CN114157633B

CN114157633B - Message forwarding method and device

Info

Publication number: CN114157633B
Application number: CN202111475147.2A
Authority: CN
Inventors: 崔益豪; 鲍晓玲; 孙峰; 王开路; 范雪俭
Original assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Current assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Priority date: 2021-12-03
Filing date: 2021-12-03
Publication date: 2023-01-10
Anticipated expiration: 2041-12-03
Also published as: CN114157633A

Abstract

The application provides a message forwarding method and a message forwarding device, which are applied to the field of network communication, wherein in the message forwarding method, after a first internet protocol message corresponding to a first internet protocol is received, converted second quintuple information corresponding to a second internet protocol can be determined according to an address conversion strategy. In the conversion process, a port multiplexing technology, an address pool technology and a dynamic conversion technology can be combined, and the converted address is determined from an address pool comprising a plurality of addresses in a mode of dynamically determining the address, so that on the basis of not exposing the internal network IP address, the internal network IP address can be mapped into a plurality of public network IP addresses to provide service for an IPv6 side client, or all the internal network IP addresses can access IPv6 side network resources through one or more public network IP addresses.

Description

Message forwarding method and device

Technical Field

The present application relates to the field of network communications, and in particular, to a method and an apparatus for forwarding a packet.

Background

Internet Protocol Version 6 (ipv 6) is The next generation Internet Protocol (IP) Protocol designed by The Internet Engineering Task Force (IETF) to replace Internet Protocol Version 4 (Internet Protocol Version 4, ipv 4). The IPv4 has a problem of insufficient network address resources, and the IPv6 not only solves the problem of the number of network address resources, but also solves the problem of a plurality of access devices accessing the internet.

With the continuous development of IPv6, the user scale is also continuously enlarged, so how to implement the intercommunication between IPv4 and IPv6 is very important. In the problem of interworking between IPv4 and IPv6, prefix translation and static translation techniques are currently used for source translation and destination translation in existing networks. The problem of exposing intranet IP addresses exists in prefix conversion, and static conversion can avoid the problem of exposing intranet IP addresses, but when a user on an IPv6 network side initiates connection to access IPv4 network resources, the requirement that one intranet IP address is mapped into a plurality of public network IP addresses to provide service for a client cannot be met; when the IPv4 network side user initiates connection to access the IPv6 network resources, the requirement that all internal network IP addresses access the Internet resources through one or more public network IP addresses cannot be met.

Disclosure of Invention

An object of the embodiments of the present application is to provide a method and an apparatus for forwarding a packet, so as to solve a technical problem of how to implement that, on the basis of not exposing an intranet IP address, one intranet IP address is mapped into a plurality of public network IP addresses to provide a service for an IPv6 side client, or all intranet IP addresses access an IPv6 side network resource through one or more public network IP addresses.

In a first aspect, an embodiment of the present application provides a packet forwarding method, including: receiving a first internet protocol message sent by a user side; if the first internet protocol message is judged to be a message corresponding to a first internet protocol through a protocol, the first internet protocol message enters a first internet protocol stack, and connection corresponding to the first internet protocol is established according to first quintuple information of the first internet protocol message; determining the converted second quintuple information according to a pre-configured address conversion strategy; the address translation policy comprises a value of an address translation parameter, a value of a port translation parameter, a source address pool before translation, a destination address pool before translation, a source address pool after translation and a destination address pool after translation, wherein the address pool comprises an IPv6 Internet address; constructing a second internet protocol message corresponding to a second internet protocol according to the second quintuple information; the second internet protocol message enters a second internet protocol stack in a soft interrupt mode, and a connection corresponding to the second internet protocol is established, so that the first internet protocol message is forwarded to one side of the second internet protocol from one side of the first internet protocol; wherein, one of the first internet protocol and the second internet protocol is an IPv6 protocol, and the other is an IPv4 protocol. In the above solution, after receiving the first internet protocol packet corresponding to the first internet protocol, the converted second quintuple information corresponding to the second internet protocol may be determined according to the address translation policy. In the conversion process, a port multiplexing technology, an address pool technology and a dynamic conversion technology can be combined, and the converted address is determined from an address pool comprising a plurality of addresses in a mode of dynamically determining the address, so that on the basis of not exposing the internal network IP address, the internal network IP address can be mapped into a plurality of public network IP addresses to provide service for an IPv6 side client, or all the internal network IP addresses can access IPv6 side network resources through one or more public network IP addresses.

In an optional embodiment, the first internet protocol is an IPv6 protocol, and the second internet protocol is an IPv4 protocol; the determining the converted second quintuple information according to the pre-configured address conversion policy includes: if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be carried out, calculating to obtain a hash value according to a first source IP address in the first quintuple information; and determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool. In the above scheme, if the value of the address translation parameter indicates that dynamic IP address translation needs to be performed, a unique IP address can be determined from a plurality of IP addresses by calculating a hash value.

In an optional embodiment, after determining the second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool, the method further includes: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information. In the above scheme, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple can be ensured by dynamically determining the second source port.

In an optional embodiment, the determining the converted second quintuple information according to a preconfigured address conversion policy further includes: and determining the first IP address in the converted IPv4 destination address pool as the destination IP address in the second quintuple information. In the above scheme, due to the uniqueness of the converted destination IP address, the destination IP address in the second quintuple information may be directly determined from the internet protocol destination address pool.

In an optional implementation manner, the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is one; the determining the converted second quintuple information according to the pre-configured address conversion policy includes: and if the value of the address conversion parameter indicates that dynamic IP address conversion is not needed, determining the IP address in the converted IPv6 source address pool as the source IP address in the second quintuple information. In the above scheme, if the value of the port conversion parameter indicates that dynamic port address conversion is not required, the electronic device may directly determine the IP address in the IP source address pool as the source IP address in the second quintuple information.

In an optional embodiment, after determining the IP address in the converted IPv6 source address pool as the source IP address in the second five-tuple information, the method further includes: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information. In the above scheme, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple can be ensured by dynamically determining the second source port.

In an optional embodiment, the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is plural; the determining the converted second quintuple information according to the pre-configured address conversion strategy comprises the following steps: if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be carried out, calculating to obtain a hash value according to a first source IP address in the first quintuple information; and determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool. In the above scheme, if the value of the address translation parameter indicates that dynamic IP address translation needs to be performed, a unique IP address can be determined from a plurality of IP addresses by calculating a hash value.

In an optional implementation manner, the determining the converted second quintuple information according to a preconfigured address translation policy further includes: and determining the first IP address in the converted IPv6 destination address pool as the destination IP address in the second quintuple information. In the above scheme, due to the uniqueness of the converted destination IP address, the destination IP address in the second quintuple information may be directly determined from the internet protocol destination address pool.

In an optional embodiment, the determining the converted second quintuple information according to the preconfigured address translation policy includes: dynamically determining the second quintuple information according to a pre-configured conversion strategy, the value of the address conversion parameter and the value of the port conversion parameter; wherein a source conversion strategy and a destination conversion strategy form a conversion strategy. In the above scheme, by combining the source conversion policy and the destination conversion policy into one conversion policy, when protocol and address conversion is performed, a corresponding conversion algorithm is used to select a source IP address and a destination address of a subsequent protocol stack from an address pool determined according to the conversion policy. Therefore, the complexity of policy configuration can be reduced.

In a second aspect, an embodiment of the present application provides a packet forwarding apparatus, including: the receiving module is used for receiving a first internet protocol message sent by a user side; the first establishing module is used for entering the first internet protocol message into a first internet protocol stack and establishing connection corresponding to a first internet protocol according to first quintuple information of the first internet protocol message if the first internet protocol message is judged to be a message corresponding to the first internet protocol through a protocol; the determining module is used for determining the converted second quintuple information according to a pre-configured address conversion strategy; the address translation policy comprises a value of an address translation parameter, a value of a port translation parameter, a source address pool before translation, a destination address pool before translation, a source address pool after translation and a destination address pool after translation, wherein the address pool comprises an IPv6 Internet address; the construction module is used for constructing a second internet protocol message corresponding to a second internet protocol according to the second quintuple information; a second establishing module, configured to enter the second internet protocol packet into a second internet protocol stack in a soft interrupt manner, so as to establish a connection corresponding to the second internet protocol, and implement forwarding of the first internet protocol packet from the first internet protocol side to the second internet protocol side; wherein, one of the first internet protocol and the second internet protocol is an IPv6 protocol, and the other is an IPv4 protocol. In the above solution, after receiving the first internet protocol packet corresponding to the first internet protocol, the converted second quintuple information corresponding to the second internet protocol may be determined according to the address translation policy. In the conversion process, a port multiplexing technology, an address pool technology and a dynamic conversion technology can be combined, and the converted address is determined from an address pool comprising a plurality of addresses in a mode of dynamically determining the address, so that on the basis of not exposing the internal network IP address, the internal network IP address can be mapped into a plurality of public network IP addresses to provide service for an IPv6 side client, or all the internal network IP addresses can access IPv6 side network resources through one or more public network IP addresses.

In an optional embodiment, the first internet protocol is an IPv6 protocol, and the second internet protocol is an IPv4 protocol; the determining module is specifically configured to: if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be carried out, calculating to obtain a hash value according to a first source IP address in the first quintuple information; and determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool. In the above scheme, if the value of the address translation parameter indicates that dynamic IP address translation needs to be performed, a unique IP address can be determined from a plurality of IP addresses by calculating a hash value.

In an optional embodiment, after determining the second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool, the determining module is further configured to: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second Internet protocol stack, selecting another port as a second source port in the second five-tuple information. In the above scheme, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple can be ensured by dynamically determining the second source port.

In an alternative embodiment, the determining module is further configured to: and determining the first IP address in the converted IPv4 destination address pool as the destination IP address in the second quintuple information. In the above scheme, due to the uniqueness of the converted destination IP address, the destination IP address in the second quintuple information may be directly determined from the internet protocol destination address pool.

In an optional implementation manner, the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is one; the determining module is specifically configured to: and if the value of the address conversion parameter indicates that dynamic IP address conversion is not needed, determining the IP address in the IPv6 source address pool after conversion as the destination IP address in the second quintuple information. In the above scheme, if the value of the port conversion parameter indicates that dynamic port address conversion is not required, the electronic device may directly determine the IP address in the IP source address pool as the source IP address in the second quintuple information.

In an optional embodiment, after the determining the IP address in the converted IPv6 source address pool as the source IP address in the second five-tuple information, the determining module is further configured to: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information. In the above scheme, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple can be ensured by dynamically determining the second source port.

In an optional embodiment, the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is plural; the determining module is specifically configured to: if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be carried out, calculating to obtain a hash value according to a first source IP address in the first quintuple information; and determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool. In the above scheme, if the value of the address translation parameter indicates that dynamic IP address translation needs to be performed, a unique IP address can be determined from a plurality of IP addresses by calculating a hash value.

In an optional embodiment, after the determining the second quintuple information according to the hash value and the converted IPv4 source address pool, the determining module is further configured to: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information. In the above scheme, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple can be ensured by dynamically determining the second source port.

In an optional embodiment, the determining module is specifically configured to: and determining the first IP address in the converted IPv6 destination address pool as the destination IP address in the second quintuple information. In the above scheme, due to the uniqueness of the converted destination IP address, the destination IP address in the second quintuple information may be directly determined from the internet protocol destination address pool.

In an optional embodiment, the determining module is specifically configured to: dynamically determining the second quintuple information according to a pre-configured conversion strategy, the value of the address conversion parameter and the value of the port conversion parameter; wherein, a source conversion strategy and a destination conversion strategy form a conversion strategy. In the above scheme, by combining the source conversion policy and the destination conversion policy into one conversion policy, when protocol and address conversion is performed, a corresponding conversion algorithm is adopted to select a source IP address and a destination address of a subsequent protocol stack from an address pool determined according to the conversion policy. Therefore, the complexity of policy configuration can be reduced.

In a third aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory, and a bus; the processor and the memory are communicated with each other through the bus; the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the message forwarding method of the first aspect.

In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions, when executed by a computer, cause the computer to perform the packet forwarding method according to the first aspect.

In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanied with figures are described in detail below.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.

Fig. 1 is a flowchart of a message forwarding method provided in an embodiment of the present application;

fig. 2 is a block diagram of a structure of a packet forwarding apparatus according to an embodiment of the present application;

fig. 3 is a block diagram of an electronic device according to an embodiment of the present disclosure.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

Referring to fig. 1, fig. 1 is a flowchart of a message forwarding method according to an embodiment of the present application, where the message forwarding method may be applied to an electronic device. The message forwarding method may include the following steps:

step S101: receiving a first internet protocol message sent by a user side.

Step S102: and if the first internet protocol message is judged to be the message corresponding to the first internet protocol through the protocol, the first internet protocol message enters a first internet protocol stack, and the connection corresponding to the first internet protocol is established according to the first quintuple information of the first internet protocol message.

Step S103: and determining the converted second quintuple information according to a pre-configured address conversion strategy.

Step S104: and constructing a second internet protocol message corresponding to a second internet protocol according to the second quintuple information.

Step S105: and the second internet protocol message enters a second internet protocol stack in a soft interrupt mode, and establishes a connection corresponding to the second internet protocol, so that the first internet protocol message is forwarded to the second internet protocol side from the first internet protocol side.

Specifically, according to different application scenarios, the first internet protocol packet in step S101 may be an IPv4 packet or an IPv6 packet. It can be appreciated that there are two application scenarios: firstly, a user on an IPv6 network side initiates connection to access an intranet server resource on an IPv4 side, at the moment, a first internet protocol is IPv6, and a second internet protocol is IPv4; secondly, a user on the IPv4 network side initiates connection to access the resources of the public network server on the IPv4 side, at the moment, the first Internet protocol is IPv4, and the second Internet protocol is IPv6.

Taking the first application scenario as an example, if the first internet protocol packet received by the electronic device in step S101 is an IPv6 packet, since the IPv6 packet is a packet corresponding to IPv6, the IPv6 packet may be sent to an IPv6 protocol stack, and an IPv6 connection is established according to the first quintuple information carried by the IPv6 packet. The first quintuple information may include a source IP address, a source port, a destination IP address, a destination port, and a protocol.

Taking the second application scenario as an example, if the first internet protocol packet received by the electronic device in step S101 is an IPv4 packet, since the IPv4 packet is a packet corresponding to IPv4, the IPv4 packet may be sent to an IPv4 protocol stack, and an IPv4 connection is established according to the first quintuple information carried in the IPv4 packet. Likewise, the first quintuple of information may include a source IP address, a source port, a destination IP address, a destination port, and a protocol.

Before the message forwarding method provided by the embodiment of the present application is executed, an address translation policy may be configured in advance according to requirements. The address translation policy comprises a value of an address translation parameter, a value of a port translation parameter, a source address pool before translation, a destination address pool before translation, a source address pool after translation and a destination address pool after translation.

It should be noted that the address translation parameter is used to indicate whether dynamic IP address translation is required in the process of forwarding the current packet, and the port translation parameter is used to indicate whether dynamic port address translation is required in the process of forwarding the local packet. All four address pools include IPv6 internet addresses instead of prefix addresses.

Wherein, the dynamic IP address translation means: a plurality of IP addresses form an address pool, and one IP address is dynamically determined from the address pool as a converted IP address; similarly, dynamic port address translation refers to: there are a plurality of ports, and one port is dynamically determined from the plurality of ports as a converted port.

As an embodiment, the address pool may manage a plurality of IP addresses in the form of an address object, wherein the address object may include a host object, a range object, a subnet object, and the like. In the message forwarding method, the matching of the message and the address conversion can be performed by referring to the address object.

For example, when the value of the address translation parameter stack is configured to yes, it can be characterized that no dynamic IP address translation is required; when the value of address translation parameter ticky is configured to no, it can characterize that dynamic IP address translation is required. For another example, when the value of the port translation parameter pat is configured to be no, it may be characterized that no dynamic port address translation is required; when the value of the port translation parameter pat is configured as yes, it can characterize that dynamic port address translation is required.

It should be understood that the specifically configured values of the address translation parameter and the port translation parameter are only examples provided in the embodiment of the present application, and those skilled in the art may adjust the configurable values of the address translation parameter and the port translation parameter according to actual situations, which is not specifically limited in the embodiment of the present application.

According to the value of the address conversion parameter and the value of the port conversion parameter configured in advance, the electronic device may determine the converted second quintuple information. The second quintuple information may include the translated source IP address, the translated source port, the translated destination IP address, the translated destination port, and the protocol.

The specific implementation of the electronic device determining the converted second quintuple information according to the value of the address conversion parameter and the value of the port conversion parameter will be described in detail in the following embodiments, which will not be described here.

And finally, the electronic equipment can construct a second internet protocol message corresponding to a second internet protocol according to the second quintuple information, then the second internet protocol message enters a second internet protocol stack in a soft interrupt mode, and connection corresponding to the second internet protocol is established, so that the internet protocol message is forwarded to the second internet protocol side from the first internet protocol side.

It will be appreciated that after the connection corresponding to the second internet protocol is established, the connection corresponding to the first internet protocol may be inter-bonded with the connection corresponding to the second internet protocol. The subsequent message can look up the connection table to obtain five-tuple information of another internet protocol, thereby directly constructing another internet protocol message and entering another internet protocol stack through soft interruption to complete message interaction.

Also taking the first application scenario as an example, if the first internet protocol packet received by the electronic device in step S101 is an IPv6 packet, the first quintuple information carried in the IPv6 packet is converted into the second quintuple information corresponding to IPv4 according to the value of the address conversion parameter and the value of the port conversion parameter, an IPv4 packet is constructed according to the second quintuple information corresponding to IPv4, and the IPv4 packet enters the IPv4 protocol stack in a soft interrupt manner to establish an IPv4 connection. Therefore, the IPv6 message is forwarded to the IPv4 side from the IPv6 network side.

Taking the second application scenario as an example, if the first internet protocol packet received by the electronic device in step S101 is an IPv4 packet, the first quintuple information carried by the IPv4 packet is converted into the second quintuple information corresponding to IPv6 according to the value of the address conversion parameter and the value of the port conversion parameter, and the IPv6 packet is constructed according to the second quintuple information corresponding to IPv6, and the IPv6 packet enters the IPv6 protocol stack in a soft interrupt manner to establish an IPv6 connection. Therefore, the IPv4 message is forwarded to the IPv6 side from the IPv4 network side.

It can be understood that, in the foregoing embodiment, since there may be a case where the first source port and the second source port before and after the conversion are the same, a technical solution that multiple connections are implemented through one port may also be implemented in combination with a port multiplexing technology.

In the above solution, after receiving the first internet protocol packet corresponding to the first internet protocol, the converted second quintuple information corresponding to the second internet protocol may be determined according to the address translation policy. In the conversion process, a port multiplexing technology, an address pool technology and a dynamic conversion technology can be combined, and the converted address is determined from an address pool comprising a plurality of addresses in a mode of dynamically determining the address, so that on the basis of not exposing the internal network IP address, the internal network IP address can be mapped into a plurality of public network IP addresses to provide service for an IPv6 side client, or all the internal network IP addresses can access IPv6 side network resources through one or more public network IP addresses.

Further, a specific embodiment that the electronic device determines the converted second quintuple information according to the address conversion policy is described below. According to the difference between the values of the address translation parameters and the values of the port translation parameters in the address translation policy, the following cases can be classified:

in the first case, the address translation parameter characterizes the need for dynamic IP address translation, and the value of the port translation parameter characterizes the need for dynamic port address translation.

In this case, the step S103 may specifically include the following steps:

step one, if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be performed, a hash value is calculated according to a first source IP address in the first quintuple information.

And secondly, determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool.

And thirdly, if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in a second internet protocol stack.

And fourthly, if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information.

And fifthly, determining the IP address in the converted Internet protocol destination address pool as the destination IP address in the second quintuple information.

Specifically, first, if the value of the address translation parameter indicates that dynamic IP address translation is required, the electronic device may randomly calculate to obtain a hash value, and perform a remainder operation on the number of addresses in the translated source address pool configured in the address translation policy by using the hash value to obtain an index of the translated source address pool, so as to determine the second source IP address in the second quintuple information.

Therefore, if the value of the address translation parameter indicates that dynamic IP address translation is required, a unique IP address can be determined from a plurality of IP addresses by calculating a hash value.

Next, in order to ensure that the connection established based on the second quintuple is a new connection, since there is a case where the determined source IP address is duplicated due to duplication of the calculated hash value, dynamic port address translation may be further performed on the basis of dynamic IP address translation. It will be appreciated that a new connection may be established as long as one of the translated source IP address or source port address is not the same.

If the value of the port conversion parameter indicates that dynamic port address conversion is required, the electronic device may further determine whether the first source port in the first tuple is occupied in the second internet protocol stack. The first source port is occupied in the second internet protocol stack to indicate that a connection established based on the port already exists in the previously established connection, so that in order to ensure that the connection established this time is a new connection, one port can be reselected as the second source port in the second five-tuple information when the first source port is occupied in the second internet protocol stack.

As an embodiment, the electronic device may randomly select one port from the remaining ports, and directly use the port as the second source port; as another embodiment, after the electronic device randomly selects one port from the remaining ports, it may further determine whether the port is occupied in the second internet protocol stack, determine the port as a second source port if the port is not occupied in the second internet protocol stack, and reselect a port if the port is occupied in the second internet protocol stack until the selected port is determined as a second source port if the selected port is not occupied in the second internet protocol stack.

It can be understood that, in order to improve the efficiency of forwarding the packet, a number of times of repeated selection may be preset, and when the number of times exceeds the number of times, the second source port is still not determined, the packet loss processing may be directly performed on the internet protocol packet. For example, when the first source port is occupied in the second internet protocol stack, 10 attempts are made to randomly select one port from the remaining ports, and if an unoccupied port in the second internet protocol stack is not obtained yet, a packet is dropped.

When the first source port is not occupied in the second internet protocol stack, although the value of the port translation parameter indicates that dynamic port address translation is required, the first source port can still be determined as the second source port.

Therefore, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple can be ensured by dynamically determining the second source port.

Finally, the destination IP address in the second quintuple information can be directly determined from the internet protocol destination address pool due to the uniqueness of the converted destination IP address.

It should be noted that, there is no sequence among the three processes of converting the first source IP address into the second source IP address, converting the first source port into the second source port, and converting the IP address in the first quintuple information into the destination IP address in the second quintuple information. That is to say, the three processes may be executed simultaneously, or one of the processes may be executed first and then the other two processes may be executed, and the like, which is not specifically limited in the embodiment of the present application.

In the second case, the address translation parameter indicates that dynamic IP address translation is required, and the value of the port translation parameter indicates that dynamic port address translation is not required.

In this case, the step S103 may specifically include the following steps:

And thirdly, if the value of the port conversion parameter indicates that dynamic port address conversion is not needed, determining the IP address in the converted Internet protocol source address pool as the destination IP address in the second quintuple information.

And thirdly, determining the IP address in the converted Internet protocol destination address pool as the destination IP address in the second quintuple information.

Specifically, first, in the above embodiment, when the value representation of the address translation parameter needs to perform dynamic IP address translation, a detailed description is given to a specific implementation manner of translating the first source IP address in the first quintuple information into the second source IP address in the second quintuple information, which is not described herein again.

Next, as an embodiment, if the value of the port conversion parameter indicates that dynamic port address conversion is not needed, the electronic device may directly determine the IP address in the converted IP source address pool as the destination IP address in the second quintuple information.

As another embodiment, in order to ensure that the connection established based on the second five-tuple is a new connection, if the value of the port translation parameter indicates that dynamic port address translation is not required, the electronic device may further determine whether the first source port in the first five-tuple is occupied in the second internet protocol stack. If the first source port is not occupied in the second internet protocol stack, the first source port can be directly determined as a second source port in the second five-tuple; if the first source port is occupied in the second internet protocol stack, the packet loss processing can be directly carried out on the internet protocol message.

Finally, the above embodiment has described in detail a specific implementation manner of converting the destination IP address in the first quintuple information into the destination IP address in the second quintuple information, and details are not described here.

In the third case, the address translation parameter indicates that no dynamic IP address translation is required, and the value of the port translation parameter indicates that dynamic port address translation is required.

In this case, the step S103 may specifically include the following steps:

step one, if the value of the address conversion parameter indicates that dynamic IP address conversion is not needed, determining the IP address in the converted Internet protocol destination address pool as the destination IP address in the second quintuple information.

And secondly, if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in a second internet protocol stack.

And thirdly, if the first source port is occupied in the second Internet protocol stack, selecting another port as a second source port in the second five-tuple information.

And fourthly, determining the IP address in the converted Internet protocol destination address pool as the destination IP address in the second quintuple information.

Specifically, first, if the value of the address translation parameter indicates that dynamic IP address translation is not required, the electronic device may directly determine the IP address in the translated IP destination address pool as the destination IP address in the second quintuple information.

As an embodiment, if only one IP address is included in the converted IP destination address pool, the IP address may be directly determined as the destination IP address in the second quintuple information; as another embodiment, if the converted IP destination address pool includes an IP address, the same hash value may be calculated to ensure that the IP address is the same for each selection.

Next, in the above embodiment, when the value of the port translation parameter is represented and dynamic port address translation is needed, a specific implementation manner of translating the source port address in the first quintuple information into a specific implementation manner address of translating the destination IP address in the first quintuple information into the destination IP address in the second quintuple information, and a specific implementation manner of translating the destination IP address in the first quintuple information into the destination IP address in the second quintuple information are described in detail, and details are not described here again.

In the fourth case, the address translation parameter characterization does not require dynamic IP address translation, and the value of the port translation parameter characterization does not require dynamic port address translation.

In this case, the step S103 may specifically include the following steps:

And secondly, if the value of the port conversion parameter indicates that dynamic port address conversion is not needed, judging whether a first source port in the first quintuple information is occupied in a second internet protocol stack.

And thirdly, if the first source port is occupied in the second internet protocol stack, performing packet loss processing on the internet protocol message.

Further, in different application scenarios, different values of the address translation parameter and the port translation parameter may be configured. Therefore, based on the specific implementation manner of determining the converted second quintuple information according to the value of the address conversion parameter and the value of the port conversion parameter, which is described in the above embodiments, the embodiment of the present application introduces the determination of the converted second quintuple information in the following application scenarios.

In the first application scenario, a user on the IPv6 network side initiates a connection to access the IPv4 side intranet server resource, and the IPv4 side intranet server needs to provide a service for the user through a plurality of IPv6 public network IP addresses provided by a plurality of different operators.

In the application scenario, as the number of users at the IPv6 network side is multiple, the number of first source IP addresses before conversion is multiple; the number of the translated second source IP addresses is also plural. Therefore, the conversion process of the source IP address is a many-to-many process, and the value of the address conversion parameter can be configured to characterize the need for dynamic IP address conversion.

On this basis, in order to ensure the uniqueness of the connection established based on the second five-tuple, the value of the port translation parameter may be configured to characterize the port address translation that needs to be performed dynamically.

Similarly, since the operator provides a plurality of IPv6 public network IP addresses, the number of destination IP addresses before conversion is multiple, and the number of destination IP addresses after conversion is one, so that the IP addresses in the IPv4 destination address pool can be directly determined as the destination IP addresses after conversion.

That is to say, in this application scenario, the specific implementation manner in the first scenario described above may be adopted to implement that an IPv6 user accesses an IPv 4-side intranet server resource through multiple public network IP addresses.

In this case, the step S103 may specifically include the following steps:

Thirdly, if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in a second internet protocol stack;

And step five, determining the first IP address in the converted IPv4 destination address pool as the destination IP address in the second quintuple information.

In the second application scenario, a user on the IPv6 network side initiates a connection to access the IPv4 side intranet server resource, and the IPv4 side intranet server needs to provide a service for the user through an IPv6 public network IP address provided by an operator.

On this basis, in order to ensure the uniqueness of the connection established based on the second five-tuple, the value of the port translation parameter may therefore also be configured to characterize the port address translation that needs to be performed dynamically.

Similarly, because the operator provides an IPv6 public network IP address, the number of destination IP addresses before conversion is one, and the number of destination IP addresses after conversion is one, the IP address in the IPv4 destination address pool can be directly determined as the destination IP address after conversion.

That is to say, in this application scenario, the specific implementation in the first case can also be adopted to implement that the IPv6 user accesses the IPv4 side intranet server resource through one public network IP address. In this case, the step S103 may specifically include the following steps:

and step four, if the first source port is occupied in the second Internet protocol stack, selecting another port as a second source port in the second five-tuple information.

In the third application scenario, a user on the IPv4 network side initiates connection to access the resources of the IPv4 side public network server, and an operator only allocates one IPv6 public network IP address to the user.

In the application scenario, the number of the first source IP addresses before conversion is multiple; since the operator provides one IPv6 public network IP address, the number of the converted second source IP addresses is one. Thus, the translation process for the source IP address is a many-to-one process, and the values of the address translation parameters can be configured to characterize that no dynamic IP address translation is required.

That is to say, in this application scenario, the specific implementation manner in the second case described above may be adopted to implement that all IPv4 users access the IPv6 side network resource through one public network IP address. In this case, the step S103 may specifically include the following steps:

step one, if the value of the address conversion parameter indicates that dynamic IP address conversion is not needed, determining the IP address in the converted IPv6 source address pool as the destination IP address in the second quintuple information.

Secondly, if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in a second internet protocol stack;

And fourthly, determining the first IP address in the converted IPv6 destination address pool as the destination IP address in the second quintuple information.

In the fourth application scenario, a user on the IPv4 network side initiates connection to access the resources of the IPv4 side public network server, and an operator allocates a plurality of IPv6 public network IP addresses to the user.

In the application scenario, the number of the first source IP addresses before conversion is multiple; since the operator provides a plurality of IPv6 public network IP addresses, the number of the translated second source IP addresses is plural. Therefore, the conversion process of the source IP address is a many-to-many process, and the value of the address conversion parameter can be configured to characterize the need for dynamic IP address conversion.

Similarly, the number of the destination IP addresses before the conversion is one, and the number of the destination IP addresses after the conversion is one, so the IP addresses in the IPv4 destination address pool can be directly determined as the destination IP addresses after the conversion.

That is to say, in this application scenario, the specific implementation manner in the first case described above may be adopted to implement that all IPv4 users access IPv6 side network resources through multiple public network IP addresses. In this case, the step S103 may specifically include the following steps:

And step five, determining the first IP address in the converted IPv6 destination address pool as the destination IP address in the second quintuple information.

Further, before the message forwarding method provided by the embodiment of the present application is executed, a corresponding conversion policy may also be configured in advance. Wherein, a conversion strategy can be composed of a source conversion strategy and a destination conversion strategy.

Referring to table 1, table 1 shows a NAT64 translation policy. In table 1, there are four NAT64 policy types, respectively: source and destination prefix translation, source and destination translation, and source and destination prefix translation.

Taking a conversion policy of source conversion and destination conversion as an example, the conversion policy includes a source conversion policy: source conversion (converting a source host, a source scope, and a source subnet before conversion into a source host, a source scope, and a source subnet after conversion), and a destination conversion policy: and destination conversion (converting the destination host, the destination range and the destination subnet before conversion into the destination host, the destination range and the destination subnet after conversion).

TABLE 1NAT64 translation policy

Among the four conversion strategies, the two conversion strategies of source conversion, destination conversion, source prefix conversion and destination conversion can realize that intranet IP addresses are not exposed; and the two conversion strategies of source conversion, destination prefix conversion and source prefix conversion and destination prefix conversion are adopted, so that the risk of exposing the intranet IP address can exist when the prefix is stripped during the conversion of the destination IP address.

It can be understood that, in the above-mentioned packet forwarding method related to the NAT64, the translation policy of the source translation and the destination translation in table 1 is taken as an example for description, and those skilled in the art may implement the packet forwarding method based on other translation policies on the basis of the implementation manner described in the above-mentioned embodiment.

For example, if a user on the IPv6 network initiates a connection to access an intranet server resource on the IPv4 network, it is required that an intranet IP address cannot be exposed, and a conversion policy may be preconfigured: source translation and destination translation or source prefix translation and destination translation. Under the condition of not limiting the source address and the destination address, the IPv6 message can select the converted IPv4 source IP address and the converted IPv4 destination address from the address pool only by configuring the converted source address pool and the converted destination address pool according to the conversion strategy, and the IPv6 user can access the IPv4 side intranet server resource.

Referring to table 2, table 1 shows a NAT46 translation policy. In table 2, there are four NAT46 policy types, respectively: source and destination prefix translation, source and destination translation, and source and destination prefix translation.

Taking a conversion policy of source conversion and destination conversion as an example, the conversion policy includes a source conversion policy: source conversion (converting a source host, a source scope, and a source subnet before conversion into a source host, a source scope, and a source subnet after conversion), and a destination conversion policy: destination conversion (converting the destination host, destination range and destination subnet before conversion into the destination host, destination range and destination subnet after conversion).

TABLE 2NAT46 translation policy

Among the four conversion strategies, the two conversion strategies of source conversion, destination conversion, source prefix conversion and destination conversion can realize that intranet IP addresses are not exposed; in the two conversion strategies of source conversion, destination prefix conversion and source prefix conversion and destination prefix conversion, the risk of exposing the intranet IP address can exist when the prefix is stripped in the conversion of the destination IP address.

It can be understood that, in the above-mentioned packet forwarding method related to the NAT46, the translation policy of the source translation and the destination translation in table 2 is taken as an example for description, and those skilled in the art may implement the packet forwarding method based on other translation policies on the basis of the implementation manner described in the above-mentioned embodiment.

For example, if a user on the IPv4 network initiates a connection to access a resource of the IPv4 public network server, it is required that an intranet IP address cannot be exposed, a conversion policy may be preconfigured: source translation and destination translation or source prefix translation and destination translation. Under the condition of not limiting the source address and the destination address, the IPv4 message can select the converted IPv6 source IP address and the converted IPv6 destination address from the address pool only by configuring the converted source address pool and the converted destination address pool according to the conversion strategy, and the IPv4 user can access the IPv6 side network resource.

In the above scheme, by combining the source conversion policy and the destination conversion policy into one conversion policy, when protocol and address conversion is performed, a corresponding conversion algorithm is adopted to select a source IP address and a destination address of a subsequent protocol stack from an address pool determined according to the conversion policy. Therefore, the complexity of policy configuration can be reduced.

Further, after the step S104, the message forwarding method provided in the embodiment of the present application may further include the following contents:

and performing connection and mutual binding.

And the return packet and the subsequent packet are connected by searching, and then the quintuple information of the next protocol stack is sent to the next protocol stack after address protocol conversion is carried out, so that the interactive process of IPv6 and IPv4 is completed.

Specifically, as an implementation manner, the interactive process of IPv6 and IPv4 can be implemented in a connection and mutual binding manner, and directly in a connection searching manner; as another implementation, the interactive process of IPv6 and IPv4 may also be implemented by looking up a five-tuple without performing connection inter-binding.

Referring to fig. 2, fig. 2 is a block diagram of a structure of a message forwarding apparatus according to an embodiment of the present disclosure, where the message forwarding apparatus 200 may include: a receiving module 201, configured to receive a first internet protocol packet sent by a user side; a first establishing module 202, configured to, if it is determined that the first internet protocol packet is a packet corresponding to a first internet protocol through a protocol, enter the first internet protocol packet into a first internet protocol stack, and establish a connection corresponding to the first internet protocol according to first quintuple information of the first internet protocol packet; a determining module 203, configured to determine the converted second quintuple information according to a preconfigured address conversion policy; the address translation policy comprises a value of an address translation parameter, a value of a port translation parameter, a source address pool before translation, a destination address pool before translation, a source address pool after translation and a destination address pool after translation, wherein the address pool comprises an IPv6 Internet address; a constructing module 204, configured to construct a second internet protocol packet corresponding to a second internet protocol according to the second quintuple information; a second establishing module 205, configured to enter the second internet protocol packet into a second internet protocol stack in a soft interrupt manner, and establish a connection corresponding to the second internet protocol, so as to forward the first internet protocol packet from the first internet protocol side to the second internet protocol side; wherein, one of the first internet protocol and the second internet protocol is an IPv6 protocol, and the other is an IPv4 protocol.

In this embodiment, after receiving a first internet protocol packet corresponding to a first internet protocol, the converted second quintuple information corresponding to a second internet protocol may be determined according to an address translation policy. In the conversion process, a port multiplexing technology, an address pool technology and a dynamic conversion technology can be combined, and the converted address is determined from an address pool comprising a plurality of addresses in a mode of dynamically determining the address, so that on the basis of not exposing the internal network IP address, the internal network IP address can be mapped into a plurality of public network IP addresses to provide service for an IPv6 side client, or all the internal network IP addresses can access IPv6 side network resources through one or more public network IP addresses.

Further, the first internet protocol is an IPv6 protocol, and the second internet protocol is an IPv4 protocol; the determining module 203 is specifically configured to: if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be carried out, calculating to obtain a hash value according to a first source IP address in the first quintuple information; and determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool.

In this embodiment, if the value of the address translation parameter indicates that dynamic IP address translation is required, a unique IP address may be determined from a plurality of IP addresses by calculating a hash value.

Further, after the second source IP address in the second quintuple information is determined according to the hash value and the converted IPv4 source address pool, the determining module 203 is further configured to: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information.

In this embodiment of the present application, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple may be ensured in a manner of dynamically determining the second source port.

Further, the determining module 203 is further configured to: and determining the first IP address in the converted IPv4 destination address pool as the destination IP address in the second quintuple information.

In this embodiment of the present application, due to the uniqueness of the converted destination IP address, the destination IP address in the second quintuple information may be directly determined from the internet protocol destination address pool.

Further, the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is one; the determining module 203 is specifically configured to: and if the value of the address conversion parameter indicates that dynamic IP address conversion is not needed, determining the IP address in the IPv6 source address pool after conversion as the source IP address in the second quintuple information.

In this embodiment of the present application, if the value of the port translation parameter indicates that dynamic port address translation is not required, the electronic device may directly determine the IP address in the internet protocol source address pool as the source IP address in the second quintuple information.

Further, after the determining the IP address in the converted IPv6 source address pool as the source IP address in the second five-tuple information, the determining module 203 is further configured to: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information.

In this embodiment of the present application, when the first source port is occupied in the second internet protocol stack, the uniqueness of the connection established based on the second five-tuple may be ensured by dynamically determining the second source port.

Further, the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is plural; the determining module 203 is specifically configured to: if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be carried out, calculating to obtain a hash value according to a first source IP address in the first quintuple information; and determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool.

Further, after the determining the second quintuple information according to the hash value and the converted IPv4 source address pool, the determining module 203 is further configured to: if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack; and if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information.

Further, the determining module 203 is specifically configured to: and determining the first IP address in the converted IPv6 destination address pool as the destination IP address in the second quintuple information.

Further, the determining module 203 is specifically configured to: dynamically determining the second quintuple information according to a pre-configured conversion strategy, the value of the address conversion parameter and the value of the port conversion parameter; wherein, a source conversion strategy and a destination conversion strategy form a conversion strategy.

In the embodiment of the application, a source conversion strategy and a destination conversion strategy are combined into one conversion strategy, and when protocol and address conversion is performed, a corresponding conversion algorithm is adopted to select a source IP address and a destination address of a subsequent protocol stack from an address pool determined according to the conversion strategy. Therefore, the complexity of policy configuration can be reduced.

Referring to fig. 3, fig. 3 is a block diagram of an electronic device according to an embodiment of the present disclosure, where the electronic device 300 includes: at least one processor 301, at least one communication interface 302, at least one memory 303, and at least one communication bus 304. Wherein the communication bus 304 is used for implementing direct connection communication of these components, the communication interface 302 is used for communicating signaling or data with other node devices, and the memory 303 stores machine-readable instructions executable by the processor 301. When the electronic device 300 is operating, the processor 301 communicates with the memory 303 via the communication bus 304, and the machine-readable instructions, when called by the processor 301, perform the message forwarding method described above.

For example, the processor 301 of the embodiment of the present application may implement the following method by reading the computer program from the memory 303 through the communication bus 304 and executing the computer program: step S101: receiving a first internet protocol message sent by a user side. Step S102: and if the first internet protocol message is judged to be the message corresponding to the first internet protocol through the protocol, the first internet protocol message enters a first internet protocol stack, and connection corresponding to the first internet protocol is established according to the first quintuple information of the first internet protocol message. Step S103: and determining the converted second quintuple information according to a pre-configured address conversion strategy. Step S104: and constructing a second internet protocol message corresponding to a second internet protocol according to the second quintuple information. Step S105: and the second internet protocol message enters a second internet protocol stack in a soft interrupt mode to establish a connection corresponding to the second internet protocol, so that the first internet protocol message is forwarded to the second internet protocol side from the first internet protocol side.

The processor 301 may be an integrated circuit chip having signal processing capabilities. The Processor 301 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. Which may implement or perform the various methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The Memory 303 may include, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Read Only Memory (EPROM), an electrically Erasable Read Only Memory (EEPROM), and the like.

It will be appreciated that the configuration shown in fig. 3 is merely illustrative and that electronic device 300 may include more or fewer components than shown in fig. 3 or have a different configuration than shown in fig. 3. The components shown in fig. 3 may be implemented in hardware, software, or a combination thereof. In the embodiment of the present application, the electronic device 300 may be, but is not limited to, an entity device such as a desktop, a notebook computer, a smart phone, an intelligent wearable device, and a vehicle-mounted device, and may also be a virtual device such as a virtual machine. In addition, the electronic device 300 is not necessarily a single device, but may also be a combination of multiple devices, such as a server cluster, and the like.

Embodiments of the present application further provide a computer program product, including a computer program stored on a computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a computer, the computer can execute the steps of the message forwarding method in the foregoing embodiments, for example, including: receiving a first internet protocol message sent by a user side; if the first internet protocol message is judged to be a message corresponding to a first internet protocol through a protocol, the first internet protocol message enters a first internet protocol stack, and connection corresponding to the first internet protocol is established according to first quintuple information of the first internet protocol message; determining the converted second quintuple information according to a pre-configured address conversion strategy; the address translation policy comprises a value of an address translation parameter, a value of a port translation parameter, a source address pool before translation, a destination address pool before translation, a source address pool after translation and a destination address pool after translation, wherein the address pool comprises an IPv6 Internet address; constructing a second internet protocol message corresponding to a second internet protocol according to the second quintuple information; entering the second internet protocol message into a second internet protocol stack in a soft interrupt manner to establish a connection corresponding to the second internet protocol, so as to realize that the first internet protocol message is forwarded to the second internet protocol side from the first internet protocol side; wherein, one of the first internet protocol and the second internet protocol is an IPv6 protocol, and the other is an IPv4 protocol.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.

In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

It should be noted that the functions, if implemented in the form of software functional modules and sold or used as independent products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.

The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims

1. A message forwarding method is characterized by comprising the following steps:

receiving a first internet protocol message sent by a user side;

if the first internet protocol message is judged to be a message corresponding to a first internet protocol through a protocol, the first internet protocol message enters a first internet protocol stack, and connection corresponding to the first internet protocol is established according to first quintuple information of the first internet protocol message;

determining the converted second quintuple information according to a pre-configured address conversion strategy; the address translation policy comprises a value of an address translation parameter, a value of a port translation parameter, a source address pool before translation, a destination address pool before translation, a source address pool after translation and a destination address pool after translation, wherein the address pool comprises an IPv6 Internet address;

constructing a second internet protocol message corresponding to a second internet protocol according to the second quintuple information;

entering the second internet protocol message into a second internet protocol stack in a soft interrupt mode, establishing a connection corresponding to the second internet protocol, and forwarding the first internet protocol message from the first internet protocol side to the second internet protocol side;

one of the first internet protocol and the second internet protocol is an IPv6 protocol, and the other one is an IPv4 protocol;

the determining the converted second quintuple information according to the pre-configured address conversion policy includes:

if the value of the port conversion parameter indicates that dynamic port address conversion is required, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack;

if the first source port is occupied in the second internet protocol stack, selecting another port as a second source port in the second five-tuple information; otherwise, determining the first source port as a second source port in the second five-tuple information;

if the value of the port conversion parameter indicates that dynamic port address conversion is not needed, judging whether a first source port in the first quintuple information is occupied in the second internet protocol stack;

if the first source port is occupied in the second internet protocol stack, performing packet loss processing on the first internet protocol message; otherwise, the first source port is determined as a second source port in the second five-tuple information.

2. The message forwarding method according to claim 1, wherein the first internet protocol is an IPv6 protocol, and the second internet protocol is an IPv4 protocol;

the determining the converted second quintuple information according to the preconfigured address conversion policy further includes:

if the value of the address conversion parameter indicates that dynamic IP address conversion needs to be carried out, calculating to obtain a hash value according to a first source IP address in the first quintuple information;

and determining a second source IP address in the second quintuple information according to the hash value and the converted IPv4 source address pool.

3. The packet forwarding method according to claim 2, wherein the determining the second quintuple information after the conversion according to the pre-configured address conversion policy further comprises:

and determining the first IP address in the converted IPv4 destination address pool as the destination IP address in the second quintuple information.

4. The message forwarding method according to claim 1, wherein the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is one;

and if the value of the address conversion parameter indicates that dynamic IP address conversion is not needed, determining the IP address in the converted IPv6 source address pool as the source IP address in the second quintuple information.

5. The message forwarding method according to claim 1, wherein the first internet protocol is an IPv4 protocol, the second internet protocol is an IPv6 protocol, and the number of IP addresses in the IPv6 source address pool is plural;

6. The message forwarding method according to claim 4 or 5, wherein the determining the converted second five-tuple information according to the preconfigured address translation policy further comprises:

and determining the first IP address in the converted IPv6 destination address pool as the destination IP address in the second quintuple information.

7. The packet forwarding method according to any one of claims 1 to 5, wherein the determining the converted second five-tuple information according to the preconfigured address translation policy includes:

dynamically determining the second quintuple information according to a pre-configured conversion strategy, the value of the address conversion parameter and the value of the port conversion parameter; wherein, a source conversion strategy and a destination conversion strategy form a conversion strategy.

8. A message forwarding apparatus, comprising:

the receiving module is used for receiving a first internet protocol message sent by a user side;

the first establishing module is used for entering the first internet protocol message into a first internet protocol stack and establishing connection corresponding to a first internet protocol according to first quintuple information of the first internet protocol message if the first internet protocol message is judged to be a message corresponding to the first internet protocol through a protocol;

the determining module is used for determining the converted second quintuple information according to a pre-configured address conversion strategy; the address translation policy comprises a value of an address translation parameter, a value of a port translation parameter, a source address pool before translation, a destination address pool before translation, a source address pool after translation and a destination address pool after translation, wherein the address pool comprises an IPv6 Internet address;

the construction module is used for constructing a second Internet protocol message corresponding to a second Internet protocol according to the second quintuple information;

a second establishing module, configured to enter the second internet protocol packet into a second internet protocol stack in a soft interrupt manner, and establish a connection corresponding to the second internet protocol, so as to forward the first internet protocol packet from the first internet protocol side to the second internet protocol side;

the determining module is specifically configured to:

9. An electronic device, comprising: a processor, a memory, and a bus;

the processor and the memory are communicated with each other through the bus;

the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the message forwarding method of any of claims 1-7.

10. A computer-readable storage medium storing computer instructions which, when executed by a computer, cause the computer to perform the message forwarding method of any one of claims 1-7.