CN103067394B - A kind of TCP connection establishment method and device based on one-way data bag - Google Patents
A kind of TCP connection establishment method and device based on one-way data bag Download PDFInfo
- Publication number
- CN103067394B CN103067394B CN201210587551.3A CN201210587551A CN103067394B CN 103067394 B CN103067394 B CN 103067394B CN 201210587551 A CN201210587551 A CN 201210587551A CN 103067394 B CN103067394 B CN 103067394B
- Authority
- CN
- China
- Prior art keywords
- data bag
- tcp
- way data
- packet
- way
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to a kind of TCP connection establishment method and device based on one-way data bag, described method includes: by Network Capture packet;Filter out the packet on a direction, obtain the first one-way data bag;Fall by the data filtering containing three-way handshake mark in described one-way data bag according to the three-way handshake mark in described one-way data bag, obtain the second one-way data bag;And create the unidirectional TCP connection corresponding with described one-way data bag according to application-level logic, in order to by described unidirectional connection, described second one-way data bag is transferred to application layer process.The present invention connects by setting up TCP based on one-way data bag, in the environment of network data packet loss and a large amount of stream, improve the effectiveness that application layer service data processes, the unidirectional TCP join dependency condition of the present invention is few, logic is simple, maintenance cost is low, it is few to take resource in process, has greater flexibility.
Description
Technical field
The present invention relates to Internet technology, particularly relate to a kind of TCP connection establishment based on one-way data bag
Method and device.
Background technology
Along with developing rapidly of the Internet, to the analysis of network application layer business datum and the demand of process with
Day all increasings.Especially, in terms of the performance bottleneck of the effectiveness and solution business datum that improve business datum,
It is faced with acid test and challenge.
There is some defect in the technology of existing process network application layer business datum.At some network design
Under environment, the phenomenon serious owing to there is data packetloss, the data receiver making network application layer is imperfect,
Cause business datum cannot process or process mistake.Net in such as operator and large-scale colleges and universities scene etc
In the environment that network flow is bigger, process the most accurately and in detail application layer service data be one thorny
Problem, and purely solving problem from hardware point of view is to be forced helpless selection.Providing only unidirectional traffic
Under the ad hoc network deployment scenario of amount, need to complete the process to application layer service data on this basis.
Existing internet, applications layer service data processing model is built upon the basis that partial data connects
On, and depend on network communication protocol carrying.In order to safeguard the state of connection and ensure the correct of data
Effectively, needing more condition, control logic more complicated, management cost is the most of a relatively high.Just because of such as
This, as long as any one annelet is made mistakes during the business data processing of application layer, all can cause number
Imperfect according to connecting, and then reduce the effectiveness of business datum.
The resolving ideas such issues that of prior art reply, more of from application layer, increases service logic,
Amendment business algorithm.Such solution inevitably leads to the increase of complexity and maintenance cost,
And only have the most significantly quantitative change technique effect, do not produce qualitative change.
In sum, it is seen that the treatment technology of existing application layer data is based on complete tcp data even
Connecing, it is big that it has limitation, processes logic complicated, and maintenance cost is high, expends the shortcomings such as resource is many.
Summary of the invention
It is an object of the invention to provide a kind of can overcome one of at least the above defect based on one-way data bag
TCP connection establishment method and device.
In a first aspect of the present invention, it is provided that a kind of TCP connection establishment method based on one-way data bag,
Including: by Network Capture packet;Filter out the packet on a direction, obtain the first unidirectional number
According to bag;According to the three-way handshake mark in described one-way data bag to described one-way data bag containing three
The secondary data filtering shaking hands mark falls, and obtains the second one-way data bag;And create according to application-level logic
The unidirectional TCP corresponding with described one-way data bag connects, in order to by described unidirectional connection by described second
Application layer process transferred to by one-way data bag.
In a second aspect of the present invention, it is provided that a kind of TCP connection establishment device based on one-way data bag,
Including: packet acquisition module, for by Network Capture packet;First filtering module, was used for
Filter the packet on a direction, obtain the first one-way data bag;Second filtering module, for basis
Three-way handshake mark in described one-way data bag is to containing three-way handshake mark in described one-way data bag
Data filtering fall, obtain the second one-way data bag;And TCP connection establishment module, for according to answering
Create the unidirectional TCP corresponding with described one-way data bag by layer logic to connect, in order to by described unidirectional company
Connect and described second one-way data bag is transferred to application layer process.
In the third aspect, the invention provides a kind of server, including: packet acquisition module, it is used for
By Network Capture packet;First filtering module, for filtering out the packet on a direction,
To the first one-way data bag;Second filtering module, for according to the three-way handshake in described one-way data bag
Indicate and fall by the data filtering containing three-way handshake mark in described one-way data bag, obtain second unidirectional
Packet;And TCP connection establishment module, for creating and described one-way data according to application-level logic
The unidirectional TCP that bag is corresponding connects, in order to transferred to by described second one-way data bag by described unidirectional connection
Application layer process.
The present invention connects by setting up TCP based on one-way data bag, at network data packet loss and a large amount of stream
In the environment of, improve the effectiveness that application layer service data processes, the unidirectional TCP connection of the present invention depends on
The condition of relying is few, logic is simple, maintenance cost is low, it is few to take resource in process, has greater flexibility.
Accompanying drawing explanation
Fig. 1 is the flow chart processing network application layer business datum of prior art;
Fig. 2 is the schematic diagram of the TCP connection of prior art;
Fig. 3 is the flow chart processing network application layer business datum according to embodiments of the present invention;
Fig. 4 is the flow chart that TCP according to embodiments of the present invention connects;
Fig. 5 is the schematic diagram that TCP according to embodiments of the present invention connects;And
Fig. 6 is the signal of TCP connection establishment device based on one-way data bag according to embodiments of the present invention
Figure.
Detailed description of the invention
Below by drawings and Examples, technical scheme is described in further detail.
In order to be more clearly understood from difference with the prior art of the present invention, below by Fig. 1 and Fig. 2
The flow process processing network application layer business datum in prior art is described.
Fig. 1 is the flow chart processing network application layer business datum of prior art.
In step 101, obtaining packet by network from data link layer, data link layer is the most corresponding
The device driver of client, network interface card etc..
In step 102, the packet received is carried out IP fragmentation restructuring.Data link layer has maximum biography
The characteristic of defeated unit (Maximum Transmission Unit, MTU), MTU limits Frame
Long length, various network types have different MTU and limit.Therefore, need packet in Internet
It is divided into multi-disc so that it is the most a piece of length both less than or is equal to MTU.Correspondingly, after receiving packet,
It is also required to, according to procotol, the data fragmentation in packet is carried out IP fragmentation and reassembly in Internet.
In step 103, the packet after IP fragmentation and reassembly is carried out TCP flow restructuring.
In step 104, serve data to application layer according to TCP flow restructuring and process.
Fig. 2 is the schematic diagram of the TCP connection of prior art.
As in figure 2 it is shown, whole TCP connects can be divided into connection establishment stage (three-way handshake), data
Transmission stage and Connection Release stage (waving for four times).
Client to service end send synchronizing sequence numbering (Synchronize Sequence Numbers,
SYN), wait that service end confirms;Service end receives SYN, after send oneself SYN and really to client
Recognize signal ACK;After client receives the SYN+ACK that service end sends, send confirmation signal to service end
ACK;So complete three-way handshake, set up and connect.
After connection establishment, between client and service end, start mutual data transmission.
After client completes its data transfer task, send FIN signal to terminate client to service end
Hold and transmit to the data of service end;Service end receives FIN, returns a confirmation signal ACK to client;
Client can not send data, service end to service end after receiving the confirmation signal that service end sends again
Its data transfer task complete rear to client send FIN to terminate the service end data to client
Transmission;Client receive service end send FIN signal after, to service end send ack signal with
Confirming, service end can not be again to client transmissions data after receiving confirmation signal;So complete four times to hold
Hands, the connection between client and service end is terminated.
Fig. 3 is the flow chart processing network application layer business datum according to embodiments of the present invention.
In step 301, obtain packet by network from data link layer, such as device driver, net
Card etc. is operated in data link layer.
In step 302, the packet received is filtered, filter out the packet on a direction.
Simple rule can be pre-build in receiving terminal/service end, be come by the IP address information in packet
Judge the direction of packet.Such as, the IP address of the originating end comprised in certain packet is not belonging to service end
IP address, then this packet is considered as up direction, the direction of such as this packet be from client to
Service end.Visible, according to the characteristic of some application layer business, upstream data or descending can be filtered out
Data, the packet after filtration is one-way data bag.
In step 303, according to the three-way handshake mark in one-way data bag, one-way data bag is filtered,
Filter out the data wherein containing three-way handshake mark, to relax the condition of TCP connection establishment.
In step 304, the packet after filtering is carried out IP fragmentation restructuring.IP fragmentation restructuring is this area
Technology known to technical staff, and illustrated in the description to prior art, the most no longer
Repeat in order to avoid obscuring the present invention.
In step 305, safeguard that condition is set up TCP and connected according to the session of application layer.Due in step
The data containing three-way handshake mark have been eliminated, therefore during TCP establishment of connection not in 303
With carrying out three-way handshake inspection again, the session that only need to rely on application layer safeguards that condition is to create connection.
In step 306, connect based on TCP and the packet after IP fragmentation and reassembly carried out TCP flow restructuring, in order to
Application layer is transferred to carry out subsequent treatment.
In step 307, disconnect TCP and connect, owing to having eliminated containing three-way handshake
The data of mark, therefore need not carry out four times waving to check, only during the connection establishment of TCP flow again
Unidirectional waving need to be carried out check.
Fig. 4 is the flow chart that TCP according to embodiments of the present invention connects.
Fig. 5 is the schematic diagram that TCP according to embodiments of the present invention connects.
Below, in conjunction with Fig. 4 and Fig. 5, the detailed mistake that TCP flow according to embodiments of the present invention is recombinated is described
Journey.
In step 401, introduce application-level logic and create unidirectional connection.Owing to removing in Packet Filtering
Data containing three-way handshake mark, it is impossible to rely on again three-way handshake mark safeguarding data mode, institute
To create connection at this not in use by three-way handshake.Alternatively, create according to application-level logic unidirectional
Connecting, the session i.e. depending on application layer at this safeguards that condition is to create unidirectional connection.Further, if
Packet after IP fragmentation and reassembly is upstream data bag, then create the unidirectional connection from client to service end;
Vice versa.As shown in Figure 5, after a connection is established, it is possible to carry out from client to service end
One-way data transfer.
In step 402, unidirectional connection is divided into more fine-grained session.Specifically, if this connection is deposited
In multiple sessions, then this connection being subdivided into multiple session, each session can comprise multiple packet.
It should be pointed out that, that it is a preferred step that unidirectional connection is divided into more fine-grained session, be not to realize
Necessary to technical scheme.
In step 403, the packet belonging to certain class session is selected to carry out TCP flow restructuring.TCP flow restructuring is
The packet of unordered arrival will be recombinated be reduced to complete TCP flow data according to waiting mechanism.
TCP flow restructuring is well-known to those skilled in the art, therefore repeats no more in order to avoid obscuring the present invention.
Although by link division for more fine-grained session be optional, then by divide and select restructuring,
The business demand of application layer can be better adapted to.Such as, in the case of network log-in management, if
Application layer business is only concerned the internet behavior of user, then can not carry out above-mentioned segmentation and can process and surf the Net
The packet that behavior is relevant;And if the internet content of application layer business also concerned with user, then can be advanced
The division that row is above-mentioned, reprocesses the packet in the session the most relevant to internet behavior and internet content.
In step 404, unidirectional waving is used to check the unidirectional connection of end.Because the TCP set up connects before
It is unidirectional connection and has filtered out the data on a direction, so using unidirectional waving
Mark FIN terminates this connection.As long as it can also be seen that service end receives client sends out from Fig. 5
The end signal FIN sent, service end will no longer receive the data that client sends, thus completes Connection Release
Stage.
Fig. 6 is the signal of TCP connection establishment device based on one-way data bag according to embodiments of the present invention
Figure.
Packet acquisition module obtains packet by network from data link layer, such as device driver,
Network interface cards etc. are operated in data link layer.
The packet received is filtered by the first filtering module, filters out the packet on a direction.
Simple rule can be pre-build in receiving terminal/service end, be come by the IP address information in packet
Judge the direction of packet.Such as, the IP address of the originating end comprised in certain packet is not belonging to service end
IP address, then this packet is considered as up direction, the direction of such as this packet be from client to
Service end.Visible, according to the characteristic of some application layer business, upstream data or descending can be filtered out
Data, the packet after filtration is one-way data bag.
One-way data bag was carried out by the second filtering module according to the three-way handshake mark in one-way data bag
Filter, filters out the data wherein containing three-way handshake mark, to relax the condition of TCP connection establishment.
IP fragmentation recombination module carries out IP fragmentation restructuring to the packet after filtering.IP fragmentation restructuring is this
Technology known to skilled person, and illustrated in the description to prior art, therefore
Repeat no more in order to avoid obscuring the present invention.
According to the session of application layer, TCP connection establishment module safeguards that condition is set up TCP and connected.Due to
Two filtering modules eliminate the data containing three-way handshake mark, therefore at TCP establishment of connection
During need not carry out three-way handshake inspection again, the session that only need to rely on application layer safeguards that condition creates even
Connect.Further, if the packet after IP fragmentation and reassembly is upstream data bag, then create from client to clothes
The unidirectional connection of business end;Vice versa.After a connection is established, it is possible to carry out from client to service
The one-way data transfer of end.
TCP flow recombination module carries out TCP flow restructuring based on TCP connection to the packet after IP fragmentation and reassembly, with
Just application layer is transferred to carry out subsequent treatment.It should be pointed out that, can also be by unidirectional company before TCP flow is recombinated
Connect and be divided into more fine-grained session.Specifically, if this connection existing multiple session, then by this connection
Being subdivided into multiple session, each session can comprise multiple packet.It should be pointed out that, and unidirectional connection is divided
A preferred step for more fine-grained session, be not realize technical scheme institute necessary
's.
Although by link division for more fine-grained session be optional, then by divide and select restructuring,
The business demand of application layer can be better adapted to.Such as, in the case of network log-in management, if
Application layer business is only concerned the internet behavior of user, then can carry out above-mentioned segmentation to process and internet behavior
The relevant packet in session;And if the internet content of application layer business also concerned with user, the most permissible
Do not carry out above-mentioned division, i.e. process the packet in the session the most relevant to internet behavior and internet content.
TCP connects disconnection module and disconnects TCP connection, owing to having eliminated containing three times
Shake hands the data of mark, therefore need not carry out again four times waving during the connection establishment of TCP flow checking,
Only need to carry out unidirectional waving to check.Specifically, FIN is unidirectional to terminate to use unidirectional mark of waving
Connect.In other words, as long as service end receives the end signal FIN that client sends, service end will no longer
Receive the data that client sends, thus complete the Connection Release stage.
Professional should further appreciate that, describes in conjunction with the embodiments described herein
The unit of each example and algorithm steps, it is possible to come with electronic hardware, computer software or the combination of the two
Realize, in order to clearly demonstrate the interchangeability of hardware and software, the most according to function
Generally describe composition and the step of each example.These functions are come with hardware or software mode actually
Perform, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can be to often
Individual specifically should being used for uses different methods to realize described function, but this realization it is not considered that
Beyond the scope of this invention.
The method described in conjunction with the embodiments described herein or the step of algorithm can use hardware, process
The software module that device performs, or the combination of the two implements.Software module can be placed in random access memory
(RAM), internal memory, read only memory (ROM), electrically programmable ROM, electrically erasable ROM,
Other form any well known in depositor, hard disk, moveable magnetic disc, CD-ROM or technical field
Storage medium in.
Above-described detailed description of the invention, is carried out the purpose of the present invention, technical scheme and beneficial effect
Further describe, be it should be understood that the foregoing is only the present invention detailed description of the invention and
, the protection domain being not intended to limit the present invention, all within the spirit and principles in the present invention, done
Any modification, equivalent substitution and improvement etc., should be included within the scope of the present invention.
Claims (8)
1. a TCP connection establishment method based on one-way data bag, including:
By Network Capture packet;
Filter out the packet on a direction, obtain the first one-way data bag;
According to the three-way handshake mark in described one-way data bag to will described one-way data bag contain three times
The data filtering indicated of shaking hands falls, and obtains the second one-way data bag;And
Session according to application layer safeguards that condition creates the unidirectional TCP corresponding with described one-way data bag and connects,
With will pass through described unidirectional TCP connect described second one-way data bag is transferred to application layer process;
Being multiple session by described unidirectional TCP link division, each session includes one or more data
Bag;
The packet in one or more sessions is selected to carry out TCP flow restructuring according to predefined rule.
Method the most according to claim 1, also includes:
Terminate described unidirectional TCP with unidirectional inspection of waving to connect.
Method the most according to claim 1, also includes:
Described second one-way data bag is carried out IP fragmentation restructuring.
Method the most according to claim 1, also includes:
After described unidirectional TCP connection establishment, described second one-way data bag is carried out TCP flow restructuring.
Method the most according to claim 2, wherein, described unidirectional inspection of waving is to check whether to connect
Receiving the TCP FIN flag on a direction, if receiving described TCP FIN flag, then terminating institute
State unidirectional TCP to connect.
Method the most according to claim 1, wherein, one direction be data uplink direction or
Data downstream direction.
7. a TCP connection establishment device based on one-way data bag, including:
Packet acquisition module, for by Network Capture packet;
First filtering module, for filtering out the packet on a direction, obtains the first one-way data bag;
Second filtering module, is used for according to the three-way handshake mark in described one-way data bag by described list
In packet, the data filtering containing three-way handshake mark falls, and obtains the second one-way data bag;And
For the session according to application layer, TCP connection establishment module, safeguards that condition creates and described one-way data
The unidirectional TCP that bag is corresponding connects, in order to connected described second one-way data bag by described unidirectional TCP
Transfer to application layer process.
8. a server, connects including TCP based on one-way data bag as claimed in claim 7 and builds
Vertical device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210587551.3A CN103067394B (en) | 2013-02-07 | 2013-02-07 | A kind of TCP connection establishment method and device based on one-way data bag |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210587551.3A CN103067394B (en) | 2013-02-07 | 2013-02-07 | A kind of TCP connection establishment method and device based on one-way data bag |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067394A CN103067394A (en) | 2013-04-24 |
| CN103067394B true CN103067394B (en) | 2016-11-09 |
Family
ID=48109856
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210587551.3A Active CN103067394B (en) | 2013-02-07 | 2013-02-07 | A kind of TCP connection establishment method and device based on one-way data bag |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067394B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10645176B2 (en) * | 2016-12-29 | 2020-05-05 | Cyphort Inc. | System and method to process packets in a transmission control protocol session |
| CN106911707B (en) * | 2017-03-15 | 2020-01-03 | 中国科学技术大学 | Bidirectional decoupling transmission control method and system |
| CN110830325B (en) * | 2019-11-05 | 2021-05-14 | 北京云杉世纪网络科技有限公司 | Adaptive network bypass path network flow direction speculation method and system |
-
2013
- 2013-02-07 CN CN201210587551.3A patent/CN103067394B/en active Active
Non-Patent Citations (2)
| Title |
|---|
| RFC:793 TRANSMISSION CONTROL PROTOCOL;Information sciences institute;《IEEE》;19810930;第1页-第52页 * |
| User Datagram Protocol;j.postel;《IEEE》;19800824;第1页-第3页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067394A (en) | 2013-04-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104660708B (en) | A kind of Mobile solution information push method and system based on HTTP | |
| CN104486243B (en) | Data transmission method, equipment and system | |
| CN104184749B (en) | A kind of SDN network access method and system | |
| CN103475706B (en) | Pseudo-TCP covert communication method based on SYN-ACK two server bounce mode | |
| CN103931162B (en) | The method and the network equipment of processing business | |
| CN102761534B (en) | Realize the method and apparatus of media access control layer Transparent Proxy | |
| CN103067394B (en) | A kind of TCP connection establishment method and device based on one-way data bag | |
| CN104270344B (en) | 10000000000 gateways | |
| CN103516694A (en) | Communication method, device and system | |
| CN110120854A (en) | The method and apparatus for transmitting data | |
| CN104283716B (en) | Data transmission method, equipment and system | |
| CN103108057B (en) | Method for establishing transmission control protocol connection according to network address translator behavior | |
| CN106936875A (en) | Improvement TCP agent method based on wide area network data compression | |
| CN107332857A (en) | A kind of network data transmission method, device, system and storage medium | |
| CN106850547A (en) | A kind of data restoration method and system based on http protocol | |
| CN107368334A (en) | A kind of business plug-in unit interactive system and method | |
| CN107566218A (en) | A kind of flux auditing method suitable for cloud environment | |
| CN107451092A (en) | A kind of data transmission system based on IB networks | |
| US8717925B2 (en) | Testing TCP connection rate | |
| CN106131039A (en) | The processing method and processing device of SYN flood attack | |
| CN101127744B (en) | Separation prompt method and system for illegal client and gateway device | |
| CN105245464A (en) | Network acceleration method based on Android system | |
| TW201251377A (en) | NIC data transmission method and system | |
| CN104601400B (en) | Shunting device performance test methods, test client and test server | |
| CN102387062B (en) | Method for improving transmission rate of peer-to-peer (p2p) node in crossing network by dynamic bridging contact |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |