CN103384274A - Hyper text transport protocol (http)-based communication method for connection of public network with intranet computer - Google Patents
Hyper text transport protocol (http)-based communication method for connection of public network with intranet computer Download PDFInfo
- Publication number
- CN103384274A CN103384274A CN201310293651XA CN201310293651A CN103384274A CN 103384274 A CN103384274 A CN 103384274A CN 201310293651X A CN201310293651X A CN 201310293651XA CN 201310293651 A CN201310293651 A CN 201310293651A CN 103384274 A CN103384274 A CN 103384274A
- Authority
- CN
- China
- Prior art keywords
- computer
- public network
- signal
- http
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the field of computer network communication and discloses an http-based communication method for connection of a public network with an intranet computer. A double-network-card computer is included and distributed with a public network (internet protocol) IP address and an intranet IP address simultaneously. The communication method comprises the steps that the double-network-card computer receives an http request sent by a public network computer, analyzes the IP address and the port number of the specified intranet computer from the http request and forwards the request and responses and transmits data between the public network computer and the specified intranet computer. The communication method has the advantages that a network passing method capable of penetrating intranets is built, and the method has few steps, is safe and reliable and has high application values.
Description
Technical field
The present invention relates to computer network communication field, particularly a kind of communication means that connects inner net computer based on the public network of http agreement.
Background technology
Rise along with network technology, various based on network software application occur thereupon, greatly enriched the experience of net surfing, but uneven owing to existing in the track laying process of network, in actual networking, there is the local area network (LAN) of a large amount of limiting access, causes external user can't access smoothly and access the interior Intranet user of local area network (LAN).
In prior art, more adopt the port mapping technology to solve the communication issue of outer net and Intranet, this method has significant limitation, and at first useful port is limited, and the resources of virtual machine in platform can constantly expand, and does not probably have enough ports to shine upon virtual machine; Secondly, indicate a virtual machine with a numeral (port), this method is also unfriendly, is difficult to memory, has limited range of application, is unfavorable for applying.
Summary of the invention
The present invention is directed to the limitation that prior art exists, a kind of communication means that connects inner net computer based on the public network of http agreement is provided.
For achieving the above object, the present invention can take following technical proposals:
The communication means that connects inner net computer based on the public network of http agreement, comprise two network card computers, described pair of network card computer has been assigned with public network IP address and IP address of internal network simultaneously, comprise following concrete steps: described pair of network card computer accepted the http request that the public network computer is sent, parse IP address and the port numbers of the inner net computer of appointment from the http request, and between the inner net computer of public network computer and appointment Forward-reques, response and transmit data, described inner net computer is computer or the virtual machine in Intranet.
As preferably, also comprise the url rule, the content of described url rule is encapsulated in the http message of http request, can be identified by two network card computers, two network card computers extract IP address and the port numbers of the inner net computer of appointment from the http message of http request, wherein, described url rule comprises IP address and the port numbers of the inner net computer of the IP address of two network card computers and port and appointment.
As preferably, also comprise the multi-process model, described multi-process model comprises a host process and a plurality of subprocess;
Described host process is used for monitoring the signal of public network computer and the operating state of subprocess, concrete steps are as follows: host process first shields the signal of all public network computers, create and monitor socket, read configuration file and create the subprocess that specifies number according to configuration file, then opening signal mask word begins to monitor the abnormal collapse signal of signal that the public network computer sends, subprocess, again reads configuration file signal and timer signal; When host process receives SIGTERM signal or the SIGINT signal that the public network computer sends, host process passes to all subprocesss with SIGTERM signal or the SIGINT signal that receives, and after waiting for that all subprocesss finish, host process finishes; When host process receives the abnormal collapse signal that subprocess sends, again create this subprocess;
Described subprocess is used for Forward-reques and response, and monitors the port of two network card computers, but not to other data or the information of host process transmission except abnormal collapse signal; Subprocess adopts the epoll event model based on the edge-triggered pattern, to connecting socket and monitoring the monitoring that socket continues, take different treatment steps according to different read-write events and Socket type, the treating step comprises following concrete steps:
1) monitor IP address and the port thereof of public network computer, the event of reading of monitoring socket is write in epoll;
2) receive the connection request of public network computer after, create to connect socket, and the read-write event is write in epoll monitor;
3) if the connection socket of public network computer is readable, read the http request of public network computer, the url rule that request comprises to http is resolved, extract IP address and the port numbers of inner net computer, and rewrite the http request, the http request that rewrites is stored in the buffer memory of two network card computers; If the http request creates the connection of connecting virtual machine for request for the first time;
4) if the connection socket of virtual machine can be write, the http request that rewrites is directly sent to the connection socket of virtual machine;
5) if the connection socket of virtual machine is readable, read the response data of virtual machine, response data is stored in the buffer memory of two network card computers;
6) if the connection socket of public network computer can be write, will be stored in the connection socket that response data in two network card computers bufferings sends to the public network computer.
The present invention has significant technique effect owing to having adopted above technical scheme:
The present invention is based on the http agreement, any browser can rely on computer or the virtual machine in the long-range connection local area network (LAN) of this method.Further, the url that the inventive method adopts is simple in rule to be understood, uses the close friend, disposes convenient easy row, and access process is reliable and stable, can provide long-range Connection Service for thousands of local network virtual machine in the cloud platform, has very high practicality.
Description of drawings
Fig. 1 is the described network topology structure schematic diagram of embodiment 1.
Fig. 2 is the schematic flow sheet of embodiment 1 described subprocess.
Embodiment
The present invention is described in further detail below in conjunction with embodiment.
Embodiment 1
The communication means that connects inner net computer based on the public network of http agreement, its network topology structure comprise two network card computers as shown in Figure 1, and this computer is as the Agent Computer of actual treatment http request.2 network interface cards are installed in described pair of network card computer, have been assigned with simultaneously public network IP address and IP address of internal network.
Concrete steps are as follows: described pair of network card computer accepted the http request that the public network computer is sent, parse IP address and the port numbers of the inner net computer of appointment from the http request, and between the inner net computer of public network computer and appointment Forward-reques, response and transmit data, described inner net computer is computer or the virtual machine in Intranet.
Described passing method also comprises the url rule, the content of this url rule is encapsulated in the http message of http request, can be identified by two network card computers, two network card computers extract IP address and the port numbers of the inner net computer of appointment from the http message of http request, wherein, described url rule comprises IP address and the port numbers of the inner net computer of the IP address of two network card computers and port and appointment, and we can construct a following url rule: http: // public network Computer IP: Port/ purpose inner net computer IP:Port/.
Two network card computers also comprise the multi-process model, and described multi-process model comprises a host process and a plurality of subprocess.
Described host process is used for monitoring the signal of public network computer and the operating state of subprocess, concrete steps are as follows: host process first shields the signal of all public network computers, create and monitor socket, read configuration file and create the subprocess that specifies number according to configuration file, then opening signal mask word begins to monitor the abnormal collapse signal of signal that the public network computer sends, subprocess, again reads configuration file signal and timer signal; When host process receives SIGTERM signal or the SIGINT signal that the public network computer sends, host process passes to all subprocesss with SIGTERM signal or the SIGINT signal that receives, and after waiting for that all subprocesss finish, host process finishes; When host process receives the abnormal collapse signal SIGCHLD that subprocess sends, again create this subprocess.
Described subprocess is used for Forward-reques and response, and subprocess is monitored the port of two network card computers, is generally 4200 ports, but not to other data or the information of host process transmission except abnormal collapse signal; In order to improve number of concurrent, subprocess adopts the epoll event model based on the edge-triggered pattern, to connecting socket and monitoring the monitoring that socket continues, take different treatment steps according to different read-write events and Socket type, described treatment step comprises following concrete steps as shown in Figure 2:
Monitor IP address and the port thereof of public network computer, the event of reading of monitoring socket is write in epoll; Subprocess calls epoll_wait and waits for ready socket, if a socket is ready, calls different handle processing according to read-write event type and Socket type:
1) if for reading event and be to monitor socket, call accept_handle and process: at first call accept and create and connect socket, the data structure that initialization is relevant, and the read-write event is write in epoll monitor;
2) if read event and be to connect socket, call read_client_handle and process: at first reading out data to corresponding buffer area, is analyzed the data of reading, if do not contain http request row, returns and continues to intercept; Otherwise, virtual machine IP and port in the url rule that the request of extraction is gone, and rewrite this http request.If the virtual machine of being connected with correspondence connects, the http that directly sends after this rewritings asks; Otherwise, connect the port of corresponding virtual machine, and the read-write event of this new socket added in epoll;
3) if the connection socket of virtual machine can be write, the http request that rewrites is directly sent to the connection socket of virtual machine;
4) if the connection socket of virtual machine is readable, read the response data of virtual machine, response data is stored in the buffer memory of two network card computers;
5) if the connection socket of public network computer can be write, will be stored in the connection socket that response data in two network card computers bufferings sends to the public network computer.
In a word, the above is only preferred embodiment of the present invention, and all equalizations of doing according to the present patent application the scope of the claims change and modify, and all should belong to the covering scope of patent of the present invention.
Claims (3)
1. communication means that connects inner net computer based on the public network of http agreement, it is characterized in that, comprise two network card computers, described pair of network card computer has been assigned with public network IP address and IP address of internal network simultaneously, comprise following concrete steps: described pair of network card computer accepted the http request that the public network computer is sent, parse IP address and the port numbers of the inner net computer of appointment from the http request, and between the inner net computer of public network computer and appointment Forward-reques, response and transmission data, described inner net computer is computer or the virtual machine in Intranet.
2. the public network based on the http agreement according to claim 1 connects the communication means of inner net computer, it is characterized in that, also comprise the url rule, the content of described url rule is encapsulated in the http message of http request, can be identified by two network card computers, two network card computers extract IP address and the port numbers of the inner net computer of appointment from the http message of http request, wherein, described url rule comprises IP address and the port numbers of the inner net computer of the IP address of two network card computers and port and appointment.
3. the communication means that connects inner net computer based on the public network of http agreement according to claim 1, is characterized in that, also comprise the multi-process model, described multi-process model comprises a host process and a plurality of subprocess;
Described host process is used for monitoring the signal of public network computer and the operating state of subprocess, concrete steps are as follows: host process first shields the signal of all public network computers, create and monitor socket, read configuration file and create the subprocess that specifies number according to configuration file, then opening signal mask word begins to monitor the abnormal collapse signal of signal that the public network computer sends, subprocess, again reads configuration file signal and timer signal; When host process receives SIGTERM signal or the SIGINT signal that the public network computer sends, host process passes to all subprocesss with SIGTERM signal or the SIGINT signal that receives, and after waiting for that all subprocesss finish, host process finishes; When host process receives the abnormal collapse signal that subprocess sends, again create this subprocess;
Described subprocess is used for Forward-reques and response, and monitors the port of two network card computers, but not to other data or the information of host process transmission except abnormal collapse signal; Subprocess adopts the epoll event model based on the edge-triggered pattern, to connecting socket and monitoring the monitoring that socket continues, take different treatment steps according to different read-write events and Socket type, the treating step comprises following concrete steps:
1) monitor IP address and the port thereof of public network computer, the event of reading of monitoring socket is write in epoll;
2) receive the connection request of public network computer after, create to connect socket, and the read-write event is write in epoll monitor;
3) if the connection socket of public network computer is readable, read the http request of public network computer, the url rule that request comprises to http is resolved, extract IP address and the port numbers of inner net computer, and rewrite the http request, the http request that rewrites is stored in the buffer memory of two network card computers; If the http request creates the connection of connecting virtual machine for request for the first time;
4) if the connection socket of virtual machine can be write, the http request that rewrites is directly sent to the connection socket of virtual machine;
5) if the connection socket of virtual machine is readable, read the response data of virtual machine, response data is stored in the buffer memory of two network card computers;
6) if the connection socket of public network computer can be write, will be stored in the connection socket that response data in two network card computers bufferings sends to the public network computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310293651.XA CN103384274B (en) | 2013-07-15 | 2013-07-15 | Public network based on http agreement connects the communication means of inner net computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310293651.XA CN103384274B (en) | 2013-07-15 | 2013-07-15 | Public network based on http agreement connects the communication means of inner net computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103384274A true CN103384274A (en) | 2013-11-06 |
| CN103384274B CN103384274B (en) | 2016-08-10 |
Family
ID=49491965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310293651.XA Expired - Fee Related CN103384274B (en) | 2013-07-15 | 2013-07-15 | Public network based on http agreement connects the communication means of inner net computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103384274B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103731308A (en) * | 2013-12-29 | 2014-04-16 | 国云科技股份有限公司 | Virtual machine public network management method |
| CN107800743A (en) * | 2016-09-06 | 2018-03-13 | 中国电信股份有限公司 | Cloud desktop system, cloud management system and relevant device |
| CN108881518A (en) * | 2018-08-01 | 2018-11-23 | 上海华测导航技术股份有限公司 | A kind of method, apparatus, storage medium and system accessing Intranet equipment |
| CN109922159A (en) * | 2019-03-27 | 2019-06-21 | 宁波大学 | A kind of method of the two-way virtual link in cloud between internet of things equipment |
| CN110351159A (en) * | 2018-04-08 | 2019-10-18 | 上海大唐移动通信设备有限公司 | A kind of network performance test method and device across Intranet |
| CN110380762A (en) * | 2019-07-05 | 2019-10-25 | 浙江大学 | A kind of extensive cut-in method that calculating is merged with communication |
| CN111511041A (en) * | 2019-01-31 | 2020-08-07 | 大唐移动通信设备有限公司 | Remote connection method and device |
| CN114356446A (en) * | 2021-12-27 | 2022-04-15 | 湖北天融信网络安全技术有限公司 | Method, device and equipment for processing inter-process event and storage medium |
| CN116232960A (en) * | 2022-12-28 | 2023-06-06 | 新浪技术(中国)有限公司 | Address detection method, monitoring equipment and exit network equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040267878A1 (en) * | 2003-06-26 | 2004-12-30 | Osias Michael J | Method, system and program product for providing a status of a transaction with an application on a server |
| CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
| CN103166777A (en) * | 2011-12-13 | 2013-06-19 | 成都勤智数码科技有限公司 | Operation method and device for equipment remote operation and maintenance |
| CN104125243A (en) * | 2013-04-23 | 2014-10-29 | 浙江大学 | Method of penetrating internal network to remotely connect large-scale virtual machines |
-
2013
- 2013-07-15 CN CN201310293651.XA patent/CN103384274B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040267878A1 (en) * | 2003-06-26 | 2004-12-30 | Osias Michael J | Method, system and program product for providing a status of a transaction with an application on a server |
| CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
| CN103166777A (en) * | 2011-12-13 | 2013-06-19 | 成都勤智数码科技有限公司 | Operation method and device for equipment remote operation and maintenance |
| CN104125243A (en) * | 2013-04-23 | 2014-10-29 | 浙江大学 | Method of penetrating internal network to remotely connect large-scale virtual machines |
Non-Patent Citations (2)
| Title |
|---|
| 修长虹 等: "Windows2003 Server双网卡多站点内外网访问解决方案", 《网络安全技术与应用》 * |
| 王成浩: "基于EPOLL的网络游戏服务器通信架构的研究与设计", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103731308A (en) * | 2013-12-29 | 2014-04-16 | 国云科技股份有限公司 | Virtual machine public network management method |
| CN107800743A (en) * | 2016-09-06 | 2018-03-13 | 中国电信股份有限公司 | Cloud desktop system, cloud management system and relevant device |
| CN107800743B (en) * | 2016-09-06 | 2020-11-24 | 中国电信股份有限公司 | Cloud desktop system, cloud management system and related equipment |
| CN110351159B (en) * | 2018-04-08 | 2021-07-06 | 上海大唐移动通信设备有限公司 | Cross-intranet network performance testing method and device |
| CN110351159A (en) * | 2018-04-08 | 2019-10-18 | 上海大唐移动通信设备有限公司 | A kind of network performance test method and device across Intranet |
| CN108881518A (en) * | 2018-08-01 | 2018-11-23 | 上海华测导航技术股份有限公司 | A kind of method, apparatus, storage medium and system accessing Intranet equipment |
| CN111511041B (en) * | 2019-01-31 | 2022-03-29 | 大唐移动通信设备有限公司 | Remote connection method and device |
| CN111511041A (en) * | 2019-01-31 | 2020-08-07 | 大唐移动通信设备有限公司 | Remote connection method and device |
| CN109922159A (en) * | 2019-03-27 | 2019-06-21 | 宁波大学 | A kind of method of the two-way virtual link in cloud between internet of things equipment |
| CN109922159B (en) * | 2019-03-27 | 2021-10-08 | 宁波大学 | Cloud bidirectional virtual connection method between Internet of things devices |
| CN110380762A (en) * | 2019-07-05 | 2019-10-25 | 浙江大学 | A kind of extensive cut-in method that calculating is merged with communication |
| CN114356446A (en) * | 2021-12-27 | 2022-04-15 | 湖北天融信网络安全技术有限公司 | Method, device and equipment for processing inter-process event and storage medium |
| CN114356446B (en) * | 2021-12-27 | 2023-08-22 | 湖北天融信网络安全技术有限公司 | Processing method, device, equipment and storage medium for inter-process event |
| CN116232960A (en) * | 2022-12-28 | 2023-06-06 | 新浪技术(中国)有限公司 | Address detection method, monitoring equipment and exit network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103384274B (en) | 2016-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103384274A (en) | Hyper text transport protocol (http)-based communication method for connection of public network with intranet computer | |
| TWI458314B (en) | Server system and management method thereof for transferring remote packet to host | |
| CN104125243B (en) | A kind of method for penetrating Intranet and remotely connecting large-scale virtual machine | |
| CN106357609B (en) | A kind of method and system, public network server and private clound equipment creating user | |
| CN103685269B (en) | A kind of web browser carries out the method and system of both-way communication with server | |
| CN103346972A (en) | Flow control device and method based on user terminal | |
| CN105573733B (en) | Method, web front-end and the system that browser is communicated with web front-end | |
| CN102624918A (en) | Proxy access method based on URL (Uniform Resource Locator) rewriting technique | |
| CN111049946B (en) | Portal authentication method, portal authentication system, electronic equipment and storage medium | |
| CN108124007A (en) | The method and apparatus of message data real-time Transmission | |
| CN103763125A (en) | Statistical method and device for number of actual users in operator network | |
| CN103198007A (en) | Multi-process log output method and system | |
| CN103237035A (en) | Controllable distributed agent platform | |
| CN102624878A (en) | Method and system for identifying P2P (peer-to-peer) protocol on basis of DNS (domain name server) protocol | |
| CN103513986A (en) | Method for using CGI technology for achieving dynamic web server in no-operation system | |
| CN104615597A (en) | Method, device and system for clearing cache file in browser | |
| CN102647404A (en) | Flow converging method and device for resisting flood attack | |
| CN106663170B (en) | Information processing system, control method | |
| CN106453452A (en) | Data access request processing method and server used for processing data access request | |
| CN102215146B (en) | Webpage downloading monitoring method and device | |
| CN104980459A (en) | Application program operation method and site access device | |
| CN107592340A (en) | The method and apparatus of remote operation management server | |
| CN106941500B (en) | Multi-device control method and system based on browser | |
| CN107241333A (en) | Recognition methods, system, Network Security Device and the server of exception request | |
| CN104967675A (en) | Method for file transmission on financial network counter by avoiding start and spread of virus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160810 Termination date: 20210715 |