A kind of network filtering method and client rs PC based on PC ends
Technical field
The present invention relates to field of computer technology, more particularly to a kind of network filtering method and client based on PC ends
PC。
Background technology
With the rapid popularization of internet, Web content " rubbish " has begun to invade the life of people, as interconnection now
Online substantial amounts of flame, gradually soul of the invasion and attack to people.Internet is selected the essence, discarding dross, so as to protect
Protect oneself and resist the teenager of power extreme difference, cause the concern of people, therefore, network filtering technology arises.
Network filtering technology takes appropriate technical measures, and internet flame is filtered, and can both prevent bad
Infringement of the information to people, the requirement in terms of adapting to society to ideology, meanwhile, by the internet behavior of specification user, carry
High workload efficiency, rationally using Internet resources, reduces infringement of the virus to network, here it is network filtering technology is basic interior
Contain.
At present, the network filtering method based on PC ends mainly has the following two kinds:
(1) HOOK technologies are used in application layer, interception filtering is carried out by browser plug-in.This method is realized relatively holding
Easily, efficiency high, but easily by anti-HOOK, killing, monitoring be not comprehensive;
(2) intercepted by driving layer.This method can be monitored substantially so network service, but development cost is high,
Drive layer to carry out data analyzing efficiency low, be easily caused blue screen.
The content of the invention
It is an object of the invention to overcome the deficiencies in the prior art, propose that one kind overcomes above mentioned problem or at least in part
A kind of the network filtering method and client rs PC based on PC ends for solving the above problems, being driven by the TDI of transport layer will communication
Data request packet and data response bag be forwarded to the network application filter of application layer, by the network application for being in application layer
Filter is analyzed treatment to data packet-related information, therefore TDI drives and simply play a forwarding effect, business letter
Single, realization is easy, and monitoring is comprehensive, efficiency high.
The technical solution adopted for the present invention to solve the technical problems is:
On the one hand, a kind of network filtering method based on PC ends, methods described is applied including client rs PC and server
Network in, the client rs PC pass through internet and the server communication;The client rs PC includes application program and biography
Defeated layer driving interface TDI drives;The application program includes web application and network application filter;Methods described bag
Include:
The TDI drives and receives the packet that application program sends to the server, obtains the process that packet is carried
Mark, judge the process identification (PID) whether be network application filter process identification (PID);
If it is, the TDI drives delivers a packet to the server;If it is not, the TDI is driven data
Bag is transmitted to network application filter and is pre-processed, and the network application filter forwards pretreated packet
Driven to the TDI;The TDI drives and for pretreated packet to be transmitted to the server;
Response data packet is sent to the TDI and driven by the server;The TDI drives and turns the response data packet
Issuing the network application filter carries out filtration treatment, and the network application filter is by the number of responses after filtration treatment
The TDI is transmitted to according to bag to drive, the TDI drives and for the response data packet after filtration treatment to be transmitted to the network application journey
Sequence.
Preferably, the TDI drives and receives the packet that application program sends to the server, obtains packet and carries
Process identification (PID), judge the process identification (PID) whether be network application filter process identification (PID) step before, also include:
The client of the network application filter receives control parameter and sets request, obtains pretreatment and filtration treatment
Control parameter.
Preferably, the pretreatment control parameter of setting includes:Whether disabling access network, whether disable Transmission Control Protocol transmission,
Whether the URL blacklist of udp protocol transmission and http protocol is disabled.
Preferably, the forbidden networks include global suspension and process suspension;The disabling Transmission Control Protocol transmission includes the overall situation
Disabling TCP and process disabling TCP;The disabling udp protocol transmission includes global disabling UDP and process disabling UDP.
Preferably, the network application filter carries out pretreatment includes:
Step a, judges whether to set global suspension, if it has, closing connection request;Otherwise, it is determined whether the process of setting
Suspension, if it has, closing connection request, otherwise, performs step b;
Step b, judges that transport layer communication protocol is TCP or UDP;If UDP, step c is performed;If TCP, hold
Row step d;
Step c, judges whether to set global disabling UDP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling UDP is put, if setting, connection request is closed, otherwise, packet is transmitted to the TDI and drives;
Step d, judges whether to set global disabling TCP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling TCP is put, if setting, connection request is closed, step e is otherwise performed;
Step e, judges whether application layer communication protocol is HTTP, if it is not, packet is transmitted to the TDI driving;
If it is, step f is performed,
Step f, parses HTTP packet headers, according to the URL blacklists for setting, judges whether network address allows to access, such as
Fruit does not allow to access, and return forbids access webpage to point out and close connection request, and otherwise, packet is transmitted to the TDI and drives.
Preferably, the filtration treatment control parameter of setting includes:Filtering keys, replace keyword, filtering and picture and replace
Change picture.
Preferably, the filtration treatment includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, and be replaced into it is right
The replacement keyword and replacement picture answered.
A kind of network filtering method based on PC ends of the present invention, when application layer has any network activity, packet passes through
Socket is down transmitted, and when reaching TDI driving layers, TDI drives can determine whether that network should according to the process identification (PID) of sender
With the process identification (PID) of filter, Network Driver Interface specification NDIS drivings are if it is directly down transmitted to, then by physics
Network interface card is sent to server, IP packets if the process identification (PID) of sender is not the process identification (PID) of network application filter
It is sent to network application filter to be pre-processed, so as to realize the network monitoring operation such as suspension and network address filtering;When TDI drives
By NDIS drive receive the response data packet of server when, be sent to network application filter carry out keyword filtration,
The operations such as keyword replacement, image filtering and picture replacement.
According to another aspect of the present invention, there is provided a kind of client rs PC, apply including client rs PC and server
Network in, the client rs PC pass through internet and the server communication;The client rs PC includes application module and biography
Defeated layer driving interface TDI drive modules;The application module includes network application module and network application filtering module;The net
Network application module, for sending request data package;
The TDI drive modules, for receiving the packet that application module sends to the server, obtain packet and take
The process identification (PID) of band, judge the process identification (PID) whether be network application filtering module process identification (PID), if it is, by packet
The server is transmitted to, if it is not, packet is transmitted into the network application filtering module;It is additionally operable to the reception server
To the response data packet that the network application module sends;
The network application filtering module, for request data package and corresponding number of responses to the network application module
Treatment, including control parameter setting unit, pretreatment unit and filtration treatment unit are analyzed according to bag;
Whether whether the control parameter setting unit, disable for setting and access network, disable Transmission Control Protocol transmission, be
The transmission of no disabling udp protocol, the URL blacklists of http protocol, filtering keys, replacement keyword, filtering picture and replacement figure
Piece;
The pretreatment unit, the parameter for being set according to the control parameter setting unit drives mould to the TDI
The request data package of block forwarding is pre-processed;After the completion of pretreatment, pretreated packet is transmitted to the TDI and is driven
Module;
The filtration treatment unit, the parameter for being set according to the control parameter setting unit drives to the TDI
The response data packet of module forwards carries out filtration treatment;After the completion of filtration treatment, the packet after filtration treatment is transmitted to institute
State TDI drive modules.
Preferably, the pretreatment, specifically includes:
If judged there is provided global suspension or process suspension, close connection request;Otherwise, a layer communication protocols are transmitted
The judgement of view;
Judge if transport layer communication protocol is UDP, determine whether if there is provided global disabling UDP or process disabling
UDP, then close connection request;Otherwise, packet is transmitted to the TDI drive modules;
Judge if transport layer communication protocol is TCP, determine whether if there is provided global disabling TCP or process disabling
TCP, then close connection request;Otherwise, determine whether whether application layer communication protocol is HTTP, if it is not, by packet
It is transmitted to the TDI drive modules;If it is, parsing HTTP packet headers, according to the URL blacklists for setting, judge network address
Whether allow to access, if not allowing to access, return forbids access webpage to point out and close connection request, otherwise, by packet
It is transmitted to the TDI drive modules.
Preferably, the filtration treatment, specifically includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, are replaced into correspondence
Replacement keyword and replace picture.
The beneficial effect brought of technical scheme that the present invention is provided is:
1st, the method for the present invention is driven by the TDI of transport layer and is forwarded to the data request packet of communication and data response bag
The network application filter of application layer, is divided data packet-related information by the network application filter for being in application layer
Analysis is processed, therefore TDI drives and simply play a forwarding effect, and business is simple, it is easy to realize, monitoring is comprehensive, efficiency high;
2nd, network application filter of the invention is easy to extension, and parsing and mistake are can be carried out for various procotols
Filter.
Described above is only the general introduction of technical solution of the present invention, in order to more clearly understand technology hand of the invention
Section, so as to can be practiced according to the content of specification, and in order to allow above and other objects, features and advantages of the invention
Can become apparent, be exemplified below specific embodiment of the invention.
According to the accompanying drawings to the detailed description of the specific embodiment of the invention, those skilled in the art will be brighter
Above-mentioned and other purpose of the invention, advantages and features.
Brief description of the drawings
Fig. 1 is the flow chart of the inventive method embodiment;
Fig. 2 is the structure chart of the network-driven of the inventive method embodiment;
Fig. 3 is the flow through a network figure of the request message of the inventive method embodiment;
Fig. 4 is the flow through a network figure of the response message of the inventive method embodiment;
Fig. 5 is the process chart of the network application filter of the inventive method embodiment;
Fig. 6 is the structural representation of client rs PC embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention
Formula is described in further detail.
It is as shown in Figure 1 the flow chart of the inventive method embodiment, is illustrated in figure 2 the network of the inventive method embodiment
The structure chart of driving, is illustrated in figure 3 the flow through a network figure of the request message of the inventive method embodiment, is illustrated in figure 4 this
The flow through a network figure of the response message of inventive method embodiment.The executive agent of the present embodiment is the machine of client rs PC 2, such as Fig. 1 institutes
Show, methods described is applied in the network including client rs PC 2 and server 3, the client rs PC 2 passes through internet and institute
Server 3 is stated to communicate;The client rs PC 2 includes that application program 20 and transport layer driving interface TDI drive 21;The application
Program 20 includes web application 201 and network application filter 202, and (network is provided with the machine of the client rs PC 2 should
With program 201, it is also equipped with addition for being analyzed to web application request data package and corresponding response data packet
21) the network application filter 202 and TDI for the treatment of drive;Methods described includes:
Step 101, the TDI drives 21 to receive the packet that application program 20 sends to the server 3, obtains data
Wrap carry process identification (PID), judge the process identification (PID) whether be network application filter 202 process identification (PID);
Specifically, the structure chart of the network-driven of the inventive method embodiment is illustrated in figure 2, process identification (PID) of the present invention
Acquisition is to drive 21 to complete in TDI.Windows operating system network-driven includes transport layer driving interface (Transport
Driver Interface, abbreviation TDI) drive and Network Driver Interface specification (Network Driver Interface
Specification, abbreviation NDIS) NDIS drivings 22, wherein, NDIS can be divided into NDIS protocol-drivens, NDIS intermediate layers and drive again
Dynamic and NDIS trawl performances.NDIS protocol-drivens realize specific procotol, and NDIS trawl performances are realized to physical network card 23
Operation, NDIS intermediate drivers be located between NDIS NIC drivers and NDIS protocol drivers, it provides small upwards
Port function collection, provides downwards protocol function collection, therefore for upper layer drivers, it is miniport driver;It is right
In the driving of bottom, it is protocol driver.
Step 102, if it is, the TDI drives 21 to deliver a packet to the server 3;If it is not, described
TDI drives 21 packet is transmitted into network application filter 202 and is pre-processed, the network application filter 202
Pretreated packet is transmitted to the TDI and drives 21;The TDI drives 21 pretreated packet is transmitted into institute
State server 3.
Specifically, as shown in figure 3, when web application 201 initiates network request, packet is initially transmitted to TDI
21, TDI is driven to drive 21 process identification (PID)s that can be according to belonging to packet, it is clear that process identification (PID) now is not belonging to network application
Filter fly sequence 202.This like this, the TDI drives 21 packet can be transmitted into network application filter 202 and carries out pre- place
Reason, after the completion of pretreatment, packet is transmitted to TDI and drives 21 by network application filter 202, and now, TDI drives 21 to judge
Go out the process identification (PID) that process identification (PID) is network application filter 202, therefore packet be transmitted into NDIS to drive, NDIS drives
Server 3 is delivered a packet to by physical network card 23 again.
Step 103, the TDI drives 21 to receive the response data packets that the servers 3 are returned, and by the response data
Bag is transmitted to the network application filter 202 and carries out filtration treatment, and the network application filter 202 is by filtration treatment
Response data packet afterwards is transmitted to the TDI and drives 21, the TDI to drive 21 to be transmitted to the response data packet after filtration treatment
The web application 201.
Specifically, as shown in figure 4, the NDIS is driven through the response data of the return of 23 the reception server of physical network card 3
Bag, and the TDI drivings 21 are transmitted to, packet is transmitted to the network application filter 202 and entered by the TDI drivings 21
Row is filtered out, and after the completion of filtration treatment, then packet is transmitted into the TDI drivings 21, TDI drivings 21 again by filtration treatment
Response data packet afterwards is transmitted to the web application 201.
Further, the TDI drives 21 to receive the packet that application program 20 sends to the server 3, obtains number
According to bag carry process identification (PID), judge the process identification (PID) whether be network application filter 202 process identification (PID) step it
Before, also include:
Control parameter is pre-set in the client of the network application filter 202, including:Whether disabling is accessed
Network (global suspension and process suspension), whether disable Transmission Control Protocol transmission (overall situation disabling TCP and process disabling TCP), whether prohibit
With udp protocol transmission (overall situation disabling UDP and process disable UDP), the URL blacklists, the setting http protocol that set http protocol
Whether the filtering keys of content, setting filter the yellow picture in http protocol, and filtering keys are replaced
Keyword and the normal picture being replaced to yellow picture.Specifically, the pretreatment control parameter for setting includes:Whether disable
Access network, the URL blacklists for whether disabling Transmission Control Protocol transmission, whether disabling udp protocol transmission and http protocol.Set
Filtration treatment control parameter includes:Filtering keys, replacement keyword, filtering picture and replacement picture.
Further, it is illustrated in figure 5 the handling process of the network application filter 202 of the inventive method embodiment
Figure, whole flow process includes pretreatment and filtration treatment.
Specifically, carrying out pre- place when network application filter 202 is received when TDI drives the request data package of 21 forwardings
Reason, preprocessing process includes:
Step a, judges whether to set global suspension, if it has, closing connection request;Otherwise, it is determined whether the process of setting
Suspension, if it has, closing connection request, otherwise, performs step b;
Step b, judges that transport layer communication protocol is TCP or UDP;If UDP, step c is performed;If TCP, hold
Row step d;
Step c, judges whether to set global disabling UDP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling UDP is put, if setting, connection request is closed, otherwise, packet is transmitted to the TDI and drives 21;
Step d, judges whether to set global disabling TCP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling TCP is put, if setting, connection request is closed, step e is otherwise performed;
Step e, judges whether application layer communication protocol is HTTP, if it is not, packet is transmitted to the TDI driving
21;If it is, step f is performed,
Step f, parses HTTP packet headers, according to the URL blacklists for setting, judges whether network address allows to access, such as
Fruit does not allow to access, and returns to " forbidding accessing webpage " and points out and close connection request, and otherwise, packet is transmitted to the TDI and drives
Dynamic 21.
If specifically, access URL to allow to access, network application filter 202 receives TDI and drives 21 forwardings
During the web content data bag that the end of server 3 returns, filtration treatment is carried out, filtration treatment includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, and be replaced into it is right
The replacement keyword and replacement picture answered.
After the completion of filtration treatment, be transmitted to for the response data packet after filtration treatment by the network application filter 202
The TDI drives 21, the TDI to drive 21 the response data packet after filtration treatment is transmitted into the web application 201.
Fig. 6 is the structural representation of the embodiment of client rs PC of the present invention 2, as shown in fig. 6, a kind of client rs PC 2, application
In the network including client rs PC 2 and server 3, the client rs PC 2 is communicated by internet with the server 3;
The client rs PC 2 includes application module 60, transport layer driving interface TDI drive modules 61, NDIS drive modules 62 and physics
Interface module 63;The application module 60 includes network application module 601 and network application filtering module 602;Specifically:
The network application module 601, for sending request data package;
The TDI drive modules 61, for receiving the packet that application module 60 sends to the server 3, obtain number
According to bag carry process identification (PID), judge the process identification (PID) whether be network application filtering module 602 process identification (PID), if
It is that packet is transmitted to the server 3, if it is not, packet is transmitted into the network application filtering module 602;
It is additionally operable to the response data packet that the reception server 3 sends to the network application module 601;
The network application filtering module 602, for the request data package to the network application module 601 and corresponding
Response data packet is analyzed treatment, including control parameter setting unit 6021, pretreatment unit 6022 and filtration treatment unit
6023;
Whether whether the control parameter setting unit 6021, disable access network, disable Transmission Control Protocol biography for setting
It is defeated, whether disable udp protocol transmission, the URL blacklists of http protocol, filtering keys, replace keyword, filtering and picture and replace
Change keyword;
The pretreatment unit 6022, the parameter for being set according to the control parameter setting unit is driven to the TDI
The request data package of the forwarding of dynamic model block 61 is pre-processed;After the completion of pretreatment, pretreated packet is transmitted to described
TDI drive modules 61;
The filtration treatment unit 6023, for the parameter that is set according to the control parameter setting unit to the TDI
The response data packet of the forwarding of drive module 61 carries out filtration treatment;After the completion of filtration treatment, the packet after filtration treatment is turned
Issue the TDI drive modules 61.
If judged there is provided global suspension or process suspension, close connection request;Otherwise, a layer communication protocols are transmitted
The judgement of view;
Judge if transport layer communication protocol is UDP, determine whether if there is provided global disabling UDP or process disabling
UDP, then close connection request;Otherwise, packet is transmitted to the TDI drive modules 61;
Judge if transport layer communication protocol is TCP, determine whether if there is provided global disabling TCP or process disabling
TCP, then close connection request;Otherwise, determine whether whether application layer communication protocol is HTTP, if it is not, by packet
It is transmitted to the TDI drive modules 61;If it is, parsing HTTP packet headers, according to the URL blacklists for setting, judge net
Whether location allows to access, if not allowing to access, return forbids access webpage to point out and close connection request, otherwise, by data
Bag is transmitted to the TDI drive modules 61.
Preferably, the filtration treatment, specifically includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, and be replaced into it is right
The replacement keyword and replacement picture answered.
Described above is only the general introduction of technical solution of the present invention, in order to more clearly understand technology hand of the invention
Section, so as to can be practiced according to the content of specification, and in order to allow above and other objects, features and advantages of the invention
Can become apparent, be exemplified below specific embodiment of the invention.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all it is of the invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.