CN106789993A - TCP agent method and device - Google Patents

TCP agent method and device Download PDF

Info

Publication number
CN106789993A
CN106789993A CN201611132320.8A CN201611132320A CN106789993A CN 106789993 A CN106789993 A CN 106789993A CN 201611132320 A CN201611132320 A CN 201611132320A CN 106789993 A CN106789993 A CN 106789993A
Authority
CN
China
Prior art keywords
message
domain name
dns response
messages
response messages
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611132320.8A
Other languages
Chinese (zh)
Other versions
CN106789993B (en
Inventor
陈健健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruijie Networks Co Ltd filed Critical Ruijie Networks Co Ltd
Priority to CN201611132320.8A priority Critical patent/CN106789993B/en
Publication of CN106789993A publication Critical patent/CN106789993A/en
Application granted granted Critical
Publication of CN106789993B publication Critical patent/CN106789993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of TCP agent method and device, the method includes:After receiving message, the type of message is determined;If DNS response messages, then domain name and IP address that DNS response messages are carried are obtained, if the domain name that DNS response messages are carried is matched with preset domain name, the IP address that DNS response messages are carried is added in matched rule, forward DNS response messages;If TCP SYN messages, then the purpose IP address of TCP SYN messages are matched with matched rule, preserved the stream information of matching result and TCP SYN messages;If matching result is matching, forwarded after TCP agent is carried out to TCP SYN messages;If not DNS response messages and TCP SYN messages, then obtain the purpose IP address of message, the matching result of the stream information according to the message purpose IP address of query message and matched rule from results set;If matching result is matching, forwarded after TCP agent is carried out to message.Preset domain name configuration is simple, it is to avoid the domain name of configuration can now be omitted or not exclusively, lift Consumer's Experience.

Description

TCP agent method and device
Technical field
The present invention relates to communication technical field, espespecially a kind of transmission control protocol (Transmission Control Protocol, TCP) Proxy Method and device.
Background technology
In order to solve broadband services operation facing challenges, generally gateway is disposed on the critical point that terminal is connected with internet Equipment, realizes the data service control management that becomes more meticulous.In order to realize the data service control management that becomes more meticulous, usual gateway device is needed The content of 7 layer data bags is parsed, and relevant treatment is carried out according to its content and association attributes, such as content adaptation, content increase By force, anti-virus, network acceleration.Because essentially all network service is all based on TCP, in order to realize above-mentioned relevant treatment, Gateway device needs to monitor each TCP connections, and increases data, modification data on the tcp connection, deletes data etc..However, by The characteristics of TCP has towards connection, Data Flow Oriented, reliability and provides flow-control mechanism, if simply increased to data Plus, modification or deletion action, will necessarily influence connection correctness.In order to be increased on the basis of ensureing that TCP connections are correct Addend evidence, modification data delete the operation such as data, and TCP agent technology is arisen at the historic moment.
Domain name system (Domain Name System, DNS) is by the internet that constitutes of name that is separated with point for a string The title of server, for the electronic bearing of the identification server in data transfer.DNS generally includes Main Domain and its corresponding Subdomain name.
At present, when TCP agent is carried out, the Main Domain and its corresponding institute for needing to carry out TCP agent are generally pre-configured with There is subdomain name to obtain preset domain name, after receiving message, the domain name that will can be carried in message is matched with preset domain name, if Match somebody with somebody, forwarded after TCP agent is carried out to message.By need be pre-configured with the Main Domain and subdomain for carrying out TCP agent in need Name, this causes configuration process very complicated, and the domain name of configuration may be omitted or not exclusively, cause to occur for omitting or Person configures incomplete domain name and can not carry out the situation of TCP agent, reduces Consumer's Experience.
The content of the invention
The embodiment of the present invention provides a kind of TCP agent and device, is used to solve configuration process present in prior art very Complexity, and the situation of TCP agent can not be carried out for omitting or configuring incomplete domain name, reduce asking for Consumer's Experience Topic.
According to embodiments of the present invention, there is provided a kind of TCP agent method, apply in gateway device, including:
After receiving message, the type of the message is determined;
If the message is domain name system DNS response message, domain name and interconnection that the DNS response messages are carried are obtained FidonetFido IP address, determines whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that the DNS should The domain name for answering message carrying is matched with the preset domain name, then the IP address that the DNS response messages are carried is added into matching In rule, the DNS response messages are forwarded, the preset domain name is Main Domain being pre-configured with, needing TCP agent;
If the message is TCP SYN messages, the purpose IP address of the TCP SYN messages and matched rule are carried out Matching, preserved in results set the purpose IP address of the TCP SYN messages and the matching result of the matched rule and The stream information of the TCP SYN messages;If the matching result is matching, after carrying out TCP agent to the TCP SYN messages Forwarding, the stream information of the TCP SYN messages includes source port, source IP address, destination interface and purpose IP address;
If the message is not DNS response messages and TCP SYN messages, the purpose IP address of the message, root are obtained The purpose IP address of the message and the matching result of matched rule are inquired about from results set according to the stream information of the message;If The matching result for inquiring is matching, then forwarded after TCP agent is carried out to the message.
Specifically, determining the type of the message, specifically include:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message It is not DNS response messages and TCP SYN messages.
Specifically, determining whether the domain name that the DNS response messages are carried matches with preset domain name, specifically include:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the DNS response messages are carried Domain name matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that the DNS response messages are taken The domain name of band is mismatched with the preset domain name.
Specifically, the IP address carried in the DNS response messages is added into matched rule, specifically include:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
Optionally, also include:
If inquiring the purpose IP address of the message and the matching result of the matched rule from the matching result To mismatch, then the message is forwarded.
According to embodiments of the present invention, a kind of TCP agent device is also provided, is applied in gateway device, including:
Determining module, after receiving message, determines the type of the message;
Forwarding module, if being domain name system DNS response message for the message, obtains the DNS response messages and takes The domain name and internet protocol address of band, determine whether the domain name that the DNS response messages are carried matches with preset domain name, if Determine that the domain name that the DNS response messages are carried is matched with the preset domain name, then the IP ground for carrying the DNS response messages Location is added in matched rule, forwards the DNS response messages, and the preset domain name is pre-configured with, needs TCP agent Main Domain;
First agent's module, if being TCP SYN messages for the message, by the purpose IP of the TCP SYN messages Address is matched with matched rule, and the purpose IP address that the TCP SYN messages are preserved in results set are matched with described The matching result of rule and the stream information of the TCP SYN messages;If the matching result is matching, to the TCP SYN messages are forwarded after carrying out TCP agent, and the stream information of the TCP SYN messages includes source port, source IP address, destination interface And purpose IP address;
Second agent's module, if not being DNS response messages and TCP SYN messages for the message, obtains the report The purpose IP address of text, the stream information according to the message is inquired about the purpose IP address of the message and is matched from results set The matching result of rule;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to the message.
Specifically, the determining module, specifically for:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message It is not DNS response messages and TCP SYN messages.
Specifically, first agent's module, specifically for:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the DNS response messages are carried Domain name matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that the DNS response messages are taken The domain name of band is mismatched with the preset domain name.
Specifically, first agent's module, specifically for:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
Optionally, second agent's module, is additionally operable to:
If inquiring the purpose IP address of the message and the matching result of the matched rule from the matching result To mismatch, then the message is forwarded.
The present invention has the beneficial effect that:
The embodiment of the present invention provides a kind of TCP agent method and device, after receiving message, determines the message Type;If the message is domain name system DNS response message, domain name and internet that the DNS response messages are carried are obtained Protocol IP address, determines whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that the DNS responses The domain name that message is carried is matched with the preset domain name, then the IP address that the DNS response messages are carried is added into matching rule In then, the DNS response messages are forwarded, the preset domain name is Main Domain being pre-configured with, needing TCP agent;If described Message is TCP SYN messages, then the purpose IP address of the TCP SYN messages are matched with matched rule, in result set The purpose IP address of the TCP SYN messages are preserved in conjunction to be reported with the matching result of the matched rule and the TCP SYN The stream information of text;If the matching result is matching, forwarded after TCP agent is carried out to the TCP SYN messages, the TCP The stream information of SYN messages includes source port, source IP address, destination interface and purpose IP address;If the message is not DNS responses Message and TCP SYN messages, then obtain the purpose IP address of the message, and the stream information according to the message is from results set Inquire about the purpose IP address of the message and the matching result of matched rule;If the matching result for inquiring is matching, to institute Stating message carries out forwarding after TCP agent.In the program, it is only necessary to which being pre-configured with carries out the Main Domain of TCP agent and can be obtained by Preset domain name, due to the much smaller number of the quantity relative to subdomain name of Main Domain, therefore configuration process is very simple;Meanwhile, root The domain name and IP address carried according to the DNS response messages for receiving set up matched rule, so as to losing occurs in the domain name for avoiding configuration Leakage or not exclusively, and then avoid the occurrence of for omitting or configure incomplete domain name and can not carry out the situation of TCP agent;It is right In the message that is not DNS response messages and TCP SYN messages is received, can be determined the need for carrying out according to results set TCP agent, without being matched with matched rule, so as to save match time, lifts Consumer's Experience.
Brief description of the drawings
Fig. 1 is the flow chart of TCP agent method in the embodiment of the present invention;
Fig. 2 is the flow chart of S11 in the embodiment of the present invention;
Fig. 3 is the flow chart of S12 in the embodiment of the present invention;
Fig. 4 is the structural representation of TCP agent device in the embodiment of the present invention.
Specific embodiment
It is very complicated for configuration process present in prior art, and for omitting or configure incomplete domain name not The situation of TCP agent can be carried out, the problem of Consumer's Experience is reduced, the embodiment of the present invention provides a kind of TCP agent method, the method Apply in gateway device, the gateway device can carry out message forwarding between terminal and server.The flow of the method is such as Shown in Fig. 1, step is performed as follows:
S11:After receiving message, the type of message is determined, if message is DNS response messages, perform S12;If message It is TCP SYN messages, then performs S13;If message is not DNS response messages and TCP SYN messages, S14 is performed.
For the terminal and server that are communicated based on Transmission Control Protocol, terminal is to realize access server, it is necessary to obtain The domain name and IP address of server, then set up after TCP is connected with server, could access server.Wherein, DNS responses Message is the message sent when dns server is used for response domain name and its corresponding IP address to terminal, and TCP SYN messages are to build The message that vertical TCP sends first when connecting, due to having different processing procedures for different types of message, therefore, gateway sets It is standby when being E-Packeted between terminal and server, it is necessary to determine the type of message for receiving first.
S12:Domain name and Internet protocol (Internet Protocol, IP) address that DNS response messages are carried are obtained, Determine DNS response messages carry domain name whether matched with preset domain name, however, it is determined that DNS response messages carry domain name with it is preset Domain name is matched, then the IP address that DNS response messages are carried is added in matched rule, forwards DNS response messages.
Preset domain name is Main Domain being pre-configured with, needing TCP agent, without configuring the corresponding subdomain name of Main Domain. If the domain name that DNS response messages are carried match with preset domain name, the IP address of DNS response messages carrying can be added to In with rule, consequently facilitating determining the need for TCP agent according to matched rule after subsequently received message.
Specifically, the IP address carried in DNS response messages is added into matched rule, specifically include:In matched rule In set up a list item;The purpose IP address of DNS response messages are stored in a list item.
S13:The purpose IP address of TCP SYN messages are matched with matched rule, TCP is preserved in results set The purpose IP address of SYN messages and the matching result of matched rule and the stream information of TCP SYN messages;If matching result is Matching, then forward after TCP agent is carried out to TCP SYN messages.
TCP agent is carried out for the ease of the message to follow-up data stream still to forward, can be by the purpose of TCP SYN messages IP address is stored in results set with the matching result of matched rule.
Wherein, the stream information of TCP SYN messages includes source port, source IP address, destination interface and purpose IP address.
When TCP agent is carried out, it will usually by the tcp protocol stack of gateway device, user's space proxy module and TCP agent Module is performed, and flow is:Tcp protocol stack, tcp protocol stack is sent to notify user's space proxy module, Yong Hukong TCP SYN messages Between proxy module obtain the source IP address of TCP SYN messages, source port, purpose IP address and destination interface this four information to clothes Business device sends TCP connections, sends TCP SYN messages, and server can reply SYN+ACK messages, gateway after receiving TCP SYN messages Equipment receives and send after SYN+ACK messages tcp protocol stack, tcp protocol stack and can reply ACK messages and forward SYN+ACK messages to end End, terminal replys ACK messages after receiving SYN+ACK messages, and gateway device send tcp protocol stack, Transmission Control Protocol after receiving ACK messages Stack is notified that user's space proxy module after receiving ACK messages, and a now TCP connection reforms into two TCP connections, and one is Terminal arrives gateway device, and one is gateway device to terminal in addition, and the message of the follow-up data flow can all be sent to user's sky Between proxy module, user's space proxy module gives TCP agent resume module (such as HTTPS Audit Modules, accelerating module message Deng), forwarded after having processed.
S14:Obtain the purpose IP address of message, the purpose IP of the stream information query message from results set according to message Address and the matching result of matched rule;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to message.
If inquiring the purpose IP address of message from matching result with the matching result of matched rule to mismatch, turn Transmit messages text.
TCP agent in the embodiment of the present invention includes safe version HTTP (HyperText Transfer Protocol over Secure Socket Layer, HTTPS) audit, network acceleration etc..
In the program, it is only necessary to which being pre-configured with carries out the Main Domain of TCP agent and can be obtained by preset domain name, due to main domain The much smaller number of the quantity relative to subdomain name of name, therefore configuration process is very simple;Meanwhile, according to the DNS responses for receiving The domain name and IP address that message is carried set up matched rule, so as to the domain name for avoiding configuration can be omitted now or incomplete, and then Avoid the occurrence of to be directed to omit or configure incomplete domain name and can not carry out the situation of TCP agent;Be not that DNS should for receiving Answer the message of message and TCP SYN messages, can be determined the need for carrying out TCP agent according to results set, without with match Rule is matched, so as to save match time, lifts Consumer's Experience
Specifically, the implementation of the type of determination message in above-mentioned S11, as shown in Fig. 2 specifically including:
S111:Obtain the header information of message.
S112:Type identification is obtained from header information, if type identification is the mark of DNS response messages, is performed S113;If type identification is the mark of TCP SYN messages, S114 is performed;If type identification is not the mark of DNS response messages With the mark of TCP SYN messages, then S115 is performed.
S113:Determine that message is DNS response messages.
S114:Determine that message is TCP SYN messages.
S115:Determine that message is not DNS response messages and TCP SYN messages.
Different types of message has different type identifications, and these type identifications are stored in the header information of message, Therefore, it can the type identification in the header information according to message to determine the type of message.
Specifically, the realization whether domain name that the determination DNS response messages in above-mentioned S12 are carried matches with preset domain name Journey, as shown in figure 3, specifically including:
S121:By DNS response messages carry domain name and preset domain name be carried forward since end it is most short match, if The domain name that DNS response messages are carried includes preset domain name, then perform S122;If the domain name that DNS response messages are carried does not include pre- Domain name is put, then performs S123.
S122:Determine that the domain name that DNS response messages are carried is matched with preset domain name.
S123:Determine that the domain name that DNS response messages are carried is mismatched with preset domain name.
For example:The domain name that DNS response messages are carried is app.baidu.com, and preset domain name is baidu.com, from rear Match forward, as long as matching baidu.com, then it is assumed that the match is successful.
Based on same inventive concept, the embodiment of the present invention provides a kind of TCP agent device, applies in gateway device, ties Structure as shown in figure 4, including:
Determining module 41, after receiving message, determines the type of message;
Forwarding module 42, if being DNS response messages for message, obtains domain name and IP ground that DNS response messages are carried Location, determine DNS response messages carry domain name whether matched with preset domain name, however, it is determined that DNS response messages carry domain name with , then be added to the IP address that DNS response messages are carried in matched rule by preset domain name matching, forwards DNS response messages, preset Domain name is Main Domain being pre-configured with, needing TCP agent;
First agent's module 43, if being TCP SYN messages for message, by the purpose IP address of TCP SYN messages with Matched rule is matched, preserved in results set purpose IP address and the matched rule of TCP SYN messages matching result, And the stream information of TCP SYN messages;If matching result is matching, forwarded after TCP agent is carried out to TCP SYN messages, TCP The stream information of SYN messages includes source port, source IP address, destination interface and purpose IP address;
Second agent's module 44, if not being DNS response messages and TCP SYN messages for message, obtains the mesh of message IP address, stream information according to the message purpose IP address of query message and matched rule from results set match knot Really;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to message.
In the program, it is only necessary to which being pre-configured with carries out the Main Domain of TCP agent and can be obtained by preset domain name, due to main domain The much smaller number of the quantity relative to subdomain name of name, therefore configuration process is very simple;Meanwhile, according to the DNS responses for receiving The domain name and IP address that message is carried set up matched rule, so as to the domain name for avoiding configuration can be omitted now or incomplete, and then Avoid the occurrence of to be directed to omit or configure incomplete domain name and can not carry out the situation of TCP agent;Be not that DNS should for receiving Answer the message of message and TCP SYN messages, can be determined the need for carrying out TCP agent according to results set, without with match Rule is matched, so as to save match time, lifts Consumer's Experience.
Specifically, determining module 41, specifically for:
Obtain the header information of message;
Type identification is obtained from header information;
If type identification is the mark of DNS response messages, it is determined that message is DNS response messages;
If type identification is the mark of TCP SYN messages, it is determined that message is TCP SYN messages;
If type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that message is not DNS Response message and TCP SYN messages.
Specifically, first agent's module 43, specifically for:
The domain name that DNS response messages are carried is carried forward most short matching with preset domain name since end;
If DNS response messages carry domain name include preset domain name, it is determined that DNS response messages carry domain name with it is preset Domain name is matched;
If DNS response messages carry domain name not include preset domain name, it is determined that DNS response messages carry domain name with it is pre- Put domain name mismatch.
Specifically, first agent's module 43, specifically for:
A list item is set up in matched rule;
The purpose IP address of DNS response messages are stored in a list item.
Optionally, second agent's module 44, is additionally operable to:
If inquiring the purpose IP address of message from matching result with the matching result of matched rule to mismatch, turn Transmit messages text.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that every first-class during flow chart and/or block diagram can be realized by computer program instructions The combination of flow and/or square frame in journey and/or square frame and flow chart and/or block diagram.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices The device of the function of being specified in present one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Although having been described for alternative embodiment of the invention, those skilled in the art once know basic creation Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include can Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this hair to the embodiment of the present invention The spirit and scope of bright embodiment.So, if these modifications of the embodiment of the present invention and modification belong to the claims in the present invention And its within the scope of equivalent technologies, then the present invention is also intended to comprising these changes and modification.

Claims (10)

1. a kind of transmission control protocol TCP Proxy Method, applies in gateway device, it is characterised in that including:
After receiving message, the type of the message is determined;
If the message is domain name system DNS response message, domain name and internet protocol that the DNS response messages are carried are obtained View IP address, determines whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that the DNS responses report The domain name that text is carried is matched with the preset domain name, then the IP address that the DNS response messages are carried is added into matched rule In, the DNS response messages are forwarded, the preset domain name is Main Domain being pre-configured with, needing TCP agent;
If the message is TCP SYN messages, the purpose IP address of the TCP SYN messages and matched rule are carried out Match somebody with somebody, matching result of the purpose IP address with the matched rule, the Yi Jisuo of the TCP SYN messages are preserved in results set State the stream information of TCP SYN messages;If the matching result is matching, turn after TCP agent is carried out to the TCP SYN messages Hair, the stream information of the TCP SYN messages includes source port, source IP address, destination interface and purpose IP address;
If the message is not DNS response messages and TCP SYN messages, the purpose IP address of the message are obtained, according to institute The stream information for stating message inquires about the purpose IP address of the message and the matching result of matched rule from results set;If inquiry The matching result for arriving is matching, then forwarded after TCP agent is carried out to the message.
2. the method for claim 1, it is characterised in that determine the type of the message, specifically include:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message is not DNS response messages and TCP SYN messages.
3. the method for claim 1, it is characterised in that determine domain name and preset domain that the DNS response messages carry Whether name matches, and specifically includes:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the domain that the DNS response messages are carried Name is matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that what the DNS response messages were carried Domain name is mismatched with the preset domain name.
4. the method for claim 1, it is characterised in that be added to the IP address carried in the DNS response messages Matched rule, specifically includes:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
5. the method as described in claim 1-4 is any, it is characterised in that also include:
If inquiring the purpose IP address of the message from the matching result with the matching result of the matched rule for not Matching, then forward the message.
6. a kind of TCP agent device, applies in gateway device, it is characterised in that including:
Determining module, after receiving message, determines the type of the message;
Forwarding module, if being domain name system DNS response message for the message, obtains what the DNS response messages were carried Domain name and internet protocol address, determine whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that The domain name that the DNS response messages are carried is matched with the preset domain name, then added the IP address that the DNS response messages are carried It is added in matched rule, forwards the DNS response messages, the preset domain name is main domain being pre-configured with, needing TCP agent Name;
First agent's module, if being TCP SYN messages for the message, by the purpose IP address of the TCP SYN messages Matched with matched rule, the purpose IP address and the matched rule of the TCP SYN messages are preserved in results set Matching result and the TCP SYN messages stream information;If the matching result is matching, the TCP SYN are reported Text is forwarded after carrying out TCP agent, and the stream information of the TCP SYN messages includes source port, source IP address, destination interface and purpose IP address;
Second agent's module, if not being DNS response messages and TCP SYN messages for the message, obtains the message Purpose IP address, the stream information according to the message inquires about the purpose IP address and matched rule of the message from results set Matching result;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to the message.
7. device as claimed in claim 6, it is characterised in that the determining module, specifically for:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message is not DNS response messages and TCP SYN messages.
8. device as claimed in claim 6, it is characterised in that first agent's module, specifically for:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the domain that the DNS response messages are carried Name is matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that what the DNS response messages were carried Domain name is mismatched with the preset domain name.
9. device as claimed in claim 6, it is characterised in that first agent's module, specifically for:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
10. the device as described in claim 6-9 is any, it is characterised in that second agent's module, is additionally operable to:
If inquiring the purpose IP address of the message from the matching result with the matching result of the matched rule for not Matching, then forward the message.
CN201611132320.8A 2016-12-09 2016-12-09 TCP agent method and device Active CN106789993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611132320.8A CN106789993B (en) 2016-12-09 2016-12-09 TCP agent method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611132320.8A CN106789993B (en) 2016-12-09 2016-12-09 TCP agent method and device

Publications (2)

Publication Number Publication Date
CN106789993A true CN106789993A (en) 2017-05-31
CN106789993B CN106789993B (en) 2019-06-14

Family

ID=58874989

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611132320.8A Active CN106789993B (en) 2016-12-09 2016-12-09 TCP agent method and device

Country Status (1)

Country Link
CN (1) CN106789993B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165447A (en) * 2020-08-21 2021-01-01 杭州安恒信息技术股份有限公司 WAF equipment-based network security monitoring method, system and electronic device
CN113810510A (en) * 2021-07-30 2021-12-17 绿盟科技集团股份有限公司 Domain name access method and device and electronic equipment
CN114095415A (en) * 2021-11-26 2022-02-25 山石网科通信技术股份有限公司 Route determining method, device, gateway equipment and storage medium
CN114301837A (en) * 2021-12-16 2022-04-08 山石网科通信技术股份有限公司 Routing data processing method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6856991B1 (en) * 2002-03-19 2005-02-15 Cisco Technology, Inc. Method and apparatus for routing data to a load balanced server using MPLS packet labels
US20070055784A1 (en) * 2005-09-08 2007-03-08 Pancholi Ketan P Method to reduce the learning curve of a transmission control protocol connection
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method for remote access to intranet Web server and Web proxy server
CN101282209A (en) * 2008-05-13 2008-10-08 杭州华三通信技术有限公司 Method and apparatus for preventing DNS request message from flooding attack
WO2013053304A1 (en) * 2011-10-09 2013-04-18 大唐移动通信设备有限公司 Method and device for implementing tcp transmission
CN105592181A (en) * 2015-10-15 2016-05-18 杭州华三通信技术有限公司 Link load balancing method and device
CN105743670A (en) * 2014-12-09 2016-07-06 华为技术有限公司 Access control method, system, and access point

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6856991B1 (en) * 2002-03-19 2005-02-15 Cisco Technology, Inc. Method and apparatus for routing data to a load balanced server using MPLS packet labels
US20070055784A1 (en) * 2005-09-08 2007-03-08 Pancholi Ketan P Method to reduce the learning curve of a transmission control protocol connection
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method for remote access to intranet Web server and Web proxy server
CN101282209A (en) * 2008-05-13 2008-10-08 杭州华三通信技术有限公司 Method and apparatus for preventing DNS request message from flooding attack
WO2013053304A1 (en) * 2011-10-09 2013-04-18 大唐移动通信设备有限公司 Method and device for implementing tcp transmission
CN105743670A (en) * 2014-12-09 2016-07-06 华为技术有限公司 Access control method, system, and access point
CN105592181A (en) * 2015-10-15 2016-05-18 杭州华三通信技术有限公司 Link load balancing method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
PI-E LIU ; ZHONG-HUA SHENG: "Defending against tcp syn flooding with a new kind of syn-agent", 《2008 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS》 *
姚平: "WAP网关业务分流方案探讨", 《广西通信技术》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165447A (en) * 2020-08-21 2021-01-01 杭州安恒信息技术股份有限公司 WAF equipment-based network security monitoring method, system and electronic device
CN112165447B (en) * 2020-08-21 2023-12-19 杭州安恒信息技术股份有限公司 WAF equipment-based network security monitoring method, system and electronic device
CN113810510A (en) * 2021-07-30 2021-12-17 绿盟科技集团股份有限公司 Domain name access method and device and electronic equipment
CN114095415A (en) * 2021-11-26 2022-02-25 山石网科通信技术股份有限公司 Route determining method, device, gateway equipment and storage medium
CN114095415B (en) * 2021-11-26 2024-05-07 山石网科通信技术股份有限公司 Route determination method, device, gateway equipment and storage medium
CN114301837A (en) * 2021-12-16 2022-04-08 山石网科通信技术股份有限公司 Routing data processing method and device

Also Published As

Publication number Publication date
CN106789993B (en) 2019-06-14

Similar Documents

Publication Publication Date Title
US10659354B2 (en) Processing data packets using a policy based network path
US10148565B2 (en) OPENFLOW communication method and system, controller, and service gateway
US10609181B2 (en) Method and apparatus for controlling service chain of service flow
US20150156183A1 (en) System and method for filtering network communications
CN105791315B (en) A kind of udp protocol acceleration method and system
CN106789993A (en) TCP agent method and device
US20160241664A1 (en) Method, device, and system for redirecting data by using service proxy
CN107222561A (en) A kind of transport layer reverse proxy method
CN107979520B (en) Message processing method and message processing device
CN106656648B (en) Application flow dynamic protection method and system based on home gateway and home gateway
CN108200158A (en) Ask Transmission system, method, apparatus and storage medium
US8650313B2 (en) Endpoint discriminator in network transport protocol startup packets
US11677585B2 (en) Transparent TCP connection tunneling with IP packet filtering
CN110545230B (en) Method and device for forwarding VXLAN message
CN110247926B (en) Interaction method and system
US10158587B2 (en) Communication between a web application instance connected to a connection server and a calling entity other than said connection server
CN112468549A (en) Method, equipment and storage medium for reverse communication and management of server
US11968237B2 (en) IPsec load balancing in a session-aware load balanced cluster (SLBC) network device
CN113014664B (en) Gateway adaptation method, device, electronic equipment and storage medium
JP2013126219A (en) Transfer server and transfer program
US11804986B2 (en) Method for the remote management of a device connected to a residential gateway
CN113452754A (en) CoAP protocol-based power distribution Internet of things network communication system
CN105812416B (en) The method and system of file is transmitted between heterogeneous networks
CN112738032B (en) Communication system for preventing IP deception
CN113422716B (en) Mail security control method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant