CN102843439B - Equipment communication method and device - Google Patents

Abstract

The invention discloses a device communication method and device. A device communication method includes: when the HND communicates with the IPv6 device PND6 on the public network through the HGW, the HGW receives the uplink message sent by the HND, and converts the uplink message according to the configured mapping entry Translate it into an uplink message that PND6 can recognize, and forward it to PND6, where the configured mapping entry includes at least one IP address and port mapping relationship involved in the version of the Internet Protocol; HGW receives the downlink message sent by PND6, and according to the configured mapping The entry translates downlink packets into downlink packets that can be recognized by the HND and forwards them to the HND. Adopting the present invention can realize the communication between the HND and the PND6 while improving the security of the communication.

Description

Device communication method and device

technical field

The present invention relates to the communication field, in particular, to a device communication method and device.

Background technique

In the traditional pure Internet protocol version IPv4 network environment, home network internal devices (HomeNetwork Device, HND), such as personal computers PC, generally use private Internet protocol version 4 (IPv4) addresses, such as "192.168.1.6", while the home The gateway (Home Gateway, HGW) can obtain a public IPv4 address; in this case, the mapping relationship between the PC’s private network address and port and the HGW’s public network address and port can be established on the home gateway to complete the connection between the PC and the public network. Communication with other devices. In this process, since the address and port used by the PC are completely invisible to the outside world, its security is improved to a certain extent.

This address and port mapping can be automatically and flexibly configured through the "Universal Plug and Play" UPnP protocol. This process is clearly described and regulated in the UPnP Internet Gateway Device (UPnP IGD) related specification. With the increasing scale of the IPv4 network, the problem of IPv4 address exhaustion has begun to appear; IPv6 network technology has gradually replaced IPv4, but due to the huge scale of the existing IPv4 network and the variety of IPv4 applications, the coexistence of IPv6 and IPv4 networks will be a challenge. long process.

When the backbone network is an IPv6 network, the HGW that supports IPv4/IPv6 dual protocol stack technology (hereinafter referred to as dual stack technology) has an IPv6 globally unique address (GUA), while the HND can only have IPv4 private network addresses or only have GUA or both both. Therefore, when the HND passes through the HGW and the IPv6 device (Public Network Device V6, PND6) on the public network, at least two situations occur:

1) HND uses GUA to communicate with PND6;

2) HND uses IPv4 private network address to communicate with PND6.

Situation 1) can directly communicate without performing network address translation and translation, while situation 2) at least requires the help of IPv4 to IPv6 address and protocol translation and translation functions inside the HGW.

Although the above situation can complete the end-to-end communication, there is no configuration mechanism similar to the flexible address and port mapping in the pure IPv4 network environment and the actual conversion and translation function based on these configurations in the related technology, the communication between HND and PND6 and its Security will be greatly affected.

In view of the lack of flexible address and port mapping configuration mechanism and actual conversion translation function in the related technology when IPv6 network or IPv6 and IPv4 networks coexist, the communication between HND and PND6 and its security will be greatly affected. No effective solution has been proposed so far.

Contents of the invention

The main purpose of the present invention is to provide a device communication method and device to at least solve the lack of a flexible address and port mapping configuration mechanism and actual conversion translation function when the IPv6 network or IPv6 and IPv4 networks coexist in the above-mentioned related technologies, The communication between HND and PND6 and its security will be greatly affected.

According to one aspect of the present invention, a device communication method is provided, including: when the device HND in the home network communicates with the Internet Protocol version IPv6 device PND6 on the public network through the home gateway HGW, the method includes: the HGW receiving the The uplink message sent by the HND is converted and translated into an uplink message that the PND6 can recognize according to the configured mapping entry, and forwarded to the PND6, wherein the configured mapping entry includes at least one The address and port mapping relationship involved in the version of the Internet Protocol; the HGW receives the downlink message sent by the PND6, and converts the downlink message into a downlink message that the HND can recognize according to the configured mapping entry text and forward it to the HND.

Preferably, the HGW can communicate with the HND and the PND6 using an IPv6 address or both IPv6 and IPv4 addresses.

Preferably, the mapping relationship includes at least one of the following: an address and port mapping relationship between IPv6 and IPv4; an address and port mapping relationship between IPv6 and IPv6.

Preferably, the method further includes: the HND adds or deletes the configured mapping entries according to the address and port required for the HND to communicate with the PND6.

Preferably, the HND adds or deletes the configured mapping entries according to the address and port required for communication between itself and the PND6, including: the HND obtains the configured mapping entries through a query interface; the HND Determine the mapping entry required for communication according to the address and port required for communication between itself and the PND6; the HND compares the required mapping entry and the configured mapping entry, and performs an addition or deletion operation of the mapping entry according to the comparison result .

Preferably, when the configured mapping entry includes the address and port mapping relationship between IPv6 and IPv6, the configured mapping entry includes at least one of the following: internal IPv6 globally unique address GUA, internal port, external GUA, external port, Protocol, remote host identifier, enable flag, mapping duration, mapping entry description; when the configured mapping entry includes the address and port mapping relationship between IPv6 and IPv4, the configured mapping entry includes at least one of the following: internal IPv4 address, internal port, external GUA, external port, protocol, remote host ID, enable flag, mapping duration, mapping entry description.

Preferably, the external GUA includes: the GUA being used by the external network interface on the HGW; or, other GUAs within the IPv6 prefix range acquired by the HGW.

Preferably, the remote host identifier includes: a domain name string; or, a valid GUA address; or an empty string.

Preferably, when the remote host identifier is a domain name string, the HGW resolves the domain name string to GUA through the domain name server DNS; when the remote host identifier is not the empty string, the HGW can only The designated host communicates with the HND.

Preferably, the mapping duration is used to indicate the valid time of the configured mapping entry, and when the configured mapping entry exceeds the mapping duration, the configured mapping entry is deleted.

Preferably, the HGW uses an IPv6 address to communicate with the HND and the PND6, including: when the uplink message is an uplink IPv6 message, if the source address, source port number and protocol of the uplink IPv6 message field matches the source address, source port number, and protocol field of the configured mapping entry, and the HGW converts the source address and source port according to the configured mapping entry, and forwards the translated uplink packet to The PND6; when the downlink message is a downlink IPv6 message, if the destination address, destination port number and protocol field of the downlink IPv6 message are the same as the destination address, destination port number and protocol field of the configured mapping entry match, and can meet the restriction requirements of the remote host identification field, the HGW converts the destination address and destination port according to the configured mapping entry, and forwards the translated downlink message to the HND.

Preferably, the HGW uses both IPv6 and IPv4 addresses to communicate with the HND and the PND6, including: when the uplink message is an uplink IPv4 message, if the source address of the uplink IPv4 message, The destination address and source port number match the source address, destination address, and source port number of the configured mapping entry, and the HGW converts the source address, destination address, and The source port number is converted into the source address, destination address, and source port number of the corresponding uplink IPv6 message, the uplink IPv4 message is converted and translated into an uplink IPv6 message, and the translated uplink message is forwarded to the PND6 ; When the downlink message is a downlink IPv6 message, if the destination address, destination port number and protocol field of the downlink IPv6 message match the destination address, destination port number and protocol field of the configured mapping entry, And can meet the restriction requirements of the remote host identification field, the HGW converts the destination address into a specified IPv4 address according to the configured mapping entry, converts the destination port into a specified port, and maps the source address to IPv4 addresses in a preset range, convert and translate the downlink IPv6 message into a downlink IPv4 message, and forward the converted and translated downlink message to the HND.

Preferably, the method further includes: configuring the mapping entry by extending the UPnP-IGD specification.

According to another aspect of the present invention, a device communication device is provided, which is set in the home gateway HGW, and includes: a first processing module, used for the home network internal device HND to communicate with the IPv6 device PND6 on the public network through the HGW , receive the uplink message sent by the HND, convert and translate the uplink message into an uplink message recognizable by the PND6 according to the configured mapping entry, and forward it to the PND6, wherein the configured mapping The entry includes at least one address and port mapping relationship involved in the Internet Protocol version; the second processing module is used to receive the downlink message sent by the PND6, and convert and translate the downlink message according to the configured mapping entry into The downlink message that the HND can identify is forwarded to the HND.

In the embodiment of the present invention, when the internal device HND of the home network communicates with the IPv6 device PND6 on the public network through the home gateway HGW, the HGW receives the uplink message sent by the HND, and translates the uplink message into PND6 according to the configured mapping entries. The uplink message that can be identified is forwarded to PND6, wherein the configured mapping entry includes at least one IP address and port mapping relationship involved in the version of the Internet protocol; HGW receives the downlink message sent by PND6, and sends the downlink message according to the configured mapping entry The message is converted and translated into a downlink message that can be recognized by the HND, and forwarded to the HND. That is, in the embodiment of the present invention, when the HND communicates with the PND6, the HGW converts and translates different types of messages, and converts and translates them into messages that can be recognized by the destination device, thereby realizing the communication between the HND and the designated PND6. And it can flexibly shield the address and port information used when the HND communicates with the PND6, thereby greatly improving the security of the communication.

Description of drawings

The accompanying drawings described here are used to provide a further understanding of the present invention and constitute a part of the application. The schematic embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute improper limitations to the present invention. In the attached picture:

Fig. 1 is a processing flowchart of a device communication method according to an embodiment of the present invention;

Fig. 2 is the process of adding/deleting IPv6 to IPv6 address and port mapping according to an embodiment of the present invention;

Fig. 3 is the process of adding/deleting IPv4 to IPv6 address and port mapping according to an embodiment of the present invention;

Fig. 4 is the IPv6 address and port mapping process according to the embodiment of the present invention;

Fig. 5 is according to the conversion translation process between IPv4 and IPv6 of the embodiment of the present invention;

Fig. 6 is a schematic structural diagram of a device communication apparatus according to an embodiment of the present invention.

detailed description

Hereinafter, the present invention will be described in detail with reference to the drawings and examples. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

It is mentioned in related technologies that the coexistence of IPv6 and IPv4 networks is a long-term process at present, and when IPv6 networks or IPv6 and IPv4 networks coexist, due to the lack of flexible address and port mapping configuration mechanisms and actual translation translation function, the communication between HND and PND6 and its security will be greatly affected.

In order to solve the above technical problems, an embodiment of the present invention provides a device communication method. When the device HND in the home network communicates with the IPv6 device PND6 on the public network through the home gateway HGW, the processing flow of the communication between devices is shown in Figure 1 shown, including:

Step S102, the HGW receives the uplink message sent by the HND, converts and translates the uplink message into an uplink message that can be recognized by PND6 according to the configured mapping entry, and forwards it to PND6, wherein the configured mapping entry includes at least one Internet protocol version The mapping relationship between addresses and ports involved;

Step S104, the HGW receives the downlink message sent by the PND6, converts and translates the downlink message into a downlink message that the HND can recognize according to the configured mapping entries, and forwards the message to the HND.

In the embodiment of the present invention, when the internal device HND of the home network communicates with the IPv6 device PND6 on the public network through the home gateway HGW, the HGW receives the uplink message sent by the HND, and translates the uplink message into PND6 according to the configured mapping entries. The uplink message that can be identified is forwarded to PND6, wherein the configured mapping entry includes at least one IP address and port mapping relationship involved in the version of the Internet protocol; HGW receives the downlink message sent by PND6, and sends the downlink message according to the configured mapping entry The message is converted and translated into a downlink message that can be recognized by the HND, and forwarded to the HND. That is, in the embodiment of the present invention, when the HND communicates with the PND6, the HGW converts and translates different types of messages, and converts and translates them into messages that can be recognized by the destination device, thereby realizing the communication between the HND and the designated PND6. And it can flexibly shield the address and port information used when the HND communicates with the PND6, thereby greatly improving the security of the communication.

It can be seen from the process shown in Figure 1 that the embodiment of the present invention relates to the field of network communication technology, and in particular relates to a communication between an Internet Protocol version 6 (IPv6) or Internet Protocol version 4 (IPv4) network device and an external IPv6 network device in a home network. A configuration method for address and port mapping during communication and a system for performing actual address and port conversion and translation according to the configuration.

During implementation, HGW can use IPv6 address or both IPv6 and IPv4 addresses to communicate with HND and PND6. When HGW uses both IPv6 and IPv4 addresses to communicate with HND and PND6, HGW supports dual-stack technology. At this time, the above-mentioned mapping relationship includes at least one of the following: an address and port mapping relationship between IPv6 and IPv4; an address and port mapping relationship between IPv6 and IPv6. Of course, during specific implementation, the mapping relationship may also include the address and port mapping relationship between IPv4 and IPv4, which is the same as that described in the related technology, and will not be repeated here. Therefore, the device communication method provided by the embodiment of the present invention can also be applied to a pure IPv4 network.

The device communication method provided by the embodiment of the present invention further includes: the HND adds or deletes the configured mapping entries according to the address and port required for communication between itself and the PND6, so as to realize the configurable and updateable functions of the mapping entries. The updateability of the mapping entries can further increase the security of communication.

During implementation, HND adds or deletes the configured mapping entries according to the address and port required for communication between itself and PND6, including the following process:

Step 1. The HND obtains the configured mapping entries through the query interface;

Step 2, HND determines the mapping entry required for communication according to the address and port required for communication between itself and PND6;

Step 3: The HND compares the required mapping entries with the configured mapping entries, and adds or deletes the mapping entries according to the comparison result.

Different network types involve different types of mapping entries, and the contents of the mapping entries are not exactly the same. For example, when the configured mapping entries include the address and port mapping relationship between IPv6 and IPv6, the configured mapping entries include at least one of the following : internal GUA, internal port, external GUA, external port, protocol, remote host ID, enable flag, mapping duration, mapping entry description; when the configured mapping entry includes the address and port mapping relationship between IPv4 and IPv6, the configured The mapping entry includes at least one of the following: internal IPv4 address, internal port, external GUA, external port, protocol, remote host identifier, enabling flag, mapping duration, mapping entry description.

In practical applications, depending on the characteristics of different networks and communication between different devices, some content may be added or deleted in the mapping entry. The specific modification depends on the actual situation and will not be repeated here.

During implementation, the external GUA may include: the GUA being used by the external network interface on the HGW; or other GUAs within the IPv6 prefix range obtained by the HGW. Of course, the external GUA can also choose other addresses, depending on the specific situation.

The remote host identifier included in the mapping entry can have many situations, preferably, it can include: a domain name string; or a valid GUA address; or an empty string.

When the remote host is identified as a domain name string, HGW resolves the domain name string to GUA through the domain name server DNS;

When the remote host identifier is not an empty string, the HGW can limit only the designated PND6 host to communicate with the HND.

During implementation, the mapping duration is used to indicate the valid time of the configured mapping entry, and when the configured mapping entry exceeds the mapping duration, the configured mapping entry is deleted.

During implementation, as mentioned above, the HGW can communicate with the HND and the PND6 using an IPv6 address or using both IPv6 and IPv4 addresses. Therefore, there are two situations:

In the first case, HGW uses IPv6 address to communicate with HND and PND6. According to different types of packets, the implementation methods are also different, including:

Case A. When the uplink packet is an uplink IPv6 packet, if the source address, source port number, and protocol field of the uplink IPv6 packet match the source address, source port number, and protocol field of the configured mapping entry, the HGW follows the configured The mapping entry converts the source address and source port, and forwards the translated uplink message to PND6;

Case B. When the downlink packet is a downlink IPv6 packet, if the destination address, destination port number, and protocol field of the downlink IPv6 packet match the destination address, destination port number, and protocol field of the configured mapping entry, and the remote The restriction of the host identification field requires that the HGW convert the destination address and destination port according to the configured mapping entries, and forward the translated downlink message to the HND.

In the second case, the HGW uses both IPv4 and IPv6 addresses to communicate with the HND and PND6, which is similar to the first case. In the case of different message types, the implementation methods are not completely the same, including:

Case A: When the uplink packet is an uplink IPv4 packet, if the source address, destination address, and source port number of the uplink IPv4 packet match the source address, destination address, and source port number of the configured mapping entry, the HGW will follow the configured The mapping entry converts the source address, destination address, and source port number of the uplink IPv4 message into the source address, destination address, and source port number of the corresponding uplink IPv6 message, converts the uplink IPv4 message into an uplink IPv6 message, and converts the uplink IPv4 message into an uplink IPv6 message. Translate the translated uplink message and forward it to PND6;

Case B. When the downlink packet is a downlink IPv6 packet, if the destination address, destination port number, and protocol field of the downlink IPv6 packet match the destination address, destination port number, and protocol field of the configured mapping entry, and the remote According to the restriction of the host identification field, the HGW translates the destination address into a specified IPv4 address according to the configured mapping entries, the destination port into a specified port, the source address into a preset range of IPv4 addresses, and translates downlink IPv6 packets into downlink IPv6 packets. For IPv4 packets, forward the translated downlink packets to the HND.

It can be obtained from the above content that, aiming at the technical problems mentioned in the related art, the embodiment of the present invention provides an address and port mapping method based on the UPnP protocol. The core is that, on the one hand, HND can interact with the UPnP IGD function in HGW through its Universal Plug and Play Control Point function (UPnP CP) to realize automatic and flexible configuration between IPv6 addresses and ports, and between IPv4 and IPv6 addresses and ports ; On the other hand, the address and protocol conversion and translation function in HGW can perform specific conversion and translation work according to configuration items; through these two aspects, the address and port information used when HND and PND6 communicate can be flexibly shielded, and at the same time, it can be Realize that HND only communicates with designated PND6, thus greatly improving the security of HND.

Embodiment one

This example involves address and port mapping automatic configuration and management methods. Among them, when connecting two different networks of IPv4 and IPv6, HGW supports dual-stack technology, and the UPnP IGD function can use both IPv4 addresses and IPv6 addresses to communicate with the UPnP CP on the HND, in case the HND only supports IPv4 Or the case where only IPv6 is supported.

After obtaining a GUA address or a prefix and automatically configuring the GUA address, the HGW can declare its own availability through the UPnPIGD function. The UPnP CP function on the HND can automatically discover the UPnP IGD function in the HGW according to the UPnP protocol. Subsequently, the UPnP CP can further interact with the UPnP IGD to learn that the HGW has the function of mapping between IPv6 addresses and ports or between IPv4 and IPv6 addresses and ports. After obtaining the available external GUA address through the service interface provided by UPnP IGD, the HND can further add or delete the address and port mapping entries required for communication between itself and the PND6 through the relevant service interface. Finally, the UPnP IGD function will return the result of whether the configuration is successful to the UPnP CP. During this process, the UPnP CP can also obtain which mapping entries have been configured through the query interface, so as to perform targeted addition or deletion operations. The entire configuration process does not require manual intervention, and is automatically completed by the software.

The components of the address and port mapping entry between IPv6 include: internal GUA, internal port, external GUA, external port, protocol, remote host identifier, enabling flag, mapping duration, and mapping entry description. The components of the address and port mapping entry between IPv4 and IPv6 include: internal IPv4 address, internal port, external GUA, external port, protocol, remote host identifier, enabling flag, mapping duration, and mapping entry description. The external GUA may be the GUA being used by the external network interface on the HGW or other GUAs within the IPv6 prefix range obtained by the HGW. The specific configuration can be randomly generated to improve security. The remote host identifier can be a domain name string or a valid GUA address, and it can also be an empty string. If it is a domain name, it can be resolved to GUA by HGW through DNS. Protocol can be TCP or UDP. If the remote host ID is not empty, only the specified host is allowed to communicate with the internal devices of the home network, otherwise there is no restriction. The mapping duration is used to indicate the valid time of the mapping entry, and the mapping entry exceeding the valid time will be automatically deleted by the UPnP IGD. A UPnP CP can be re-added before the map entry expires. The mapping entry description is used to add some descriptive information, which can be an empty string.

Embodiment two

This example involves the conversion and translation method between addresses and ports or packets of different protocols.

After the address and port mapping entries are configured, the address and port conversion and translation work in the actual communication process is completed by the address and protocol conversion and translation function module on the HGW. Specifically, the following two situations are described:

1) HND uses GUA to communicate with PND6

In this case, if the source address, source port number and protocol field of the message (uplink IPv6 message) sent by HND to PND6 can match the source address, source port number and protocol field of the configured mapping entry, then Convert the source address and port according to the mapping entry and then send it to PND6. For the IPv6 message (downlink IPv6 message) sent by PND6 to HGW, if its destination address, destination port number and protocol field can match the destination address, destination port number and protocol field of the configured mapping entry, and can satisfy According to the restriction requirements of the remote host identification field, the destination address and destination port are converted according to the mapping entry and then sent to the HND.

2) HND uses IPv4 address to communicate with PND6

In this case, generally, the PND6 first initiates a data connection to the inside of the home network. Its destination address is the external GUA address in the configured IPv4-to-IPv6 mapping entry. Since the GUA can be dynamically and randomly changed, the dynamic domain name resolution mechanism can be used to establish its corresponding relationship with a fixed domain name during actual use, and the PND6 can use this fixed domain name to initiate a data connection to the home network device. For an IPv6 packet (downlink IPv6 packet) arriving at the gateway from the outside, if its destination address, destination port number, and protocol field can match the destination address, destination port number, and protocol field in the configured IPv4 and IPv6 address and port mapping entries Fields match, and can meet the restriction requirements of the remote host identification field, then according to the mapping entry, the destination address is converted to the specified IPv4 address, the destination port is converted to the specified port, and the source address is mapped to an IPv4 address in a specific range, such as (1.0 .0.1～1.0.0.254) and record and maintain this mapping relationship, and finally convert and translate the entire IPv6 message into an IPv4 message and then send it to the HND. Similarly, for the IPv4 message (uplink IPv4 message) sent by the HND to the external network device, if its source address, destination address, and source port number can match the established mapping entries, they will be converted into corresponding IPv6 address and port, it is completely converted and translated into an IPv6 message and then sent to PND6.

Embodiment Three

The automatic configuration of address and port mapping needs to be completed by extending the UPnP IGD2.0 specification in the UPnP IGD function module on the HGW. The specific expansion is described as follows:

1) Add the following state variables to the service descriptions of WANIPConnection and WANPPPConnection:

NATVersion, NAT version, can be a value of NAT44, NAT46, NAT66 or a combination of multiple values, used to indicate that UPnP IGD can configure several types of address and port mapping from IPv4 to IPv4, IPv4 to IPv6, and IPv6 to IPv6 one or more kinds;

RemoteHost6, the remote IPv6 node identifier, which can be a domain name or GUA address; if it is empty, it means that there is no restriction on the remote host;

ExternalIPv6Address, external IPv6GUA address;

InternalClinet6, internal device GUA address;

2) Add the following service interface, namely Action, to the service descriptions of WANIPConnection and WANPPPConnection:

GetNATVersion, get the NAT version supported by UPnP IGD, if it supports NAT46 or NAT66, you can perform the previous address and port mapping; the relevant parameters are as follows:

NewNATVersion, output, NATVersion;

GetExternalIPv6Address, to obtain the external GUA address, the relevant parameters are as follows:

NewExternalIPAddress6, output, external IPv6GUA address;

GetGenericPortMappingEntry66, according to the index number to obtain an IPv6 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewPortMappingIndex, input, entry index;

NewRemoteHost6, output, remote host ID;

NewExternalPort, output, external port;

NewProtocol, output, protocol;

NewInternelPort, output, internal port;

NewInternalClient6, output, internal host GUA;

NewEnabled, output, enable flag;

NewPortMappingDescription, output, description information;

NewLeaseDuration, output, duration (seconds);

GetSpecificPortMappingEntry66, to obtain a specified IPv6 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewRemoteHost6, input, remote host ID;

NewExternalPort, input, external port;

NewProtocol, input, protocol;

NewInternelPort, output, internal port;

NewInternalClient6, output, internal host GUA;

NewEnabled, output, enable flag;

NewPortMappingDescription, output, description information;

NewLeaseDuration, output, duration (seconds);

AddPortMapping66, add an IPv6 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewRemoteHost6, input, remote host ID;

NewExternalPort, input, external port;

NewProtocol, input, protocol;

NewInternelPort, input, internal port;

NewInternalClient6, input, internal host GUA;

NewEnabled, input, enable flag;

NewPortMappingDescription, input, description information;

NewLeaseDuration, input, duration (seconds);

Among them, the remote host ID can be empty, which means unlimited, and the duration is 0, which means static configuration, which is valid until deleted;

DeltetePortMapping66, delete an IPv6 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewRemoteHost6, input, remote host ID;

NewExternalPort, input, external port;

NewProtocol, input, protocol;

GetGenericPortMappingEntry46, according to the index number to obtain an IPv4 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewPortMappingIndex, input, entry index;

NewRemoteHost6, output, remote host ID;

NewExternalPort, output, external port;

NewProtocol, output, protocol;

NewInternelPort, output, internal port;

NewInternalClient, output, internal host IPv4 address;

NewEnabled, output, enable flag;

NewPortMappingDescription, output, description information;

NewLeaseDuration, output, duration (seconds);

GetSpecificPortMappingEntry46, to obtain a specified IPv4 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewRemoteHost6, input, remote host ID;

NewExternalPort, input, external port;

NewProtocol, input, protocol;

NewInternelPort, output, internal port;

NewInternalClient, output, internal host IPv4 address;

NewEnabled, output, enable flag;

NewPortMappingDescription, output, description information;

NewLeaseDuration, output, duration (seconds);

AddPortMapping46, add an IPv4 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewRemoteHost6, input, remote host ID;

NewExternalPort, input, external port;

NewProtocol, input, protocol;

NewInternelPort, input, internal port;

NewInternalClient, input, internal host IPv4 address;

NewEnabled, input, enable flag;

NewPortMappingDescription, input, description information;

NewLeaseDuration, input, duration (seconds);

Among them, the remote host ID can be empty, which means unlimited, and the duration is 0, which means static configuration, which is valid until deleted;

DeltetePortMapping46, delete an IPv4 to IPv6 address and port mapping entry, the relevant parameters are as follows:

NewRemoteHost6, input, remote host ID;

NewExternalPort, input, external port;

NewProtocol, input, protocol;

After expanding the UPnP IGD, it is necessary to expand the UPnP CP function on the HND at the same time to identify these types of Actions and automatically call them as needed. The specific method will not be repeated here.

Embodiment four

Fig. 2 is a process for adding or deleting IPv6 address and port mapping according to the present invention, which is applicable to the process of HND using GUA to communicate with PND6.

As shown in Figure 2, the UPnP CP function of the HND automatically discovers the UPnP IGD on the HGW through the UPnP protocol, and adds a UDP protocol from (2001::2, 2001) to (2001::1, 3001) The mapping entry, in which no remote host is defined, has a validity duration set to 1800 seconds.

In this process, first of all, by executing GetNATVersion, it is known that the UPnP IGD on the HGW can perform IPv6-to-IPv6 address and port mapping; then, by executing GetGenericPortMappingEntry66, query which mapping entries have been added; after obtaining the external address required for mapping through GetExternalIPv6Address The addition of the mapping entry can be completed through AddPortMapping66.

What needs to be explained here is that the parameter of AddPortMapping66 does not include the item of external address. The external address is automatically selected by the UPnP IGD and is consistent with the external address previously returned to the UPnP CP; during the communication process, the UPnPCP on the HND can also delete the mapping entry as needed. Before deleting a certain mapping entry, it can be queried through GetSpecicPortMappingEntry66 To determine whether it exists, and finally delete it through DeletePortMapping66. After receiving the AddPortMapping66/DeletePortMapping66 request, the UPnP IGD will synchronously add the mapping entry to the address and protocol translation module on the HGW for later use or delete it from it.

Embodiment five

Fig. 3 is a process for adding or deleting IPv4 to IPv6 address and port mapping according to the present invention, which is applicable to the process of HND using IPv4 address to communicate with PND6.

As shown in Figure 3, the UPnP CP function of the HND automatically discovers the UPnP IGD on the HGW through the UPnP protocol, and adds a TCP protocol from (192.168.1.6, 2000) to (2001::c0a8:106, 3000) The mapping entry, which limits the remote host to only 2002::1, and the validity duration is 3600 seconds. This process is similar to the flow in FIG. 2 , and will not be repeated here.

Embodiment six

The specific address or protocol conversion and translation work in the actual communication process between HND and PND6 is completed by the address and protocol conversion and translation function module on the HGW, which will be described below with reference to the accompanying drawings.

Fig. 4 is a process for performing IPv6 address and port conversion and translation according to the present invention, which is applicable to the process of HND using GUA to communicate with PND6.

As shown in Figure 4, the HND uses the address and port (2001::2, 2001) to communicate with the address and port (2002::1, 2002) on the PND6 based on the UDP protocol; since the (2001 ::2, 2001) and (2001::1, 3001), so the source addresses and ports of all UDP packets sent from (2001::2, 2001) to (2002::1, 2002) are is replaced by (2001::1, 3001) and sent to PND6, and the destination address and port of UDP packets from (2002::1, 2002) to (2001::1, 3001) are replaced by (2001: :2, 2001) concurrently to HND. Thus, the function of shielding the address and port information of the HND when the HND uses the GUA to communicate with the PND6 is realized, and the security of the HND is improved.

Embodiment seven

The specific address or protocol conversion and translation work in the actual communication process between HND and PND6 is completed by the address and protocol conversion and translation function module on the HGW, which will be described below with reference to the accompanying drawings.

FIG. 5 is a process for performing address and port translation between IPv4 and IPv6 messages according to the present invention, which is applicable to the process of HND using IPv4 address to communicate with PND6.

As shown in Figure 5, before PND6 accesses HND, HND adds the mapping between (192.168.1.6, 2000) and (2001:c0a8:106, 3000) of TCP protocol on HGW through UPnP IGD, and defines The remote host can only be 2002::1. Therefore, only packets sent from 2002::1 will be processed. In order to convert and translate IPv6 into IPv4 packets, the address and translation module on the HGW needs to dynamically generate a mapping relationship between 2002::1 and an IPv4 address. Since the network outside the HGW is an IPv6 network, this IPv4 address is only used between the HGW and the HND, and it can be selected in an uncommon address segment. For example, if you select 2002::1 and correspond to 1.0.0.2 in this example, then the TCP packets sent to HGW (2001:c0a8:106, 3000) will be converted and translated into IPv4 packets (src:1.0.0.2 , 2002, dst:192.168.1.6, 2000). Correspondingly, for the uplink TCP message (src:192.168.1.6, 2000, dst:1.0.0.2, 2002), its source address and port will be converted to (2001:c0a8:106, 3000), destination address is converted to 2002::1, and finally the entire message is translated into an IPv6 message and sent to PND6. In this way, the function of shielding the address and port information of the HND when the HND uses the IPv4 address to communicate with the PND6 is realized, and the PND6 is further restricted, thereby improving the security of the HND.

In summary, the present invention has the following advantages: On the one hand, the UPnP CP on the HND can seamlessly connect with the UPnP IGD on the HGW through the UPnP protocol to realize the mapping relationship between IPv6 addresses and ports and between IPv4 and IPv6 addresses and ports The automatic and flexible configuration of HND provides the necessary conditions for improving the security of HND; on the other hand, the address and protocol conversion and translation module on HGW can perform address and port conversion and translation according to the configured mapping entries, which ensures that HND and PND6 While normal communication is possible, the security of HND is greatly improved.

Based on the same inventive concept, the embodiment of the present invention also provides a device communication device, which is set in the home gateway HGW, and its structural diagram is shown in Figure 6, including:

The first processing module 601 is used to receive the uplink message sent by the HND when the device HND in the home network communicates with the IPv6 device PND6 on the public network through the HGW, and convert and translate the uplink message into a PND6-recognizable one according to the configured mapping entries The uplink message is forwarded to PND6, wherein the configured mapping entry includes at least one address and port mapping relationship involved in the Internet Protocol version;

The second processing module 602 is connected with the first processing module 601, and is used to receive the downlink message sent by the PND6, convert and translate the downlink message into a downlink message that can be recognized by the HND according to the configured mapping entries, and forward it to the HND.

From the above description, it can be seen that the present invention achieves the following technical effects:

In the embodiment of the present invention, when the internal device HND of the home network communicates with the IPv6 device PND6 on the public network through the home gateway HGW, the HGW receives the uplink message sent by the HND, and translates the uplink message into PND6 according to the configured mapping entries. The uplink message that can be identified is forwarded to PND6, wherein the configured mapping entry includes at least one IP address and port mapping relationship involved in the version of the Internet protocol; HGW receives the downlink message sent by PND6, and sends the downlink message according to the configured mapping entry The message is converted and translated into a downlink message that can be recognized by the HND, and forwarded to the HND. That is, in the embodiment of the present invention, when the HND communicates with the PND6, the HGW converts and translates different types of messages, and converts and translates them into messages that can be recognized by the destination device, thereby realizing the communication between the HND and the designated PND6. And it can flexibly shield the address and port information used when the HND communicates with the PND6, thereby greatly improving the security of the communication.

Obviously, those skilled in the art should understand that each module or each step of the above-mentioned present invention can be realized by a general-purpose computing device, and they can be concentrated on a single computing device, or distributed in a network formed by multiple computing devices Alternatively, they may be implemented in program code executable by a computing device so that they may be stored in a storage device to be executed by a computing device, and in some cases in an order different from that shown here The steps shown or described are carried out, or they are separately fabricated into individual integrated circuit modules, or multiple modules or steps among them are fabricated into a single integrated circuit module for implementation. As such, the present invention is not limited to any specific combination of hardware and software.

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (13)

1. A device communication method, characterized in that, when the home network internal device HND communicates with the Internet Protocol version IPv6 device PND6 on the public network through the home gateway HGW, the method includes: The HGW receives the uplink message sent by the HND, converts and translates the uplink message into an uplink message that the PND6 can recognize according to the configured mapping entry, and forwards the uplink message to the PND6, wherein the configured The mapping entry includes a mapping relationship between addresses and ports involved in at least one Internet Protocol version; The HGW receives the downlink message sent by the PND6, translates the downlink message into a downlink message recognizable by the HND according to the configured mapping entry, and forwards it to the HND; Wherein, the HGW configures the mapping entry by extending the Universal Plug and Play Internet Gateway Device UPnP-IGD specification; Among them, the UPnP-IGD specification supports using both IPv4 addresses and IPv6 addresses to communicate with the UPnP CP on the HND. 2 . The method according to claim 1 , wherein the HGW can communicate with the HND and the PND6 using an IPv6 address or both IPv6 and IPv4 addresses. 3. The method according to claim 2, wherein the mapping relationship comprises at least one of the following: Address and port mapping relationship between IPv6 and IPv4; Address and port mapping relationship between IPv6 and IPv6. 4. The method according to claim 3, further comprising: the HND adding or deleting the configured mapping entry according to the address and port required for communication between itself and the PND6. 5. The method according to claim 4, wherein the HND adds or deletes the configured mapping entry according to the address and port required for communication between itself and the PND6, including: The HND obtains the configured mapping entries through the query interface; The HND determines the mapping entry required for communication according to the address and port required for communication between itself and the PND6; The HND compares the required mapping entry with the configured mapping entry, and performs an operation of adding or deleting a mapping entry according to the comparison result. 6. The method of claim 3, wherein, When the configured mapping entry includes the address and port mapping relationship between IPv6 and IPv6, the configured mapping entry includes at least one of the following: internal IPv6 globally unique address GUA, internal port, external GUA, external port, protocol, remote Host ID, enable flag, mapping duration, mapping entry description; When the configured mapping entry includes the address and port mapping relationship between IPv6 and IPv4, the configured mapping entry includes at least one of the following: internal IPv4 address, internal port, external GUA, external port, protocol, remote host identifier, Enable flag, map duration, map entry description. 7. The method according to claim 6, wherein the external GUA comprises: a GUA being used by an external network interface on the HGW; or other GUAs within the range of the IPv6 prefix acquired by the HGW. 8. The method according to claim 6, wherein the remote host identifier comprises: a domain name string; or a valid GUA address; or an empty string. 9. The method of claim 8, wherein When the remote host is identified as a domain name string, the HGW resolves the domain name string to GUA through a domain name server DNS; When the remote host identifier is not the empty string, the HGW can restrict the designated PDN6 host to communicate with the HND. 10. The method according to claim 6, wherein the mapping duration is used to indicate the valid time of the configured mapping entry, and when the configured mapping entry exceeds the mapping duration, the The configured map entries are deleted. 11. The method according to any one of claims 6 to 10, wherein the HGW uses an IPv6 address to communicate with the HND and the PND6, comprising: When the uplink packet is an uplink IPv6 packet, if the source address, source port number, and protocol field of the uplink IPv6 packet match the source address, source port number, and protocol field of the configured mapping entry, the The HGW converts the source address and the source port according to the configured mapping entry, and forwards the translated uplink message to the PND6; When the downlink packet is a downlink IPv6 packet, if the destination address, destination port number, and protocol field of the downlink IPv6 packet match the destination address, destination port number, and protocol field of the configured mapping entry, and To meet the restriction requirements of the remote host identification field, the HGW converts the destination address and destination port according to the configured mapping entry, and forwards the translated downlink message to the HND. 12. The method according to any one of claims 6 to 10, wherein the HGW uses both IPv6 and IPv4 addresses to communicate with the HND and the PND6, including: When the uplink packet is an uplink IPv4 packet, if the source address, destination address, and source port number of the uplink IPv4 packet match the source address, destination address, and source port number of the configured mapping entry, the The HGW converts the source address, destination address, and source port number of the uplink IPv4 message into the source address, destination address, and source port number of the corresponding uplink IPv6 message according to the configured mapping entry, and converts the uplink IPv4 The message is converted and translated into an uplink IPv6 message, and the converted and translated uplink message is forwarded to the PND6; When the downlink packet is a downlink IPv6 packet, if the destination address, destination port number, and protocol field of the downlink IPv6 packet match the destination address, destination port number, and protocol field of the configured mapping entry, and To meet the restriction requirements of the remote host identification field, the HGW converts the destination address to a specified IPv4 address according to the configured mapping entry, converts the destination port to a specified port, and maps the source address to a pre-configured IPv4 address. Set a range of IPv4 addresses, convert and translate the downlink IPv6 message into a downlink IPv4 message, and forward the translated downlink message to the HND. 13. A device communication device, characterized in that it is set in a home gateway HGW, comprising: The first processing module is used to receive the uplink message sent by the HND when the device HND in the home network communicates with the IPv6 device PND6 on the public network through the HGW, and convert and translate the uplink message according to the configured mapping entries An uplink message that can be identified by the PND6 and forwarded to the PND6, wherein the configured mapping entry includes at least one mapping relationship between an address and a port involved in an Internet Protocol version; The second processing module is configured to receive the downlink message sent by the PND6, convert and translate the downlink message into a downlink message recognizable by the HND according to the configured mapping entry, and forward it to the HND; Wherein, the first processing module is further configured to configure the mapping entry by extending the Universal Plug and Play Internet Gateway Device UPnP-IGD specification; Among them, the UPnP-IGD specification supports using both IPv4 addresses and IPv6 addresses to communicate with the UPnP CP on the HND.