Disclosure of Invention
The invention mainly aims to provide a network flow control method and a device, and aims to realize more refined control on APN card use flow.
In order to achieve the above object, the present invention provides a method for controlling network traffic, comprising the following steps:
receiving a network access request sent by a terminal when using an APN card, and acquiring a URL (uniform resource locator) address of the network access request;
determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition;
and if so, controlling the network flow consumed by the network access request according to the residual flow.
Optionally, before the step of obtaining the URL address of the network access request, the step of receiving the network access request sent by the terminal when using the APN card further includes:
and distributing corresponding network flow for different service types of the network access request.
Optionally, the step of determining whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition includes:
acquiring occupied flow of a request data packet of the network access request, and taking the residual flow currently corresponding to the service type of the network access request as a first residual flow;
if the occupied flow of the request data packet is less than or equal to the first residual flow, judging that the first residual flow meets a preset use condition;
the step of controlling the network traffic consumed by the network access request according to the remaining traffic comprises:
and updating the network flow consumed by the network access request according to the occupied flow of the request data packet.
Optionally, the step of determining whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition further includes:
acquiring the occupied flow of a response data packet of the network access request, and taking the difference value of the occupied flow of the first residual flow and the occupied flow of the request data packet as a second residual flow;
if the occupied flow of the response data packet is less than or equal to the second residual flow, judging that the second residual flow meets a preset use condition;
the step of controlling the network traffic consumed by the network access request according to the remaining traffic further includes:
and updating the network flow consumed by the network access request according to the occupied flow of the response data packet.
Optionally, after the step of obtaining the URL address of the network access request, the step of receiving the network access request sent by the terminal when using the APN card further includes:
obtaining a private IP of the APN card according to the URL address;
judging whether the APN card is registered according to the private IP;
if not, returning error information to the terminal; if yes, executing the following steps: determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
or judging whether the URL address is in a preset blacklist or not;
if yes, returning error information to the terminal; if not, executing the following steps: and determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In addition, to achieve the above object, the present invention provides a network flow control apparatus, including:
the first acquisition module is used for receiving a network access request sent by a terminal when using an APN card and acquiring a URL (uniform resource locator) address of the network access request;
the determining module is used for determining the service type of the network access request according to the acquired URL address, and the service type is pre-allocated with corresponding network flow;
the first judging module is used for judging whether the residual flow corresponding to the service type of the network access request currently meets the preset use condition;
and the control module is used for controlling the network flow consumed by the network access request according to the residual flow if the residual flow currently corresponding to the service type of the network access request meets the preset use condition.
Optionally, the apparatus further comprises:
and the distribution module is used for distributing corresponding network flow for different service types of the network access request.
Optionally, the first determining module includes:
an obtaining unit, configured to obtain an occupied traffic of a request data packet of the network access request, and use a remaining traffic currently corresponding to a service type of the network access request as a first remaining traffic;
a determining unit, configured to determine that the first remaining traffic satisfies a preset usage condition if an occupied traffic of the request packet is less than or equal to the first remaining traffic;
the control module is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the request packet.
Optionally, the obtaining unit is further configured to obtain an occupied traffic of a response packet of the network access request, and use a difference between the first remaining traffic and the occupied traffic of the request packet as a second remaining traffic;
the determining unit is further configured to determine that the second remaining traffic satisfies a preset use condition if the occupied traffic of the response packet is less than or equal to the second remaining traffic;
the control module is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the response packet.
Optionally, the apparatus further comprises:
the second acquisition module is used for acquiring the private IP of the APN card according to the URL address;
the second judgment module is used for judging whether the APN card is registered according to the private IP; if not, returning error information to the terminal; if yes, a determining module determines the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow;
or, the second judging module is further configured to judge whether the URL address is in a preset blacklist; if yes, returning error information to the terminal; if not, the determining module determines the service type of the network access request according to the acquired URL address, and the service type is pre-allocated with corresponding network flow.
The invention receives a network access request sent by a terminal when using an APN card, and acquires a URL address of the network access request; determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow; judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition; and if so, controlling the network flow consumed by the network access request according to the residual flow. The invention realizes the flow control of the APN card issued by the enterprise by arranging the flow control module in the enterprise intranet without additionally developing the internal logic of the APP; in addition, the invention classifies the network service through the URL address, and pre-configures the available flow under each service classification of each APN card, when receiving the network access request of the terminal, the invention determines the service type of the network access request through the URL address, and realizes the control of the network flow of the access request through the current corresponding residual flow of the service type. The invention can realize more refined control on the APN card use flow by controlling and limiting the flow of different network services.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a network flow control method.
Referring to fig. 1, fig. 1 is a flowchart illustrating a network traffic control method according to a first embodiment of the present invention. The method comprises the following steps:
step S10, receiving a network access request sent by the terminal when using the APN card, and acquiring a URL address of the network access request.
The APN card is a network traffic card, and is different from a common SIM (Subscriber identity Module) card in that when a terminal uses the APN card to perform network access, the domain name of the card points to a specific enterprise firewall, so that the terminal can route network traffic to the enterprise firewall through an APN channel every time the terminal uses the APN card, and then network data transmission is performed through an enterprise intranet. In this embodiment, a flow control module is provided in an intranet to implement flow control, flow statistics, and corresponding data forwarding.
Referring to fig. 2, fig. 2 is a schematic diagram of a network system architecture according to various embodiments of the present invention. The network system comprises an APN channel, an enterprise intranet and a public network. The flow control module is arranged in an enterprise intranet, is used as a service to realize communication with a registration server and a Web proxy server respectively, and is used for controlling the flow of each network access request sent by a terminal APP; the registration server is used for binding the private IP and the card number of the APN card and providing registration and query service of the card number; the Web proxy server is used for providing a network information turnover function, for example, when a terminal sends an external resource access request, the request is identified by the proxy server and is replaced by the proxy server as an external request resource, and when the external resource server responds to the access request, the proxy server feeds back a response result to the terminal.
In this embodiment, the mobile terminal may be a mobile phone, a tablet computer, or other device with a network access function. When a terminal uses an APN card to make a network access request, a flow control module located in an enterprise intranet receives the network access request of the terminal and obtains a URL (Uniform Resource Locator) address of the network access request, namely a network address, which points to a network information Resource to be accessed by the terminal.
Step S20, determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
After the flow control module acquires the URL address of the network access request, determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In this embodiment, in order to implement fine-grained control of traffic, a person skilled in the art may first classify network services based on URL addresses, where a standard URL generally includes a server type, a host name, a path, and a file name, and the service types may be divided according to different file names, for example, the service types may be divided into basic services (such as text, pictures, and links), entertainment services (such as video and music), download services, and other services. Generally, the traffic consumed by different services has a large difference, for example, the traffic consumed by the text service is small while the traffic consumed by the video service is large, so that the network services are classified and different available traffic is configured according to different service requirements, and the traffic can be controlled more specifically.
And then, storing the service types classified in advance and the usable network flow data configured for each service type in a corresponding storage unit, wherein the storage unit is also used for recording the residual flow in real time. The flow control module searches the service classification data in the storage unit according to the URL address, and then can determine the service type of the network access request and the corresponding residual flow. It should be noted that, when configuring the available traffic of each service, an enterprise may configure and set default values in a unified manner, and may also implement personalized configuration and modification of available traffic of different services by a user through a terminal-related service, and may make flexible selection in specific implementation.
Step S30, determining whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition.
The traffic control module determines whether the remaining traffic currently corresponding to the service type of the network access request meets a preset use condition, for example, the remaining traffic currently corresponding to the service type is greater than or equal to the traffic consumed by the network access request as the preset use condition, and if the remaining traffic does not meet the preset use condition, the network access is denied and an error message is returned to the terminal.
Step S40, if the remaining traffic corresponding to the service type of the network access request currently satisfies a preset use condition, controlling the network traffic consumed by the network access request according to the remaining traffic.
For example, when the service classification to which the URL address belongs has remaining traffic and the remaining traffic is greater than or equal to the traffic that needs to be consumed by the current network access request, it is determined that the remaining traffic meets the preset usage condition, and at this time, the traffic control module may send the request to the Web proxy server and automatically deduct the traffic that is consumed by the current network access request from the remaining traffic; of course, the traffic control module may also display how much traffic remains under the current service classification to the user through the terminal service, and the user determines whether to continue network access.
In this embodiment, a flow control module receives a network access request sent by a terminal when using an APN card, and acquires a URL address of the network access request; determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow; judging whether the current corresponding residual flow of the service type of the network access request meets a preset use condition; and if so, controlling the network flow consumed by the network access request according to the residual flow. In the embodiment, the flow control module is arranged in the enterprise intranet to realize the flow control of the APN card issued by the enterprise, and no additional development is needed for the internal logic of the APP; in addition, in this embodiment, network services are classified by a URL address, an available flow under each service classification of each APN card is configured in advance, when a network access request of a terminal is received, a service type of the network access request is determined by the URL address, and control of the network flow of the access request is implemented by a remaining flow currently corresponding to the service type. In this embodiment, by controlling and limiting the traffic of different network services, more refined control of the APN card usage traffic can be achieved.
Further, referring to fig. 3, fig. 3 is a flowchart illustrating a network traffic control method according to a second embodiment of the present invention. Based on the embodiment shown in fig. 1, before the step S10, the method may further include:
step S50, allocating corresponding network traffic for different service types of the network access request.
As an implementation manner, the flow control module may allocate corresponding network flows to different service types requested by the network access in real time, for example, obtain the total remaining flow of the current APN card, and then calculate how much network flow should be allocated to each service according to the preset percentage of flow allocated to each service, so as to implement dynamic allocation of network flows; of course, the traffic control module may also allocate corresponding network traffic for different service types of the network access request at certain time intervals, and may be flexibly configured in specific implementation.
In this embodiment, the dynamic allocation of the network traffic is realized by allocating corresponding network traffic for different service types requested by the network access, that is, the traffic control module can make full use of the remaining traffic of the current APN card, thereby avoiding the occurrence of a situation that the remaining traffic is too large to be used in a certain service type.
Further, referring to fig. 4, fig. 4 is a detailed flowchart illustrating the control of network traffic in the second embodiment of the present invention. Based on the above-mentioned embodiment shown in fig. 3, the step S30 may include:
step S31, acquiring occupied traffic of a request packet of the network access request, and taking remaining traffic currently corresponding to a service type of the network access request as first remaining traffic;
step S32, if the occupied traffic of the request packet is less than or equal to the first remaining traffic, determining that the first remaining traffic satisfies a preset usage condition.
The step S40 may include:
step S41, if the remaining traffic corresponding to the service type of the network access request currently satisfies a preset usage condition, updating the network traffic consumed by the network access request according to the occupied traffic of the request packet.
In this embodiment, since the traffic consumed by the network access request is generally determined by the size of the request data packet and the size of the response data packet, the traffic control module may first obtain the request data packet of the network access request and calculate the occupied traffic size, then compare the occupied traffic of the request data packet with the remaining traffic of the current corresponding service class, that is, the first remaining traffic, and if the occupied traffic of the request data packet is less than or equal to the first remaining traffic, determine that the first remaining traffic satisfies the preset usage condition, at this time, take the occupied traffic of the request data packet as the consumed network traffic, to complete the update of the consumed network traffic, and then forward the network request to the proxy server; and if the occupied flow of the request data packet is larger than the current residual flow, not updating the network flow and returning error information to the terminal.
Further, referring to fig. 5, fig. 5 is a schematic diagram illustrating another detailed flow of controlling network traffic according to the second embodiment of the present invention. The step S30 may further include:
step S33, acquiring an occupied traffic of a response packet of the network access request, and taking a difference between the occupied traffic of the request packet and the first remaining traffic as a second remaining traffic;
step S34, if the occupied traffic of the response packet is less than or equal to the second remaining traffic, determining that the second remaining traffic satisfies a preset usage condition.
The step S40 may further include:
step S42, if the remaining traffic corresponding to the service type of the network access request currently satisfies a preset usage condition, updating the network traffic consumed by the network access request according to the occupied traffic of the response packet.
When receiving a response of network access, a flow control module acquires a response data packet corresponding to a Web server through a proxy server and calculates the occupied flow, meanwhile, the difference value of the occupied flow of the first residual flow and the occupied flow of the request data packet is used as a second residual flow, then the occupied flow of the response data packet is compared with the residual flow under the current corresponding service classification, namely the second residual flow, if the occupied flow of the request data packet is less than or equal to the second residual flow, the occupied flow of the response data packet is used as the consumed network flow so as to finish the update of the consumed network flow, and meanwhile, the network response is forwarded to a mobile terminal to finish the network access process; and if the occupied flow of the response data packet is larger than the current residual flow, not updating the network flow and returning error information to the terminal.
In the embodiment, two stages of a request and a response of a network access request of a terminal are considered, when the terminal carries out the network access request, the flow control module respectively controls the use flow of the two stages through a preset condition, and then judges whether the terminal is allowed to continue network access, so that the residual flow under each service classification can be ensured not to be a negative value, namely the flow consumed by the network access under each service classification can not exceed a preset value, and the flow control requirement of fine granularity of a user is met.
Further, referring to fig. 6, fig. 6 is a flowchart illustrating a network traffic control method according to a third embodiment of the present invention. Based on the above embodiment, after the step S10, the method may further include:
step S60, obtaining the private IP of the APN card according to the URL address;
step S70, judging whether the APN card is registered according to the private IP;
step S80, if the APN card is not registered, returning error information to the terminal; if the APN card is registered, executing the following steps: and determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In this embodiment, the APN card registration includes writing of APN card data, such as real name system information, card number of the APN card and binding information of the private IP. After extracting the private IP from the URL, the flow control module can upload the private IP to a registration server, the registration server detects whether the registration information of the APN card meets preset conditions, for example, real-name registration is required and the card number is bound with the private IP, if the private IP is bound with the APN card and the APN card is real-name registration, the APN card is judged to be registered, at the moment, the registration server returns a registered message to the flow control module, and the flow control module determines the service type of the network access request according to the acquired URL address; otherwise, if the private IP is not bound with the APN card or the APN card is not registered in a real name system, judging that the APN card is not registered, and refusing network access and returning error information to the terminal. Of course, the preset condition of whether the APN card is registered can be flexibly set, for example, only the private IP and the APN card are bound.
Particularly, if the URL acquired by the traffic control module is a registration message, the message is directly sent to the registration server, and the registration server completes registration services such as binding of a private IP and an APN card, so that the mobile terminal can perform network access.
It should be noted that, when the network connection of the terminal is unstable, or when the network reconnection is caused by switching from WIFI to data connection, the private IP, that is, the IP address used by the terminal in the local area network, the terminal needs to upload a registration message to the registration server to complete the binding of the new IP and the card number, because the private IP of the APN card is dynamically allocated by the operator, and the IP change is caused each time the terminal reconnects the network. The flow control module extracts the private IP from the URL to identify which APN card is in network access.
In this embodiment, by binding the card number and the private IP of the APN card and extracting the private IP from the URL address, the APN card that has been registered can be identified, and the network access request of the unregistered APN card is rejected, so that the filtering processing of the network access message can be implemented.
Further, referring to fig. 7, fig. 7 is a flowchart illustrating a network traffic control method according to a fourth embodiment of the present invention. After the step S10, the method may further include:
step S90, judging whether the URL address is in a preset blacklist;
step S100, if the URL address is in a preset blacklist, returning error information to the terminal; if the URL address is not in a preset blacklist, executing the following steps: and determining the service type of the network access request according to the acquired URL address, wherein the service type is pre-allocated with corresponding network flow.
In this embodiment, a blacklist may be set for network access in advance based on a URL address, and after the flow control module acquires the URL address, it may first determine whether the URL address is within the preset blacklist, and if so, deny network access and return an error message to the terminal; if not, determining the service type of the network access request according to the acquired URL address.
According to the embodiment, the blacklist is set for the URL, and the request message is intercepted when the URL accessed by the user is in the blacklist, so that the user can be prevented from accessing some illegal or dangerous websites, the filtering processing of the network access message can be realized, and the network access environment is safer.
The invention also provides a network flow control device.
Referring to fig. 8, fig. 8 is a functional block diagram of a network flow control device according to a first embodiment of the present invention. The device comprises:
a first obtaining module 10, configured to receive a network access request sent by a terminal when using an APN card, and obtain a URL address of the network access request.
The APN card is a network traffic card, and is different from a common SIM (Subscriber identity Module) card in that when a terminal uses the APN card to perform network access, the domain name of the card points to a specific enterprise firewall, so that the terminal can route network traffic to the enterprise firewall through an APN channel every time the terminal uses the APN card, and then network data transmission is performed through an enterprise intranet. In this embodiment, a flow control module is provided in an intranet to implement flow control, flow statistics, and corresponding data forwarding.
Referring to fig. 2, fig. 2 is a schematic diagram of a network system architecture according to various embodiments of the present invention. The network system comprises an APN channel, an enterprise intranet and a public network. The flow control module is arranged in an enterprise intranet, is used as a service to realize communication with a registration server and a Web proxy server respectively, and is used for controlling the flow of each network access request sent by a terminal APP; the registration server is used for binding the private IP and the card number of the APN card and providing registration and query service of the card number; the Web proxy server is used for providing a network information turnover function, for example, when a terminal sends an external resource access request, the request is identified by the proxy server and is replaced by the proxy server as an external request resource, and when the external resource server responds to the access request, the proxy server feeds back a response result to the terminal.
In this embodiment, the mobile terminal may be a mobile phone, a tablet computer, or other device with a network access function. When the terminal uses the APN card to make a network access request, the first obtaining module 10 receives the network access request of the terminal and obtains a URL (Uniform Resource Locator) address of the network access request, that is, a network address, where the network address points to a network information Resource to be accessed by the terminal.
A determining module 20, configured to determine a service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic;
after the first obtaining module 10 obtains the URL address of the network access request, the determining module 20 determines the service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic.
In this embodiment, in order to implement fine-grained control of traffic, a person skilled in the art may first classify network services based on URL addresses, where a standard URL generally includes a server type, a host name, a path, and a file name, and the service types may be divided according to different file names, for example, the service types may be divided into basic services (such as text, pictures, and links), entertainment services (such as video and music), download services, and other services. Generally, the traffic consumed by different services has a large difference, for example, the traffic consumed by the text service is small while the traffic consumed by the video service is large, so that the network services are classified and different available traffic is configured according to different service requirements, and the traffic can be controlled more specifically.
And then, storing the service types classified in advance and the usable network flow data configured for each service type in a corresponding storage unit, wherein the storage unit is also used for recording the residual flow in real time. The determining module 20 searches the service classification data in the storage unit according to the URL address, and can further determine the service type of the network access request and the corresponding remaining traffic. It should be noted that, when configuring the available traffic of each service, an enterprise may configure and set default values in a unified manner, and may also implement personalized configuration and modification of available traffic of different services by a user through a terminal-related service, and may make flexible selection in specific implementation.
A first judging module 30, configured to judge whether a remaining traffic currently corresponding to a service type of the network access request meets a preset use condition;
the first determining module 30 determines whether the remaining traffic corresponding to the service type of the network access request currently meets a preset use condition, for example, the remaining traffic corresponding to the service type currently is greater than or equal to the traffic consumed by the network access request as the preset use condition, and if the remaining traffic does not meet the preset use condition, the network access is denied and an error message is returned to the terminal.
And the control module 40 is configured to control the network traffic consumed by the network access request according to the remaining traffic if the remaining traffic currently corresponding to the service type of the network access request meets a preset use condition.
For example, when the service class to which the URL address belongs has remaining traffic and the remaining traffic is greater than or equal to the traffic that needs to be consumed by the current network access request, it is determined that the remaining traffic meets the preset usage condition, and at this time, the control module 40 may send the request to the Web proxy server and automatically deduct the traffic that is consumed by the current network access request from the remaining traffic; of course, how much traffic remains under the current traffic classification can also be displayed to the user through the terminal service, and the user determines whether to continue network access.
In this embodiment, the first obtaining module 10 receives a network access request sent by a terminal when using an APN card, and obtains a URL address of the network access request; the determining module 20 determines the service type of the network access request according to the acquired URL address, where the service type is pre-allocated with corresponding network traffic; the first judging module 30 judges whether the remaining traffic currently corresponding to the service type of the network access request meets a preset use condition; if yes, the control module 40 controls the network traffic consumed by the network access request according to the remaining traffic. In the embodiment, the flow control module is arranged in the enterprise intranet to realize the flow control of the APN card issued by the enterprise, and no additional development is needed for the internal logic of the APP; in addition, in this embodiment, network services are classified by a URL address, an available flow under each service classification of each APN card is configured in advance, when a network access request of a terminal is received, a service type of the network access request is determined by the URL address, and control of the network flow of the access request is implemented by a remaining flow currently corresponding to the service type. In this embodiment, by controlling and limiting the traffic of different network services, more refined control of the APN card usage traffic can be achieved.
Further, referring to fig. 9, fig. 9 is a functional block diagram of a second embodiment of the network flow control device according to the present invention. Based on the embodiment shown in fig. 8, the apparatus further includes:
and the allocating module 50 is used for allocating corresponding network traffic for different service types of the network access request.
As an implementation manner, the allocating module 50 may allocate corresponding network traffic to different service types requested by the network access in real time, for example, obtain the total remaining traffic of the current APN card, and then calculate how much network traffic should be allocated to each service according to a preset percentage of traffic allocated to each service, so as to implement dynamic allocation of network traffic; of course, the allocating module 50 may also allocate corresponding network traffic for different service types of the network access request according to a certain time interval, and may be flexibly configured in the specific implementation.
In this embodiment, the allocating module 50 allocates corresponding network traffic for different service types requested by the network access, so as to implement dynamic allocation of network traffic, that is, the remaining traffic of the current APN card can be fully utilized, and the situation that the remaining traffic of a certain service type is too much to be used is avoided.
Further, referring to fig. 10, fig. 10 is a schematic diagram of a detailed functional module of the first determining module. The first determining module 30 may include:
an obtaining unit 31, configured to obtain an occupied traffic of a request data packet of the network access request, and use a remaining traffic currently corresponding to a service type of the network access request as a first remaining traffic;
a determining unit 32, configured to determine that the first remaining traffic satisfies a preset usage condition if an occupied traffic of the request packet is less than or equal to the first remaining traffic;
the control module 40 is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the request packet.
In this embodiment, since the traffic consumed by the network access request is generally determined by the size of the request packet and the size of the response packet, the obtaining unit 31 may first obtain the request packet of the network access request and calculate the occupied traffic size, the determining unit 32 compares the occupied traffic of the request packet with the remaining traffic under the current corresponding service classification, that is, the first remaining traffic, and if the occupied traffic of the request packet is less than or equal to the first remaining traffic, it is determined that the first remaining traffic meets the preset use condition, at this time, the control module 40 uses the occupied traffic of the request packet as the consumed network traffic to complete the update of the consumed network traffic, and then forwards the network request to the proxy server; if the occupied flow of the request data packet is greater than the current remaining flow, the control module 40 does not update the network flow and returns an error message to the terminal.
Further, with reference to fig. 10 continuously, the obtaining unit 31 is further configured to obtain an occupied traffic of a response packet of the network access request, and use a difference value between the first remaining traffic and the occupied traffic of the request packet as a second remaining traffic;
the determining unit 32 is further configured to determine that the second remaining traffic satisfies a preset use condition if the occupied traffic of the response packet is less than or equal to the second remaining traffic;
the control module 40 is further configured to update the network traffic consumed by the network access request according to the occupied traffic of the response packet.
When receiving a response of network access, the flow control module acquires a response data packet corresponding to the Web server through the proxy server and calculates the occupied flow, meanwhile, the difference value of the occupied flow of the first residual flow and the occupied flow of the request data packet is used as a second residual flow, then the occupied flow of the response data packet is compared with the residual flow under the current corresponding service classification, namely the second residual flow, if the occupied flow of the request data packet is less than or equal to the second residual flow, at the moment, the control module 40 takes the occupied flow of the response data packet as the consumed network flow to finish the updating of the consumed network flow, and meanwhile, the network response is forwarded to the mobile terminal to finish the network access process; and if the occupied flow of the response data packet is larger than the current residual flow, not updating the network flow and returning error information to the terminal.
In the embodiment, two stages of a request and a response of a network access request of a terminal are considered, when the terminal carries out the network access request, the flow control module respectively controls the use flow of the two stages through a preset condition, and then judges whether the terminal is allowed to continue network access, so that the residual flow under each service classification can be ensured not to be a negative value, namely the flow consumed by the network access under each service classification can not exceed a preset value, and the flow control requirement of fine granularity of a user is met.
Further, referring to fig. 11, fig. 11 is a functional block diagram of a third embodiment of the network flow control device according to the present invention. The device further comprises:
a second obtaining module 60, configured to obtain a private IP of the APN card according to the URL address;
a second judging module 70, configured to judge whether the APN card is registered according to the private IP; if not, returning error information to the terminal; if yes, the determining module 20 determines the service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic;
in this embodiment, the APN card registration includes writing of APN card data, such as real name system information, card number of the APN card and binding information of the private IP. After the second obtaining module 60 extracts the private IP from the URL, the private IP may be uploaded to a registration server, and the registration server detects whether the registration information of the APN card meets a preset condition, for example, it is necessary that the APN card is registered in a real name system and the card number is bound to the private IP, if the private IP is bound to the APN card and the APN card is registered in a real name system, the second determining module 70 determines that the APN card is registered, at this time, the registration server returns the registered information, and the determining module 20 determines the service type of the network access request according to the obtained URL address; otherwise, if the private IP is not bound to the APN card, or the APN card is not registered in a real name system, the determining module 60 determines that the APN card is not registered, and at this time, denies network access and returns an error message to the terminal. Of course, the preset condition of whether the APN card is registered can be flexibly set, for example, only the private IP and the APN card are bound.
Particularly, if the URL acquired by the traffic control module is a registration message, the message is directly sent to the registration server, and the registration server completes registration services such as binding of a private IP and an APN card, so that the mobile terminal can perform network access.
It should be noted that, when the network connection of the terminal is unstable, or when the network reconnection is caused by switching from WIFI to data connection, the private IP, that is, the IP address used by the terminal in the local area network, the terminal needs to upload a registration message to the registration server to complete the binding of the new IP and the card number, because the private IP of the APN card is dynamically allocated by the operator, and the IP change is caused each time the terminal reconnects the network. The flow control module extracts the private IP from the URL to identify which APN card is in network access.
In this embodiment, by binding the card number and the private IP of the APN card and extracting the private IP from the URL address, the APN card that has been registered can be identified, and the network access request of the unregistered APN card is rejected, so that the filtering processing of the network access message can be implemented.
Further, with reference to fig. 11, the second determining module 70 is further configured to determine whether the URL address is in a preset blacklist; if yes, returning error information to the terminal; if not, the determining module 20 determines the service type of the network access request according to the obtained URL address, where the service type is pre-allocated with corresponding network traffic.
In this embodiment, a blacklist may be set for network access in advance based on a URL address, after the flow control module obtains the URL address, the second determining module 70 may first determine whether the URL address is in the preset blacklist, and if so, refuse the network access and return an error message to the terminal; if not, the determining module 20 determines the service type of the network access request according to the obtained URL address.
According to the embodiment, the blacklist is set for the URL, and the request message is intercepted when the URL accessed by the user is in the blacklist, so that the user can be prevented from accessing some illegal or dangerous websites, the filtering processing of the network access message can be realized, and the network access environment is safer.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.