CN102325016A - Data channel establishment requesting and responding method, system and terminal equipment - Google Patents
Data channel establishment requesting and responding method, system and terminal equipment Download PDFInfo
- Publication number
- CN102325016A CN102325016A CN201110316119A CN201110316119A CN102325016A CN 102325016 A CN102325016 A CN 102325016A CN 201110316119 A CN201110316119 A CN 201110316119A CN 201110316119 A CN201110316119 A CN 201110316119A CN 102325016 A CN102325016 A CN 102325016A
- Authority
- CN
- China
- Prior art keywords
- address
- data channel
- module
- work mode
- judge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a data channel establishment requesting method, a data channel establishment responding method, a data channel establishment requesting and responding system, data channel establishment requesting terminal equipment and data channel establishment responding terminal equipment. Session identification information is written into a data channel for data transmission, read from the data channel and judged whether to be valid or not, thereby permitting or forbidding the data transmission to realize file transmission between a file transfer protocol (FTP) server and a plurality of clients by using a data port, effectively realize file data transmission between Internet protocol (IP) addresses distributed in a plurality of enterprise intranets and the FTP server of a public network information technology (IT) system, improve the concurrency of the FTP server, ensure high transmission speed and high efficiency, avoid that a firewall is required to open data ports within a certain range, reduce potential safety hazards, improve the security of the system, ensure the opening controllability of the data ports and save port resources.
Description
Technical field
The present invention relates to field of data transmission, relate in particular to a kind of request and answer method, system and terminal equipment of setting up data channel.
Background technology
FTP (FileTransferProtocol, FTP) FTP is a cover standard agreement that is used in the enterprising style of writing part transmission of network, protocol specification is included and is RFC959.FTP is a kind of concrete application of TCP/IP; It is operated in the layer 7 of osi model; On the 4th layer of the TCP model, promptly application layer is used for the transmitted in both directions that Internet goes up control documents; All can use at large-scale business management system, network management system, content system, Streaming Media etc., the complex network topologies that relates to shows as the user and belongs to corporate intranet and carry out file data transmission to another corporate intranet.FTP has two kinds of mode of operations: active PORT pattern (the Standard pattern is called the Active pattern again, aggressive mode) and passive PASV (Passive, Passive Mode) pattern.It needs two ports during real work, and one is 21 default ports, is used for link control and command word control; Another port is used for transfer of data, and when adopting the PORT pattern, the FPDP of FTP service end is defaulted as 20.
PORT pattern operation principle:
At first ftp client and FTP service end are set up order control channel (FTP service end order control channel serve port is defaulted as 21), accomplish the username and password authentication of client then.When the user wants file in download, mutual as follows:
1) ftp client sends the PORT order through control channel, and in order, informs the client data passage listening port (as 2048, this port is distributed from free port by ftp client at random) that the FTP service end will connect;
2) the FTP service end is replied the PORT order of receiving;
3) the FTP service end uses local data access port (20) to connect ftp client data channel 2048 ports;
4) ftp client is replied connection, thereby sets up the data interface channel;
5) when ftp client when control channel is sent the file download command, the FTP service end promptly sends to client to file data through data channel, thereby accomplishes the download of file.
The operation principle of passive PASV pattern:
At first ftp client and FTP service end are set up order control channel (FTP service end order control channel serve port is defaulted as 21), accomplish the username and password authentication of client then.When the user wants file in download, mutual as follows:
1) ftp client sends the PASV order through control channel;
2) the FTP service end is replied the PASV order of receiving, and in replying, informs FTP service end data channel address and the listening port (as 1078, this port is distributed from free port by the FTP service end at random) that ftp client will connect;
3) ftp client uses the free port at random (as 2048) of local data passage to connect FTP service end data channel 1078 ports;
4) the FTP service end is replied connection, thereby sets up the data interface channel;
When ftp client when control channel is sent the file download command, the FTP service end promptly sends to client to file data through data channel, thereby accomplishes the download of file.
The shortcoming of aggressive mode mainly is when step 3 is set up data channel; Initiatively initiate to be connected to ftp client by the FTP service end; And the user is usually in the fire compartment wall of another Intranet back; Do not have direct public network IP, cause the FTP service end can't be connected to ftp client, so this pattern only is applicable to that ftp client and FTP service end are at a together individual enterprise network.
Passive PASV pattern can solve the problem that active PORT pattern runs into; The foundation of data channel is initiatively initiated by client; But can see that from step 2 FPDP of FTP service end is Random assignment from the free port more than 1024, this causes another problem, is exactly the FPDP that the fire compartment wall of FTP service end place machine room must be opened certain limit; Can think that under the safety management standard of telecommunications and moving machine room there is very big hidden danger in this wall port configuration, finally can't pass; Here the concurrent number of client that an also implicit problem is exactly this pattern seriously relies on the quantity available of FTP service end FPDP; If the FPDP scope that allows is 2122~2125; Promptly have only 4 ports to use; When 4 users connect this FTP service end file in download simultaneously, promptly take these 4 data ports fully so, the 5th user must wait until that one of them user's release data port could carry out operations such as download; Also having a problem is the NAT gateway penetration problem when File Transfer Protocol does not provide data channel and sets up under the passive PASV mode of operation; Find expression in FTP service end Intranet IP and be mapped as public network IP when outlet through the NAT gateway; The FTP of step 2 place service end reply to ftp client be net address in the FTP service end, cause ftp client to set up data channel with the FTP service end.
The NAT gateway penetration problem that existing File Transfer Protocol does not provide data channel when setting up; When finding expression in FTP service end Intranet IP and being mapped as public network IP through the NAT gateway; The FTP service end reply to ftp client be net address in the FTP service end, cause ftp client to set up data channel with the FTP service end.
Summary of the invention
The purpose of the embodiment of the invention is to propose a kind of request and answer method, system and terminal equipment of setting up data channel, is intended to solve in the prior art aggressive mode and only is applicable to that ftp client and FTP service end are with an enterprise network; Under the Passive Mode, the fire compartment wall of server end must be opened the FPDP of certain limit, has very big hidden danger; In addition, the concurrent number of client seriously relies on the quantity available of FPDP, and efficient is low; Speed is slow; In addition, the NAT gateway penetration problem that existing File Transfer Protocol does not provide data channel when setting up is when FTP service end Intranet IP is mapped as public network IP through the NAT gateway; The FTP service end reply to ftp client be net address in the FTP service end, cause ftp client can't set up the technical problem of data channel with the FTP service end.
The embodiment of the invention is achieved in that a kind of requesting method of setting up data channel, may further comprise the steps:
Send the passive work mode order through order control channel;
Receive and resolve the response message of said passive work mode order, and obtain monitoring IP address, listening port and this session label information of data channel;
To said monitoring IP address with listening port request set up data channel and be connected;
Write this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
Another purpose of the embodiment of the invention is to propose a kind of answer method of setting up data channel, may further comprise the steps:
The IP address of sending said passive work mode order is obtained in the order of reception passive work mode;
According to the IP address of sending said passive work mode order, obtain the monitoring IP address and the listening port of data channel;
Generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
Reply the request of setting up data channel, and set up the connection of data channel;
Obtain this session label information from said data channel, and judge whether this session label information is effective, if then carry out transfer of data.
Another purpose of the embodiment of the invention is to propose a kind of request unit of setting up data channel, and said device comprises: send command module, receive responder module, request link block and first transport module;
Said transmission command module links to each other with said reception responder module, is used for sending the passive work mode order through order control channel;
Said reception responder module links to each other with the request link block with said transmission command module, is used to receive and resolve the response message of said passive work mode order, and obtains monitoring IP address, listening port and this session label information of data channel;
The described request link block links to each other with first transport module with said reception responder module, be used for to said monitoring IP address with listening port request set up data channel and be connected;
Said first transport module links to each other with the described request link block, is used for writing this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
Another purpose of the embodiment of the invention is to propose a kind of answering device of setting up data channel, and said device comprises: receive command module, obtain the IP module, send responder module, reply the link block and second transport module;
Said reception command module links to each other with the said IP of obtaining module, is used to receive the passive work mode order, obtains the IP address of sending said passive work mode order;
The said IP module of obtaining links to each other with the transmission responder module with said reception command module, is used for obtaining the monitoring IP address and the listening port of data channel according to the IP address of sending said passive work mode order;
Said transmission responder module; With the said IP of obtaining module with reply link block and link to each other; Be used to generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
The said link block of replying links to each other with second transport module with said transmission responder module, is used to reply the request of setting up data channel, and sets up the connection of data channel.
Said second transport module links to each other with the said link block of replying, and is used for obtaining this session label information from said data channel, and judges whether this session label information is effective, if then carry out transfer of data.
Another purpose of the embodiment of the invention is to propose a kind of request and answering system of setting up data channel; Said system comprises: request unit and answering device, described request device comprise the transmission command module, receive responder module, request link block and first transport module; Said answering device comprises the reception command module, obtains the IP module, sends responder module, replys the link block and second transport module.
Said transmission command module links to each other with said reception responder module, is used for sending the passive work mode order through order control channel;
Said reception responder module links to each other with the request link block with said transmission command module, is used to receive and resolve the response message of said passive work mode order, and obtains monitoring IP address, listening port and this session label information of data channel;
The described request link block links to each other with first transport module with said reception responder module, be used for to said monitoring IP address with listening port request set up data channel and be connected;
Said first transport module links to each other with the described request link block, is used for writing this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
Said reception command module links to each other with the said IP of obtaining module, is used to receive the passive work mode order, obtains the IP address of sending said passive work mode order;
The said IP module of obtaining links to each other with the transmission responder module with said reception command module, is used for obtaining the monitoring IP address and the listening port of data channel according to the IP address of sending said passive work mode order;
Said transmission responder module; With the said IP of obtaining module with reply link block and link to each other; Be used to generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
The said link block of replying links to each other with second transport module with said transmission responder module, is used to reply the request of setting up data channel, and sets up the connection of data channel.
Said second transport module links to each other with the said link block of replying, and is used for obtaining this session label information from said data channel, and judges whether this session label information is effective, if then carry out transfer of data.
Another purpose of the embodiment of the invention is to propose a kind of said terminal equipment of setting up the request unit of data channel that comprises.
Another purpose of the embodiment of the invention is to propose a kind of said server of setting up the answering device of data channel that comprises.
Beneficial effect of the present invention:
The present invention sends the passive work mode order through order control channel, obtains the IP address of sending said passive work mode order, obtains the monitoring IP address and the listening port of data channel; Generate this session label information and reply, resolve the response message of said passive work mode order, and obtain monitoring IP address, listening port and this session label information of said data channel; The connection that data channel is set up in request writes this session label information to data channel, carries out transfer of data; Thereby realization FTP service end uses a data port and a plurality of client to carry out file transfer; Realized being distributed in the IP of a plurality of corporate intranets and the FTP service end of a public network IT system effectively and carried out the file data transmission, and improved the concurrent performance of FTP service end, transmission speed is fast; Efficient is high; Avoid the fire compartment wall of FTP service end must open the FPDP of certain limit, reduced potential safety hazard, improved the fail safe of system; Guarantee the controllability that FPDP is opened, saved port resource.
Description of drawings
Fig. 1 is a kind of flow chart of setting up the requesting method of data channel of the embodiment of the invention;
Fig. 2 is a kind of flow chart of setting up the answer method of data channel of the embodiment of the invention;
Fig. 3 is a kind of structural representation of setting up the request unit of data channel of the embodiment of the invention;
Fig. 4 is a kind of structural representation of setting up answering device first preferred embodiment of data channel of the present invention;
Fig. 5 is a kind of structural representation of setting up answering device second preferred embodiment of data channel of the present invention;
Fig. 6 is a kind of request of data channel and structural representation of answering system set up of the embodiment of the invention.
Embodiment
In order to make the object of the invention, technical scheme and advantage clearer, below in conjunction with accompanying drawing and embodiment, the present invention is further elaborated, for the ease of explanation, only show the part relevant with the embodiment of the invention.Should be appreciated that the specific embodiment that this place is described, only be used to explain the present invention, not in order to restriction the present invention.
The present invention sends the passive work mode order through order control channel, obtains the IP address of sending said passive work mode order, obtains the monitoring IP address and the listening port of data channel; Generate this session label information and reply, resolve the response message of said passive work mode order, and obtain monitoring IP address, listening port and this session label information of said data channel; The connection that data channel is set up in request writes this session label information to data channel, carries out transfer of data; Thereby realization FTP service end uses a data port and a plurality of client to carry out file transfer; Realized being distributed in the IP of a plurality of corporate intranets and the FTP service end of a public network IT system effectively and carried out the file data transmission, and improved the concurrent performance of FTP service end, transmission speed is fast; Efficient is high; Avoid the fire compartment wall of FTP service end must open the FPDP of certain limit, reduced potential safety hazard, improved the fail safe of system; Guarantee the controllability that FPDP is opened, saved port resource.
Embodiment one
A kind of requesting method flow chart of setting up data channel of Fig. 1 embodiment of the invention.Described method may further comprise the steps:
S101 sends the passive work mode order through order control channel;
Ftp client sends passive work mode through control channel and orders the service end to FTP;
S102 receives and resolves the response message that said passive work mode is ordered, and obtains monitoring IP address, listening port and this session identification of data channel;
After ftp client is received the passive work mode command response, resolve the target ip address that extraction will connect, port and this session label information by the text formatting that presets;
Said monitoring IP address and port are the target ip address and the port of the FTP service end that needs be connected;
S103, to said monitoring IP address with listening port request set up data channel and be connected;
After ftp client gets access to the monitoring IP address and listening port of FTP service end data channel, attempt setting up data channel with the FTP service end;
S104 writes this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
Ftp client writes this session label information to said data channel, attempts carrying out transfer of data then; The FTP service end reads this session label information from data channel and carries out the validity judgement, if effectively, promptly allows to continue to receive follow-up data, if data channel is promptly closed in inefficacy at once, forbids that ftp client is to FTP service end transmission data.
The further optimization of technique scheme is,
Said step " is sent the passive work mode order through order control channel " and is also comprised step before:
Set up order control channel;
Obtain authentication result information.
At first ftp client and FTP service end are set up order control channel, accomplish the username and password login authentication of client then;
The port default of said FTP service end order control channel service is 21.
Send the passive work mode order through order control channel in the embodiment of the invention, resolve the response message of said passive work mode order, and obtain monitoring IP address, listening port and this session label information of said data channel; The connection that data channel is set up in request writes this session label information to data channel, carries out transfer of data; Read this session label information from data channel, judge whether this session label information is effective, thereby allow or the forbidden data transmission; Use a data port and a plurality of client to carry out file transfer to realize the FTP service end; Realized being distributed in the IP of a plurality of corporate intranets and the FTP service end of a public network IT system effectively and carried out the file data transmission, and improved the concurrent performance of FTP service end, transmission speed is fast; Efficient is high; Avoid the fire compartment wall of server end must open the FPDP of certain limit, reduced potential safety hazard, improved the fail safe of system; Guarantee the controllability that FPDP is opened, saved port resource.
Embodiment two
Fig. 2 is a kind of answer method flow chart of setting up data channel of the embodiment of the invention.Described method may further comprise the steps:
S201 receives said passive work mode order, obtains the IP address of sending said passive work mode order;
S202 according to the IP address of sending said passive work mode order, obtains the monitoring IP address and the listening port of data channel;
The monitoring IP address of said data channel and listening port the IP address and the port that carry out transfer of data for presetting in advance;
After the FTP service end is received the passive work mode order; Extract the visiting IP address of ftp client and promptly send the IP address of said passive work mode order; The monitoring IP address that feeds back to the data channel that ftp client will connect according to visiting IP address field decision is that the Intranet IP address of NAT gateway still is the public network IP address of NAT gateway; And the listening port of data channel, be specially:
S2021; Whether the IP address of judge sending said passive work mode order is in first address realm that presets (for example first address realm can be 127.0.0.1); If; Then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway, if not, get into step S2022;
S2022; (for example second address realm can be 10.0.0.0~10.255.255.255) in second address realm that presets in the IP address of judge sending said passive work mode order; If; Then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway, if not, get into step S2023;
S2023; (for example the three-address scope can be 172.16.0.0~172.31.255.255) in the three-address scope that presets in the IP address of judge sending said passive work mode order; If; Then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway, if not, get into step S2024;
S2024; Whether the IP address of judge sending said passive work mode order (192.168.0.0~192.168.255.255) in the four-address scope that presets; If; Then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway, if not, then the monitoring IP address of said data channel and listening port are the public network IP address and the port of NAT gateway.
S203 generates this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
Said this session label information is unique numeric string or the character string that the FTP service end is distributed this session; Described this session label information also can be with it corresponding unique numeric string or the character string of FTP service end according to the IP address assignment of sending said passive work mode order;
The FTP service end generates this session label information after receiving the passive work mode order;
The FTP service end is received when the passive work mode order is replied; The monitoring IP address of promptly sending the IP address specified data passage of said passive work mode order according to the visiting IP address of ftp client is that Intranet IP address still is the public network IP address of NAT gateway outlet, and monitoring IP address, listening port and this session label information after will confirming feed back to ftp client with the text formatting that presets;
S204 replys the request of setting up data channel, and sets up the connection of data channel;
The FTP service end is replied the ftp client request of connecting, and accomplishes TCP (Transmission Control Protocol, transmission control protocol) three-way handshake process, thereby sets up data channel;
S205 obtains this session label information from said data channel, and judges whether this session label information is effective, if then carry out transfer of data; If, do not close the connection of said data channel by force;
When judging that this session label information whether effectively, if the FTP service end then allows said data channel to carry out transfer of data; If, do not close the connection of said data channel by force.
Obtain this session label information from said data channel; And judge whether this session label information is effective; If then the data channel connection authentication of firm foundation is passed through, thereby is allowed said data channel to carry out transfer of data; If not (if the FTP service end judge said this session label information invalid or etc. this session label information to be read overtime), then the data channel of firm foundation is connected and closes by force;
Said judge this session label information whether effectively process be: judge whether this session label information that gets access to from said data channel is unique numeric string or the character string of distributing to the IP address of sending said passive work mode order originally;
Said judge this session label information whether effectively process be: judge that whether this session label information of getting access to from said data channel is this session label information of feeding back as the response message that sends the IP address that said passive work mode orders together with the monitoring IP address of said data channel and listening port originally; If the FTP service end then allows said data channel to carry out transfer of data; If, do not close the connection of said data channel by force.
When ftp client when order control channel is sent the file download command, the FTP service end promptly sends to ftp client to said file through said data channel, thus the download of completion file.
The further optimization of technique scheme is said step " receives the passive work mode order, obtains and send the IP address that said passive work mode is ordered " and also comprises before:
The bind command listening port is set up order control channel;
Carry out login authentication, and feedback authentication result information;
Said order listening port is defaulted as 21 ports;
At first ftp client and FTP service end are set up order control channel, accomplish the username and password login authentication of client then;
Said FTP service end order control channel serve port is defaulted as 21.
The further optimization of technique scheme is,
Before first address realm that whether is presetting in the IP address of judge sending said passive work mode order; The four-address scope that at first will send the IP address of said passive work mode order and first address realm that presets, second address realm that presets, the three-address scope that presets and preset converts the decimal system or hexadecimal into, is specially:
Convert the IP address of sending said passive work mode order and first address realm that presets, second address realm that presets, the three-address scope that presets and the four-address scope that presets into the decimal system or hexadecimal numerical value;
With the IP address of the said passive work mode order of the said decimal system or hexadecimal transmission and the said decimal system perhaps hexadecimal first address realm that presets, second address realm that presets, the three-address scope that presets and the four-address scope that presets compare, obtain the monitoring IP address of said data channel and Intranet IP address that listening port is the NAT gateway or the public network IP address of NAT gateway;
For ease of understanding, illustrate, wherein said IP address 127.0.0.1 converts decimal system numerical value into and is: 2130706432;
Said IP address 10.0.0.0~10.255.255.255 converts decimal system numerical value into: 167772160~184549375;
Said IP address 172.16.0.0~172.31.255.255 converts decimal system numerical value into: 2886729728~2887778303;
Said IP address 192.168.0.0~192.168.255.255 converts decimal system numerical value into: 3232235520~3232301055;
If sending the IP address of said passive work mode order is 127.0.0.1, then converts decimal system numerical value into and be: 2130706432,
That is to say before first address realm that whether is presetting in the IP address of judging said passive work mode order; At first with the IP address of described passive work mode order and first address realm that presets, second address realm that presets, the three-address scope that presets, the four-address scope that presets; Convert the decimal system or hexadecimal into; And then compare; Be execution in step S2021 to S2024; In execution in step S2021 to S2024 process, carry out carrying out the decimal system or hexadecimal numeric ratio exactly when the IP address is judged relatively so accordingly, confirm the monitoring IP address of said data channel and Intranet IP address and the port that listening port is the NAT gateway at last.
Send the IP address that said passive work mode is ordered through receiving the passive work mode order, obtaining in the embodiment of the invention, according to the IP address of sending said passive work mode order; Obtain the monitoring IP address and the listening port of data channel, generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back; Reply and set up the connection of data channel, obtain said this session label information, judge whether effective this session mark information is known from said data channel; If, then carry out transfer of data, in answering, add this session label information; Thereby realization FTP service end uses a data port and a plurality of client to carry out file transfer; Realized being distributed in the IP of a plurality of corporate intranets and the FTP service end of a public network IT system effectively and carried out the file data transmission, and improved the concurrent performance of FTP service end, transmission speed is fast; Efficient is high; Avoid the fire compartment wall of FTP service end must open the FPDP of certain limit, reduced potential safety hazard, improved the fail safe of system; Guarantee the controllability that FPDP is opened, saved port resource; Secondly according to the IP address of sending said passive work mode order through a plurality of condition judgment are carried out in the IP address; Confirm whether ftp client is in the same network segment with the FTP service end; If the together individual network segment is promptly informed the Intranet IP address and the port of ftp client NAT gateway,, realized the NAT gateway penetration when data channel is set up if not the public network IP address and the port of promptly informing ftp client NAT gateway with a network segment; Further improved the concurrent performance of FTP service end; Further guaranteed the controllability that FPDP is opened, saved port resource, the agreement of having avoided defining between enterprise separately causes system to lack open and increase system development complexity; Shorten the construction cycle, practice thrift cost; With the IP address transition is the decimal system or hexadecimal numerical value, and the said decimal system or hexadecimal numerical value are compared, and obtains the monitoring IP address and the listening port of data channel, and efficient relatively further improves.
Embodiment three
Fig. 3 is a kind of structural representation of setting up the request unit of data channel of the embodiment of the invention.
Said device comprises: send command module, receive responder module, request link block and first transport module;
Said transmission command module links to each other with said reception responder module, is used for sending the passive work mode order through order control channel;
Ftp client sends passive work mode through control channel and orders the service end to FTP;
Said reception responder module links to each other with the request link block with said transmission command module, is used to receive and resolve the response message of said passive work mode order, and obtains monitoring IP address, listening port and this session label information of data channel;
After ftp client is received the passive work mode command response, resolve the target ip address that extraction will connect, port and this session label information by the text formatting that presets;
Said monitoring IP address and port are the target ip address and the port of the FTP service end that needs be connected;
The described request link block links to each other with first transport module with said reception responder module, be used for to said monitoring IP address with listening port request set up data channel and be connected;
After ftp client gets access to the monitoring IP address and listening port of FTP service end data channel, attempt setting up data channel with the FTP service end;
Said first transport module links to each other with the described request link block, is used for writing this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
Ftp client writes this session label information to said data channel, attempts carrying out transfer of data then; The FTP service end reads this session label information from data channel and carries out the validity judgement, if effectively, promptly allows to continue to receive follow-up data, if data channel is promptly closed in inefficacy at once, forbids that ftp client is to FTP service end transmission data.
The further optimization of said apparatus is that said device also comprises the first passage module and obtains authentication module:
Said first passage module links to each other with the said authentication module that obtains, and is used for setting up order control channel;
The said authentication module that obtains links to each other with the transmission command module with said first passage module, is used to obtain authentication result information.
At first ftp client and FTP service end are set up order control channel (FTP service end order control channel serve port is defaulted as 21), accomplish the username and password debarkation authentication of client then.
Send the passive work mode order through sending command module through order control channel in the embodiment of the invention, resolve the response message of said passive work mode order through receiving responder module, and obtain monitoring IP address, listening port and this session label information of said data channel; Through the connection of asking the link block request to set up data channel; Write this session label information through first transport module to data channel, the data transfer of going forward side by side adds this session label information in request process; Thereby realization FTP service end uses a data port and a plurality of client to carry out file transfer; Realized being distributed in the IP of a plurality of corporate intranets and the FTP service end of a public network IT system effectively and carried out the file data transmission, and improved the concurrent performance of FTP service end, transmission speed is fast; Efficient is high; Avoid the fire compartment wall of FTP service end end must open the FPDP of certain limit, reduced potential safety hazard, improved the fail safe of system.
Embodiment four
Fig. 4 is a kind of structural representation of setting up answering device first preferred embodiment of data channel of the present invention.
Said device comprises: receive command module, obtain the IP module, send responder module, reply the link block and second transport module;
Said reception command module links to each other with the said IP of obtaining module, is used to receive the passive work mode order, obtains the IP address of sending said passive work mode order;
The said IP module of obtaining links to each other with the transmission responder module with said reception command module, is used for obtaining the monitoring IP address and the listening port of data channel according to the IP address of sending said passive work mode order;
After the FTP service end is received the passive work mode order; Extract the visiting IP address of client and promptly send the IP address of said passive work mode order; The monitoring IP address that feeds back to the data channel that client will connect according to visiting IP address field decision is that the Intranet IP address of NAT gateway still is the public network IP address of NAT gateway, and the listening port of data channel.
Said transmission responder module; With the said IP of obtaining module with reply link block and link to each other; Be used to generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
Said this session label information is unique numeric string or the character string that server end distributes when carrying out this session;
Described this session label information also can be with it corresponding unique numeric string or the character string of FTP service end according to the IP address assignment of sending said passive work mode order;
The FTP service end generates this session label information after receiving the passive work mode order;
The FTP service end receives when passive work mode order is replied, and monitoring IP address, listening port and this session label information of said data channel fed back to ftp client with the text formatting that presets;
The said link block of replying links to each other with second transport module with said transmission responder module, is used to reply the request of setting up data channel, and sets up the connection of data channel.
The FTP service end is replied the ftp client ACK that connects, and accomplishes the TCP three-way handshake process, thereby sets up data channel;
Said second transport module links to each other with the said link block of replying, and is used for obtaining this session label information from said data channel, and judges whether this session label information is effective, if then carry out transfer of data.
When judging that this session label information whether effectively, if the FTP service end then allows said data channel to carry out transfer of data; If, do not close the connection of said data channel by force.
Obtain this session label information from said data channel; And judge whether this session label information is effective; If then the data channel connection authentication of firm foundation is passed through, thereby is allowed said data channel to carry out transfer of data; If not (if the FTP service end judge said this session label information invalid or etc. this session label information to be read overtime), then the data channel of firm foundation is connected and closes by force;
Said judge this session label information whether effectively process be: judge whether this session label information that gets access to from said data channel is unique numeric string or the character string of distributing to the IP address of sending said passive work mode order originally;
Said judge this session label information whether effectively process can also be: judge that whether this session label information of getting access to from said data channel is this session label information of feeding back as the response message that sends the IP address that said passive work mode orders together with the monitoring IP address of said data channel and listening port originally; If the FTP service end then allows said data channel to carry out transfer of data; If, do not close the connection of said data channel by force.
When ftp client when order control channel is sent the file download command, the FTP service end promptly sends to ftp client to said file through said data channel, thus the download of completion file.
The further optimization of said apparatus is that said device also comprises second channel module and authentication feedback module:
Said second channel module links to each other with said authentication feedback module, is used for setting up order control channel with default port 21;
Said authentication feedback module links to each other with the reception command module with said second channel module, is used to carry out authentication, and feedback authentication result information.
At first ftp client and FTP service end are set up order control channel (FTP service end order control channel serve port is defaulted as 21), accomplish the username and password debarkation authentication of client then.
The further optimization of said apparatus is that said device also comprises closes link block, is illustrated in figure 5 as a kind of structural representation of setting up answering device second preferred embodiment of data channel of the present invention;
The said link block of closing links to each other with the said link block of replying, and is invalid if be used for from this session label information that said data channel is obtained, and then closes the connection of said data channel by force.
If the FTP service end judge said this session label information invalid or etc. this session label information to be read overtime, promptly the data channel of firm foundation is connected and closes by force.
The further optimization of said apparatus is; The said IP of obtaining module comprises first judge module, second judge module, the 3rd judge module and the 4th judge module, is illustrated in figure 5 as a kind of structural representation of setting up answering device second preferred embodiment of data channel of the present invention;
Said first judge module; Link to each other with said transmission responder module; Be used to judge that the IP address of sending said passive work mode order is whether in first address realm that presets (for example first address realm can be 127.0.0.1), if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway; If, then do not notify second judge module to continue to judge.
Said second judge module; Link to each other with the 3rd judge module with said first judge module, transmission responder module; Be used to judge that whether (for example second address realm can be 10.0.0.0~10.255.255.255), if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway in second address realm that presets in the IP address of sending said passive work mode order; If, then do not notify the 3rd judge module to continue to judge.
Said the 3rd judge module; With said second judge module, transmission responder module and the 4th judge module; Be used to judge that whether (for example the three-address scope can be 172.16.0.0~172.31.255.255), if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway in the three-address scope that presets in the IP address of sending said passive work mode order; If, then do not notify the 4th judge module to continue to judge.
Said the 4th judge module; Link to each other with the transmission responder module with said the 3rd judge module; Be used to judge that whether (192.168.0.0~192.168.255.255) is if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway in the four-address scope that presets in the IP address of sending said passive work mode order; Then the monitoring IP address of said data channel and listening port are the public network IP address and the port of NAT gateway if not.
The further optimization of said apparatus is; Before first the address realm whether said IP of obtaining module also is used for presetting in the IP address of judging the said passive work mode order of transmission; The four-address scope that at first will send the IP address of said passive work mode order and first address realm that presets, second address realm that presets, the three-address scope that presets and preset converts the decimal system or hexadecimal into; With the IP address of the said passive work mode order of the said decimal system or hexadecimal transmission and the said decimal system perhaps hexadecimal first address realm that presets, second address realm that presets, the three-address scope that presets and the four-address scope that presets compare, obtain the monitoring IP address of said data channel and Intranet IP address that listening port is the NAT gateway or the public network IP address of NAT gateway;
For ease of understanding, illustrate, wherein said IP address 127.0.0.1 converts decimal system numerical value into and is: 2130706432;
Said IP address 10.0.0.0~10.255.255.255 converts decimal system numerical value into: 167772160~184549375;
Said IP address 172.16.0.0~172.31.255.255 converts decimal system numerical value into: 2886729728~2887778303;
Said IP address 192.168.0.0~192.168.255.255 converts decimal system numerical value into: 3232235520~3232301055;
If sending the IP address of said passive work mode order is 127.0.0.1, then converts decimal system numerical value into and be: 2130706432, then compare, confirm the monitoring IP address of said data channel and Intranet IP address and the port that listening port is the NAT gateway.
Receive the passive work mode order through receiving command module in the embodiment of the invention, obtain the IP address of sending said passive work mode order through obtaining the IP module, according to the IP address of sending said passive work mode order; Obtain the monitoring IP address and the listening port of data channel, generate this session label information through sending responder module, and the response message that monitoring IP address, listening port and said this session label information of said data channel are ordered as passive work mode feeds back; Reply and set up the connection of data channel through replying link block; Obtain said this session label information through second transport module from said data channel, judge whether this session label information is effective, if; Then carry out transfer of data; In answering, add this session label information, thereby realize that the FTP service end uses a data port and a plurality of client to carry out file transfer, the FTP service end that has realized being distributed in IP and a public network IT system of a plurality of corporate intranets is effectively carried out file data and is transmitted; And improved the concurrent performance of FTP service end; Transmission speed is fast, and efficient is high, has avoided the fire compartment wall of FTP service end must open the FPDP of certain limit; Reduce potential safety hazard, improved the fail safe of system; If to obtain this session label information from said data channel be invalid through closing link block, then close the connection of said data channel by force, further reduce the potential safety hazard of system; Secondly through in first judge module, second judge module, the 3rd judge module and the 4th judge module according to the judgement of the IP address different condition of sending said passive work mode order; Confirm whether ftp client is in the same network segment with the FTP service end; If inform promptly that with a network segment ftp client passes through Intranet IP visit FTP service end FPDP, if not informing promptly that with a network segment ftp client visits FTP service end FPDP through the outlet IP of NAT gateway, has realized the NAT gateway penetration when data channel is set up; Further improved the concurrent performance of FTP service end; Further guaranteed the controllability that FPDP is opened, saved port resource, the agreement of having avoided defining between enterprise separately causes system to lack open and increase system development complexity; Shorten the construction cycle, practice thrift cost; Especially, obtaining the IP module is the decimal system or hexadecimal numerical value with the IP address transition, and the said decimal system or hexadecimal numerical value are compared, and obtains the monitoring IP address and the listening port of data channel, and efficient relatively further improves.
Embodiment five
Fig. 6 is that the embodiment of the invention is set up the request of data channel and the structural representation of answering system.
Said system comprises: request unit and answering device, described request device comprise the transmission command module, receive responder module, request link block and first transport module; Said answering device comprises the reception command module, obtains the IP module, sends responder module, replys the link block and second transport module.
Said transmission command module links to each other with the reception responder module with said reception command module, is used for sending the passive work mode order through order control channel;
Said reception responder module; Link to each other with said transmission command module, request link block and transmission responder module; Be used to receive and resolve the response message of said passive work mode order, and obtain monitoring IP address, listening port and this session label information of data channel;
The described request link block, with said reception responder module, first transport module with reply link block and link to each other, be used for to said monitoring IP address with listening port request set up data channel and be connected;
Said first transport module links to each other with second transport module with the described request link block, is used for writing this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
Said reception command module, with said transmission command module with obtain the IP module and link to each other, be used to receive the passive work mode order, obtain the IP address of sending said passive work mode order;
The said IP module of obtaining links to each other with the transmission responder module with said reception command module, is used for obtaining the monitoring IP address and the listening port of data channel according to the IP address of sending said passive work mode order;
Said transmission responder module; With the said IP of obtaining module with reply link block and link to each other; Be used to generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
The said link block of replying links to each other with second transport module with said transmission responder module, is used to reply the request of setting up data channel, and sets up the connection of data channel.
Said second transport module links to each other with the said link block of replying, and is used for obtaining this session label information from said data channel, and judges whether this session label information is effective, if then carry out transfer of data.
Said system further optimized be, said system also comprises and closes link block;
The said link block of closing links to each other with the said link block of replying, and is invalid if be used for from this session label information that said data channel is obtained, and then closes the connection of said data channel by force.
If the FTP service end judge said this session label information invalid or etc. this session label information to be read overtime, promptly the data channel of firm foundation is connected and closes by force.
The further optimization of said system is that the said IP of obtaining module comprises first judge module, second judge module, the 3rd judge module and the 4th judge module.
Said first judge module; Link to each other with said transmission responder module; Be used to judge that the IP address of sending said passive work mode order is whether in first address realm that presets (for example first address realm can be 127.0.0.1), if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway; If, then do not notify second judge module to continue to judge.
Said second judge module; Link to each other with the 3rd judge module with said first judge module, transmission responder module; Be used to judge that whether (for example second address realm can be 10.0.0.0~10.255.255.255), if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway in second address realm that presets in the IP address of sending said passive work mode order; If, then do not notify the 3rd judge module to continue to judge.
Said the 3rd judge module; Link to each other with the 4th judge module with said second judge module, transmission responder module; Be used to judge that whether (for example the three-address scope can be 172.16.0.0~172.31.255.255), if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway in the three-address scope that presets in the IP address of sending said passive work mode order; If, then do not notify the 4th judge module to continue to judge.
Said the 4th judge module; Link to each other with the transmission responder module with said the 3rd judge module; Be used to judge that whether (192.168.0.0~192.168.255.255) is if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway in the four-address scope that presets in the IP address of sending said passive work mode order; Then the monitoring IP address of said data channel and listening port are the public network IP address and the port of NAT gateway if not.
The further optimization of said system is; Before first the address realm whether said IP of obtaining module also is used for presetting in the IP address of judging the said passive work mode order of transmission; The four-address scope that at first will send the IP address of said passive work mode order and first address realm that presets, second address realm that presets, the three-address scope that presets and preset converts the decimal system or hexadecimal into; With the IP address of the said passive work mode order of the said decimal system or hexadecimal transmission and the said decimal system perhaps hexadecimal first address realm that presets, second address realm that presets, the three-address scope that presets and the four-address scope that presets compare, obtain the monitoring IP address of said data channel and Intranet IP address that listening port is the NAT gateway or the public network IP address of NAT gateway.
For ease of understanding, illustrate, wherein said IP address 127.0.0.1 converts decimal system numerical value into and is: 2130706432;
Said IP address 10.0.0.0~10.255.255.255 converts decimal system numerical value into: 167772160~184549375;
Said IP address 172.16.0.0~172.31.255.255 converts decimal system numerical value into: 2886729728~2887778303;
Said IP address 192.168.0.0~192.168.255.255 converts decimal system numerical value into: 3232235520~3232301055;
If sending the IP address of said passive work mode order is 127.0.0.1, then converts decimal system numerical value into and be: 2130706432, then compare, confirm the monitoring IP address of said data channel and Intranet IP address and the port that listening port is the NAT gateway.
Send the passive work mode order through sending command module through order control channel in the embodiment of the invention, receive said passive work mode order, obtain the IP address of sending said passive work mode order through obtaining the IP module through receiving command module; According to the IP address of sending said passive work mode order, obtain the monitoring IP address and the listening port of data channel, generate this session label information through sending responder module; And monitoring IP address, listening port and this session label information of the said data channel response message as the passive work mode order fed back, resolve the response message of said passive work mode order through receiving responder module, and obtain monitoring IP address, listening port and this session label information of said data channel; Through the connection of asking the link block request to set up data channel; Reply the request of setting up data channel through replying link block, and set up the connection of data channel, write this session label information to data channel through first transport module; The data transfer of going forward side by side; Obtain this session label information through second transport module from said data channel, and judge whether this session identification is effective, if; Then carry out transfer of data; In request process, add this session label information, thereby realize that the FTP service end uses a data port and a plurality of client to carry out file transfer, the FTP service end that has realized being distributed in IP and a public network IT system of a plurality of corporate intranets is effectively carried out file data and is transmitted; And improved the concurrent performance of FTP service end; Transmission speed is fast, and efficient is high, has avoided the fire compartment wall of FTP service end must open the FPDP of certain limit; Reduce potential safety hazard, improved the fail safe of system; If to obtain this session label information from said data channel be invalid through closing link block, then close the connection of said data channel by force, further reduce the potential safety hazard of system; Secondly through in first judge module, second judge module, the 3rd judge module and the 4th judge module according to the judgement of the IP address different condition of sending said passive work mode order; Confirm whether ftp client is in the same network segment with the FTP service end; If the together individual network segment is promptly informed the Intranet IP address and the port of ftp client NAT gateway,, realized the NAT gateway penetration when data channel is set up if not the public network IP address and the port of promptly informing ftp client NAT gateway with a network segment; Further improved the concurrent performance of FTP service end; Further guaranteed the controllability that FPDP is opened, saved port resource, the agreement of having avoided defining between enterprise separately causes system to lack open and increase system development complexity; Shorten the construction cycle, practice thrift cost; Especially, obtaining the IP module is the decimal system or hexadecimal numerical value with the IP address transition, and the said decimal system or hexadecimal numerical value are compared, and obtains the monitoring IP address and the listening port of data channel, and efficient relatively further improves.
The request unit of setting up data channel provided by the invention can be applied to set up on the terminal equipment of request of data channel, for example: PC, PDA, mobile phone etc.
The answering device of setting up data channel provided by the invention can be applied to set up on the server of replying of data channel, for example: PC, server etc.
Claims (12)
1. a requesting method of setting up data channel is characterized in that, said method comprising the steps of:
Send the passive work mode order through order control channel;
Receive and resolve the response message of said passive work mode order, and obtain monitoring IP address, listening port and this session label information of data channel;
To said monitoring IP address with listening port request set up data channel and be connected;
Write this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
2. an answer method of setting up data channel is characterized in that, said method comprising the steps of:
The IP address of sending said passive work mode order is obtained in the order of reception passive work mode;
According to the IP address of sending said passive work mode order, obtain the monitoring IP address and the listening port of data channel;
Generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
Reply the request of setting up data channel, set up the connection of data channel;
Obtain this session label information from said data channel, and judge whether this session label information is effective, if then carry out transfer of data.
3. the answer method of setting up data channel according to claim 2 is characterized in that,
Said step " is obtained this session label information from said data channel, and is judged whether this session label information is effective, if then carry out transfer of data " and also comprises step afterwards:
If, then do not close the connection of said data channel by force.
4. the answer method of setting up data channel according to claim 3 is characterized in that,
Said step " according to the IP address of sending said passive work mode order, is obtained the monitoring IP address and the listening port of data channel " and is specifically comprised step:
The IP address of judge sending said passive work mode order whether in first address realm that presets, if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway, if not, then,
The IP address of judge sending said passive work mode order whether in second address realm that presets, if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway, if not, then,
The IP address of judge sending said passive work mode order whether in the three-address scope that presets, if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway, if not, then,
Whether the IP address of judge sending said passive work mode order is in the four-address scope that presets; If; Then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway; Then the monitoring IP address of said data channel and listening port are the public network IP address and the port of NAT gateway if not.
5. the answer method of setting up data channel according to claim 4 is characterized in that,
Before first address realm that whether is presetting in the IP address of judge sending said passive work mode order, at first will send IP address and first address realm that presets, second address realm that presets, the three-address scope that presets and the four-address scope that presets that said passive work mode orders and convert the decimal system or hexadecimal into.
6. request unit of setting up data channel, said device comprises: send command module, receive responder module, request link block and first transport module;
Said transmission command module links to each other with said reception responder module, is used for sending the passive work mode order through order control channel;
Said reception responder module links to each other with the request link block with said transmission command module, is used to receive and resolve the response message of said passive work mode order, and obtains monitoring IP address, listening port and this session label information of data channel;
The described request link block links to each other with first transport module with said reception responder module, be used for to said monitoring IP address with listening port request set up data channel and be connected;
Said first transport module links to each other with the described request link block, is used for writing this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
7. answering device of setting up data channel, said device comprises: receive command module, obtain the IP module, send responder module, reply the link block and second transport module;
Said reception command module links to each other with the said IP of obtaining module, is used to receive the passive work mode order, obtains the IP address of sending said passive work mode order;
The said IP module of obtaining links to each other with the transmission responder module with said reception command module, is used for obtaining the monitoring IP address and the listening port of data channel according to the IP address of sending said passive work mode order;
Said transmission responder module; With the said IP of obtaining module with reply link block and link to each other; Be used to generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
The said link block of replying links to each other with second transport module with said transmission responder module, is used to reply the request of setting up data channel, and sets up the connection of data channel.
Said second transport module links to each other with the said link block of replying, and is used for obtaining this session label information from said data channel, and judges whether this session label information is effective, if then carry out transfer of data.
8. the answering device of setting up data channel according to claim 7 is characterized in that, said device also comprises closes link block;
The said link block of closing links to each other with the said link block of replying, and is invalid if be used for from this session label information that said data channel is obtained, and then closes the connection of said data channel by force.
9. the answering device of setting up data channel according to claim 8 is characterized in that, the said IP of obtaining module comprises first judge module, second judge module, the 3rd judge module and the 4th judge module;
Said first judge module; Link to each other with said transmission responder module; Be used to judge that the IP address of sending said passive work mode order is whether in first address realm that presets, if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway; If, then do not notify second judge module to continue to judge.
Said second judge module; Link to each other with the 3rd judge module with said first judge module, transmission responder module; Be used to judge that the IP address of sending said passive work mode order is whether in second address realm that presets, if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway; If, then do not notify the 3rd judge module to continue to judge.
Said the 3rd judge module; Link to each other with the 4th judge module with said second judge module, transmission responder module; Be used to judge that the IP address of sending said passive work mode order is whether in the three-address scope that presets, if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway; If, then do not notify the 4th judge module to continue to judge.
Said the 4th judge module; Link to each other with the transmission responder module with said the 3rd judge module; Be used to judge that the IP address of sending said passive work mode order is whether in the four-address scope that presets, if then the monitoring IP address of said data channel and listening port are the Intranet IP address and the port of NAT gateway; Then the monitoring IP address of said data channel and listening port are the public network IP address and the port of NAT gateway if not.
10. a request and answering system of setting up data channel, said system comprises: request unit and answering device, described request device comprise and send command module, receive responder module, request link block and first transport module; Said answering device comprises the reception command module, obtains the IP module, sends responder module, replys the link block and second transport module.
Said transmission command module links to each other with the reception responder module with said reception command module, is used for sending the passive work mode order through order control channel;
Said reception responder module; Link to each other with said transmission command module, request link block and transmission responder module; Be used to receive and resolve the response message of said passive work mode order, and obtain monitoring IP address, listening port and this session label information of data channel;
The described request link block, with said reception responder module, first transport module with reply link block and link to each other, be used for to said monitoring IP address with listening port request set up data channel and be connected;
Said first transport module links to each other with second transport module with the described request link block, is used for writing this session label information that receives, the data transfer of going forward side by side to said data channel after the successful connection.
Said reception command module, with said transmission command module with obtain the IP module and link to each other, be used to receive the passive work mode order, obtain the IP address of sending said passive work mode order;
The said IP module of obtaining links to each other with the transmission responder module with said reception command module, is used for obtaining the monitoring IP address and the listening port of data channel according to the IP address of sending said passive work mode order;
Said transmission responder module; With the said IP of obtaining module with reply link block and link to each other; Be used to generate this session label information, and the response message that monitoring IP address, listening port and this session label information of said data channel are ordered as passive work mode feeds back;
The said link block of replying links to each other with second transport module with said transmission responder module, is used to reply the request of setting up data channel, and sets up the connection of data channel.
Said second transport module links to each other with the said link block of replying, and is used for obtaining this session label information from said data channel, and judges whether this session label information is effective, if then carry out transfer of data.
11. a terminal equipment of setting up the request of data channel is characterized in that, described terminal equipment comprises the described request unit of claim 6.
12. a server of setting up data channel is characterized in that, described server comprises any described answering device of setting up data channel of claim 7-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110316119A CN102325016A (en) | 2011-10-18 | 2011-10-18 | Data channel establishment requesting and responding method, system and terminal equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110316119A CN102325016A (en) | 2011-10-18 | 2011-10-18 | Data channel establishment requesting and responding method, system and terminal equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102325016A true CN102325016A (en) | 2012-01-18 |
Family
ID=45452691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110316119A Pending CN102325016A (en) | 2011-10-18 | 2011-10-18 | Data channel establishment requesting and responding method, system and terminal equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102325016A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105262787A (en) * | 2015-09-06 | 2016-01-20 | 浪潮软件股份有限公司 | Technology for cloud service to access data of Intranet |
| CN106603717A (en) * | 2016-12-31 | 2017-04-26 | 深圳市智联宝生态科技有限公司 | FTP extending method and FTP extending system supporting single data port and NAT traversal |
| CN106878360A (en) * | 2015-12-14 | 2017-06-20 | 中兴通讯股份有限公司 | The method for building up and device of data transmission channel |
| CN106899635A (en) * | 2015-12-18 | 2017-06-27 | 中国移动通信集团四川有限公司 | FTP data link realizes the method and device of fixed communication port |
| US10110557B2 (en) | 2013-08-20 | 2018-10-23 | Zte Corporation | FTP application layer packet filtering method, device and computer storage medium |
| CN109309651A (en) * | 2017-07-28 | 2019-02-05 | 阿里巴巴集团控股有限公司 | A kind of document transmission method, device, equipment and storage medium |
| CN110401679A (en) * | 2019-08-27 | 2019-11-01 | 北京指掌易科技有限公司 | The control method and device that the mobile application security tunnel of Network Environment is established |
| CN110545329A (en) * | 2019-09-27 | 2019-12-06 | 杭州海潮信息科技有限公司 | Method for improving FTP file transmission speed |
| CN113542450A (en) * | 2021-07-21 | 2021-10-22 | 北京威努特技术有限公司 | Method and system for realizing FTP (File transfer protocol) traversal through NAT (network Address translation) by industrial control firewall |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1774705A (en) * | 2004-04-14 | 2006-05-17 | 日本电信电话株式会社 | Address conversion method, access control method, and device using these methods |
| CN101083607A (en) * | 2006-05-30 | 2007-12-05 | 倪海生 | Internet accessing server for inside and outside network isolation and its processing method |
| CN101170517A (en) * | 2007-12-06 | 2008-04-30 | 杭州华三通信技术有限公司 | Method and device for aging of control session table |
| CN101252509A (en) * | 2007-02-21 | 2008-08-27 | 华耀环宇科技有限公司 | Dynamic system and method for virtual private network (VPN) information packet level routing using dual-NAT method |
| CN101325580A (en) * | 2007-06-15 | 2008-12-17 | 上海亿人通信终端有限公司 | Method for implementing FTP application-layer gateway based on NAT-PT |
-
2011
- 2011-10-18 CN CN201110316119A patent/CN102325016A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1774705A (en) * | 2004-04-14 | 2006-05-17 | 日本电信电话株式会社 | Address conversion method, access control method, and device using these methods |
| CN101083607A (en) * | 2006-05-30 | 2007-12-05 | 倪海生 | Internet accessing server for inside and outside network isolation and its processing method |
| CN101252509A (en) * | 2007-02-21 | 2008-08-27 | 华耀环宇科技有限公司 | Dynamic system and method for virtual private network (VPN) information packet level routing using dual-NAT method |
| CN101325580A (en) * | 2007-06-15 | 2008-12-17 | 上海亿人通信终端有限公司 | Method for implementing FTP application-layer gateway based on NAT-PT |
| CN101170517A (en) * | 2007-12-06 | 2008-04-30 | 杭州华三通信技术有限公司 | Method and device for aging of control session table |
Non-Patent Citations (1)
| Title |
|---|
| 白轶: "基于网格的校园FTP系统的研究与设计", 《计算机与信息技术》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10110557B2 (en) | 2013-08-20 | 2018-10-23 | Zte Corporation | FTP application layer packet filtering method, device and computer storage medium |
| CN105262787A (en) * | 2015-09-06 | 2016-01-20 | 浪潮软件股份有限公司 | Technology for cloud service to access data of Intranet |
| CN106878360A (en) * | 2015-12-14 | 2017-06-20 | 中兴通讯股份有限公司 | The method for building up and device of data transmission channel |
| CN106899635A (en) * | 2015-12-18 | 2017-06-27 | 中国移动通信集团四川有限公司 | FTP data link realizes the method and device of fixed communication port |
| CN106899635B (en) * | 2015-12-18 | 2021-03-09 | 中国移动通信集团四川有限公司 | Method and device for realizing fixed communication port of file transfer protocol data link |
| CN106603717A (en) * | 2016-12-31 | 2017-04-26 | 深圳市智联宝生态科技有限公司 | FTP extending method and FTP extending system supporting single data port and NAT traversal |
| CN109309651A (en) * | 2017-07-28 | 2019-02-05 | 阿里巴巴集团控股有限公司 | A kind of document transmission method, device, equipment and storage medium |
| CN110401679A (en) * | 2019-08-27 | 2019-11-01 | 北京指掌易科技有限公司 | The control method and device that the mobile application security tunnel of Network Environment is established |
| CN110545329A (en) * | 2019-09-27 | 2019-12-06 | 杭州海潮信息科技有限公司 | Method for improving FTP file transmission speed |
| CN110545329B (en) * | 2019-09-27 | 2022-04-29 | 杭州海潮信息科技有限公司 | Method for improving FTP file transmission speed |
| CN113542450A (en) * | 2021-07-21 | 2021-10-22 | 北京威努特技术有限公司 | Method and system for realizing FTP (File transfer protocol) traversal through NAT (network Address translation) by industrial control firewall |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102325016A (en) | Data channel establishment requesting and responding method, system and terminal equipment | |
| CN110166432B (en) | Method for accessing intranet target service and method for providing intranet target service | |
| JP6515207B2 (en) | Internet access authentication method and client, and computer storage medium | |
| CN103746812B (en) | A kind of access authentication method and system | |
| CN104335523B (en) | A kind of authority control method, client and server | |
| CN101136929B (en) | Internet small computer system interface data transmission method and apparatus | |
| CN104378758A (en) | Access point connecting method, terminal and server | |
| KR101394747B1 (en) | Agent-less follow-me service for cloud-based applications | |
| CN102821085A (en) | Third party authorization login method, open platform and system | |
| CN104125145B (en) | Web browser based communication method, web browser based communication equipment and web browser based communication system | |
| CN104683980A (en) | Antitheft security management system and method for home wireless router | |
| KR20100075605A (en) | A method for accessing a portable device, corresponding portable device, host device and system | |
| CN103368809A (en) | Internet reverse penetration tunnel implementation method | |
| CN106161368A (en) | It is a kind of for cloud application is carried out remote access method, Apparatus and system | |
| CN102752411A (en) | Redirection method and device | |
| WO2009093308A1 (en) | Connection control method, connection control server device, connection control client device, and program | |
| CN105812413B (en) | Communication method and device | |
| CN104469770B (en) | Towards WLAN authentication methods, platform and the system of third-party application | |
| CN106302416A (en) | Corporate intranet access method, Android terminal, transfer processing method, transfer server | |
| KR20130077682A (en) | Recording medium, method and system for log-in confirmation use of smart phone | |
| CN103607403A (en) | Method, device and system for using safety domain in NAT network environment | |
| CN111182071A (en) | Method for intranet penetration and service release | |
| CN105743891A (en) | Networking method and device, server and router | |
| CN104065692B (en) | The method, apparatus and system that web game is mutual | |
| CN106899635B (en) | Method and device for realizing fixed communication port of file transfer protocol data link |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 19, building 18, Changhong technology building, 518057 South twelve Road, South tech Zone, Nanshan District hi tech Zone, Guangdong, Shenzhen Applicant after: SHENZHEN TEMOBI TECHNOLOGY CO., LTD. Address before: 19, building 18, Changhong technology building, 518057 South twelve Road, South tech Zone, Nanshan District hi tech Zone, Guangdong, Shenzhen Applicant before: Shenzhen Temobi Science & Tech Development Co.,Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: SHENZHEN TEMOBI SCIENCE + TECHNOLOGY CO., LTD. TO: SHENZHEN RONGCHANG TIANXIA TECHNOLOGY CO., LTD. |
|
| ASS | Succession or assignment of patent right |
Owner name: RONGCHUANG TIANXIA (SHANGHAI) TECHNOLOGY DEVELOPME Free format text: FORMER OWNER: SHENZHEN RONGCHANG TIANXIA TECHNOLOGY CO., LTD. Effective date: 20150701 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150701 Address after: 200433 Shanghai City, Yangpu District Wei Road No. 6 room 502-8 Applicant after: World (Shanghai) Technology Development Co., Ltd. Address before: 19, building 18, Changhong technology building, 518057 South twelve Road, South tech Zone, Nanshan District hi tech Zone, Guangdong, Shenzhen Applicant before: SHENZHEN TEMOBI TECHNOLOGY CO., LTD. |
|
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120118 |