CN106789993A - TCP agent method and device - Google Patents
TCP agent method and device Download PDFInfo
- Publication number
- CN106789993A CN106789993A CN201611132320.8A CN201611132320A CN106789993A CN 106789993 A CN106789993 A CN 106789993A CN 201611132320 A CN201611132320 A CN 201611132320A CN 106789993 A CN106789993 A CN 106789993A
- Authority
- CN
- China
- Prior art keywords
- message
- domain name
- dns response
- messages
- response messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of TCP agent method and device, the method includes:After receiving message, the type of message is determined;If DNS response messages, then domain name and IP address that DNS response messages are carried are obtained, if the domain name that DNS response messages are carried is matched with preset domain name, the IP address that DNS response messages are carried is added in matched rule, forward DNS response messages;If TCP SYN messages, then the purpose IP address of TCP SYN messages are matched with matched rule, preserved the stream information of matching result and TCP SYN messages;If matching result is matching, forwarded after TCP agent is carried out to TCP SYN messages;If not DNS response messages and TCP SYN messages, then obtain the purpose IP address of message, the matching result of the stream information according to the message purpose IP address of query message and matched rule from results set;If matching result is matching, forwarded after TCP agent is carried out to message.Preset domain name configuration is simple, it is to avoid the domain name of configuration can now be omitted or not exclusively, lift Consumer's Experience.
Description
Technical field
The present invention relates to communication technical field, espespecially a kind of transmission control protocol (Transmission Control
Protocol, TCP) Proxy Method and device.
Background technology
In order to solve broadband services operation facing challenges, generally gateway is disposed on the critical point that terminal is connected with internet
Equipment, realizes the data service control management that becomes more meticulous.In order to realize the data service control management that becomes more meticulous, usual gateway device is needed
The content of 7 layer data bags is parsed, and relevant treatment is carried out according to its content and association attributes, such as content adaptation, content increase
By force, anti-virus, network acceleration.Because essentially all network service is all based on TCP, in order to realize above-mentioned relevant treatment,
Gateway device needs to monitor each TCP connections, and increases data, modification data on the tcp connection, deletes data etc..However, by
The characteristics of TCP has towards connection, Data Flow Oriented, reliability and provides flow-control mechanism, if simply increased to data
Plus, modification or deletion action, will necessarily influence connection correctness.In order to be increased on the basis of ensureing that TCP connections are correct
Addend evidence, modification data delete the operation such as data, and TCP agent technology is arisen at the historic moment.
Domain name system (Domain Name System, DNS) is by the internet that constitutes of name that is separated with point for a string
The title of server, for the electronic bearing of the identification server in data transfer.DNS generally includes Main Domain and its corresponding
Subdomain name.
At present, when TCP agent is carried out, the Main Domain and its corresponding institute for needing to carry out TCP agent are generally pre-configured with
There is subdomain name to obtain preset domain name, after receiving message, the domain name that will can be carried in message is matched with preset domain name, if
Match somebody with somebody, forwarded after TCP agent is carried out to message.By need be pre-configured with the Main Domain and subdomain for carrying out TCP agent in need
Name, this causes configuration process very complicated, and the domain name of configuration may be omitted or not exclusively, cause to occur for omitting or
Person configures incomplete domain name and can not carry out the situation of TCP agent, reduces Consumer's Experience.
The content of the invention
The embodiment of the present invention provides a kind of TCP agent and device, is used to solve configuration process present in prior art very
Complexity, and the situation of TCP agent can not be carried out for omitting or configuring incomplete domain name, reduce asking for Consumer's Experience
Topic.
According to embodiments of the present invention, there is provided a kind of TCP agent method, apply in gateway device, including:
After receiving message, the type of the message is determined;
If the message is domain name system DNS response message, domain name and interconnection that the DNS response messages are carried are obtained
FidonetFido IP address, determines whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that the DNS should
The domain name for answering message carrying is matched with the preset domain name, then the IP address that the DNS response messages are carried is added into matching
In rule, the DNS response messages are forwarded, the preset domain name is Main Domain being pre-configured with, needing TCP agent;
If the message is TCP SYN messages, the purpose IP address of the TCP SYN messages and matched rule are carried out
Matching, preserved in results set the purpose IP address of the TCP SYN messages and the matching result of the matched rule and
The stream information of the TCP SYN messages;If the matching result is matching, after carrying out TCP agent to the TCP SYN messages
Forwarding, the stream information of the TCP SYN messages includes source port, source IP address, destination interface and purpose IP address;
If the message is not DNS response messages and TCP SYN messages, the purpose IP address of the message, root are obtained
The purpose IP address of the message and the matching result of matched rule are inquired about from results set according to the stream information of the message;If
The matching result for inquiring is matching, then forwarded after TCP agent is carried out to the message.
Specifically, determining the type of the message, specifically include:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message
It is not DNS response messages and TCP SYN messages.
Specifically, determining whether the domain name that the DNS response messages are carried matches with preset domain name, specifically include:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the DNS response messages are carried
Domain name matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that the DNS response messages are taken
The domain name of band is mismatched with the preset domain name.
Specifically, the IP address carried in the DNS response messages is added into matched rule, specifically include:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
Optionally, also include:
If inquiring the purpose IP address of the message and the matching result of the matched rule from the matching result
To mismatch, then the message is forwarded.
According to embodiments of the present invention, a kind of TCP agent device is also provided, is applied in gateway device, including:
Determining module, after receiving message, determines the type of the message;
Forwarding module, if being domain name system DNS response message for the message, obtains the DNS response messages and takes
The domain name and internet protocol address of band, determine whether the domain name that the DNS response messages are carried matches with preset domain name, if
Determine that the domain name that the DNS response messages are carried is matched with the preset domain name, then the IP ground for carrying the DNS response messages
Location is added in matched rule, forwards the DNS response messages, and the preset domain name is pre-configured with, needs TCP agent
Main Domain;
First agent's module, if being TCP SYN messages for the message, by the purpose IP of the TCP SYN messages
Address is matched with matched rule, and the purpose IP address that the TCP SYN messages are preserved in results set are matched with described
The matching result of rule and the stream information of the TCP SYN messages;If the matching result is matching, to the TCP
SYN messages are forwarded after carrying out TCP agent, and the stream information of the TCP SYN messages includes source port, source IP address, destination interface
And purpose IP address;
Second agent's module, if not being DNS response messages and TCP SYN messages for the message, obtains the report
The purpose IP address of text, the stream information according to the message is inquired about the purpose IP address of the message and is matched from results set
The matching result of rule;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to the message.
Specifically, the determining module, specifically for:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message
It is not DNS response messages and TCP SYN messages.
Specifically, first agent's module, specifically for:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the DNS response messages are carried
Domain name matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that the DNS response messages are taken
The domain name of band is mismatched with the preset domain name.
Specifically, first agent's module, specifically for:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
Optionally, second agent's module, is additionally operable to:
If inquiring the purpose IP address of the message and the matching result of the matched rule from the matching result
To mismatch, then the message is forwarded.
The present invention has the beneficial effect that:
The embodiment of the present invention provides a kind of TCP agent method and device, after receiving message, determines the message
Type;If the message is domain name system DNS response message, domain name and internet that the DNS response messages are carried are obtained
Protocol IP address, determines whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that the DNS responses
The domain name that message is carried is matched with the preset domain name, then the IP address that the DNS response messages are carried is added into matching rule
In then, the DNS response messages are forwarded, the preset domain name is Main Domain being pre-configured with, needing TCP agent;If described
Message is TCP SYN messages, then the purpose IP address of the TCP SYN messages are matched with matched rule, in result set
The purpose IP address of the TCP SYN messages are preserved in conjunction to be reported with the matching result of the matched rule and the TCP SYN
The stream information of text;If the matching result is matching, forwarded after TCP agent is carried out to the TCP SYN messages, the TCP
The stream information of SYN messages includes source port, source IP address, destination interface and purpose IP address;If the message is not DNS responses
Message and TCP SYN messages, then obtain the purpose IP address of the message, and the stream information according to the message is from results set
Inquire about the purpose IP address of the message and the matching result of matched rule;If the matching result for inquiring is matching, to institute
Stating message carries out forwarding after TCP agent.In the program, it is only necessary to which being pre-configured with carries out the Main Domain of TCP agent and can be obtained by
Preset domain name, due to the much smaller number of the quantity relative to subdomain name of Main Domain, therefore configuration process is very simple;Meanwhile, root
The domain name and IP address carried according to the DNS response messages for receiving set up matched rule, so as to losing occurs in the domain name for avoiding configuration
Leakage or not exclusively, and then avoid the occurrence of for omitting or configure incomplete domain name and can not carry out the situation of TCP agent;It is right
In the message that is not DNS response messages and TCP SYN messages is received, can be determined the need for carrying out according to results set
TCP agent, without being matched with matched rule, so as to save match time, lifts Consumer's Experience.
Brief description of the drawings
Fig. 1 is the flow chart of TCP agent method in the embodiment of the present invention;
Fig. 2 is the flow chart of S11 in the embodiment of the present invention;
Fig. 3 is the flow chart of S12 in the embodiment of the present invention;
Fig. 4 is the structural representation of TCP agent device in the embodiment of the present invention.
Specific embodiment
It is very complicated for configuration process present in prior art, and for omitting or configure incomplete domain name not
The situation of TCP agent can be carried out, the problem of Consumer's Experience is reduced, the embodiment of the present invention provides a kind of TCP agent method, the method
Apply in gateway device, the gateway device can carry out message forwarding between terminal and server.The flow of the method is such as
Shown in Fig. 1, step is performed as follows:
S11:After receiving message, the type of message is determined, if message is DNS response messages, perform S12;If message
It is TCP SYN messages, then performs S13;If message is not DNS response messages and TCP SYN messages, S14 is performed.
For the terminal and server that are communicated based on Transmission Control Protocol, terminal is to realize access server, it is necessary to obtain
The domain name and IP address of server, then set up after TCP is connected with server, could access server.Wherein, DNS responses
Message is the message sent when dns server is used for response domain name and its corresponding IP address to terminal, and TCP SYN messages are to build
The message that vertical TCP sends first when connecting, due to having different processing procedures for different types of message, therefore, gateway sets
It is standby when being E-Packeted between terminal and server, it is necessary to determine the type of message for receiving first.
S12:Domain name and Internet protocol (Internet Protocol, IP) address that DNS response messages are carried are obtained,
Determine DNS response messages carry domain name whether matched with preset domain name, however, it is determined that DNS response messages carry domain name with it is preset
Domain name is matched, then the IP address that DNS response messages are carried is added in matched rule, forwards DNS response messages.
Preset domain name is Main Domain being pre-configured with, needing TCP agent, without configuring the corresponding subdomain name of Main Domain.
If the domain name that DNS response messages are carried match with preset domain name, the IP address of DNS response messages carrying can be added to
In with rule, consequently facilitating determining the need for TCP agent according to matched rule after subsequently received message.
Specifically, the IP address carried in DNS response messages is added into matched rule, specifically include:In matched rule
In set up a list item;The purpose IP address of DNS response messages are stored in a list item.
S13:The purpose IP address of TCP SYN messages are matched with matched rule, TCP is preserved in results set
The purpose IP address of SYN messages and the matching result of matched rule and the stream information of TCP SYN messages;If matching result is
Matching, then forward after TCP agent is carried out to TCP SYN messages.
TCP agent is carried out for the ease of the message to follow-up data stream still to forward, can be by the purpose of TCP SYN messages
IP address is stored in results set with the matching result of matched rule.
Wherein, the stream information of TCP SYN messages includes source port, source IP address, destination interface and purpose IP address.
When TCP agent is carried out, it will usually by the tcp protocol stack of gateway device, user's space proxy module and TCP agent
Module is performed, and flow is:Tcp protocol stack, tcp protocol stack is sent to notify user's space proxy module, Yong Hukong TCP SYN messages
Between proxy module obtain the source IP address of TCP SYN messages, source port, purpose IP address and destination interface this four information to clothes
Business device sends TCP connections, sends TCP SYN messages, and server can reply SYN+ACK messages, gateway after receiving TCP SYN messages
Equipment receives and send after SYN+ACK messages tcp protocol stack, tcp protocol stack and can reply ACK messages and forward SYN+ACK messages to end
End, terminal replys ACK messages after receiving SYN+ACK messages, and gateway device send tcp protocol stack, Transmission Control Protocol after receiving ACK messages
Stack is notified that user's space proxy module after receiving ACK messages, and a now TCP connection reforms into two TCP connections, and one is
Terminal arrives gateway device, and one is gateway device to terminal in addition, and the message of the follow-up data flow can all be sent to user's sky
Between proxy module, user's space proxy module gives TCP agent resume module (such as HTTPS Audit Modules, accelerating module message
Deng), forwarded after having processed.
S14:Obtain the purpose IP address of message, the purpose IP of the stream information query message from results set according to message
Address and the matching result of matched rule;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to message.
If inquiring the purpose IP address of message from matching result with the matching result of matched rule to mismatch, turn
Transmit messages text.
TCP agent in the embodiment of the present invention includes safe version HTTP (HyperText Transfer
Protocol over Secure Socket Layer, HTTPS) audit, network acceleration etc..
In the program, it is only necessary to which being pre-configured with carries out the Main Domain of TCP agent and can be obtained by preset domain name, due to main domain
The much smaller number of the quantity relative to subdomain name of name, therefore configuration process is very simple;Meanwhile, according to the DNS responses for receiving
The domain name and IP address that message is carried set up matched rule, so as to the domain name for avoiding configuration can be omitted now or incomplete, and then
Avoid the occurrence of to be directed to omit or configure incomplete domain name and can not carry out the situation of TCP agent;Be not that DNS should for receiving
Answer the message of message and TCP SYN messages, can be determined the need for carrying out TCP agent according to results set, without with match
Rule is matched, so as to save match time, lifts Consumer's Experience
Specifically, the implementation of the type of determination message in above-mentioned S11, as shown in Fig. 2 specifically including:
S111:Obtain the header information of message.
S112:Type identification is obtained from header information, if type identification is the mark of DNS response messages, is performed
S113;If type identification is the mark of TCP SYN messages, S114 is performed;If type identification is not the mark of DNS response messages
With the mark of TCP SYN messages, then S115 is performed.
S113:Determine that message is DNS response messages.
S114:Determine that message is TCP SYN messages.
S115:Determine that message is not DNS response messages and TCP SYN messages.
Different types of message has different type identifications, and these type identifications are stored in the header information of message,
Therefore, it can the type identification in the header information according to message to determine the type of message.
Specifically, the realization whether domain name that the determination DNS response messages in above-mentioned S12 are carried matches with preset domain name
Journey, as shown in figure 3, specifically including:
S121:By DNS response messages carry domain name and preset domain name be carried forward since end it is most short match, if
The domain name that DNS response messages are carried includes preset domain name, then perform S122;If the domain name that DNS response messages are carried does not include pre-
Domain name is put, then performs S123.
S122:Determine that the domain name that DNS response messages are carried is matched with preset domain name.
S123:Determine that the domain name that DNS response messages are carried is mismatched with preset domain name.
For example:The domain name that DNS response messages are carried is app.baidu.com, and preset domain name is baidu.com, from rear
Match forward, as long as matching baidu.com, then it is assumed that the match is successful.
Based on same inventive concept, the embodiment of the present invention provides a kind of TCP agent device, applies in gateway device, ties
Structure as shown in figure 4, including:
Determining module 41, after receiving message, determines the type of message;
Forwarding module 42, if being DNS response messages for message, obtains domain name and IP ground that DNS response messages are carried
Location, determine DNS response messages carry domain name whether matched with preset domain name, however, it is determined that DNS response messages carry domain name with
, then be added to the IP address that DNS response messages are carried in matched rule by preset domain name matching, forwards DNS response messages, preset
Domain name is Main Domain being pre-configured with, needing TCP agent;
First agent's module 43, if being TCP SYN messages for message, by the purpose IP address of TCP SYN messages with
Matched rule is matched, preserved in results set purpose IP address and the matched rule of TCP SYN messages matching result,
And the stream information of TCP SYN messages;If matching result is matching, forwarded after TCP agent is carried out to TCP SYN messages, TCP
The stream information of SYN messages includes source port, source IP address, destination interface and purpose IP address;
Second agent's module 44, if not being DNS response messages and TCP SYN messages for message, obtains the mesh of message
IP address, stream information according to the message purpose IP address of query message and matched rule from results set match knot
Really;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to message.
In the program, it is only necessary to which being pre-configured with carries out the Main Domain of TCP agent and can be obtained by preset domain name, due to main domain
The much smaller number of the quantity relative to subdomain name of name, therefore configuration process is very simple;Meanwhile, according to the DNS responses for receiving
The domain name and IP address that message is carried set up matched rule, so as to the domain name for avoiding configuration can be omitted now or incomplete, and then
Avoid the occurrence of to be directed to omit or configure incomplete domain name and can not carry out the situation of TCP agent;Be not that DNS should for receiving
Answer the message of message and TCP SYN messages, can be determined the need for carrying out TCP agent according to results set, without with match
Rule is matched, so as to save match time, lifts Consumer's Experience.
Specifically, determining module 41, specifically for:
Obtain the header information of message;
Type identification is obtained from header information;
If type identification is the mark of DNS response messages, it is determined that message is DNS response messages;
If type identification is the mark of TCP SYN messages, it is determined that message is TCP SYN messages;
If type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that message is not DNS
Response message and TCP SYN messages.
Specifically, first agent's module 43, specifically for:
The domain name that DNS response messages are carried is carried forward most short matching with preset domain name since end;
If DNS response messages carry domain name include preset domain name, it is determined that DNS response messages carry domain name with it is preset
Domain name is matched;
If DNS response messages carry domain name not include preset domain name, it is determined that DNS response messages carry domain name with it is pre-
Put domain name mismatch.
Specifically, first agent's module 43, specifically for:
A list item is set up in matched rule;
The purpose IP address of DNS response messages are stored in a list item.
Optionally, second agent's module 44, is additionally operable to:
If inquiring the purpose IP address of message from matching result with the matching result of matched rule to mismatch, turn
Transmit messages text.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that every first-class during flow chart and/or block diagram can be realized by computer program instructions
The combination of flow and/or square frame in journey and/or square frame and flow chart and/or block diagram.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced for reality by the instruction of computer or the computing device of other programmable data processing devices
The device of the function of being specified in present one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable data processing devices with spy
In determining the computer-readable memory that mode works so that instruction of the storage in the computer-readable memory is produced and include finger
Make the manufacture of device, the command device realize in one flow of flow chart or multiple one square frame of flow and/or block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented treatment, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Although having been described for alternative embodiment of the invention, those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So, appended claims are intended to be construed to include can
Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this hair to the embodiment of the present invention
The spirit and scope of bright embodiment.So, if these modifications of the embodiment of the present invention and modification belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to comprising these changes and modification.
Claims (10)
1. a kind of transmission control protocol TCP Proxy Method, applies in gateway device, it is characterised in that including:
After receiving message, the type of the message is determined;
If the message is domain name system DNS response message, domain name and internet protocol that the DNS response messages are carried are obtained
View IP address, determines whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that the DNS responses report
The domain name that text is carried is matched with the preset domain name, then the IP address that the DNS response messages are carried is added into matched rule
In, the DNS response messages are forwarded, the preset domain name is Main Domain being pre-configured with, needing TCP agent;
If the message is TCP SYN messages, the purpose IP address of the TCP SYN messages and matched rule are carried out
Match somebody with somebody, matching result of the purpose IP address with the matched rule, the Yi Jisuo of the TCP SYN messages are preserved in results set
State the stream information of TCP SYN messages;If the matching result is matching, turn after TCP agent is carried out to the TCP SYN messages
Hair, the stream information of the TCP SYN messages includes source port, source IP address, destination interface and purpose IP address;
If the message is not DNS response messages and TCP SYN messages, the purpose IP address of the message are obtained, according to institute
The stream information for stating message inquires about the purpose IP address of the message and the matching result of matched rule from results set;If inquiry
The matching result for arriving is matching, then forwarded after TCP agent is carried out to the message.
2. the method for claim 1, it is characterised in that determine the type of the message, specifically include:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message is not
DNS response messages and TCP SYN messages.
3. the method for claim 1, it is characterised in that determine domain name and preset domain that the DNS response messages carry
Whether name matches, and specifically includes:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the domain that the DNS response messages are carried
Name is matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that what the DNS response messages were carried
Domain name is mismatched with the preset domain name.
4. the method for claim 1, it is characterised in that be added to the IP address carried in the DNS response messages
Matched rule, specifically includes:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
5. the method as described in claim 1-4 is any, it is characterised in that also include:
If inquiring the purpose IP address of the message from the matching result with the matching result of the matched rule for not
Matching, then forward the message.
6. a kind of TCP agent device, applies in gateway device, it is characterised in that including:
Determining module, after receiving message, determines the type of the message;
Forwarding module, if being domain name system DNS response message for the message, obtains what the DNS response messages were carried
Domain name and internet protocol address, determine whether the domain name that the DNS response messages are carried matches with preset domain name, however, it is determined that
The domain name that the DNS response messages are carried is matched with the preset domain name, then added the IP address that the DNS response messages are carried
It is added in matched rule, forwards the DNS response messages, the preset domain name is main domain being pre-configured with, needing TCP agent
Name;
First agent's module, if being TCP SYN messages for the message, by the purpose IP address of the TCP SYN messages
Matched with matched rule, the purpose IP address and the matched rule of the TCP SYN messages are preserved in results set
Matching result and the TCP SYN messages stream information;If the matching result is matching, the TCP SYN are reported
Text is forwarded after carrying out TCP agent, and the stream information of the TCP SYN messages includes source port, source IP address, destination interface and purpose
IP address;
Second agent's module, if not being DNS response messages and TCP SYN messages for the message, obtains the message
Purpose IP address, the stream information according to the message inquires about the purpose IP address and matched rule of the message from results set
Matching result;If the matching result for inquiring is matching, forwarded after TCP agent is carried out to the message.
7. device as claimed in claim 6, it is characterised in that the determining module, specifically for:
Obtain the header information of the message;
Type identification is obtained from the header information;
If the type identification is the mark of DNS response messages, it is determined that the message is DNS response messages;
If the type identification is the mark of TCP SYN messages, it is determined that the message is TCP SYN messages;
If the type identification is not the mark of DNS response messages and the mark of TCP SYN messages, it is determined that the message is not
DNS response messages and TCP SYN messages.
8. device as claimed in claim 6, it is characterised in that first agent's module, specifically for:
The domain name that the DNS response messages are carried is carried forward most short matching with the preset domain name since end;
If the domain name that the DNS response messages are carried includes the preset domain name, it is determined that the domain that the DNS response messages are carried
Name is matched with the preset domain name;
If the domain name that the DNS response messages are carried does not include the preset domain name, it is determined that what the DNS response messages were carried
Domain name is mismatched with the preset domain name.
9. device as claimed in claim 6, it is characterised in that first agent's module, specifically for:
A list item is set up in the matched rule;
The purpose IP address of the DNS response messages are stored in one list item.
10. the device as described in claim 6-9 is any, it is characterised in that second agent's module, is additionally operable to:
If inquiring the purpose IP address of the message from the matching result with the matching result of the matched rule for not
Matching, then forward the message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611132320.8A CN106789993B (en) | 2016-12-09 | 2016-12-09 | TCP agent method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611132320.8A CN106789993B (en) | 2016-12-09 | 2016-12-09 | TCP agent method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106789993A true CN106789993A (en) | 2017-05-31 |
CN106789993B CN106789993B (en) | 2019-06-14 |
Family
ID=58874989
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611132320.8A Active CN106789993B (en) | 2016-12-09 | 2016-12-09 | TCP agent method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106789993B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112165447A (en) * | 2020-08-21 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | WAF equipment-based network security monitoring method, system and electronic device |
CN113810510A (en) * | 2021-07-30 | 2021-12-17 | 绿盟科技集团股份有限公司 | Domain name access method and device and electronic equipment |
CN114095415A (en) * | 2021-11-26 | 2022-02-25 | 山石网科通信技术股份有限公司 | Route determining method, device, gateway equipment and storage medium |
CN114301837A (en) * | 2021-12-16 | 2022-04-08 | 山石网科通信技术股份有限公司 | Routing data processing method and device |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6856991B1 (en) * | 2002-03-19 | 2005-02-15 | Cisco Technology, Inc. | Method and apparatus for routing data to a load balanced server using MPLS packet labels |
US20070055784A1 (en) * | 2005-09-08 | 2007-03-08 | Pancholi Ketan P | Method to reduce the learning curve of a transmission control protocol connection |
CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
WO2013053304A1 (en) * | 2011-10-09 | 2013-04-18 | 大唐移动通信设备有限公司 | Method and device for implementing tcp transmission |
CN105592181A (en) * | 2015-10-15 | 2016-05-18 | 杭州华三通信技术有限公司 | Link load balancing method and device |
CN105743670A (en) * | 2014-12-09 | 2016-07-06 | 华为技术有限公司 | Access control method, system, and access point |
-
2016
- 2016-12-09 CN CN201611132320.8A patent/CN106789993B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6856991B1 (en) * | 2002-03-19 | 2005-02-15 | Cisco Technology, Inc. | Method and apparatus for routing data to a load balanced server using MPLS packet labels |
US20070055784A1 (en) * | 2005-09-08 | 2007-03-08 | Pancholi Ketan P | Method to reduce the learning curve of a transmission control protocol connection |
CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
WO2013053304A1 (en) * | 2011-10-09 | 2013-04-18 | 大唐移动通信设备有限公司 | Method and device for implementing tcp transmission |
CN105743670A (en) * | 2014-12-09 | 2016-07-06 | 华为技术有限公司 | Access control method, system, and access point |
CN105592181A (en) * | 2015-10-15 | 2016-05-18 | 杭州华三通信技术有限公司 | Link load balancing method and device |
Non-Patent Citations (2)
Title |
---|
PI-E LIU ; ZHONG-HUA SHENG: "Defending against tcp syn flooding with a new kind of syn-agent", 《2008 INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND CYBERNETICS》 * |
姚平: "WAP网关业务分流方案探讨", 《广西通信技术》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112165447A (en) * | 2020-08-21 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | WAF equipment-based network security monitoring method, system and electronic device |
CN112165447B (en) * | 2020-08-21 | 2023-12-19 | 杭州安恒信息技术股份有限公司 | WAF equipment-based network security monitoring method, system and electronic device |
CN113810510A (en) * | 2021-07-30 | 2021-12-17 | 绿盟科技集团股份有限公司 | Domain name access method and device and electronic equipment |
CN114095415A (en) * | 2021-11-26 | 2022-02-25 | 山石网科通信技术股份有限公司 | Route determining method, device, gateway equipment and storage medium |
CN114095415B (en) * | 2021-11-26 | 2024-05-07 | 山石网科通信技术股份有限公司 | Route determination method, device, gateway equipment and storage medium |
CN114301837A (en) * | 2021-12-16 | 2022-04-08 | 山石网科通信技术股份有限公司 | Routing data processing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106789993B (en) | 2019-06-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10659354B2 (en) | Processing data packets using a policy based network path | |
US10148565B2 (en) | OPENFLOW communication method and system, controller, and service gateway | |
US10609181B2 (en) | Method and apparatus for controlling service chain of service flow | |
US20150156183A1 (en) | System and method for filtering network communications | |
CN105791315B (en) | A kind of udp protocol acceleration method and system | |
CN106789993A (en) | TCP agent method and device | |
US20160241664A1 (en) | Method, device, and system for redirecting data by using service proxy | |
CN107222561A (en) | A kind of transport layer reverse proxy method | |
CN107979520B (en) | Message processing method and message processing device | |
CN106656648B (en) | Application flow dynamic protection method and system based on home gateway and home gateway | |
CN108200158A (en) | Ask Transmission system, method, apparatus and storage medium | |
US8650313B2 (en) | Endpoint discriminator in network transport protocol startup packets | |
US11677585B2 (en) | Transparent TCP connection tunneling with IP packet filtering | |
CN110545230B (en) | Method and device for forwarding VXLAN message | |
CN110247926B (en) | Interaction method and system | |
US10158587B2 (en) | Communication between a web application instance connected to a connection server and a calling entity other than said connection server | |
CN112468549A (en) | Method, equipment and storage medium for reverse communication and management of server | |
US11968237B2 (en) | IPsec load balancing in a session-aware load balanced cluster (SLBC) network device | |
CN113014664B (en) | Gateway adaptation method, device, electronic equipment and storage medium | |
JP2013126219A (en) | Transfer server and transfer program | |
US11804986B2 (en) | Method for the remote management of a device connected to a residential gateway | |
CN113452754A (en) | CoAP protocol-based power distribution Internet of things network communication system | |
CN105812416B (en) | The method and system of file is transmitted between heterogeneous networks | |
CN112738032B (en) | Communication system for preventing IP deception | |
CN113422716B (en) | Mail security control method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |