CN110365778B

CN110365778B - Communication control method and device, electronic equipment and storage medium

Info

Publication number: CN110365778B
Application number: CN201910647204.7A
Authority: CN
Inventors: 帅涛; 黄珊珊
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-07-17
Filing date: 2019-07-17
Publication date: 2021-09-07
Anticipated expiration: 2039-07-17
Also published as: CN110365778A

Abstract

The present application relates to the field of communications technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for controlling communications, so as to improve network security when communications are performed through a fixed initiator data exchange device, where the method includes: the first gateway equipment receives a polling response sent by the second gateway equipment, acquires at least one first communication command from the polling response, and processes communication between two communication parties according to the at least one first communication command; the first gateway equipment determines at least one second communication command according to the communication behavior of one of the two communication parties, and sends the at least one second communication command to the second gateway equipment, so that the second gateway equipment processes communication between the two communication parties according to the at least one second communication command. Because the communication command transmission is realized through the polling allowed by the data exchange equipment and other modes, a bidirectional access strategy does not need to be set, and the network security is improved.

Description

Communication control method and device, electronic equipment and storage medium

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for controlling communications, an electronic device, and a storage medium.

Background

With the development of the internet +, various traditional industries and government departments also start to try to utilize information communication technology and internet platform to open internal services, and in some organizations (such as firewalls) of data exchange platforms, which must set a unidirectional access policy at the network boundary because of high security requirement, data inside the organizations can only circulate in a manner supported by the equipment in a unidirectional way, and only an internal network is allowed to access an external network as shown in fig. 1, which is a great challenge for general internet applications and instant messaging software.

In the related art, if bidirectional access is required, for example, if it is necessary to disclose the service of the intranet to extranet access, the actual network configuration is configured by arranging a one-way access policy from the intranet to the extranet and a policy for access from the extranet to the intranet that is allowed to be limited, as shown in fig. 2A and 2B. A VPN (Virtual Private Network) is typically established in an external Network; or the IP (Internet Protocol, Protocol for interconnection between networks) and port of the intranet service are mapped to the public network IP and port of the VPN through the limited allowed network policy, so that the user can access the intranet service through the public network IP and port disclosed by the VPN.

However, when the above-mentioned method is used for bidirectional access, a certain bidirectional access policy still needs to be set up on the fixed initiator data exchange device, and the security requirements of the organization cannot be met.

Disclosure of Invention

The embodiment of the application provides a communication control method and device, electronic equipment and a storage medium, which are used for improving the network security when communication is carried out through fixed initiator data exchange equipment.

The first communication control method provided by the embodiment of the application comprises the following steps:

the first gateway equipment receives a polling response sent by the second gateway equipment, acquires at least one first communication command from the polling response, and processes communication between two communication parties according to the at least one first communication command;

the first gateway device determines at least one second communication command according to the communication behavior of one of the two communication parties, and sends the at least one second communication command to the second gateway device, so that the second gateway device processes communication between the two communication parties according to the at least one second communication command;

wherein the polling response is sent according to a polling request sent by the first gateway device; the first communication command relates to the two communication parties, one of the two communication parties is located in a first network connected with a first gateway device, the other communication party is located in a second network connected with a second gateway device, the first communication command is determined by the second gateway device according to the communication behavior of the other communication party, and the second communication command is determined by the first gateway device according to the communication behavior of one of the two communication parties.

A second communication control method provided in an embodiment of the present application includes:

the second gateway equipment determines at least one first communication command according to the communication behavior of the other party of the two communication parties, and sends a polling response containing the at least one first communication command to the first gateway equipment, so that the first gateway equipment processes communication between the two communication parties according to the at least one first communication command;

when the second gateway device receives at least one second communication command sent by the first gateway device, processing communication between the two communication parties according to the at least one second communication command;

The first communication control apparatus provided in the embodiment of the present application includes:

the first processing unit is used for receiving a polling response sent by the second gateway equipment, acquiring at least one first communication command from the polling response, and processing communication between two communication parties according to the at least one first communication command;

the first transceiver unit is configured to determine at least one second communication command according to a communication behavior of one of the two communication parties, and send the at least one second communication command to the second gateway device, so that the second gateway device processes communication between the two communication parties according to the at least one second communication command;

Optionally, the first processing unit is specifically configured to:

and receiving the polling response sent by the second gateway device through the TCP between the second gateway device and the second gateway device.

Optionally, the first processing unit is specifically configured to:

when the first communication command is a command for initiating TCP connection, establishing TCP connection with one of the two communication parties involved in the first communication command; or

When the first communication command is a command for finishing TCP connection, releasing the corresponding TCP connection according to the communication connection identifier in the command for finishing TCP connection; or

And when the first communication command comprises a TCP connection establishment result or a data receiving result, the first communication command is sent to one of the two communication parties.

Optionally, the first processing unit is specifically configured to:

and when the first communication command contains data which needs to be sent by the other of the two communication parties, determining that the first communication command relates to one of the two communication parties according to the communication connection identifier in the first communication command, acquiring the data from the first communication command, and sending the data to one of the two communication parties.

Optionally, the first transceiver unit is specifically configured to:

if the communication behavior of one of the two communication parties is to actively establish TCP connection with the first gateway device, taking a command for initiating the TCP connection as the second communication command; or

If the communication behavior of one of the two communication parties is to release the TCP connection with the first gateway device, taking a command for ending the TCP connection as the second communication command; or

If the communication behavior of one of the two communication parties is to send data to the other of the two communication parties, generating the second communication command containing the data which needs to be sent by one of the two communication parties; or

If the communication behavior of one of the two communication parties is to establish TCP connection with the first gateway equipment after receiving a first communication command, generating a second communication command containing a TCP connection establishment result; or

And if the communication behavior of one of the two communication parties is to receive the data acquired from the first communication command sent by the first gateway device, generating the second communication command containing a data receiving result.

Optionally, the apparatus further comprises:

a first resetting unit, configured to release a TCP connection established with the second gateway device and/or all TCP connections established with one of the two communication parties if a polling response sent by the second gateway device is not received within a first preset time, and send a resetting command to the second gateway device, so that the second gateway device releases the TCP connection established with the first gateway device and/or all TCP connections established with the other of the two communication parties; or

And if receiving a polling response which is sent by the second gateway equipment and contains a reset command, releasing the TCP connection established with the second gateway equipment and/or all TCP connections established with one of the two communication parties.

The second communication control apparatus provided in the embodiment of the present application includes:

the second transceiver unit is used for determining at least one first communication command according to the communication behavior of the other party of the two communication parties and sending a polling response containing the at least one first communication command to the first gateway equipment so that the first gateway equipment processes communication between the two communication parties according to the at least one first communication command;

the second processing unit is used for processing communication between the two communication parties according to at least one second communication command when the at least one second communication command sent by the first gateway equipment is received;

Optionally, the second transceiver unit is specifically configured to:

sending a polling response containing the at least one first communication command to the first gateway device over TCP with the first gateway device.

Optionally, the second transceiver unit is specifically configured to:

if the communication behavior of the other one of the two communication parties is to actively establish TCP connection with the second gateway device, taking a command for initiating the TCP connection as the first communication command; or

If the communication behavior of the other one of the two communication parties is to release the TCP connection with the second gateway device, taking a command of ending the TCP connection as the first communication command; or

If the communication behavior of the other of the two communication parties is to send data to one of the two communication parties, generating the first communication command containing the data required to be sent by the other of the two communication parties; or

If the communication behavior of the other one of the two communication parties is to establish TCP connection with the second gateway device after receiving a second communication command, generating the first communication command containing a TCP connection establishment result; or

And if the communication behavior of the other one of the two communication parties is to receive the data acquired from the second communication command sent by the second gateway device, generating the first communication command containing a data receiving result.

Optionally, the second transceiver unit is further configured to:

caching the determined at least one first communication command to a command queue to be sent;

the second transceiver unit is specifically configured to:

and when a polling request sent by the first gateway equipment is received, acquiring the at least one first communication command from the command queue to be sent, and sending the polling response carried by the at least one first communication command to the first gateway equipment through a TCP between the first gateway equipment and the at least one first communication command.

Optionally, the second processing unit is specifically configured to:

when the second communication command is a command for initiating TCP connection, TCP connection is established with the other one of the two communication parties; or

When the second communication command is a command for ending the TCP connection, releasing the corresponding TCP connection according to the communication connection identifier in the command for ending the TCP connection; or

And when the second communication command comprises a TCP connection establishment result or a data receiving result, the second communication command is sent to the other party of the two communication parties.

Optionally, the second processing unit is specifically configured to:

and when the second communication command instructs the data which needs to be sent by one of the two communication parties, the other of the two communication parties is determined according to the communication connection identifier in the second communication command, and the data is acquired from the second communication command and sent to the other of the two communication parties.

Optionally, the apparatus further comprises:

a second resetting unit, configured to release a TCP connection established with the first gateway device and/or all TCP connections established with the other of the two communication parties if a second communication command sent by the first gateway device is not received within a second preset time, and send a reset command to the first gateway device, so that the first gateway device releases the TCP connection established with the second gateway device and/or all TCP connections established with one of the two communication parties; or

And if the reset command sent by the first gateway equipment is received, releasing the TCP connection established with the first gateway equipment and/or all TCP connections established with the other party of the two communication parties.

An electronic device provided in an embodiment of the present application includes a processor and a memory, where the memory stores program codes, and when the program codes are executed by the processor, the processor is caused to execute the steps of the first communication control method or the second communication control method.

An embodiment of the present application provides a computer-readable storage medium, which includes program code for causing a communication control apparatus to perform the steps of the first communication control method or the second communication control method described above when the program product runs on the communication control apparatus.

The beneficial effect of this application is as follows:

according to the communication control method, the communication control device, the electronic equipment and the storage medium, the gateway equipment determines a communication command according to communication behaviors in communication processes of two communication parties, the communication command is transmitted in a mode of polling allowed by fixed initiator data exchange equipment between first gateway equipment deployed in a first network and second gateway equipment deployed in a second network, the gateway equipment processes communication between the two communication parties according to the first communication command or the second communication command, a two-way access strategy is not required to be set up again on the data exchange equipment, the purpose of two-way communication is achieved on network boundary equipment while the requirement of computer information system internet privacy management is met, the communication safety is guaranteed, and the network safety is improved.

Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

fig. 1 is an alternative schematic diagram of an intranet accessing an extranet in the embodiment of the present application;

FIG. 2A is a diagram illustrating an alternative hardware architecture for Intranet and Intranet bidirectional access in an embodiment of the present application;

FIG. 2B is a schematic diagram of another alternative of Intranet and Intranet bidirectional access in an embodiment of the present application;

FIG. 3 is a schematic diagram of an application scenario according to an embodiment of the present application;

fig. 4 is an alternative flow chart of a communication control method in the embodiment of the present application;

fig. 5 is a schematic flow chart of another alternative communication control method in the embodiment of the present application;

fig. 6 is a block diagram of a first alternative communication control apparatus in an embodiment of the present application;

fig. 7 is a block diagram of a second alternative communication control apparatus in an embodiment of the present application;

fig. 8 is a block diagram of a third alternative communication control device in an embodiment of the present application;

fig. 9 is an alternative flowchart illustrating that the second gateway device sends a polling response to the first gateway device according to the polling request of the first gateway device in this embodiment of the application;

fig. 10 is a schematic diagram illustrating an alternative flow of the first gateway device obtaining at least one first communication command from the polling response in the embodiment of the present application;

fig. 11 is an alternative flowchart illustrating that the first gateway device sends at least one second communication command to the second gateway device in this embodiment of the present application;

fig. 12 is an alternative flowchart illustrating that the second gateway device processes communication between the two communication parties according to at least one second communication command in this embodiment of the application;

FIG. 13 is a schematic diagram illustrating an alternative interactive implementation timing sequence in the embodiments of the present application;

fig. 14 is a schematic structural diagram of a first gateway device in an embodiment of the present application;

fig. 15 is a schematic structural diagram of a second gateway device in an embodiment of the present application;

fig. 16 is a schematic diagram of a hardware component of a computing device to which an embodiment of the present invention is applied.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments, but not all embodiments, of the technical solutions of the present application. All other embodiments obtained by a person skilled in the art without any inventive step based on the embodiments described in the present application are within the scope of the protection of the present application.

Some concepts related to the embodiments of the present application are described below.

1. Inner net: at present, there is no Network accessing the Internet, and the computer in the intranet accesses the Internet through a public gateway by using a Network Address Translation (NAT) protocol. The computer of the intranet can send a connection request to another computer on the Internet, but the other computer on the Internet cannot send a connection request to the computer of the intranet.

2. An outer net: the Internet infrastructure network, commonly referred to as the extranet, is an aggregation of computer networks that interconnect computer networks (including local area networks, metropolitan area networks, and wide area networks) at different locations and scales around the world. WWW (World Wide Web) sites, FTP (File Transfer Protocol) sites and instant messaging software used in communication which we usually browse belong to applications serving the Internet, and are therefore also called "network applications".

3. Short connection: when both communication parties have data interaction, a connection is established, and after the data transmission is completed, the connection is disconnected, namely, only one service is transmitted in each connection. For example, http (HyperText Transfer Protocol) services of World Wide WEB (World Wide WEB) websites generally use short connections.

4. Long connection: it means that a plurality of data packets can be continuously transmitted on one connection, and if no data packet is transmitted during the connection holding period, a link detection packet needs to be transmitted by two parties. Long connections are often used for frequent, point-to-point communications, and the number of connections cannot be too great. Each TCP (Transmission Control Protocol) connection requires three-step handshaking, which requires time, and if each operation is a short connection, the processing speed is reduced much if the operation is repeated, so that each operation is not disconnected, and a data packet is directly transmitted during the next processing without establishing a TCP connection. For example: the connection of the database uses a long connection, if frequent communication is performed using a short connection, socket errors may occur, and frequent socket creation is a waste of resources.

5. A fixed initiator data exchange platform: the switching platform refers to a switching platform which can only initiate a request from one end A, and the other end B responds to the request, but cannot directly initiate the request from B, and common switching platforms such as an optical gate, a hardware firewall, a software firewall and the like are used. There are generally two basic design strategies for firewall design: first, any service is allowed unless explicitly disabled; second, any service is disabled unless explicitly allowed. The second strategy is generally adopted by organizations in order to achieve a more secure directory and reduce the risk of brute force attacks. The firewall is used for protecting fragile services, controlling access to the system, carrying out centralized safety management, enhancing confidentiality, and recording and counting network utilization data and illegal use data.

6. The instant messaging software: the instant messaging application is an application for timely information communication based on the internet, and allows two or more people to instantly communicate text information, pictures, audio and video and the like by using the internet, such as enterprise WeChat, WeChat and the like.

7. A command queue: it is sometimes necessary to queue multiple requests, and when a request sender sends a request, more than one request receiver will respond, and these request receivers will execute the business method one by one to complete the processing of the request. This may be done through a command queue. The command queue can be implemented in various forms, wherein one of the most common and flexible ways is to add a command queue class, which is responsible for storing multiple command objects, and different command objects may correspond to different request receivers.

8. Client (Client): or called as the user side, refers to a program corresponding to the server for providing local services to the client. Except for some application programs which only run locally, the application programs are generally installed on common clients and need to be operated together with a server. After the internet has developed, the more common clients include web browsers used on the world wide web, email clients for receiving and sending emails, and client software for instant messaging. For this kind of application, a corresponding server and a corresponding service program are required in the network to provide corresponding services, such as database services, e-mail services, etc., so that a specific communication connection needs to be established between the client and the server to ensure the normal operation of the application program.

9. The server side: is served to the client, the content of the service such as providing resources to the client, holding client data. The method is an important way for realizing game specialization, and is also a technology which can be most directly expressed through the game, for example, parameters of a certain NPC (Non-Player Character) are modified, and the parameters are immediately expressed in the game after being reloaded.

The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it should be understood that the preferred embodiments described herein are merely for illustrating and explaining the present application, and are not intended to limit the present application, and that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.

In this embodiment, the two communication parties refer to two parties that need to communicate via a network, and need to establish a communication connection during the communication process, so as to transmit a data packet, such as a client and a server. One of the two communication parties is located in a first network connected with a first gateway device, and the other communication party is located in a second network connected with a second gateway device, for example, one communication party is a service system server in the first network, and the other communication party is a service system client in the second network; one party is a service system client in a first network, and the other party is a service system client in a second network, and the like. Wherein the first communication command is issued by one of the two parties of communication to the other party, the second communication command is issued by the other of the two parties of communication to the one party, and the first communication command and the second communication command both relate to the two parties of communication.

The first network may have more than one client or server, and the second network may also have more than one client or server, for example, the first network has client 1, server 2, and client 3, the second network has server 1, client 2, and server 3, when client 1 needs to communicate with server 1, client 1 is one of two parties of communication, and server 1 is the other of two parties of communication; when the client 3 needs to communicate with the server 1, the client 3 is one of both communication parties, and the server 1 is the other of both communication parties.

In the embodiment of the present application, the first network and the second network are different networks, for example, the first network is an intranet, and the second network is an extranet; or the first network is an external network and the second network is an internal network; communication is often required between a client (or a server) in the intranet and a server (or a client) in the extranet, for example, when a user browses the world wide web by using a mobile browser, that is, when the client (the browser client) in the intranet requests data from the server (the web server) in the extranet, communication between the client in the intranet and the server in the extranet needs to be realized; or when a user uses a computer at home to work and wants to log in a file in a website of a school campus network, that is, when a client (computer) in an extranet requests data from a server of the intranet (server of the school campus network), communication between the server of the intranet and the client of the extranet needs to be realized.

The following description mainly takes two communication parties as a client and a server as an example.

Fig. 3 is a schematic view of an application scenario according to an embodiment of the present application. In the related art, the fixed initiator data exchange platform only allows one party to initiate a request to the other party, and in the embodiment of the application, taking the example where the fixed initiator data switching device 50 only allows the first gateway device 30 to initiate a request to the second gateway device 20, when a client 10 in the second network needs to communicate with a server 40 in the first network, the second gateway device 20 determines at least one first communication command according to the communication behavior of the client 10 (for example, if data sent by the client 10 is received, the data is translated into the first communication command), then the second gateway device 20 sends the determined at least one first communication command to the first gateway device 30 through a polling response, and the first gateway device 30 obtains the first communication command from the polling response sent by the second gateway device 20 and processes communication between the client 10 and the server 40 according to the first communication command after receiving the polling response; after the first gateway device 30 determines at least one second communication command according to the communication behavior from the server 40 in the first network, the second communication command is sent to the second gateway device 20, and the second gateway device 20 processes the communication between the client 10 and the server 40 according to the received second communication command, where the first communication command is sent to the first gateway device 30 through a polling response and satisfies the one-way access policy supported by the fixed initiator data exchange device.

In this embodiment of the present application, the first gateway device is a gateway device located in a first network, the second gateway device is a gateway device located in a second network, and it is assumed that the fixed initiator data exchange device is a firewall, in this embodiment, the first network is mainly an intranet, the second network is an extranet, the first gateway device is an intranet gateway, and the second gateway device is an extranet gateway.

In the embodiment of the present application, the actual process of establishing a communication connection between an external network client (or server) and an internal network server (or client) is to establish a connection between the internal network server (or client) and an internal network gateway, and to establish a connection between the external network client (or server) and an external network gateway. The intranet gateway and the extranet gateway can automatically establish connection according to the preconfigured information when being started.

In one possible embodiment, a TCP connection is established between the first gateway device and the second gateway device.

The specific process is as follows: when the gateway device is started, according to preconfigured communication connection information (for example, information indicating that the first gateway device establishes a TCP connection with the second gateway device), a TCP connection is established between the first gateway device and the second gateway device. Then, when the client in the extranet and the client in the intranet need to communicate with the server in the intranet, or the server in the extranet needs to communicate with the client in the intranet, the client (or the server) in the extranet initiates a request, and the communication between the client in the extranet and the server in the intranet (or the communication between the server in the extranet and the client in the intranet) is realized by establishing a TCP connection between the client (or the server) in the extranet and the gateway in the extranet and the TCP connection between the gateway in the server (or the client) in the intranet.

In the embodiment of the present application, the communication behavior of one or the other of the two communication parties specifically refers to a handshake process and/or a data communication process of a TCP protocol, which includes any one or more of a three-way handshake during TCP connection establishment, a four-way handshake during TCP connection release, data transmission (data packet, file), message transmission and reception, and a request.

Referring to fig. 4, an implementation flowchart of a method for communication control according to an embodiment of the present application is shown, and the specific implementation flow of the method is as follows:

s41: and the first gateway device receives the polling response sent by the second gateway device, acquires at least one first communication command from the polling response, and processes communication between the two communication parties according to the at least one first communication command.

Wherein the polling response is sent according to the polling request sent by the first gateway device; the first communication command is sent to the first gateway device by the polling response after the second gateway device is determined according to the communication behavior of the other one of the two communication parties, and the second communication command is determined by the first gateway device according to the communication behavior of one of the two communication parties.

Optionally, the first gateway device receives, through a TCP with the second gateway device, a polling response sent by the second gateway device.

In this embodiment, when the first network is an intranet and the second network is an extranet, the intranet may be an Internet bar, a campus network, a unit office network, or the like, or some networks with a large geographical range but based on ethernet technology, such as fiber to the building, a cell broadband, an education network, a Cable Modem (Cable Modem) for Internet access, and the extranet may be the Internet.

Optionally, the first gateway device may periodically or regularly initiate a polling request to the second gateway device, which may adopt a timer polling manner, or may initiate a new process to poll, for example, the first gateway device initiates a polling request to the second gateway device every 10 minutes to inquire whether there is a request in the second gateway device that needs to be transmitted.

Optionally, after the first gateway device sends the polling request to the second gateway device, if a polling response sent by the second gateway device is not received within a third preset time, a new polling request is sent to the second gateway device again. The general preset time is the current polling times 1 millisecond, and the maximum time is not more than 50 milliseconds, so that the utilization rate of a CPU is improved; and if the polling response sent by the second gateway equipment is received within the preset time, at least one first communication command in the polling response is immediately acquired, and the communication between the two communication parties is processed according to the acquired at least one first communication command.

Optionally, the at least one first communication command that the first gateway device obtains from the polling response may be in the form of a command packet.

S42: the first gateway equipment determines at least one second communication command according to the communication behavior of one of the two communication parties, and sends the at least one second communication command to the second gateway equipment, so that the second gateway equipment processes communication between the two communication parties according to the at least one second communication command.

In this embodiment of the application, the second communication command is determined by the first gateway device according to the communication behavior of one of the two communication parties, and the determined second communication command is sent to the second gateway device after the first gateway device determines at least one second communication command.

Optionally, the first gateway device may transmit the at least one second communication command to the second gateway device in the form of a command packet, and the first gateway device assembles the at least one second communication command into one or more command packets.

In the embodiment of the present application, the first communication command or the second communication command includes, but is not limited to, part or all of the following:

the command for initiating the TCP connection comprises a command of data to be sent, a command comprising a TCP connection establishment result, a command comprising a data receiving result and a command for ending the TCP connection.

When the command containing the data to be transmitted is a first communication command, the data to be transmitted refers to the data sent to one party by the other party of the two parties of communication; when the command including the data to be transmitted is the second communication command, the data to be transmitted refers to data that one of the two parties of communication transmits to the other party.

Optionally, after determining the second communication command, the first gateway device places the communication connection identifier corresponding to the TCP connection in the second communication command, and similarly, after determining the first communication command, the first gateway device places the communication connection identifier corresponding to the TCP connection in the first communication command.

The communication connection Identifier is used to represent a Unique Identifier of the same TCP connection, and may be represented by a UUID (universal Unique Identifier), where for the same communication party, all the UUIDs of the first communication command and the second communication command determined in the process from the TCP connection establishment to the release are the same, (i.e., the clients corresponding to all the first communication command and the second communication command determined in the process from the TCP connection establishment to the release are the same client, and the corresponding servers are the same server).

Alternatively, the command to initiate a TCP connection may be denoted as co (connect) for initiating a TCP connection.

For example, the CO command (packet) may include UUID, Clientip (IP of the other of the two communicating parties), serverp (IP of one of the two communicating parties), public ports (public listening port number), and the like.

Optionally, the command containing the data to be transmitted may be represented as: da (data) for transmitting data.

For example, after the TCP connection is successfully established, a DA is initiated by any gateway device. The DA may include three items of content, i.e., UUID, count, and data, where the data represents data to be transmitted, and the count may represent the number of times the data is transmitted.

Optionally, the command containing the TCP connection establishment result or the data receiving result may be expressed as: RE (Resume or Receive).

For example, when a TCP connection between the gateway device and the client (or the server) is successfully established, the first gateway device sends a successful connection back to the second gateway device initiated by the CO (or the second gateway device sends the first gateway device initiated by the CO).

When the TCP connection between the gateway device and the client (or the server) is failed to be established, the first gateway device sends the TCP connection to a second gateway device initiated by the CO (or the second gateway device sends the TCP connection to the first gateway device initiated by the CO), and the connection failure is returned.

When the client (or the server) receives the data, the first gateway device (or the second gateway device) sends the data to the second gateway device (or the first gateway device) initiated by the DA, and the data is successfully received.

When the client (or the server) does not receive the data, the first gateway device (or the second gateway device) sends the data to a second gateway device (or the first gateway device) initiated by the DA, and the data is not received.

Optionally, the command to end the TCP connection may be: EN: end, configured to End the TCP connection, and when the TCP is successfully established or actively disconnected, the End is sent by the gateway device to another gateway device, for example, EN: UUID (where UUID represents a unique identification of the same TCP connection).

In this embodiment of the present application, when the first communication commands are different, the first gateway device processes the commands differently, and details are described below for the different first communication commands, assuming that Tcpbridge is the first gateway device:

the first processing mode is as follows: and if the first communication command is a command for initiating the TCP connection, the first gateway equipment establishes the TCP connection with one of two communication parties involved in the first communication command, wherein one of the two communication parties is positioned in the first network.

For example, Tcpbridge gets a CO command from a poll response, which includes: UUID1, ip of server 1, and ip of client 1, where one of the two communication parties corresponding to the communication connection identifier UUID1 is server 1, and the other one of the two communication parties is client 1, then Tcpbridge establishes TCP connection with server 1 (Tcpbridge performs three-way handshake with server 1).

The second treatment method comprises the following steps: if the first communication command is a command for ending the TCP connection, the first gateway device releases the corresponding TCP connection according to the communication connection identifier in the command for ending the TCP connection (that is, the first gateway device releases the TCP connection with one of the two communicating parties).

For example, Tcpbridge receives an EN command, which includes: and UUID1, wherein one of the two communication parties corresponding to UUID1 is server 1, and the other one of the two communication parties corresponding to UUID1 is client 1, and then Tcpbridge releases TCP connection with server 1 (Tcpbridge performs four-way handshake with server 1).

The third treatment method comprises the following steps: when the first communication command contains data which needs to be sent by the other of the two communication parties, the first gateway device determines that the first communication command relates to one of the two communication parties according to the communication connection identifier in the first communication command, acquires the data from the first communication command and sends the data to one of the two communication parties.

For example, Tcpbridge receives a DA command, which includes: UUID1, data, and count, wherein one of the two communication parties corresponding to UUID1 is server 1, and the other one of the two communication parties is client 1, then Tcpbridge sends the data in the DA command to server 1.

The treatment method is as follows: and when the first communication command comprises a TCP connection establishment result or a data receiving result, the first gateway equipment sends the first communication command to one of the two communication parties.

For example, Tcpbridge receives an RE command (indicating a data reception result or a TCP connection establishment result), which includes: and the UUID1, wherein one of the two communication parties corresponding to the UUID1 is the server 1, and the other one of the two communication parties is the client 1, the Tcpbridge forwards the RE command to the server 1.

In this embodiment of the present application, when the first gateway device determines at least one second communication command according to the communication behavior of one of the two communicating parties, the second communication commands determined for different communication behaviors are different, and as described in detail below, it is assumed that Tcpbridge is the first gateway device, one of the two communicating parties is the server 2, and the other of the two communicating parties is the client 2:

and determining a first mode, if the communication behavior of one of the two communication parties is to actively establish the TCP connection with the first gateway equipment, taking a command for initiating the TCP connection as a second communication command by the first gateway equipment.

For example, when the server 2 requests to establish a TCP connection with the client 2, the server 2 initiates a request for establishing a TCP connection to Tcpbridge, and performs a three-way handshake with Tcpbridge, so that the first gateway device determines that the second communication command is a command for initiating a TCP connection.

And determining a second communication mode, and if the communication behavior of one of the two communication parties is to release the TCP connection with the first gateway equipment, using the command of ending the TCP connection as a second communication command by the first gateway equipment.

For example, when the server 2 requests to release the previous TCP connection with the client 2, the server 2 initiates a request to terminate the TCP connection to Tcpbridge, and performs a four-way handshake with Tcpbridge, so that the first gateway device determines that the second communication command is a command to terminate the TCP connection.

And determining a third mode, if the communication behavior of one of the two communication parties is to send data to the other of the two communication parties, the first gateway equipment generates a second communication command containing the data which needs to be sent by one of the two communication parties.

For example, when the server 2 requests to send the data1 to the client 2, Tcpbridge generates a second communication command containing the data 1.

And determining a mode IV, if the communication behavior of one of the two communication parties is to establish TCP connection with the first gateway equipment after receiving the first communication command, generating a second communication command containing a TCP connection establishment result by the first gateway equipment.

For example, after receiving the first communication command CO1, the server 2 establishes a TCP connection with Tcpbridge, and Tcpbridge generates a second communication command containing a successful establishment of the TCP connection; assuming that the service end 2 and the Tcpbridge do not successfully establish the TCP connection, the Tcpbridge generates a second communication command containing a TCP connection establishment failure.

And determining a fifth mode, if the communication behavior of one of the two communication parties is to receive the data which is sent by the first gateway device and is acquired from the first communication command, generating a second communication command containing a data receiving result by the first gateway device.

For example, if the service end 2 successfully receives the data sent by the Tcpbridge, the Tcpbridge generates a second communication command containing the successful data reception; assuming that the service end 2 does not receive the data sent by the Tcpbridge, the Tcpbridge generates a second communication command containing data reception failure.

In one possible implementation, if the first gateway device receives the polling response including the reset command sent by the second gateway device, the first gateway device releases the TCP connection established with the second gateway device and/or all the TCP connections established with one of the two communicating parties, and sends the reset command to the second gateway device, so that the second gateway device releases the TCP connection established with the first gateway device and/or all the TCP connections established with the other of the two communicating parties.

Optionally, the reset command may be denoted as fl (flush) or rt (reset) and is used to close all TCP connections or close part of TCP connections to restore the reset state. The retransmission of data is generally initiated by either gateway device when either the TCP connection is abnormally released or the first gateway device (or the second gateway device) hangs up.

Optionally, the reset feedback command may be denoted as ra (reset ack) for feeding back the received reset request, which denotes that the local terminal has reset.

For example, if the first gateway device receives an RT command sent by the second gateway device and there are a client 1, a server 2, and the second gateway device that establish TCP connection with the first gateway device at present, the first gateway device releases TCP connection with the client 1, the server 1, and the server 2; or the first gateway device releases the TCP connection with the second gateway device; or the first gateway device releases the TCP connections with the second gateway device and the client 1, the server 1, and the server 2. The first gateway device sends an RA command to the second gateway device after releasing the TCP connection.

In a possible implementation manner, if the first gateway device does not receive the polling response sent by the second gateway device within the first preset time, the first gateway device releases the TCP connection established with the second gateway device and/or all the TCP connections established with one of the two communication parties, and sends a reset command to the second gateway device, so that the second gateway device releases all the TCP connections established with the other of the two communication parties.

For example, a server 1 and a client 2 are located in a first network, a client 1 and a server 2 are located in a second network, after data transmission is completed between the client 1 and the server 1 and between the server 2 and the client 2, the first gateway device sends a polling request for the 3 rd time to the second gateway device, assuming that the preset time is 3 milliseconds, the first gateway device does not receive a polling response sent by the second gateway device within 3 milliseconds, and assuming that the server 1 and the second gateway device which currently establish TCP connection with the first gateway device are present, the TCP connection with the server 1 is released; or, releasing the TCP connection between the server 1 and the second gateway device; or, the TCP connection with the second gateway device is released and the FL command is transmitted to the second gateway device after whether the TCP connection is made or not.

Referring to fig. 5, an implementation flowchart of a method for communication control according to an embodiment of the present application is shown, and the specific implementation flow of the method is as follows:

s51: the second gateway device determines at least one first communication command according to the communication behavior of the other party of the two communication parties, and sends a polling response containing the at least one first communication command to the first gateway device, so that the first gateway device processes communication between the two communication parties according to the at least one first communication command.

Optionally, the second gateway device sends a polling response containing at least one first communication command to the first gateway device through a TCP with the first gateway device.

In the embodiment of the present application, when the second gateway device determines at least one second communication command according to the communication behavior of the other of the two communicating parties, the second communication commands determined for different communication behaviors are different, and as described in detail below, it is assumed that the Remote Tcpbridge is the second gateway device, one of the two communicating parties is the server 2, and the other of the two communicating parties is the client 2.

And determining the first communication mode, and if the communication behavior of the other one of the two communication parties is to actively establish the TCP connection with the second gateway equipment, using the command for initiating the TCP connection as the first communication command by the second gateway equipment.

For example, when the client 2 requests to establish a TCP connection with the server 2, the client 2 initiates a request for establishing a TCP connection to the Remote Tcpbridge, and performs three-way handshake with the Remote Tcpbridge, so that the second gateway device determines that the first communication command is a command for initiating a TCP connection.

And determining a second communication mode, and if the communication behavior of the other one of the two communication parties is to release the TCP connection with the second gateway device, using the command of ending the TCP connection as the first communication command by the second gateway device.

For example, when the client 2 requests to release the TCP connection before the server 2, the client 2 initiates a request to terminate the TCP connection to the Remote Tcpbridge, and performs a four-way handshake with the Remote Tcpbridge, so that the second gateway device determines that the first communication command is a command to terminate the TCP connection.

And determining a third mode, if the communication behavior of the other one of the two communication parties is to send data to one of the two communication parties, the second gateway equipment generates a first communication command containing the data which needs to be sent by the other one of the two communication parties.

For example, when the client 2 requests to transmit the data1 to the server 2, the Remote Tcpbridge generates a first communication command containing the data 1.

And determining the mode IV, if the communication behavior of the other party of the two communication parties is to establish the TCP connection with the second gateway equipment after receiving the first communication command, generating the first communication command containing the TCP connection establishment result by the second gateway equipment.

For example, after receiving the first communication command CO2, the client 2 establishes a TCP connection with the Remote Tcpbridge, and the Remote Tcpbridge generates a first communication command containing a successful establishment of the TCP connection; assuming that the client 2 does not successfully establish a TCP connection with Remote Tcpbridge, Remote Tcpbridge generates a first communication command containing a TCP connection establishment failure.

And determining a fifth mode, if the communication behavior of the other party of the two communication parties is to receive the data which is sent by the second gateway device and is acquired from the first communication command, generating the first communication command containing the data receiving result by the second gateway device.

For example, if the client 2 successfully receives the data sent by the Remote Tcpbridge, the Remote Tcpbridge generates a first communication command containing the successful data reception; assuming that the client 2 does not receive the data sent by the Remote Tcpbridge, the Remote Tcpbridge generates a first communication command containing a data reception failure.

S52: and the second gateway equipment processes the communication between the two communication parties according to at least one second communication command when receiving the at least one second communication command sent by the first gateway equipment.

When the second communication command is different, the second gateway device also has different command processing modes, and the following details are introduced for different second communication commands, assuming that Remote Tcpbridge is the second gateway device:

the first processing mode is as follows: and if the second communication command is a command for initiating the TCP connection, the second gateway equipment establishes the TCP connection with the other one of the two communication parties, wherein the other one of the two communication parties is positioned in the second network.

For example, Remote Tcpbridge gets a CO command from Tcpbridge, which includes: UUID1, ip of server 1, and ip of client 1, where the communication connection identifies that the other of the two communication parties corresponding to UUID1 is server 1, and the one of the two communication parties corresponding to UUID1 is client 1, then Remote Tcpbridge establishes TCP connection with server 1 (Remote Tcpbridge performs three-way handshake with server 1).

The second treatment method comprises the following steps: if the second communication command is a command for ending the TCP connection, the second gateway device releases the corresponding TCP connection based on the communication connection identifier in the command for ending the TCP connection (i.e., the second gateway device releases the TCP connection with the other of the two communicating parties).

For example, Remote Tcpbridge receives an EN command, which includes: and the UUID1, wherein the other one of the two communication parties corresponding to the UUID1 is the server 1, and the one of the two communication parties corresponding to the UUID1 is the client 1, the Remote Tcpbridge releases the TCP connection with the server 1 (the Remote Tcpbridge performs four-way handshake with the server 1).

The third treatment method comprises the following steps: and when the second communication command contains data which needs to be sent by one of the two communication parties, the second gateway equipment determines the other of the two communication parties according to the communication connection identifier in the second communication command, acquires the data from the second communication command and sends the data to the other of the two communication parties.

For example, Remote Tcpbridge receives a DA command, which includes: the data in the DA command is sent to the server 1 by the Remote Tcpbridge if the UUID1, the data and the count are adopted, wherein the other one of the two communication parties corresponding to the UUID1 is the server 1, and the one of the two communication parties corresponding to the UUID1 is the client 1.

The treatment method is as follows: when the second communication command includes a TCP connection establishment result or a data reception result, the second gateway device transmits the second communication command to the other of the two parties of communication.

For example, the Remote Tcpbridge receives an RE command (indicating a data reception result or a TCP connection establishment result), and the RE command includes: and the UUID1, wherein the other one of the two communication parties corresponding to the UUID1 is the server 1, and the one of the two communication parties corresponding to the UUID1 is the client 1, the Remote Tcpbridge forwards the RE command to the server 1.

In a possible implementation manner, if the second gateway device does not receive the second communication command sent by the first gateway device within a preset time, the second gateway device releases all TCP connections established with the other of the two communicating parties, and sends a reset command to the first gateway device, so that the first gateway device releases all TCP connections established with one of the two communicating parties.

For example, a server 1 and a client 2 are located in a first network, a client 1 and a server 2 are located in a second network, after data transmission between the client 1 and the server 1 and between the server 2 and the client 2 is completed, assuming that the preset time is 3 milliseconds, the second gateway device does not receive the second communication command sent by the first gateway device within 3 milliseconds, and assuming that the server 2 currently establishing TCP connection with the second gateway device is the server 2, the TCP connection with the server 2 is released, and an FL command is sent to the first gateway device.

In a possible implementation, if the second gateway device receives the reset command sent by the first gateway device, the second gateway device releases the TCP connection established with the first gateway device and/or all the TCP connections established with the other of the two communicating parties.

For example, when the second gateway device receives the RT command sent by the first gateway device and there are the client 1, the server 2, and the first gateway device that establish TCP connection with the second gateway device, the second gateway device releases the TCP connection with the client 1, the server 1, and the server 2; or the second gateway device releases the TCP connection with the client 1, the server 2 and the first gateway device; or the second gateway device releases the TCP connection with the first gateway device and sends an RA command to the first gateway device after the TCP connection is released.

In a possible implementation manner, if the second gateway device does not receive the second communication command sent by the first gateway device within the second preset time, the second gateway device releases the TCP connection established with the first gateway device and/or all the TCP connections established with the other of the two communication parties, and sends a reset command to the first gateway device, so that the first gateway device releases the TCP connection established with the second gateway device and/or all the TCP connections established with one of the two communication parties.

For example, a server 1 and a client 2 are located in a first network, a client 1 and a server 2 are located in a second network, after data transmission is completed between the client 1 and the server 1 and between the server 2 and the client 2, a second preset time is assumed to be 3 milliseconds, a second communication command sent by a first gateway device is not received by a second gateway device within 3 milliseconds, and a TCP connection with the server 2 is only released assuming that the server 2 and the first gateway device which establish a TCP connection with the second gateway device currently; or only releasing the TCP connection with the first gateway equipment; or, the TCP connection established with the first gateway device and the server 2 is released, and the FL command is transmitted to the first gateway device.

In the embodiment of the present application, the first preset time, the second preset time, and the third preset time may be the same or different.

Referring to fig. 6, another communication control apparatus provided in this embodiment is shown, where data is received and sent between a gateway device and a client or a server of a service system through a listening port.

For example, the Tcpbridge sends data to a monitoring port of a client or a server of the intranet service, and sends the data to the client or the server of the intranet service through the monitoring port; the Tcpbridge receives data returned by the client or the server of the intranet service through Public ports; the Remote Tcpbridge sends data to a monitoring port of a client or a server of the external network service, and sends the data to the client or the server of the external network service through the monitoring port; and the Remote Tcpbridge receives data returned by the client or the server of the extranet service through Public ports.

Referring to fig. 7, another communication control apparatus diagram provided in this embodiment of the present application is shown, where Tcpbridge represents a first gateway device, and Remote Tcpbridge represents a second gateway device, where the first gateway device (or the second gateway device) may be further divided into Bridge, Sockman and command queue, where the Sockman and Servers & Clients receive and transmit data through a listening port, and optionally, the command queue is disposed on Bridge.

Wherein the Bridge module: the system is responsible for the creation, maintenance, data reorganization, transceiving and retry of a cross-boundary channel; a Sockman module: the TCP connection management system is responsible for maintaining the TCP connection connected to the Tcpbridge, putting the received data into a bridge data queue and sending the data received from the bridge to the opposite end of the TCP connection; a command queue module: and the system is responsible for caching user commands. Wherein Bridge and Sockman pass commands through the command queue.

Optionally, the Bridge module is further divided into an instruction sending processor and an instruction receiving processor, where the instruction sending processor and the instruction receiving processor may also be implemented by one instruction processor, and the instruction processor may implement both sending and receiving of instructions.

In the embodiment of the application, when the Bridge is initialized, the handshake of the fixed initiator is established, the fixed initiator data exchange platform allows one end initiating the request to initiate a command of 'Tcpbridge', and the opposite end replies the command to establish the trusted connection after receiving the command. For example, if the end allowing the request to be sent is Tcpbridge and the end not allowing the request to be sent is Remote Tcpbridge, then when the Bridge is initialized, the TCP connection establishment request is initiated to the Remote Tcpbridge by the Tcpbridge.

Referring to fig. 8, a specific operation mode (unidirectional TCP/Http mode) is specifically expressed in that Tcpbridge needs to penetrate through a fixed initiator data exchange platform, and needs to make a data request with an initiator a and make a response with a initiator B, so that Tcpbridge a initiates a polling request R1 for polling B for a command, and if a command is received, responds with a request of R1; when the command A needs to be sent to the command B, the command A directly sends R2 to send the command B; wherein tcpbridge a represents a first gateway device, tcpbridge b represents a second gateway device, Sockman of tcpbridge b receives a request from Servers & clients (remote), translates the request into instructions (commands) by Bridge, puts the instructions of Bridge into tcpbridge b into an instruction sending handler of Bridge, the instruction receiving handler of Bridge in tcpbridge a sends a polling request to the instruction sending handler of Bridge in tcpbridge b, acquires at least one first communication command therefrom upon receiving a polling response, and performs instruction parsing and execution, the same thing being reversed, except that the Bridge instruction receiving handler of tcpbridge b does not send a polling request to the Bridge instruction sending handler of tcpbridge a, but rather the Bridge instruction sending handler of tcpbridge a directly sends at least one first communication command to the Bridge instruction receiving handler of tcpbridge b by sending command R2; wherein Tcpbridge A represents a first gateway device, Tcpbridge B represents a second gateway device, and Bridge translates and processes the command, and Sockman performs data or command forwarding.

In an alternative embodiment, S51 can be implemented according to the flowchart shown in fig. 9, and includes the following steps:

s900: the second gateway device determines at least one first communication command according to the communication behavior of the other of the two communication parties.

S901: the second gateway device buffers the determined at least one first communication command to a pending command queue.

For example, when an enterprise wechat client (located in an external network) sends a picture to a database server (located in an internal network), the enterprise wechat client firstly sends a request for establishing connection with a server to a sockman in tcpbridge b, the sockman in tcpbridge b establishes communication connection with the wechat client after receiving the connection request, then the enterprise wechat client sends picture information to be sent to the sockman in tcpbridge b through a data packet, the sockman in tcpbridge b sends the connection request and the picture information to Bridge, the picture information is translated into a CO1 (uid is 1) command and a DA1 (uid is 1) command, the CO1 and the DA1 are cached in a second command queue to be sent, and a polling request is waited. Suppose that the QQ client in the external network also needs to establish a communication connection with a certain browser server in the internal network, and thus sends a connection request to sockman in tcpbridge b, which establishes a communication connection with the QQ client and sends the connection request to Bridge, which translates into a CO2 command (uuid is 2), caches CO2 in the second command queue to be sent, and waits for a polling request.

S902: and when receiving the polling request, the second gateway equipment acquires at least one first communication command from the command queue to be sent and assembles the at least one first communication command into a second command packet.

When the instruction sending processor of Bridge in Tcpbridge B receives the polling request sent by the instruction receiving processor of Bridge in Tcpbridge A, the 3 first communication commands in the second command queue to be sent are confirmed to be CO1, DA1 and CO2 respectively, and then the instruction receiving processor of Tcpbridge B obtains commands in batch from the second command queue to be sent.

S903: and the second gateway equipment sends the assembled second command packet to the first gateway equipment through the TCP between the second gateway equipment and the first gateway equipment.

Optionally, when the second command packet is assembled, one second command packet may be assembled, or a plurality of second command packets may be assembled.

The command packet may be determined according to both communication parties or a communication connection identifier to which the command is directed when the command packet is assembled.

For example, the instruction-sending processor of Bridge in tcpbridge b assembles CO1, DA1, CO2 into two command packets, CO1, DA1 into 1 second command packet (command packet 1) and CO2 into one second command packet (command packet 2) according to the communication connection identification uuid.

Optionally, if the second gateway device obtains a plurality of second command packets through assembly, the first gateway device may be sent through one polling response, or may be sent to the first gateway device through multiple polling responses.

In this case, by transmitting the polling response to the first gateway device a plurality of times, the first-pass response with a smaller (or larger) command packet may be transmitted to the first gateway device according to the size of the command packet (the number of commands in the command packet), or the first-pass response with the earliest generation time may be transmitted to the first gateway device according to the time of generation of the command in the command packet.

For example, the instruction transmitting processor of Bridge in tcpbridge b transmits the command packet 1 to the instruction receiving processor of Bridge in tcpbridge a through the polling response 1 upon receiving the first polling request transmitted from the instruction receiving processor of Bridge in tcpbridge a, and transmits the command packet 2 to the instruction receiving processor of Bridge in tcpbridge a through the polling response 2 upon receiving the second polling request transmitted from the instruction receiving processor of Bridge in tcpbridge a.

In an alternative embodiment, S41 can be implemented according to the flowchart shown in fig. 10, and includes the following steps:

s1000: the first gateway device buffers at least one first communication command in a first to-be-received command queue.

For example, after receiving the polling response, the instruction receiving processor of Bridge in tcpbridge a acquires three first communication commands, i.e., CO1, DA1, and CO2, and buffers the three communication commands in the first command queue to be received.

S1001: the first gateway equipment sequentially acquires the first communication commands from the first command queue to be received.

Assuming that the processing order of CO1, DA1, and CO2 is determined to be CO1, CO2, and DA1, respectively, according to the first to-be-received command queue, the instruction receiving processor of Bridge in tcpbridge a acquires CO1, CO2, and DA1 in order from the first to-be-received command queue.

S1002: and the first gateway equipment processes the communication between the two communication parties according to the acquired first communication command.

For example, the Bridge in tcpbridge a sequentially executes commands of CO1, CO2 and DA1, that is, firstly, tcpbridge a establishes communication connection with a server (database server) targeted by CO1, then tcpbridge a establishes communication connection with a server (certain browser server) targeted by CO2, and then tcpbridge a determines that a data receiving party is a database server according to uuid in the DA1 command, and then acquires data from DA1 and transmits the data to the database server.

Optionally, the instruction receiving processor of Bridge in tcpbridge a receives a polling response to the polling command (R1), and the plurality of first communication commands acquired therefrom are in the form of a command packet.

Optionally, each command includes uuid (unique identifier for indicating the same connection), and when executing, the corresponding instruction is executed according to uuid, and the same uuid is used for all communication commands of the same client (or the same server) in the processes from CO (initiating TCP connection) to EN (ending TCP connection).

For example, the instruction receiving processor of Bridge in tcpbridge a obtains 5 first communication commands from the polling response, which are CO1, DA1, CO2, DA2, and EN3, where uuid carried in CO1 and DA1 is uuid1, uuid carried in CO2 and DA2 is uuid2, uuid carried in EN3 is uuid3, indicating that CO1 and DA1 are commands initiated by the same client (server), such as client 1; the CO2 and the DA2 are commands initiated by the same client (server), such as client 2; EN3 is a command initiated by the same client (server), e.g. client 3. Generally, if the CO and the DA of the same client are the same, the CO is executed first (according to the sequence determined by the command queue), if the connection can be established, the DA is directly sent, and if the connection fails, the DA is discarded and the EN is returned.

In an alternative embodiment, S42 can be implemented according to the flowchart shown in fig. 11, and includes the following steps:

s1100: and the first gateway equipment buffers the received second communication command to the first command queue to be sent.

After receiving a second communication command sent by a server (or a client) of the intranet through the monitor port, the first gateway device caches the second communication command to the first command queue to be sent.

For example, if sockman of tcpbridge a receives a request for sending data and a request for disconnecting TCP from client 1 of the intranet through a listening port, the corresponding TCP connection is released, the request is sent to Bridge of tcpbridge a, the Bridge translates the request into commands DA and EN, and the DA and EN are cached in the first command queue to be sent.

S1101: the first gateway device obtains at least one second communication command from the first command queue to be sent.

S1102: the first gateway device assembles at least one second communication command into a first command packet and transmits the assembled first command packet to the second gateway device.

For example, after the instruction transmitting processor of Bridge in tcpbridge a acquires DA and EN in bulk from the first command to be transmitted queue, the instruction transmitting processor of tcpbridge a assembles DA and EN into a command packet (first command packet) and transmits the command packet to the instruction receiving processor of tcpbridge b via the transmission command (R2) shown in fig. 8.

In an alternative embodiment, S52 can be implemented according to the flowchart shown in fig. 12, and includes the following steps:

s1200: and the second gateway equipment sequentially buffers at least one second communication command into a second command queue to be received.

For example, after the instruction receiving processor of Bridge in tcpbridge b receives DA and EN (DA and EN are acquired by the send command R2 sent by the instruction sending processor of Bridge in tcpbridge a shown in fig. 8), DA and EN are sequentially buffered in the second command queue to be received.

S1201: and the second gateway equipment sequentially acquires the second communication commands from the second command queue to be received and processes the communication between the two communication parties according to the acquired second communication commands.

For example, after the instruction receiving processor of Bridge in tcpbridge b sequentially acquires DA and EN from the second command queue to be received, determining that the data receiving party is client 1 of the extranet according to the communication connection identifier of DA (the communication connection identifier in DA is 1, and the communication connection identifier of extranet client 1 is 1), sending the acquired data to sockman in tcpbridge b, sending the acquired data to extranet client 1 through a monitoring port by sockman, and then ending TCP connection between tcpbridge b and extranet client 1 according to EN (the communication connection identifier is 1).

In the embodiment of the application, the commands can be ensured to be executed in sequence through the command queue, and meanwhile, the communication commands are buffered in the command queue to play a buffering role, so that the throughput is increased.

In the related art, a firewall adopts a policy of "forbidding any service unless explicitly permitted", and if it is necessary to disclose a service of an intranet to an extranet access, an actual network structure is as follows: configuring a single access strategy from an internal network to an external network and a limited allowed strategy for accessing from the external network to the internal network; and a VPN device is erected on an external network, or the IP and the port of the internal network service are mapped to the public network IP and the port of the VPN device through a limited allowed network strategy, so that a user can access the internal network service through the public network IP and the port disclosed by the VPN device. When the VPN device is adopted to realize bidirectional access, because the tunnel of the VPN has higher requirement on the support of the network device, the device must support the protocol of the VPN, and the tunnel is the device which must be connected in a long way, once the device which can only transmit through short connection is encountered, the VPN can be disconnected, and at the moment, all the applications which are connected with the VPN can also be disconnected; according to the scheme, a plurality of connections can be maintained, connection is guaranteed not to be broken, a VPN is not needed in the embodiment of the application, the plurality of connections can be maintained, connection is guaranteed not to be broken, the method and the device are suitable for devices supporting long connection and devices supporting short connection, and the problems can be avoided.

In addition, in the related art, a certain strategy still needs to be set on the firewall, and the security requirement of the mechanism cannot be met; if the service requirement is increased, the number of strategies is increased by exponential number and cannot be managed; the port mapping directly exposes the port number in the public network, so that the port number is easy to attack by hackers, the port mapping bidirectional access occurs in a 4-layer protocol, encryption processing is not carried out, interception and analysis are easy to carry out, and great threats are caused to system servers and network security; because the intranet service is mapped through the ip + port, once the service performs load setting or port conversion, the setting needs to be performed again, the operation is complicated, and the user experience cannot be guaranteed if the operation is not complete.

In the embodiment of the application, after one of the two communication parties sends data, the communication connection with the gateway device can be disconnected, that is, after the data sending is completed, the connection can be disconnected, only one service is sent after each connection is completed, and when another service needs to be completed, the communication connection with the gateway device can be established again.

In the embodiment of the application, a certain strategy is not required to be set, so that the communication software and the common application transparently penetrate through one-way data exchange equipment such as a firewall and an optical shutter to carry out real-time data exchange and two-way request, and meanwhile, the one-way transmission requirements of the optical shutter/firewall and other security software are met, and great convenience is brought to the application using client, particularly the application with high real-time requirement such as the communication software.

In this embodiment of the present application, if the above communication control method is applied to a computer program, for example, when implemented in a software manner, the service needs to be deployed on both sides of a firewall, an application (Servers & Clients) needs to register forwarding and listening ports of Servers and Clients of services at both ends of Tcpbridge, and in response to a request, a service that needs real-time communication configures a communication software listening port and a background service port in a configuration service (where one port corresponds to one application (Servers & Clients), but one application may use multiple ports), a deployment process may use a software configuration manner, and a main configuration item includes:

configuration 1, public ports array of number, denoted as the port array for sockman snooping.

For example: "public ports": 8000, 8001, then means the port array of sockman snooping is 8000, 8001.

Configuration 2, debug pool, indicates whether to record debug information (where the debug information contains all received command headers, i.e. the command is the first communication command or the second communication command).

For example: "debug" means recording the debugging information if true; false indicates that no debug information is recorded.

Configuring 3 and mode string to represent the working mode of Tcpbridge, and 5 selectable values are listed, which are respectively: TCP _ client, TCP _ server, http _ client, http _ server, file.

Configuration 4, peerPortMap object, represents the port mapping when processing a remote TCP connection.

For example: "peerPortMap": 8000 { "host": 127.0.0.1 ', "port": 12345} ], "8001": 127.0.0.0.1', "port": 12346} ].

The following details are given for the different Tcpbridge modes of operation:

the mode 1 and the http _ client may specifically include the following configurations:

configuration 1: and the httpServer string is used for representing the ip or the domain name of the remote Tcpbridge or a mapping server of the data exchange equipment.

Configuration 2: and the httpPort number is used for indicating a bridge listening port of the remote Tcpbridge or a mapping port of the data switching equipment.

Configuration 3: httpPath string, used to indicate the url (Uniform Resource Locator) of the request, some boundaries have meaning when invoking the boundary-specified http wrapper service.

Configuration 4: httpContentType string, used to indicate the content-type of the request, makes sense for some boundaries that require invocation of the boundary-specified http wrapper service.

Configuration 5: the https pool is used for indicating whether to use https to initiate the request, and some boundaries have significance when needing to call the boundary-specified http packaging service.

The mode 2 and the http _ server may specifically include the following configurations:

configuration 1: httpPort number;

configuration 2: bridge of Tcpbridge listens to the port.

Mode 3: the TCP _ client may specifically include the following configurations:

configuration 1: an outServer array of objects;

configuration 2: TCP snoop address of remote Tcpbridge, for example: "outServer": 127.0.0.1, port: -8000 } ].

Mode 4: the TCP _ server may specifically include the following configurations:

configuration 1: InternalPort number;

configuration 2: TCP listening port of Tcpbridge.

Mode 5, file, may include several configurations specifically as follows:

configuration 1: a receive dir string for indicating a directory for receiving the command packet file;

configuration 2: and sendDir string, which is used for indicating the directory of the sending command packet file.

The following introduces the communication control method in the embodiment of the present application, taking as an example that the extranet client 1 requests to send data to the intranet server 1:

firstly, TCP connection is established between tcpbridge a and tcpbridge b at an initialization stage of tcpbridge a and tcpbridge b, then a CO command is sent to tcpbridge b by client 1, TCP connection is established between tcpbridge b and client 1, after TCP connection is successfully established, the CO command is sent to tcpbridge a through a polling response, tcpbridge a establishes communication connection with server 1, then server 1 returns a RE command to tcpbridge a, tcpbridge a forwards the RE command to tcpbridge b, tcpbridge b forwards the RE command to client 1, client 1 sends data to tcpbridge b, tcpbridge b converts the data into a DA command and sends the DA command to tcpbridge a through a polling response, tcpbridge a sends data in the DA command to client 1, and the detailed step is shown in fig. 13.

Referring to fig. 13, an interaction timing diagram of a communication control is shown. Assuming that communication connection is established after Tcpbridge a and Tcpbridge B are started, the specific implementation flow of the method is as follows:

step 1300: the Client sends a connection request to the Tcpbridge B;

step 1301: the Tcpbridge B establishes TCP connection with the Client, translates the connection request into a CO command and waits for polling;

step 1302: tcpbridge A sends a polling request to Tcpbridge B;

step 1303: after receiving the polling request, the Tcpbridge B sends a CO command to Tcpbridge A through a polling response;

step 1304: the Tcpbridge A determines a Server needing to establish communication connection according to the CO command, and establishes communication connection with the Server;

step 1305: the Server returns the result of successfully establishing the connection to the Tcpbridge A;

step 1306: tcpbridge A translates the result into an RE command and sends the RE command to Tcpbridge B;

step 1307: the Tcpbridge B sends the RE command to the Client;

step 1308: the Client sends data needing to be sent to the Server to the Tcpbridge B;

step 1309: the Tcpbridge B translates the data into DA commands and waits for polling;

step 1310: tcpbridge A sends a polling request to Tcpbridge B;

step 1311: after receiving the polling request, Tcpbridge B sends a DA command to Tcpbridge A through a polling response;

step 1312: the Tcpbridge A processes the DA command to determine the data which the Client needs to send to the Server;

step 1313: the Tcpbridge A sends the determined data to the Server;

step 1314: the Server sends a data receiving message to the Tcpbridge A;

step 1315: the Tcpbridge A translates the message into an RE command and sends the RE command to Tcpbridge B;

step 1316: the Tcpbridge B sends the RE command to the Client;

step 1317: the Tcpbridge B releases the TCP connection with the Client and generates an RT command;

step 1318: tcpbridge A sends a polling request to Tcpbridge B;

step 1319: after receiving the polling request, the Tcpbridge B sends an RT command to Tcpbridge A through a polling response;

step 1320: after receiving the RT command, the Tcpbridge A releases the TCP connection with the Server and generates an RA command;

step 1321: tcpbridge a sends an RA command to tcpbridge b.

As shown in fig. 14, which is a schematic structural diagram of a communication control apparatus implemented on a first network side, the communication control apparatus may include:

the first processing unit 1400 is configured to receive a polling response sent by the second gateway device, obtain at least one first communication command from the polling response, and process communication between two communication parties according to the at least one first communication command;

a first transceiver unit 1401, configured to determine at least one second communication command according to a communication behavior of one of the two communication parties, and send the at least one second communication command to the second gateway device, so that the second gateway device processes communication between the two communication parties according to the at least one second communication command;

Optionally, the first processing unit 1400 is specifically configured to:

Optionally, the first transceiving unit 1401 is specifically configured to:

Optionally, the apparatus further comprises:

a first resetting unit 1402, configured to release the TCP connection established with the second gateway device and/or all the TCP connections established with one of the two communication parties if the polling response sent by the second gateway device is not received within a first preset time, and send a reset command to the second gateway device, so that the second gateway device releases the TCP connection established with the first gateway device and/or all the TCP connections established with the other of the two communication parties; or

As shown in fig. 15, which is a schematic structural diagram of a communication control apparatus implemented on the second network side, the communication control apparatus may include:

a second transceiver 1500, configured to determine at least one first communication command according to a communication behavior of the other of the two communication parties, and send a polling response including the at least one first communication command to the first gateway device, so that the first gateway device processes communication between the two communication parties according to the at least one first communication command;

a second processing unit 1501, configured to, when at least one second communication command sent by the first gateway device is received, process communication between the two communication parties according to the at least one second communication command;

Optionally, the second transceiver unit 1500 is specifically configured to:

when the polling request is received, confirming that at least one first communication command is cached in a command queue to be sent, and caching a first communication command received by the second gateway equipment from one of the two communication parties in the command queue to be sent;

acquiring the at least one first communication command from the command queue to be sent;

assembling the at least one first communication command into a second command packet;

and carrying the assembled second command packet in the polling response and sending the polling response to the first gateway equipment.

Optionally, the second transceiver 1500 is further configured to:

the second transceiver unit 1500 is specifically configured to:

Optionally, the second processing unit 1501 is specifically configured to:

Optionally, the apparatus further comprises:

a second resetting unit 1502, configured to release a TCP connection established with the first gateway device and/or all TCP connections established with the other of the two communication parties if a second communication command sent by the first gateway device is not received within a second preset time, and send a reset command to the first gateway device, so that the first gateway device releases the TCP connection established with the second gateway device and/or all TCP connections established with one of the two communication parties; or

For convenience of description, the above parts are separately described as modules (or units) according to functional division. Of course, the functionality of the various modules (or units) may be implemented in the same one or more pieces of software or hardware when implementing the present application.

Having described the communication control method and apparatus of the exemplary embodiments of the present application, next, an apparatus for communication control according to another exemplary embodiment of the present application will be described.

As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.

In some possible embodiments, a communication control apparatus according to the present application may include at least a processor and a memory. Wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the communication control method according to various exemplary embodiments of the present application described in the specification. For example, the processor may perform the steps as shown in fig. 4.

The communication control apparatus of this embodiment is similar in structure to the communication control apparatus shown in fig. 14, and will not be described again here.

In some possible implementations, a computing device according to the present application may include at least one processor, and at least one memory. Wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps in the communication control method according to various exemplary embodiments of the present application described above in the present specification. For example, a processor may perform the steps as shown in fig. 5.

The communication control apparatus of this embodiment is similar in structure to the communication control apparatus shown in fig. 15, and will not be described again here.

The computing device 160 according to this embodiment of the present application is described below with reference to fig. 16. The computing device 160 of fig. 16 is only one example and should not impose any limitations on the functionality or scope of use of embodiments of the present application.

As shown in fig. 16, computing device 160 is in the form of a general purpose computing device. Components of computing device 160 may include, but are not limited to: the at least one processor 161, the at least one memory 162, and a bus 163 connecting the various system components including the memory 162 and the processor 161.

Bus 163 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, a processor, or a local bus using any of a variety of bus architectures.

The memory 162 may include readable media in the form of volatile memory, such as Random Access Memory (RAM)1621 and/or cache memory 1622, and may further include Read Only Memory (ROM) 1623.

Memory 162 may also include a program/utility 1625 having a set (at least one) of program modules 1624, such program modules 1624 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Computing device 160 may also communicate with one or more external devices 164 (e.g., keyboard, pointing device, etc.), with one or more devices that enable a user to interact with computing device 160, and/or with any devices (e.g., router, modem, etc.) that enable computing device 160 to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interfaces 165. Also, computing device 160 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) through network adapter 166. As shown, network adapter 166 communicates with other modules for computing device 160 over bus 163. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computing device 160, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

In some possible embodiments, various aspects of the communication control method provided by the present application may also be implemented in the form of a program product including program code for causing a computer device to perform the steps in the communication control method according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device, for example, the computer device may perform the steps as shown in fig. 4 or fig. 5.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The communication-controlled program product of an embodiment of the present application may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a computing device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with a command execution system, apparatus, or device.

A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with a command execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user computing device, partly on the user equipment, as a stand-alone software package, partly on the user computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units described above may be embodied in one unit, according to embodiments of the application. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.

Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A method of communication control, the method comprising:

wherein the polling response is sent according to a polling request sent by the first gateway device; the first communication command relates to the two communication parties, one of the two communication parties is located in a first network to which a first gateway device is connected, the other communication party is located in a second network to which a second gateway device is connected, the first communication command is determined by the second gateway device according to the communication behavior of the other of the two communication parties, and the first communication command determined for different communication behaviors of the other of the two communication parties is different, and the second communication command is determined by the first gateway device according to the communication behavior of one of the two communication parties, and the second communication command determined for different communication behaviors of the one of the two communication parties is different.

2. The method of claim 1, wherein the first gateway device receiving the polling response sent by the second gateway device comprises:

and the first gateway equipment receives the polling response sent by the second gateway equipment through a Transmission Control Protocol (TCP) between the first gateway equipment and the second gateway equipment.

3. The method of claim 1, wherein the first gateway device processing communications between the two parties according to the at least one first communication command comprises:

when the first communication command is a command for initiating a TCP connection, the first gateway device and the first communication command relate to one of the two communication parties to establish the TCP connection; or

When the first communication command is a command for ending TCP connection, the first gateway equipment releases the corresponding TCP connection according to the communication connection identifier in the command for ending TCP connection; or

And when the first communication command comprises a TCP connection establishment result or a data receiving result, the first gateway equipment sends the first communication command to one of the two communication parties.

4. The method of claim 1, wherein the processing, by the first gateway device, the communication between the two parties according to the obtained first communication command comprises:

and when the first communication command contains data which needs to be sent by the other of the two communication parties, the first gateway equipment determines that the first communication command relates to one of the two communication parties according to the communication connection identifier in the first communication command, acquires the data from the first communication command and sends the data to one of the two communication parties.

5. The method of claim 1, wherein the determining, by the first gateway device, at least one second communication command according to the communication behavior of one of the two communicating parties comprises:

if the communication behavior of one of the two communication parties is to actively establish TCP connection with the first gateway device, the first gateway device takes a command for initiating TCP connection as the second communication command; or

If the communication behavior of one of the two communication parties is to release the TCP connection with the first gateway device, the first gateway device takes a command of ending the TCP connection as the second communication command; or

If the communication behavior of one of the two communication parties is to send data to the other of the two communication parties, the first gateway device generates the second communication command containing the data which needs to be sent by one of the two communication parties; or

If the communication behavior of one of the two communication parties is to establish a TCP connection with the first gateway device after receiving a first communication command, the first gateway device generates a second communication command containing a TCP connection establishment result; or

And if the communication behavior of one of the two communication parties is to receive the data which is sent by the first gateway device and is acquired from the first communication command, the first gateway device generates the second communication command containing a data receiving result.

6. The method of any of claims 2 to 5, further comprising:

if the first gateway device does not receive the polling response sent by the second gateway device within a first preset time, the first gateway device releases the TCP connection established with the second gateway device and/or all the TCP connections established with one of the two communication parties, and sends a reset command to the second gateway device, so that the second gateway device releases the TCP connection established with the first gateway device and/or all the TCP connections established with the other of the two communication parties; or

And if the first gateway device receives a polling response which is sent by the second gateway device and contains a reset command, the first gateway device releases the TCP connection established with the second gateway device and/or all TCP connections established with one of the two communication parties.

7. A method of communication control, the method comprising:

wherein the polling response is sent according to a polling request sent by the first gateway device; the first communication command relates to the two communication parties, one of the two communication parties is located in a first network to which a first gateway device is connected, the other communication party is located in a second network to which a second gateway device is connected, the first communication command is determined by the second gateway device according to the communication behavior of the other of the two communication parties, and the first communication command is determined to be different for different communication behaviors of the other of the two communication parties, and the second communication command is determined by the first gateway device according to the communication behavior of one of the two communication parties and is different for different communication behaviors of the one of the two communication parties.

8. The method of claim 7, wherein the second gateway device sending a polling response to the first gateway device containing the at least one first communication command comprises:

the second gateway device sends a polling response containing the at least one first communication command to the first gateway device through a TCP with the first gateway device.

9. The method of claim 7, wherein the second gateway device determining at least one first communication command based on the communication behavior of the other of the two communicating parties comprises:

if the communication behavior of the other one of the two communication parties is to actively establish TCP connection with the second gateway device, the second gateway device takes a command for initiating the TCP connection as the first communication command; or

If the communication behavior of the other one of the two communication parties is to release the TCP connection with the second gateway device, the second gateway device takes a command of ending the TCP connection as the first communication command; or

If the communication behavior of the other of the two communication parties is to send data to one of the two communication parties, the second gateway device generates the first communication command containing the data required to be sent by the other of the two communication parties; or

If the communication behavior of the other one of the two communication parties is to establish TCP connection with the second gateway equipment after receiving a second communication command, the second gateway equipment generates the first communication command containing a TCP connection establishment result; or

And if the communication behavior of the other one of the two communication parties is to receive the data which is sent by the second gateway device and is acquired from the second communication command, the second gateway device generates the first communication command containing a data receiving result.

10. The method according to claim 7, wherein the second gateway device, after determining at least one first communication command according to the communication behavior of the other of the two communicating parties, further comprises, before transmitting a polling response including the at least one first communication command to the first gateway device via TCP with the first gateway device, the method further comprising:

the second gateway device caches the determined at least one first communication command to a command queue to be sent;

the second gateway device sending a polling response containing the at least one first communication command to the first gateway device through a TCP with the first gateway device, including:

and when receiving the polling request sent by the first gateway device, the second gateway device acquires the at least one first communication command from the command queue to be sent, and sends the polling response carried with the at least one first communication command to the first gateway device through a TCP between the second gateway device and the first gateway device.

11. The method of claim 7, wherein the second gateway device processing the communication between the two parties of communication according to the at least one second communication command comprises:

when the second communication command is a command for initiating a TCP connection, the second gateway device establishes a TCP connection with the other of the two communication parties; or

When the second communication command is a command for ending the TCP connection, the second gateway device releases the corresponding TCP connection according to the communication connection identifier in the command for ending the TCP connection; or

And when the second communication command comprises a TCP connection establishment result or a data receiving result, the second gateway equipment sends the second communication command to the other party of the two communication parties.

12. The method of claim 7, wherein the second gateway device processing the communication between the two parties of communication according to the at least one second communication command comprises:

and when the second communication command contains data which needs to be sent by one of the two communication parties, the second gateway device determines the other of the two communication parties according to the communication connection identifier in the second communication command, acquires the data from the second communication command and sends the data to the other of the two communication parties.

13. The method of any of claims 8 to 12, further comprising:

if the second gateway device does not receive the second communication command sent by the first gateway device within a second preset time, the second gateway device releases the TCP connection established with the first gateway device and/or all TCP connections established with the other of the two communication parties, and sends a reset command to the first gateway device, so that the first gateway device releases the TCP connection established with the second gateway device and/or all TCP connections established with one of the two communication parties; or

And if the second gateway equipment receives the reset command sent by the first gateway equipment, the second gateway equipment releases the TCP connection established with the first gateway equipment and/or all TCP connections established with the other party of the two communication parties.

14. An apparatus for communication control, comprising:

15. The apparatus as claimed in claim 14, wherein said first processing unit is specifically configured to:

16. The apparatus as claimed in claim 14, wherein said first processing unit is specifically configured to:

17. The apparatus as claimed in claim 14, wherein said first processing unit is specifically configured to:

18. The apparatus as claimed in claim 14, wherein said first transceiver unit is specifically configured to:

19. The apparatus of any of claims 15 to 18, further comprising:

20. An apparatus for communication control, comprising:

21. The apparatus as claimed in claim 20, wherein said second transceiver unit is specifically configured to:

22. The apparatus as claimed in claim 20, wherein said second transceiver unit is specifically configured to:

23. The apparatus as recited in claim 20, wherein said second transceiver unit is further configured to:

the second transceiver unit is specifically configured to:

24. The apparatus as claimed in claim 20, wherein said second processing unit is specifically configured to:

25. The apparatus as claimed in claim 20, wherein said second processing unit is specifically configured to:

26. The apparatus of any of claims 21 to 25, further comprising:

27. An electronic device comprising a processor and a memory, wherein the memory stores program code which, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1 to 6 or 7 to 13.

28. A computer-readable storage medium, characterized in that it comprises program code for causing a communication control apparatus to carry out the steps of the method of any one of claims 1 to 6 or 7 to 13, when said storage medium is run on said communication control apparatus.