1006,DHCP服务器收到DHCP REQUEST续租报文后进行协议处理向主机返回DHCP ACK报文,在三层网关设备上监听或截获DHCP ACK报文提取MAC信息进行匹配找到步骤S1002生成的表项,同时对IP进行一致性校验,更新ARP条目老化时间。Step S1006: After receiving the DHCP REQUEST renewal packet, the DHCP server returns a DHCP ACK packet to the host, and listens to or intercepts the DHCP ACK packet on the Layer 3 gateway device to extract the MAC information, and performs matching to find the entry generated in step S1002. At the same time, the IP is checked for consistency, and the aging time of the ARP entry is updated.

步骤S1007,主机向DHCP服务器发送DHCP RELEASE报文,在三层网关设备上监听或截获DHCP RELEASE报文提取MAC信息进行匹配找到步骤S1001生成的表项,进行接入信息一致性检查,删除相应的ARP条目。Step S1007: The host sends a DHCP RELEASE packet to the DHCP server, and the DHCP RELEASE packet is intercepted or intercepted on the Layer 3 gateway device to extract the MAC address, and the entry generated in step S1001 is found, and the access information consistency check is performed, and the corresponding information is deleted. ARP entry.

图11是根据本发明可选实施例的ARP学习方法的流程图,如图11所示,该流程包括步骤S1101-S1104:FIG. 11 is a flowchart of an ARP learning method according to an alternative embodiment of the present invention. As shown in FIG. 11, the process includes steps S1101-S1104:

步骤S1101,三层网关设备收到用户终端的ARP学习报文。Step S1101: The Layer 3 gateway device receives the ARP learning packet of the user terminal.

步骤S1102,根据IP和MAC与ARP表中已经添加的ARP条目进行比 对。Step S1102, according to the IP and MAC and the ARP entry added in the ARP table. Correct.

步骤S1103,合法则回复ARP响应。In step S1103, if it is legal, the ARP response is returned.

步骤S1104,不合法则不予回应。In step S1104, if it is illegal, no response is received.

图12是根据本发明可选实施例的ARP条目老化方法的流程图,如图12所示,该流程包括步骤S1201-S1204:FIG. 12 is a flowchart of an ARP entry aging method according to an alternative embodiment of the present invention. As shown in FIG. 12, the process includes steps S1201-S1204:

步骤S1201,ARP表中添加的ARP条目按照DHCP租约老化,老化时间到。In step S1201, the ARP entry added in the ARP table is aged according to the DHCP lease, and the aging time is up.

步骤S1202,三层网关设备触发ARP学习,检查主机是否依然在线。In step S1202, the Layer 3 gateway device triggers ARP learning to check whether the host is still online.

步骤S1203,如果主机依然在线,则将ARP条目转成普通的动态ARP条目。In step S1203, if the host is still online, the ARP entry is converted into a normal dynamic ARP entry.

步骤S1204,如果主机不在线,则删除ARP条目。In step S1204, if the host is not online, the ARP entry is deleted.

综上所述,通过本发明的上述实施例和可选实施例,新增了一种ARP条目生成模式,与相关技术相比,通过在三层网关设备上监听和截取DHCP报文,提取ARP条目所需IP、MAC、VLAN、接口信息等,在主机获取IP地址时,三层设备将ARP条目加入到ARP表中,该ARP条目按照DHCP分配的地址租约老化,可以进行ARP条目老化时间的更新,该ARP条目的优先级大于动态ARP条目优先级,无法被动态ARP条目覆盖,从而保证了ARP条目的合法性,提高了安全性,也减少了设备对于动态主机ARP学习的负担。In summary, the ARP entry generation mode is added by using the foregoing embodiment and the optional embodiment of the present invention. Compared with the related technology, the ARP is extracted by intercepting and intercepting DHCP packets on the Layer 3 gateway device. The IP address, MAC address, VLAN, and interface information of the entry. When the host obtains the IP address, the Layer 3 device adds the ARP entry to the ARP table. The ARP entry is aged according to the address assigned by the DHCP. The priority of the ARP entry is greater than that of the dynamic ARP entry and cannot be overwritten by the dynamic ARP entry. This ensures the validity of the ARP entry, improves the security, and reduces the burden on the device for dynamic host ARP learning.

显然,本领域的技术人员应该明白,上述的本发明的每个模块或步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明实施例不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that each of the above-described modules or steps of the present invention can be implemented by a general-purpose computing device, which can be centralized on a single computing device or distributed over a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.

以上所述仅为本发明可选实施例而已,并不用于限制本发明实施例,对于本领域的技术人员来说,本发明实施例可以有多种更改和变化。凡在本发 明实施例的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明实施例的保护范围之内。The above is only an alternative embodiment of the present invention, and is not intended to limit the embodiments of the present invention. For those skilled in the art, the present invention may be variously modified and changed. Where in this hair Any modifications, equivalent substitutions, improvements, etc. within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

工业实用性Industrial applicability

通过本发明实施例方案,采用获取DHCP REQUEST报文,并解析DHCP REQUEST报文中携带的客户端的MAC地址和客户端请求分配的IP地址,其中,DHCP REQUEST报文是客户端向DHCP服务器发送的;判断是否接收到DHCP服务器响应于DHCP REQUEST报文的第一DHCP ACK报文;在判定接收到第一DHCP ACK报文的情况下,将MAC地址与客户端请求分配的IP地址作为ARP条目写入ARP表项的方式,解决了相关技术中ARP条目可靠性低的问题,提高了ARP条目的可靠性。 The solution of the embodiment of the present invention is to obtain a DHCP REQUEST packet, and parse the MAC address of the client carried in the DHCP REQUEST packet and the IP address requested by the client, where the DHCP REQUEST packet is sent by the client to the DHCP server. Determining whether the first DHCP ACK message of the DHCP server responding to the DHCP REQUEST message is received; if it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written as the ARP entry. The method of entering ARP entries solves the problem of low reliability of ARP entries in related technologies and improves the reliability of ARP entries.

Claims (17)

一种地址解析协议ARP条目生成方法,包括:An address resolution protocol ARP entry generation method includes: 获取动态主机配置协议请求DHCP REQUEST报文,并解析所述DHCP REQUEST报文中携带的客户端的媒体接入控制MAC地址和所述客户端请求分配的因特网协议IP地址,其中,所述DHCP REQUEST报文是所述客户端向动态主机配置协议DHCP服务器发送的;Obtaining a dynamic host configuration protocol requesting a DHCP REQUEST packet, and parsing a media access control MAC address of the client carried in the DHCP REQUEST packet and an Internet Protocol IP address allocated by the client request, where the DHCP REQUEST report The message is sent by the client to a dynamic host configuration protocol DHCP server; 判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST报文的第一动态主机配置协议应答DHCP ACK报文;Determining whether the DHCP server receives the DHCP ACK message in response to the first dynamic host configuration protocol of the DHCP REQUEST message; 在判定接收到所述第一DHCP ACK报文的情况下,将所述MAC地址与所述客户端请求分配的IP地址作为ARP条目写入ARP表项。When it is determined that the first DHCP ACK message is received, the MAC address and the IP address assigned by the client request are written into the ARP entry as an ARP entry. 根据权利要求1所述的ARP条目生成方法,所述方法还包括:The method for generating an ARP entry according to claim 1, further comprising: 在获取所述DHCP REQUEST报文之前,获取广播形式的动态主机配置协议请求DHCP DISCOVER报文,并解析所述DHCP DISCOVER报文中携带的所述MAC地址,其中,所述DHCP DISCOVER报文是所述客户端向所述DHCP服务器发送的;Before obtaining the DHCP REQUEST packet, the dynamic host configuration protocol in the broadcast form requests the DHCP DISCOVER packet, and parses the MAC address carried in the DHCP DISCOVER packet, where the DHCP DISCOVER packet is Said client sends to the DHCP server; 获取携带有所述MAC地址的一个或者多个动态主机配置协议IP地址供应DHCP OFFER报文,并解析所述一个或者多个DHCP OFFER报文中携带的一个或者多个IP地址,其中,所述一个或者多个DHCP OFFER报文是所述DHCP服务器向所述客户端发送的。Acquiring one or more dynamic host configuration protocol IP addresses carrying the MAC address to provide a DHCP OFFER message, and parsing one or more IP addresses carried in the one or more DHCP OFFER messages, where One or more DHCP OFFER messages are sent by the DHCP server to the client. 根据权利要求1所述的ARP条目生成方法,所述方法还包括:在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,按照DHCP地址租约老化时间,对所述ARP条目进行老化。The method for generating an ARP entry according to claim 1, further comprising: following the DHCP address after the MAC address and the IP address assigned by the client request are written into the ARP entry as the ARP entry. The aging time of the ARP entry is aging. 根据权利要求3所述的ARP条目生成方法,所述方法还包括:The method for generating an ARP entry according to claim 3, further comprising: 在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携带有所述MAC地址的DHCP REQUEST续租报文,其中,所述DHCP REQUEST续租报文是所述客户端向所述DHCP服务器发送的;After the MAC address and the IP address that is requested by the client are used to write the ARP entry as the ARP entry, the DHCP REQUEST renewal message carrying the MAC address is obtained, where the DHCP The REQUEST renewal message is sent by the client to the DHCP server; 判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST续租报 文的第二DHCP ACK报文;Determining whether the DHCP server is received in response to the DHCP REQUEST renewal report Second DHCP ACK message of the text; 在判定接收到所述第二DHCP ACK报文的情况下,更新所述ARP条目的老化时间。In the case that it is determined that the second DHCP ACK message is received, the aging time of the ARP entry is updated. 根据权利要求1所述的ARP条目生成方法,所述方法还包括:The method for generating an ARP entry according to claim 1, further comprising: 在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携带有所述MAC地址的动态主机配置协议释放DHCP RELEASE报文;After the MAC address and the IP address assigned by the client are used to write the ARP entry as the ARP entry, the dynamic host configuration protocol carrying the MAC address is released to release the DHCP RELEASE message. 删除所述ARP条目。Delete the ARP entry. 根据权利要求1所述的ARP条目生成方法,其中,所述ARP条目的优先级高于根据地址解析协议生成的动态ARP条目。The ARP entry generating method according to claim 1, wherein the ARP entry has a higher priority than the dynamic ARP entry generated according to the address resolution protocol. 根据权利要求1至6中任意一项所述的ARP条目生成方法,所述方法还包括:The method for generating an ARP entry according to any one of claims 1 to 6, the method further comprising: 在将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,接收所述客户端发送的ARP学习报文;After the MAC address and the IP address that is requested by the client are used to write the ARP entry as the ARP entry, the ARP learning packet sent by the client is received; 判断所述ARP学习报文中携带的源MAC地址和源IP地址是否与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致;Determining whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client request; 在判定所述ARP学习报文中携带的源MAC地址和源IP地址与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致的情况下,发送ARP响应报文至所述客户端。And sending an ARP response packet if the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client requesting To the client. 根据权利要求3所述的ARP条目生成方法,所述方法还包括:The method for generating an ARP entry according to claim 3, further comprising: 在按照所述DHCP地址租约老化时间,对所述ARP条目进行老化之后,判断所述ARP条目是否已老化;After aging the ARP entry according to the aging time of the DHCP address lease, determining whether the ARP entry has aged; 在判定所述ARP条目已老化的情况下,检查所述客户端是否在线;In the case that it is determined that the ARP entry has aged, check whether the client is online; 在检查到所述客户端在线的情况下,将所述ARP条目转换为动态ARP条目;在检查到所述客户端不在线的情况下,删除所述ARP条目。The ARP entry is converted to a dynamic ARP entry if it is checked that the client is online; and the ARP entry is deleted if it is checked that the client is not online. 一种ARP条目生成装置,包括:第一处理模块、第一判断模块和写入模块; An ARP entry generating device includes: a first processing module, a first determining module, and a writing module; 所述第一处理模块,设置为获取动态主机配置协议请求DHCP REQUEST报文,并解析所述DHCP REQUEST报文中携带的客户端的媒体接入控制MAC地址和所述客户端请求分配的因特网协议IP地址,其中,所述DHCP REQUEST报文是所述客户端向动态主机配置协议DHCP服务器发送的;The first processing module is configured to obtain a dynamic host configuration protocol request DHCP REQUEST message, and parse the media access control MAC address of the client carried in the DHCP REQUEST message and the Internet Protocol IP address allocated by the client request An address, wherein the DHCP REQUEST message is sent by the client to a dynamic host configuration protocol DHCP server; 所述第一判断模块,设置为判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST报文的第一动态主机配置协议应答DHCP ACK报文;The first determining module is configured to determine whether the DHCP server receives the DHCP ACK message in response to the first dynamic host configuration protocol of the DHCP REQUEST message; 所述写入模块,设置为在所述第一判断模块判定接收到所述第一DHCP ACK报文的情况下,将所述MAC地址与所述客户端请求分配的IP地址作为ARP条目写入ARP表项。The writing module is configured to: when the first determining module determines that the first DHCP ACK message is received, write the MAC address and the IP address allocated by the client request as an ARP entry. ARP entry. 根据权利要求9所述的ARP条目生成装置,所述第一处理模块还设置为:The ARP entry generating apparatus according to claim 9, wherein the first processing module is further configured to: 在获取所述DHCP REQUEST报文之前,获取广播形式的动态主机配置协议请求DHCP DISCOVER报文,并解析所述DHCP DISCOVER报文中携带的所述MAC地址,其中,所述DHCP DISCOVER报文是所述客户端向所述DHCP服务器发送的;Before obtaining the DHCP REQUEST packet, the dynamic host configuration protocol in the broadcast form requests the DHCP DISCOVER packet, and parses the MAC address carried in the DHCP DISCOVER packet, where the DHCP DISCOVER packet is Said client sends to the DHCP server; 获取携带有所述MAC地址的一个或者多个动态主机配置协议IP地址供应DHCP OFFER报文,并解析所述一个或者多个DHCP OFFER报文中携带的一个或者多个IP地址,其中,所述一个或者多个DHCP OFFER报文是所述DHCP服务器向所述客户端发送的。Acquiring one or more dynamic host configuration protocol IP addresses carrying the MAC address to provide a DHCP OFFER message, and parsing one or more IP addresses carried in the one or more DHCP OFFER messages, where One or more DHCP OFFER messages are sent by the DHCP server to the client. 根据权利要求9所述的ARP条目生成装置,所述装置还包括:老化模块;The ARP entry generating apparatus according to claim 9, further comprising: an aging module; 所述老化模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,按照DHCP地址租约老化时间,对所述ARP条目进行老化。The aging module is configured to: after the write module writes the MAC address and the IP address that the client requests to be the ARP entry to the ARP entry, according to the aging time of the DHCP address lease, The ARP entry is aged. 根据权利要求11所述的ARP条目生成装置,所述装置还包括:第一获取模块、第二判断模块和更新模块;The ARP entry generating apparatus according to claim 11, further comprising: a first obtaining module, a second determining module, and an updating module; 所述第一获取模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携 带有所述MAC地址的DHCP REQUEST续租报文,其中,所述DHCP REQUEST续租报文是所述客户端向所述DHCP服务器发送的;The first obtaining module is configured to acquire the port after the write module writes the MAC address and the IP address that the client requests to be the ARP entry to the ARP entry. a DHCP REQUEST renewal message with the MAC address, wherein the DHCP REQUEST renewal message is sent by the client to the DHCP server; 所述第二判断模块,设置为判断是否接收到所述DHCP服务器响应于所述DHCP REQUEST续租报文的第二DHCP ACK报文;The second determining module is configured to determine whether the second DHCP ACK message of the DHCP server in response to the DHCP REQUEST renewal message is received; 所述更新模块,设置为在判定接收到所述第二DHCP ACK报文的情况下,更新所述ARP条目的老化时间。The update module is configured to update an aging time of the ARP entry if it is determined that the second DHCP ACK message is received. 根据权利要求9所述的ARP条目生成装置,所述装置还包括:第二获取模块;The ARP entry generating apparatus according to claim 9, further comprising: a second acquiring module; 所述第二获取模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,获取携带有所述MAC地址的动态主机配置协议释放DHCP RELEASE报文;The second obtaining module is configured to acquire, after the write module writes the MAC address and the IP address that the client requests to be the ARP entry to the ARP entry, The dynamic host configuration protocol of the address releases the DHCP RELEASE message; 删除模块,设置为删除所述ARP条目。Delete the module and set to delete the ARP entry. 根据权利要求9所述的ARP条目生成装置,其中,所述ARP条目的优先级高于根据地址解析协议生成的动态ARP条目。The ARP entry generating apparatus according to claim 9, wherein said ARP entry has a higher priority than a dynamic ARP entry generated according to an address resolution protocol. 根据权利要求9至14中任一项所述的ARP条目生成装置,所述装置还包括:接收模块、第三判断模块和发送模块;The ARP entry generating apparatus according to any one of claims 9 to 14, further comprising: a receiving module, a third determining module, and a transmitting module; 所述接收模块,设置为在所述写入模块将所述MAC地址与所述客户端请求分配的IP地址作为所述ARP条目写入所述ARP表项之后,接收所述客户端发送的ARP学习报文;The receiving module is configured to receive the ARP sent by the client after the write module writes the MAC address and the IP address that the client requests to be the ARP entry to the ARP entry. Learning message; 所述第三判断模块,设置为判断所述ARP学习报文中携带的源MAC地址和源IP地址是否与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致;The third determining module is configured to determine whether the source MAC address and the source IP address carried in the ARP learning packet are consistent with the MAC address recorded in the ARP entry and the IP address allocated by the client requesting ; 所述发送模块,设置为在所述第三判断模块判定所述ARP学习报文中携带的源MAC地址和源IP地址与所述ARP条目中记录的所述MAC地址和所述客户端请求分配的IP地址一致的情况下,发送ARP响应报文至所述客户端。The sending module is configured to determine, by the third determining module, a source MAC address and a source IP address carried in the ARP learning packet, and the MAC address and the client request allocation recorded in the ARP entry. If the IP addresses are the same, an ARP response packet is sent to the client. 根据权利要求11所述的ARP条目生成装置,所述装置还包括:第四判断模块; The ARP entry generating apparatus according to claim 11, further comprising: a fourth determining module; 所述第四判断模块,设置为在所述老化模块按照所述DHCP地址租约老化时间,对所述ARP条目进行老化之后,判断所述ARP条目是否已老化;The fourth determining module is configured to determine, after the aging module ages the ARP entry according to the aging time of the DHCP address lease, to determine whether the ARP entry has aged; 检查模块,设置为在所述第四判断模块判定所述ARP条目已老化的情况下,检查所述客户端是否在线;An checking module, configured to check whether the client is online if the fourth determining module determines that the ARP entry has aged; 第二处理模块,设置为在所述检查模块检查到所述客户端在线的情况下,将所述ARP条目转换为动态ARP条目;在所述检查模块检查到所述客户端不在线的情况下,删除所述ARP条目。a second processing module, configured to: when the check module checks that the client is online, convert the ARP entry into a dynamic ARP entry; if the check module detects that the client is offline , delete the ARP entry. 一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被处理器执行时实现权利要求1至8任意一项所述的地址解析协议ARP条目生成方法。 A computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the address resolution protocol ARP entry generation method of any one of claims 1-8.
PCT/CN2016/086454 2015-09-28 2016-06-20 Arp entry generation method and device Ceased WO2017054526A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510628667.0A CN106559506A (en) 2015-09-28 2015-09-28 ARP entry generation method and device
CN201510628667.0 2015-09-28

Publications (1)

Publication Number Publication Date
WO2017054526A1 true WO2017054526A1 (en) 2017-04-06

Family

ID=58416703

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/086454 Ceased WO2017054526A1 (en) 2015-09-28 2016-06-20 Arp entry generation method and device

Country Status (2)

Country Link
CN (1) CN106559506A (en)
WO (1) WO2017054526A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474814A (en) * 2019-08-29 2019-11-19 广州供电局有限公司 Electric power local area network method for diagnosing faults, device
CN111740901A (en) * 2020-05-20 2020-10-02 北京华三通信技术有限公司 Method and device for establishing BGP peer
CN111835879A (en) * 2020-06-18 2020-10-27 烽火通信科技股份有限公司 Message processing method based on DHCP RELAY protocol and relay equipment
CN112261173A (en) * 2020-10-20 2021-01-22 四川天邑康和通信股份有限公司 DHCP server allocation address conflict detection method relating to convergence gateway
CN112383559A (en) * 2020-11-25 2021-02-19 杭州迪普信息技术有限公司 Protection method and device for address resolution protocol attack
CN113630322A (en) * 2021-08-02 2021-11-09 迈普通信技术股份有限公司 Network cutover method, device, network equipment and computer readable storage medium
CN113709129A (en) * 2021-08-20 2021-11-26 绿盟科技集团股份有限公司 White list generation method, device and system based on traffic learning
CN114553761A (en) * 2022-01-14 2022-05-27 新华三技术有限公司合肥分公司 Exception handling method, exception handling device, network equipment and storage medium
CN115002067A (en) * 2022-04-19 2022-09-02 深圳市共进电子股份有限公司 Client host name processing method, device, system, equipment and medium
CN115065664A (en) * 2022-06-17 2022-09-16 北京天融信网络安全技术有限公司 Internet protocol address recovery method, electronic equipment and storage medium
CN116192804A (en) * 2021-11-29 2023-05-30 浙江宇视科技有限公司 Communication processing method, device, electronic device and storage medium between client terminals
CN118869653A (en) * 2024-09-29 2024-10-29 苏州元脑智能科技有限公司 A method for configuring an address resolution protocol table, a switch, a medium and a product

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107343057A (en) * 2017-06-30 2017-11-10 中国航空工业集团公司雷华电子技术研究所 A kind of C6678 Ethernet loading methods of IP address flexibility and changeability
CN109462609B (en) * 2018-12-24 2021-08-06 新华三技术有限公司 ARP (Address resolution protocol) inhibition table entry generation method and device
CN110677508A (en) * 2019-09-06 2020-01-10 四川天邑康和通信股份有限公司 White box engineering IP network optimization
CN111835735B (en) * 2020-06-29 2023-12-29 新华三信息安全技术有限公司 Anti-attack method, device, equipment and machine-readable storage medium
CN113014693B (en) * 2021-03-31 2023-05-26 贵州航天电子科技有限公司 Multi-client temperature control combined server
CN114124812B (en) * 2021-11-22 2024-11-12 迈普通信技术股份有限公司 Method, device and electronic device for maintaining table item consistency
CN115987611B (en) * 2022-12-20 2025-06-20 新华三技术有限公司 Information updating method, device, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294257A1 (en) * 2005-06-24 2006-12-28 Olympus Corporation IP address obtaining method
US20070192500A1 (en) * 2006-02-16 2007-08-16 Infoexpress, Inc. Network access control including dynamic policy enforcement point
CN101175080A (en) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 Method and system for preventing ARP message attack
CN101179566A (en) * 2007-11-24 2008-05-14 华为技术有限公司 A method and device for defending against ARP packet attacks
CN101453495A (en) * 2008-12-30 2009-06-10 杭州华三通信技术有限公司 Method, system and equipment for preventing authentication address resolution protocol information loss

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120195198A1 (en) * 2011-01-31 2012-08-02 Joseph Regan Method and apparatus providing protocol policing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060294257A1 (en) * 2005-06-24 2006-12-28 Olympus Corporation IP address obtaining method
US20070192500A1 (en) * 2006-02-16 2007-08-16 Infoexpress, Inc. Network access control including dynamic policy enforcement point
CN101175080A (en) * 2007-07-26 2008-05-07 杭州华三通信技术有限公司 Method and system for preventing ARP message attack
CN101179566A (en) * 2007-11-24 2008-05-14 华为技术有限公司 A method and device for defending against ARP packet attacks
CN101453495A (en) * 2008-12-30 2009-06-10 杭州华三通信技术有限公司 Method, system and equipment for preventing authentication address resolution protocol information loss

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474814A (en) * 2019-08-29 2019-11-19 广州供电局有限公司 Electric power local area network method for diagnosing faults, device
CN111740901A (en) * 2020-05-20 2020-10-02 北京华三通信技术有限公司 Method and device for establishing BGP peer
CN111740901B (en) * 2020-05-20 2022-09-02 北京华三通信技术有限公司 Method and device for establishing BGP peer
CN111835879B (en) * 2020-06-18 2022-06-24 烽火通信科技股份有限公司 Message processing method based on DHCP RELAY protocol and relay equipment
CN111835879A (en) * 2020-06-18 2020-10-27 烽火通信科技股份有限公司 Message processing method based on DHCP RELAY protocol and relay equipment
CN112261173A (en) * 2020-10-20 2021-01-22 四川天邑康和通信股份有限公司 DHCP server allocation address conflict detection method relating to convergence gateway
CN112383559A (en) * 2020-11-25 2021-02-19 杭州迪普信息技术有限公司 Protection method and device for address resolution protocol attack
CN113630322A (en) * 2021-08-02 2021-11-09 迈普通信技术股份有限公司 Network cutover method, device, network equipment and computer readable storage medium
CN113630322B (en) * 2021-08-02 2023-06-13 迈普通信技术股份有限公司 Network cutting method, device, network equipment and computer readable storage medium
CN113709129A (en) * 2021-08-20 2021-11-26 绿盟科技集团股份有限公司 White list generation method, device and system based on traffic learning
CN116192804A (en) * 2021-11-29 2023-05-30 浙江宇视科技有限公司 Communication processing method, device, electronic device and storage medium between client terminals
CN114553761A (en) * 2022-01-14 2022-05-27 新华三技术有限公司合肥分公司 Exception handling method, exception handling device, network equipment and storage medium
CN114553761B (en) * 2022-01-14 2024-02-09 新华三技术有限公司合肥分公司 Exception handling method, device, network equipment and storage medium
CN115002067A (en) * 2022-04-19 2022-09-02 深圳市共进电子股份有限公司 Client host name processing method, device, system, equipment and medium
CN115065664A (en) * 2022-06-17 2022-09-16 北京天融信网络安全技术有限公司 Internet protocol address recovery method, electronic equipment and storage medium
CN115065664B (en) * 2022-06-17 2024-01-26 北京天融信网络安全技术有限公司 Internet protocol address recycling method, electronic equipment and storage medium
CN118869653A (en) * 2024-09-29 2024-10-29 苏州元脑智能科技有限公司 A method for configuring an address resolution protocol table, a switch, a medium and a product

Also Published As

Publication number Publication date
CN106559506A (en) 2017-04-05

Similar Documents

Publication Publication Date Title
WO2017054526A1 (en) Arp entry generation method and device
US10033818B2 (en) Using listen ranges to deliver content to electronic devices from local caching servers
CN102427484B (en) Determine whether equipment is in the method and apparatus of network internal based on DNS
KR101914318B1 (en) Global traffic management using modified hostname
US9917889B2 (en) Enterprise service bus routing system
US9554276B2 (en) System and method for on the fly protocol conversion in obtaining policy enforcement information
US10341286B2 (en) Methods and systems for updating domain name service (DNS) resource records
RU2654854C1 (en) Method for collecting data on wireless communication device user and machine-readable medium for method implementation
WO2018214853A1 (en) Method, apparatus, medium and device for reducing length of dns message
CN103685213A (en) Device, system and method for reducing attacks on DNS
US8996607B1 (en) Identity-based casting of network addresses
CN103095722A (en) Method for updating network security table and network device and dynamic host configuration protocol (DHCP) server
AU2023203289A1 (en) Systems and methods for providing a ReNAT communications environment
CN106302384A (en) DNS message processing method and device
WO2016034006A1 (en) Packet sending method and access device
US10652204B2 (en) ReNAT systems and methods
WO2017000561A1 (en) Domain name resource record caching control method and server
US9210129B2 (en) Systems and methods for providing a multiple secure link architecture
CN114363902A (en) 5G private network service security assurance method, device, equipment and storage medium
CN106302838B (en) Domain Name System DNS Resolution Processing Method and Device
US20220337546A1 (en) Method and system for realizing network dynamics, terminal device and storage medium
JP6484166B2 (en) Name resolution device, name resolution method, and name resolution program
WO2016177185A1 (en) Method and apparatus for processing media access control (mac) address
CN110266715A (en) Remote access method, apparatus, device and computer readable storage medium
JP2018527862A (en) Method and apparatus for detecting shared terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16850151

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16850151

Country of ref document: EP

Kind code of ref document: A1