CN105897665B - Method for realizing TCP transmission in satellite network environment and corresponding gateway - Google Patents

Method for realizing TCP transmission in satellite network environment and corresponding gateway Download PDF

Info

Publication number
CN105897665B
CN105897665B CN201510038936.8A CN201510038936A CN105897665B CN 105897665 B CN105897665 B CN 105897665B CN 201510038936 A CN201510038936 A CN 201510038936A CN 105897665 B CN105897665 B CN 105897665B
Authority
CN
China
Prior art keywords
tcp
connection
message
tcp connection
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510038936.8A
Other languages
Chinese (zh)
Other versions
CN105897665A (en
Inventor
常伟
唐雄
麦伟鹏
晏文彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510038936.8A priority Critical patent/CN105897665B/en
Priority to PCT/CN2015/089060 priority patent/WO2016119464A1/en
Publication of CN105897665A publication Critical patent/CN105897665A/en
Application granted granted Critical
Publication of CN105897665B publication Critical patent/CN105897665B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Radio Relay Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for realizing TCP transmission in satellite network environment and corresponding gateway, includes: the gateway in the PEP connected to the client performs the following: intercepting a TCP connection request sent by a client to a server, extracting first connection information from the TCP connection request, sending a pseudo response to the client, and establishing a first TCP connection with the client; the first connection information is used as a data part and a TMSG (trusted cryptography signal) head is packaged, a message requesting to establish connection is generated and sent to an opposite-end gateway connected with a server through a satellite link, and the TMSG head carries a first TCP (transmission control protocol) connection identifier; and after receiving a response message which is returned by the opposite-end gateway and is successfully established, recording a second TCP connection identifier carried by the TMSG head and associating the second TCP connection identifier with the first TCP connection identifier. The invention realizes the relevant processing of TCP transmission between the client and the server without changing the protocol stacks of the server and the client.

Description

Method for realizing TCP transmission in satellite network environment and corresponding gateway
Technical Field
The present invention relates to satellite communications, and more particularly, to a method for implementing TCP transmission in a satellite network environment and a corresponding gateway.
Background
As satellite technology plays an increasingly important role in modern communication infrastructure, the combination of satellite networks and terrestrial IP networks is the most popular development trend in the field of satellite communications today. The TCP protocol is a connection-oriented transport layer protocol that provides reliable data transfer to the relevant applications. Statistically, more than 95% of the data streams on the Internet currently use TCP as the transport protocol. However, when the TCP protocol is applied to a satellite network environment, the performance of the TCP is seriously affected due to some inherent characteristics of the satellite channel different from the ground link, and the utilization rate of the satellite channel bandwidth is reduced.
Many researches have been made on how to improve the performance of TCP in a satellite network environment, and currently, a commonly used method for improving the performance of TCP in a satellite system mainly adopts a PEP (performance enhanced Proxy) mode, which is divided into a single-end mode and a double-end mode. Wherein, the dual-end PEP includes two gateways respectively placed at two ends of the satellite network, as shown in fig. 1, all TCP connections are divided into three segments: the server is connected with the master station terminal PEP (arranged in the gateway connected with the server), the master station terminal PEP is connected with the small station terminal PEP (arranged in the gateway connected with the client), and the small station terminal PEP is connected with the client. The dual-end PEP scheme does not change the protocol stacks and the application programs of both communication parties, but in order to adapt to the characteristics of the satellite link, other protocols different from TCP are adopted between the two gateways for data transmission, and how to realize TCP transmission between the client and the server at this time is a technical problem to be solved urgently.
Disclosure of Invention
In view of this, the present invention provides a method for implementing TCP transmission in a satellite network environment, which is applied to a gateway connected to a client in a dual-end accelerated proxy PEP, and the method includes the following processing of connection establishment:
intercepting a TCP connection request sent by a client to a server, extracting first connection information from the TCP connection request, sending a pseudo response to the client, and establishing a first TCP connection with the client;
taking the first connection information as a data part, packaging a conversion message TMSG head, generating a message requesting to establish connection and sending the message to an opposite terminal gateway connected with the server through a satellite link, wherein the TMSG head carries a first TCP connection identifier used for identifying the first TCP connection;
and after receiving a response message which is returned by the opposite-end gateway and successfully establishes the connection, recording a second TCP connection identifier carried by the TMSG head and associating the second TCP connection identifier with the first TCP connection identifier, wherein the second TCP connection identifier is the identifier of the TCP connection established between the opposite-end gateway and the server.
Preferably, the first and second liquid crystal films are made of a polymer,
the TMSG header includes a message type, a connection identification, and a message length field, the length of which is less than the length of the TCP header.
Preferably, the first and second liquid crystal films are made of a polymer,
the method further comprises the following data transmission processes:
intercepting a TCP data message sent to the server by the client through a first TCP connection and responding, extracting a data part from the TCP data message and packaging a TMSG (trusted cryptography control signal) head, and sending a generated data sending message to the opposite-end gateway through the satellite link, wherein the TMSG head carries a second TCP connection identifier associated with the first TCP connection identifier; and
and receiving a data transmission message from the satellite link, if the connection identifier of the TMSG header is the first TCP connection identifier, extracting a data part from the data transmission message, packaging a corresponding TCP header, and transmitting the generated TCP data message to the client through the first TCP connection.
Preferably, the first and second liquid crystal films are made of a polymer,
the method further comprises the following disconnection process:
detecting a communication interruption of the first TCP connection;
sending a message for requesting to close the connection to the opposite-end gateway through the satellite link, wherein a TMSG (trusted cryptography gateway) head carries the second TCP connection identifier;
and after receiving a response message returned by the opposite-end gateway, wherein the response message is successfully closed, the first TCP connection is disconnected.
Preferably, the first and second liquid crystal films are made of a polymer,
the process of connection establishment further comprises: associating the first TCP connection with the satellite link;
the method further comprises the following disconnection process: and detecting the disconnection of the satellite link, and disconnecting all TCP connections associated with the satellite link.
In view of the above, the present invention further provides a gateway connected to a client in a dual-end acceleration proxy PEP, including a user-side protocol entity and a satellite-side protocol entity, where:
the user side protocol entity comprises a packet filtering module at the bottom layer and a Socket server at the upper layer;
the packet filtering module includes:
the reverse forwarding unit is used for intercepting a connection request message and an ACK message sent when the client establishes TCP connection with the server, replacing a destination IP address and a destination port in the message with the IP address and the port of the Socket server and then sending the message to the Socket server; when the connection request message is intercepted, first connection information comprising a source IP address, a source port, a destination IP address and a destination port is recorded and sent to the Socket server;
a forward forwarding unit, configured to replace a source IP address and a source port in an ACK packet sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and send the source IP address and the destination port to the client;
the Socket server includes: the connection establishing module is used for sending an ACK message to the client after receiving the connection request message and the first connection information sent by the packet filtering module; after receiving the ACK message sent by the packet filtering module, establishing a first TCP connection with the client and generating a first TCP connection identifier, and informing the satellite side protocol entity that the first TCP connection is successfully established and carries the first connection information;
the satellite side protocol entity comprises: the connection establishing module is used for taking the first connection information as a data part and packaging a conversion message TMSG (hypertext markup language) head after receiving a notification that the first TCP connection of the Socket server is successfully established, generating a message for requesting to establish connection and sending the message to an opposite-end gateway through a satellite link, wherein the TMSG head carries the first TCP connection identifier; and the second TCP connection identifier is used for recording a second TCP connection identifier carried by the TMSG head and associating the second TCP connection identifier with the first TCP connection identifier after receiving a response message which is returned by the opposite terminal gateway through the satellite link and is successfully established, wherein the second TCP connection identifier is the identifier of the TCP connection established between the opposite terminal gateway and the server.
Preferably, the first and second liquid crystal films are made of a polymer,
the TMSG header encapsulated by the connection establishment module of the satellite side protocol entity comprises a message type, a connection identifier and a message length field, and the length of the message type, the connection identifier and the message length field is less than the length of the TCP header.
Preferably, the first and second liquid crystal films are made of a polymer,
the reverse forwarding unit in the packet filtering module is further configured to intercept a TCP data packet that passes through, and if connection information therein matches the first connection information, the TCP data packet comes from a first TCP connection, replaces a destination IP address and a destination port in the TCP data packet with an IP address and a port of the Socket server, and sends the IP address and the port to the Socket server;
the Socket server further comprises: the message processing module is used for receiving the TCP data message from the first TCP connection and sending a TCP response message;
the forward forwarding unit in the packet filtering module is further configured to replace a source IP address and a source port in a TCP response message sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and then send the destination IP address and the destination port to the client;
the satellite-side protocol entity further comprises: a message transceiver module, configured to encapsulate a TMSG header in front of a data portion of the TCP data message from the first TCP connection, and send the generated data transmission message to the opposite gateway through the satellite link, where the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
Preferably, the first and second liquid crystal films are made of a polymer,
the message receiving and sending module of the satellite side protocol entity is also used for receiving a data sending message sent to the client from the satellite link;
the message processing module in the Socket server is further configured to identify a data transmission message received by the satellite-side protocol entity, and if a connection identifier of the TMSG header is the first TCP connection identifier, extract a data portion from the data transmission message and encapsulate a corresponding TCP header, and send a generated TCP data message to the client through the first TCP connection;
the forward forwarding unit in the packet filtering module is further configured to replace a source IP address and a source port in a TCP data packet sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and then send the TCP data packet to the client.
Preferably, the first and second liquid crystal films are made of a polymer,
the Socket server further comprises: the connection maintenance module is used for notifying the satellite side protocol entity that the first TCP connection is interrupted when the first TCP connection communication is interrupted; after receiving the notification that the connection of the satellite side protocol entity is successfully closed, disconnecting the first TCP connection;
the satellite-side protocol entity further comprises: the connection maintenance module is used for sending a message requesting connection closing to the opposite terminal gateway through the satellite link after receiving a notification that the first TCP connection of the Socket server is interrupted, wherein a TMSG (trusted cryptography gateway) head carries the second TCP connection identifier; and the Socket server is used for notifying the Socket server that the connection is successfully closed after receiving a response message which is returned by the opposite-end gateway and is successfully closed.
Preferably, the first and second liquid crystal films are made of a polymer,
the connection maintenance module of the satellite side protocol entity is further used for sending a notification of the satellite link disconnection to the Socket server when the satellite link disconnection is detected;
the connection maintenance module of the Socket server is further configured to associate the first TCP connection with the satellite link; and after receiving the notice of the disconnection of the satellite link, disconnecting all TCP connections associated with the satellite link.
In view of this, the present invention further provides a method for implementing TCP transmission in a satellite network environment, which is applied to a gateway connected to a server in a dual-end accelerated proxy PEP, and the method includes the following processing of connection establishment:
after receiving a message of a connection establishment request sent by an opposite-end gateway connected with a client through a satellite link, recording a first TCP connection identifier carried by a conversion message TMSG head and first connection information of a first TCP connection established between the client and the opposite-end gateway carried by a data part, wherein the first TCP connection identifier is used for identifying the first TCP connection;
establishing a second TCP connection with the server, and after the connection is established, returning a response message of successful connection establishment to the opposite-end gateway through the satellite link, wherein a TMSG (trusted cryptography gateway) head carries a second TCP connection identifier for identifying the second TCP connection; and associating the second TCP connection identifier with the first TCP connection identifier.
Preferably, the first and second liquid crystal films are made of a polymer,
the TMSG header includes a message type, a connection identification, and a message length field, the length of which is less than the length of the TCP header.
Preferably, the first and second liquid crystal films are made of a polymer,
the method further comprises the following data transmission processes:
after receiving a TCP data message sent to the client by the server through the second TCP connection, responding, extracting a data part from the TCP data message, packaging a TMSG (trusted cryptography control signal) head, generating a data sending message and sending the data sending message to the opposite-end gateway through the satellite link, wherein the TMSG head carries the first TCP connection identifier associated with the second TCP connection identifier; and
and receiving a data transmission message transmitted to the server from the satellite link, if a connection identifier carried by a TMSG (trusted cryptography control group) header is the second TCP connection identifier, extracting a data part from the data transmission message, packaging a corresponding TCP header, and transmitting the generated TCP data message to the server through the second TCP connection.
Preferably, the first and second liquid crystal films are made of a polymer,
the method further comprises the following disconnection process:
detecting a communication interruption of the second TCP connection;
sending a message requesting to close the connection to the opposite-end gateway through the satellite link, wherein a TMSG (trusted cryptography gateway) head carries the first TCP connection identifier;
and after receiving a response message of successful connection closing returned by the opposite-end gateway through the satellite link, disconnecting the second TCP connection.
Preferably, the first and second liquid crystal films are made of a polymer,
the process of connection establishment further comprises: associating the second TCP connection with the satellite link;
the method further comprises the following disconnection process: and after the satellite link is detected to be disconnected, disconnecting all TCP connections related to the satellite link.
In view of this, the present invention further provides a gateway connected to a server and applied in a dual-end acceleration proxy PEP, including a server-side protocol entity and a satellite-side protocol entity, where:
the satellite side protocol entity comprises: the connection establishment module is used for recording a first TCP connection identifier carried by a conversion message TMSG head and first connection information carried by a data part after receiving a message of a connection establishment request sent by an opposite-end gateway connected with a client through a satellite link, and informing a server side protocol entity to establish a second TCP connection with a server; the first connection information is connection information of a first TCP connection established between the opposite-end gateway and the client, and the first TCP connection identifier is used for identifying the first TCP connection;
the server side protocol entity comprises: the connection establishing module is used for establishing the second TCP connection with the server after receiving the notification of establishing the TCP connection, generating a second TCP connection identifier for identifying the second TCP connection, returning a response message of successful connection establishment to the opposite-end gateway through the satellite link, carrying the second TCP connection identifier, and notifying the satellite side protocol entity that the second TCP connection is successfully established, carrying the second TCP connection identifier;
the connection establishing module of the satellite side protocol entity is further configured to return a response message of successful connection establishment to the opposite-end gateway through the satellite link after receiving the notification that the second TCP connection establishment of the server side protocol entity is successful, where a TMSG head carries the second TCP connection identifier; and associating the second TCP connection identifier with the first TCP connection identifier.
Preferably, the first and second liquid crystal films are made of a polymer,
the server side protocol entity further comprises: the message receiving and sending module is used for receiving and responding to the TCP data message sent to the client by the server through the second TCP connection;
the satellite-side protocol entity further comprises: and the message receiving and sending module is used for extracting a data part from the TCP data message received by the server side protocol entity, encapsulating a TMSG (tunnel gateway control Signal) header, and sending the generated data sending message to the opposite terminal gateway through the satellite link, wherein the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
Preferably, the first and second liquid crystal films are made of a polymer,
the message receiving and sending module of the satellite side protocol entity is also used for receiving a data sending message sent to the server from the satellite link;
the message transceiver module of the server side protocol entity is further configured to identify a data transmission message received by the satellite side protocol entity, and if a connection identifier carried by a TMSG header therein is the second TCP connection identifier, extract a data portion from the data transmission message and encapsulate a corresponding TCP header, and the generated TCP data message is transmitted to the server through the second TCP connection.
Preferably, the first and second liquid crystal films are made of a polymer,
the TMSG header encapsulated by the message transceiver module of the satellite side protocol entity comprises a message type, a connection identifier and a message length field, and the length of the message type, the connection identifier and the message length field is less than the length of the TCP header.
Preferably, the first and second liquid crystal films are made of a polymer,
the server side protocol entity further comprises: the connection maintenance module is used for notifying the satellite side protocol entity that the second TCP connection is interrupted when the communication interruption of the second TCP connection is detected; after receiving the notification that the connection of the satellite side protocol entity is successfully closed, disconnecting the second TCP connection;
the satellite-side protocol entity further comprises: the connection maintenance module is used for sending a message for requesting to close the connection to the opposite terminal gateway through the satellite link after receiving the notification of the interruption of the second TCP connection, wherein the TMSG head carries the first TCP connection identifier; and after receiving a response message returned by the opposite-end gateway and indicating that the connection is successfully closed, notifying the server side protocol entity that the connection is successfully closed.
Preferably, the first and second liquid crystal films are made of a polymer,
the connection maintenance module of the satellite side protocol entity is further configured to send a notification of the satellite link disconnection to the server side protocol entity when the satellite link disconnection is detected;
the connection maintenance module of the server-side protocol entity is further configured to associate the second TCP connection with the satellite link; upon receiving the notification of the satellite link disconnection, disconnecting all TCP connections associated with the satellite link.
According to the scheme, under the double-end PEP scene, the two gateways respectively use TCP spoofing for the server and the client, under the condition that protocol stacks of the server and the client do not need to be changed, relevant processing of TCP transmission between the client and the server is achieved, and the occupied bandwidth can be reduced by replacing a TCP header with a simpler TMSG header.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic diagram of an exemplary satellite communications application scenario in accordance with the present invention;
FIG. 2 is a flow chart of connection establishment according to a method of an embodiment of the present invention;
FIG. 3 is a schematic view of a TMSG head structure according to an embodiment of the invention;
FIG. 4 is a flow chart of data transmission according to a method of an embodiment of the present invention;
FIG. 5 is a flow diagram of a disconnect process of a method of an embodiment of the present invention;
FIG. 6 is a block diagram of a gateway coupled to a client in accordance with an embodiment of the present invention;
FIG. 7 is a flow chart of connection establishment according to a second method of the present invention;
FIG. 8 is a flow chart of data transmission according to a second method of the present invention;
FIG. 9 is a flow chart of a disconnect process of a second method embodiment of the present invention;
fig. 10 is a block diagram of a gateway connected to a server according to a second embodiment of the present invention;
fig. 11 is a schematic diagram of a protocol stack of network elements of an application example of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
Example one
The embodiment relates to a method for realizing TCP transmission in a satellite network environment, which is applied to a gateway connected with a client in a dual-end acceleration proxy PEP.
As shown in fig. 2, the method includes the following processes of connection establishment:
step 110, intercepting a TCP connection request sent by a client to a server, extracting first connection information from the TCP connection request, sending a pseudo response to the client, and establishing a first TCP connection with the client;
step 120, taking the first connection information as a data part, encapsulating a conversion message TMSG head, generating a message requesting to establish connection, and sending the message to an opposite-end gateway connected with the server through a satellite link, wherein the TMSG head carries a first TCP connection identifier;
the first TCP connection identifier is used to identify the first TCP connection.
As shown in fig. 3, the TMSG header of this embodiment includes a message type, a connection identification, and a message length field, whose length is smaller than that of the TCP header. Wherein:
the message types include a request for establishing a connection message, a response message of successful connection establishment, a request for closing the connection message, a response message of successful connection closing, all connection messages closing, a data transmission message and other types of messages, but the message name is not limited in the present invention.
And the connection identifier comprises a first TCP connection identifier used for identifying a first TCP connection between the client and the gateway and a second TCP connection identifier used for identifying a second TCP connection between the gateway and the server.
Message length-message length, i.e. the length of the message including the TMSG.
Step 130, after receiving a response message returned by the opposite-end gateway that the connection establishment is successful, recording a second TCP connection identifier carried by the TMSG head and associating the second TCP connection identifier with the first TCP connection identifier.
The second TCP connection identifier is an identifier of the TCP connection established between the opposite-end gateway and the server.
As shown in fig. 4, the method of this embodiment further includes the following processing of transmitting data by the gateway connected to the client:
step 210, intercepting and responding to a TCP data packet sent by the client to the server through a first TCP connection, extracting a data part from the TCP data packet and encapsulating a TMSG header, and sending a generated data sending packet to an opposite gateway through the satellite link, wherein the TMSG header carries a second TCP connection identifier associated with the first TCP connection identifier;
step 220, receiving a data transmission message from the satellite link, if the connection identifier of the TMSG header is the first TCP connection identifier, extracting a data portion from the data transmission message and encapsulating the corresponding TCP header, and transmitting the generated TCP data message to the client through the first TCP connection.
As shown in fig. 5, the method of the present embodiment further includes the following processing of disconnecting the gateway connected to the client:
step 310, detecting a communication interruption of the first TCP connection;
step 320, sending a message requesting to close the connection to the opposite-end gateway through the satellite link, wherein the TMSG header carries the second TCP connection identifier;
and step 330, after receiving a response message returned by the opposite-end gateway, the response message indicating that the connection is successfully closed, disconnecting the first TCP connection.
If the satellite link is detected to be broken, the gateway connected to the client disconnects all TCP connections associated with the satellite link. Before this, of course, it is necessary to associate the first TCP connection with the satellite link after the first TCP connection is established.
Correspondingly, the present embodiment also provides a gateway applied in a dual-end acceleration proxy PEP and connected to a client, as shown in fig. 6, including a user-side protocol entity 10 and a satellite-side protocol entity 20, where:
the user side protocol entity 10 comprises a packet filtering module 101 at a bottom layer (referred to as a physical layer) and a Socket server 103 at an upper layer (referred to as a TCP protocol layer);
the packet filtering module 101 includes:
a reverse forwarding unit 1011, configured to intercept a connection request message and an ACK message sent when a TCP connection is established between a client and a server, replace a destination IP address and a destination port in the message with an IP address and a port of the Socket server, and send the IP address and the port to the Socket server; when the connection request message is intercepted, first connection information comprising a source IP address, a source port, a destination IP address and a destination port is recorded and sent to the Socket server;
a forward forwarding unit 1013, configured to replace a source IP address and a source port in an ACK message sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and send the source IP address and the destination port to the client;
the Socket server 103 includes:
a connection establishing module 1031, configured to send an ACK packet to the client after receiving the connection request packet and the first connection information sent by the packet filtering module; after receiving the ACK message sent by the packet filtering module, establishing a first TCP connection with the client and generating a first TCP connection identifier, and informing the satellite side protocol entity that the first TCP connection is successfully established and carries the first connection information;
the satellite-side protocol entity 20 includes:
a connection establishing module 201, configured to, after receiving a notification that a first TCP connection of the Socket server is successfully established, use the first connection information as a data portion and encapsulate a transition message TMSG header, generate a message requesting to establish a connection, and send the message to an opposite-end gateway through a satellite link, where the TMSG header carries the first TCP connection identifier; and the second TCP connection identifier is used for recording a second TCP connection identifier carried by the TMSG head and associating the second TCP connection identifier with the first TCP connection identifier after receiving a response message which is returned by the opposite terminal gateway through the satellite link and is successfully established, wherein the second TCP connection identifier is the identifier of the TCP connection established between the opposite terminal gateway and the server. Preferably, the TMSG header includes a message type, a connection identification and a message length field, the length of which is less than the length of the TCP header.
Preferably, the first and second liquid crystal films are made of a polymer,
the reverse forwarding unit 1011 in the packet filtering module 101 is further configured to intercept a TCP data packet that passes through, and if connection information therein matches the first connection information, the TCP data packet comes from a first TCP connection, replaces a destination IP address and a destination port in the TCP data packet with an IP address and a port of the Socket server, and sends the IP address and the port to the Socket server;
the Socket server 103 further includes:
a message processing module 1033, configured to receive the TCP data message from the first TCP connection and send a TCP response message;
the forward forwarding unit 1013 in the packet filtering module 101 is further configured to replace a source IP address and a source port in a TCP response message sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and send the destination IP address and the destination port to the client;
the satellite-side protocol entity 20 further includes:
a message transceiver module 203, configured to encapsulate a TMSG header in front of a data portion of the TCP data message from the first TCP connection, and send the generated data sending message to the peer gateway through the satellite link, where the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
Preferably, the first and second liquid crystal films are made of a polymer,
the message transceiving module 203 of the satellite-side protocol entity 20 is further configured to receive a data transmission message sent to the client from the satellite link;
the message processing module 1033 in the Socket server 103 is further configured to identify a data transmission message received by the satellite-side protocol entity 20, and if a connection identifier of the TMSG header is the first TCP connection identifier, extract a data portion from the data transmission message and encapsulate a corresponding TCP header, and send a generated TCP data message to the client through the first TCP connection;
the forward forwarding unit 1013 in the packet filtering module 101 is further configured to replace a source IP address and a source port in a TCP data packet sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and then send the TCP data packet to the client.
Preferably, the first and second liquid crystal films are made of a polymer,
the Socket server 103 further includes:
a connection maintenance module 1035, configured to notify the satellite-side protocol entity 20 that the first TCP connection is interrupted when the first TCP connection communication interruption is detected; after receiving the notification that the connection of the satellite side protocol entity 20 is successfully closed, disconnecting the first TCP connection;
the satellite-side protocol entity 20 further includes:
a connection maintenance module 205, configured to send a message requesting connection closing to the opposite gateway through the satellite link after receiving a notification that the first TCP connection of the Socket server is interrupted, where a TMSG header carries the second TCP connection identifier; and the Socket server is used for notifying the Socket server that the connection is successfully closed after receiving a response message which is returned by the opposite-end gateway and is successfully closed.
Preferably, the first and second liquid crystal films are made of a polymer,
the connection maintenance module 205 of the satellite-side protocol entity 20 is further configured to send a notification of the satellite link disconnection to the Socket server 103 when detecting that the satellite link is disconnected;
the connection maintenance module 1035 of the Socket server 103 is further configured to associate the first TCP connection with the satellite link; and after receiving the notice of the disconnection of the satellite link, disconnecting all TCP connections associated with the satellite link.
Example two
The embodiment relates to a method for realizing TCP transmission in a satellite network environment, which is applied to a gateway connected with a server in a dual-end acceleration proxy PEP.
As shown in fig. 7, the method includes the following processes of connection establishment:
step 410, after receiving a message of a connection establishment request sent by an opposite-end gateway connected with a client through a satellite link, recording a first TCP connection identifier carried by a TMSG header of a conversion message and first connection information of a first TCP connection established between the client and the opposite-end gateway carried by a data part, wherein the first TCP connection identifier is used for identifying the first TCP connection;
preferably, the TMSG header includes a message type, a connection identification and a message length field, the length of which is less than the length of the TCP header.
Step 420, establishing a second TCP connection with the server, and after the connection is established, returning a response message indicating that the connection establishment is successful to the opposite gateway through the satellite link, wherein a TMSG head carries a second TCP connection identifier for identifying the second TCP connection; and associating the second TCP connection identifier with the first TCP connection identifier.
As shown in fig. 8, the method further includes the following data transmission processes:
step 510, receiving a TCP data packet sent by the server to the client through the second TCP connection, responding, extracting a data portion from the TCP data packet and encapsulating a TMSG header, generating a data sending packet and sending the data sending packet to the peer gateway through the satellite link, where the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier;
step 520, receiving a data transmission message sent to the server from the satellite link, if a connection identifier carried by a TMSG header is the second TCP connection identifier, extracting a data portion from the data transmission message and encapsulating a corresponding TCP header, and sending the generated TCP data message to the server through the second TCP connection.
As shown in fig. 9, the method may further include the following disconnection process:
step 610, detecting a communication interruption of the second TCP connection;
step 620, sending a message requesting to close the connection to the opposite-end gateway through the satellite link, wherein a TMSG header carries the first TCP connection identifier;
step 630, after receiving a response message of successful connection closure returned by the opposite-end gateway through the satellite link, disconnecting the second TCP connection.
And if the satellite link is detected to be disconnected, the gateway connected with the server disconnects all TCP connections related to the satellite link. Of course, the gateway needs to associate a second TCP connection with the satellite link after establishing the second TCP connection.
Correspondingly, the present embodiment also provides a gateway applied in a dual-end acceleration proxy PEP and connected to a server, as shown in fig. 10, including a server-side protocol entity 50 and a satellite-side protocol entity 60, where:
the satellite-side protocol entity 60 includes:
a connection establishing module 601, configured to record a first TCP connection identifier carried by a transition message TMSG header and first connection information carried by a data portion after receiving a connection establishing request message sent by an opposite gateway connected to a client via a satellite link, and notify a server side protocol entity to establish a second TCP connection with a server; the first connection information is connection information of a first TCP connection established between the opposite-end gateway and the client, and the first TCP connection identifier is used for identifying the first TCP connection;
the server side protocol entity 50 comprises:
a connection establishing module 501, configured to establish the second TCP connection with the server after receiving the notification of establishing the TCP connection, generate a second TCP connection identifier for identifying the second TCP connection, return a response packet indicating that the connection establishment is successful to the peer gateway through the satellite link, carry the second TCP connection identifier, and notify the satellite side protocol entity that the second TCP connection is successfully established, carry the second TCP connection identifier;
the connection establishing module 601 of the satellite side protocol entity is further configured to return a response message indicating that connection establishment is successful to the opposite end gateway through the satellite link after receiving the notification that the second TCP connection establishment is successful, where a TMSG header carries the second TCP connection identifier; and associating the second TCP connection identifier with the first TCP connection identifier.
Preferably, the first and second liquid crystal films are made of a polymer,
the server side protocol entity 50 further comprises:
a message transceiver module 503, configured to receive and respond to a TCP data message sent by the server to the client through the second TCP connection;
the satellite-side protocol entity 60 further includes:
a message transceiver module 603, configured to extract a data portion from the TCP data message received by the server-side protocol entity, encapsulate a TMSG header, and send the generated data sending message to the peer gateway through the satellite link, where the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
Preferably, the first and second liquid crystal films are made of a polymer,
the message transceiver module 603 of the satellite-side protocol entity 60 is further configured to receive a data transmission message sent to the server from the satellite link;
the message transceiver module 503 of the server-side protocol entity 50 is further configured to identify a data transmission message received by the satellite-side protocol entity, and if a connection identifier carried by a TMSG header therein is the second TCP connection identifier, extract a data portion from the data transmission message and encapsulate a corresponding TCP header, and transmit the generated TCP data message to the server through the second TCP connection.
Preferably, the first and second liquid crystal films are made of a polymer,
the TMSG header encapsulated by the messaging module 603 of the satellite side protocol entity 60 includes a message type, a connection identifier and a message length field, and the length of the TMSG header is smaller than that of the TCP header.
Preferably, the first and second liquid crystal films are made of a polymer,
the server side protocol entity 50 further comprises:
a connection maintenance module 505, configured to notify the satellite-side protocol entity that the second TCP connection is interrupted when detecting that the communication of the second TCP connection is interrupted; after receiving the notification that the connection of the satellite side protocol entity is successfully closed, disconnecting the second TCP connection;
the satellite-side protocol entity 60 further includes:
a connection maintenance module 605, configured to send a message requesting connection closing to the opposite gateway through the satellite link after receiving a notification of interruption of a second TCP connection, where a TMSG header carries the first TCP connection identifier; and after receiving a response message returned by the opposite-end gateway and indicating that the connection is successfully closed, notifying the server side protocol entity that the connection is successfully closed.
Preferably, the first and second liquid crystal films are made of a polymer,
the connection maintenance module 605 of the satellite-side protocol entity 60 is further configured to send a notification of the satellite link disconnection to the server-side protocol entity when the satellite link disconnection is detected;
the connection maintenance module 505 of the server-side protocol entity 50 is further configured to associate the second TCP connection with the satellite link; upon receiving the notification of the satellite link disconnection, disconnecting all TCP connections associated with the satellite link.
In the above embodiment, in a dual-end PEP scenario, the two gateways respectively use TCP spoofing for the server and the client, and realize related processing of TCP transmission between the client and the server without changing protocol stacks of the server and the client.
The following describes the method and gateway as a whole by using an application example.
Fig. 11 shows a schematic diagram of a client, a gateway connected to the server, and a protocol stack on the server according to the above-described embodiment.
The protocol stacks on the Client (Client) and server each include TCP, IP, and MAC, without change.
On a gateway connected to a client, a protocol stack on a side connected to the client includes: TCP, IP, and MAC, physical layer protocol stacks not shown. As described in the first embodiment, a packet filtering module needs to be disposed in the physical layer, and the packet filtering module cooperates with a Socket server in the TCP layer to implement TCP spoofing for the client (that is, when the client communicates with the gateway, the opposite end is considered to be the server). The protocol stack of the gateway and the satellite network connection side comprises: the TMSG protocol is used for performing encapsulation and decapsulation of a TMSG header on a message, and the RMAC protocol may use various communication protocols based on a satellite link, such as some TCP protocols improved for the satellite link or proprietary protocols specially designed for a satellite network, and the invention is not limited thereto.
On the gateway connected with the server, the protocol stack on the side connected with the satellite network comprises: TMSG and RMAC, as well as the TMSG protocol for encapsulating and decapsulating the TMSG header for messages, the RMAC protocol is a satellite link based communication protocol.
The processing steps of connection establishment, data transfer, and connection closure of the present example are described below. Wherein:
the establishing process comprises the following steps:
1) a client initiates a TCP connection request to a server;
2) when the connection request passes through GW1, GW1 intercepts the request message and records TCP connection information;
3) GW1 carries out TCP spoofing on the client, sends a pseudo response, and simultaneously initiates a link establishment request to GW 2;
4) after receiving the information, GW2 records the relevant information, then establishes TCP connection with the server by GW2 according to the information carried in the link establishment request sent by GW1, and responds a link establishment success message to GW1 after TCP is successfully established;
5) the two parties establish connection successfully.
An exemplary more specific processing step includes:
1) a client initiates a TCP connection request to a server;
2) when the connection request passes through GW1, a GW1 bottom layer protocol stack packet filtering module intercepts the request message and records TCP connection information including a source IP, a source port, a destination IP and a destination port;
3) the GW1 upper packet filtering module replaces the destination IP of the request message with the IP of GW1, replaces the destination port with 10086, sends the request message to the Socket server on the upper layer of GW1, the Socket server receives the TCP request message, responds to the request, and during the process of sending the response message to the client, passes through the GW1 bottom layer, the packet filtering module searches the connection information recorded in the second step from the record table, and if found, replaces the source IP and source port of the response message with the record in the table? IP and port of the server of (1);
4) the client receives the response message, considers that the response message is sent by the real server, responds to a third message in the TCP three-way handshake, and when the message passes through a GW1, a bottom layer packet capturing module is also replaced by a destination IP and a destination port, and sends the message to an upper layer Socket server of the GW1, so that the TCP connection between the client and the GW1 is completely established, and a Socket ID corresponding to the connection is generated on the GW1 and used as a connection identifier in a TMSG header;
5) after the TCP Socket between the client and the GW1 is established, the GW1 sends a connection request to the GW2, encapsulates the TMSG header, the message type is the request to establish connection, the connection identifier fills the Socket ID (GW1SID) recorded in the fourth step, the message content is the source IP source port of the client, and the IP and port of the server recorded in the second step;
6) after receiving the back request, the GW2 records the source IP, source port, destination IP, destination port, and Socket ID carried in the message, then establishes TCP connection to the server, generates a local Socket ID (GW2SID) after the TCP three-way handshake is successfully established, responds to the GW1 for a link establishment success message, encapsulates the TMSG header, and if the message type is that the connection establishment is successful, the connection identifier is filled in as GW2SID, and the message content is empty;
7) GW1 receives the message of successful connection establishment and records GW2 SID;
8) the two parties establish connection successfully.
The data transmission process in the client-server direction comprises the following steps:
1) the client sends data to the server;
2) after receiving the message, GW1 intercepts the data message, takes out the content to be transmitted, packages TMSG header, sends the TMSG header to GW2 through RMAC protocol, and performs pseudo response to the client;
3) after receiving the data, the GW2 takes out the data content and sends the data content to the server through a TCP link established with the server;
4) and the server receives the data and then forwards the data to an application layer for further processing.
An exemplary more specific processing step includes:
1) the client sends data to the server;
2) after receiving the packet, GW1 receives the TCP data packet sent by the client through the packet filtering module, looks up the table and determines whether there is a connection request record through the source IP, source port, destination IP, and destination port, and discards the connection request record if there is no connection request record. If the TCP data message exists, modifying the destination IP address of the TCP data message to be the IP address of GW1, modifying the destination port to be 10086, sending the data message to an upper-layer Socket server, responding the data message by the upper-layer Socket server of GW1 to a bottom-layer packet filtering module, searching a table to replace a source IP source port, and sending the data message to a client, wherein the processing steps are similar to the connection establishment process;
3) the upper layer Socket server of GW1 takes out TCP message data content, packages TMSG head and sends to GW2, the message type package is data sending, and the mark connection package is GW2SID recorded when establishing connection;
3) after receiving the message, GW2 extracts the data content from the message, searches for the corresponding TCP connection according to GW2SID in the TSMG header, and forwards the data to the server.
The data transmission process in the server-client direction comprises the following steps:
1) the server sends data to the client;
2) after receiving the data, the GW2 takes out the data content, encapsulates the TMSG header, and sends it to the GW1 via the RMAC protocol, since the server is a TCP connection with the GW2, the response is directly sent back to the server by the protocol stack of the GW 2;
3) GW1 receives RMAC message sent by GW2, takes out data, converts the data into TCP message, and simultaneously converts source IP and source port into source IP and source port of server, and sends the message to client;
4) the client receives the data and forwards the data to the application layer for further processing.
An exemplary more specific processing step includes:
1) the server sends data to the client;
2) GW2 receives data sent by server, takes out data, packages TMSG and sends it to GW1, the message type is data sending, and the identification connection is GW1SID recorded when establishing connection;
3) after receiving the message, the GW1 takes out the GW1SID, searches for a corresponding TCP connection, and sends the message to the client;
4) the bottom layer filtering module intercepts the message, then searches the table information recorded in the connection establishing process, the replacement source IP is the server IP, and the source port is the server port;
5) and after receiving the data, the client sends the data to the upper layer application.
The process of client disconnection includes:
1) GW1 detects a communication interruption of the TCP connection with the client, and transmits a disconnection request to GW 2;
2) after receiving the information, GW2 closes the TCP connection with the server, and at the same time clears the recorded information related to the connection, and after finishing the information, GW1 sends a closing success message;
3) GW1 receives the message and closes the corresponding TCP connection with the client while clearing the relevant information.
An exemplary more specific processing step includes:
1) GW1 detects a communication interruption of the TCP connection with the client:
2) GW1 sends a request for closing connection to GW2, and encapsulates a TMSG header, wherein the message type is connection closure, the connection identifier is GW2SID, and the message content is null;
3) after receiving the request, GW2 takes out GW2SID, closes TCP connection with the server, and sends a close success message to GW1, encapsulating the TMSG header, the message type being that the connection is successfully closed;
4) the GW1 receives the response message and closes the TCP connection with the client.
The process of disconnecting the server comprises the following steps:
1) GW2 detects a communication interruption of a TCP connection with a server, and transmits a disconnection request to GW 1;
2) after receiving the request, GW1 closes the TCP connection with the client, and at the same time clears the recorded information related to the connection, and sends a closing success message to GW2 after completion;
3) GW2 receives the message and closes the connection with the server and clears the relevant information.
An exemplary more specific processing step includes:
1) GW2 detects a communication interruption of the TCP connection with the server;
2) GW2 sends a request for closing connection to GW1, and encapsulates a TMSG header, wherein the message type is connection closure, the connection identifier is GW1SID, and the message content is null;
3) after receiving the request, GW1 takes out GW1SID, closes TCP connection with the client, and sends a close success message to GW2, encapsulating the TMSG header, the message type being that the connection is successfully closed;
4) the GW2 receives the response message and disconnects the TCP connection with the server.
The processing after the satellite link is disconnected comprises the following steps:
1) the GW1 bottom RMAC protocol detects the disconnection of the satellite link and closes all TCP connections associated with the satellite link between the client and the GW 1;
2) the GW2 underlying RMAC protocol detects a satellite link disconnection and closes all TCP connections associated with the satellite link with the server.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by instructing the relevant hardware through a program, and the program may be stored in a computer readable storage medium, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the foregoing embodiments may also be implemented by using one or more integrated circuits, and accordingly, each module/unit in the foregoing embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present invention is not limited to any specific form of combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (22)

1. A method for realizing TCP transmission in a satellite network environment is applied to a gateway connected with a client in a dual-end acceleration proxy PEP, and comprises the following processing of connection establishment:
intercepting a TCP connection request sent by a client to a server, extracting first connection information from the TCP connection request, sending a pseudo response to the client, and establishing a first TCP connection with the client;
taking the first connection information as a data part, packaging a conversion message TMSG head, generating a message requesting to establish connection and sending the message to an opposite terminal gateway connected with the server through a satellite link, wherein the TMSG head carries a first TCP connection identifier used for identifying the first TCP connection;
and after receiving a response message which is returned by the opposite-end gateway and successfully establishes the connection, recording a second TCP connection identifier carried by the TMSG head and associating the second TCP connection identifier with the first TCP connection identifier, wherein the second TCP connection identifier is the identifier of the TCP connection established between the opposite-end gateway and the server.
2. The method of claim 1, wherein:
the TMSG header includes a message type, a connection identification, and a message length field, the length of which is less than the length of the TCP header.
3. The method of claim 1 or 2, wherein:
the method further comprises the following data transmission processes:
intercepting a TCP data message sent to the server by the client through a first TCP connection and responding, extracting a data part from the TCP data message and packaging a TMSG (trusted cryptography control signal) head, and sending a generated data sending message to the opposite-end gateway through the satellite link, wherein the TMSG head carries a second TCP connection identifier associated with the first TCP connection identifier; and
and receiving a data transmission message from the satellite link, if the connection identifier of the TMSG header is the first TCP connection identifier, extracting a data part from the data transmission message, packaging a corresponding TCP header, and transmitting the generated TCP data message to the client through the first TCP connection.
4. The method of claim 1 or 2, wherein:
the method further comprises the following disconnection process:
detecting a communication interruption of the first TCP connection;
sending a message for requesting to close the connection to the opposite-end gateway through the satellite link, wherein a TMSG (trusted cryptography gateway) head carries the second TCP connection identifier;
and after receiving a response message returned by the opposite-end gateway, wherein the response message is successfully closed, the first TCP connection is disconnected.
5. The method of claim 1 or 2, wherein:
the process of connection establishment further comprises: associating the first TCP connection with the satellite link;
the method further comprises the following disconnection process: and detecting the disconnection of the satellite link, and disconnecting all TCP connections associated with the satellite link.
6. A gateway for connection with a client in a dual-acceleration proxy PEP, comprising a user-side protocol entity and a satellite-side protocol entity, wherein:
the user side protocol entity comprises a packet filtering module at the bottom layer and a Socket server at the upper layer;
the packet filtering module includes:
the reverse forwarding unit is used for intercepting a connection request message and an ACK message sent when the client establishes TCP connection with the server, replacing a destination IP address and a destination port in the message with the IP address and the port of the Socket server and then sending the message to the Socket server; when the connection request message is intercepted, first connection information comprising a source IP address, a source port, a destination IP address and a destination port is recorded and sent to the Socket server;
a forward forwarding unit, configured to replace a source IP address and a source port in an ACK packet sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and send the source IP address and the destination port to the client;
the Socket server includes: the connection establishing module is used for sending an ACK message to the client after receiving the connection request message and the first connection information sent by the packet filtering module; after receiving the ACK message sent by the packet filtering module, establishing a first TCP connection with the client and generating a first TCP connection identifier, and informing the satellite side protocol entity that the first TCP connection is successfully established and carries the first connection information;
the satellite side protocol entity comprises: the connection establishing module is used for taking the first connection information as a data part and packaging a conversion message TMSG (hypertext markup language) head after receiving a notification that the first TCP connection of the Socket server is successfully established, generating a message for requesting to establish connection and sending the message to an opposite-end gateway through a satellite link, wherein the TMSG head carries the first TCP connection identifier; and the second TCP connection identifier is used for recording a second TCP connection identifier carried by the TMSG head and associating the second TCP connection identifier with the first TCP connection identifier after receiving a response message which is returned by the opposite terminal gateway through the satellite link and is successfully established, wherein the second TCP connection identifier is the identifier of the TCP connection established between the opposite terminal gateway and the server.
7. The gateway of claim 6, wherein:
the TMSG header encapsulated by the connection establishment module of the satellite side protocol entity comprises a message type, a connection identifier and a message length field, and the length of the message type, the connection identifier and the message length field is less than the length of the TCP header.
8. The gateway of claim 6 or 7, wherein:
the reverse forwarding unit in the packet filtering module is further configured to intercept a TCP data packet that passes through, and if connection information therein matches the first connection information, the TCP data packet comes from a first TCP connection, replaces a destination IP address and a destination port in the TCP data packet with an IP address and a port of the Socket server, and sends the IP address and the port to the Socket server;
the Socket server further comprises: the message processing module is used for receiving the TCP data message from the first TCP connection and sending a TCP response message;
the forward forwarding unit in the packet filtering module is further configured to replace a source IP address and a source port in a TCP response message sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and then send the destination IP address and the destination port to the client;
the satellite-side protocol entity further comprises: a message transceiver module, configured to encapsulate a TMSG header in front of a data portion of the TCP data message from the first TCP connection, and send the generated data transmission message to the opposite gateway through the satellite link, where the TMSG header carries the second TCP connection identifier associated with the first TCP connection identifier.
9. The gateway of claim 8, wherein:
the message receiving and sending module of the satellite side protocol entity is also used for receiving a data sending message sent to the client from the satellite link;
the message processing module in the Socket server is further configured to identify a data transmission message received by the satellite-side protocol entity, and if a connection identifier of the TMSG header is the first TCP connection identifier, extract a data portion from the data transmission message and encapsulate a corresponding TCP header, and send a generated TCP data message to the client through the first TCP connection;
the forward forwarding unit in the packet filtering module is further configured to replace a source IP address and a source port in a TCP data packet sent by the Socket server to the client with a destination IP address and a destination port in the first connection information, and then send the TCP data packet to the client.
10. The gateway of claim 6 or 7 or 9, wherein:
the Socket server further comprises: the connection maintenance module is used for notifying the satellite side protocol entity that the first TCP connection is interrupted when the first TCP connection communication is interrupted; after receiving the notification that the connection of the satellite side protocol entity is successfully closed, disconnecting the first TCP connection;
the satellite-side protocol entity further comprises: the connection maintenance module is used for sending a message requesting connection closing to the opposite terminal gateway through the satellite link after receiving a notification that the first TCP connection of the Socket server is interrupted, wherein a TMSG (trusted cryptography gateway) head carries the second TCP connection identifier; and the Socket server is used for notifying the Socket server that the connection is successfully closed after receiving a response message which is returned by the opposite-end gateway and is successfully closed.
11. The gateway of claim 10, wherein:
the connection maintenance module of the satellite side protocol entity is further used for sending a notification of the satellite link disconnection to the Socket server when the satellite link disconnection is detected;
the connection maintenance module of the Socket server is further configured to associate the first TCP connection with the satellite link; and after receiving the notice of the disconnection of the satellite link, disconnecting all TCP connections associated with the satellite link.
12. A method for realizing TCP transmission in satellite network environment is applied to a gateway connected with a server in a dual-end acceleration proxy PEP, and comprises the following processing of connection establishment:
after receiving a message of a connection establishment request sent by an opposite-end gateway connected with a client through a satellite link, recording a first TCP connection identifier carried by a conversion message TMSG head and first connection information of a first TCP connection established between the client and the opposite-end gateway carried by a data part, wherein the first TCP connection identifier is used for identifying the first TCP connection;
establishing a second TCP connection with the server, and after the connection is established, returning a response message of successful connection establishment to the opposite-end gateway through the satellite link, wherein a TMSG (trusted cryptography gateway) head carries a second TCP connection identifier for identifying the second TCP connection; and associating the second TCP connection identifier with the first TCP connection identifier.
13. The method of claim 12, wherein:
the TMSG header includes a message type, a connection identification, and a message length field, the length of which is less than the length of the TCP header.
14. The method of claim 12, wherein:
the method further comprises the following data transmission processes:
after receiving a TCP data message sent to the client by the server through the second TCP connection, responding, extracting a data part from the TCP data message, packaging a TMSG (trusted cryptography control signal) head, generating a data sending message and sending the data sending message to the opposite-end gateway through the satellite link, wherein the TMSG head carries the first TCP connection identifier associated with the second TCP connection identifier; and
and receiving a data transmission message transmitted to the server from the satellite link, if a connection identifier carried by a TMSG (trusted cryptography control group) header is the second TCP connection identifier, extracting a data part from the data transmission message, packaging a corresponding TCP header, and transmitting the generated TCP data message to the server through the second TCP connection.
15. The method of claim 12, wherein:
the method further comprises the following disconnection process:
detecting a communication interruption of the second TCP connection;
sending a message requesting to close the connection to the opposite-end gateway through the satellite link, wherein a TMSG (trusted cryptography gateway) head carries the first TCP connection identifier;
and after receiving a response message of successful connection closing returned by the opposite-end gateway through the satellite link, disconnecting the second TCP connection.
16. The method of claim 12, wherein:
the process of connection establishment further comprises: associating the second TCP connection with the satellite link;
the method further comprises the following disconnection process: and after the satellite link is detected to be disconnected, disconnecting all TCP connections related to the satellite link.
17. A gateway for connection with a server in a dual-end accelerated proxy PEP, comprising a server-side protocol entity and a satellite-side protocol entity, wherein:
the satellite side protocol entity comprises: the connection establishment module is used for recording a first TCP connection identifier carried by a conversion message TMSG head and first connection information carried by a data part after receiving a message of a connection establishment request sent by an opposite-end gateway connected with a client through a satellite link, and informing a server side protocol entity to establish a second TCP connection with a server; the first connection information is connection information of a first TCP connection established between the opposite-end gateway and the client, and the first TCP connection identifier is used for identifying the first TCP connection;
the server side protocol entity comprises: the connection establishing module is used for establishing the second TCP connection with the server after receiving the notification of establishing the TCP connection, generating a second TCP connection identifier for identifying the second TCP connection, returning a response message of successful connection establishment to the opposite-end gateway through the satellite link, carrying the second TCP connection identifier, and notifying the satellite side protocol entity that the second TCP connection is successfully established, carrying the second TCP connection identifier;
the connection establishing module of the satellite side protocol entity is further configured to return a response message of successful connection establishment to the opposite-end gateway through the satellite link after receiving the notification that the second TCP connection establishment of the server side protocol entity is successful, where a TMSG head carries the second TCP connection identifier; and associating the second TCP connection identifier with the first TCP connection identifier.
18. The gateway of claim 17, wherein:
the server side protocol entity further comprises: the message receiving and sending module is used for receiving and responding to the TCP data message sent to the client by the server through the second TCP connection;
the satellite-side protocol entity further comprises: and the message receiving and sending module is used for extracting a data part from the TCP data message received by the server side protocol entity, encapsulating a TMSG (tunnel gateway control Signal) header, and sending the generated data sending message to the opposite terminal gateway through the satellite link, wherein the TMSG header carries the first TCP connection identifier associated with the second TCP connection identifier.
19. The gateway of claim 18, wherein:
the message receiving and sending module of the satellite side protocol entity is also used for receiving a data sending message sent to the server from the satellite link;
the message transceiver module of the server side protocol entity is further configured to identify a data transmission message received by the satellite side protocol entity, and if a connection identifier carried by a TMSG header therein is the second TCP connection identifier, extract a data portion from the data transmission message and encapsulate a corresponding TCP header, and the generated TCP data message is transmitted to the server through the second TCP connection.
20. The gateway of claim 18 or 19, wherein:
the TMSG header encapsulated by the message transceiver module of the satellite side protocol entity comprises a message type, a connection identifier and a message length field, and the length of the message type, the connection identifier and the message length field is less than the length of the TCP header.
21. The gateway of claim 17 or 18 or 19, wherein:
the server side protocol entity further comprises: the connection maintenance module is used for notifying the satellite side protocol entity that the second TCP connection is interrupted when the communication interruption of the second TCP connection is detected; after receiving the notification that the connection of the satellite side protocol entity is successfully closed, disconnecting the second TCP connection;
the satellite-side protocol entity further comprises: the connection maintenance module is used for sending a message for requesting to close the connection to the opposite terminal gateway through the satellite link after receiving the notification of the interruption of the second TCP connection, wherein the TMSG head carries the first TCP connection identifier; and after receiving a response message returned by the opposite-end gateway and indicating that the connection is successfully closed, notifying the server side protocol entity that the connection is successfully closed.
22. The gateway of claim 21, wherein:
the connection maintenance module of the satellite side protocol entity is further configured to send a notification of the satellite link disconnection to the server side protocol entity when the satellite link disconnection is detected;
the connection maintenance module of the server-side protocol entity is further configured to associate the second TCP connection with the satellite link; upon receiving the notification of the satellite link disconnection, disconnecting all TCP connections associated with the satellite link.
CN201510038936.8A 2015-01-26 2015-01-26 Method for realizing TCP transmission in satellite network environment and corresponding gateway Active CN105897665B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510038936.8A CN105897665B (en) 2015-01-26 2015-01-26 Method for realizing TCP transmission in satellite network environment and corresponding gateway
PCT/CN2015/089060 WO2016119464A1 (en) 2015-01-26 2015-09-07 Method and corresponding gateway for implementing tcp transmission in satellite network environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510038936.8A CN105897665B (en) 2015-01-26 2015-01-26 Method for realizing TCP transmission in satellite network environment and corresponding gateway

Publications (2)

Publication Number Publication Date
CN105897665A CN105897665A (en) 2016-08-24
CN105897665B true CN105897665B (en) 2020-01-14

Family

ID=56542328

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510038936.8A Active CN105897665B (en) 2015-01-26 2015-01-26 Method for realizing TCP transmission in satellite network environment and corresponding gateway

Country Status (2)

Country Link
CN (1) CN105897665B (en)
WO (1) WO2016119464A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850576A (en) * 2016-12-30 2017-06-13 中国人民解放军理工大学 Virtualization link layer IP Message processings converting system and method with stream control function
CN108243196B (en) * 2018-01-22 2020-09-25 北京启明星辰信息安全技术有限公司 Method and system for introducing TCP protocol stack under Netfilter architecture, intermediate device and medium
CN109639340B (en) * 2018-12-11 2021-05-28 成都天奥信息科技有限公司 TCP acceleration method suitable for satellite link
CN110035112A (en) * 2019-01-15 2019-07-19 广东交通职业技术学院 A kind of Transmission Control Protocol both-end in wireless network environment acts on behalf of acceleration system and method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1151375A1 (en) * 1999-02-02 2001-11-07 Mentat, Inc. Internet over satellite
CN1476181A (en) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 Distribution type satellite network TLP performance acceleration protocol mode and method
CN101854297A (en) * 2010-05-21 2010-10-06 南京邮电大学 Method for designing transmission control protocol (tcp) cross-layer in satellite network
CN102263687A (en) * 2011-08-11 2011-11-30 武汉思为同飞网络技术有限公司 VPN (virtual private network) speed-up gateway in WAN (wide area network) as well as speed-up communication and method thereof
CN102377473A (en) * 2010-08-23 2012-03-14 熊猫电子集团有限公司 Network control center of satellite mobile communication network
CN102694810A (en) * 2012-05-31 2012-09-26 航天恒星科技有限公司 TCP ground acceleration method for satellite network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101573922A (en) * 2006-10-06 2009-11-04 维尔塞特公司 Dynamic feedback for outbound link rate adjustment in multi-rate downstream
US8140687B2 (en) * 2008-11-13 2012-03-20 Hughes Network Systems, Llc Performance enhancing proxy handover

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1151375A1 (en) * 1999-02-02 2001-11-07 Mentat, Inc. Internet over satellite
CN1476181A (en) * 2003-07-14 2004-02-18 中国科学院计算技术研究所 Distribution type satellite network TLP performance acceleration protocol mode and method
CN101854297A (en) * 2010-05-21 2010-10-06 南京邮电大学 Method for designing transmission control protocol (tcp) cross-layer in satellite network
CN102377473A (en) * 2010-08-23 2012-03-14 熊猫电子集团有限公司 Network control center of satellite mobile communication network
CN102263687A (en) * 2011-08-11 2011-11-30 武汉思为同飞网络技术有限公司 VPN (virtual private network) speed-up gateway in WAN (wide area network) as well as speed-up communication and method thereof
CN102694810A (en) * 2012-05-31 2012-09-26 航天恒星科技有限公司 TCP ground acceleration method for satellite network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《一种适用于卫星网络的HTTP加速技术》;何辞,张亚生,彭华;《通信系统与网络技术》;20130531;第39卷(第5期);全文 *

Also Published As

Publication number Publication date
CN105897665A (en) 2016-08-24
WO2016119464A1 (en) 2016-08-04

Similar Documents

Publication Publication Date Title
CN106716951B (en) Method and device for optimizing tunnel traffic
JP4164365B2 (en) Technology for improving TCP performance over a wireless interface by providing a dual proxy device
US20010047474A1 (en) Communication control scheme using proxy device and security protocol in combination
US20120179796A1 (en) Routing and service performance management in an application acceleration environment
US8724630B2 (en) Method and system for implementing network intercommunication
CN105897665B (en) Method for realizing TCP transmission in satellite network environment and corresponding gateway
CN102932461A (en) Network acceleration transmission method and device
CN104184646B (en) VPN data interactive method and system and its network data exchange equipment
CN111935009B (en) Data packet routing method, device, equipment, system and storage medium
EP3413533A1 (en) Data transmission method and server
CN111788812B (en) Techniques for packet data conversion
US10601602B2 (en) Hybrid data transport solution, in particular for satellite links
WO2024022022A1 (en) Multi-network card fusion communication method and communication system
CN105072057A (en) Intermediate switch equipment for network data transmission, and network communication system
EP3994862B1 (en) Packet acknowledgement techniques for improved network traffic management
CN110351308B (en) Virtual private network communication method and virtual private network device
CN106254396A (en) Proprietary protocol information transmission system and method
CN102457582A (en) Method for realizing communication between host devices and network side device
CN112738074B (en) Method for realizing Telnet communication in network isolation
US11924095B1 (en) Utilizing network routing to communicate covert message
CN114553567B (en) Network transmission method, system, storage medium and computing device in multiparty security computing
CN111935330B (en) Method and device for PPP message to pass through L2TP
WO2023155739A1 (en) Data transmission method, network device, and user equipment
CN116916382A (en) Method and system for realizing connectionless SCTP protocol stack
CN110474830A (en) A kind of P2P tunnel communication method based on port forwarding

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant