CN105306616A - Multimedia terminal and kernel-based DNS interception method - Google Patents

Multimedia terminal and kernel-based DNS interception method Download PDF

Info

Publication number
CN105306616A
CN105306616A CN201510606777.7A CN201510606777A CN105306616A CN 105306616 A CN105306616 A CN 105306616A CN 201510606777 A CN201510606777 A CN 201510606777A CN 105306616 A CN105306616 A CN 105306616A
Authority
CN
China
Prior art keywords
dns
user
described
data
kernel
Prior art date
Application number
CN201510606777.7A
Other languages
Chinese (zh)
Inventor
李利民
Original Assignee
深圳前海华视移动互联有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海华视移动互联有限公司 filed Critical 深圳前海华视移动互联有限公司
Priority to CN201510606777.7A priority Critical patent/CN105306616A/en
Publication of CN105306616A publication Critical patent/CN105306616A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements or network protocols for addressing or naming
    • H04L61/15Directories; Name-to-address mapping
    • H04L61/1505Directories; Name-to-address mapping involving standard directories or standard directory access protocols
    • H04L61/1511Directories; Name-to-address mapping involving standard directories or standard directory access protocols using domain name system [DNS]

Abstract

The invention discloses a multimedia terminal and a kernel-based DNS interception method. When a user accesses extranet data by virtue of WIFI of a car-mounted multimedia terminal, a kernel Netfilter module carries out the following steps: intercepting a DNS request packet when the user requests accessing the extranet data; judging whether to release the extranet data to the user or not according to the released data link list, wherein the released data link list is used for caching identifying information of users; and if the judgment result is not to release, forming a DNS response packet pointing to a local portal address and returning the DNS response packet to the user. Through implementing the technical scheme provided by the invention, since DNS data are tampered through the kernel Netfilter, the tampered DNS data point to the local portal to solve the problem on DNS caching.

Description

A kind of multimedia terminal and the DNS hold-up interception method realized based on kernel

Technical field

The present invention relates to field of information communication, the DNS hold-up interception method particularly relating to a kind of multimedia terminal and realize based on kernel.

Background technology

Along with the development of Internet technology, Internet communication has been widely used in the every aspect of living, and causes powerful impact to the survival and development of traditional tv media.At present, no matter domestic be bus or long-distance bus, and all some are out-of-date repeatedly playing, and the program that cannot select, on some long-distance bus, even some months does not change video frequency program, plays the film that some are very old.What passenger was left with no alternative at all passively watches, having no enjoyment can say.

Along with development scientific and technological now, the Internet spreads to the every nook and cranny of society.Passenger wishes not only to need the vehicles easily, more wishes to dismiss the time boring by bus easily on journey.Vehicle-mounted multimedia terminal is meeting wireless business demand while, provides customizable brand advertising certification page and effective 3G/4G network, can also utilize WIFI local area network (LAN), makes a WIFI entertainment advertisement platform.Operator can store the content uploadings such as film, TV, music, amusement, consulting this locality to multimedia terminal.User is without the need to installing any software, by simple authentication mode, just can allow smart mobile phone, panel computer and other WIFI access terminals easily logging onto the Internet in mobile occasions such as public transport, long-distance big bus, trains by multimedia terminal, select to play the media content liked.

At present, when user is by multimedia terminal access outer net, after the WIFI connecting multimedia terminal, also need to carry out phone number certification, at present, on market, major part is the DNS interception based on the exploitation of iptables application layer, such as, when user accesses outer network data, first clearance is determined whether by Iptables, when letting pass, according to normal flow process request DNS data; When not letting pass, interception DNS data, and be redirected to 5353 ports of local dns masq, the domain name mapping of accessed outer net is become the IP address of local door by DNSmasq.But this mode can cause the problem of DNS cache, and dns resolution has a TTL cache-time, in this cache-time, again can not ask dns resolution.

Summary of the invention

The technical problem to be solved in the present invention is, for the above-mentioned defect that there is DNS cache problem of prior art, the DNS hold-up interception method providing a kind of multimedia terminal and realize based on kernel, can not exist DNS cache problem.

The technical solution adopted for the present invention to solve the technical problems is: construct a kind of DNS hold-up interception method realized based on kernel, and when user accesses outer network data by the WIFI of vehicle-mounted multimedia terminal, kernel Netfilter module carries out following steps:

When the outer network data of user's request access, tackle the DNS request bag of described user;

Judge whether to let pass described outer network data to described user according to clearance data link table, wherein, described clearance data link table is used for buffer memory and has let pass the identification information of user;

When judging not let pass, the DNS that structure points to local portal address responds bag, and returns described user.

Further, also comprise:

Monitor application layer and whether have socket data, and when there being socket data, increasing in described clearance data link table according to the operational order that user's space sends or deleting the identification information of user.

Further, when judging to let pass, according to normal flow request DNS data.

Further, the step that the DNS response that structure points to local portal address is wrapped comprises:

Answer in field at the DNS of described DNS request bag and add local portal address, and package again.

The present invention also constructs a kind of vehicle-mounted multimedia terminal, comprises kernel Netfilter module, and described kernel Netfilter module comprises:

Interception unit, for during network data, tackling the DNS request bag of described user outside user's request access;

Judging unit, to let pass described outer network data to described user for judging whether according to clearance data link table, and wherein, described clearance data link table is used for buffer memory and has let pass the identification information of user;

Structural unit, for when judging not let pass, the DNS that structure points to local portal address responds bag, and returns described user.

Further, described kernel Netfilter module also comprises:

Whether chained list amendment unit, have socket data for monitoring application layer, and when there being socket data, increasing according to the operational order that user's space sends or deleting the identification information of user in described clearance data link table.

Further, described kernel Netfilter module also comprises:

DNS processing unit, for when judging to let pass, according to normal flow request DNS data.

Further, described structural unit, for adding local portal address and package constructs DNS and responds bag again by answering in field at the DNS of described DNS request bag.

Implement technical scheme of the present invention, owing to distorting DNS data by kernel Netfilter, make the DNS data after distorting point to local door, to compare dns resolution by dnsamsq to local door, DNS cache problem can be solved.

Accompanying drawing explanation

Below in conjunction with drawings and Examples, the invention will be further described, in accompanying drawing:

Fig. 1 is the flow chart that the present invention is based on the DNS hold-up interception method embodiment one that kernel realizes;

Fig. 2 is the logic diagram of the kernel Netfilter module embodiments one of vehicle-mounted multimedia terminal of the present invention;

Fig. 3 is the logic diagram of the kernel Netfilter module embodiments two of vehicle-mounted multimedia terminal of the present invention.

Embodiment

Fig. 1 is the flow chart that the present invention is based on the DNS hold-up interception method embodiment one that kernel realizes, and in this embodiment, when user accesses outer network data by the WIFI of vehicle-mounted multimedia terminal, kernel Netfilter module carries out following steps:

S1., when the outer network data of user's request access, the DNS request bag of described user is tackled;

S2. judge whether to let pass described outer network data to described user according to clearance data link table, if so, then perform step S4; If not, then step S3 is performed; Wherein, described clearance data link table is used for buffer memory and has let pass the identification information of user;

S3. structure points to the DNS response bag of local portal address, and returns described user.In this step, preferably, bag is responded by constructing DNS with under type: answer in field at the DNS of described DNS request bag and add local portal address, and package again;

S4. according to normal flow request DNS data.

Implement the technical scheme of this embodiment, owing to distorting DNS data by kernel Netfilter, make the DNS data after distorting point to local door, DNS cache problem can be solved.

On the basis of above-described embodiment, further, when user connects the WIFI of vehicle-mounted multimedia terminal, following steps are carried out:

Monitor application layer and whether have socket data, these socket data are the message that user's space netlink sends over, and need whether the identification information (being such as ip address) judging this user is the identification information authenticated;

When there being socket data, increasing in described clearance data link table according to the operational order that user's space sends or deleting the identification information of user.

Fig. 2 is the logic diagram of the kernel Netfilter module embodiments one of vehicle-mounted multimedia terminal of the present invention, and the kernel Netfilter module of the vehicle-mounted multimedia terminal of this embodiment comprises interception unit 11, judging unit 12 and structural unit 13.And in this embodiment, interception unit 11 for during network data, tackling the DNS request bag of described user outside user's request access.Judging unit 12 to be let pass described outer network data to described user for judging whether according to clearance data link table, and wherein, clearance data link table is used for buffer memory and has let pass the identification information of user.Structural unit 13 is for when judging not let pass, and the DNS that structure points to local portal address responds bag, and returns described user.Preferably, structural unit 13 is for adding local portal address and package constructs DNS and responds bag again by answering in field at the DNS of described DNS request bag.

Fig. 3 is the logic diagram of the kernel Netfilter module embodiments two of vehicle-mounted multimedia terminal of the present invention, the kernel Netfilter module of this embodiment compares the embodiment shown in Fig. 2, difference is, also comprise DNS processing unit 14 and chained list amendment unit 15, wherein, DNS processing unit 14 for judge let pass time, according to normal flow request DNS data.Whether chained list amendment unit 15 has socket data for monitoring application layer, and when there being socket data, increasing according to the operational order that user's space sends or deleting the identification information of user in described clearance data link table.

The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within right of the present invention.

Claims (8)

1. based on the DNS hold-up interception method that kernel realizes, it is characterized in that, when user accesses outer network data by the WIFI of vehicle-mounted multimedia terminal, kernel Netfilter module carries out following steps:
When the outer network data of user's request access, tackle the DNS request bag of described user;
Judge whether to let pass described outer network data to described user according to clearance data link table, wherein, described clearance data link table is used for buffer memory and has let pass the identification information of user;
When judging not let pass, the DNS that structure points to local portal address responds bag, and returns described user.
2. the DNS hold-up interception method realized based on kernel according to claim 1, is characterized in that, also comprise:
Monitor application layer and whether have socket data, and when there being socket data, increasing in described clearance data link table according to the operational order that user's space sends or deleting the identification information of user.
3. the DNS hold-up interception method realized based on kernel according to claim 1, is characterized in that,
When judging to let pass, according to normal flow request DNS data.
4. the DNS hold-up interception method realized based on kernel according to claim 1, is characterized in that,
The step that structure points to the DNS response bag of local portal address comprises:
Answer in field at the DNS of described DNS request bag and add local portal address, and package again.
5. a vehicle-mounted multimedia terminal, comprises kernel Netfilter module, it is characterized in that, described kernel Netfilter module comprises:
Interception unit, for during network data, tackling the DNS request bag of described user outside user's request access;
Judging unit, to let pass described outer network data to described user for judging whether according to clearance data link table, and wherein, described clearance data link table is used for buffer memory and has let pass the identification information of user;
Structural unit, for when judging not let pass, the DNS that structure points to local portal address responds bag, and returns described user.
6. vehicle-mounted multimedia terminal according to claim 5, is characterized in that, described kernel Netfilter module also comprises:
Whether chained list amendment unit, have socket data for monitoring application layer, and when there being socket data, increasing according to the operational order that user's space sends or deleting the identification information of user in described clearance data link table.
7. vehicle-mounted multimedia terminal according to claim 5, is characterized in that, described kernel Netfilter module also comprises:
DNS processing unit, for when judging to let pass, according to normal flow request DNS data.
8. vehicle-mounted multimedia terminal according to claim 5, is characterized in that,
Described structural unit, for adding local portal address and package constructs DNS and responds bag again by answering in field at the DNS of described DNS request bag.
CN201510606777.7A 2015-09-22 2015-09-22 Multimedia terminal and kernel-based DNS interception method CN105306616A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510606777.7A CN105306616A (en) 2015-09-22 2015-09-22 Multimedia terminal and kernel-based DNS interception method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510606777.7A CN105306616A (en) 2015-09-22 2015-09-22 Multimedia terminal and kernel-based DNS interception method

Publications (1)

Publication Number Publication Date
CN105306616A true CN105306616A (en) 2016-02-03

Family

ID=55203354

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510606777.7A CN105306616A (en) 2015-09-22 2015-09-22 Multimedia terminal and kernel-based DNS interception method

Country Status (1)

Country Link
CN (1) CN105306616A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330948A (en) * 2016-09-09 2017-01-11 杭州华三通信技术有限公司 Message control method and message control device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327025A (en) * 2013-06-28 2013-09-25 北京奇虎科技有限公司 Method and device for network access control
CN103873466A (en) * 2014-03-04 2014-06-18 深信服网络科技(深圳)有限公司 HTTPS (Hypertext Transfer Protocol Secure) website filtration and interdict alarm method and device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327025A (en) * 2013-06-28 2013-09-25 北京奇虎科技有限公司 Method and device for network access control
CN103873466A (en) * 2014-03-04 2014-06-18 深信服网络科技(深圳)有限公司 HTTPS (Hypertext Transfer Protocol Secure) website filtration and interdict alarm method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
乐德广等: "基于Netfilter的NAT技术及其应用", 《计算机工程》 *
张焕杰等: "利用netfilter NFQUEUE 实现网关认证的HTTP重定向", 《通信学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330948A (en) * 2016-09-09 2017-01-11 杭州华三通信技术有限公司 Message control method and message control device

Similar Documents

Publication Publication Date Title
US9824230B2 (en) Remote data access techniques for portable devices
US10091203B2 (en) Specialized network fileserver
CN103392321B (en) WAN for laterally disposing based on policy integration optimizes the system and method for equipment
US9917889B2 (en) Enterprise service bus routing system
TWI501610B (en) Method and apparatus for providing shared services
CN103873486B (en) For the system and method for load balancing real time streaming protocol
CN103477588B (en) The classification of Network and management method and system between blade in blade server
CN103119907B (en) It is provided for the system and method for the smart group of access control
CN102202289B (en) Method and system for remote calling software and hardware resources through mobile terminal
US9264904B2 (en) System and method for providing a content delivery network via a motor vehicle
KR101707134B1 (en) Wireless data privacy maintained through a social network
US8209378B2 (en) Methods and apparatus for widget sharing between content aggregation points
CN102439593B (en) Method and apparatus of providing personalized virtual environment
CN102246489B (en) Systems and methods for connection management for asynchronous messaging over http
US9621407B2 (en) Apparatus and method for pattern hiding and traffic hopping
CN101656765B (en) Address mapping system and data transmission method of identifier/locator separation network
US20120221697A1 (en) Method and apparatus for providing proxy-based content discovery and delivery
US20140366117A1 (en) Method and system of managing a captive portal with a router
US7039033B2 (en) System, device and computer readable medium for providing a managed wireless network using short-range radio signals
CN103986776B (en) A kind of router and the method for down loading based on router
CN101636998B (en) Systems and methods for application based interception ssi/vpn traffic
US8180376B1 (en) Mobile analytics tracking and reporting
KR101826114B1 (en) Methods, computer-readable non-transitory storage media and routers for providing access to a communication network
US20090112875A1 (en) Shared view of customers across business support systems (bss) and a service delivery platform (sdp)
US10063650B2 (en) Intranet distributed caching

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160203