CN102724133A - Method and device for transmitting internet protocol (IP) message - Google Patents
Method and device for transmitting internet protocol (IP) message Download PDFInfo
- Publication number
- CN102724133A CN102724133A CN2012102278830A CN201210227883A CN102724133A CN 102724133 A CN102724133 A CN 102724133A CN 2012102278830 A CN2012102278830 A CN 2012102278830A CN 201210227883 A CN201210227883 A CN 201210227883A CN 102724133 A CN102724133 A CN 102724133A
- Authority
- CN
- China
- Prior art keywords
- message
- ssl vpn
- module
- compression
- judge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for transmitting an internet protocol (IP) message by utilizing security sockets layer (SSL) virtual private network (VPN) technology. IP messages which are sent or received by an IP access client-side of an SSL VPN and an SSL VPN gateway and are transmitted a wide area network can be compressed and decompressed by the IP access client-side and the SSL VPN gateway, so that the fragment of the IP messages can be avoided, the actual flow of the messages in the network and the message quantity in the network can be reduced, the bandwidth utilization rate of the network also can be increased, and the transmission efficiency can be improved.
Description
Technical field
The present invention relates to data communication technology field, refer to the method and apparatus of a kind of SSL of utilization VPN technologies transmit IP message in wide area network especially.
Background technology
SSL VPN is a kind of novel VPN (Virtual Private Network, the Virtual Private Network) technology that a kind of employing SSL (Security Socket Layer, security socket layer) agreement realizes long-range access.Particularly; It is to encrypt to connect through SSL to realize remote access VPN technologies, is to solve simple, the safest technology of remote user access company's sensitive data, for traditional I PSEC VPN; It is simple that SSL VPN has deployment; No client, characteristics such as maintenance cost is low, and network-adaptive is strong.
As shown in Figure 1, it is to utilize the SSL VPN technologies to carry out the typical networking diagram of IP message transmissions.In the figure, the terminal use uses distance host to set up SSL with the SSL vpn gateway to be connected, and the mode of encrypting with SSL transmits the IP message on Internet; When the IP message arrives the SSL vpn gateway; Terminate said SSL of said SSL vpn gateway connects; The SSL vpn gateway further is connected (TCP/WEB access way) or transmits (IP access way) through direct IP through the TCP with interior network server foundation; Transmit the request that distance host sends with clear-text way, and replying through the SSL connection of server issued distance host.
Distance host utilizes the idiographic flow of SSL VPN technologies transmission IP message as shown in Figure 2, is specially:
1) the empty network interface card of the distance host of terminal use's use sends the IP message;
2) after the IP of SSL VPN access client was received the IP message on the distance host, packaging V PN heading also carried out SSL and encrypts;
3) the IP message crossed of said encryption and package sends from the SSL vpn tunneling;
4) the SSL vpn gateway receives from the SSL vpn tunneling through SSL and encrypts the IP message with the VPN encapsulation, obtains the initial IP message that distance host sends through the VPN heading of deciphering and remove encapsulation;
5) said IP message is inner through routing forwarding to interior network server at local area network (LAN);
6) the IP message of replying that returns from interior network server sends on the SSL vpn gateway;
7) said SSL vpn gateway is replied IP message packaging V PN heading to this and is carried out SSL and encrypt;
8) the SSL vpn gateway inserts client to the IP message that this process is encrypted and VPN encapsulates from the IP that ssl tunneling sends to distance host SSL VPN;
9) after the IP of distance host SSL VPN inserts client and receives the IP message from the SSL vpn gateway, to it decipher and go the VPN encapsulation obtain in the original IP of the replying message of network server;
10) IP of said distance host SSL VPN inserts client and will be somebody's turn to do the empty network interface card upper-layer protocol processing that sends to distance host from the IP message of interior network server.
Yet through analyzing, the applicant finds that there is following problem in this technical scheme:
Efficiency of transmission is low: owing in the process that the IP message transmits, need to increase the VPN heading, increase the tunnel encapsulation head of SSL VPN simultaneously again, can cause efficiency of transmission to reduce;
Performance is low: because aforementioned extra encapsulation, performance is lower in the time of will causing said IP message in wide area network, to transmit;
There are a large amount of fragment messages: because aforementioned extra encapsulation; Cause MTU (the Maximum Transmission Unit of 1500 byte IP messages of original transmission above Ethernet; MTU; The IP message MTU of stipulating in the ethernet standard is the message of 1500 bytes), so will make an IP message be divided into two, increase at double the message number of transmitting in the wide area network.
Summary of the invention
In view of this, the present invention provides a kind of method and apparatus of IP message transmissions.IP access client and SSL vpn gateway through SSLVPN carry out the compression and decompression processing to the IP message that need in wide area network, transmit; Avoided the generation of IP message fragment; Reduced the flow and the message amount of message in the real network; Increase network bandwidth utilance simultaneously, improve efficiency of transmission.
For achieving the above object, technical scheme of the present invention specifically is achieved in that
A kind of transmission method of IP message, wherein this method be applied to utilize the SSL VPN technologies with said IP message in wide area network in the system for transmitting, wherein said method comprises the steps:
The IP of step 1, distance host SSLVPN inserts client or the SSL vpn gateway carries out processed compressed to the IP message that the need that send separately transmit respectively in wide area network;
The IP of step 2, distance host SSLVPN inserts client or the SSL vpn gateway carries out SSL VPN encapsulation process to the IP message that passes through the processed compressed flow process separately respectively;
The IP of step 3, distance host SSLVPN inserts client or the SSL vpn gateway carries out decompression to the IP message that receives separately respectively.
The present invention provides a kind of device of IP message transmissions simultaneously, said device be applied to utilize the SSLVPN technology with said IP message in wide area network in the system for transmitting, wherein said device comprises:
Acquisition module is used to obtain the IP message that inserts client or local area network (LAN) Intranet server end from the IP of said distance host;
Judge module; The IP message that is used for acquisition module is obtained is judged; And according to the result who judges; Whether decision indicates the compression/de-compression module that said IP message is compressed or decompression, perhaps directly indicates processing module that said IP message is carried out SSL VPN encapsulation process and transmission;
The compression/de-compression module, according to the indication of said judge module, the IP message that acquisition module is obtained compresses or decompression;
Processing module is perhaps directly carried out SSL VPN processing and transmitting to original IP message according to the indication of judge module with said IP message after overcompression.
Visible by technique scheme; The present invention is through before carrying out VPN encapsulation and SSL encryption to the IP message that need in wide area network, transmit; Earlier this IP message is compressed, make actual message content significantly reduce, improved the transmission performance of whole system through the ssl tunneling transmission.Simultaneously, avoid the generation of IP message fragment, improved the wide area network transmission performances, and reduced network delay.
Description of drawings
Fig. 1 utilizes SSL VPN in wide area network, to carry out the typical networking diagram of IP message transmissions;
Fig. 2 is the method flow diagram that prior art is utilized SSL VPN transmit IP message in wide area network;
Fig. 3 is the method flow diagram of IP message transmissions of the present invention;
Fig. 4 is IP message data compression process figure of the present invention;
Fig. 5 is IP message data encapsulation figure of the present invention;
Fig. 6 is the concrete application scenarios flow chart that the present invention utilizes SSL VPN transmit IP message in wide area network;
Fig. 7 is the device sketch map of IP message transmissions of the present invention.
Embodiment
In order to realize the object of the invention; The core concept that the present invention adopts is: IP access client and SSL vpn gateway through SSLVPN carry out compression/decompression processes to the IP message that transmits in the wide area network that sends separately or receive; And then avoided the generation of IP message fragment; Reduce the actual flow and the message amount of message in the network, increase network bandwidth utilance simultaneously, improve efficiency of transmission.
For clear more and clear, technical scheme of the present invention is elaborated below in conjunction with embodiment.As shown in Figure 3, be the method flow diagram of IP message transmissions of the present invention, wherein this method be applied to utilize the SSL VPN technologies with said IP message in wide area network in the system for transmitting.Said method comprises the steps:
The IP of step 10, distance host SSLVPN inserts client or the SSL vpn gateway carries out processed compressed to the IP message that the need that send separately transmit respectively in wide area network.
In this step; The IP of said distance host SSLVPN inserts client or the SSL vpn gateway will adopt specific compression algorithm that the IP message that need in wide area network, transmit that sends is separately carried out processed compressed; In this enforcement, specifically adopt the gzip algorithm to compress.In addition; Because the main flow CPU of present network communication equipment is the support hardware compression/de-compression engine; Therefore, compared to prior art, the IP message processed compressed flow process that this step increases causes the time-delay of this IP message can ignore basically with respect to the whole SSL VPN of IP message handling process.Through the processed compressed of this step, it is original about 30% that its length of the message of general content of text compression back is about, and therefore, greatly reduced the length of message.
Need to prove that for the too small IP message of length, such as the IP message that has only tens bytes, the length of its IP message possibly can increase on the contrary after overcompression; Perhaps this message has been done the overcompression processing in application layer, carries out compressed packet again this time and can not reduce basically, if but through compression once more, might cause the length of IP message to increase because of encapsulating compressed information once more.Occur for fear of these situation, need judge these situations before the IP message processed compressed among the present invention, and avoid these messages are compressed.Fig. 4 is IP message data compression process figure of the present invention, specifically comprises the steps:
Step 11, transmission IP message.
Particularly; When network server in terminal use's request of need sending or the local area network (LAN) need send response message because of the request of response user terminal; Said user terminal need insert client and send request to local area network (LAN) Intranet server end through the IP of distance host; Perhaps local area network (LAN) Intranet server end need insert client to the IP of distance host through the SSL vpn gateway and send response message, under the both of these case, all need send the IP message.
Step 12, judge the IP message length whether greater than the threshold values of setting, if, then carry out step 13, otherwise, carry out step 17.
The IP of said distance host SSLVPN inserts client or the SSL vpn gateway obtains the IP message that sends from network server in terminal use or the local area network (LAN) respectively, and whether the length of judging said IP message is greater than the threshold values of setting.In this step, for fear of the too small IP message of length, such as the IP message that has only tens bytes; The length of its IP message possibly can increase on the contrary after overcompression; When the present invention specifically uses, need be to threshold values of length setting (such as 100 bytes) of the IP message that compresses, only greater than the IP message of this threshold values; Just might carry out processed compressed; If the length of IP message less than this threshold values, is not then carried out any processing to this IP message, directly enter into step 17 and carry out SSL VPN encapsulation process and transmission with original IP message.
Step 13, according to content of message, judge whether it is content of text, if, then carry out step 14, otherwise, carry out step 17.
The IP message compression effectiveness difference of considering different content is bigger, and general text class IP message can be compressed to about 30% of initial IP message length, and the IP message of Streaming Media and so on then can't compress basically.Therefore; Insert before client or SSL vpn gateway carry out processed compressed to the IP message at the IP of said distance host SSLVPN, also need judge whether said IP message is content of text further according to content of message in this step; If; Just carry out the processed compressed of step 14, otherwise, directly enter into step 17 and carry out SSL VPN encapsulation process and transmission with original IP message.
Step 14, the said IP message of compression.
If the length of said IP message is greater than the threshold values of setting; And message content is a content of text; The IP of then said distance host SSLVPN inserts client or the SSL vpn gateway adopts certain compression algorithm that it is compressed, and specifically is in embodiments of the present invention to adopt the gzip algorithm to compress.Need to prove that at this concrete compression algorithm that adopts in embodiment of the invention should not be understood that limit scope of the present invention.
Whether the IP message length after step 15, the judgement compression increases, if not, then carry out step 16, otherwise, carry out step 17.
Consider the IP message that needs transmission; If in just overcompression of application layer, this IP message is can compressed space very little under this kind situation, if at this time the IP message after this compression is compressed again; The length of this IP message can not reduce basically; But, therefore, possibly will cause the length of this IP message can increase on the contrary because of compression once more need encapsulate corresponding compressed information heading once more.For avoiding this kind situation to occur; In this step; The IP of said distance host SSLVPN inserts client or the SSL vpn gateway need judge also whether the IP message length after the compression can increase; If increase, then directly enter into step 17 and carry out SSL VPN encapsulation process and transmission with original IP message.
IP message after step 16, the output compression.
If said IP message belongs to content of text; And its length is greater than predefined threshold values; The length of its IP message does not increase yet after compression; IP message after then the IP of said distance host SSLVPN access client or the output of SSL vpn gateway are compressed under this kind situation, and carry out the SSL VPN encapsulation and the SSL encryption of subsequent step 2.
Step 17, output initial IP message.
Directly this initial IP message is carried out the SSL VPN encapsulation and the SSL encryption of subsequent step 2.
The IP of step 20, distance host SSLVPN inserts client or the SSL vpn gateway carries out SSL VPN encapsulation process to the IP message that passes through the processed compressed flow process separately respectively.
Particularly, the flow process to aforementioned IP message encapsulation process through the processed compressed flow process is following in this step:
Step 21, obtain IP message through abovementioned steps 1 processed compressed flow process.
Need to prove; In this step; The IP of distance host SSLVPN inserts client or the SSLVPN gateway obtains the IP message through abovementioned steps 1 processed compressed flow process, promptly might be the IP message after the compression of abovementioned steps 16 outputs, also possibly be the initial IP message of abovementioned steps 17 outputs.Herein, should not understand IP message after the compression of only obtaining abovementioned steps 16 output.
Step 22, the IP message that step 21 is obtained carry out SSL VPN and encapsulate.
Particularly; The IP of said distance host SSLVPN inserts client or the SSL vpn gateway at first carries out the VPN encapsulation to the IP message that obtains through step 1 processed compressed flow process; Further the IP message after this process VPN encapsulation is carried out the SSL encryption and package subsequently; Then the IP message after this process VPN and the SSL encapsulation is carried out the TCP/IP encapsulation, the form that carries out SSL VPN encapsulation about this IP message is as shown in Figure 5.To encapsulate the IP message of accomplishing at last and send to opposite end SSL VPN equipment through wide area network.Particularly; If said IP message is to be initiated through distance host by the terminal use; Then opposite end SSL VPN equipment is the SSL vpn gateway, if said IP message is to be initiated by the interior network server in the local area network (LAN), then opposite equip. is the IP access client of said distance host.
The IP of step 23, distance host SSLVPN inserts client or the SSL vpn gateway carries out decompression to the IP message that receives separately respectively.
After the IP of distance host inserts client or SSL vpn gateway and receives the IP message that process the abovementioned steps 2SSL VPN that sends through wide area network the opposite end encapsulates; Earlier this IP message is carried out the SSLVPN decapsulation; It is reduced into the IP message after corresponding abovementioned steps 1 is compressed; Further the IP message after this compression is carried out decompression then, make it to be reduced into original IP message.Since SSLVPN decapsulation process and the processing procedure that compressed packet is decompressed, the encapsulation and the compression process contrary that all belong to existing mature technology and describe with abovementioned steps 1 and step 2.For practicing thrift length, repeat no more at this.In addition; Because the main flow CPU of present network communication equipment is the support hardware compression/de-compression engine; Therefore, compared to prior art, the IP message decompression flow process that this step increases causes the time-delay of this IP message can ignore basically with respect to the whole SSL VPN of IP message handling process.
Need to prove; Before step 1; Also having user terminal replys the step of IP message for the SSL vpn gateway through the empty network interface card transmission IP message request or the local area network (LAN) Intranet server end of distance host through routing forwarding; And after said step 3, have IP through distance host and insert client and will pass through the initial IP message of decompression and send to user terminal or SSL vpn gateway and will pass through the initial IP message of decompression is given local area network (LAN) Intranet server end through routing forwarding step.Because these steps all belong to prior art, are not described in detail at this.
As shown in Figure 6, for utilizing the SSL VPN technologies, the present invention sends the concrete application scenarios flow chart of IP message.Concrete steps are following:
1) terminal use sends the IP message through the empty network interface card of distance host;
2) IP of the SSL VPN of distance host inserts client and receives the IP message;
3) IP of the SSL VPN of said distance host access client is compressed message, and packaging V PN heading also carries out SSL and encrypts;
The detailed implementation of relevant this step is specifically seen before and is stated the description of step 1 and step 2.
4) said IP message through VPN encapsulation and SSL encryption sends from the SSL vpn tunneling;
5) the SSL vpn gateway receives the IP message through encapsulation and SSL encryption from the SSL vpn tunneling, deciphers and remove VPN to encapsulate the IP message after obtaining compressing;
The detailed implementation of relevant this step is specifically seen before and is stated step 3 description;
6) said SSL vpn gateway decompresses to said IP message, obtains original IP message;
7) said IP message passes through network server in the routing forwarding in local area network (LAN);
8) the IP message that returns from interior network server passes through routing forwarding to the SSL vpn gateway;
9) said SSL vpn gateway compresses the IP message of this Intranet server acknowledge;
The detailed implementation of relevant this step is specifically seen before and is stated step 1 description;
10) said SSL vpn gateway further to this after overcompression the privately owned heading of IP message packaging V PN and carry out SSL and encrypt;
The detailed implementation of relevant this step is specifically seen before and is stated step 2 description;
11) said IP message through VPN encapsulation and SSL encryption sends to the IP access client of the SSL VPN of distance host from the SSL vpn tunneling;
12) IP of said SSL VPN inserts client and receives the IP message from the SSL vpn gateway, deciphers and remove VNP to encapsulate the IP message after obtaining compressing;
The detailed implementation of relevant this step is specifically seen before and is stated step 3 description;
13) IP of said SSL VPN inserts and obtains original IP message after client further decompresses;
14) the IP message from interior network server after the IP of said SSL VPN access client will decompress sends to empty network interface card upper-layer protocol and handles.
As shown in Figure 7, the present invention provides a kind of device of IP message transmissions simultaneously.Wherein said device be applied to utilize the SSL VPN technologies with said IP message in wide area network in the system for transmitting.Wherein said device can independently exist, and the IP that also can directly be embedded in the distance host in the said system inserts in client or the SSL vpn gateway.Said device comprises:
Acquisition module is used to obtain the IP message from terminal use or Intranet server end.
Particularly, when user terminal send through distance host network server in IP message request or the local area network (LAN) send the response user terminal requests reply the IP message time, said acquisition module will obtain this IP message.
Judge module; The IP message that is used for acquisition module is obtained is judged; And according to the result who judges, whether decision indicates the compression/de-compression module that said IP message is carried out compression/decompression processes, perhaps directly indicates processing module that said IP message is carried out SSL VPN encapsulation and transmission.
Particularly:
Said judge module judges that at first the IP message that acquisition module obtains is IP message that sends or the IP message that receives; When said IP message is the IP message that receives after judging; The indication processing module is carried out SSL VPN decapsulation to the IP message of this reception; And judge further whether the IP message after the said decapsulation is through the IP of overcompression message, if then indicate the compression/de-compression module that it is decompressed; It is reduced into original IP message, and the initial IP message that the indication processing module will be reduced sends to user terminal or local area network (LAN) Intranet server end.
When said IP message was the IP message that sends after judging, said judge module judged that further whether the length of IP message is greater than the threshold values of setting.When the threshold values of the length of judging said IP message less than setting, then this IP message is not carried out any processing, directly indicate processing module to carry out SSL VPN encapsulation process and transmission with this original IP message.
When said IP message after judging for the length of the IP message that sends and IP message during greater than the threshold values set; Said judge module need judge also whether said IP content of message is content of text; If judge that said IP message is a content of text, then indicate said compression/de-compression module that said IP message is carried out processed compressed; If judge that said IP message is an other guide, then directly indicate processing module that this original IP message is carried out SSL VPN encapsulation process and transmission.
When said IP message after judging for the IP message that sends and when judging that said IP message has been compressed; Said judge module need judge also whether the length of this IP message after overcompression increases compared to original IP message length; If increase, then directly indicate processing module to carry out SSL VPN encapsulation process and transmission with this original IP message.If the IP message length reduction after the compression, the IP message after then directly indicating processing module to this compression carries out SSL VPN encapsulation process and transmission.
The compression/de-compression module, according to the indication of said judge module, the IP message that acquisition module is obtained carries out compression/decompression processes.
Particularly, if during the IP message that said IP message is user terminal or local area network (LAN) Intranet server end to be sent, then to indication according to said judge module; The IP message that acquisition module is obtained carries out processed compressed; Otherwise, if when the IP that said IP message is said user terminal inserts the IP message that client or SSLVPN gateway receive, then to indication according to said judge module; The IP message that acquisition module is obtained carries out decompression, to be reduced into original IP message.
Processing module is perhaps directly carried out SSL VPN encapsulation process and transmission to original IP message according to the indication of judge module with said IP message after overcompression.
Particularly; When the said IP message IP that is said distance host inserts the IP message that client or SSL vpn gateway receive; Said processing module is according to the indication of judge module; IP message to this reception carries out SSL VPN decapsulation, and further according to the indication of said judge module, the original IP message that reduces is sent to network server in user terminal or the local area network (LAN).
When said IP message is the IP message that sends after judging,, carry out SSL VPN encapsulation process and transmission to this original IP message or through the IP message after the processed compressed according to the indication of said judge module.
Compared to the prior art scheme, because the present invention through before the IP message is carried out the privately owned encapsulation of VPN, compresses the IP message, make actual message content significantly reduce through the ssl tunneling transmission, improved the transmission performance of whole system.Simultaneously, avoid the generation of IP message fragment, improved the wide area network transmission performances, and reduced network delay.
The above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention, all any modifications of within spirit of the present invention and principle, being made, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1. the transmission method of an IP message, wherein this method is applied to utilize the SSL VPN technologies that said IP message in the system for transmitting, is characterized in that in wide area network said method comprises the steps:
The IP of step 1, distance host SSL VPN inserts client or the SSL vpn gateway carries out processed compressed to the IP message that the need that send separately transmit respectively in wide area network;
The IP of step 2, distance host SSLVPN inserts client or the SSL vpn gateway carries out SSL VPN encapsulation process to the IP message that passes through the processed compressed flow process separately respectively;
The IP of step 3, distance host SSLVPN inserts client or the SSL vpn gateway carries out decompression to the IP message that receives separately respectively.
2. the method for claim 1; It is characterized in that; In said step 1, the IP message is carried out before the processed compressed, whether the length that also need judge this IP message is greater than the threshold values of setting, if the length of IP message is less than the threshold values of setting; Then this IP message is not carried out any processing, directly this original IP message is carried out SSL VPN encapsulation process and transmission.
3. method as claimed in claim 2; It is characterized in that, if the length of judging this IP message whether greater than the threshold values of setting, also need be according to content of message; Further judge it is whether this IP message is content of text; If other message contents then do not carry out any processing to this IP message, directly this original IP message is carried out SSL VPN encapsulation process and transmission.
4. method as claimed in claim 3 is characterized in that, if the length of said IP message is greater than the threshold values of setting; And message content is a content of text, need judge also whether the IP message length after the compression increases, if increase; Then this IP message is not carried out any processing; Directly this original IP message is carried out SSL VPN encapsulation process and transmission, otherwise, then the IP message after this compression is carried out SSLVPN encapsulation process and transmission.
5. the method for claim 1 is characterized in that, said step 2 is specially:
Step 21, obtain IP message through abovementioned steps 1 processed compressed flow process;
Step 22, the IP message that step 21 is obtained carry out SSL VPN and encapsulate.
6. the method for claim 1 is characterized in that,
Before step 1, also have user terminal and give SSL vpn gateway response IP the step of message through routing forwarding through the empty network interface card transmission IP message request or the local area network (LAN) Intranet server end of distance host;
After said step 3, have IP through distance host equally and insert client and will pass through the initial IP message of decompression and send to user terminal or SSL vpn gateway and will pass through the initial IP message of decompression is given local area network (LAN) Intranet server end through routing forwarding step.
7. the device of an IP message transmissions, said device is applied to utilize the SSL VPN technologies that said IP message in the system for transmitting, is characterized in that in wide area network said device comprises:
Acquisition module is used to obtain the IP message that inserts client or local area network (LAN) Intranet server end from the IP of said distance host;
Judge module; The IP message that is used for acquisition module is obtained is judged; And according to the result who judges; Whether decision indicates the compression/de-compression module that said IP message is compressed or decompression, perhaps directly indicates processing module that said IP message is carried out SSL VPN encapsulation process and transmission;
The compression/de-compression module, according to the indication of said judge module, the IP message that acquisition module is obtained compresses or decompression;
Processing module is perhaps directly carried out SSL VPN processing and transmitting to original IP message according to the indication of judge module with said IP message after overcompression.
8. device as claimed in claim 7 is characterized in that, said judge module is specially the judgement of IP message:
Said judge module judges that at first the IP message that acquisition module obtains is IP message that sends or the IP message that receives; When said IP message is the IP message that receives after judging; The indication processing module is carried out SSL VPN decapsulation to the IP message of this reception; And judge further whether the IP message after the said decapsulation is through the IP of overcompression message, if then indicate the compression/de-compression module that it is decompressed; It is reduced into original IP message, and the initial IP message that the indication processing module will be reduced sends to user terminal or local area network (LAN) Intranet server end.
9. device as claimed in claim 8; It is characterized in that; When said IP message was the IP message that sends after judging, said judge module judged that further whether the length of IP message is greater than the threshold values of setting, when the threshold values of the length of judging said IP message less than setting; Then this IP message is not carried out any processing, directly indicate processing module to carry out SSL VPN encapsulation process and transmission with this original IP message.
10. device as claimed in claim 9; It is characterized in that; When said IP message after judging for the length of the IP message that sends and IP message during greater than the threshold values set; Said judge module need judge also whether said IP content of message is content of text, if judge that said IP message is a content of text, then indicates said compression/de-compression module that said IP message is carried out processed compressed; If judge that said IP message is an other guide, then directly indicate processing module that this original IP message is carried out SSL VPN encapsulation process and transmission.
11. device as claimed in claim 10; It is characterized in that; When said IP message after judging for the IP message that sends and when judging that said IP message has been compressed; Said judge module need judge also whether the length of this IP message after overcompression increases compared to original IP message length, if increase, then directly indicates processing module to carry out SSL VPN encapsulation process and transmission with this original IP message.If the IP message length reduction after the compression, the IP message after then directly indicating processing module to this compression carries out SSL VPN encapsulation process and transmission.
12. device as claimed in claim 7; It is characterized in that during the IP message that if said IP message is user terminal or local area network (LAN) Intranet server end to be sent, said compression/de-compression module is according to the indication of judge module; The IP message that acquisition module is obtained carries out processed compressed; Otherwise when if the IP that said IP message is said user terminal inserts the IP message that client or SSL vpn gateway receive, said compression/de-compression module is according to the indication of said judge module; The IP message that acquisition module is obtained carries out decompression, to be reduced into original IP message.
13. device as claimed in claim 7 is characterized in that,
When the said IP message IP that is said distance host inserts the IP message that client or SSL vpn gateway receive; Said processing module is according to the indication of judge module; IP message to this reception carries out SSL VPN decapsulation; And, the original IP message that reduces is sent to network server in user terminal or the local area network (LAN) further according to the indication of said judge module;
When said IP message is the IP message that sends after judging,, carry out SSL VPN encapsulation process and transmission to this original IP message or through the IP message after the processed compressed according to the indication of said judge module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102278830A CN102724133A (en) | 2012-06-29 | 2012-06-29 | Method and device for transmitting internet protocol (IP) message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012102278830A CN102724133A (en) | 2012-06-29 | 2012-06-29 | Method and device for transmitting internet protocol (IP) message |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102724133A true CN102724133A (en) | 2012-10-10 |
Family
ID=46949798
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012102278830A Pending CN102724133A (en) | 2012-06-29 | 2012-06-29 | Method and device for transmitting internet protocol (IP) message |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102724133A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104038916A (en) * | 2014-06-24 | 2014-09-10 | 北京奇虎科技有限公司 | Traffic optimization method and system performed on mobile terminal device and client |
| CN105592030A (en) * | 2014-11-18 | 2016-05-18 | 华为技术有限公司 | IP message processing method and device |
| CN106911737A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | The method and device of data traffic on control data terminal |
| CN106911481A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | The method and device controlled the data flows |
| CN114301642A (en) * | 2021-12-15 | 2022-04-08 | 深圳市智莱科技股份有限公司 | Data transmission method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1731759A (en) * | 2004-08-05 | 2006-02-08 | 信息产业部电信研究院 | Multi-address connectionless data network packet package method in IP telecommunication network |
| CN101924691A (en) * | 2009-06-16 | 2010-12-22 | 中兴通讯股份有限公司 | Method and device for dynamically enabling packet header to be compressed |
| CN202160197U (en) * | 2011-08-11 | 2012-03-07 | 武汉思为同飞网络技术有限公司 | Accelerating communication device based on virtual private network (VPN) accelerating gateway of wide area network |
-
2012
- 2012-06-29 CN CN2012102278830A patent/CN102724133A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1731759A (en) * | 2004-08-05 | 2006-02-08 | 信息产业部电信研究院 | Multi-address connectionless data network packet package method in IP telecommunication network |
| CN101924691A (en) * | 2009-06-16 | 2010-12-22 | 中兴通讯股份有限公司 | Method and device for dynamically enabling packet header to be compressed |
| CN202160197U (en) * | 2011-08-11 | 2012-03-07 | 武汉思为同飞网络技术有限公司 | Accelerating communication device based on virtual private network (VPN) accelerating gateway of wide area network |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104038916A (en) * | 2014-06-24 | 2014-09-10 | 北京奇虎科技有限公司 | Traffic optimization method and system performed on mobile terminal device and client |
| CN104038916B (en) * | 2014-06-24 | 2017-11-10 | 北京奇虎科技有限公司 | Method and system, the client of flow optimization are realized on the mobile terminal device |
| CN105592030A (en) * | 2014-11-18 | 2016-05-18 | 华为技术有限公司 | IP message processing method and device |
| CN105592030B (en) * | 2014-11-18 | 2019-06-07 | 华为技术有限公司 | IP packet processing method and processing device |
| CN106911737A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | The method and device of data traffic on control data terminal |
| CN106911481A (en) * | 2015-12-22 | 2017-06-30 | 北京奇虎科技有限公司 | The method and device controlled the data flows |
| CN114301642A (en) * | 2021-12-15 | 2022-04-08 | 深圳市智莱科技股份有限公司 | Data transmission method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11671868B2 (en) | Methods and apparatus for optimizing tunneled traffic | |
| Raza et al. | 6LoWPAN compressed DTLS for CoAP | |
| US10021594B2 (en) | Methods and apparatus for optimizing tunneled traffic | |
| CN103841118B (en) | Method for constructing reliable two-way covert channel based on TCP effective loads | |
| CN110636052B (en) | Power consumption data transmission system | |
| TW200849900A (en) | Compression of data packets while maintaining endpoint-to-endpoint authentication | |
| CN102724133A (en) | Method and device for transmitting internet protocol (IP) message | |
| CN102664896A (en) | Safety network transmission system and method based on hardware encryption | |
| CN104184646B (en) | VPN data interactive method and system and its network data exchange equipment | |
| CN103581683A (en) | Jpeg image encryption transmission method | |
| Chavan et al. | Secure CoAP using enhanced DTLS for Internet of things | |
| CN107453861A (en) | A kind of collecting method based on SSH2 agreements | |
| CN115052049A (en) | Message forwarding method and system based on IPsec tunnel | |
| CN104158629A (en) | Distributed new energy running data encryption, compression and transmission method based on LZW (Lempel-Ziv-Welch) algorithm | |
| CN102170434A (en) | Multi-core-processor-based Internet protocol security (IPSEC) realization method and device | |
| CN104702596A (en) | Method and system for hiding and transmitting information based on data packet length | |
| Cheng et al. | Securing robust header compression (rohc) | |
| CN107819597B (en) | Network data transmission method and front-end processor | |
| CN102523150A (en) | Method, device and system for tunnel message processing | |
| EP3340545A1 (en) | Methods and apparatus for optimizing tunneled traffic | |
| CN114070606A (en) | Network security terminal device based on domestic operating system and working method | |
| CN109587157B (en) | Communication method based on bus Internet of things communication protocol | |
| JP2002026927A (en) | Capsulating method and unit, and program recording medium | |
| CN112910729A (en) | Method for supporting IPSec VPN data monitoring | |
| CN202565295U (en) | Secure network transmission system based on hardware encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121010 |
|
| RJ01 | Rejection of invention patent application after publication |