CN104092691A - Implementation method for implementing root-authority-free networking firewall and client-side - Google Patents
Implementation method for implementing root-authority-free networking firewall and client-side Download PDFInfo
- Publication number
- CN104092691A CN104092691A CN201410334918.XA CN201410334918A CN104092691A CN 104092691 A CN104092691 A CN 104092691A CN 201410334918 A CN201410334918 A CN 201410334918A CN 104092691 A CN104092691 A CN 104092691A
- Authority
- CN
- China
- Prior art keywords
- network connecting
- application
- connecting request
- apply names
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an implementation method for implementing a root-authority-free networking firewall and a client-side. The method includes the steps of obtaining a network connection request; redirecting the network connection request to a local service process, wherein the local service process is provided by a local VPN service; obtaining the application name of the application triggering the network connection request by inquiring about a system file in the local service process; inquiring about a pre-configuration file to obtain the configuration strategy which is recorded in the pre-configuration file and corresponds to the application name; processing the network connection request according to the configuration strategy. Due to the fact that the application in the VPN frame is allowed in the operating system to have the higher control right for network connection, by means of the VPN frame, control over network connection of other applications can be achieved through the application without obtaining the root authority.
Description
Technical field
The present invention relates to Internet technical field, be specifically related to a kind of implementation method and client of networking fire compartment wall of the root of exempting from authority.
Background technology
Along with the development of the universal and development of Mobile Internet technology of smart mobile phone, surfing Internet with cell phone becomes " mobile phone netizen " indispensable demand, and the application on smart mobile phone is also more and more.For PC, mobile phone privacy is very strong, and mobile phone potential safety hazard is larger to user's threat, some mobile phone rogue softwares, mobile phone hacker, steals the loss that the safety problems such as mobile phone flow cause cost without reason of user expenditure and other form.
In order to strengthen the fail safe of surfing Internet with cell phone, prior art provides networking firewall technology, user utilizes networking fire compartment wall to realize application program online rule is set, shielding and the online of permission application program, black and white lists is set, statistics surfing flow, obtains the function such as surfing flow daily record and display network state.But due to the Warrant Bounds of mobile phone operating system, existing networking fire compartment wall will be realized above-mentioned functions must obtain root authority, then according to the root authority obtaining, other application program is managed and controlled.But will obtain root authority need to realize by brush machine, for realizing above-mentioned functions, because refreshing of system file needs certain delay, so the networking fire compartment wall of prior art generally all has the problem that feedback result postpones.
Summary of the invention
In view of the above problems, having proposed the present invention overcomes the problems referred to above or the client addressing the above problem at least in part and exempts from accordingly the implementation method of the networking fire compartment wall of root authority to provide a kind of.
According to an aspect of the present invention, provide a kind of implementation method of networking fire compartment wall of the root of exempting from authority, having comprised:
Obtain network connecting request, described network connecting request is redirected to local service process, described local service process is provided by local VPN service;
In described local service process, obtain the apply names of the application of initiating described network connecting request by inquiry system file;
Inquire about pre-configured file, obtain the collocation strategy corresponding with described apply names recording in described pre-configured file;
According to described collocation strategy, described network connecting request is processed.
According to a further aspect in the invention, provide a kind of client, having comprised:
Redirection module, is suitable for obtaining network connecting request, and described network connecting request is redirected to local service process, and described local service process is provided by local VPN service;
Apply names acquisition module, is suitable in described local service process, obtains the apply names of the application of initiating described network connecting request by inquiry system file;
Enquiry module, is suitable for inquiring about pre-configured file, obtains the collocation strategy corresponding with described apply names recording in described pre-configured file;
Processing module, is suitable for according to described collocation strategy, described network connecting request being processed.
According to scheme provided by the invention, by serving the local service process providing for the network of application is connected and processed at the inner local VPN of establishment of client, that is: the apply names of initiating the application of network connecting request by the acquisition of inquiry system file, and then obtain corresponding collocation strategy by query configuration file, according to collocation strategy, network connecting request is processed.Owing to allowing the application in VPN framework to connect and there is higher control network in operating system framework, therefore utilize VPN framework that the present invention is applied without obtaining root authority and can realize the control that the network of other application is connected, solved the problem of the feedback result delay existing in prior art.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of specification, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Brief description of the drawings
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skill in the art.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart of the implementation method of the networking fire compartment wall of exempting from according to an embodiment of the invention root authority;
Fig. 2 shows the flow chart of the implementation method of the networking fire compartment wall of exempting from according to an embodiment of the invention root authority;
Fig. 3 shows the functional block diagram of client according to an embodiment of the invention;
Fig. 4 shows the functional block diagram of client in accordance with another embodiment of the present invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in accompanying drawing, but should be appreciated that and can realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order more thoroughly to understand the disclosure that these embodiment are provided, and can be by the those skilled in the art that conveys to complete the scope of the present disclosure.
The embodiment of the present invention is based on the inner local VPN service (VPN client) creating of client and realizes.Herein, client can be the mobile terminal device that smart mobile phone, plate type computer etc. have mobile networking service.The operating system of client, for the ease of using VPN service, has been opened multiple system interfaces (API), and in the situation that obtaining user's confirmation, VPN service can obtain the authority of other application of control and management.Particularly, the API providing by call operation system, the VPN service of client inside can be opened, in the time that accesses network is wanted in other application of client, the processing that the network connecting request initiated of application is all served through local VPN, makes the client can be effectively and accesses network resource safely.
Taking a kind of application scenarios as example, client is in the time installing or start first the independently application (hereinafter referred to as the present invention's application) for realizing the present invention program, the present invention applies and need to create local VPN service, the information of trusting or distrusting this application is sent in now the present invention application to user, if user selects to trust, the present invention applies the local VPN service that creates.After creating local VPN service, owing to allowing the application in VPN framework to there is higher control to other application in operating system framework, so the control hierarchy that the present invention's application connects for network is applied higher than other.The network of in user will use some application and wish using the process of these application, these application being initiated connects while processing, start the present invention's application of the local VPN service of above-mentioned establishment, that clicks the present invention's application arranges switch for starting VPN client.Starting after VPN client, carry out the method that the present embodiment provides.
Fig. 1 shows the flow chart of the implementation method of the networking fire compartment wall of exempting from according to an embodiment of the invention root authority.As shown in Figure 1, the method comprises the steps:
Step S100, obtains network connecting request, and network connecting request is redirected to local service process, and local service process is provided by local VPN service.
Description based on is above known, and after the present invention applies the local VPN service of establishment, the control hierarchy that the present invention's application connects for network is applied higher than other.In the time that network connecting request is sent in other application, the present invention applies and can tackle network connecting request, and the local service process that network connecting request is redirected in the present invention's application is carried out subsequent treatment.Be applied as example with microblogging, in the time that user starts the network connecting request of microblogging application initiation access microblogging content, because the control hierarchy that the present invention's application connects network is applied higher than microblogging, the present invention applies this network connecting request of interception, and the local service process that network connecting request is redirected in the present invention's application is carried out subsequent treatment.
Step S101, in local service process, obtains the apply names of the application of initiating network connecting request by inquiry system file.
System file records the situation that in current system, all tcp connect and/or udp connects.Taking Android system as example, the network connection information that in current system, all tcp connect and/or udp connects is all kept in proc file.Proc file is a snapshot of kernel, and state information when it has stored system operation, can be used as again input interface simultaneously---user can revise under proc catalogue the parameter setting when content in some files changes kernel operation.Utilize the function of proc file storaging state information herein, realize some basic functions of netstat order by reading proc file, comprise the scanning of tcp and udp port, and then obtain the apply names of the application of initiating network connecting request.
Step S102, inquires about pre-configured file, the collocation strategy corresponding with apply names that obtains recording in pre-configured file.
The invention provides the pre-configured file for storing various collocation strategies, this pre-configured file provides configuration interface to user, and which application user can select use which collocation strategy by this configuration interface.According to user's selection, every kind of collocation strategy is to there being apply names list, and in this apply names list, each application adopts corresponding collocation strategy to process.
For instance, in pre-configured file, store firewall policy, a kind of firewall policy is specially: under wireless mobile network (as 3G or 4G) networking situation, forbid application access network, user can select microblogging application to use this firewall policy, microblogging apply names is write to the apply names list that firewall policy is corresponding in pre-configured file.Alternatively, another kind of firewall policy is specially: under wireless mobile network networking situation, forbid background program accesses network, user can this strategy of choice for use application, the apply names of in pre-configured file, user being selected writes the apply names list that this firewall policy is corresponding; User also can select not use the application (being that exclusiveness is selected) of this strategy, and the apply names beyond the application of in pre-configured file, user being selected writes the apply names list that this firewall policy is corresponding.In general, for micro-letter, these MSNs of microblogging, user need to obtain notification message in real time, thus in pre-configured file, also can get rid of the apply names of these application, to avoid these application can not obtain in time notification message when the backstage.
Step S103, processes network connecting request according to collocation strategy.
After obtaining initiating the apply names of network connecting request and the collocation strategy of correspondence thereof, according to this collocation strategy, network connecting request is processed.For microblogging application, if current networking situation is wireless mobile network networking, block the network connecting request that microblogging application is initiated.For certain background program, if it belongs to apply names list corresponding to firewall policy of forbidding background program accesses network, and current networking situation is wireless mobile network networking, blocks the network connecting request that this background program is initiated.
The method providing according to the present embodiment, by serving the local service process providing for the network of application is connected and processed at the inner local VPN of establishment of client, that is: the apply names of initiating the application of network connecting request by the acquisition of inquiry system file, and then obtain corresponding collocation strategy by query configuration file, according to collocation strategy, network connecting request is processed.On the one hand, owing to allowing the application in VPN framework to connect and there is higher control network in operating system framework, therefore utilize VPN framework that the present invention is applied without obtaining root authority and can realize the control that the network of other application is connected, solved the problem of the feedback result delay existing in prior art; On the other hand, should be used for realizing the said method of the present embodiment by the present invention of functional independence, without collocation strategy is set respectively in each application, unifiedly collocation strategy is set forms pre-configured file by applying in the present invention in the configuration interface providing, can adopt unified collocation strategy to process to all application in application list of file names, be user-friendly to.
In addition, in embodiments of the present invention, above-mentioned for storing the pre-configured file of various collocation strategies except client terminal local configuration, high in the clouds also can provide some default configuration strategies.For example, high in the clouds provides the function that allows user's one key arrange, support the following strategy of high in the clouds configuration: forbid that an application (the such as application such as browser, video jukebox software) using on foreground is networked on backstage at ordinary times, and/or, forbid such as, networking without application application such as () calculators of networking.The strategy of configuration can arrive client by Timing Synchronization beyond the clouds, is stored in pre-configured file and uses for coupling.
Fig. 2 shows the flow chart of the implementation method of the networking fire compartment wall of exempting from according to an embodiment of the invention root authority.As shown in Figure 2, the method comprises the steps:
Step S200, obtains network connecting request.
Certain application of installing for client inside, if this application needs accesses network, needs first to initiate network connecting request, for example tcp connection request or udp connection request.The present embodiment, before such network connecting request is sent in this application, obtains this network connecting request, carries out follow-up flow process.
Step S201 parses routing iinformation from network connecting request, the routing iinformation that parses of judgement whether with the routing table issuing in advance in the information that records match, if so, perform step S202; If not, this method flow process finishes.
The embodiment of the present invention has issued routing table in advance, has recorded and need to carry out the routing iinformation that network connects optimization process in this routing table, if the information recording in the routing iinformation in network connecting request and this routing table matches, carries out follow-up method flow.If the information recording in the routing iinformation in network connecting request and this routing table does not match, show that this network connecting request connects optimization process without carrying out network, follow-up can processing according to the flow process continuation of prior art.
Step S202, is redirected to local service process by network connecting request.
Description based on is above known, and after the present invention applies the local VPN service of establishment, the control hierarchy that the present invention's application connects for network is applied higher than other.In the time that network connecting request is sent in other application, the present invention applies and can tackle network connecting request, and the local service process that network connecting request is redirected in the present invention's application is carried out subsequent treatment.
Step S203, calls the system interface for obtaining address and port, obtains address corresponding to network connecting request and port.
After local service process receives network connecting request, can obtain local address and the port of the application of initiating network connecting request by calling system interface, i.e. ip:port.Getpeername interface is provided in Android system, when local service process receives after network connecting request, obtain socket corresponding to this network connecting request, this socket is passed to getpeername interface, just can obtain local address and the port of the application of initiating network connecting request.
Step S204, according to address corresponding to network connecting request and interface querying system file, obtains the application identities of the application of initiating network connecting request.
System file records the situation that in current system, all tcp connect and/or udp connects.Taking Android system as example, the network connection information that in current system, all tcp connect and/or udp connects is all kept in proc file.Particularly, in be kept at/proc/net/tcp of the network connection information file that relevant tcp connects, the be kept at/proc/net/udp of network connection information that relevant udp connects, also has in be kept at/proc/net/tcp6 of some network connection informations.Therefore the system file that, the embodiment of the present invention will be inquired about comprises one or more in following file :/proc/net/tcp; / proc/net/udp; / proc/net/tcp6.Wherein, before inquiry system file/proc/net/tcp6, also comprise: be IPV6 agreement by address and port by IPV4 protocol conversion.
Particularly, in the time of inquiry, first inquiry/proc/net/tcp file; If do not inquired, then inquiry/proc/net/udp file; If also do not inquired, finally inquiry/proc/net/tcp6 file.
Provide the concrete example of the information by carrying out netstat-tn order inquiry/proc/net/tcp file output below:
sl?local_address?rem_address?st?tx_queue?rx_queue?tr?tm->when?retrnsmt?uid?timeout?inode
1:3A00AA0A:00C7?00000000:0000?0A?00000000:00000000?00:00000000?00000000?0?0?25926?1?f73bc080?3000?0?0?2?-1
In above-mentioned example, sl represents to open the numbering of socket; Local_address presentation format is the local ip address of hexadecimal (network bytes order): port numbers; Rem_address represents remote address; St represents connection status; Uid represents to initiate the application identities of network connecting request.Out of Memory and this programme do not have direct relation, repeat no more.
Can find out by above example, in the case of knowing the local address and port that network connecting request is corresponding, can obtain corresponding uid by inquiry system file.
/ proc/net/udp file and/proc/net/tcp6 file also with above-mentioned example class seemingly, just difference to some extent in remote address and state information, does not repeat them here.
Step S205, calls the system interface for obtaining apply names according to application identities, obtains the apply names of the application of initiating network connecting request.
After obtaining application identities, further obtain apply names by calling system interface.Particularly, the getApplicationName interface that utilizes Android system to provide, the apply names that obtains initiating network connecting request.
Step S206, inquires about pre-configured file, the collocation strategy corresponding with apply names that obtains recording in pre-configured file.
The invention provides the pre-configured file for storing various collocation strategies, this pre-configured file provides configuration interface to user, and which application user can select use which collocation strategy by this configuration interface.As the concrete example of one, in pre-configured file, can comprise following collocation strategy:
(1), under wireless mobile network networking situation, block the network connecting request of the application initiation that some apply names are corresponding;
(2), under wireless mobile network networking situation, forbid some background program accesses network;
(3), under WLAN (wireless local area network) networking situation, the network connecting request that pays the page for accessing that corresponding application is initiated to some apply names is encrypted, i.e. encryption policy.
According to user's selection, every kind of collocation strategy is to there being apply names list, and in this apply names list, each application adopts corresponding collocation strategy to process.Taking above-mentioned firewall policy (1) as example, if user selects the application such as excellent cruel, Sohu's video to use this firewall policy, in the apply names list that this firewall policy is corresponding in pre-configured file so, add the apply names of above-mentioned application, form the application blacklist of this firewall policy; Taking above-mentioned firewall policy (2) as example, if user selects the application such as microblogging, micro-letter not use this firewall policy, in pre-configured file, the apply names of the application except microblogging, micro-letter is added in the apply names list that this firewall policy is corresponding so, form the application blacklist of this firewall policy; Taking encryption policy (3) as example, if user selects Taobao, Alipay, Jingdone district, Dangdang.com etc. to pay class application and uses encryption policy, in the apply names list that encryption policy is corresponding in pre-configured file so, add the apply names of above-mentioned payment class application, form the application blacklist of encryption policy.
In actual application, other collocation strategy can be according to circumstances set, the present invention does not limit this.
In addition, in the present embodiment, above-mentioned for storing the pre-configured file of various collocation strategies except client terminal local configuration, high in the clouds also can provide some default configuration strategies.For example, high in the clouds provides the function that allows user's one key arrange, support the following strategy of high in the clouds configuration: forbid that an application (the such as application such as browser, video jukebox software) using on foreground is networked on backstage at ordinary times, and/or, forbid such as, networking without application application such as () calculators of networking.The strategy of configuration can arrive client by Timing Synchronization beyond the clouds, is stored in pre-configured file and uses for coupling.
Step S207, processes network connecting request according to collocation strategy.
After obtaining initiating the apply names of network connecting request and the collocation strategy of correspondence thereof, according to this collocation strategy, network connecting request is processed.In above-mentioned example, if the application of initiating network connecting request belongs to the application blacklist of firewall policy (1), further judge whether current networking belongs to wireless mobile (for example 3G or 4G) networking situation, in this way, block the network connecting request that this application is initiated; By such mode, can greatly reduce data traffic, reach the object of province's flow.If the application of initiating network connecting request belongs to the application blacklist of firewall policy (2), further judge whether current networking belongs to wireless mobile networking situation and whether this application is background program, in this way, block the network connecting request that this application is initiated; By such mode, also can reach the object of province's flow.If the application of initiating network connecting request belongs to the application blacklist of encryption policy, further judge whether current networking belongs to WLAN (wireless local area network) (for example wifi) networking situation, in this way, the network connecting request that pays the page for accessing of this application being initiated is encrypted, to improve the fail safe of access to netwoks.
The method providing according to the present embodiment, by serving the local service process providing for the network of application is connected and processed at the inner local VPN of establishment of client, that is: the apply names of initiating the application of network connecting request by the acquisition of inquiry system file, and then obtain corresponding collocation strategy by query configuration file, according to collocation strategy, network connecting request is processed.On the one hand, owing to allowing the application in VPN framework to connect and there is higher control network in operating system framework, therefore utilize VPN framework that the present invention is applied without obtaining root authority and can realize the control that the network of other application is connected, solved the problem of the feedback result delay existing in prior art; On the other hand, should be used for realizing the said method of the present embodiment by the present invention of functional independence, without collocation strategy is set respectively in each application, unifiedly collocation strategy is set forms pre-configured file by applying in the present invention in the configuration interface providing, can adopt unified collocation strategy to process to all application in application list of file names, be user-friendly to.Further, by configuring above-mentioned firewall policy, can make some be applied under the wireless mobile such as 3G or 4G networking situation and forbid networking, avoid these application to expend mobile flow, reach the object of province's flow, reduce the expenditure of user to flow; And user can be by the flow output of the present invention's application unified management and other application of configuration, operation is practical and convenient; By configuring above-mentioned encryption policy, can pay the access that class is applied under the WLAN (wireless local area network) networking situations such as wifi paying the page to some is encrypted, avoid user's private information to reveal the property loss problem causing, improved the fail safe of access to netwoks.
Fig. 3 shows the functional block diagram of client according to an embodiment of the invention.As shown in Figure 3, this client comprises: redirection module 300, apply names acquisition module 310, enquiry module 320 and processing module 330.Each functional module is here specially the present invention and applies inner functional module.
Redirection module 300 is suitable for obtaining network connecting request, and network connecting request is redirected to local service process, and local service process is provided by local VPN service.After the present invention applies the local VPN service of establishment, the control hierarchy that the present invention's application connects for network is applied higher than other.In the time that network connecting request is sent in other application, the redirection module 300 in the present invention's application can be tackled network connecting request, network connecting request is redirected to local service process and carries out subsequent treatment.
Apply names acquisition module 310 is suitable in local service process, obtains the apply names of the application of initiating network connecting request by inquiry system file.System file records the situation that in current system, all tcp connect and/or udp connects.Taking Android system as example, the network connection information that in current system, all tcp connect and/or udp connects is all kept in proc file.Proc file is a snapshot of kernel, and state information when it has stored system operation, can be used as again input interface simultaneously---user can revise under proc catalogue the parameter setting when content in some files changes kernel operation.Utilize the function of proc file storaging state information herein, realize some basic functions of netstat order by reading proc file, comprise the scanning of tcp and udp port, and then obtain the apply names of the application of initiating network connecting request.
Enquiry module 320 is suitable for inquiring about pre-configured file, the collocation strategy corresponding with apply names that obtains recording in pre-configured file.The invention provides the pre-configured file for storing various collocation strategies, this pre-configured file provides configuration interface to user, and which application user can select use which collocation strategy by this configuration interface.According to user's selection, every kind of collocation strategy is to there being apply names list, and in this apply names list, each application adopts corresponding collocation strategy to process.
Processing module 330 is suitable for according to collocation strategy, network connecting request being processed.After obtaining initiating the apply names of network connecting request and the collocation strategy of correspondence thereof, network connecting request is processed according to this collocation strategy by processing module 330.
Fig. 4 shows the functional block diagram of client in accordance with another embodiment of the present invention.As shown in Figure 4, this client comprises: pre-configured file storage module 400, judge module 410, redirection module 420, apply names acquisition module 430, enquiry module 440 and processing module 450.
Pre-configured file storage module 400 is for storing pre-configured file, and this pre-configured file provides configuration interface to user, and which application user can select use which collocation strategy by this configuration interface.As the concrete example of one, in pre-configured file, can comprise following collocation strategy: under wireless mobile network networking situation, block the network connecting request of the application initiation that some apply names are corresponding; And/or, under wireless mobile network networking situation, forbid that application that some apply names are corresponding is as background program accesses network; And/or under WLAN (wireless local area network) networking situation, the network connecting request that pays the page for accessing that corresponding application is initiated to some apply names is encrypted.
According to user's selection, every kind of collocation strategy is to there being apply names list, and in this apply names list, each application adopts corresponding collocation strategy to process.The firewall policy (1) of describing taking above-mentioned embodiment of the method is as example, if user selects the application such as excellent cruel, Sohu's video to use this firewall policy, in the apply names list that this firewall policy is corresponding in pre-configured file so, add the apply names of above-mentioned application, form the application blacklist of this firewall policy; The firewall policy (2) of describing taking above-mentioned embodiment of the method is as example, if user selects the application such as microblogging, micro-letter not use this firewall policy, in pre-configured file, the apply names of the application except microblogging, micro-letter is added in the apply names list that this firewall policy is corresponding so, form the application blacklist of this firewall policy; The encryption policy (3) of describing taking above-mentioned embodiment of the method is as example, if user selects Taobao, Alipay, Jingdone district, Dangdang.com etc. to pay class application and uses encryption policy, in the apply names list that encryption policy is corresponding in pre-configured file so, add the apply names of above-mentioned payment class application, form the application blacklist of encryption policy.
In actual application, other collocation strategy can be according to circumstances set, the present invention does not limit this.
Judge module 410 is suitable for parsing routing iinformation from network connecting request, the routing iinformation that parses of judgement whether with the routing table issuing in advance in the information that records match.
Redirection module 420 is further adapted for: if the judged result of judge module 410 is for coupling, network connecting request is redirected to local service process.
Further, apply names acquisition module 430 comprises: the first calling module 431, system file enquiry module 432 and the second calling module 433.
The first calling module 431 is suitable for calling the system interface for obtaining address and port, obtains address corresponding to network connecting request and port.Particularly, the first calling module 431 can call getpeername interface, for obtaining local address and the port of the application of initiating network connecting request.
System file enquiry module 432 is suitable for the address corresponding according to network connecting request and interface querying system file, obtains the application identities of the application of initiating network connecting request.System file records the situation that in current system, all tcp connect and/or udp connects.Taking Android system as example, the network connection information that in current system, all tcp connect and/or udp connects is all kept in proc file.Particularly, in be kept at/proc/net/tcp of the network connection information file that relevant tcp connects, the be kept at/proc/net/udp of network connection information that relevant udp connects, also has in be kept at/proc/net/tcp6 of some network connection informations.Therefore the system file that, system file enquiry module 432 will be inquired about comprises one or more in following file :/proc/net/tcp; / proc/net/udp; / proc/net/tcp6.System file enquiry module 432 is also suitable for: before inquiry system file/proc/net/tcp6, be IPV6 agreement by address and port by IPV4 protocol conversion.Can be referring to the specific descriptions of embodiment of the method about inquiry system file.
The second calling module 433 is suitable for calling the system interface for obtaining apply names according to application identities, obtains the apply names of the application of initiating network connecting request.Particularly, the second calling module 433 can call the getApplicationName interface that Android system provides, the apply names that obtains initiating network connecting request.
Enquiry module 440 is suitable for inquiring about pre-configured file, the collocation strategy corresponding with apply names that obtains recording in pre-configured file.Particularly, enquiry module 440 is inquired about the apply names list of every kind of collocation strategy, if comprise the apply names of initiating network connecting request in the apply names list of certain collocation strategy, determines that this collocation strategy is the collocation strategy corresponding with apply names.
Processing module 450 is suitable for according to collocation strategy, network connecting request being processed.For example, if the application of initiating network connecting request belongs to the application blacklist of firewall policy (1), processing module 450 further judges whether current networking belongs to wireless mobile (for example 3G or 4G) networking situation, in this way, the network connecting request that processing module 450 these application of blocking-up are initiated.If the application of initiating network connecting request belongs to the application blacklist of firewall policy (2), processing module 450 further judges whether current networking belongs to wireless mobile networking situation and whether this application is background program, in this way, the network connecting request that processing module 450 these application of blocking-up are initiated.If the application of initiating network connecting request belongs to the application blacklist of encryption policy, processing module 450 further judges whether current networking belongs to WLAN (wireless local area network) (for example wifi) networking situation, in this way, the network connecting request that pays the page for accessing that processing module 450 is initiated this application is encrypted, to improve the fail safe of access to netwoks.
The client providing according to the above embodiment of the present invention, serve the local service process providing for the network of application is connected and processed by creating local VPN therein, that is: the apply names of initiating the application of network connecting request by the acquisition of inquiry system file, and then obtain corresponding collocation strategy by query configuration file, according to collocation strategy, network connecting request is processed.On the one hand, owing to allowing the application in VPN framework to connect and there is higher control network in operating system framework, therefore utilize VPN framework that the present invention is applied without obtaining root authority and can realize the control that the network of other application is connected, solved the problem of the feedback result delay existing in prior art; On the other hand, should be used for realizing the such scheme of the present embodiment by the present invention of functional independence, without collocation strategy is set respectively in each application, unifiedly collocation strategy is set forms pre-configured file by applying in the present invention in the configuration interface providing, can adopt unified collocation strategy to process to all application in application list of file names, be user-friendly to.Further, by configuring above-mentioned firewall policy, can make some be applied under the wireless mobile such as 3G or 4G networking situation and forbid networking, avoid these application to expend mobile flow, reach the object of province's flow, reduce the expenditure of user to flow; And user can be by the flow output of the present invention's application unified management and other application of configuration, operation is practical and convenient; By configuring above-mentioned encryption policy, can pay the access that class is applied under the WLAN (wireless local area network) networking situations such as wifi paying the page to some is encrypted, avoid user's private information to reveal the property loss problem causing, improved the fail safe of access to netwoks.
The algorithm providing at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can with based on using together with this teaching.According to description above, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.It should be understood that and can utilize various programming languages to realize content of the present invention described here, and the description of above language-specific being done is in order to disclose preferred forms of the present invention.
In the specification that provided herein, a large amount of details are described.But, can understand, embodiments of the invention can be put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.But, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them in addition multiple submodules or subelement or sub-component.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this specification (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature instead of further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, or realizes with the software module of moving on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize the some or all functions according to the some or all parts in the client of the embodiment of the present invention.The present invention can also be embodied as part or all equipment or the device program (for example, computer program and computer program) for carrying out method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described instead of limit the invention, and those skilled in the art can design alternative embodiment in the case of not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has multiple such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim of having enumerated some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
The invention discloses: the implementation method of the networking fire compartment wall of A1, a kind of root of exempting from authority, comprising:
Obtain network connecting request, described network connecting request is redirected to local service process, described local service process is provided by local VPN service;
In described local service process, obtain the apply names of the application of initiating described network connecting request by inquiry system file;
Inquire about pre-configured file, obtain the collocation strategy corresponding with described apply names recording in described pre-configured file;
According to described collocation strategy, described network connecting request is processed.
A2, according to the method described in A1, further comprise before network connecting request is redirected to local service process described: from described network connecting request, parse routing iinformation, the routing iinformation that judgement parses whether with the routing table issuing in advance in the information that records match;
Describedly network connecting request is redirected to local service process is specially: if judged result is for coupling, described network connecting request is redirected to local service process.
A3, according to the method described in A1 or A2, describedly obtain the apply names of application of initiating described network connecting request by inquiry system file and further comprise:
Call the system interface for obtaining address, opposite end and port, obtain address corresponding to described network connecting request and port;
According to address corresponding to described network connecting request and interface querying system file, obtain the application identities of the application of described initiation network connecting request;
Call the system interface for obtaining apply names according to described application identities, obtain the apply names of the application of described initiation network connecting request.
A4, according to the method described in A3, described system file comprises one or more in following file :/proc/net/tcp; / proc/net/udp; / proc/net/tcp6.
A5, according to the method described in A4, also comprise before inquiry system file/proc/net/tcp6: be IPV6 agreement by described address and port by IPV4 protocol conversion.
A6, according to the method described in A1-A5 any one, described collocation strategy comprises:
Under wireless mobile network networking situation, block the network connecting request of the application initiation that some apply names are corresponding;
And/or, under wireless mobile network networking situation, forbid that application that some apply names are corresponding is as background program accesses network;
And/or under WLAN (wireless local area network) networking situation, the network connecting request that pays the page for accessing that corresponding application is initiated to some apply names is encrypted.
The invention also discloses: B7, a kind of client, comprising:
Redirection module, is suitable for obtaining network connecting request, and described network connecting request is redirected to local service process, and described local service process is provided by local VPN service;
Apply names acquisition module, is suitable in described local service process, obtains the apply names of the application of initiating described network connecting request by inquiry system file;
Enquiry module, is suitable for inquiring about pre-configured file, obtains the collocation strategy corresponding with described apply names recording in described pre-configured file;
Processing module, is suitable for according to described collocation strategy, described network connecting request being processed.
B8, according to the client described in B7, also comprise: judge module, be suitable for parsing routing iinformation from described network connecting request, the routing iinformation that parses of judgement whether with the routing table issuing in advance in the information that records match;
Described redirection module is further adapted for: if the judged result of described judge module is for coupling, described network connecting request is redirected to local service process.
B9, according to the client described in B7 or B8, described apply names acquisition module comprises:
The first calling module, is suitable for calling the system interface for obtaining address and port, obtains address corresponding to described network connecting request and port;
System file enquiry module, is suitable for the address corresponding according to described network connecting request and interface querying system file, obtains the application identities of the application of described initiation network connecting request;
The second calling module, is suitable for calling the system interface for obtaining apply names according to described application identities, obtains the apply names of the application of described initiation network connecting request.
B10, according to the client described in B9, described system file enquiry module is further adapted for one or more in following system file of inquiry :/proc/net/tcp; / proc/net/udp; / proc/net/tcp6.
B11, according to the client described in B10, described system file enquiry module is also suitable for: before inquiry system file/proc/net/tcp6, be IPV6 agreement by described address and port by IPV4 protocol conversion.
B12, according to the client described in B7-B11 any one, pre-configured file storage module, for storing described pre-configured file, the collocation strategy recording in described pre-configured file comprises:
Under wireless mobile network networking situation, block the network connecting request of the application initiation that some apply names are corresponding;
And/or, under wireless mobile network networking situation, forbid that application that some apply names are corresponding is as background program accesses network;
And/or under WLAN (wireless local area network) networking situation, the network connecting request that pays the page for accessing that corresponding application is initiated to some apply names is encrypted.
Claims (10)
1. an implementation method of exempting from the networking fire compartment wall of root authority, comprising:
Obtain network connecting request, described network connecting request is redirected to local service process, described local service process is provided by local VPN service;
In described local service process, obtain the apply names of the application of initiating described network connecting request by inquiry system file;
Inquire about pre-configured file, obtain the collocation strategy corresponding with described apply names recording in described pre-configured file;
According to described collocation strategy, described network connecting request is processed.
2. method according to claim 1, further comprise before network connecting request is redirected to local service process described: from described network connecting request, parse routing iinformation, the routing iinformation that judgement parses whether with the routing table issuing in advance in the information that records match;
Describedly network connecting request is redirected to local service process is specially: if judged result is for coupling, described network connecting request is redirected to local service process.
3. method according to claim 1 and 2, the apply names of the described application by the described network connecting request of inquiry system file acquisition initiation further comprises:
Call the system interface for obtaining address, opposite end and port, obtain address corresponding to described network connecting request and port;
According to address corresponding to described network connecting request and interface querying system file, obtain the application identities of the application of described initiation network connecting request;
Call the system interface for obtaining apply names according to described application identities, obtain the apply names of the application of described initiation network connecting request.
4. method according to claim 3, described system file comprises one or more in following file :/proc/net/tcp; / proc/net/udp; / proc/net/tcp6.
5. method according to claim 4 also comprised: be IPV6 agreement by described address and port by IPV4 protocol conversion before inquiry system file/proc/net/tcp6.
6. according to the method described in claim 1-5 any one, described collocation strategy comprises:
Under wireless mobile network networking situation, block the network connecting request of the application initiation that some apply names are corresponding;
And/or, under wireless mobile network networking situation, forbid that application that some apply names are corresponding is as background program accesses network;
And/or under WLAN (wireless local area network) networking situation, the network connecting request that pays the page for accessing that corresponding application is initiated to some apply names is encrypted.
7. a client, comprising:
Redirection module, is suitable for obtaining network connecting request, and described network connecting request is redirected to local service process, and described local service process is provided by local VPN service;
Apply names acquisition module, is suitable in described local service process, obtains the apply names of the application of initiating described network connecting request by inquiry system file;
Enquiry module, is suitable for inquiring about pre-configured file, obtains the collocation strategy corresponding with described apply names recording in described pre-configured file;
Processing module, is suitable for according to described collocation strategy, described network connecting request being processed.
8. client according to claim 7, also comprises: judge module, be suitable for parsing routing iinformation from described network connecting request, the routing iinformation that parses of judgement whether with the routing table issuing in advance in the information that records match;
Described redirection module is further adapted for: if the judged result of described judge module is for coupling, described network connecting request is redirected to local service process.
9. according to the client described in claim 7 or 8, described apply names acquisition module comprises:
The first calling module, is suitable for calling the system interface for obtaining address and port, obtains address corresponding to described network connecting request and port;
System file enquiry module, is suitable for the address corresponding according to described network connecting request and interface querying system file, obtains the application identities of the application of described initiation network connecting request;
The second calling module, is suitable for calling the system interface for obtaining apply names according to described application identities, obtains the apply names of the application of described initiation network connecting request.
10. client according to claim 9, described system file enquiry module is further adapted for one or more in following system file of inquiry :/proc/net/tcp; / proc/net/udp; / proc/net/tcp6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410334918.XA CN104092691A (en) | 2014-07-15 | 2014-07-15 | Implementation method for implementing root-authority-free networking firewall and client-side |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410334918.XA CN104092691A (en) | 2014-07-15 | 2014-07-15 | Implementation method for implementing root-authority-free networking firewall and client-side |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104092691A true CN104092691A (en) | 2014-10-08 |
Family
ID=51640372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410334918.XA Pending CN104092691A (en) | 2014-07-15 | 2014-07-15 | Implementation method for implementing root-authority-free networking firewall and client-side |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104092691A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363247A (en) * | 2014-11-28 | 2015-02-18 | 北京奇虎科技有限公司 | Flow saving method and device adopting saving-free application |
| CN104468269A (en) * | 2014-12-01 | 2015-03-25 | 郭丹 | Directional traffic monitoring method based on Android terminal device |
| CN105530255A (en) * | 2015-12-16 | 2016-04-27 | 网宿科技股份有限公司 | Method and device for verifying request data |
| CN105592105A (en) * | 2016-02-26 | 2016-05-18 | 北京奇虎科技有限公司 | Safety-guaranteed asynchronous network access method and safety-guaranteed asynchronous network access device |
| CN105635178A (en) * | 2016-02-26 | 2016-06-01 | 北京奇虎科技有限公司 | Blocking network access method and device for ensuring safety |
| CN106101077A (en) * | 2016-05-31 | 2016-11-09 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method and device limiting application online |
| CN107332872A (en) * | 2017-05-23 | 2017-11-07 | 成都联宇云安科技有限公司 | A kind of method that Android device network agile management and control is realized based on VPN connections |
| CN107979506A (en) * | 2017-10-30 | 2018-05-01 | 阿里巴巴集团控股有限公司 | Flow obtains and high in the clouds display systems, method, apparatus and equipment |
| WO2019062114A1 (en) * | 2017-09-26 | 2019-04-04 | 北京金山安全软件有限公司 | Message processing method, electronic device and readable storage medium |
| CN111031038A (en) * | 2019-12-12 | 2020-04-17 | 惠州Tcl移动通信有限公司 | Network processing method and device, storage medium and terminal equipment |
| US11803634B2 (en) | 2021-02-25 | 2023-10-31 | International Business Machines Corporation | Secure preconfigured profile for role-based access control setup |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
| CN102333306A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that are used for mobile device |
| CN102333075A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that dynamic fault shifts that have that are used for mobile device |
| CN102355667A (en) * | 2011-06-30 | 2012-02-15 | 北京邮电大学 | Method and system for controlling network connection of application programs in mobile intelligent terminal system |
| US20120254353A1 (en) * | 2011-03-31 | 2012-10-04 | Hitachi, Ltd. | Network system, machine allocation device and machine allocation method |
| US8363658B1 (en) * | 2008-11-13 | 2013-01-29 | Sprint Communications Company L.P. | Dynamic firewall and dynamic host configuration protocol configuration |
| CN102929613A (en) * | 2012-10-16 | 2013-02-13 | 无锡江南计算技术研究所 | Adjusting and optimizing device and method for operating system |
| CN103281288A (en) * | 2013-02-05 | 2013-09-04 | 武汉安天信息技术有限责任公司 | Mobile phone firewall system and mobile phone firewall method |
| CN103384250A (en) * | 2006-08-03 | 2013-11-06 | 思杰系统有限公司 | Systems and methods for application-based interception and authorization of ssl/vpn traffic |
| CN103840994A (en) * | 2012-11-23 | 2014-06-04 | 华耀(中国)科技有限公司 | System and method for user side to access intranet through VPN |
| CN105453097A (en) * | 2013-05-31 | 2016-03-30 | 微软技术许可有限责任公司 | Restricted driver platform runs drivers in sandbox in user mode |
-
2014
- 2014-07-15 CN CN201410334918.XA patent/CN104092691A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103384250A (en) * | 2006-08-03 | 2013-11-06 | 思杰系统有限公司 | Systems and methods for application-based interception and authorization of ssl/vpn traffic |
| US8363658B1 (en) * | 2008-11-13 | 2013-01-29 | Sprint Communications Company L.P. | Dynamic firewall and dynamic host configuration protocol configuration |
| CN101610264A (en) * | 2009-07-24 | 2009-12-23 | 深圳市永达电子股份有限公司 | The management method of a kind of firewall system, safety service platform and firewall system |
| CN102333306A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that are used for mobile device |
| CN102333075A (en) * | 2010-06-30 | 2012-01-25 | 丛林网络公司 | The many service VPN networking clients that dynamic fault shifts that have that are used for mobile device |
| US20120254353A1 (en) * | 2011-03-31 | 2012-10-04 | Hitachi, Ltd. | Network system, machine allocation device and machine allocation method |
| CN102355667A (en) * | 2011-06-30 | 2012-02-15 | 北京邮电大学 | Method and system for controlling network connection of application programs in mobile intelligent terminal system |
| CN102929613A (en) * | 2012-10-16 | 2013-02-13 | 无锡江南计算技术研究所 | Adjusting and optimizing device and method for operating system |
| CN103840994A (en) * | 2012-11-23 | 2014-06-04 | 华耀(中国)科技有限公司 | System and method for user side to access intranet through VPN |
| CN103281288A (en) * | 2013-02-05 | 2013-09-04 | 武汉安天信息技术有限责任公司 | Mobile phone firewall system and mobile phone firewall method |
| CN105453097A (en) * | 2013-05-31 | 2016-03-30 | 微软技术许可有限责任公司 | Restricted driver platform runs drivers in sandbox in user mode |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363247A (en) * | 2014-11-28 | 2015-02-18 | 北京奇虎科技有限公司 | Flow saving method and device adopting saving-free application |
| CN104468269A (en) * | 2014-12-01 | 2015-03-25 | 郭丹 | Directional traffic monitoring method based on Android terminal device |
| CN104468269B (en) * | 2014-12-01 | 2018-02-13 | 郭丹 | A kind of orientation flux monitoring method based on android terminal device |
| CN105530255B (en) * | 2015-12-16 | 2019-03-29 | 网宿科技股份有限公司 | The method and device of checking request data |
| CN105530255A (en) * | 2015-12-16 | 2016-04-27 | 网宿科技股份有限公司 | Method and device for verifying request data |
| CN105592105A (en) * | 2016-02-26 | 2016-05-18 | 北京奇虎科技有限公司 | Safety-guaranteed asynchronous network access method and safety-guaranteed asynchronous network access device |
| CN105635178A (en) * | 2016-02-26 | 2016-06-01 | 北京奇虎科技有限公司 | Blocking network access method and device for ensuring safety |
| CN105635178B (en) * | 2016-02-26 | 2018-06-22 | 北京奇虎科技有限公司 | Ensure the block type Network Access Method and device of safety |
| CN105592105B (en) * | 2016-02-26 | 2018-12-25 | 北京奇虎科技有限公司 | Guarantee the asynchronous system Network Access Method and device of safety |
| CN106101077A (en) * | 2016-05-31 | 2016-11-09 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method and device limiting application online |
| CN107332872A (en) * | 2017-05-23 | 2017-11-07 | 成都联宇云安科技有限公司 | A kind of method that Android device network agile management and control is realized based on VPN connections |
| WO2019062114A1 (en) * | 2017-09-26 | 2019-04-04 | 北京金山安全软件有限公司 | Message processing method, electronic device and readable storage medium |
| US11240202B2 (en) | 2017-09-26 | 2022-02-01 | Beijing Kingsoft Internet Security Software Co., Ltd. | Message processing method, electronic device, and readable storage medium |
| CN107979506A (en) * | 2017-10-30 | 2018-05-01 | 阿里巴巴集团控股有限公司 | Flow obtains and high in the clouds display systems, method, apparatus and equipment |
| CN107979506B (en) * | 2017-10-30 | 2020-12-08 | 创新先进技术有限公司 | Flow acquisition and cloud display system, method, device and equipment |
| CN111031038A (en) * | 2019-12-12 | 2020-04-17 | 惠州Tcl移动通信有限公司 | Network processing method and device, storage medium and terminal equipment |
| US11803634B2 (en) | 2021-02-25 | 2023-10-31 | International Business Machines Corporation | Secure preconfigured profile for role-based access control setup |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104092691A (en) | Implementation method for implementing root-authority-free networking firewall and client-side | |
| US10958618B2 (en) | ESIM-based card pool system and control method thereof | |
| US8997208B2 (en) | Gateway device for terminating a large volume of VPN connections | |
| US7295532B2 (en) | System, device and computer readable medium for providing networking services on a mobile device | |
| CN102932375B (en) | The means of defence of access to netwoks behavior and device | |
| US10116489B2 (en) | Apparatus and method for managing network access device | |
| JP6515207B2 (en) | Internet access authentication method and client, and computer storage medium | |
| CN105991796B (en) | A kind of method and system of the configuration service of the user terminal in on-premise network | |
| CN104092792A (en) | Method, system and client-side for achieving flow optimization based on domain name resolution request | |
| US9473298B2 (en) | Simplifying IKE process in a gateway to enable datapath scaling using a two tier cache configuration | |
| CA2817738C (en) | Context-based dynamic policy system for mobile devices and supporting network infrastructure | |
| CN103973704B (en) | Based on the domain name analytic method of WIFI equipment, apparatus and system | |
| CN104159231A (en) | Method for optimizing background flow of client, and client | |
| CN104540189A (en) | Method for providing wireless network access for mobile device through web device and web device | |
| WO2014135045A1 (en) | Method and system for implementing transparent agent of ios system | |
| US20170257449A1 (en) | Method for forwarding traffic in application on mobile intelligent terminal | |
| CN105095788A (en) | Method, device and system for private data protection | |
| CN103997521A (en) | File operating method and device based on router and router | |
| US20230198987A1 (en) | Systems and methods for controlling accessing and storing objects between on-prem data center and cloud | |
| US20210044478A1 (en) | System and method for initial setup of network devices | |
| CN103686688A (en) | Method and device for protecting user address list of mobile terminal and mobile terminal | |
| US10057300B2 (en) | Selective access control to mobile IP network | |
| JP2005529550A5 (en) | ||
| JP6484166B2 (en) | Name resolution device, name resolution method, and name resolution program | |
| CN103138961B (en) | server control method, controlled server and central control server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141008 |
|
| RJ01 | Rejection of invention patent application after publication |