CN116418863A - Communication method and device based on socks5 transparent proxy - Google Patents
Communication method and device based on socks5 transparent proxy Download PDFInfo
- Publication number
- CN116418863A CN116418863A CN202310678711.3A CN202310678711A CN116418863A CN 116418863 A CN116418863 A CN 116418863A CN 202310678711 A CN202310678711 A CN 202310678711A CN 116418863 A CN116418863 A CN 116418863A
- Authority
- CN
- China
- Prior art keywords
- socks5
- virtual
- terminal
- gateway
- destination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000006854 communication Effects 0.000 title claims abstract description 38
- 238000004891 communication Methods 0.000 title claims abstract description 37
- 230000004044 response Effects 0.000 claims abstract description 18
- 238000012545 processing Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 description 10
- 230000005540 biological transmission Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000001514 detection method Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000000523 sample Substances 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5069—Address allocation for group communication, multicast communication or broadcast communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/563—Data redirection of data network streams
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The embodiment of the disclosure provides a communication method and device based on a socks5 transparent proxy, which are applied to the technical field of communication. The method comprises the steps of obtaining a data packet sent by a terminal; when the destination MAC in the data packet is a broadcast address and is ARP inquiring virtual IP, returning an ARP response packet so that the terminal obtains the virtual MAC; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to the ICMP information message so that the terminal PING passes through the socks5 gateway; when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to communicate with the terminal through the socks5 service. In this way, software and apps on the terminal may be implemented to directly use the socks5 services without requiring the software and apps to set any related settings of the socks 5.
Description
Technical Field
The disclosure relates to the technical field of computers, in particular to the technical field of communication, and specifically relates to a communication method and device based on a socks5 transparent proxy.
Background
The socks5 are proxy protocols that act as an intermediary between the head-end machines and server machines communicating using the TCP/IP protocol, making the head-end machines in the intranet access to servers in the Internet network, or making the communication more secure. However, when software and APP cannot directly support the socks5 protocol, it is difficult to have these software and APP connect to the network through the socks5 service.
Disclosure of Invention
The disclosure provides a communication method and device based on a socks5 transparent proxy.
According to a first aspect of the present disclosure, a method of communication based on a socks5 transparent proxy is provided. The method comprises the following steps:
acquiring a data packet sent by a terminal;
when the destination MAC in the data packet is a broadcast address and is ARP inquiring virtual IP, returning an ARP response packet so that the terminal obtains the virtual MAC;
when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to an ICMP information message so that the terminal PING passes through the socks5 gateway;
when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through a socks5 service;
wherein the virtual IP, virtual MAC, and socks5 services are preconfigured in the socks5 gateway.
In the foregoing aspect and any possible implementation manner, there is further provided an implementation manner, before responding to an ICMP information packet when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, so that the terminal PING passes through the socks5 gateway, the method further includes:
judging whether the terminal supports the socks5 service according to a preset authentication rule;
if yes, communication based on the socks5 transparent proxy.
In the aspect and any possible implementation manner as described above, further providing an implementation manner, the communicating with the terminal through the socks5 service simulation purpose IP includes:
and according to a preset service quality speed limit rule, simulating the destination IP to communicate with the terminal through the socks5 service.
Aspects and any one of the possible implementations as described above, further providing an implementation, the method further including:
and caching the application layer data sent by the terminal.
Aspects and any possible implementation manner as described above, further providing an implementation manner, where the virtual IP, virtual MAC, and socks5 service are configured in advance in the socks5 gateway, including:
the virtual IP, the virtual MAC and the socks5 service are based on a linux system or a windows system and are preconfigured in the socks5 gateway.
According to a second aspect of the present disclosure, there is provided a communication device based on a socks5 transparent proxy. The device comprises:
the acquisition module is used for acquiring the data packet sent by the terminal;
the processing module is used for returning an ARP response packet when the destination MAC in the data packet is a broadcast address and is ARP inquiring virtual IP so as to enable the terminal to obtain the virtual MAC; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to an ICMP information message so that the terminal PING passes through a socks5 gateway; when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through a socks5 service; wherein the virtual IP, virtual MAC, and socks5 services are preconfigured in the socks5 gateway.
According to a third aspect of the present disclosure, a communication system based on a socks5 transparent proxy is provided. The system comprises a switch, a socks5 gateway and a gateway:
the method comprises the steps that a software agent is operated by a socks5 gateway, and virtual IP, virtual MAC and socks5 services are configured in advance by the software agent; the socks5 gateway grabs a data packet sent to the gateway by the terminal through the switch; when the destination MAC in the data packet is a broadcast address and is ARP inquiring virtual IP, the socks5 gateway returns an ARP response packet so that the terminal obtains the virtual MAC; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, the socks5 gateway responds to an ICMP information message so that the terminal PING passes through the socks5 gateway; and when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the socks5 gateway simulates the destination IP to communicate with the terminal through the socks5 service.
In the aspect and any possible implementation manner described above, there is further provided an implementation manner, when the terminal connects to an external network through the socks5 gateway, route information is configured on the terminal, and a default gateway is designated as an IP of the socks5 gateway; when the terminal is not connected with an external network through the socks5 gateway, the terminal and the gateway are in the same local area network, route information is configured on the terminal, and a default gateway is designated as the IP of an exit gateway.
According to a fourth aspect of the present disclosure, an electronic device is provided. The electronic device includes: a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
According to a fifth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as described above.
The communication method and the device based on the socks5 transparent proxy can obtain the data packet sent by the terminal; when the destination MAC in the data packet is a broadcast address and is ARP, inquiring the virtual IP, returning an ARP response packet so that the terminal obtains the virtual MAC and completes the physical address analysis; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to the ICMP information message so that the terminal PING passes through the socks5 gateway to complete service detection; when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through the socks5 service, so that data stream transmission is completed; based on this, the locks 5 service is converted into a routing gateway, the routing information, that is, the virtual IP, the virtual MAC, and the locks 5 service is configured on the terminal, the default gateway of the terminal is designated as the IP of the locks 5 gateway, and software and app on the terminal can directly use the locks 5 service without requiring the software and app to set any related settings of the locks 5.
It should be understood that what is described in this summary is not intended to limit the critical or essential features of the embodiments of the disclosure nor to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of embodiments of the present disclosure will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. For a better understanding of the present disclosure, and without limiting the disclosure thereto, the same or similar reference numerals denote the same or similar elements, wherein:
FIG. 1 illustrates a schematic diagram of an exemplary operating environment in which embodiments of the present disclosure can be implemented;
FIG. 2 illustrates a flow chart of a method of communication based on a socks5 transparent proxy in accordance with an embodiment of the present disclosure;
FIG. 3 illustrates a block diagram of a communication device based on a socks5 transparent proxy in accordance with an embodiment of the present disclosure;
fig. 4 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In the present disclosure, the locks 5 service is converted into the routing gateway, the routing information, that is, the virtual IP, the virtual MAC, and the locks 5 service is configured on the terminal, the default gateway of the terminal is designated as the IP of the locks 5 gateway, and software and app on the terminal can directly use the locks 5 service without requiring the software and app to set any related settings of the locks 5.
FIG. 1 illustrates a schematic diagram of an exemplary operating environment in which embodiments of the present disclosure can be implemented. A terminal 110 and a socks5 transparent proxy-based communication system 120 are included in the operating environment. The communication system 120 based on the socks5 transparent proxy includes a switch 121, a socks5 gateway 122, and a gateway 123.
The terminal 110 and the communication system 120 based on the socks5 transparent proxy are in the same local area network, and the gateway 123 is connected to the public network through a network port.
Devices for constructing a single-arm route can be arranged among the terminal 110, the switch 121, the socks5 gateway 122 and the gateway 123, and the socks5 gateway 122 can serve as a transparent proxy of the switch 121. Wherein the switch 121 may be a two-layer switch.
In some embodiments, the switch 121 may also be a core switch, i.e., a three-layer switch, capable of one-time routing, multiple forwarding.
In general, i.e. when the terminal 110 is not connected to an external network via the socks5 gateway 122, the terminal 110 and the gateway 123 use one lan, and therefore, it is necessary to configure routing information on the terminal 110, and designate the default gateway of the terminal 110 as the gateway 123, i.e. the IP of the egress gateway.
When the terminal 110 is connected to an external network, i.e., a public network, through the socks5 gateway 122, routing information is configured on the terminal 110, and the default gateway of the terminal 110 is designated as the IP of the socks5 gateway 122.
In some embodiments, the socks5 gateway 122 runs proxy software that is preconfigured with virtual IP, virtual media access control address (Media Access Control Address, MAC), and socks5 services. The socks5 gateway 122 grabs the data packet sent from the terminal 110 to the gateway 123 through the switch 121.
When the destination MAC in the data packet is a broadcast address and the address resolution protocol (Address Resolution Protocol, ARP) queries the virtual IP, the locks 5 gateway 122 returns an ARP reply packet to enable the terminal 110 to obtain the virtual MAC, and completes physical address resolution.
When the destination MAC in the data packet is the virtual MAC and the destination IP is the virtual IP, the socks5 gateway 122 responds to the internet control message protocol (Internet Control Message Protocol, ICMP) message, so that the terminal 110 performs the service probing on the socks5 gateway 122, that is, the terminal 110 performs the service probing on the socks5 gateway 122 based on the internet packet explorer (Packet Internet Groper, PING).
When the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the socks5 gateway 122 simulates the destination IP to communicate with the terminal 110 through the socks5 service, and completes the data stream transmission.
According to the embodiment of the disclosure, the following technical effects are achieved:
acquiring a data packet sent by a terminal; when the destination MAC in the data packet is a broadcast address and is ARP, inquiring the virtual IP, returning an ARP response packet so that the terminal obtains the virtual MAC and completes the physical address analysis; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to the ICMP information message so that the terminal PING passes through the socks5 gateway to complete service detection; when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through the socks5 service, so that data stream transmission is completed; based on this, the locks 5 service is converted into a routing gateway, the routing information, that is, the virtual IP, the virtual MAC, and the locks 5 service is configured on the terminal, the default gateway of the terminal is designated as the IP of the locks 5 gateway, and software and app on the terminal can directly use the locks 5 service without requiring the software and app to set any related settings of the locks 5.
Fig. 2 shows a flowchart of a method 200 of socks5 transparent proxy-based communication, in accordance with an embodiment of the present disclosure. The method 200 may be performed by the socks5 gateway 122 of fig. 1.
At block 210, a data packet sent by a terminal is acquired.
In some embodiments, the socks5 gateway acquires the data packet sent by the terminal by capturing the network port data packet. The data packet includes a destination MAC and a destination IP.
It should be noted that, after the terminal sets the default gateway as the IP of the socks5 gateway, the terminal may connect to the external network through the socks5 gateway to operate the socks5 service.
In some embodiments, before the locks 5 gateway obtains the data packet sent by the terminal, virtual IP, virtual MAC, and locks 5 services need to be preconfigured in the locks 5 gateway, so as to complete physical address resolution, service probe activity, and data stream transmission between the terminal and the locks 5 gateway.
When the destination MAC in the data packet is a broadcast address and is ARP query virtual IP, an ARP reply packet is returned to enable the terminal to obtain the virtual MAC, block 220.
In some embodiments, the address resolution protocol based is a TCP/IP protocol that obtains a physical address from an IP address, and when ARP interrogates a virtual IP, a virtual MAC may be obtained from the virtual IP, whereby the ARP reply packet includes the virtual MAC.
In some embodiments, the switch can forward according to the MAC address, so that the terminal obtains the virtual MAC of the socks5 gateway, and the physical address resolution is completed.
At block 230, when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, an ICMP message is responded to, so that the terminal PING passes through the socks5 gateway.
In some embodiments, service probing is required for the locks 5 service after physical address resolution is complete.
In some embodiments, when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, the socks5 gateway only needs to process the data packet related to the ICMP, that is, respond to the ICMP information message, to complete service discovery on the message of the network itself, such as whether the network is not connected, whether the host is reachable, whether the route is available, and the like.
In some embodiments, the terminal may be enabled to obtain an ICMP Echo request message by responding to the ICMP information message, so as to test whether the destination station is reachable and understand its relevant status. Namely, the terminal PING passes through the socks5 gateway to finish service detection.
At block 240, when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is emulated by the socks5 service for communication with the terminal.
In some embodiments, data streaming is required after completion of service probe activity.
In some embodiments, the method includes the steps that a socks5 service simulates a destination IP (Internet protocol) and a terminal are communicated, application layer data sent by the terminal are transmitted to a real destination host through the socks5 service for a socks5 gateway, and then the data sent by the real destination host are sent to the terminal, so that data stream transmission is completed.
In some embodiments, after physical address resolution, service probing and data stream transmission between the terminal and the locks 5 gateway are completed, a communication process based on the locks 5 transparent proxy is completed, so that software and APP in the terminal do not feel that the locks 5 service and protocol exist in the networking process.
According to the embodiment of the disclosure, the following technical effects are achieved:
acquiring a data packet sent by a terminal; when the destination MAC in the data packet is a broadcast address and is ARP, inquiring the virtual IP, returning an ARP response packet so that the terminal obtains the virtual MAC and completes the physical address analysis; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to the ICMP information message so that the terminal PING passes through the socks5 gateway to complete service detection; when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through the socks5 service, so that data stream transmission is completed; based on this, the locks 5 service is converted into a routing gateway, the routing information, that is, the virtual IP, the virtual MAC, and the locks 5 service is configured on the terminal, the default gateway of the terminal is designated as the IP of the locks 5 gateway, and software and app on the terminal can directly use the locks 5 service without requiring the software and app to set any related settings of the locks 5.
In some embodiments, before responding to the ICMP message to enable the terminal PING to pass through the socks5 gateway when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, the method further includes:
judging whether the terminal supports the socks5 service according to a preset authentication rule;
and if the terminal supports the socks5 service, the communication based on the socks5 transparent agent is realized.
In some embodiments, in order to meet the requirements of the user, different service rights are provided, and whether the terminal can support the socks5 service can be determined by setting a preset authentication rule.
In some embodiments, the preset authentication rules may be set according to the actual requirements of the user based on the principle that the terminals have both MAC addresses and IP addresses.
For example, the preset authentication rules may include: if the MAC address in the returned ARP response packet is not the address authenticated by the proxy software, the terminal cannot support the socks5 service; otherwise, the terminal can support the socks5 service, namely if the MAC address in the returned ARP response packet is the address authenticated by the proxy software, the IP address in the returned ARP response packet is or is not the address authenticated by the proxy software, and the terminal can support the socks5 service.
For another example, the preset authentication rules may include: if the IP address in the returned ARP response packet is not the address authenticated by the proxy software, the terminal cannot support the socks5 service; otherwise, the terminal can support the socks5 service, namely if the IP address in the returned ARP response packet is the address authenticated by the proxy software, the MAC address in the returned ARP response packet is or is not the address authenticated by the proxy software, and the terminal can support the socks5 service.
For another example, the preset authentication rules may include: if the MAC address and the IP address in the returned ARP response packet are not the addresses authenticated by the proxy software, the terminal cannot support the socks5 service; otherwise, the terminal can support the socks5 service, namely if the MAC address and the IP address in the returned ARP response packet are both addresses authenticated by the proxy software, the terminal can support the socks5 service.
According to the embodiment of the disclosure, the equipment provided with the gateway IP is authenticated by setting the preset authentication rule so as to meet the requirements of users.
In some embodiments, the communicating with the terminal through the socks5 service simulation purpose IP includes:
and according to a preset quality of service speed limit rule, simulating the destination IP to communicate with the terminal through the socks5 service.
In some embodiments, to meet user needs, different quality of service is provided, and quality of service (Quality of Service, qoS) may be rate-limited by setting a preset quality of service rate-limiting rule.
In some embodiments, the preset qos speed limit rule may be set according to the actual requirements of the user.
For example, the preset quality of service speed limit rule may include: setting the level of the terminal, and providing high-speed service quality for the terminal with high level; and otherwise, for the terminal which is not in the high level, providing corresponding service quality for the terminal according to the level and the preset speed corresponding to the level.
According to the embodiment of the disclosure, different service qualities are provided by setting the preset service quality speed limit rule so as to meet the requirements of users.
In some embodiments, the above method further comprises:
and caching the application layer data sent by the terminal.
In some embodiments, the cache may set a strong cache and a negotiation cache according to actual needs of a user, so that the application layer data obtained after the service is provided is cached, so that when the same service needs to be provided next time, the cached application layer data is directly sent, and is not acquired from the public network through the gateway, thereby improving the communication speed.
According to the embodiment of the disclosure, by caching the application layer data sent by the terminal, the history service data can be directly obtained when the same data is required next time, so that the communication speed is improved.
In some embodiments, the virtual IP, virtual MAC, and socks5 services described above are preconfigured in the socks5 gateway comprising:
the virtual IP, virtual MAC and locks 5 services are based on the linux system or windows system, preconfigured in the locks 5 gateway.
In some embodiments, the determination that the socket 5 transparent proxy based communication is performed in the linux system or the windows system is based on the fact that the virtual IP, the virtual MAC, and the socket 5 service are pre-configured based on the linux system or the windows system.
According to the embodiment of the disclosure, by providing a linux system or a windows system, different systems are provided to meet the operation requirements of different users.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present disclosure is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present disclosure. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments, and that the acts and modules referred to are not necessarily required by the present disclosure.
The foregoing is a description of embodiments of the method, and the following further describes embodiments of the present disclosure through examples of apparatus.
Fig. 3 shows a block diagram of a communication device 300 based on a socks5 transparent proxy in accordance with an embodiment of the present disclosure. The apparatus 300 may be included in the socks5 gateway 122 of fig. 1 or implemented as the socks5 gateway 122. As shown in fig. 3, the apparatus 300 includes:
an acquiring module 310, configured to acquire a data packet sent by a terminal;
the processing module 320 is configured to return an ARP reply packet when the destination MAC in the data packet is a broadcast address and is an ARP query virtual IP, so that the terminal obtains the virtual MAC; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to the ICMP information message so that the terminal PING passes through the socks5 gateway; when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through the socks5 service; wherein the virtual IP, virtual MAC, and socks5 services are preconfigured in the socks5 gateway.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related user personal information all conform to the regulations of related laws and regulations, and the public sequence is not violated.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
Fig. 4 shows a schematic block diagram of an electronic device 400 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
The electronic device 400 includes a computing unit 401 that can perform various suitable actions and processes according to a computer program stored in a ROM402 or a computer program loaded from a storage unit 408 into a RAM 403. In the RAM403, various programs and data required for the operation of the electronic device 400 may also be stored. The computing unit 401, ROM402, and RAM403 are connected to each other by a bus 404. An I/O interface 405 is also connected to bus 404.
Various components in electronic device 400 are connected to I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, etc.; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408, such as a magnetic disk, optical disk, etc.; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the electronic device 400 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The computing unit 401 may be a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 401 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 401 performs the various methods and processes described above, such as method 200. For example, in some embodiments, the method 200 may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 408. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 400 via the ROM402 and/or the communication unit 409. One or more of the steps of the method 200 described above may be performed when a computer program is loaded into RAM403 and executed by computing unit 401. Alternatively, in other embodiments, the computing unit 401 may be configured to perform the method 200 by any other suitable means (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: display means for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (10)
1. A method of communication based on a locks 5 transparent proxy, applied to a locks 5 gateway, comprising:
acquiring a data packet sent by a terminal;
when the destination MAC in the data packet is a broadcast address and is ARP inquiring virtual IP, returning an ARP response packet so that the terminal obtains the virtual MAC;
when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to an ICMP information message so that the terminal PING passes through the socks5 gateway;
when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through a socks5 service;
wherein the virtual IP, virtual MAC, and socks5 services are preconfigured in the socks5 gateway.
2. The method of claim 1, wherein before responding to an ICMP message to cause the terminal PING to pass through the socks5 gateway when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, the method further comprises:
judging whether the terminal supports the socks5 service according to a preset authentication rule;
if yes, communication based on the socks5 transparent proxy.
3. The method of claim 1, wherein the communicating with the terminal through the socks5 service emulation purpose IP comprises:
and according to a preset service quality speed limit rule, simulating the destination IP to communicate with the terminal through the socks5 service.
4. A method according to any one of claims 1 to 3, further comprising:
and caching the application layer data sent by the terminal.
5. A method according to any one of claims 1 to 3, wherein the virtual IP, virtual MAC and socks5 services are pre-configured in the socks5 gateway comprising:
the virtual IP, the virtual MAC and the socks5 service are based on a linux system or a windows system and are preconfigured in the socks5 gateway.
6. A communications device based on a socks5 transparent proxy, comprising:
the acquisition module is used for acquiring the data packet sent by the terminal;
the processing module is used for returning an ARP response packet when the destination MAC in the data packet is a broadcast address and is ARP inquiring virtual IP so as to enable the terminal to obtain the virtual MAC; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, responding to an ICMP information message so that the terminal PING passes through a socks5 gateway; when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the destination IP is simulated to be communicated with the terminal through a socks5 service; wherein the virtual IP, virtual MAC, and socks5 services are preconfigured in the socks5 gateway.
7. A communication system based on a socks5 transparent proxy, which is characterized by comprising a switch, a socks5 gateway and a gateway:
the method comprises the steps that a software agent is operated by a socks5 gateway, and virtual IP, virtual MAC and socks5 services are configured in advance by the software agent; the socks5 gateway grabs a data packet sent to the gateway by the terminal through the switch; when the destination MAC in the data packet is a broadcast address and is ARP inquiring virtual IP, the socks5 gateway returns an ARP response packet so that the terminal obtains the virtual MAC; when the destination MAC in the data packet is a virtual MAC and the destination IP is a virtual IP, the socks5 gateway responds to an ICMP information message so that the terminal PING passes through the socks5 gateway; and when the destination MAC in the data packet is a virtual MAC and the destination IP is not a virtual IP, the socks5 gateway simulates the destination IP to communicate with the terminal through the socks5 service.
8. The system of claim 7, wherein when the terminal connects to an external network via the socks5 gateway, routing information is configured on the terminal, designating a default gateway as an IP of the socks5 gateway; when the terminal is not connected with an external network through the socks5 gateway, the terminal and the gateway are in the same local area network, route information is configured on the terminal, and a default gateway is designated as the IP of an exit gateway.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor;
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-5.
10. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310678711.3A CN116418863B (en) | 2023-06-09 | 2023-06-09 | Communication method and device based on socks5 transparent proxy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310678711.3A CN116418863B (en) | 2023-06-09 | 2023-06-09 | Communication method and device based on socks5 transparent proxy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116418863A true CN116418863A (en) | 2023-07-11 |
| CN116418863B CN116418863B (en) | 2023-09-15 |
Family
ID=87054641
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310678711.3A Active CN116418863B (en) | 2023-06-09 | 2023-06-09 | Communication method and device based on socks5 transparent proxy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116418863B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103763407A (en) * | 2014-01-28 | 2014-04-30 | 上海斐讯数据通信技术有限公司 | Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system |
| CN105391813A (en) * | 2015-10-13 | 2016-03-09 | 北京极科极客科技有限公司 | Protocol for sessions traversal across firewall securely (SOKS) transparent proxy method and SOKS transparent proxy device |
| WO2016107453A1 (en) * | 2014-12-31 | 2016-07-07 | 华为技术有限公司 | Media access control address forwarding table transmission control method, apparatus, and system |
| CN105814918A (en) * | 2013-11-12 | 2016-07-27 | 瑞典爱立信有限公司 | Remote socket connection for data unloading |
| CN106713320A (en) * | 2016-12-23 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Terminal data transmission method and device |
| DE202021103381U1 (en) * | 2021-03-19 | 2021-07-06 | Teso LT, UAB | Computer readable medium and systems for implementing a regionally contiguous proxy service |
| KR20210085425A (en) * | 2019-12-30 | 2021-07-08 | 주식회사 안랩 | Apparatus and method for concealing network, computer-readable storage medium and computer program for controlling the holder device |
| CN113438230A (en) * | 2021-06-23 | 2021-09-24 | 中移(杭州)信息技术有限公司 | Protocol negotiation method, device, proxy server and storage medium |
| CN114285818A (en) * | 2021-12-16 | 2022-04-05 | 江西电力职业技术学院 | Terminal device positioning method and device and terminal device |
| CN115189920A (en) * | 2022-06-16 | 2022-10-14 | 阿里巴巴(中国)有限公司 | Cross-network domain communication method and related device |
| US11637909B1 (en) * | 2022-01-06 | 2023-04-25 | Webshare Software Company | Preemptive TCP connections to reduce latency for proxies |
-
2023
- 2023-06-09 CN CN202310678711.3A patent/CN116418863B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105814918A (en) * | 2013-11-12 | 2016-07-27 | 瑞典爱立信有限公司 | Remote socket connection for data unloading |
| CN103763407A (en) * | 2014-01-28 | 2014-04-30 | 上海斐讯数据通信技术有限公司 | Method for achieving address resolution protocol proxy through two-layer virtual local area network and local area network system |
| WO2016107453A1 (en) * | 2014-12-31 | 2016-07-07 | 华为技术有限公司 | Media access control address forwarding table transmission control method, apparatus, and system |
| CN105391813A (en) * | 2015-10-13 | 2016-03-09 | 北京极科极客科技有限公司 | Protocol for sessions traversal across firewall securely (SOKS) transparent proxy method and SOKS transparent proxy device |
| CN106713320A (en) * | 2016-12-23 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Terminal data transmission method and device |
| KR20210085425A (en) * | 2019-12-30 | 2021-07-08 | 주식회사 안랩 | Apparatus and method for concealing network, computer-readable storage medium and computer program for controlling the holder device |
| DE202021103381U1 (en) * | 2021-03-19 | 2021-07-06 | Teso LT, UAB | Computer readable medium and systems for implementing a regionally contiguous proxy service |
| CN113438230A (en) * | 2021-06-23 | 2021-09-24 | 中移(杭州)信息技术有限公司 | Protocol negotiation method, device, proxy server and storage medium |
| CN114285818A (en) * | 2021-12-16 | 2022-04-05 | 江西电力职业技术学院 | Terminal device positioning method and device and terminal device |
| US11637909B1 (en) * | 2022-01-06 | 2023-04-25 | Webshare Software Company | Preemptive TCP connections to reduce latency for proxies |
| CN115189920A (en) * | 2022-06-16 | 2022-10-14 | 阿里巴巴(中国)有限公司 | Cross-network domain communication method and related device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116418863B (en) | 2023-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108449282B (en) | Load balancing method and device | |
| CN110247784B (en) | Method and device for determining network topology structure | |
| CN106533890B (en) | Message processing method, device and system | |
| US9146826B2 (en) | Method and apparatus for scaling network simulation | |
| CN109728962B (en) | Method and equipment for sending message | |
| CN111193773B (en) | Load balancing method, device, equipment and storage medium | |
| CN111698346B (en) | Private network address conversion method and device, private network gateway and storage medium | |
| US9042272B2 (en) | Distributed proxy addressing operations | |
| CN114629816B (en) | Public network IP network state detection method and system | |
| CN116418863B (en) | Communication method and device based on socks5 transparent proxy | |
| CN115190087B (en) | Data transmission method, device, equipment and medium based on two-layer intermediate equipment | |
| CN110753135A (en) | IP address configuration method, configuration equipment and storage medium | |
| US10200445B2 (en) | Method for analyzing performance of network application program in software defined networking environment, apparatus therefor, and computer program therefor | |
| CN105516121B (en) | The method and system that AC is communicated with AP in WLAN | |
| CN114598532A (en) | Connection establishing method, device, electronic equipment and storage medium | |
| CN114520780A (en) | Access method and device for proxy server | |
| JP2023541662A (en) | Data steering method and device | |
| CN114650290A (en) | Network connection method, processing device, terminal and storage medium | |
| CN113726881A (en) | Communication connection establishment method, related device and computer program product | |
| CN115225634B (en) | Data forwarding method, device and computer program product under virtual network | |
| Caiza et al. | Software-Defined Network (SDN) Based Internet of Things within the context of low-cost automation | |
| CN116306407B (en) | Verification method, device, equipment and storage medium of Network On Chip (NOC) | |
| CN112565048B (en) | Three-layer VPN (virtual private network) network creation method, three-layer VPN network data transmission method, three-layer VPN network creation device, three-layer VPN network data transmission device and electronic equipment | |
| CN116896583A (en) | Remote control method, device, electronic equipment and storage medium | |
| CN116074320A (en) | Co-proxy cluster communication method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |