CN104601541B - Method, server and the user equipment of data transmission - Google Patents
Method, server and the user equipment of data transmission Download PDFInfo
- Publication number
- CN104601541B CN104601541B CN201410736781.0A CN201410736781A CN104601541B CN 104601541 B CN104601541 B CN 104601541B CN 201410736781 A CN201410736781 A CN 201410736781A CN 104601541 B CN104601541 B CN 104601541B
- Authority
- CN
- China
- Prior art keywords
- connection
- server
- user equipment
- message
- tcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The embodiment of the invention discloses method, server and the user equipmenies of a kind of transmission of data, this method comprises: after the first connection between server and user equipment is established, server sends the first connection identifier to user equipment, and the first connection identifier is for identifying the first connection;Server receives the request message for establishing transmission control protocol TCP connection that user equipment is sent, the request message of TCP connection is established for requesting second established between user equipment and server to connect, second is connected as TCP connection, and the request message for establishing TCP connection carries the first connection identifier;Server receives establish the request message of TCP connection after, according to the first connection identifier, establish the second connection;Server is carried out data transmission by the second connection with user equipment.The embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of method, server and the user equipment of data transmission.
Background technique
The process of existing transmission control protocol (Transmission Control Protocol, TCP) connection, including with
The process of lower three-way handshake, 1 user equipment first send the request for establishing TCP connection to server;2 servers are receiving visitor
The handshake at family end distributes resource after synchronization signal (synchronous, SYN) request for this request, and will request
It is put into " half linked queue ".Last server confirms character (synchronous to client computer loopback synchronization signal
Acknowledgement, SYN ACK) message.If a request is more than to be expected in half linked queue residence time, this
Request and its corresponding resource of having distributed can be released.After 3 client computer receive SYN ACK message, confirm to server response
Character (Acknowledgement, ACK) message.Server will be correspondingly connected with request from " half links after receiving ACK message
It is deleted in queue ".So far this link transmit-receive data can be used between client-server.
The attack of TCP refers to the TCP connection request for sending and largely forging, so that (CPU is full by attacker's resource exhaustion
Load or low memory) attack pattern.The attack protection of TCP all must be taken into consideration in the existing application based on TCP connection.It is all in TCP
Foremost in more attack patterns is transmission control protocol synchronization signal mighty torrent (Transmission Control Protocol
Synchronous Flood, TCP SYN Flood) attack, what TCP SYN Flood attack utilized is that server requests SYN
The characteristics of being put into half linked queue sends a large amount of false SYN request packets to server in a short time, leads to TCP server
Half-connection queue is overworked or causes very big burden to server, and server cisco unity malfunction is eventually led to.In order to prevent
TCP attack, so usual server can also be taken and take current limiting measures together.This current limiting measures is can not to identify true and false TCP
Request only carries out upper limit control to the request flow for entering system, and guarantee system is not collapsed.
The attack protection function of existing server end is that this request can not be identified from a normal users equipment or
It is set up the user equipment of connection, therefore the request of this user equipment may be discarded when server faces attack,
Influence user experience.
Summary of the invention
The embodiment of the invention provides a kind of method, server and user equipmenies for data transmission, can prevent TCP
Attack promotes user experience.
In a first aspect, providing a kind of method of data transmission, comprising: first between server and user equipment connects
After connecing foundation, which sends the first connection identifier to the user equipment, and first connection identifier is for identifying first company
It connects;The server receives the request message for establishing transmission control protocol TCP connection of user equipment transmission, this establishes TCP company
For the request message connect for request second established between the user equipment and the server connection, this second is connected as TCP connection,
The request message for establishing TCP connection carries first connection identifier;The server receives the request for establishing TCP connection and disappears
After breath, according to first connection identifier, second connection is established;The server is carried out by second connection with the user equipment
Data transmission.
With reference to first aspect, in the first possible implementation, which receives this and establishes asking for TCP connection
After seeking message, according to first connection identifier, establish this second connection, comprising: the server determine first connection identifier with
A connection identifier in connection identifier database matches;The server receives after this establishes the request message of TCP connection,
Response message is sent to the user equipment;The server receives the confirmation message of user equipment transmission.
With reference to first aspect or the first possible implementation, in the second possible implementation, the server
The first connection identifier is sent to the user equipment, comprising: the server is sent by 200OK response message to the user equipment should
First connection identifier, wherein first connection identifier is located in the header field of the 200OK response message.
With reference to first aspect, any possible implementation in the first to second possible implementation,
In three kinds of possible implementations, received after this establishes the request message of TCP connection in the server, according to first connection
Mark, after establishing second connection, further includes: the server sends the second connection identifier to the user equipment, second connection
Mark is for establishing third connection between the user equipment and the server.
With reference to first aspect, first any possible implementation into the third possible implementation,
In four kinds of possible implementations, this first is connected as TCP connection, the server by second connection and the user equipment into
Row data transmission, comprising: the server restores or continue the business based on first connection in second connection.
With reference to first aspect, any possible implementation in first to fourth kind of possible implementation,
In five kinds of possible implementations, this first is connected as UDP connection, the server by second connection and the user equipment into
Row data transmission, comprising: the server receives the message data of user equipment transmission in second connection, wherein the report
The capacity of literary data is greater than the threshold value of preset message data.
Second aspect provides a kind of method of data transmission, comprising: first between user equipment and server connects
After connecing foundation, which receives the first connection identifier of server transmission, first connection identifier for identify this
One connection;The user equipment sends the request message for establishing TCP connection to the server, and second established between the server connects
It connects, wherein the request message for establishing TCP connection carries first connection identifier, which is used for
The second connection between the user equipment and the server is established in request, this second is connected as TCP connection;The user equipment is by being somebody's turn to do
Second connection carries out data transmission with the server.
In conjunction with second aspect, in the first possible implementation, which receives first that server is sent
Connection identifier, comprising: the user equipment receives the 200OK response message of server transmission, wherein the first connection identifier position
In in the header field of the 200OK response message.
In conjunction with the possible implementation of the first of second aspect or second aspect, in the second possible implementation
This first is connected as TCP connection, which is carried out data transmission by second connection with the server, comprising: the use
The business based on first connection is restored or continued to family equipment in second connection.
In conjunction with the possible implementation of the first of second aspect or second aspect, in the third possible implementation
In, this first is connected as UDP connection, which is carried out data transmission by second connection with the server, comprising: this
User equipment sends message data to the server in second connection, wherein the message data capacity is greater than preset report
The threshold value of literary data.
In conjunction with first any possible realization into the third possible implementation of second aspect, second aspect
Mode disappears in the user equipment to the request that TCP connection is established in server transmission in the fourth possible implementation
Breath, after establishing the second connection between the server, further includes: the user equipment receives the second connection mark of server transmission
Know, second connection identifier is for establishing third connection between the user equipment and the server.
The third aspect provides a kind of server, comprising: the first transmission unit, for server and user equipment it
Between first connection establish after, to the user equipment send the first connection identifier, first connection identifier for identify this first
Connection;Receiving unit, for receiving the request message for establishing transmission control protocol TCP connection of user equipment transmission, this is built
For request second established between the user equipment and the server connection, this second is connected as the request message of vertical TCP connection
TCP connection, the request message for establishing TCP connection carry first connection identifier;Response unit, for according to first connection
Mark and received this of the receiving unit establish the request message of TCP connection, establish second connection;Transmission unit, for leading to
Second connection for crossing response unit foundation carries out data transmission with the user equipment.
In conjunction with the third aspect, in the first possible implementation, the response unit determine first connection identifier with
A connection identifier in connection identifier database matches, and receives the request message for establishing TCP connection in receiving unit
Afterwards, response message is sent to the user equipment, and receives the confirmation message of user equipment transmission.
In conjunction with the possible implementation of the first of the third aspect or the third aspect, in second of possible implementation
In, which sends first connection identifier to the user equipment by 200OK response message, wherein the connection
Mark is located in the header field of the 200OK response message.
In conjunction with the third aspect, the third aspect the first to second possible implementation in any possible realization
Mode, in the third possible implementation, further includes: the second transmission unit, for the response unit according to this first
Connection identifier and received this of the receiving unit establish the request message of TCP connection, after establishing second connection, set to the user
Preparation send the second connection identifier, and second connection identifier is for establishing third connection between the user equipment and the server.
In conjunction with first any possible realization into the third possible implementation of the third aspect, the third aspect
Mode, in the fourth possible implementation, this first is connected as TCP connection, which establishes in the response unit
This second connection on restore or continue based on this first connection business.
In conjunction with the third aspect, the third aspect first to fourth kind of possible implementation in any possible realization
Mode, in a fifth possible implementation, this first is connected as UDP connection, which establishes in the response unit
This second connection on receive the user equipment transmission message data, wherein the capacity of the message data be greater than preset report
The threshold value of literary data.
Fourth aspect provides a kind of user equipment, comprising: the first receiving unit, in the user equipment and service
After the first connection between device is established, the first connection identifier of server transmission is received, first connection identifier is for identifying
First connection;Transmission unit is established between the server for sending the request message for establishing TCP connection to the server
Second connection, wherein the request message for establishing TCP connection carries first connection identifier, this establishes the request of TCP connection
For message for request second established between the user equipment and the server connection, this second is connected as TCP connection;Transmission is single
Member, for being carried out data transmission by second connection with the server.
In conjunction with fourth aspect, in the first possible implementation, which receives server transmission
200OK response message, wherein first connection identifier is located in the header field of the 200OK response message.
In conjunction with the possible implementation of the first of fourth aspect or fourth aspect, in second of possible implementation
In, this first is connected as TCP connection, which restores or continue the industry based on first connection in second connection
Business.
In conjunction with the possible implementation of the first of fourth aspect or fourth aspect, in the third possible implementation
In, this first is connected as UDP connection, and the second connection is upper sends message data to the server at this for the transmission unit, wherein this
Message data capacity is greater than the threshold value of preset message data.
In conjunction with first any possible realization into the third possible implementation of fourth aspect, fourth aspect
Mode, in the fourth possible implementation, further includes: the second receiving unit, in the transmission unit to the server
The request message for establishing TCP connection is sent, after establishing the second connection between the server, receives the second of server transmission
Connection identifier, second connection identifier is for establishing third connection between the user equipment and the server.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, and the server is according to first connection identifier and the request for establishing TCP connection
Message establishes TCP connection, and the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promotes the experience of legitimate user.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will make below to required in the embodiment of the present invention
Attached drawing is briefly described, it should be apparent that, drawings described below is only some embodiments of the present invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the method flow schematic diagram of data transmission according to an embodiment of the invention.
Fig. 2 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.
Fig. 3 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.
Fig. 4 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.
Fig. 5 is the method flow schematic diagram of data transmission according to another embodiment of the present invention.
Fig. 6 is the schematic block diagram of server according to an embodiment of the invention.
Fig. 7 is the schematic block diagram of server according to another embodiment of the present invention.
Fig. 8 is the schematic block diagram of user equipment according to an embodiment of the invention.
Fig. 9 is the schematic block diagram of user equipment according to another embodiment of the present invention.
Figure 10 is the schematic block diagram of server according to another embodiment of the present invention.
Figure 11 is the schematic block diagram of user equipment according to another embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiment is a part of the embodiments of the present invention, rather than whole embodiments.Based on this hair
Embodiment in bright, those of ordinary skill in the art's every other reality obtained without making creative work
Example is applied, all should belong to the scope of protection of the invention.
It should be understood that technical solution of the present invention can be applied to various communication systems, and such as: global system for mobile telecommunications
(Global System of Mobile communication, GSM) system, CDMA (Code Division
Multiple Access, CDMA) system, wideband code division multiple access (Wideband Code Division Multiple
Access, WCDMA) it system, General Packet Radio Service (General Packet Radio Service, GPRS), drills for a long time
Into (Long Term Evolution, LTE) system, advanced long term evolution (Advanced long term evolution,
LTE-A) system, Universal Mobile Communication System (Universal Mobile Telecommunication System, UMTS)
Deng.
It should also be understood that in embodiments of the present invention, user equipment (UE, User Equipment) includes but is not limited to move
Platform (MS, Mobile Station), mobile terminal (Mobile Terminal), mobile phone (Mobile Telephone), hand
Machine (handset) and portable equipment (portable equipment) etc., the user equipment can through wireless access network (RAN,
Radio Access Network) it is communicated with one or more core nets, for example, user equipment can be mobile phone
(or be " honeycomb " phone), computer with wireless communication function etc., user equipment can also be portable, pocket,
Hand-held, built-in computer or vehicle-mounted mobile device.
It should also be understood that the server in the embodiment of the present invention can be understood as network side equipment and network side server,
In, network side equipment may include intermediate node.It should also be understood that in embodiments of the present invention, intermediate node can be gateway
(Gateway, referred to as " GW ") equipment can also be any equipment with similar gateway function, for example, can be interchanger,
The equipment such as router and proxy server and SBC, it should be appreciated that in the communications field, mobile terminal is by intermediate node (gateway
Or base station) business request information for being used for requested service service is sent to network side server, correspondingly, server is also logical
It crosses corresponding intermediate node and sends service response message to terminal, it can be understood as, terminal is by corresponding gateway
(intermediate node) is communicated with server.
Fig. 1 is the one of the invention real method flow schematic diagram for data transmission for applying example, method as shown in Figure 1 by
Server executes, specifically, this method, including
110, after the first connection between server and user equipment is established, server sends first to user equipment and connects
Mark is connect, the first connection identifier is for identifying the first connection.
In other words, after the first connection between server and user equipment is established, the first company is can be generated in server
Mark is connect, connects by first to user equipment and sends the first connection identifier, wherein the first connection identifier can indicate the first company
It connects, or can be used to indicate that user equipment is to have built up the first connection, wherein the first connection can be TCP connection or use
User data packet protocol (User Datagram Protocol, UDP) connection.
Specifically, after user equipment establishes the first connection, in other words after user equipment logs in application, server can be
User equipment (the first connection) unique first connection identifier of distribution, wherein the first connection identifier can be server generation
An a long character string either random number etc., the embodiment of the present invention limits not to this.
120, server receives the request message for establishing TCP connection that user equipment is sent, and the request for establishing TCP connection disappears
For breath for requesting second established between user equipment and server to connect, second is connected as TCP connection, establishes asking for TCP connection
Message is asked to carry the first connection identifier.
It specifically, can be to server when user equipment re-initiates TCP connection or establishes a new TCP connection
Receive the request message for sending and establishing TCP connection.For example, the request message for establishing TCP connection may include SYN request message and
First connection identifier, or establishing the request message of TCP connection can be the SYN request message for carrying the first connection identifier.
It should also be understood that user equipment can send the first connection identifier in the form of plaintext, it can also be by the first connection
It is sent after mark encryption, the embodiment of the present invention limits not to this.
130, server receives establish the request message of TCP connection after, according to the first connection identifier, establish the second company
It connects.
In other words, server receives establish the request message of TCP connection after, can be excellent according to the first connection identifier
First the request message of TCP connection is established in response, establishes the second connection.
Specifically, server can be determined according to the first connection identifier has been established the first company between user equipment and server
It connects, after in other words server identifies the first connection identifier, server can determine that user equipment is to have logged in or online
Legitimate user equipment, server priority respond the request message for establishing TCP connection, pass through the three-way handshake mistake between user equipment
Journey establishes the second connection.
140, server is carried out data transmission by the second connection with user equipment.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
The first connection identifier that device is sent to user equipment, server according to the first connection identifier and the request message for establishing TCP connection,
TCP connection is established, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
It should be understood that the connection identifier in the embodiment of the present invention is referred to as identity (Identity, ID), for example,
First connection identifier is referred to as the first ID.Second connection identifier is referred to as the 2nd ID.
Further, when first is connected as TCP connection, the embodiment of the present invention is attacked while Refresh Services by TCP
When hitting, TCP connection also can be normally established, prevents TCP attack protection from refreshing webpage with normal users and conflicts.It is connected as first
When UDP connection, TCP falling (for back) can be carried out according to business demand, can normally establish TCP connection, enough prevent TCP
Attack promotes user experience.
Optionally, as another embodiment, in 130, server determines the first connection identifier and connection identifier database
In a connection identifier match;Server receives establish the request message of TCP connection after, to user equipment send respond
Message;Server receives the confirmation message that user equipment is sent.
It should be understood that connection identifier database includes the connection identifier that connection has been established, specifically, in user equipment and service
The connection identifier of the connection can be stored in connection identifier database by server after device establishes connection.It should also be understood that response disappears
Breath can be SYN ACK message, and confirmation message can be ACK message, and the embodiment of the present invention limits not to this.
Specifically, a kind of situation, server determines that the first connection identifier is connect with one in connection identifier database
After mark matches, the request message for establishing TCP connection will be responded, response message is sent to user equipment, so that user sets
After standby reception response message, confirmation message is sent to server;Server receives the confirmation message that user equipment is sent.By with
Upper process realizes the three-way handshake that normal TCP connection is carried out between server and user equipment, needs not move through flow control and cookie
Etc. the process for preventing TCP from attacking, the second establishment of connection between server and user equipment is completed.
Another situation, server determine the first connection identifier and a connection identifier phase in connection identifier database
Match, it is the connection identifier that the user equipment distribution of the first connection has been established that wherein connection identifier database, which includes server,;Service
The first processing priority of the request message of TCP connection is established in device setting, wherein the first processing priority is higher than without the company of carrying
Connect the second processing priority of the request message for establishing TCP connection of mark;Server is according to the request message for establishing TCP connection
With the first processing priority, request confirmation message is sent to user equipment;Server receives the confirmation message that user equipment is sent,
Establish the second connection.
Specifically, server determines that the first connection identifier matches with a connection identifier in connection identifier database
Afterwards, it is the first processing priority that the request message for establishing TCP connection, which can be arranged, wherein the first processing priority, which is higher than, not to be had
Carry the second processing priority of the request message for establishing TCP connection of connection identifier;Server is according to establishing asking for TCP connection
Message and the first processing priority are asked, preferentially sends response message to user equipment, after receiving response message so as to user equipment,
Confirmation message is sent to server;Server receives the confirmation message that user equipment is sent.Server is realized by above procedure
The three-way handshake that normal TCP connection is carried out between user equipment needs not move through the stream that flow control and cookie etc. prevent TCP from attacking
Journey completes the second establishment of connection between server and user equipment.
Therefore, in the embodiment of the present invention server head after receiving and establishing the request message of TCP connection, it is first determined
One connection identifier matches with a connection identifier in connection identifier database;Then response message is sent to user equipment,
Server receives the confirmation message that user equipment is sent later.It is realized by above procedure and is carried out between server and user equipment
The three-way handshake of normal TCP connection completes the second establishment of connection between server and user equipment, need not move through flow control and
The process that cookie etc. prevents TCP from attacking promotes user experience.
Optionally, as another embodiment, server sends connection identifier to user equipment by 200OK response message,
Wherein, connection identifier is located in the header field of 200OK response message.
Optionally, as another embodiment, after 130, present invention method can also include:
Server sends the second connection identifier to user equipment, and the second connection identifier is used between user equipment and server
Establish third connection.
In other words, server generates the second connection identifier, and server sends the second connection identifier to user equipment, so as to
The third link between server is established according to the second connection identifier in user equipment.Wherein the second connection identifier is for indicating
The user equipment is that the second connection has been established, and third connection can be TCP connection.
Specifically, after the TCP connection completed between user equipment is established in server, second can be sent to user equipment and connected
Mark is connect, specifically, the first connection identifier is easily stolen when user equipment sends the first connection identifier in the form of plaintext
With after having established the second connection, server immediately deletes the first connection identifier, such as server is connected first from connection
It is deleted in identification database, the second connection identifier is sent to user equipment, and the second connection identifier is stored in connection identifier
In database, the situation that can prevent the first connection identifier stolen in this way occurs, if the connection mark of invalid user stealing first
When knowing request TCP connection, since server deletes the first connection identifier, server can not be determined according to the first connection identifier
The request needs to carry out the request of attack protection flow processing, avoids or effectively locate from the user equipment that the first connection has been established
The stolen situation of the first connection identifier has been managed, user experience is promoted.
Optionally, as another embodiment, it is connected as TCP connection first, in 140, server is in the second connection
Restore or continue the business based on the first connection.
For example, working as user in webpage real time communication (Web Real-Time Communication, WebRTC) scene
After equipment has logged in application, when user equipment needs to re-establish TCP connection, for example, carrying out refresh process to web browser
When, server, which can re-request, establishes TCP connection (the second connection), and restores or continue first in the second connection of foundation and connect
The business connect.
Alternatively, as another embodiment, it is connected as UDP connection first, in 140, server is in the second connection
The upper message data for receiving user equipment and sending, wherein message data capacity is greater than the threshold value of preset message data.
Specifically, the threshold value of preset message data can be preset value, be also possible to determine according to the actual situation
Value, the embodiment of the present invention limits not to this, for example, the threshold value of preset message data can be 1300 bytes.In net
In network agreement (Internet Protocol, IP) IP multimedia subsystem, IMS (IP Multimedia Subsystem, IMS) scene,
According to the definition of third generation partner program (3rd Generation Partnership Project, 3Gpp), when UE to
When the infomational message that server is sent is greater than 1300 byte, need to send using TCP link.That is if UE before with clothes
What is established between business device is UDP connection, then later in all signalling interactive process, if signaling message super large, needs
Creating a TCP connection, wherein the new TCP connection is the second connection, after having established the second connection, user equipment
This big signaling message can be sent in the second connection.
The method of the embodiment of the present invention transmitted for data is described from the angle of server above in conjunction with Fig. 1,
The method of the embodiment of the present invention transmitted for data is described below in conjunction with Fig. 2 from the angle of number of users equipment.
Fig. 2 is another method flow schematic diagram for data transmission for applying example of the invention real, method shown in Fig. 2 by with
Family equipment executes, specifically, as shown in Fig. 2, this method comprises:
210, after the first connection between user equipment and server is established, user equipment receives that server is sent
One connection identifier, the first connection identifier is for identifying the first connection.
In other words, user equipment receives the first connection identifier of the user equipment that server is sent, the first connection identifier
It can be used to indicate that user equipment has built up the first connection, wherein first is connected as TCP connection or UDP connection.
Specifically, after user equipment establishes the first connection, in other words after user equipment login, server be can be generated
First connection identifier, for user equipment (the first connection) unique first connection identifier of distribution, wherein the first connection identifier can
To be an a long character string either random number etc. for server generation, the embodiment of the present invention limits not to this.
220, user equipment sends the request message for establishing TCP connection to server, and second established between server connects
It connects, wherein the request message for establishing TCP connection carries the first connection identifier, and the request message for establishing TCP connection is built for requesting
The second connection between vertical user equipment and server, second is connected as TCP connection.
It specifically, can be to server when user equipment re-initiates TCP connection or establishes a new TCP connection
Receive the request message for sending and establishing TCP connection.For example, the request message for establishing TCP connection may include SYN request message and
First connection identifier, or establishing the request message of TCP connection can be the SYN request message for carrying the first connection identifier.
Server can be determined according to the first connection identifier has been established the first connection between user equipment and server, in other words service
After device the first connection identifier of identification or server determines a mark in the first connection identifier and connection identifier database
After matching, server can determine that user equipment is the clothes for the first connection has been established, has logged in or online legitimate user equipment
Business device preferential answering TCP establishes the link request, and server generates request confirmation message according to the request message for establishing TCP connection;
Then, user equipment receives the request confirmation message according to the request message for establishing TCP connection that server is sent;End user
Equipment is sent to server confirms the reception that disappears, and completes the three-way handshake between user equipment and server, establishes the second connection.
It should be understood that user equipment can send the first connection identifier in the form of plaintext, the first connection can also be marked
It is sent after knowing encryption, the embodiment of the present invention limits not to this.
230, user equipment is carried out data transmission by the second connection with server.
Therefore, therefore, the embodiment of the present invention in the request message for establishing TCP connection that user equipment is sent by carrying
Server is the first connection identifier that user equipment is sent, and server, being capable of preferential answering TCP foundation according to the first connection identifier
Linking request establishes TCP connection, and the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promotes the body of legitimate user
It tests.
Further, when first is connected as TCP connection, the embodiment of the present invention is attacked while Refresh Services by TCP
When hitting, TCP connection also can be normally established, prevents TCP attack protection from refreshing webpage with normal users and conflicts, be connected as first
When UDP connection, TCP falling can be carried out according to business demand, can normally establish TCP connection, enough prevent TCP attack protection function
Manslaughter, specifically, after server determines that user equipment is that the user equipment of the first connection has been established, user equipment and service
The three-way handshake that normal TCP connection is carried out between device needs not move through the process that flow control and cookie etc. prevent TCP from attacking, mentions
Rise legitimate user's experience.
It should be understood that connection identifier database includes the connection identifier that connection has been established, specifically, in user equipment and service
The connection identifier of the connection can be stored in connection identifier database by server after device establishes connection.
Specifically, a kind of situation, user equipment sends the request message for establishing TCP connection to server in 220,
Server receives the request message for establishing TCP connection, determines that the first connection identifier is connect with one in connection identifier database
After mark matches, the request message for establishing TCP connection will be responded, sends response message to user equipment, user equipment connects
After receiving response message, confirmation message is sent to server;Server receives the confirmation message that user equipment is sent.Pass through the above mistake
It is anti-to need not move through flow control and cookie etc. for the three-way handshake that normal TCP connection is carried out between Cheng Shixian server and user equipment
The only process of TCP attack, completes the second establishment of connection between server and user equipment.
Another situation, user equipment send the request message for establishing TCP connection to server, and server determines the first company
It connects mark to match with a connection identifier in connection identifier database, it is that wherein connection identifier database, which includes server,
Establish the connection identifier of the user equipment distribution of the first connection;Server setting is established at the first of the request message of TCP connection
Manage priority, wherein the first processing priority is higher than second of the request message for establishing TCP connection without carrying connection identifier
Processing priority;Server sends to user equipment and requests according to the request message for establishing TCP connection and the first processing priority
Confirmation message;Server receives the confirmation message that user equipment is sent, and establishes the second connection.
Specifically, server determines that the first connection identifier matches with a connection identifier in connection identifier database
Afterwards, it is the first processing priority that the request message for establishing TCP connection, which can be arranged, wherein the first processing priority, which is higher than, not to be had
Carry the second processing priority of the request message for establishing TCP connection of connection identifier;Server is according to establishing asking for TCP connection
Message and the first processing priority are asked, preferentially response message is sent to user equipment, after user equipment receives response message, to clothes
Business device sends confirmation message;Server receives the confirmation message that user equipment is sent.Server is realized by above procedure and is used
The three-way handshake that normal TCP connection is carried out between the equipment of family needs not move through the process that flow control and cookie etc. prevent TCP from attacking,
Complete the second establishment of connection between server and user equipment.
Therefore, in the embodiment of the present invention server head after receiving and establishing the request message of TCP connection, it is first determined
One connection identifier matches with a connection identifier in connection identifier database;Then response message is sent to user equipment,
Server receives the confirmation message that user equipment is sent later.It is realized by above procedure and is carried out between server and user equipment
The three-way handshake of normal TCP connection completes the second establishment of connection between server and user equipment, need not move through flow control and
The process that cookie etc. prevents TCP from attacking promotes user experience.
Optionally, as another embodiment, in 210, user equipment receives the 200OK response message that server is sent,
Wherein, the first connection identifier is located in the header field of 200OK response message.
Specifically, a field can be defined in 200OK message, the first connection identifier (field) is located at 200OK response
In the header field of message.
Optionally, as another embodiment, when first is connected as TCP connection, in 230, user equipment connects second
It connects and restores or continue the business based on the first connection.
For example, after user equipment has logged in application, user equipment needs to re-establish TCP company in WebRTC scene
When connecing, for example, server, which can re-request, establishes TCP connection (the second connection) when carrying out refresh process to web browser,
And restore or continue the business of the first connection in the second connection of foundation.
Optionally, as another embodiment, when first is connected as UDP connection, in 230, user equipment connects second
Connect the message data sent to server, wherein message data capacity is greater than the threshold value of preset message data.
Specifically, the threshold value of preset message data can be preset value, such as 1300 bytes, be also possible to according to reality
Situation and the value of determination, the embodiment of the present invention limit not to this.In IMS scene, according to the definition of 3Gpp, when UE is to clothes
When the infomational message that business device is sent is greater than 1300 byte, need to send using TCP link.That is if UE before with service
What is established between device is UDP connection, then later in all signalling interactive process, if signaling message super large, needs
Creating a TCP connection, wherein the new TCP connection is the second connection, after having established the second connection, user equipment meeting
This big signaling message is sent in the second connection.
Optionally, as another embodiment, after 220, present invention method can also include:
User equipment receives the second connection identifier that server is sent, and the second connection identifier is used for user equipment and server
Between establish third connection.
Specifically, first connection identifier is easy when user equipment sends the first connection identifier in the form of plaintext
Stolen, after having established the second connection, server immediately deletes the first connection identifier, such as the first connection is marked from connection
Know in database and delete, and generate the second connection identifier, the second connection identifier is sent to user equipment, and the second connection is marked
Knowledge is stored in connection identifier database, wherein the second connection has been established for indicating the user equipment in the second connection identifier,
Third connection can be TCP connection.The situation that can prevent the first connection identifier stolen in this way occurs, if illegal user steals
When requesting TCP connection with the first connection identifier, since server deletes the first connection identifier, server can not be according to first
Connection identifier determines the request from the user equipment that the first connection has been established, and needs to carry out the request of attack protection flow processing,
The stolen situation of the first connection identifier is avoided or be effectively treated, user experience is promoted.
The method of the embodiment of the present invention transmitted for data is described from the angle of server above in conjunction with Fig. 1,
The method of the embodiment of the present invention transmitted for data is described in conjunction with Fig. 2 from the angle of number of users equipment.Below in conjunction with Fig. 3 and
The method for data transmission of Fig. 4 specific example the present invention is described in detail embodiment.
It should be noted that the example of Fig. 1 to Fig. 2 is used for the purpose of helping skilled in the art to understand the embodiment of the present invention, and
Specific value or concrete scene illustrated by have to being limited to the embodiment of the present invention.Those skilled in the art are according to given figure
1 to Fig. 2 example, it is clear that the modification or variation of various equivalences can be carried out, such modification or variation also fall into of the invention real
In the range of applying example.
It should be understood that magnitude of the sequence numbers of the above procedures are not meant that the order of the execution order, the execution of each process is suitable
Sequence should be determined by its function and internal logic, and the implementation process of the embodiments of the invention shall not be constituted with any limitation.
Fig. 3 is real another method flow schematic diagram for data transmission for applying example of the invention, method packet as shown in Figure 3
It includes:
310, user equipment receives the first connection identifier of the user equipment that server is sent.
Specifically, the first connection identifier is for indicating that user equipment is the user equipment for having built up the first connection, first
It is connected as TCP connection or UDP connection.Specifically, after the first connection between user equipment and server is established, exist in other words
After user equipment logs in, server can distribute unique first connection identifier for first connection, wherein the first connection identifier can
To be an a long character string either random number etc. for server generation, the embodiment of the present invention limits not to this.
320, user equipment sends the request message for establishing TCP connection to server.
Specifically, the request message for establishing TCP connection carries the first connection identifier.Connect when user equipment re-initiates TCP
When connecing or establish a new TCP connection, it can be received to server and send the request message for establishing TCP connection.For example, establishing
The request message of TCP connection may include SYN request message and the first connection identifier.
It should also be understood that user equipment can send the first connection identifier in the form of plaintext, it can also be by the first connection
It is sent to server after mark encryption, the embodiment of the present invention limits not to this.
330, server establishes the second connection between user equipment according to the request message for establishing TCP connection.
Specifically, for example, server is according to the first connection identifier of the user equipment in the request message for establishing TCP connection
Determine that user equipment is the user equipment that the first connection has been established, for example, server by the first connection identifier and database
The connection identifier of storage is matched, and after successful match, determines that the user equipment is the user equipment that the first connection has been established,
Server can prioritize processing the request message for establishing TCP connection, and server sends request notification message to user equipment;With
Family equipment sends a notification message to server, establishes the second connection between user equipment.
340, server and between equipment pass through second connection carries out with data transmission.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, server according to the first connection identifier, can preferential answering TCP establish the link
Request, establishes TCP connection, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
Fig. 4 is real another method flow schematic diagram for data transmission for applying example of the invention.In the specific embodiment of Fig. 4
One is only gived to be applied in WebRTC scene, the server in Fig. 4 may include the example of SBC, specifically, Fig. 4 example
In give the login process of the process and WebRTC of establishing the first connection (TCP connection), and establish the second connection (TCP connect
Connect) process.Method shown in Fig. 4 includes:
401, user equipment sends SYN request message to server.
402, server sends SYN ACK message to user equipment.
403, user equipment sends ACK message to server.
It should be understood that TCP attack is needed by TCPCookie and flow control the process of 401 to 403 first connections in order to prevent
Reason.
404, user equipment sends HTTP authentication request message to server.
405, server sends HTTP request response message to user equipment.
406, user equipment carries out WebRTC login.
407, server distributes the first connection identifier to user equipment by 200OK message.
408, user equipment sends SYN request message to server.
Specifically, the SYN request message carries the first connection identifier of user equipment.For example, user equipment is in WebRTC
After login, user equipment is made to send asking for SYN request message the 2nd PCT connection of initiation to server by refreshing browser
It asks.
409, server sends SYN ACK message to user equipment.
Specifically, server takes out the first connection identifier from SYN request message, judges whether the first connection identifier has
Effect.I.e. server matches first connection identifier with the connection identifier of distribution in connection identifier database.If
With success (there are occurrences), then server determines that TCP connection request comes from online user's equipment, then can bypass TCP
The attack protections process such as Cookie and flow control sends SYN ACK message to user equipment.
410, user equipment sends ACK message to server.
Wherein, 408 to 410 the process for establishing the second connection is described.
411, user equipment sends HTTP authentication request message to server.
412, server sends HTTP request response message to user equipment.
413, server distributes the second connection identifier to user equipment by 200OK message.
It specifically, can be by the first connection identifier from connection after server establishes the TCP connection between completing user equipment
It is deleted in identification database, and the second connection identifier can be sent to user equipment, wherein the second connection identifier is for indicating the use
Family equipment is the user equipment that the second connection has been established.
Specifically, first connection identifier is easy when user equipment sends the first connection identifier in the form of plaintext
Stolen, after having established the second connection, the second connection identifier is sent to user equipment immediately by server, can prevent first
The stolen situation of connection identifier occurs, and promotes user experience.
Particularly, user equipment obtains the first connection identifier of the corresponding application of current TCP link from service layer, and
The first connection identifier is passed into server in SYN request message.Server is judging linking request according to the first connection identifier
Carrying out online user then can establish the 2nd TCP chain between user equipment around attack protections processes such as TCP Cookie and flow controls
Road.Simultaneously after the data of finishing service level are restored or continue, the first connection identifier is deleted immediately, and be generated for user second
Connection identifier.Wherein the second connection identifier is for indicating that the user equipment is the user equipment that the second connection has been established.Finally will
Second connection identifier notifying user equipment.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, server according to the first connection identifier, can preferential answering TCP establish the link
Request, establishes TCP connection, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
Fig. 5 is another method flow schematic diagram for data transmission for applying example of the invention real, in the specific embodiment of Fig. 5
It only gives one to be applied in the scene of the field IMS, specifically, the server in Fig. 5 may include the example of SBC, Fig. 5 example
In give the process for establishing the first connection (UDP connection) and the process of establishing the second connection (TCP connection).Side shown in fig. 5
Method includes:
501, user equipment sends SIP registration request message to server.
502, it includes the 401 certification message for authenticating random number that server is sent to user equipment.
503, user equipment sends the SIP registration request message including abstract random number to server.
504, server distributes the first connection identifier to user equipment by 200OK message.
505, user equipment sends SYN request message to server.
Specifically, the SYN request message carries the first connection identifier of user equipment.
506, server sends SYN ACK message to user equipment.
Specifically, server takes out the first connection identifier information from SYN request message, whether judges the first connection identifier
Effectively.I.e. server matches first connection identifier with the connection identifier of distribution in connection identifier database.If
Then server determines that TCP connection request comes from online user's equipment to successful match (there are occurrences), then can bypass
TCP Cookie and flow control etc. be anti-to be attacked 50 and hits process, sends SYN ACK message to user equipment.
507, user equipment sends ACK message to server.
Wherein, 505 to 507 the process for establishing the second connection is described.
508, user equipment sends the big message of SIP.
Specifically, in IMS scene, according to the definition of 3Gpp, when the infomational message that UE is sent to server is greater than 1300
When byte, need to send using TCP link.That is if what is established between server before UE is that UDP is connect,
It later in all signalling interactive process, if signaling message super large, needs to create a TCP connection, wherein this is new
TCP connection is the second connection, and after having established the second connection, user equipment can send this big signaling in the second connection
Message.
509, server distributes the second connection identifier to user equipment by 200OK message.
It specifically, can be by the first connection identifier from connection after server establishes the TCP connection between completing user equipment
It is deleted in identification database, and the second connection identifier can be sent to user equipment, wherein the second connection identifier is for indicating the use
Family equipment is the user equipment that the second connection has been established.
Specifically, first connection identifier is easy when user equipment sends the first connection identifier in the form of plaintext
Stolen, after having established the second connection, the second connection identifier is sent to user equipment immediately by server, can prevent first
The stolen situation of connection identifier occurs, and promotes user experience.
Particularly, server is that user equipment distributes the first connection identifier, and the first connection is carried in 200OK message
Mark.User equipment is fallen after rise when TCP connection is established in request in TCP carries this connection identifier, and server is according to connection identifier
Judge that TCP falling has occurred in linking request, establishes the 2nd TCP link between user equipment.The first connection identifier is deleted immediately,
And the second connection identifier is generated for user.Wherein the second connection identifier is for indicating that the user equipment is that the second connection has been established
User equipment.Finally by the second connection identifier notifying user equipment.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, server according to the first connection identifier, can preferential answering TCP establish the link
Request, establishes TCP connection, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
Above, the method transmitted in conjunction with Fig. 1 to Fig. 5 data that the embodiment of the present invention is described in detail, below in conjunction with
The equipment for the data transmission that Fig. 6 is implemented to Figure 11 the present invention is described in detail.
Fig. 6 is the schematic block diagram of server according to an embodiment of the invention.Server packet as shown in FIG. 6
It includes: the first transmission unit 610, receiving unit 620, response unit 630 and transmission unit 640.
Specifically, after the first connection of 610 user of the first transmission unit between server and user equipment is established, Xiang Yong
Family equipment sends the first connection identifier, and the first connection identifier is for identifying the first connection;Receiving unit 620 is set for receiving user
What preparation was sent establishes the request message of transmission control protocol TCP connection, and the request message for establishing TCP connection is used for requesting to establish
The second connection between family equipment and server, second is connected as TCP connection, and the request message for establishing TCP connection carries first and connects
Connect mark;Response unit 630 is used for according to the received request message for establishing TCP connection of the first connection identifier and receiving unit,
Establish the second connection;The second connection that transmission unit 640 is used to establish by response unit carries out data transmission with user equipment.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, server according to the first connection identifier and the request message for establishing TCP connection,
TCP connection is established, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
Optionally, as another embodiment, response unit described in response unit 630 determines first connection identifier and company
It connects in identification database connection identifier to match, receives the request message for establishing TCP connection in receiving unit
Afterwards, response message is sent to the user equipment, and receives the confirmation message that the user equipment is sent.
Optionally, as another embodiment, the first transmission unit 610 is sent by 200OK response message to user equipment
First connection identifier, wherein the first connection identifier is located in the header field of 200OK response message.
Optionally, as another embodiment, the server of the embodiment of the present invention can also include: the second transmission unit, tool
Body, server as shown in Figure 7 includes:
First transmission unit 710, receiving unit 720, response unit 730, transmission unit 740 and the second transmission unit 750.
Specifically, the first transmission unit 610, receiving unit 620, response unit 630 and transmission unit 640 are respectively with first
Transmission unit 710, receiving unit 720, response unit 730 and transmission unit 740 are corresponding, to avoid repeating, repeat no more.The
Two transmission units 750 are used in response unit according to the received request for establishing TCP connection of the first connection identifier and receiving unit
Message after establishing the second connection, sends the second connection identifier to user equipment, the second connection identifier is for user equipment and service
Third connection is established between device.
Optionally, as another embodiment, first is connected as TCP connection, transmission unit 640 established in response unit
Restore or continue the business based on the first connection in two connections.
Optionally, as another embodiment, first is connected as UDP connection, transmission unit 640 established in response unit
The message data that user equipment is sent is received in two connections, wherein the capacity of message data is greater than the threshold of preset message data
Value.
Optionally, as another embodiment, the first connection identifier is character string or random number etc..
It should be understood that Fig. 6 and server shown in Fig. 7 can be realized each of server involved in Fig. 1 to Fig. 5 embodiment of the method
A process repeats no more to avoid repeating.
Fig. 8 is the schematic block diagram of user equipment according to an embodiment of the invention.User equipment packet as shown in Figure 8
It includes: the first receiving unit 810, transmission unit 820 and transmission unit 830.
Specifically, it after the first connection of first receiving unit 810 between user equipment and server is established, receives
The first connection identifier that server is sent, the first connection identifier is for identifying the first connection;Transmission unit 820 is used for server
The request message for establishing TCP connection is sent, establishes the second connection between server, wherein establish the request message of TCP connection
The first connection identifier is carried, establishes the request message of TCP connection for requesting second established between user equipment and server to connect
It connects, second is connected as TCP connection;Transmission unit 830 is used to carry out data transmission by the second connection with server.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, server according to the first connection identifier and the request message for establishing TCP connection,
TCP connection is established, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
Optionally, as another embodiment, the first receiving unit 810 receives the 200OK response message that server is sent,
In, the first connection identifier is located in the header field of 200OK response message.
Optionally, as another embodiment, first is connected as TCP connection, transmission unit 830 restore in the second connection or
Continue the business based on the first connection.
Optionally, as another embodiment, first is connected as UDP connection, and transmission unit 830 is in the second connection to service
Device sends message data, wherein message data capacity is greater than the threshold value of preset message data.
Optionally, as another embodiment, user equipment can also include: the second receiving unit.Specifically, such as Fig. 9 institute
The user equipment shown includes: the first receiving unit 910, transmission unit 920, transmission unit 930 and the second receiving unit 940.
Specifically, the first receiving unit 910, transmission unit 920 and transmission unit 930 respectively with the first receiving unit 810,
Transmission unit 820 and transmission unit 820 are corresponding, and the second receiving unit 940 is used to send in transmission unit to server and establish
The request message of TCP connection receives the second connection identifier that server is sent after establishing the second connection between server, the
Two connection identifier are for establishing third connection between user equipment and server.
Optionally, as another embodiment, the first connection identifier is character string or random number etc..
It should be understood that Fig. 8 and user equipment shown in Fig. 9 can be realized user equipment involved in Fig. 1 to Fig. 5 embodiment of the method
Each process repeated no more to avoid repeating.
Figure 10 is the schematic block diagram of server according to another embodiment of the present invention.Server as shown in Figure 10 includes
Processor 1010, memory 1020, bus system 1030 and transceiver 1040.
Specifically, being sent out after the first connection of the transceiver 1040 between server and user equipment is established to user equipment
Send first the first connection identifier of connection identifier for identify first connect;Receive user equipment transmission establishes transmission control protocol
The request message of TCP connection establishes the request message of TCP connection for requesting second established between user equipment and server to connect
It connects, second is connected as TCP connection, and the request message for establishing TCP connection carries the first connection identifier;Processor 1010 passes through bus
System 1030 calls the code being stored in memory 1020, according to the first connection identifier and the received foundation of transceiver 1040
The request message of TCP connection establishes the second connection;Transceiver 1040 is set by the second connection that processor 1010 is established with user
It is standby to carry out data transmission.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, server according to the first connection identifier and the request message for establishing TCP connection,
TCP connection is established, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
The method that the embodiments of the present invention disclose can be applied in processor 1010, or real by processor 1010
It is existing.Processor 1010 may be a kind of IC chip, the processing capacity with signal.During realization, the above method
Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1010 or software form.Above-mentioned
Processor 1010 can be general processor, digital signal processor (English Digital Signal Processor, abbreviation
DSP), specific integrated circuit (English Application Specific Integrated Circuit, abbreviation ASIC), ready-made
Programmable gate array (English Field Programmable Gate Array, abbreviation FPGA) or other programmable logic devices
Part, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute the disclosure in the embodiment of the present invention
Each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to any routine
Processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processor execution
Complete, or in decoding processor hardware and software module combine execute completion.Software module can be located at arbitrary access
Memory (English Random Access Memory, abbreviation RAM), flash memory, read-only memory (English Read-Only
Memory, abbreviation ROM), this fields such as programmable read only memory or electrically erasable programmable memory, register it is mature
In storage medium.The storage medium is located at memory 1020, and processor 1010 reads the information in memory 1020, hard in conjunction with it
Part is completed the step of above method, which can also include power bus, control in addition to including data/address bus
Bus and status signal bus in addition etc..But for the sake of clear explanation, various buses are all designated as bus system 1030 in figure.
Optionally, as another embodiment, processor 1010 determines first connection identifier and connection identifier database
In a connection identifier match, transceiver 1040 receive it is described establish the request message of TCP connection after, transceiver
1040 send response message to the user equipment, and receive the confirmation message that the user equipment is sent.
Optionally, as another embodiment, transceiver 1040 sends first to user equipment by 200OK response message and connects
Connect mark, wherein the first connection identifier is located in the header field of 200OK response message.
Optionally, as another embodiment, after processor 1040 establishes the second connection, transceiver 1040 is sent out to user equipment
The second connection identifier is sent, the second connection identifier is for establishing third connection between user equipment and server.
Optionally, as another embodiment, first is connected as TCP connection, and transceiver 1040 is established in processor 1010
Restore or continue the business based on the first connection in second connection.
Optionally, as another embodiment, first is connected as UDP connection, and transceiver 1040 is established in processor 1010
The message data that user equipment is sent is received in second connection, wherein the capacity of message data is greater than preset threshold, preset threshold
It can be 1300 bytes.
Optionally, as another embodiment, the first connection identifier is character string or random number etc..
It should be understood that server shown in Fig. 10 can be realized each mistake of server involved in Fig. 1 to Fig. 5 embodiment of the method
Journey repeats no more to avoid repeating.
Figure 11 is the schematic block diagram of user equipment according to another embodiment of the present invention.User equipment as shown in figure 11
Including processor 1110, memory 1120, bus system 1130 and transceiver 1140.
Specifically, after the first connection of the transceiver 1140 between user equipment and server is established, server hair is received
The first connection identifier sent, the first connection identifier is for identifying the first connection;The request for establishing TCP connection to server transmission disappears
Breath, processor 1110 call the code that is stored in memory 1120 by bus system 1130, establish and the between server
Two connections, wherein the request message for establishing TCP connection carries the first connection identifier, and the request message for establishing TCP connection is used
Family device request establishes the second connection between server, and second is connected as TCP connection;Transceiver 1140 passes through processor 1110
The second connection established carries out data transmission with server.
Therefore, the embodiment of the present invention is serviced by carrying in the request message for establishing TCP connection that user equipment is sent
Device is the first connection identifier that user equipment is sent, server according to the first connection identifier and the request message for establishing TCP connection,
TCP connection is established, the embodiment of the present invention can prevent manslaughtering for TCP attack protection function, promote the experience of legitimate user.
The method that the embodiments of the present invention disclose can be applied in processor 1110, or real by processor 1110
It is existing.Processor 1110 may be a kind of IC chip, the processing capacity with signal.During realization, the above method
Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1110 or software form.Above-mentioned
Processor 1110 can be general processor, digital signal processor (English Digital Signal Processor, abbreviation
DSP), specific integrated circuit (English Application Specific Integrated Circuit, abbreviation ASIC), ready-made
Programmable gate array (English Field Programmable Gate Array, abbreviation FPGA) or other programmable logic devices
Part, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute the disclosure in the embodiment of the present invention
Each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to any routine
Processor etc..The step of method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware decoding processor execution
Complete, or in decoding processor hardware and software module combine execute completion.Software module can be located at arbitrary access
Memory (English Random Access Memory, abbreviation RAM), flash memory, read-only memory (English Read-Only
Memory, abbreviation ROM), this fields such as programmable read only memory or electrically erasable programmable memory, register it is mature
In storage medium.The storage medium is located at memory 1120, and processor 1110 reads the information in memory 1120, hard in conjunction with it
Part is completed the step of above method, which can also include power bus, control in addition to including data/address bus
Bus and status signal bus in addition etc..But for the sake of clear explanation, various buses are all designated as bus system 1130 in figure.
Optionally, as another embodiment, transceiver 1140 receives the 200OK response message that server is sent, wherein the
One connection identifier is located in the header field of 200OK response message.
Optionally, as another embodiment, first is connected as TCP connection, and transceiver 1140 is established in processor 1110
Restore or continue the business of the first connection in second connection.
Optionally, as another embodiment, first is connected as UDP connection, and transceiver 1140 is established in processor 1110
Message data is sent to server in second connection, wherein message data capacity is greater than preset threshold, and preset threshold can be
1300 bytes.
Optionally, as another embodiment, after processor 1110 establishes the second connection, transceiver 1140 receives server hair
The second connection identifier sent, the second connection identifier is for establishing third connection between user equipment and server.
Optionally, as another embodiment, the first connection identifier is character string or random number.
It should be understood that user equipment shown in Figure 11 can be realized each of user equipment involved in Fig. 1 to Fig. 5 embodiment of the method
A process repeats no more to avoid repeating.
It should be understood that " one embodiment " or " embodiment " that specification is mentioned in the whole text mean it is related with embodiment
A particular feature, structure, or characteristic is included at least one embodiment of the present invention.Therefore, occur everywhere in the whole instruction
" in one embodiment " or " in one embodiment " not necessarily refer to identical embodiment.In addition, these specific features, knot
Structure or characteristic can combine in any suitable manner in one or more embodiments.It should be understood that in various implementations of the invention
In example, magnitude of the sequence numbers of the above procedures are not meant that the order of the execution order, and the execution sequence of each process should be with its function
It can determine that the implementation process of the embodiments of the invention shall not be constituted with any limitation with internal logic.
In addition, the terms " system " and " network " are often used interchangeably herein.The terms " and/
Or ", only a kind of incidence relation for describing affiliated partner, indicates may exist three kinds of relationships, for example, A and/or B, it can be with table
Show: individualism A exists simultaneously A and B, these three situations of individualism B.In addition, character "/" herein, typicallys represent front and back
Affiliated partner is a kind of relationship of "or".
It should be understood that in embodiments of the present invention, " B corresponding with A " indicates that B is associated with A, B can be determined according to A.But
It should also be understood that determining that B is not meant to determine B only according to A according to A, B can also be determined according to A and/or other information.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware
With the interchangeability of software, each exemplary composition and step are generally described according to function in the above description.This
A little functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Specially
Industry technical staff can use different methods to achieve the described function each specific application, but this realization is not
It is considered as beyond the scope of this invention.
It is apparent to those skilled in the art that for convenience of description and succinctly, foregoing description is
The specific work process of system, device and unit, can refer to corresponding processes in the foregoing method embodiment, details are not described herein.
In several embodiments provided herein, it should be understood that disclosed systems, devices and methods, it can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.In addition, shown or beg for
Opinion mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING of device or unit
Or communication connection, it is also possible to electricity, mechanical or other form connections.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of unit therein can be selected to realize the embodiment of the present invention according to the actual needs
Purpose.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, is also possible to two or more units and is integrated in one unit.It is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can be with
It is realized with hardware realization or firmware realization or their combination mode.It when implemented in software, can be by above-mentioned function
Storage in computer-readable medium or as on computer-readable medium one or more instructions or code transmitted.Meter
Calculation machine readable medium includes computer storage media and communication media, and wherein communication media includes convenient for from a place to another
Any medium of a place transmission computer program.Storage medium can be any usable medium that computer can access.With
For this but be not limited to: computer-readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disc storages, disk
Storage medium or other magnetic storage apparatus or can be used in carry or store have instruction or data structure form expectation
Program code and can be by any other medium of computer access.Furthermore.Any connection appropriate can become computer
Readable medium.For example, if software is using coaxial cable, optical fiber cable, twisted pair, Digital Subscriber Line (DSL) or such as
The wireless technology of infrared ray, radio and microwave etc is transmitted from website, server or other remote sources, then coaxial electrical
The wireless technology of cable, optical fiber cable, twisted pair, DSL or such as infrared ray, wireless and microwave etc includes in affiliated medium
In fixing.As used in the present invention, disk (Disk) and dish (disc) are logical including compression optical disc (CD), laser disc, optical disc, number
With optical disc (DVD), floppy disk and Blu-ray Disc, the usually magnetic replicate data of which disk, and dish is then with laser come optical duplication
Data.Combination above should also be as including within the protection scope of computer-readable medium.
In short, being not intended to limit of the invention the foregoing is merely the preferred embodiment of technical solution of the present invention
Protection scope.All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in
Within protection scope of the present invention.
Claims (22)
1. a kind of method of data transmission characterized by comprising
After the first connection between server and user equipment is established, the server sends first to the user equipment and connects
Connect mark, first connection identifier is the first connection has been established, to have logged in or online for identifying the user equipment
Legitimate user equipment;
The server receives the request message for establishing transmission control protocol TCP connection that the user equipment is sent, described to build
The request message of vertical TCP connection is for requesting second established between the user equipment and the server to connect, and described second
It is connected as TCP connection, the request message for establishing TCP connection carries first connection identifier;
After the server receives the request message for establishing TCP connection, according to first connection identifier, described in foundation
Second connection;
The server is carried out data transmission by second connection with the user equipment.
2. the method according to claim 1, wherein the server receives and described establishes asking for TCP connection
After seeking message, according to first connection identifier, second connection is established, comprising:
The server determines that first connection identifier matches with a connection identifier in connection identifier database;
After the server receives the request message for establishing TCP connection, response message is sent to the user equipment;
The server receives the confirmation message that the user equipment is sent.
3. method according to claim 1 or 2, which is characterized in that the server sends first to the user equipment
Connection identifier, comprising:
The server sends first connection identifier to the user equipment by 200OK response message, wherein described the
One connection identifier is located in the header field of the 200OK response message.
4. method according to claim 1 or 2, which is characterized in that received in the server and described establish TCP connection
Request message after, according to first connection identifier, after establishing second connection, further includes:
The server sends the second connection identifier to the user equipment, and second connection identifier is used for the user equipment
Third is established between the server to connect.
5. method according to claim 1 or 2, which is characterized in that described first is connected as TCP connection, the server
Carried out data transmission by second connection with the user equipment, comprising:
The server restores or continues the business based on first connection in second connection.
6. method according to claim 1 or 2, which is characterized in that described first is connected as user datagram protocol UDP company
It connects, the server is carried out data transmission by second connection with the user equipment, comprising:
The server receives the message data that the user equipment is sent in second connection, wherein the message number
According to capacity be greater than preset message data threshold value.
7. a kind of method of data transmission characterized by comprising
After the first connection between user equipment and server is established, the user equipment receive that the server sends the
One connection identifier, first connection identifier are that the first connection has been established, has logged in or has existed for identifying the user equipment
The legitimate user equipment of line;
The user equipment sends to the server and establishes the request message of TCP connection, establishes and the between the server
Two connections, wherein the request message for establishing TCP connection carries first connection identifier, described to establish asking for TCP connection
Ask message for requesting second established between the user equipment and the server to connect, described second is connected as TCP connection;
The user equipment is carried out data transmission by second connection with the server.
8. the method according to the description of claim 7 is characterized in that the user equipment receives the first connection that server is sent
Mark, comprising:
The user equipment receives the 200OK response message that the server is sent, wherein first connection identifier is located at institute
In the header field for stating 200OK response message.
9. method according to claim 7 or 8, which is characterized in that described first is connected as TCP connection, and the user sets
It is standby to be carried out data transmission by second connection with the server, comprising:
The user equipment restores or continues the business based on first connection in second connection.
10. method according to claim 7 or 8, which is characterized in that described first is connected as UDP connection, and the user sets
It is standby to be carried out data transmission by second connection with the server, comprising:
The user equipment sends message data to the server in second connection, wherein the message data holds
Amount is greater than the threshold value of preset message data.
11. method according to claim 7 or 8, which is characterized in that built in the user equipment to server transmission
The request message of vertical TCP connection, after establishing the second connection between the server, further includes:
The user equipment receives the second connection identifier that the server is sent, and second connection identifier is used for the user
Third connection is established between equipment and the server.
12. a kind of server characterized by comprising
First transmission unit is sent out after establishing for the first connection between server and user equipment to the user equipment
Send the first connection identifier, first connection identifier for identify the user equipment be the first connection has been established, logged in or
Online legitimate user equipment;
Receiving unit, the request message for establishing transmission control protocol TCP connection sent for receiving the user equipment are described
The request message of TCP connection is established for request second established between the user equipment and the server connection, described the
Two are connected as TCP connection, and the request message for establishing TCP connection carries first connection identifier;
Response unit, for described establishing asking for TCP connection according to first connection identifier and the receiving unit are received
Message is sought, second connection is established;
Transmission unit, second connection for being established by the response unit carry out data biography with the user equipment
It is defeated.
13. server according to claim 12, which is characterized in that the response unit determines first connection identifier
Match with a connection identifier in connection identifier database, receives the request for establishing TCP connection in receiving unit
After message, response message is sent to the user equipment, and receives the confirmation message that the user equipment is sent.
14. server according to claim 12 or 13, which is characterized in that first transmission unit is answered by 200OK
It answers message and sends first connection identifier to the user equipment, wherein the connection identifier is located at the 200OK response and disappears
In the header field of breath.
15. server according to claim 12 or 13, which is characterized in that further include:
Second transmission unit is used in the response unit according to first connection identifier and the received institute of the receiving unit
The request message for establishing TCP connection is stated, after establishing second connection, sends the second connection identifier, institute to the user equipment
The second connection identifier is stated for establishing third connection between the user equipment and the server.
16. server according to claim 12 or 13, which is characterized in that described first is connected as TCP connection, the biography
Defeated unit restores or continues the business based on first connection in second connection that the response unit is established.
17. server according to claim 12 or 13, which is characterized in that described first is connected as UDP connection, the biography
Defeated unit receives the message data that the user equipment is sent in second connection that the response unit is established, wherein
The capacity of the message data is greater than the threshold value of preset message data.
18. a kind of user equipment characterized by comprising
First receiving unit receives the service after establishing for the first connection between the user equipment and server
The first connection identifier that device is sent, first connection identifier are that the first connection, has been established for identifying the user equipment
Login or online legitimate user equipment;
Transmission unit establishes the request message of TCP connection for sending to the server, establishes and the between the server
Two connections, wherein the request message for establishing TCP connection carries first connection identifier, described to establish asking for TCP connection
Ask message for requesting second established between the user equipment and the server to connect, described second is connected as TCP connection;
Transmission unit, for being carried out data transmission by second connection with the server.
19. user equipment according to claim 18, which is characterized in that first receiving unit receives the server
The 200OK response message of transmission, wherein first connection identifier is located in the header field of the 200OK response message.
20. user equipment described in 8 or 19 according to claim 1, which is characterized in that described first is connected as TCP connection, described
Transmission unit restores or continues the business based on first connection in second connection.
21. user equipment described in 8 or 19 according to claim 1, which is characterized in that described first is connected as UDP connection, described
Transmission unit sends message data to the server in second connection, wherein the message data capacity is greater than pre-
If message data threshold value.
22. user equipment described in 8 or 19 according to claim 1, which is characterized in that further include:
Second receiving unit is established for sending the request message for establishing TCP connection to the server in the transmission unit
After second between the server connect, the second connection identifier that the server is sent, second connection identifier are received
For establishing third connection between the user equipment and the server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410736781.0A CN104601541B (en) | 2014-12-05 | 2014-12-05 | Method, server and the user equipment of data transmission |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410736781.0A CN104601541B (en) | 2014-12-05 | 2014-12-05 | Method, server and the user equipment of data transmission |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104601541A CN104601541A (en) | 2015-05-06 |
CN104601541B true CN104601541B (en) | 2018-12-07 |
Family
ID=53127048
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410736781.0A Active CN104601541B (en) | 2014-12-05 | 2014-12-05 | Method, server and the user equipment of data transmission |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104601541B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106686151B (en) * | 2015-11-11 | 2020-05-15 | 阿里巴巴集团控股有限公司 | IP address obtaining method and device |
CN106230874A (en) * | 2016-04-01 | 2016-12-14 | 深圳市联软科技股份有限公司 | A kind of Operational Visit method, Apparatus and system |
CN107995233B (en) * | 2016-10-26 | 2021-12-17 | 阿里巴巴集团控股有限公司 | Method for establishing connection and corresponding equipment |
CN106534345B (en) * | 2016-12-07 | 2019-02-05 | 东软集团股份有限公司 | A kind of message forwarding method and device |
CN109088476A (en) * | 2018-09-04 | 2018-12-25 | 广东电网有限责任公司 | A kind of wireless communication system and method |
CN109547454A (en) * | 2018-12-06 | 2019-03-29 | 空网科技(北京)有限公司 | Terminal device and data transmission method |
CN112019499A (en) * | 2020-07-15 | 2020-12-01 | 上海趣蕴网络科技有限公司 | Method and system for optimizing connection request in handshaking process |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771695A (en) * | 2010-01-07 | 2010-07-07 | 福建星网锐捷网络有限公司 | Transmission control protocol (TCP) connection processing method and system and synchronization (SYN) agent equipment |
CN102340545A (en) * | 2011-10-31 | 2012-02-01 | 深圳市五巨科技有限公司 | Server and data processing method thereof |
CN102904903A (en) * | 2012-11-02 | 2013-01-30 | 北京奇虎科技有限公司 | Communication system and communication method |
CN103369005A (en) * | 2012-03-30 | 2013-10-23 | 北京百度网讯科技有限公司 | Method and system for data pushing and mobile terminal |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7254133B2 (en) * | 2002-07-15 | 2007-08-07 | Intel Corporation | Prevention of denial of service attacks |
CN100481778C (en) * | 2006-12-28 | 2009-04-22 | 杭州华三通信技术有限公司 | A method, device and system for binding the terminal with the pseudo terminal device |
CN102714617B (en) * | 2010-10-29 | 2015-10-21 | 华为技术有限公司 | Connection establishment method, device and communication system |
CN103516573B (en) * | 2012-06-28 | 2017-01-25 | 北京新媒传信科技有限公司 | Data transmission method among client terminals in restricted network and client terminals |
CN102946387B (en) * | 2012-11-01 | 2016-12-21 | 惠州Tcl移动通信有限公司 | A kind of method defending rejection service attack |
CN103916485A (en) * | 2012-12-31 | 2014-07-09 | 北京新媒传信科技有限公司 | Nat traversal method and server |
-
2014
- 2014-12-05 CN CN201410736781.0A patent/CN104601541B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101771695A (en) * | 2010-01-07 | 2010-07-07 | 福建星网锐捷网络有限公司 | Transmission control protocol (TCP) connection processing method and system and synchronization (SYN) agent equipment |
CN102340545A (en) * | 2011-10-31 | 2012-02-01 | 深圳市五巨科技有限公司 | Server and data processing method thereof |
CN103369005A (en) * | 2012-03-30 | 2013-10-23 | 北京百度网讯科技有限公司 | Method and system for data pushing and mobile terminal |
CN102904903A (en) * | 2012-11-02 | 2013-01-30 | 北京奇虎科技有限公司 | Communication system and communication method |
Also Published As
Publication number | Publication date |
---|---|
CN104601541A (en) | 2015-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104601541B (en) | Method, server and the user equipment of data transmission | |
US11089479B2 (en) | Signaling attack prevention method and apparatus | |
JP5392879B2 (en) | Method and apparatus for authenticating a communication device | |
CN107409125A (en) | The efficient strategy implement using network token for service user planar approach | |
JP2008508754A (en) | Method and system for providing related communication session information in a hybrid communication network | |
CN104767722B (en) | Management method, strategic server and the application function device of session | |
CN108881233A (en) | anti-attack processing method, device, equipment and storage medium | |
CN105814934B (en) | Handle method, mobile management entity and the home subscriber server of called service | |
CN108429682A (en) | A kind of optimization method and system of network transmission link | |
CN101877850A (en) | Access authentication method and device | |
CN105722072A (en) | Business authorization method, device, system and router | |
CN109041036A (en) | WIFI connection method and equipment | |
CN111147422A (en) | Method and device for controlling connection between terminal and network | |
CN106454814A (en) | GTP tunnel communication system and method | |
CN102427452B (en) | Synchronize (SYN) message transmitting method and device and network equipment | |
WO2013189398A2 (en) | Application data push method, device, and system | |
CN110351891A (en) | The method of data transmission and the device transmitted for data | |
CN106162733A (en) | A kind of abnormal flow suppressing method and device | |
CN104469745B (en) | The application process and device of a kind of integrity protection parameter | |
CN106797321B (en) | A kind of background traffic method for down loading, equipment and system | |
CN105357756B (en) | A kind of method and communications network system of paging | |
KR20130022089A (en) | Method for releasing tcp connections against distributed denial of service attacks and apparatus for the same | |
CN104917742A (en) | Information transmission method and apparatus | |
CN109286665A (en) | The real-time long link processing method and processing device of moving game | |
CN105530687B (en) | A kind of wireless network access controlling method and access device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |