CN101345741A - Proxy system and proxy connecting method based on internet - Google Patents

Proxy system and proxy connecting method based on internet Download PDF

Info

Publication number
CN101345741A
CN101345741A CN 200710093948 CN200710093948A CN101345741A CN 101345741 A CN101345741 A CN 101345741A CN 200710093948 CN200710093948 CN 200710093948 CN 200710093948 A CN200710093948 A CN 200710093948A CN 101345741 A CN101345741 A CN 101345741A
Authority
CN
China
Prior art keywords
proxy
client
server
connection
agent
Prior art date
Application number
CN 200710093948
Other languages
Chinese (zh)
Inventor
全 周
方俊武
Original Assignee
盛大计算机(上海)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 盛大计算机(上海)有限公司 filed Critical 盛大计算机(上海)有限公司
Priority to CN 200710093948 priority Critical patent/CN101345741A/en
Publication of CN101345741A publication Critical patent/CN101345741A/en

Links

Abstract

The invention discloses a proxy system and proxy connection method based on internet, which has efficiency of capability of improving safety of the agent system, suitability for configuration of fireproof wall regulation, improved efficiency of proxy system and reduced complexity. The system includes a client, a proxy server terminal and a server terminal, wherein, proxy protocols are deployed at the client and the proxy server terminal, so that the proxy server, after receiving the proxy request of the client, if being permitted to proxy the connection, will directly connect the appointed server terminal in proxy request without disconnecting the proxy negotiating connection in advance. The proxy server terminal and the server terminal required to acquire the client information can also deploy a customer terminal connection information acquiring protocol. In order to acquire the time-delay instance when the client is in direct connection with the server terminal, and the time-delay instance when the client in connection with the server terminal through the proxy of the proxy server terminal, velocity measuring protocols are deployed on the client, the proxy server terminal and the server terminal.

Description

基于互联网的代理系统及代理连接方法 Internet-based proxy system and proxy connection method

技术领域 FIELD

本发明涉及一种代理系统,尤其涉及一种基于互联网的代理系统。 The present invention relates to an agent system, in particular, to an Internet-based system agents. 本发明还涉及一种基于互联网的代理连接方法。 The present invention further relates to a method based on the proxy connection to the Internet.

背景技术 Background technique

当今网络日益普及,基于互联网的服务日渐增多。 The growing popularity of today's networks, the increasing number of Internet-based services. 在网络传输及内容服务过程中,为保证服务质量及信息安全性,经常需要采用代理系统。 In the process of network transmission and content services in order to ensure service quality and information security, often you need to use proxy system. 目前存在的代理系统及其实现方式主要有两种形式: Existing proxy system and its implementation There are two main forms:

一种为采用应用层网关如HTTP代理、FTP代理等,其缺点在于特定于应用层协议,对于每个应用层协议需要与其相匹配的应用层网关软件; One for the application layer gateway uses such as HTTP proxy, FTP and other agents, the disadvantage that application layer gateway application layer protocol-specific software for each application layer protocols require their match;

另外一种为S0CKS4/S0CKS5协议系统,此协议虽独立于应用层协议, 但对于网络防火墙难以配置规则集,同时,服务器端也无法获取客户端的连接信息,如IP地址和端口号等。 Another is S0CKS4 / S0CKS5 protocol system, although this protocol is independent of the application layer protocol, but is difficult to configure the network firewall rule set, while the server can not acquire the connection information of the client, such as IP address and port number. 在S0CKS4/S0CKS5协议中,客户端必须首先连接代理服务器(即代理协商连接)并发送代理协商请求;协商成功后,代理服务器会在另外一个新的地址进行监听,并将该新的地址通过代理应答返回给客户端,然后关闭代理协商连接;随后,客户端通过该新的地址连接远程服务器(即代理数据连接)。 In S0CKS4 / S0CKS5 protocol, the client must first connect the proxy server (i.e. a proxy negotiate connections) and sends a negotiation request agent; After that, the proxy server listens another new address, the new address and the proxy the response back to the client, and then close the proxy connection negotiation; subsequently, the client connects remote server (ie, proxy data connection) via the new address. 根据如上所述,由于S0CK4/S0CK5协议中,代理协商连接和代理数据连接为两个独立的连接, 客户端在代理请求成功后代理端会返回客户端一个新的地址,然后客户端使用这个新的地址连接服务器端,因此其存在着如下缺点:(l)在代理请 The As described above, since S0CK4 / S0CK5 protocol negotiation agent and agent data connection after connection of two separate connection, the client side proxy request was successful proxy client returns a new address, then the client to use the new address server connections, so that there is a disadvantage: (l) the agent please

求成功和客户端连接新地址之前,其他恶意程序可能直接连接该地址,从而绕过代理协商中的身份验证过程,因此其安全性难以得到有效的保证; (2)由于对于每个代理请求,都需要建立两个新的连接,因此从一定程度上增加了代理服务器的负荷,使得代理连接的建立过程所需消耗的时间 Before seeking success and address new client connections, other malicious programs may be directly connected to the address to bypass proxy authentication process of negotiation, and therefore its safety can not be effectively guaranteed; (2) Since each proxy requests for, two are required to establish a new connection, and therefore increases the load on the proxy server to some extent, so that the time required for connection establishment procedure agent consumed

较多,效率不够高;(3)由于S0CK4/S0CK5协议在代理请求成功后,需要为每个客户端分配一个新的监听地址,因此对于大量不同的代理请求,则需要分配大量不同的地址加以区分,因此不利于配置防火墙规则集;(4) 由于S0CKS4/S0CKS5协议的协商连接和数据连接为两个独立的连接,因此需要某种方式将代理协商的信息和代理数据连接监听的地址相关联,从而从一定程度上增加了代理实现的复杂度;(5)通用的S0CKS4/S0CKS5服务器通常会被代理猎手等软件发现,从而导致滥用,造成资源和网络的浪费, 因此其隐蔽性也不够高。 Are more efficient enough; (3) due S0CK4 / S0CK5 agreement after the agent request is successful, you need to assign a new listener address for each client, so for a number of different proxy requests, you need to be allocated a number of different addresses distinction, which is not conducive to configure the firewall rule set; (4) Since the negotiation connection and data S0CKS4 / S0CKS5 protocol connection into two separate connections, it is necessary in some way to information negotiation agent and agent data associated with an address connection listens , thereby increasing to some extent the complexity of proxy implementation; (5) common S0CKS4 / S0CKS5 server will usually be proxy hunter and other software discovery, leading to abuse, waste of resources and networks, so that concealment is not high enough .

发明内容 SUMMARY

本发明所要解决的技术问题是提供一种基于互联网的代理系统,可提高代理系统的安全性、利于防火墙规则集的配置、提高代理系统的效率, 降低其复杂度。 The present invention solves the technical problem is to provide an Internet-based agent system, agents can improve the security of the system, which will help configure the firewall rule set, improve the efficiency of the agent system, reducing its complexity. 为此本发明还提供一种基于互联网的代理连接方法。 For this purpose the present invention also provides a method for Internet-based proxy connection.

为解决上述技术问题,本发明提供一种基于互联网的代理系统,包括客户端、代理服务器端和服务器端,在所述客户端和代理服务器端均部署有代理协议,所述代理协议用于:使得所述代理服务器在接收到所述客户端的代理请求后,如果经判断允许代理该连接,则直接由所述代理服务器去连接代理请求中所指定的服务器端,然后再向所述客户端发送代理应答表明代理连接是否成功;其中,所述代理请求至少包括:所述代理协议的 To solve the above problems, the present invention provides an Internet-based proxy system, comprising a client, the server and the proxy server, the proxy protocol are deployed at the client and the proxy server, the proxy protocol is used: such that the proxy server receives the request from the client agent, if the agent is judged to allow the connection, directly connected to the proxy server to proxy requests specified in the server, the client sends then to the proxy proxy response indicates whether the connection is successful; wherein said request agent at least comprising: the proxy protocol

版本号、需要连接的服务器端地址和端口、认证方式、认证数据;所述代理应答至少包括:所述代理协议的版本号、错误码。 The version number, server address and port, authentication method, authentication data to be connected; said proxy response comprising at least: the version number of the protocol agent, the error code.

本发明还提供一种基于互联网的代理连接方法,包括以下步骤- The present invention also provides a method for Internet-based proxy connection, comprising the steps of -

(1) 在客户端与代理服务器端间建立代理协商连接并发送代理请求; (1) establishing a proxy and sends a proxy request to negotiate connections between the client and the proxy server;

(2) 代理服务器端接收到该代理请求后,判断是否允许代理该连接, 如果经判断允许代理该连接,则由该代理服务器直接去连接代理请求中所指定的服务器端,并在根据服务器端返回的信息,判断连接是否成功后向客户端发送代理应答;否则,即如果经判断不允许代理该连接,则直接向客户端发送代理应答; (2) the proxy agent receives the request, the proxy determines whether to allow the connection, if the agent is judged to allow the connection, by the proxy server is connected directly to the proxy server specified in the request side and the server side according to the the returned information to determine whether the connection after a successful proxy sends a response to the client; otherwise, that is, if judged by proxy is not allowed the connection, the sender directly to the client proxy response;

(3) 客户端根据代理应答中的错误代码,判断代理连接是否成功,如果代理连接成功则通过代理服务器在客户端和服务器端之间使用该代理连接发送后续数据;如果代理连接失败,则断开客户端与代理服务器端间的代理协商连接。 (3) The client proxy response error codes, the agent determines whether the connection is successful, if the connection is successful then the proxy proxy connection transmits the subsequent data through the use of a proxy server between the client and the server; if the proxy connection fails, broken Acting negotiated between the client and open proxy server connection.

本发明由于采用了上述技术方案,具有这样的有益效果,即通过使得客户端和代理服务器端都实现对代理协议的支持,该代理协议使得代理服务器在向客户端返回协商结果后,并不关闭代理协商连接,而是复用该连接用于客户端的后续应用数据传输,也就是说通过所述代理协议使得代理协商连接和代理数据连接共用同一个连接,客户端在代理协商成功后,直接使用该连接传输代理数据,因此具有如下效果:(1)由于协议实现了统一连接,因此客户端通过代理服务器连接到服务器端的网络连接具有唯一性,从而避免了遭到其他恶意程序攻击的可能性;(2)减小了代理服务器的负荷,縮短了代理连接建立过程所需要的时间,从而提高了效率;(3)由于客户端只需要连接代理端的唯一监听端口即可实现代理协商和代理数据的传输,因此只需在防火墙上开放 The present invention adopts the above technical solution has the advantageous effect, i.e., by causing the client and proxy server implementations support protocol proxy, the proxy protocol enables the proxy server after returning a negotiation result to the client, not closed agent negotiation connection, but multiplexes the data transmission connection for a subsequent client application, i.e. such that the agent and the agent to negotiate a connection with the proxy data connections share the same connection protocol, the client agent upon a successful negotiation, directly the proxy data transmission connection, and therefore has the following effects: (1) Since the unified connector protocol, the client connected to the server through a proxy server's unique network connection, thereby avoiding the possibility of malicious code being other; (2) reducing the load of the proxy server, the proxy connection establishment shortening the time required for the process, thereby improving efficiency; (3) Since the client need only connect single listening port of the agent can be realized negotiation agent and agent data transmission, so only open on the firewall 理段的监听地址即可,更利于防火 It can listen address management segment, more conducive to fire

墙规则集的配置;(4)由于本发明所述代理系统中,代理协商连接和数据连接共用同一个连接,因此使得如上两者的关联过程更加容易实现,从而减少了实现的复杂性;(5)由于代理端只能与特定的服务器端进行连接, 因此避免了被第三方利用的可能性,从而提高了隐蔽性。 Wall configuration rule set; (4) Since the proxy system of the present invention, agents negotiate and data connections share the same connection, so that both the association process is more easily achieved as described above, thereby reducing the complexity of implementation; ( 5) because the proxy terminal only connected to a particular server, thus avoiding the possibility of use by a third party, thereby improving concealment. 另外,通过在本发明所述代理系统的代理服务器端和需要获取客户端信息的服务器端分别使用本发明所述客户端连接信息获取协议,实现了可向服务器端提供客户端连接信息,如客户端连接IP地址、端口号等。 Further, by separately connecting the client using the proxy server of the present invention the agent of the present invention and the system needs to obtain client information server information acquisition protocol to implement the client may provide to the server connection information, such as customer terminal connected IP address, port number. 通过在客户端、代理服务器端和服务器端部署本发明所述测速协议,使得客户端能够对直接连接和代理连接的效果进行判断,从而动态选择较好的连接方式,并且所述测速协议还可有效地避免代理服务器由于访问量太大,而有可能产生的代理服务器瓶颈现象。 By deploying the invention the speed protocol at the client, the proxy server and the server side, so that the client can be determined and a direct connection to the proxy connection effect, to dynamically select the preferred connection, and also the speed protocol effectively avoid the proxy server due to too much traffic, and it is possible to generate a proxy server bottlenecks.

附图说明 BRIEF DESCRIPTION

下面结合附图与具体实施方式对本发明作进一步详细的说明: 图1为本发明所述代理系统的一个实施例的系统架构示意图; 图2为本发明所述代理系统的一个实施例的实现方框图; 图3为本发明所述代理系统进行代理连接建立时的顺序图; 图4为本发明所述代理系统进行网络测速时的顺序图。 Implement a system block diagram showing an embodiment of the present invention, the proxy FIG. 2; FIG. 1 illustrates one embodiment of a system architecture of the agent system of the invention: DETAILED DESCRIPTION OF DRAWINGS embodiment of the present invention will be further described in detail ; FIG. 3 is a sequence diagram of the proxy system when a proxy connection is established to the invention; FIG. 4 of the sequence diagram proxy system speed network of the present invention.

具体实施方式 Detailed ways

如图1和图2所示,在一个实施例中,本发明所述代理系统包括客户端、代理服务器端和服务器端,其中在客户端和代理服务器端都部署有代 1 and 2, in one embodiment, the agent system of the invention includes a client, the server and the proxy server, wherein the client and proxy server are deployed generations

理协议。 Factoring agreement. 所述客户端代理协议可通过如下两种方式来部署:1、通过修改 The client agent protocol may be deployed in the following two ways: one, by modifying

客户端代码的方式来实现对代理协议的支持;2、为了最小化客户端代码的改动,除了采用宏替换方式外,对于Windows系统,还可以利用WinSock 2所提供的LSP (Layered Service Provider,网络连接劫持)来扩展接口,从而实现一个支持代理连接的LSP,此时客户端代码不需要任何改动即可实现对代理连接的支持。 Client code way to implement support for proxy protocol; 2, in order to minimize changes to the client code, except that the macro alternative embodiment, the Windows systems, can also use the WinSock 2 provided to LSP (Layered Service Provider, network connection hijacking) to expand the interface, enabling a proxy connection support LSP, then the client does not require any changes to the code to implement support for proxy connections. 所述服务器端代理协议的部署方式包括:实现一个支持代理协议的服务器软件,在实现过程中应该注意系统资源的正确释放、协议状态的维护及对恶意客户程序的防范等。 Deployment of the server-side proxy protocols include: achieving a proxy protocol server support software, in the implementation process should pay attention to the correct release system resources, and preventive maintenance agreements for state programs and other malicious client.

客户端和代理服务器端通过所述代理协议,可共同完成如下从客户端 Client and proxy server through the proxy protocol, from the client together to complete the following

到所需访问的服务器端的代理连接的过程: The proxy server connected to the process need to be visited:

第一步,在客户端与代理服务器端间建立代理协商连接并发送代理请 The first step, an agency negotiated between the client and the proxy server connection and sends a proxy request

求,在一个实施例中,本发明所述代理协议中的代理请求包括:代理协议的版本号、需要连接的服务器端地址和端口、认证方式、认证数据等信息。 Seeking, in one embodiment, the agent of the present invention comprises a proxy request protocol: protocol agent version number, server address and port, the authentication mode, the authentication data and the like to be connected.

第二步,代理服务器端接收到该代理请求后,判断是否允许代理该连接,如果经判断允许代理该连接,则由该代理服务器直接去连接代理请求中所指定的服务器端(但不关闭所述代理协商连接),并根据服务器端返回的信息,在判断连接是否成功后向客户端发送代理应答,表明此代理连接是否成功;否则,即如果经判断不允许代理该连接,则直接向客户端发送代理应答,表明代理服务器端不允许代理该连接;所述代理应答包括代理协议的版本号、错误码等信息,通过所述错误码客户端可知道连接是否成功以及连接失败的原因等信息。 After the second step, the proxy agent receives the request, the proxy determines whether to allow the connection, if the agent is judged to allow the connection, by the proxy server is connected directly to the proxy server specified in the request side (but not the closing said negotiation connection agent), and based on the information returned from the server, transmits the proxy response to the client after determining whether the connection is successful, whether the agent indicates that the connection is successful; otherwise, i.e., if the proxy is not allowed is determined by the connection directly to the customer the agent sends a response indicating that the proxy server proxy is not allowed; said proxy response information including the version number of the protocol agents, error codes, error code by the client may know that the connection is successful and the reason for the connection failure information .

第三步,客户端根据代理应答中的错误代码,判断该代理连接是否成功,如果代理连接成功则可通过代理服务器在客户端和服务器端之间使用该连接发送后续数据;如果代理连接失败,则断开客户端与代理服务器端间的代理协商连接。 A third step, the client proxy response in accordance with the error code, the agent determines whether the connection is successful, if the proxy connection is successful may be sent through a proxy server using the subsequent data connection between the client and the server; if the proxy connection fails, disconnect agency consultations between the client and the proxy server connection.

在现有代理技术中,客户端对服务器端都是透明的,即服务器端无法区分直接连接和代理连接,因此服务器端无法获取客户端的连接信息。 Acting in the prior art, the client side is transparent to the server, i.e. the server can not distinguish between direct connection and proxy connection, so the server can not obtain information about the client connection. 但是,有些服务器端需要知道客户端的一些连接信息,如客户端的IP地址、 端口号等。 However, some server needs to know the connection information for the client, such as IP address and port number of the client. 因此,在另一个实施例中,本发明所述代理服务器端部署有客户端连接信息获取协议,同时在需要客户端连接信息的服务器端也部署有客户端连接信息获取协议,而不需要客户端连接信息的服务器端则不需要配置客户端连接信息获取协议。 Thus, in another embodiment, the present invention is deployed with proxy server information acquisition client connection protocols, and the server need client connection is also deployed with the client connection information acquisition protocol, without the need for the client server connection information do not require client connection information acquiring protocol. 当客户端请求与部署有客户端连接信息获 When a client requests deploying client connection information is eligible

取协议的服务器端间建立代理连接时,如图3所示,从客户端到所需访问 Establishing a connection between the proxy server to take protocol, shown in Figure 3, from the client to access the desired

的服务器端的代理连接的过程变为: The proxy server connection process becomes:

第一步,在客户端与代理服务端间建立代理协商连接并发送代理请求,在一个实施例中,本发明所述代理协议中的代理请求包括:代理协议的版本号、需要连接的服务器端地址和端口、认证方式、认证数据等信息。 The first step, an agency negotiated between the client and the proxy server sends a proxy connection request and, in one embodiment, the agent of the present invention comprises a proxy request protocol: protocol version number of the proxy, the server need to connect address and port, authentication, authentication data and other information.

第二步,代理服务器端接收到该代理请求后,判断是否允许代理该连接,如果经判断允许代理该连接,则该代理服务器取得客户端的IP地址和端口号等连接信息,随后由该代理服务器直接去连接代理请求中所指定的服务器端,并根据服务器端返回的信息判断代理连接是否成功,如果该代理连接成功则在向服务器端发送其所取得的客户端的连接信息后再向客户端发送代理应答,表明连接服务器端成功;如果判断该代理连接不成功,则直接向客户端发送代理应答,表明连接服务器端不成功;如果经判断不允许代理该连接,则直接向客户端发送代理应答,表明代理服务器端不允许代理该连接; After the second step, the proxy agent receives the request, the proxy determines whether to allow the connection, if the connection is judged to allow the proxy, the proxy server to obtain an IP address and a client port number, connection information, the proxy server followed by the connection request directly to the proxy server specified, and the proxy determines whether a successful connection based on the information returned from the server, if the proxy connection is successful in sending its connection information of the client to the server acquired before sending to the client proxy response, indicating a successful connection to the server side; if it is determined that the proxy connection is not successful, is sent directly to the client proxy response, the server indicates that the connection is not successful; determining if the proxy is not allowed by the connection, sending a proxy response to the client directly indicating that the proxy server is connected to the proxy is not allowed;

所述代理应答包括版本号、错误码等信息,通过所述错误码客户端可知道连接是否成功,如果连接失败则通过该错误码客户端还可知道具体连接失败的原因等信息。 The proxy response information including the version numbers, error codes, error codes by the client know whether the connection is successful, if the connection fails then the error code by which the client may know the cause connection failure and other specific information.

第三步,客户端根据代理应答中的错误代码,判断该代理连接是否成功;如果连接成功,则可通过该代理服务器在客户端和服务器端之间传送后续的数据,因此一切数据发送过程对客户端和服务器端来说都是透明; 而如果连接失败,则断开客户端与代理服务器端间的代理协商连接。 A third step, the client proxy response in accordance with the error code, the agent determines whether a successful connection; if the connection is successful, the subsequent data can be transferred between the client and the server through the proxy server, thus all the data transmission process the client and server are transparent; and if the connection fails, disconnect the agency negotiated between the client and the proxy server connection.

在上述情况下,在一个实施例中,代理服务器端可提供若干默认格式的客户端信息数据包,对于没有特殊格式要求的服务端可以使用此种格式的数据包;但是,如果不同的服务器端需要不同的数据包格式,则在另一个实施例中,代理端还可使用动态库的方式予以扩展,使得各个服务器端可以配置其信息包的格式。 In the above case, in one embodiment, the proxy server may provide several default format client information packet, the server is not for special formatting requirements may be used in this format data packet; however, if a different server It requires a different packet format, then in another embodiment, the agent may use a dynamic library be expanded, so that each server can configure the format of its packet.

为了使得客户端在与其所要访问的服务器端进行连接之前,能够预先准确判断出究竟是不通过代理服务器端直接连接到其所要访问的服务器端的效果好,还是通过代理服务器端来间接连接到其所要访问的服务器端的效果好,从而使得客户端能够根据实际情况动态地选择较好的连接方式,实现对代理服务器端资源的有效利用,因此在另一个优选实施例中, 在客户端、代理服务器端和服务器端还都部署有测速协议,通过所述测速协议不仅可测试出客户端与服务器端直接连接时的延时情况,还可测试出客户端通过该代理服务器端代理连接到服务器端时的延时情况。 In order to enable the client prior to connection to the server they want to access, it is possible in advance to determine exactly what is not through effective proxy server is directly connected to it to access the server terminal, or indirectly connected to it through a proxy server to good access to the server side effect, so that the client can select the preferred connection according to the actual dynamic, efficient use of resources of the proxy server, and therefore in a further preferred embodiment, the client, the proxy server and the server are also deployed speed protocol, the protocol not only by the speed delay test case when the client and server is directly connected, the client may be tested by the proxy server connected to the proxy server a delay situation.

所述测速协议使用数据报协议(在TCP/IP中为UDP)来实现,包括测速 The speed protocol datagram protocol (in TCP / IP for UDP) implemented, including speed

请求和测速应答两部分,其参与方包括测速客户、测速服务和目标服务。 Request and response speed of two parts, its participants include customers speed, speed and destination services.

其中测速请求中的信息包括时间戳和目标服务地址;而测速应答则返回该时间戳以及测速服务和目标服务之间的网络延时。 Wherein the information request includes a timestamp speed and a target service address; network delay between the response speed and the time stamp, and the speed and destination services is returned.

下面详细讨论测速服务和目标服务为不同服务的情形,对于测速服务和目标服务为同一服务的情形是前者的特例。 Discuss the case in detail below target speed services and services for different services, for speed and destination services are a special case of the former is the case of the same service.

假设测速客户C需要通过测速服务S测试其与目标服务T之间的网络延时,在T1时刻,C向S发送测速请求,其中的时间戳为T1,目标服务地址为T 的地址;S在收到该请求后,取得其中请求的时间戳T1,以及自身与目标服务T之间的延时D,并将T1和D作为测速应答返回客户端。 Suppose C customers need to test speed network delay between it and the target speed service by service T S, at time T1, C transmits a request to speed S, in which the timestamp is T1, T target is the address of the service; in S after receiving the request, wherein the time stamp T1 acquisition requests, and a delay D between itself and the target service T, T1, and D as speed and a response back to the client. 假设客户端收到该测速应答的时间为T2,则客户端通过测速服务测得的其与目标服务之间的延时M可以计算如下: Suppose the client receives the response speed of the time T2, the client through M delay between it and the target service speed services measured can be calculated as follows:

M=T2 - Tl+D M = T2 - Tl + D

当测速服务和目标服务不在同一地址时,上述测试过程对应于测试客户端通过代理服务器端代理连接到服务器端时的延时情况。 When the speed and destination services not in the same address, the above-described test procedure corresponding to the test client agent is connected to the delay of the case where the server through a proxy server. 这时,所述测速客户为客户端,所述测速服务为代理服务器端,所述测速目标为服务器端。 At this time, the speed client for the client, the service speed as a proxy server, the target speed for the server side.

当测速服务和目标服务在同一地址时,测速服务可以返回延时值D为O, 此时有: When the speed and destination services at the same address, the service may return speed delay value D is O, at this time are:

M=T2-Tl M = T2-Tl

因此,上述测试过程对应于测试客户端与服务器端直接连接时的延时的情况。 Accordingly, the above test procedure corresponds to the case when a delay test client directly connected to the server. 这时,所述测速客户为客户端,所述测速服务为服务器端,所述测速 In this case, the client is a client speed, the speed for server-side service, the speed

目标也为服务器端。 Objective for the server side.

在本发明中,测速服务需要维护其相对于各个测速目标的延时值,这个延时值同样可以使用上述测速协议获取。 In the present invention, the service needs to maintain its speed relative delay values ​​for each of the target speed, the latency value can also be acquired by using the speed protocol. (这时测速服务作为测速目标的测速客户,而测速目标作为测速服务的测速服务)具体实现过程中,测速服务可以定时向各个测速目标发送测速请求,从而在每个测速请求到来的时候都有立即可用的测速目标延时。 (At this speed as a client service speed target speed, and target speed as a speed speed services and services) during specific implementation, the timing speed service may send a request to each of the target speed velocity, so that each has speed when the incoming request the target speed immediately available delay. 另夕卜,由于测速协议是使用数据报 Bu the other evening, due to the speed protocol is datagram

协议来实现的,不可避免会有丢包情况出现;而且测速服务在维护其相对 Protocol to achieve, there will be inevitable packet loss occurs; and in the maintenance of its relative speed service

于各个测速目标网络延时过程中,可能出现每次延时不一致的情况,因此, To each destination network speed during the delay, delay each case inconsistencies may occur, therefore,

应注意进行相应的处理。 It is noted that the corresponding process. 其中,可选的处理方式有:计算多次测速结果的加权平均值、采用类似TCP协议中的超时重传机制或只取最近一次的测速结果等。 Wherein, the optional approach include: calculating a weighted average of multiple results of speed, the timeout retransmission mechanism using TCP protocol or the like to take only the most recent results of speed and the like.

通过所述测速协议,还具有如下作用:即在系统达到一定规模后,代理服务器可能成为瓶颈,此时除了增加代理服务器数量外,也可能需要对代理服务器的访问进行一定的控制,此步骤除了代理子系统中本身的身份认证功能外,也可以在客户端和后台服务器进行。 By the speed protocol, following effect: i.e., after the system reaches a certain size, the proxy server may become a bottleneck, this time in addition to increasing the number of proxy servers, but also may require some control of access to the proxy server, in addition to this step Acting subsystem external authentication function itself can also be carried out at the client and back-end servers.

在本发明中,出于安全方面的考虑,本发明所述代理服务器可置于防火墙的内部,对外则只开放代理服务器的代理监听端口。 In the present invention, for security reasons, the present invention is the proxy server can be placed inside the firewall, proxy open only the external proxy server listening port.

Claims (9)

1、一种基于互联网的代理系统,包括客户端、代理服务器端和服务器端,其特征在于,在所述客户端和代理服务器端均部署有代理协议,所述代理协议用于:使得所述代理服务器在接收到所述客户端的代理请求后,如果经判断允许代理该连接,则直接由所述代理服务器去连接代理请求中所指定的服务器端,然后再向所述客户端发送代理应答表明代理连接是否成功;其中,所述代理请求至少包括:所述代理协议的版本号、需要连接的服务器端地址和端口、认证方式、认证数据;所述代理应答至少包括:所述代理协议的版本号、错误码。 1, an Internet-based proxy system, comprising a client, the server and the proxy server, wherein the client and proxy server are deployed with proxy protocol, the protocol proxy for: causing the proxy server after receiving a request of the client agent, if the agent is judged to allow the connection, directly connected to the proxy server to proxy requests specified in the server, the client sends then to the proxy response showed proxy connection is successful; wherein said request agent comprising at least: the version number of the protocol proxy, server address and port, authentication method, authentication data to be connected; said proxy response comprising at least: the proxy protocol version No, the error code.
2、 根据权利要求l所述的基于互联网的代理系统,其特征在于,在所述代理服务器端还部署有客户端连接信息获取协议,在需要获取客户端信息的服务器端也部署有客户端连接信息获取协议;所述客户端连接信息获取协议用于:在代理连接成功后先向所述需要获取客户端信息的服务器端发送客户端的连接信息,然后再向客户端发送代理应答;所述连接信息包括:客户端的IP地址、端口号。 2. The system as claimed in claim Internet-based agent, wherein said l, the server side proxy server deployed client connection information acquisition protocol, the client needs to obtain information deploy client connection information acquisition protocol; the client connection protocol for information acquisition: Xianxiang the server needs to obtain client information sending client proxy connection information after the connection is successful, the client sends then to the proxy response; said connector information including: IP address, port number of the client.
3、 根据权利要求1或2所述的基于互联网的代理系统,其特征在于,在所述客户端、代理服务器端和服务器端还都部署有测速协议,所述测速协议用于:测试客户端与服务器端直接连接时的延时情况;及测试客户端通过代理服务器端代理连接到服务器端时的延时情况。 3, the agent-based system or the Internet according to claim 12, characterized in that, at the client, server, and proxy server are also deployed speed protocol, the protocol for speed: test client delay the case when connected directly to the server; and connected to the test client agent delays the case when the server through a proxy server.
4、 根据权利要求l所述的基于互联网的代理系统,其特征在于,在通过修改客户端代码的方式来实现客户端对所述代理协议的支持;对于Windows系统,还可以利用WinSock 2所提供的网络连接劫持来扩展接口来实现对代理连接的支持。 4. The system of claim Internet-based agent, wherein said l, implemented in a client supports the protocol proxy client code by modifying the way; for Windows systems, may also be provided by using the WinSock 2 hijacking network connections to extend interface to implement support for proxy connections.
5、 根据权利要求3所述的基于互联网的代理系统,其特征在于,所述测速协议使用数据报协议实现,包括测速请求和测速应答两部分,其参与方包括测速客户、测速服务和目标服务;其中,所述测速请求中的信息包括时间戳T1和目标服务地址T;而所述测速应答则返回该时间戳T2以及测速服务和目标服务之间的网络延时D;当所述测速服务和所述目标服务不在同一地址时,测试到的是测试客户端通过代理服务器端代理连接到服务器端时的延时情况M42-T1+D,这时所述测速客户为客户端,所述测速服务为代理服务器端,所述测速目标为服务器端;当所述测速服务和所述目标服务在同一地址时,测试到的是测试客户端与服务器端直接连接时的延时情况M2=T2-Tl,这时所述测速客户为客户端,所述测速服务为服务器端,所述测速目标也为服务器端。 5. The system of claim Internet-based agent according to claim 3, wherein the speed protocol datagram protocol, including speed request and response speed of two parts, which participants include customer speed, speed and destination services ; wherein said speed information includes a time stamp T1 request service address and a target T; and the response speed of the time stamp T2 and the network delay D between the speed and destination services is returned; and when said speed service and when the target address is not in the same service, the test is to test the client agent through a proxy server to delay the case when the server M42-T1 + D, this time the client is a client speed, the speed service proxy server, the server-side target velocity; the velocity when the target service, and the service at the same address, the delay test is to test the case when the client and server is directly connected M2 = T2- Tl, then the speed customer-client, server-side services for the gun, the gun objective for the server side.
6、 根据权利要求l、 2、 4或5所述的基于互联网的代理系统,其特征在于,所述代理服务器置于防火墙的内部,对外则只开放代理服务器的代理监听端口。 6, according to claim L, Internet-based system agents 2, 4 or 5, wherein the proxy server is placed inside the firewall, proxy open only the external proxy server listening port.
7、 一种基于互联网的代理连接方法,其特征在于,包括以下步骤:(1) 在客户端与代理服务器端间建立代理协商连接并发送代理请求;(2) 代理服务器端接收到该代理请求后,判断是否允许代理该连接, 如果经判断允许代理该连接,则由该代理服务器直接去连接代理请求中所指定的服务器端,并在根据服务器端返回的信息,判断连接是否成功后向客户端发送代理应答;否则,即如果经判断不允许代理该连接,则直接向客户端发送代理应答;(3)客户端根据代理应答中的错误代码,判断代理连接是否成功,如果代理连接成功则通过代理服务器在客户端和服务器端之间使用该代理连接发送后续数据;如果代理连接失败,则断开客户端与代理服务器端间的代理协商连接。 7. A method for Internet-based proxy connection, characterized by comprising the steps of: (1) an agency negotiated between the client and the proxy server and transmits the connection request to the agent; (2) the proxy server receives the proxy request after determining whether the connection allows the agent, if the agent is judged to allow the connection, by the proxy server is connected directly to the proxy server specified in the request side, and when the information returned by the server, the client determines whether the connection succeeded sends proxy response; otherwise, i.e., if the proxy is not allowed is determined by the connection, sending a proxy response to the client directly; (3) the client proxy response error codes, it is determined whether the proxy connection is successful, if the proxy connection is successful the proxy connection transmits the subsequent data through the use of a proxy server between the client and the server; if the proxy connection fails, disconnecting the agent negotiated between the client and the proxy server is connected.
8、 根据权利要求7所述的基于互联网的代理连接方法,其特征在于, 在所述步骤(2)中,代理服务器端经判断允许代理连接后,先取得客户端连接信息,然后再由该代理服务器直接去连接代理请求中所指定的服务器端;并在经判断代理连接成功后,先向服务器端发送其所取得的客户端的连接信息,然后再向客户端发送代理应答。 8, the connection method according to claim Internet-based agent, wherein said 7, in the step (2), the proxy server is judged to allow the proxy connection, to obtain client connection, and then from the the proxy server is connected directly to the proxy server specified in the request side; and after the connection is successful is judged agent sends the client its connection information acquired Xianxiang server, the client sends then to the proxy response.
9、 根据权利要求7或8所述的基于互联网的代理连接方法,其特征在于,在执行步骤(1)前,还需测试出客户端与服务器端直接连接时的延时情况, 及客户端通过代理服务器端代理连接到服务器端时的延时情况。 9, the connection method according to claim Internet-based agent, wherein 7 or 8, in step (1) before the time delay needed to test the case where the client and server is directly connected, and the client when the agent is connected to the delay situation of the server through a proxy server.
CN 200710093948 2007-07-13 2007-07-13 Proxy system and proxy connecting method based on internet CN101345741A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200710093948 CN101345741A (en) 2007-07-13 2007-07-13 Proxy system and proxy connecting method based on internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200710093948 CN101345741A (en) 2007-07-13 2007-07-13 Proxy system and proxy connecting method based on internet

Publications (1)

Publication Number Publication Date
CN101345741A true CN101345741A (en) 2009-01-14

Family

ID=40247630

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200710093948 CN101345741A (en) 2007-07-13 2007-07-13 Proxy system and proxy connecting method based on internet

Country Status (1)

Country Link
CN (1) CN101345741A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011020397A1 (en) * 2009-08-17 2011-02-24 成都市华为赛门铁克科技有限公司 Network proxy implementation method and apparatus
CN103634165A (en) * 2013-12-05 2014-03-12 北京奇虎科技有限公司 Method, terminal device and system for realizing network testing based on reverse proxy
CN103699367A (en) * 2012-09-27 2014-04-02 中国电信股份有限公司 HTTP (hyper text transport protocol) API (application program interface) invoking method and device
CN104009880A (en) * 2013-02-27 2014-08-27 阿里巴巴集团控股有限公司 Web test method, proxy server and Web test device
CN104184716A (en) * 2013-05-27 2014-12-03 中兴通讯股份有限公司 Terminal data synchronization method and system
CN104378339A (en) * 2013-08-16 2015-02-25 深圳市腾讯计算机系统有限公司 Communication method and device based on agency protocol
WO2016173169A1 (en) * 2015-04-28 2016-11-03 中兴通讯股份有限公司 Connection state control method, apparatus and system
WO2018018640A1 (en) * 2016-07-29 2018-02-01 华为技术有限公司 Information interaction method, device and system
CN109660686A (en) * 2017-10-10 2019-04-19 佳能株式会社 Image processing apparatus, the control method of image processing apparatus and storage medium

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997673B (en) 2009-08-17 2012-11-21 成都市华为赛门铁克科技有限公司 Network agent implementation method and device
WO2011020397A1 (en) * 2009-08-17 2011-02-24 成都市华为赛门铁克科技有限公司 Network proxy implementation method and apparatus
US8694651B2 (en) 2009-08-17 2014-04-08 Chengdu Huawei Symantec Technologies Co., Ltd. Method and system for implementing network proxy
CN103699367B (en) * 2012-09-27 2017-07-07 中国电信股份有限公司 HTTP application programming interfaces call method and device
CN103699367A (en) * 2012-09-27 2014-04-02 中国电信股份有限公司 HTTP (hyper text transport protocol) API (application program interface) invoking method and device
CN104009880A (en) * 2013-02-27 2014-08-27 阿里巴巴集团控股有限公司 Web test method, proxy server and Web test device
CN104009880B (en) * 2013-02-27 2018-04-17 阿里巴巴集团控股有限公司 Web test methods, proxy server and Web test devices
CN104184716A (en) * 2013-05-27 2014-12-03 中兴通讯股份有限公司 Terminal data synchronization method and system
CN104378339A (en) * 2013-08-16 2015-02-25 深圳市腾讯计算机系统有限公司 Communication method and device based on agency protocol
CN104378339B (en) * 2013-08-16 2019-07-05 深圳市腾讯计算机系统有限公司 A kind of communication means and device using agency agreement
CN103634165A (en) * 2013-12-05 2014-03-12 北京奇虎科技有限公司 Method, terminal device and system for realizing network testing based on reverse proxy
WO2015081709A1 (en) * 2013-12-05 2015-06-11 北京奇虎科技有限公司 Method, terminal device, and system for implementing network test based on reverse proxy
CN106161580A (en) * 2015-04-28 2016-11-23 中兴通讯股份有限公司 A kind of connection status control method, Apparatus and system
WO2016173169A1 (en) * 2015-04-28 2016-11-03 中兴通讯股份有限公司 Connection state control method, apparatus and system
WO2018018640A1 (en) * 2016-07-29 2018-02-01 华为技术有限公司 Information interaction method, device and system
CN109660686A (en) * 2017-10-10 2019-04-19 佳能株式会社 Image processing apparatus, the control method of image processing apparatus and storage medium

Similar Documents

Publication Publication Date Title
US7107348B2 (en) Packet relay processing apparatus
EP1017206B1 (en) Method and apparatus for connecting a home network to the internet
US7496107B1 (en) Mechanism for implementing voice over IP telephony behind network firewalls
CN100586138C (en) A method and apparatus for connecting packet telephony calls between secure and non-secure networks
US7177952B1 (en) Method and system for switching between two network access technologies without interrupting active network applications
EP1368947B1 (en) Addressing method and system for using an anycast address
US8335853B2 (en) Transparent recovery of transport connections using packet translation techniques
US20060168321A1 (en) System and method for traversing firewalls, NATs, and proxies with rich media communications and other application protocols
US8713302B1 (en) Firewall-tolerant voice-over-internet-protocol (VoIP) emulating SSL or HTTP sessions embedding voice data in cookies
US20030126230A1 (en) Method and system for transmitting information across a firewall
US7055028B2 (en) HTTP multiplexor/demultiplexor system for use in secure transactions
AU770584B2 (en) Secured session sequencing proxy system and method therefor
EP1234246B1 (en) System and method for network access without reconfiguration
US8079072B2 (en) Null-packet transmission from inside a firewall to open a communication window for an outside transmitter
US20040177158A1 (en) Network address translation techniques for selective network traffic diversion
US6912588B1 (en) System and method for managing client requests in client-server networks
JP2006503525A (en) Apparatus, method and computer program product for virtual network construction
US8271613B2 (en) Asynchronous hypertext messaging
US8082324B2 (en) Method of establishing a tunnel between network terminal devices passing through firewall
CN101443750B (en) Techniques for load balancing over a cluster of subscriber-aware application servers
US7924832B2 (en) Facilitating transition of network operations from IP version 4 to IP version 6
JP4454072B2 (en) IP communication network system and QoS guarantee device
CN1146809C (en) Integrated IP network
WO2002054706A1 (en) Multi-user applications in multimedia networks
US7161947B1 (en) Methods and apparatus for intercepting control and data connections

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C12 Rejection of an application for a patent