摘要 |
A packet processing method, apparatus, and system. A first node receives a first packet sent by a relay device, where the first packet includes data in a second packet sent by a second node to the relay device, the data in the second packet is encrypted by using second additional authentication data and a session key between the first node and the second node, and the second additional authentication data is generated by the second node according to at least address information in a packet header of the second packet by using a second rule; the first node generates first additional authentication data according to address information in a packet header of the first packet by using a first rule, and decrypts the data in the first packet by using the first additional authentication data and the session key. |
主权项 |
1. A packet processing method of forwarding a packet between a first node and a second node, comprising:
receiving, by the first node, a first packet from a relay device, wherein the first packet comprises data in a second packet from the second node to the relay device, wherein the data in the second packet is encrypted using second additional authentication data and a session key between the first node and the second node, wherein the second additional authentication data is generated by the second node according to second address information in a second packet header of the second packet by using a second rule, wherein the second address information in the second packet header of the second packet indicates that a first receiving party of the second packet is the relay device, wherein a sending party of the second packet is the second node, and wherein a second receiving party of the second packet is the first node; generating, by the first node, first additional authentication data according to a first address information in a first packet header of the first packet using a first rule, wherein the first address information that is part of the first packet header of the first packet indicates that a receiving party of the first packet is the first node, a first sending party of the first packet is the relay device, a second sending party of the first packet is the second node, and wherein the first additional authentication data is the same as the second additional authentication data; and decrypting, by the first node, data in the first packet using the first additional authentication data and the session key between the first node and the second node. |