CN106790200A - The chip association processing method of CAPWAP control channel DTLS encryption and decryption - Google Patents

The chip association processing method of CAPWAP control channel DTLS encryption and decryption Download PDF

Info

Publication number
CN106790200A
CN106790200A CN201611270117.7A CN201611270117A CN106790200A CN 106790200 A CN106790200 A CN 106790200A CN 201611270117 A CN201611270117 A CN 201611270117A CN 106790200 A CN106790200 A CN 106790200A
Authority
CN
China
Prior art keywords
message
chip
capwap
encryption
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611270117.7A
Other languages
Chinese (zh)
Other versions
CN106790200B (en
Inventor
龚海东
方沛昱
崔兴龙
顾祥洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Centec Communications Co Ltd
Original Assignee
Centec Networks Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centec Networks Suzhou Co Ltd filed Critical Centec Networks Suzhou Co Ltd
Priority to CN201611270117.7A priority Critical patent/CN106790200B/en
Publication of CN106790200A publication Critical patent/CN106790200A/en
Application granted granted Critical
Publication of CN106790200B publication Critical patent/CN106790200B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of chip present invention is disclosed CAPWAP control channel DTLS encryption and decryption assists processing method, wherein, decrypting process mainly looks into the CAPWAP tables of configuration in chip, Key ID and the isEncryptedPkt fields of the decryption in entry, message is decrypted, the message after decryption finally is sent into CPU is further processed.Ciphering process mainly indexes the Nexthop tables of configuration in chip, the isCapwapControl field status and encryption in entry with Key ID DTLS encryptions are carried out to message, and message after encryption be looped back in chip carry out normal message forward process.Chip is moved in the encryption and decryption operation that cpu resource will be most taken in the software processing scheme of CAPWAP control channel message of the invention carries out association's treatment, greatly reduces the pressure of CPU, improves network performance.

Description

The chip association processing method of CAPWAP control channel DTLS encryption and decryption
Technical field
The present invention relates to a kind of DTLS encryption and decryption technology of CAPWAP control channel, more particularly, to a kind of CAPWAP controls The chip association processing method of the DTLS encryption and decryption of passage.
Background technology
AC (Access Controller, wireless controller) equipment and AP (Access Point, WAP) equipment Between will (Controlling and Provisioning of Wireless Access Point, wirelessly connect using CAPWAP Access point is controlled and supply) tunnel, CAPWAP tunnel is the communication control processor between AC equipment and AP equipment, defines AC equipment How to be communicated with AP equipment rooms, to realize that the intercommunity between AC equipment and AP equipment provides a general encapsulation and transmission Mechanism.Wireless data frame, as former state or is sent to AC and sets in being enclosed CAPWAP tunnel after the conversion of 802.11 to 802.3 forms It is standby.
To ensure the security of CAPWAP tunnel, it is possible to use DTLS (Datagram Transport Layer Security, data transfer layer safety) protocol protection CAPWAP tunnel.DTLS agreements are that the encryption that CAPWAP tunnel is used is assisted View, the DTLS Protocol Refs TLS of TCP (Transmission Control Protocol, transmission control protocol) (Transport Layer Security, Transport Layer Security) agreement, by adding DTLS control fields in CAPWAP message, To be encrypted control to CAPWAP message.
The existing general DTLS encryption and decryption that CAPWAP control channel is carried out by using software approach (such as CPU).Such as Fig. 1 institutes Show, plus CAPWAP encapsulate after the completion of, software can call openssl (Open Secure Sockets Layer, it is open Secure socket layer protocol) carry out DTLS encryptions.This process needs the data copy in Buffer (buffering area) out, to complete soft Part is encrypted, and writes back to Buffer.This process can largely take cpu resource, under high-bandwidth scenarios, the forwarding of channel message With encryption and decryption limited performance in cpu performance.
In consideration of it, we are in the Chinese patent application of Application No. 201511019516.1, it is proposed that a kind of CAPWAP The chip implementing method of DTLS message encryption and decryption, the encapsulation for realizing CAPWAP DTLS messages using exchange router chip is conciliate Encapsulation, but the program only realizes the chip-scale encryption and decryption of CAPWAP data channel, does not support CAPWAP control channel report The chip-scale encryption and decryption of text.
The content of the invention
A kind of defect it is an object of the invention to overcome prior art, there is provided the DTLS encryption and decryption of CAPWAP control channel Chip association processing method, the encryption and decryption of cpu resource will be most taken in the software processing scheme of CAPWAP control channel message Chip is moved in operation carries out association's treatment.
To achieve the above object, the present invention proposes following technical scheme:A kind of DTLS encryption and decryption of CAPWAP control channel Chip association processing method, including:
Message decryption processes in chip:After chip receives the message of DTLS encryptions, the CAPWAP of configuration in chip is looked into Table obtain decryption Key ID and for judge whether be encryption data bag isEncryptedPkt fields, if described IsEncryptedPkt field status check errorless, then according to the corresponding key found by the Key ID of the decryption to report Text is decrypted and obtains plaintext CAPWAP message, and the CAPWAP message is looped back in chip again continues to look into CAPWAP Table, is finally sent to CPU;
Message encryption processing procedure in chip:After chip receives the message from CPU, according to the Nexthop carried in bus ID goes to index the Nexthop tables of configuration in chip, finds a corresponding Nexthop entry, and chip checks the Nexthop In entry for judge whether be CAPWAP control channel message isCapwapControl field status, if inspection is errorless, Then according to by the encryption in the Nexthop entries with Key ID search the key that obtains DTLS encryptions carried out to message, and will Being looped back in chip containing IP message after encryption, is normally carried out message forward process.
Preferably, the decryption processes of the message are specifically included:After chip receives the message of DTLS encryptions, first parse Whether message is the message that need to locally decrypt, if so, then search the CAPWAP tables obtain decryption Key ID and IsEncryptedPkt fields, if the isEncryptedPkt field status check errorless, look into close again by the Key ID Key table obtains the Key of decryption, then message is decrypted using DTLS decipherment algorithms obtains plaintext CAPWAP message, and by institute CAPWAP message is stated to be looped back in chip again, analytic message whether be plaintext CAPWAP message, if so, then continuing to search for institute State CAPWAP tables and obtain corresponding entry, check isEncryptedPkt fields in the entry, if inspection does not pass through, chip Plaintext CAPWAP message is directly sent to CPU.
Preferably, searching the inquiry field used by CAPWAP tables is:The purpose IP address of message add source IP address to add L4Type add for judge whether be CAPWAP control channel message isCapwapControl fields.
Preferably, when the configuration isEncryptedPkt field status are 1, the packet of encryption is judged as YES, that is, is examined Look into errorless.
Preferably, in message encryption processing procedure, for the CAPWAP control channel message to be sent, CPU completes bright After literary CAPWAP addition, and socket layer is given by the encryption information, the encryption information eventually passes through ASIC_ Header gives chip and is further encrypted.
Preferably, after chip receives the message from CPU, the ASIC_Header is peeled off and resolved to described by chip Bus information.
Preferably, in message encryption processing procedure, after the chip receives the message from CPU, carried according in bus The Nexthop ID go index chip in configuration Nexthop tables.
Preferably, when the configuration isCapwapControl field status are 1, it is judged as YES logical from Capwap controls The message in road, that is, check errorless.
Preferably, in chip in the encryption process of CAPWAP message, if chip checks the isCapwapControl Field status are 1, then message is inserted into one DTLS and cut down two layers of head, then carry out DTLS to message according to the key Encryption, and by encryption after be looped back in chip containing IP message, after chip is received containing IP message, be normally carried out routing table and look into Forwarding behavior and outlet are found, message forward process is carried out.
Compared with prior art, the present invention will most take CPU moneys in the software processing scheme of CAPWAP control channel message Chip is moved in the encryption and decryption operation in source carries out association's treatment, greatly reduces the pressure of CPU, improves network performance.
Brief description of the drawings
Fig. 1 is the principle schematic of the existing DTLS encryption and decryption that CAPWAP control channel is carried out by using software approach;
Fig. 2 is the principle schematic of the DTLS decryption that the present invention carries out CAPWAP control channel;
Fig. 3, Fig. 4 are the principle schematics of the DTLS encryptions that the present invention carries out CAPWAP control channel.
Specific embodiment
Below in conjunction with accompanying drawing of the invention, the technical scheme to the embodiment of the present invention carries out clear, complete description.
The present invention proposes a kind of chip association processing method of the DTLS encryption and decryption of CAPWAP control channel, mainly will The DTLS encryption and decryption operation that cpu resource is most taken in the software processing scheme of CAPWAP control channel message is moved chip and is carried out Association is processed, and greatly reduces the pressure of CPU, improves network performance.
Wherein, chip includes processing engine (IPE), storage forwarding module (BSR), outgoing direction treatment engine into direction (EPE), WLAN processes engine (WLAN Engine).The present invention is configured with CAPWAP tables in the IPE directions of chip, and it is used IPDA (purpose IP address)+IPSA (source IP address) is searched, and the Key ID and judgement that decryption is configured with the entry are No is the isEncryptedPkt fields of encryption data bag.In the present embodiment, it is necessary to which it is 1 to configure isEncryptedPkt states, As the criterion whether encrypted state matches, compare encrypted state that current data packet parses and Whether isEncryptedPkt states match, and matching does not then judge that current data packet is the encryption data bag in control passage, not With then judge current data packet be in control passage by decryption association treatment after clear data message.
In addition, be also configured with Nexthop entries in chip, wherein the ID comprising encryption Key and judge whether be The isCapwapControl fields of capwap control passage data.In the present embodiment, same configuration isCapwapControl shapes State be 1 when, be designated the data of Capwap control passages, otherwise illustrate be not.
With reference to shown in Fig. 2~Fig. 4, a kind of chip association of the DTLS encryption and decryption of disclosed CAPWAP control channel Processing method, including:Message DTLS decryption processes and message encryption processing procedure.
As shown in Fig. 2 first specifically introducing message DTLS decryption processes below:
Step 1, after 1. the IPE of chip receives the message of DTLS encryptions from inbound port, whether parsing is local to need decryption CAPWAP DTLS messages, if so, then search chip in configuration the CAPWAP tables, obtain the Key ID of message decryption With isEncryptedPkt fields, if isEncryptedPkt field status are 1, and current data packet resolves to DTLS encryption reports Text (i.e. the field status check errorless), and without other operations, then message is directly entered in BSR, the Key ID of decryption then with Transmitted to BSR, EPE and WLAN Engine successively with bus (BUS).
Searching the inquiry field used by CAPWAP tables is:The purpose IP address (IPDA) of message+source IP address (IPSA)+ L4Type (CAPWAP)+isCapwapControl, wherein, L4Type=CAPWAP, isCapwapControl field are used to sentence Whether disconnected message comes from Capwap control passages, L4Type and isCapwapControl fields are by the parsing module in chip Parsing is obtained.L4Type is four layers of characteristic information, according to CAPWAP agreements, as UDP PORT=5246 or 5247, it is believed that be Layer characteristic value of CAPWAP message, i.e., four is CAPWAP, that is, L4Type=CAPWAP.
Step 2, it is the decryption channel A of WLAN engines that BSR directly specifies message outlet, i.e. message is directly sent to WLAN and draws Hold up the outlet of decryption channel A.
It should be noted that when message needs decryption, EPE is not edited then to message, is directly sent to WLAN and drawn Hold up the outlet of decryption channel A.
1. step 3, the message that WLAN engine decryption channels A enters, tables look-up by Key ID and obtains the Key of decryption, according to The Key is decrypted algorithm to message, is that 2. CAPWAP message is sent to IPE again by the plaintext after decryption.
Can be realized using existing DTLS decipherment algorithms used herein of decipherment algorithm, be not just described further here.
Step 4, after 2. IPE is received again by CAPWAP message, it is plaintext message that the parsing module in chip is checked, then after Continuous to search CAPWAP tables, after finding entry, due to being plaintext message, isEncryptedPkt status checkouts are mismatched, then core 2. plaintext CAPWAP message is directly sent to CPU by piece logic, and subsequent treatment is carried out to message by CPU.
With reference to shown in Fig. 3 and Fig. 4, message encryption processing procedure is specifically introduced again below, it is necessary to illustrate, for The CAPWAP control channel message to be sent, CPU is only only completed the addition of plaintext CAPWAP, and will encrypt related information (such as Nexthop ID) gives socket (socket layer), and the related information of these encryptions eventually passes through chip information head (ASIC_ Header bag forwarding chip) is given.Specifically included for message encryption processing procedure in chip:
Step 1 ', 1. chip receives the message from CPU in BSR, and message ASIC_Header 1. can be shelled by chip automatically Fall and resolve to bus (bus) information, and be sent in EPE by BSR.
Step 2 ', EPE according in bus information carry Nexthop ID go index chip in configuration described in Nexthop tables, obtain a corresponding entry, comprising an ID and isCapwapControl field of encryption Key in entry, Because isCapwapControl field configurations are 1, chip thinks that the message for receiving comes from CAPWAP control channel.
Step 3 ', chip checks isCapwapControl fields for that after 1, message can be inserted into a DTLS head, and cut Fall two layers of head, 2. message is then sent to WLAN engine encrypted tunnel C, the Key of encryption brings WLAN engines with BUS.
Step 4 ', after WLAN engines receive the message from its encrypted tunnel C, the information in BUS is checked, if desired add It is close, then according to be transmitted through in BUS come encryption with Key carried out in the way of DTLS agreements specifys AES calculating ciphertext, carry out DTLS Encryption, after being encrypted containing the message of IP 3., then by encryption after 3. give IPE treatment again containing the message of IP.Its In, the Key for using searches key list and obtains by the encryption Key ID on bus.
Step 5 ', IPE receive encryption after containing the message of IP 3. after, be normally carried out routing table lookup and obtain forwarding behavior ID and outlet, message is sent to BSR, message is given EPE by BSR, and EPE tables look-up by the ID of forwarding behavior and forwarded accordingly 4. behavior, by forwarding behavior editor's message, obtain the message after route editor, and the message finally routeing after editor is 4. from lookup The outlet (such as Ethernet interface) for going out is forwarded.
Technology contents of the invention and technical characteristic have revealed that as above, but those of ordinary skill in the art still may base Make a variety of replacements and modification without departing substantially from spirit of the present invention in teachings of the present invention and announcement, therefore, the scope of the present invention Should be not limited to the content disclosed in embodiment, and should include various without departing substantially from replacement of the invention and modification, and be this patent Shen Please claim covered.

Claims (9)

1. a kind of chip of CAPWAP control channel DTLS encryption and decryption assists processing method, it is characterised in that methods described includes:
Message decryption processes in chip:After chip receives the message of DTLS encryptions, the CAPWAP tables for looking into configuration in chip are obtained To decryption Key ID and for judge whether be encryption data bag isEncryptedPkt fields, if described IsEncryptedPkt field status check errorless, then according to the corresponding key found by the Key ID of the decryption to report Text is decrypted and obtains plaintext CAPWAP message, and the CAPWAP message is looped back in chip again continues to look into CAPWAP Table, is finally sent to CPU;
Message encryption processing procedure in chip:After chip receives the message from CPU, according to the Nexthop ID carried in bus Go to index the Nexthop tables configured in chip, find a corresponding Nexthop entry, chip checks the Nexthop bars In mesh for judge whether be CAPWAP control channel message isCapwapControl field status, if inspection is errorless, According to by the encryption in the Nexthop entries with Key ID search the key that obtains and carry out DTLS encryptions to message, and will plus Being looped back in chip containing IP message after close, is normally carried out message forward process.
2. the chip of CAPWAP control channel DTLS encryption and decryption according to claim 1 assists processing method, it is characterised in that The decryption processes of the message are specifically included:After chip receives the message of DTLS encryptions, whether first analytic message is local The message that need to be decrypted, if so, Key ID and the isEncryptedPkt fields that the CAPWAP tables obtain decryption are then searched, if The isEncryptedPkt field status check errorless, then look into the Key that key list obtains decryption again by the Key ID, then Message is decrypted using DTLS decipherment algorithms obtains plaintext CAPWAP message, and the CAPWAP message is looped back to again In chip, analytic message whether be plaintext CAPWAP message, if so, then continuing to search for the CAPWAP tables obtains corresponding bar Mesh, checks isEncryptedPkt fields in the entry, if inspection does not pass through, chip directly send plaintext CAPWAP message Toward CPU.
3. chip implementing method according to claim 1, it is characterised in that search the inquiry field used by CAPWAP tables For:The purpose IP address of message add source IP address plus L4Type add for judging whether it is CAPWAP control channel message IsCapwapControl fields.
4. chip implementing method according to claim 1, it is characterised in that the configuration isEncryptedPkt fields shape When state is 1, the packet of encryption is judged as YES, that is, checks errorless.
5. chip implementing method according to claim 1, it is characterised in that in message encryption processing procedure, for The CAPWAP control channel message to be sent, after CPU completes the addition of plaintext CAPWAP, and gives set by the encryption information Layer is connect, the encryption information is eventually given chip and is further encrypted by ASIC_Header.
6. chip implementing method according to claim 5, it is characterised in that described after chip receives the message from CPU ASIC_Header is peeled off by chip and is resolved to the bus information.
7. chip implementing method according to claim 1, it is characterised in that in message encryption processing procedure, the core After piece receives the message from CPU, remove to index the Nexthop configured in chip according to the Nexthop ID carried in bus Table.
8. chip implementing method according to claim 1, it is characterised in that the configuration isCapwapControl fields When state is 1, the message from Capwap control passages is judged as YES, that is, checks errorless.
9. chip implementing method according to claim 1, it is characterised in that the encryption of CAPWAP message in chip Cheng Zhong, if chip checks that the isCapwapControl field status are 1, inserts message one DTLS and cuts down two Layer head, then carries out DTLS encryptions to message according to the key, and by encryption after be looped back in chip containing IP message, core After piece is received containing IP message, it is normally carried out routing table lookup and obtains forwarding behavior and outlet, carries out message forward process.
CN201611270117.7A 2016-12-30 2016-12-30 Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel Active CN106790200B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611270117.7A CN106790200B (en) 2016-12-30 2016-12-30 Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611270117.7A CN106790200B (en) 2016-12-30 2016-12-30 Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel

Publications (2)

Publication Number Publication Date
CN106790200A true CN106790200A (en) 2017-05-31
CN106790200B CN106790200B (en) 2020-04-14

Family

ID=58951785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611270117.7A Active CN106790200B (en) 2016-12-30 2016-12-30 Chip co-processing method for DTLS encryption and decryption of CAPWAP control channel

Country Status (1)

Country Link
CN (1) CN106790200B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616355A (en) * 2018-05-03 2018-10-02 盛科网络(苏州)有限公司 Software handshake negotiates the CAPWAP tunnel DTLS encipher-decipher methods of hardware enciphering and deciphering
CN110535748A (en) * 2019-09-09 2019-12-03 北京科东电力控制***有限责任公司 A kind of vpn tunneling model-based optimization method and system
CN111092829A (en) * 2019-12-09 2020-05-01 昆高新芯微电子(江苏)有限公司 Multi-core switching chip based on switching architecture and data transmission method thereof
CN111885062A (en) * 2020-07-23 2020-11-03 湖南中车时代通信信号有限公司 RS485 bus-based communication system and method with authentication encryption function
CN112332982A (en) * 2020-11-25 2021-02-05 盛科网络(苏州)有限公司 Macsec decryption method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080072047A1 (en) * 2006-09-20 2008-03-20 Futurewei Technologies, Inc. Method and system for capwap intra-domain authentication using 802.11r
CN102811451A (en) * 2012-07-23 2012-12-05 福建星网锐捷网络有限公司 Method and device for controlling connection of control and provisioning of wireless access points (Capwap) tunnel
CN103312449A (en) * 2012-03-16 2013-09-18 鼎桥通信技术有限公司 Downlink data packet transmission method under AP (Access Point) networking scene and RNC (Radio Network Controller)
CN105611529A (en) * 2015-12-31 2016-05-25 盛科网络(苏州)有限公司 Chip implementation method for encrypting and decrypting CAPWAP DTLS message
CN105635145A (en) * 2015-12-31 2016-06-01 盛科网络(苏州)有限公司 Chip-level safety protection method of CAPWAP DTLS tunnel

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080072047A1 (en) * 2006-09-20 2008-03-20 Futurewei Technologies, Inc. Method and system for capwap intra-domain authentication using 802.11r
CN103312449A (en) * 2012-03-16 2013-09-18 鼎桥通信技术有限公司 Downlink data packet transmission method under AP (Access Point) networking scene and RNC (Radio Network Controller)
CN102811451A (en) * 2012-07-23 2012-12-05 福建星网锐捷网络有限公司 Method and device for controlling connection of control and provisioning of wireless access points (Capwap) tunnel
CN105611529A (en) * 2015-12-31 2016-05-25 盛科网络(苏州)有限公司 Chip implementation method for encrypting and decrypting CAPWAP DTLS message
CN105635145A (en) * 2015-12-31 2016-06-01 盛科网络(苏州)有限公司 Chip-level safety protection method of CAPWAP DTLS tunnel

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616355A (en) * 2018-05-03 2018-10-02 盛科网络(苏州)有限公司 Software handshake negotiates the CAPWAP tunnel DTLS encipher-decipher methods of hardware enciphering and deciphering
CN110535748A (en) * 2019-09-09 2019-12-03 北京科东电力控制***有限责任公司 A kind of vpn tunneling model-based optimization method and system
CN110535748B (en) * 2019-09-09 2021-03-26 北京科东电力控制***有限责任公司 VPN tunnel mode optimization method and system
CN111092829A (en) * 2019-12-09 2020-05-01 昆高新芯微电子(江苏)有限公司 Multi-core switching chip based on switching architecture and data transmission method thereof
CN111885062A (en) * 2020-07-23 2020-11-03 湖南中车时代通信信号有限公司 RS485 bus-based communication system and method with authentication encryption function
CN111885062B (en) * 2020-07-23 2022-06-24 湖南中车时代通信信号有限公司 RS485 bus-based communication system and method with authentication encryption function
CN112332982A (en) * 2020-11-25 2021-02-05 盛科网络(苏州)有限公司 Macsec decryption method and device
CN112332982B (en) * 2020-11-25 2022-08-26 苏州盛科通信股份有限公司 Macsec decryption method and device

Also Published As

Publication number Publication date
CN106790200B (en) 2020-04-14

Similar Documents

Publication Publication Date Title
CN106790200A (en) The chip association processing method of CAPWAP control channel DTLS encryption and decryption
JP5785346B1 (en) Switching facility and data processing method supporting link layer security transmission
CN105611529B (en) The chip implementing method of CAPWAP DTLS message encryption and decryption
US9215221B2 (en) Method for implementing local routing of traffic, base station and system
CN111010274B (en) Safe and low-overhead SRv6 implementation method
CN105610790B (en) The user face data processing method that ipsec encryption card is cooperateed with CPU
CN106301765B (en) Encryption and decryption chip and method for realizing encryption and decryption
US20200076773A1 (en) Configurable service packet engine exploiting frames properties
CN108377495A (en) A kind of data transmission method, relevant device and system
US9872175B2 (en) Packet processing method, apparatus, and system
CN106657121B (en) The method and exchange chip of mirror image 802.1AE plaintext and ciphertext
US20220150059A1 (en) Forwarding device, key management server device, communication system, forwarding method, and computer program product
WO2023124880A1 (en) Packet processing method and device based on macsec network
JP4344750B2 (en) Method and apparatus for in-line encryption and decryption of radio station
WO2013179551A1 (en) Transmission apparatus, reception apparatus, communication system, transmission method, and reception method
US9071582B2 (en) Communication apparatus, reception control method, and transmission control method
US20160192187A1 (en) Frame Transfer Method, Related Apparatus, and Communications System
CN110691074B (en) IPv6 data encryption method and IPv6 data decryption method
WO2011079717A1 (en) Message transmitting method, equipment and system
CN110636078A (en) Method and device for realizing Cloudsec
CN112600802B (en) SRv6 encrypted message and SRv6 message encryption and decryption methods and devices
CN106685786B (en) The chip implementing method of multistage ACL in a kind of wlan system
CN109428868B (en) Method, encryption device, encryption equipment and storage medium for encrypting OSPFv3
WO2022117108A1 (en) Hard pipeline-based encryption and decryption method and apparatus
WO2021208644A1 (en) Inter-node privacy communication method and network node

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 215101 unit 13 / 16, 4th floor, building B, No. 5, Xinghan street, Suzhou Industrial Park, Jiangsu Province

Patentee after: Suzhou Shengke Communication Co.,Ltd.

Address before: 215021 unit 13 / 16, floor 4, building B, No. 5, Xinghan street, industrial park, Suzhou, Jiangsu Province

Patentee before: CENTEC NETWORKS (SU ZHOU) Co.,Ltd.

CP03 Change of name, title or address