CN103560995A - URL filtering method for realizing IPv4 and IPv6 at the same time - Google Patents
URL filtering method for realizing IPv4 and IPv6 at the same time Download PDFInfo
- Publication number
- CN103560995A CN103560995A CN201310439596.0A CN201310439596A CN103560995A CN 103560995 A CN103560995 A CN 103560995A CN 201310439596 A CN201310439596 A CN 201310439596A CN 103560995 A CN103560995 A CN 103560995A
- Authority
- CN
- China
- Prior art keywords
- url
- ipv6
- ipv4
- filtering method
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a URL filtering method for realizing IPv4 and IPv6 at the same time. The method comprises the following steps: (a) creating a URL filter module in a kernel, (b) according to a user-defined URL list, generating a URL configuration file which can be identified by the URL filter module and loading the URL configuration file into the kernel, (c) registering two hook rule functions to be attached to an NF_IP6_FORWARD chain and an NF_IP_FORWARD chain respectively, (d) obtaining data packet information and carrying out matching filtering with the URL configuration information in the URL configuration file. According to the URL filtering method provided by the invention, through adding a URL filtering rule in a forward table of a netfillter module, the URL filtering is carried out to realize the URL filtering under the IPv4 and IPv6, the configuration of the URL filtering of different port numbers is supported, and two filtering modes of white and black lists can be realized.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of url filtering method that simultaneously realizes ipv4 and ipv6.
Background technology
URL, is also referred to as web page address, is the address of the upper standard resource of Internet, for intactly describing a kind of identification method of the address of the upper webpage of Internet and other resources.Each webpage on Internet has a unique URL address name sign, is conventionally referred to as URL address, and this address can be local disk, can be also a certain computer on local area network (LAN), is more the website on Internet.Briefly, URL is exactly Web address, is commonly called as " network address ".
In communication technical field, url filtering is a very important function, and existing url filtering is generally all expanded out in iptables, there is so individual limitation, that is exactly can only be for ipv4, and has a lot of restrictions, and it is not very comprehensive causing filtering function.
Summary of the invention
The object of the present invention is to provide a kind of url filtering method that simultaneously realizes ipv4 and ipv6, to promote to a greater extent url filtering function.
The object of the invention is to be achieved through the following technical solutions.
A url filtering method that realizes ipv4 and ipv6, comprises step:
A: create a URL filter module in kernel;
B: according to user-defined URL list, generate the discernible URL configuration file of URL filter module, and described URL configuration file is sent in kernel by socket communication dynamics;
C: register two hook rule functions and be affiliated to respectively in NF_IP6_FORWARD and NF_IP_FORWARD chain;
D: obtain packet information and mate filtration with the URL information in URL configuration file.
Further preferred, described user-defined URL list is white list or blacklist.
Further preferred, steps d specifically comprises: whether judgement configuration is blacklist and there is no rule, if not, and data pack protocol is ipv6 agreement, resolve ipv6 packet, extract URL character string information, if the URL information matches in URL character string information and URL configuration file, and be that blacklist returns to refusal.
Further preferred, determine whether blacklist and there is no rule, if so, directly select to return reception.
Further preferred, resolve ipv6 packet, if not URL bag, return to reception.
Further preferred, if URL character string information does not mate with the URL information in URL configuration file, and be that white list returns to refusal; Other situation is returned to reception.
Further preferred, whether judgement configuration is blacklist and there is no rule, if not, and data pack protocol is ipv4 agreement, resolve ipv4 packet, extract URL character string information, if the URL information matches in URL character string information and URL configuration file, and be that blacklist returns to refusal.
Further preferred, if URL character string information does not mate with the URL information in URL configuration file, and be that white list returns to refusal; Other situation is returned to reception.
Further preferred, determine whether blacklist and do not have before regular step, also comprise and judge whether URL opens, if do not opened, directly select to return reception.
Further preferred, resolve ipv4 packet, if not URL bag, return to reception.
The present invention compared with prior art, beneficial effect is: url filtering method provided by the invention, by adding a url filtering rule in the forward table in netfilter module, be used for carrying out url filtering, to realize the url filtering under ipv4 and ipv6 simultaneously, and support the url filtering of configuration different port number can also to realize two kinds of filter types of white list and blacklist.
Accompanying drawing explanation
Fig. 1 is url filtering method flow diagram of the present invention;
Fig. 2 is that in the present invention, packet mates flow chart with URL configuration file.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Refer to shown in Fig. 1, the present invention realizes the url filtering method of ipv4 and ipv6 simultaneously, comprising:
Step 101: create a URL filter module in kernel;
Step 102: according to user-defined URL list and rule, generate the discernible URL configuration file of URL filter module, and described URL configuration file is sent in kernel by socket communication dynamics;
Step 103: register two hook rule functions and be affiliated to respectively in NF_IP6_FORWARD and NF_IP_FORWARD chain;
Step 104: obtain packet information and mate filtration with the URL information in URL configuration file.
Particularly, as shown in Figure 2, packet mates flow process with URL configuration file, comprising:
Step 201: judge that whether URL opens, and if so, enters step 202; Otherwise, directly select to return reception;
Step 202: judge whether URL configuration file is blacklist and there is no rule, if so, directly select to return reception; Otherwise, enter step 203;
Step 203: judge that whether data pack protocol is ipv6 agreement, if so, enters step 204; Otherwise, enter step 205;
Step 204: resolve ipv6 packet, if not URL bag, return to reception; Otherwise, extract URL character string information, enter step 206;
Particularly, also comprise and resolve ipv6 packet, if not tcp bag, return to reception.
Step 205: resolve ipv4 packet, if not URL bag, return to reception; Otherwise prompting URL character string information, enters step 206;
Particularly, also comprise and resolve ipv4 packet, if not tcp bag, return to reception.
Step 206: if the URL information matches in URL character string information and URL configuration file, and configuration is that blacklist returns to refusal; If do not mated, and be that white list returns to refusal; Other situation is returned to reception.
In the present invention, the url in described blacklist: URL configuration and data packet matched no thoroughfare, does not mate and allows to pass through;
Url and data packet matched just permission in described white list: URL configuration are passed through, and do not mate that no thoroughfare.
Said method, is delivered to url filtering information kernel from application layer, and is saved in kernel for calling, and does not rely on the firewall functionality of iptables, is independently kernel and an application layer communication passage; By insert hook rule function in NF_IP6_FORWARD and NF_IP_FORWARD, obtain packet and carry out filtering function with the URL information matches in URL configuration file.Can realize the url filtering under ipv4 and ipv6 simultaneously, and support the url filtering of configuration different port number, can also realize two kinds of filter types of white list and blacklist.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any modifications of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a url filtering method that simultaneously realizes ipv4 and ipv6, is characterized in that, comprises step:
A: create a URL filter module in kernel;
B: according to user-defined URL list and rule, generate the discernible URL configuration file of URL filter module, and described URL configuration file is sent in kernel by socket communication dynamics;
C: register two hook rule functions and be affiliated to respectively in NF_IP6_FORWARD and NF_IP_FORWARD chain;
D: obtain packet information and mate filtration with the URL rule in URL configuration file.
2. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 1, is characterized in that, described user-defined URL list and rule are white list or blacklist.
3. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 2, it is characterized in that, steps d specifically comprises: whether judgement configuration is blacklist and there is no rule, if not, and data pack protocol is ipv6 agreement, resolves ipv6 packet, extract URL character string information, if the URL information matches in URL character string information and URL configuration rule file, and be that blacklist returns to refusal.
4. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 3, is characterized in that, whether judgement configuration is blacklist and there is no rule, if so, without resolution data bag, directly selects to return reception.
5. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 3, is characterized in that, resolves ipv6 packet, if not URL bag, returns to reception.
6. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 3, is characterized in that, if URL character string information does not mate with the URL information in URL configuration file, and is that white list returns to refusal; Other situation is returned to reception.
7. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 3, it is characterized in that, whether judgement configuration is blacklist and there is no rule, if not, and data pack protocol is ipv4 agreement, resolves ipv4 packet, extract URL character string information, if the URL information matches in URL character string information and URL configuration file, and be that blacklist returns to refusal.
8. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 7, is characterized in that, if URL character string information does not mate with the URL information in URL configuration file, and is that white list returns to refusal; Other situation is returned to reception.
9. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 3, is characterized in that, determines whether blacklist and does not have before regular step, also comprises and judges whether URL opens, if do not opened, directly selects to return reception.
10. the url filtering method that simultaneously realizes ipv4 and ipv6 as claimed in claim 7, is characterized in that, resolves ipv4 packet, if not URL bag, returns to reception.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310439596.0A CN103560995A (en) | 2013-09-25 | 2013-09-25 | URL filtering method for realizing IPv4 and IPv6 at the same time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310439596.0A CN103560995A (en) | 2013-09-25 | 2013-09-25 | URL filtering method for realizing IPv4 and IPv6 at the same time |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103560995A true CN103560995A (en) | 2014-02-05 |
Family
ID=50015145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310439596.0A Pending CN103560995A (en) | 2013-09-25 | 2013-09-25 | URL filtering method for realizing IPv4 and IPv6 at the same time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103560995A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103995773A (en) * | 2014-02-28 | 2014-08-20 | 上海斐讯数据通信技术有限公司 | Automatic testing method for URL filtering function |
| CN105915548A (en) * | 2016-06-20 | 2016-08-31 | 浪潮电子信息产业股份有限公司 | Design method for realizing DNS (Domain name System) filtering based on netfilter |
| CN106899604A (en) * | 2017-03-14 | 2017-06-27 | 东软集团股份有限公司 | The processing method and processing device of Packet Filtering rule |
| CN108200026A (en) * | 2017-12-27 | 2018-06-22 | 山东华软金盾软件股份有限公司 | The method that rst blocking packets are sent based on ipv6 |
| CN108600191A (en) * | 2018-03-30 | 2018-09-28 | 深圳市伟文无线通讯技术有限公司 | Advertisement authentication based on mobile router lightweight and url filtering method |
| CN109167780A (en) * | 2018-08-28 | 2019-01-08 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | A kind of method, equipment, system and the medium of the access of control resource |
| CN109413018A (en) * | 2018-04-28 | 2019-03-01 | 武汉思普崚技术有限公司 | A kind of port scanning method and device |
| CN112261039A (en) * | 2020-10-20 | 2021-01-22 | 四川天邑康和通信股份有限公司 | Method for realizing fusion gateway http and http URL filtering |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080209057A1 (en) * | 2006-09-28 | 2008-08-28 | Paul Martini | System and Method for Improved Internet Content Filtering |
| CN101605129A (en) * | 2009-06-23 | 2009-12-16 | 北京理工大学 | A kind of URL lookup method that is used for the url filtering system |
| CN102004789A (en) * | 2010-12-07 | 2011-04-06 | 苏州迈科网络安全技术股份有限公司 | Application method of uniform/universal resource locator (URL) filter system |
| CN102780681A (en) * | 2011-05-11 | 2012-11-14 | 中兴通讯股份有限公司 | URL (Uniform Resource Locator) filtering system and URL filtering method |
-
2013
- 2013-09-25 CN CN201310439596.0A patent/CN103560995A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080209057A1 (en) * | 2006-09-28 | 2008-08-28 | Paul Martini | System and Method for Improved Internet Content Filtering |
| CN101605129A (en) * | 2009-06-23 | 2009-12-16 | 北京理工大学 | A kind of URL lookup method that is used for the url filtering system |
| CN102004789A (en) * | 2010-12-07 | 2011-04-06 | 苏州迈科网络安全技术股份有限公司 | Application method of uniform/universal resource locator (URL) filter system |
| CN102780681A (en) * | 2011-05-11 | 2012-11-14 | 中兴通讯股份有限公司 | URL (Uniform Resource Locator) filtering system and URL filtering method |
Non-Patent Citations (1)
| Title |
|---|
| 毛毛: "一种IPv4_IPv6双协议栈下数据包的过滤方法", 《中国水运》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103995773A (en) * | 2014-02-28 | 2014-08-20 | 上海斐讯数据通信技术有限公司 | Automatic testing method for URL filtering function |
| CN103995773B (en) * | 2014-02-28 | 2019-11-22 | 上海斐讯数据通信技术有限公司 | A kind of automatic test approach of url filtering function |
| CN105915548A (en) * | 2016-06-20 | 2016-08-31 | 浪潮电子信息产业股份有限公司 | Design method for realizing DNS (Domain name System) filtering based on netfilter |
| CN106899604A (en) * | 2017-03-14 | 2017-06-27 | 东软集团股份有限公司 | The processing method and processing device of Packet Filtering rule |
| CN106899604B (en) * | 2017-03-14 | 2020-06-05 | 东软集团股份有限公司 | Processing method and device for data packet filtering rules |
| CN108200026A (en) * | 2017-12-27 | 2018-06-22 | 山东华软金盾软件股份有限公司 | The method that rst blocking packets are sent based on ipv6 |
| CN108600191A (en) * | 2018-03-30 | 2018-09-28 | 深圳市伟文无线通讯技术有限公司 | Advertisement authentication based on mobile router lightweight and url filtering method |
| CN109413018A (en) * | 2018-04-28 | 2019-03-01 | 武汉思普崚技术有限公司 | A kind of port scanning method and device |
| CN109413018B (en) * | 2018-04-28 | 2021-06-08 | 武汉思普崚技术有限公司 | Port scanning method and device |
| CN109167780A (en) * | 2018-08-28 | 2019-01-08 | 下代互联网重大应用技术(北京)工程研究中心有限公司 | A kind of method, equipment, system and the medium of the access of control resource |
| CN109167780B (en) * | 2018-08-28 | 2021-08-24 | 下一代互联网重大应用技术(北京)工程研究中心有限公司 | Method, device, system and medium for controlling resource access |
| CN112261039A (en) * | 2020-10-20 | 2021-01-22 | 四川天邑康和通信股份有限公司 | Method for realizing fusion gateway http and http URL filtering |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103560995A (en) | URL filtering method for realizing IPv4 and IPv6 at the same time | |
| CN108737327B (en) | Method, device and system for intercepting malicious website and memory | |
| CN104796849B (en) | A kind of method and apparatus handled data packet | |
| US9832222B2 (en) | Anti-malware mobile content data management apparatus and method | |
| CN104010285A (en) | Short message filtering method and system, short message service center and terminal | |
| CN103809427B (en) | A kind of method and device for updating the mobile terminal time | |
| CN104320304A (en) | Multimode integration core network user traffic application identification method easy to expand | |
| CN105828310B (en) | Charging method, device and system for data service | |
| CN102624935A (en) | Method, device and system for forwarding packet | |
| US9338657B2 (en) | System and method for correlating security events with subscriber information in a mobile network environment | |
| CN108353022A (en) | A kind of processing method of data message, apparatus and system | |
| CN103812900A (en) | Data synchronization method, device and system | |
| CN103209170A (en) | File type identification method and identification system | |
| CN107005430A (en) | A kind of communication means based on data link layer, equipment and system | |
| CN107368334B (en) | Business plug-in interaction system and method | |
| CN106454814A (en) | GTP tunnel communication system and method | |
| EP3096492B1 (en) | Page push method and system | |
| CN103001966B (en) | The process of a kind of private network IP, recognition methods and device | |
| SE520287C2 (en) | Method of communication using WAP protocol | |
| CN102739821A (en) | Method and system for allocating IP addresses | |
| CN103796191A (en) | Method, device and terminal for sending data to user terminal | |
| WO2016078090A1 (en) | Charging control device, method and system | |
| CN103607350A (en) | Method and device for generating route | |
| CN105049437A (en) | Method for filtering data of network application layer | |
| CN113067741B (en) | Information processing method, device, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140205 |