CN106713355A - PC-based network filtering method and client PC - Google Patents
PC-based network filtering method and client PC Download PDFInfo
- Publication number
- CN106713355A CN106713355A CN201710058213.3A CN201710058213A CN106713355A CN 106713355 A CN106713355 A CN 106713355A CN 201710058213 A CN201710058213 A CN 201710058213A CN 106713355 A CN106713355 A CN 106713355A
- Authority
- CN
- China
- Prior art keywords
- packet
- tdi
- network
- network application
- transmitted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 106
- 238000001914 filtration Methods 0.000 title claims abstract description 103
- 230000008569 process Effects 0.000 claims abstract description 70
- 230000004044 response Effects 0.000 claims abstract description 33
- 230000005540 biological transmission Effects 0.000 claims description 27
- 238000004891 communication Methods 0.000 claims description 24
- 239000000725 suspension Substances 0.000 claims description 19
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 3
- 241000208340 Araliaceae Species 0.000 claims 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 claims 1
- 235000003140 Panax quinquefolius Nutrition 0.000 claims 1
- 235000008434 ginseng Nutrition 0.000 claims 1
- 238000012544 monitoring process Methods 0.000 abstract description 5
- 230000000694 effects Effects 0.000 abstract description 4
- 230000006855 networking Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 8
- 235000013399 edible fruits Nutrition 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a PC-based network filtering method and client PC. When any network activity exists, the data package is transmitted down through the socket; when the data package reaches the TDI driver layer, according to the process identification of the sender the TDI driver determines whether it is the process identification of the network application filter program; if it is, the data package is transmitted to the NDIS driver and sent to the server through the physical network card; if the process identification of the sender is not the process identification of the network application filter program, the data package is sent to the network application filter program to be preprocess; the TDI driver sends the response package to the network application filter program to be filtered and replaced when the TDI driver receives the response package from the server through NDIS driver. The network filtering method of the present invention analyzes and processes the relevant information of the data package through the network application filter program while the TDI driver only play a transmitting role, the operation of which is simple, is easy to implement, the monitoring of which is comprehensive and is efficient; the network application filter program is easy to extend, can analyze and filter various networking protocols.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of network filtering method and client based on PC ends
PC。
Background technology
With the rapid popularization of internet, Web content " rubbish " has begun to invade the life of people, as interconnection now
Online substantial amounts of flame, gradually soul of the invasion and attack to people.Internet is selected the essence, discarding dross, so as to protect
Protect oneself and resist the teenager of power extreme difference, cause the concern of people, therefore, network filtering technology arises.
Network filtering technology takes appropriate technical measures, and internet flame is filtered, and can both prevent bad
Infringement of the information to people, the requirement in terms of adapting to society to ideology, meanwhile, by the internet behavior of specification user, carry
High workload efficiency, rationally using Internet resources, reduces infringement of the virus to network, here it is network filtering technology is basic interior
Contain.
At present, the network filtering method based on PC ends mainly has the following two kinds:
(1) HOOK technologies are used in application layer, interception filtering is carried out by browser plug-in.This method is realized relatively holding
Easily, efficiency high, but easily by anti-HOOK, killing, monitoring be not comprehensive;
(2) intercepted by driving layer.This method can be monitored substantially so network service, but development cost is high,
Drive layer to carry out data analyzing efficiency low, be easily caused blue screen.
The content of the invention
It is an object of the invention to overcome the deficiencies in the prior art, propose that one kind overcomes above mentioned problem or at least in part
A kind of the network filtering method and client rs PC based on PC ends for solving the above problems, being driven by the TDI of transport layer will communication
Data request packet and data response bag be forwarded to the network application filter of application layer, by the network application for being in application layer
Filter is analyzed treatment to data packet-related information, therefore TDI drives and simply play a forwarding effect, business letter
Single, realization is easy, and monitoring is comprehensive, efficiency high.
The technical solution adopted for the present invention to solve the technical problems is:
On the one hand, a kind of network filtering method based on PC ends, methods described is applied including client rs PC and server
Network in, the client rs PC pass through internet and the server communication;The client rs PC includes application program and biography
Defeated layer driving interface TDI drives;The application program includes web application and network application filter;Methods described bag
Include:
The TDI drives and receives the packet that application program sends to the server, obtains the process that packet is carried
Mark, judge the process identification (PID) whether be network application filter process identification (PID);
If it is, the TDI drives delivers a packet to the server;If it is not, the TDI is driven data
Bag is transmitted to network application filter and is pre-processed, and the network application filter forwards pretreated packet
Driven to the TDI;The TDI drives and for pretreated packet to be transmitted to the server;
Response data packet is sent to the TDI and driven by the server;The TDI drives and turns the response data packet
Issuing the network application filter carries out filtration treatment, and the network application filter is by the number of responses after filtration treatment
The TDI is transmitted to according to bag to drive, the TDI drives and for the response data packet after filtration treatment to be transmitted to the network application journey
Sequence.
Preferably, the TDI drives and receives the packet that application program sends to the server, obtains packet and carries
Process identification (PID), judge the process identification (PID) whether be network application filter process identification (PID) step before, also include:
The client of the network application filter receives control parameter and sets request, obtains pretreatment and filtration treatment
Control parameter.
Preferably, the pretreatment control parameter of setting includes:Whether disabling access network, whether disable Transmission Control Protocol transmission,
Whether the URL blacklist of udp protocol transmission and http protocol is disabled.
Preferably, the forbidden networks include global suspension and process suspension;The disabling Transmission Control Protocol transmission includes the overall situation
Disabling TCP and process disabling TCP;The disabling udp protocol transmission includes global disabling UDP and process disabling UDP.
Preferably, the network application filter carries out pretreatment includes:
Step a, judges whether to set global suspension, if it has, closing connection request;Otherwise, it is determined whether the process of setting
Suspension, if it has, closing connection request, otherwise, performs step b;
Step b, judges that transport layer communication protocol is TCP or UDP;If UDP, step c is performed;If TCP, hold
Row step d;
Step c, judges whether to set global disabling UDP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling UDP is put, if setting, connection request is closed, otherwise, packet is transmitted to the TDI and drives;
Step d, judges whether to set global disabling TCP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling TCP is put, if setting, connection request is closed, step e is otherwise performed;
Step e, judges whether application layer communication protocol is HTTP, if it is not, packet is transmitted to the TDI driving;
If it is, step f is performed,
Step f, parses HTTP packet headers, according to the URL blacklists for setting, judges whether network address allows to access, such as
Fruit does not allow to access, and return forbids access webpage to point out and close connection request, and otherwise, packet is transmitted to the TDI and drives.
Preferably, the filtration treatment control parameter of setting includes:Filtering keys, replace keyword, filtering and picture and replace
Change picture.
Preferably, the filtration treatment includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, and be replaced into it is right
The replacement keyword and replacement picture answered.
A kind of network filtering method based on PC ends of the present invention, when application layer has any network activity, packet passes through
Socket is down transmitted, and when reaching TDI driving layers, TDI drives can determine whether that network should according to the process identification (PID) of sender
With the process identification (PID) of filter, Network Driver Interface specification NDIS drivings are if it is directly down transmitted to, then by physics
Network interface card is sent to server, IP packets if the process identification (PID) of sender is not the process identification (PID) of network application filter
It is sent to network application filter to be pre-processed, so as to realize the network monitoring operation such as suspension and network address filtering;When TDI drives
By NDIS drive receive the response data packet of server when, be sent to network application filter carry out keyword filtration,
The operations such as keyword replacement, image filtering and picture replacement.
According to another aspect of the present invention, there is provided a kind of client rs PC, apply including client rs PC and server
Network in, the client rs PC pass through internet and the server communication;The client rs PC includes application module and biography
Defeated layer driving interface TDI drive modules;The application module includes network application module and network application filtering module;The net
Network application module, for sending request data package;
The TDI drive modules, for receiving the packet that application module sends to the server, obtain packet and take
The process identification (PID) of band, judge the process identification (PID) whether be network application filtering module process identification (PID), if it is, by packet
The server is transmitted to, if it is not, packet is transmitted into the network application filtering module;It is additionally operable to the reception server
To the response data packet that the network application module sends;
The network application filtering module, for request data package and corresponding number of responses to the network application module
Treatment, including control parameter setting unit, pretreatment unit and filtration treatment unit are analyzed according to bag;
Whether whether the control parameter setting unit, disable for setting and access network, disable Transmission Control Protocol transmission, be
The transmission of no disabling udp protocol, the URL blacklists of http protocol, filtering keys, replacement keyword, filtering picture and replacement figure
Piece;
The pretreatment unit, the parameter for being set according to the control parameter setting unit drives mould to the TDI
The request data package of block forwarding is pre-processed;After the completion of pretreatment, pretreated packet is transmitted to the TDI and is driven
Module;
The filtration treatment unit, the parameter for being set according to the control parameter setting unit drives to the TDI
The response data packet of module forwards carries out filtration treatment;After the completion of filtration treatment, the packet after filtration treatment is transmitted to institute
State TDI drive modules.
Preferably, the pretreatment, specifically includes:
If judged there is provided global suspension or process suspension, close connection request;Otherwise, a layer communication protocols are transmitted
The judgement of view;
Judge if transport layer communication protocol is UDP, determine whether if there is provided global disabling UDP or process disabling
UDP, then close connection request;Otherwise, packet is transmitted to the TDI drive modules;
Judge if transport layer communication protocol is TCP, determine whether if there is provided global disabling TCP or process disabling
TCP, then close connection request;Otherwise, determine whether whether application layer communication protocol is HTTP, if it is not, by packet
It is transmitted to the TDI drive modules;If it is, parsing HTTP packet headers, according to the URL blacklists for setting, judge network address
Whether allow to access, if not allowing to access, return forbids access webpage to point out and close connection request, otherwise, by packet
It is transmitted to the TDI drive modules.
Preferably, the filtration treatment, specifically includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, are replaced into correspondence
Replacement keyword and replace picture.
The beneficial effect brought of technical scheme that the present invention is provided is:
1st, the method for the present invention is driven by the TDI of transport layer and is forwarded to the data request packet of communication and data response bag
The network application filter of application layer, is divided data packet-related information by the network application filter for being in application layer
Analysis is processed, therefore TDI drives and simply play a forwarding effect, and business is simple, it is easy to realize, monitoring is comprehensive, efficiency high;
2nd, network application filter of the invention is easy to extension, and parsing and mistake are can be carried out for various procotols
Filter.
Described above is only the general introduction of technical solution of the present invention, in order to more clearly understand technology hand of the invention
Section, so as to can be practiced according to the content of specification, and in order to allow above and other objects, features and advantages of the invention
Can become apparent, be exemplified below specific embodiment of the invention.
According to the accompanying drawings to the detailed description of the specific embodiment of the invention, those skilled in the art will be brighter
Above-mentioned and other purpose of the invention, advantages and features.
Brief description of the drawings
Fig. 1 is the flow chart of the inventive method embodiment;
Fig. 2 is the structure chart of the network-driven of the inventive method embodiment;
Fig. 3 is the flow through a network figure of the request message of the inventive method embodiment;
Fig. 4 is the flow through a network figure of the response message of the inventive method embodiment;
Fig. 5 is the process chart of the network application filter of the inventive method embodiment;
Fig. 6 is the structural representation of client rs PC embodiment of the present invention.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to embodiment party of the present invention
Formula is described in further detail.
It is as shown in Figure 1 the flow chart of the inventive method embodiment, is illustrated in figure 2 the network of the inventive method embodiment
The structure chart of driving, is illustrated in figure 3 the flow through a network figure of the request message of the inventive method embodiment, is illustrated in figure 4 this
The flow through a network figure of the response message of inventive method embodiment.The executive agent of the present embodiment is the machine of client rs PC 2, such as Fig. 1 institutes
Show, methods described is applied in the network including client rs PC 2 and server 3, the client rs PC 2 passes through internet and institute
Server 3 is stated to communicate;The client rs PC 2 includes that application program 20 and transport layer driving interface TDI drive 21;The application
Program 20 includes web application 201 and network application filter 202, and (network is provided with the machine of the client rs PC 2 should
With program 201, it is also equipped with addition for being analyzed to web application request data package and corresponding response data packet
21) the network application filter 202 and TDI for the treatment of drive;Methods described includes:
Step 101, the TDI drives 21 to receive the packet that application program 20 sends to the server 3, obtains data
Wrap carry process identification (PID), judge the process identification (PID) whether be network application filter 202 process identification (PID);
Specifically, the structure chart of the network-driven of the inventive method embodiment is illustrated in figure 2, process identification (PID) of the present invention
Acquisition is to drive 21 to complete in TDI.Windows operating system network-driven includes transport layer driving interface (Transport
Driver Interface, abbreviation TDI) drive and Network Driver Interface specification (Network Driver Interface
Specification, abbreviation NDIS) NDIS drivings 22, wherein, NDIS can be divided into NDIS protocol-drivens, NDIS intermediate layers and drive again
Dynamic and NDIS trawl performances.NDIS protocol-drivens realize specific procotol, and NDIS trawl performances are realized to physical network card 23
Operation, NDIS intermediate drivers be located between NDIS NIC drivers and NDIS protocol drivers, it provides small upwards
Port function collection, provides downwards protocol function collection, therefore for upper layer drivers, it is miniport driver;It is right
In the driving of bottom, it is protocol driver.
Step 102, if it is, the TDI drives 21 to deliver a packet to the server 3;If it is not, described
TDI drives 21 packet is transmitted into network application filter 202 and is pre-processed, the network application filter 202
Pretreated packet is transmitted to the TDI and drives 21;The TDI drives 21 pretreated packet is transmitted into institute
State server 3.
Specifically, as shown in figure 3, when web application 201 initiates network request, packet is initially transmitted to TDI
21, TDI is driven to drive 21 process identification (PID)s that can be according to belonging to packet, it is clear that process identification (PID) now is not belonging to network application
Filter fly sequence 202.This like this, the TDI drives 21 packet can be transmitted into network application filter 202 and carries out pre- place
Reason, after the completion of pretreatment, packet is transmitted to TDI and drives 21 by network application filter 202, and now, TDI drives 21 to judge
Go out the process identification (PID) that process identification (PID) is network application filter 202, therefore packet be transmitted into NDIS to drive, NDIS drives
Server 3 is delivered a packet to by physical network card 23 again.
Step 103, the TDI drives 21 to receive the response data packets that the servers 3 are returned, and by the response data
Bag is transmitted to the network application filter 202 and carries out filtration treatment, and the network application filter 202 is by filtration treatment
Response data packet afterwards is transmitted to the TDI and drives 21, the TDI to drive 21 to be transmitted to the response data packet after filtration treatment
The web application 201.
Specifically, as shown in figure 4, the NDIS is driven through the response data of the return of 23 the reception server of physical network card 3
Bag, and the TDI drivings 21 are transmitted to, packet is transmitted to the network application filter 202 and entered by the TDI drivings 21
Row is filtered out, and after the completion of filtration treatment, then packet is transmitted into the TDI drivings 21, TDI drivings 21 again by filtration treatment
Response data packet afterwards is transmitted to the web application 201.
Further, the TDI drives 21 to receive the packet that application program 20 sends to the server 3, obtains number
According to bag carry process identification (PID), judge the process identification (PID) whether be network application filter 202 process identification (PID) step it
Before, also include:
Control parameter is pre-set in the client of the network application filter 202, including:Whether disabling is accessed
Network (global suspension and process suspension), whether disable Transmission Control Protocol transmission (overall situation disabling TCP and process disabling TCP), whether prohibit
With udp protocol transmission (overall situation disabling UDP and process disable UDP), the URL blacklists, the setting http protocol that set http protocol
Whether the filtering keys of content, setting filter the yellow picture in http protocol, and filtering keys are replaced
Keyword and the normal picture being replaced to yellow picture.Specifically, the pretreatment control parameter for setting includes:Whether disable
Access network, the URL blacklists for whether disabling Transmission Control Protocol transmission, whether disabling udp protocol transmission and http protocol.Set
Filtration treatment control parameter includes:Filtering keys, replacement keyword, filtering picture and replacement picture.
Further, it is illustrated in figure 5 the handling process of the network application filter 202 of the inventive method embodiment
Figure, whole flow process includes pretreatment and filtration treatment.
Specifically, carrying out pre- place when network application filter 202 is received when TDI drives the request data package of 21 forwardings
Reason, preprocessing process includes:
Step a, judges whether to set global suspension, if it has, closing connection request;Otherwise, it is determined whether the process of setting
Suspension, if it has, closing connection request, otherwise, performs step b;
Step b, judges that transport layer communication protocol is TCP or UDP;If UDP, step c is performed;If TCP, hold
Row step d;
Step c, judges whether to set global disabling UDP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling UDP is put, if setting, connection request is closed, otherwise, packet is transmitted to the TDI and drives 21;
Step d, judges whether to set global disabling TCP, if setting, closes connection request;Otherwise, it is determined whether setting
Process disabling TCP is put, if setting, connection request is closed, step e is otherwise performed;
Step e, judges whether application layer communication protocol is HTTP, if it is not, packet is transmitted to the TDI driving
21;If it is, step f is performed,
Step f, parses HTTP packet headers, according to the URL blacklists for setting, judges whether network address allows to access, such as
Fruit does not allow to access, and returns to " forbidding accessing webpage " and points out and close connection request, and otherwise, packet is transmitted to the TDI and drives
Dynamic 21.
If specifically, access URL to allow to access, network application filter 202 receives TDI and drives 21 forwardings
During the web content data bag that the end of server 3 returns, filtration treatment is carried out, filtration treatment includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, and be replaced into it is right
The replacement keyword and replacement picture answered.
After the completion of filtration treatment, be transmitted to for the response data packet after filtration treatment by the network application filter 202
The TDI drives 21, the TDI to drive 21 the response data packet after filtration treatment is transmitted into the web application 201.
Fig. 6 is the structural representation of the embodiment of client rs PC of the present invention 2, as shown in fig. 6, a kind of client rs PC 2, application
In the network including client rs PC 2 and server 3, the client rs PC 2 is communicated by internet with the server 3;
The client rs PC 2 includes application module 60, transport layer driving interface TDI drive modules 61, NDIS drive modules 62 and physics
Interface module 63;The application module 60 includes network application module 601 and network application filtering module 602;Specifically:
The network application module 601, for sending request data package;
The TDI drive modules 61, for receiving the packet that application module 60 sends to the server 3, obtain number
According to bag carry process identification (PID), judge the process identification (PID) whether be network application filtering module 602 process identification (PID), if
It is that packet is transmitted to the server 3, if it is not, packet is transmitted into the network application filtering module 602;
It is additionally operable to the response data packet that the reception server 3 sends to the network application module 601;
The network application filtering module 602, for the request data package to the network application module 601 and corresponding
Response data packet is analyzed treatment, including control parameter setting unit 6021, pretreatment unit 6022 and filtration treatment unit
6023;
Whether whether the control parameter setting unit 6021, disable access network, disable Transmission Control Protocol biography for setting
It is defeated, whether disable udp protocol transmission, the URL blacklists of http protocol, filtering keys, replace keyword, filtering and picture and replace
Change keyword;
The pretreatment unit 6022, the parameter for being set according to the control parameter setting unit is driven to the TDI
The request data package of the forwarding of dynamic model block 61 is pre-processed;After the completion of pretreatment, pretreated packet is transmitted to described
TDI drive modules 61;
The filtration treatment unit 6023, for the parameter that is set according to the control parameter setting unit to the TDI
The response data packet of the forwarding of drive module 61 carries out filtration treatment;After the completion of filtration treatment, the packet after filtration treatment is turned
Issue the TDI drive modules 61.
If judged there is provided global suspension or process suspension, close connection request;Otherwise, a layer communication protocols are transmitted
The judgement of view;
Judge if transport layer communication protocol is UDP, determine whether if there is provided global disabling UDP or process disabling
UDP, then close connection request;Otherwise, packet is transmitted to the TDI drive modules 61;
Judge if transport layer communication protocol is TCP, determine whether if there is provided global disabling TCP or process disabling
TCP, then close connection request;Otherwise, determine whether whether application layer communication protocol is HTTP, if it is not, by packet
It is transmitted to the TDI drive modules 61;If it is, parsing HTTP packet headers, according to the URL blacklists for setting, judge net
Whether location allows to access, if not allowing to access, return forbids access webpage to point out and close connection request, otherwise, by data
Bag is transmitted to the TDI drive modules 61.
Preferably, the filtration treatment, specifically includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, and be replaced into it is right
The replacement keyword and replacement picture answered.
Described above is only the general introduction of technical solution of the present invention, in order to more clearly understand technology hand of the invention
Section, so as to can be practiced according to the content of specification, and in order to allow above and other objects, features and advantages of the invention
Can become apparent, be exemplified below specific embodiment of the invention.
The foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all it is of the invention spirit and
Within principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.
Claims (10)
1. a kind of network filtering method based on PC ends, methods described is applied in the network including client rs PC and server,
The client rs PC passes through internet and the server communication;The client rs PC includes that application program and transport layer drive and connects
Mouth TDI drives;The application program includes web application and network application filter;Characterized in that, methods described
Including:
The TDI drives and receives the packet that application program sends to the server, obtains the process identification (PID) that packet is carried,
Judge the process identification (PID) whether be network application filter process identification (PID);
If it is, the TDI drives delivers a packet to the server;If it is not, the TDI drives packet is turned
Issue network application filter to be pre-processed, pretreated packet is transmitted to institute by the network application filter
State TDI drivings;The TDI drives and for pretreated packet to be transmitted to the server;
The TDI is driven and receives the response data packet that the server is returned, and the response data packet is transmitted into the net
Network application filter carries out filtration treatment, and be transmitted to for the response data packet after filtration treatment by the network application filter
The TDI drives, and the TDI drives and for the response data packet after filtration treatment to be transmitted to the web application.
2. the network filtering method based on PC ends according to claim 1, it is characterised in that the TDI drives that receive should
Whether the packet sent to the server with program, obtains the process identification (PID) that packet is carried, and judges the process identification (PID)
Before for the process identification (PID) step of network application filter, also include:
The client of the network application filter receives control parameter and sets request, obtains pretreatment and the control of filtration treatment
Parameter processed.
3. the network filtering method based on PC ends according to claim 2, it is characterised in that the pretreatment control ginseng of setting
Number includes:Whether whether whether disabling accesses network, disables Transmission Control Protocol transmission, disables udp protocol transmission and http protocol
URL blacklists.
4. the network filtering method based on PC ends according to claim 3, it is characterised in that the forbidden networks include complete
Office's suspension and process suspension;The disabling Transmission Control Protocol transmission includes global disabling TCP and process disabling TCP;The disabling UDP
Agreement transmission includes global disabling UDP and process disabling UDP.
5. the network filtering method based on PC ends according to claim 4, it is characterised in that filter fly is crossed in the network application
Sequence carries out pretreatment to be included:
Step a, judges whether to set global suspension, if it has, closing connection request;Otherwise, it is determined whether process suspension is set,
If it has, closing connection request, otherwise, step b is performed;
Step b, judges that transport layer communication protocol is TCP or UDP;If UDP, step c is performed;If TCP, step is performed
Rapid d;
Step c, judges whether to set global disabling UDP, if setting, closes connection request;Otherwise, it is determined whether set into
Journey disables UDP, if setting, closes connection request, and otherwise, packet is transmitted to the TDI and drives;
Step d, judges whether to set global disabling TCP, if setting, closes connection request;Otherwise, it is determined whether set into
Journey disables TCP, if setting, closes connection request, otherwise performs step e;
Step e, judges whether application layer communication protocol is HTTP, if it is not, packet is transmitted to the TDI driving;If
It is to perform step f,
Step f, parses HTTP packet headers, according to the URL blacklists for setting, judges whether network address allows to access, if not
Allow to access, return forbids access webpage to point out and close connection request, and otherwise, packet is transmitted to the TDI and drives.
6. the network filtering method based on PC ends according to claim 2, it is characterised in that the filtration treatment control of setting
Parameter includes:Filtering keys, replacement keyword, filtering picture and replacement picture.
7. the network filtering method based on PC ends according to claim 6, it is characterised in that the filtration treatment includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, and be replaced into corresponding
Replace keyword and replace picture.
8. a kind of client rs PC, applies in the network including client rs PC and server, and the client rs PC passes through internet
With the server communication;The client rs PC includes application module and transport layer driving interface TDI drive modules;The application
Module includes network application module and network application filtering module;Characterized in that,
The network application module, for sending request data package;
The TDI drive modules, for receiving the packet that application module sends to the server, obtain what packet was carried
Process identification (PID), judges whether the process identification (PID) is the process identification (PID) of network application filtering module, if it is, packet is forwarded
To the server, if it is not, packet is transmitted into the network application filtering module;The reception server is additionally operable to institute
State the response data packet of network application module transmission;
The network application filtering module, for request data package and corresponding response data packet to the network application module
It is analyzed treatment, including control parameter setting unit, pretreatment unit and filtration treatment unit;
Whether whether whether the control parameter setting unit, disable for setting and access network, disable Transmission Control Protocol transmission, prohibit
With udp protocol transmission, the URL blacklists of http protocol, filtering keys, replace keyword, filtering picture and replacement picture;
The pretreatment unit, the parameter for being set according to the control parameter setting unit turns to the TDI drive modules
The request data package of hair is pre-processed;After the completion of pretreatment, pretreated packet is transmitted to the TDI and drives mould
Block;
The filtration treatment unit, for the parameter that is set according to the control parameter setting unit to the TDI drive modules
The response data packet of forwarding carries out filtration treatment;After the completion of filtration treatment, the packet after filtration treatment is transmitted to the TDI
Drive module.
9. client rs PC according to claim 8, it is characterised in that the pretreatment, specifically includes:
If judged there is provided global suspension or process suspension, close connection request;Otherwise, it is transmitted layer communication protocol
Judge;
Judge if transport layer communication protocol is UDP, determine whether if there is provided global disabling UDP or process disabling UDP,
Then close connection request;Otherwise, packet is transmitted to the TDI drive modules;
Judge if transport layer communication protocol is TCP, determine whether if there is provided global disabling TCP or process disabling TCP,
Then close connection request;Otherwise, determine whether whether application layer communication protocol is HTTP, if it is not, packet is forwarded
To the TDI drive modules;If it is, whether parsing HTTP packet headers, according to the URL blacklists for setting, judge network address
Allow to access, if not allowing to access, return forbids access webpage to point out and close connection request, otherwise, packet is forwarded
To the TDI drive modules.
10. client rs PC according to claim 8, it is characterised in that the filtration treatment, specifically includes:
Parsing packet;The filtering keys and the filtering picture that searching data bag includes, are replaced into corresponding replacing
Change keyword and replace picture.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710058213.3A CN106713355B (en) | 2017-01-23 | 2017-01-23 | Network filtering method based on PC (personal computer) terminal and client PC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710058213.3A CN106713355B (en) | 2017-01-23 | 2017-01-23 | Network filtering method based on PC (personal computer) terminal and client PC |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106713355A true CN106713355A (en) | 2017-05-24 |
| CN106713355B CN106713355B (en) | 2020-02-21 |
Family
ID=58910216
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710058213.3A Expired - Fee Related CN106713355B (en) | 2017-01-23 | 2017-01-23 | Network filtering method based on PC (personal computer) terminal and client PC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713355B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108011927A (en) * | 2017-11-08 | 2018-05-08 | 东软集团股份有限公司 | The method, apparatus and storage medium and electronic equipment of request data |
| CN112737973A (en) * | 2020-12-14 | 2021-04-30 | 安徽继远软件有限公司 | Power network monitoring method and system based on protocol awareness |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420837A (en) * | 2009-11-10 | 2012-04-18 | 浙江省公众信息产业有限公司 | NDIS (Network Driver Interface Standard)-based method and system |
| US20120290718A1 (en) * | 2011-05-10 | 2012-11-15 | Glenn Nethercutt | Methods and Computer Program Products for Collecting Storage Resource Performance Data Using File System Hooks |
| CN104683295A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Data packet filtering rule configuration method, device and system |
| CN105656943A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Application data interception system and method |
-
2017
- 2017-01-23 CN CN201710058213.3A patent/CN106713355B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420837A (en) * | 2009-11-10 | 2012-04-18 | 浙江省公众信息产业有限公司 | NDIS (Network Driver Interface Standard)-based method and system |
| US20120290718A1 (en) * | 2011-05-10 | 2012-11-15 | Glenn Nethercutt | Methods and Computer Program Products for Collecting Storage Resource Performance Data Using File System Hooks |
| CN104683295A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Data packet filtering rule configuration method, device and system |
| CN105656943A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Application data interception system and method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108011927A (en) * | 2017-11-08 | 2018-05-08 | 东软集团股份有限公司 | The method, apparatus and storage medium and electronic equipment of request data |
| CN112737973A (en) * | 2020-12-14 | 2021-04-30 | 安徽继远软件有限公司 | Power network monitoring method and system based on protocol awareness |
| CN112737973B (en) * | 2020-12-14 | 2024-04-30 | 安徽继远软件有限公司 | Power network monitoring method and system based on protocol awareness |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106713355B (en) | 2020-02-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789259B (en) | A kind of LoRa core network system and implementation method | |
| US7013482B1 (en) | Methods for packet filtering including packet invalidation if packet validity determination not timely made | |
| CN1905555B (en) | Fire wall controlling system and method based on NGN service | |
| CN104065731B (en) | A kind of ftp file Transmission system and transmission method | |
| CN102055674B (en) | Internet protocol (IP) message as well as information processing method and device based on same | |
| CN101702121B (en) | Device for controlling network flow of program in Windows system | |
| CN107124402A (en) | A kind of method and apparatus of packet filtering | |
| CN106815112A (en) | A kind of mass data monitoring system and method based on deep-packet detection | |
| WO2014101758A1 (en) | Method, apparatus and device for detecting e-mail bomb | |
| CN108111558A (en) | A kind of high-speed packet disposal method, apparatus and system | |
| EP3972200A1 (en) | Service flow identification method and apparatus, and model generation method and apparatus | |
| CN102420837B (en) | NDIS (Network Driver Interface Standard)-based method and system | |
| CN104320378B (en) | Intercept the method and system of web data | |
| CN101170515A (en) | A method, system and gateway device for processing packets | |
| CN106656648B (en) | Application flow dynamic protection method and system based on home gateway and home gateway | |
| CN102195972B (en) | Method for intercepting network data by using WFP (Windows Filter Platform) | |
| CN106713355A (en) | PC-based network filtering method and client PC | |
| US20060195589A1 (en) | Method and system for avoiding an unintentional time-out for communications in a client-proxy-server environment | |
| CN108229159A (en) | A kind of malicious code detecting method and system | |
| CN108566358A (en) | A kind of iOS system network traffic interception method and system under the mobile phone based on iPhone | |
| CN102263837B (en) | A kind of domain name system DNS analysis method and device | |
| CN114244609B (en) | Modbus TCP Protocol Protection Method for Industrial Firewall | |
| CN102299869B (en) | Method, client and the system in instant messaging, network linking stored | |
| CN107528923A (en) | The data transmission method and network adapter of a kind of network adapter | |
| JP6783501B2 (en) | Information transmission system, information communication device, information transmission device, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200805 Address after: Room 401, building 2, Xunmei science and Technology Plaza, No. 8, Keyuan Road, Science Park community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Shenzhen green onion fruit Information Technology Co.,Ltd. Address before: 361000 Fujian province Xiamen software park two sunrise Road No. 18 4 floor Patentee before: GREEN NET WORLD (FUJIAN) NETWORK TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 518057 409, building 11, Shenzhen Bay science and technology ecological park, No. 16, Keji South Road, community, high tech Zone, Yuehai street, Nanshan District, Shenzhen, Guangdong Patentee after: Green onion Education Technology (Shenzhen) Co.,Ltd. Address before: 518000 Room 401, building 2, Xunmei science and Technology Plaza, 8 Keyuan Road, science and Technology Park community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Patentee before: Shenzhen green onion fruit Information Technology Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200221 |