CN110557462A - distributed access system based on public agent - Google Patents

distributed access system based on public agent Download PDF

Info

Publication number
CN110557462A
CN110557462A CN201910683148.2A CN201910683148A CN110557462A CN 110557462 A CN110557462 A CN 110557462A CN 201910683148 A CN201910683148 A CN 201910683148A CN 110557462 A CN110557462 A CN 110557462A
Authority
CN
China
Prior art keywords
agent
resources
module
resource
connection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910683148.2A
Other languages
Chinese (zh)
Other versions
CN110557462B (en
Inventor
李少敏
王凯峰
匡凡
明树新
许云飞
王志飞
陈文贤
周立
曹首峰
张晓航
何成海
张凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Tianyuan Te Tong Science And Technology Ltd
National Computer Network and Information Security Management Center
Original Assignee
Beijing Tianyuan Te Tong Science And Technology Ltd
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Tianyuan Te Tong Science And Technology Ltd, National Computer Network and Information Security Management Center filed Critical Beijing Tianyuan Te Tong Science And Technology Ltd
Priority to CN201910683148.2A priority Critical patent/CN110557462B/en
Publication of CN110557462A publication Critical patent/CN110557462A/en
Application granted granted Critical
Publication of CN110557462B publication Critical patent/CN110557462B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2858Access network architectures
    • H04L12/2859Point-to-point connection between the data network and the subscribers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2521Translation architectures other than single NAT servers
    • H04L61/2528Translation at a proxy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms
    • H04L67/1065Discovery involving distributed pre-established resource-based relationships among peers, e.g. based on distributed hash tables [DHT] 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/566Grouping or aggregating service requests, e.g. for unified processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a distributed access system based on a public agent, which mainly comprises an access management component, a data processing component and an agent resource management component; the access management part receives and analyzes the user data, performs address translation and establishes a connection tracking table after acquiring quintuple information, and then transmits the user data to the data processing part; the agent resource management component selects agents meeting the requirements according to the agent resource use strategy specified by the user and transmits the agents to the data processing component; and the data processing component establishes connection with the corresponding proxy server, establishes a connection mapping table, and then encapsulates the user data and sends out the user data. The system can realize the access of available public agent resources, solves the problem of instability caused by the agent resources, and greatly saves cost.

Description

distributed access system based on public agent
Technical Field
The invention provides a distributed access system based on a public agent, belonging to the technical field of network communication.
Background
with the increasing number of computers accessing the internet, the IP address resources are becoming more and more popular. The traditional method for solving the problem of insufficient IP addresses is based on an NAT gateway access method. The basic principle of the NAT-based gateway access method is as follows: when a user sends a connection request, the NAT gateway translates the uplink data packet address carrying the private IP source address into an uplink data packet carrying the public IP source address, and the connection tracking in the process is stored by adopting a connection information table. And finally sending the uplink data packet subjected to address translation to a corresponding target on the Internet. After receiving the user request, the target generates a response packet, searches a path in the return from the connection information table through the NAT gateway, translates the address of the downlink data packet carrying the public IP source address into the downlink data packet carrying the private IP source address, and finally sends the downlink data packet to the network machine in the application room.
The limitations of the access method using the NAT technology are that the types and the number of accessible public IP address resources are not large, and the cost of applying for the public IP address resources from the ISP or the registration center is high.
disclosure of Invention
In view of this, the present invention provides a distributed access system based on public agents, which can access available public agent resources, solve the problem of instability caused by the agent resources themselves, and greatly save cost.
the technical scheme for realizing the invention is as follows:
a distributed access system based on public agent is mainly composed of an access management component, a data processing component and an agent resource management component;
the access management part receives and analyzes the user data, performs address translation and establishes a connection tracking table after acquiring quintuple information, and then transmits the user data to the data processing part;
The agent resource management component selects agent resources meeting the requirements according to an agent resource use strategy specified by a user and transmits the agent resources to the data processing component;
And the data processing component establishes connection with the selected proxy resource, establishes a connection mapping table, and then encapsulates the user data and sends out the encapsulated user data.
Furthermore, the access management component of the invention comprises a message transceiving interface management module, a message analysis module, an address translation module, a connection tracking management module and a virtual network card interface module;
The message receiving and sending interface management module is used for acquiring user data and returning response data acquired from the message analysis module to the user Internet machine;
The message analysis module analyzes the user data to obtain five-tuple information of the data, and the five-tuple information is processed by the address translation module and finally the user data is written into the virtual network card;
The virtual network card interface module acquires a new virtual IP address from a virtual network port management module of the data processing part, wherein the virtual IP address is other IP addresses in the same network segment as the current virtual network card IP address;
the address translation module converts user data quintuple information, the conversion comprises IP address layer and port layer conversion, and the IP address layer conversion comprises: converting the original quintuple source address into a virtual IP address, converting the original quintuple destination address into a virtual network card IP address, and converting the port layer into: converting an original quintuple destination port into a port monitored by a virtual network card;
and the connection tracking management module is used for establishing a connection tracking table and writing the quintuple information and the quintuple information after address translation into a corresponding table entry.
furthermore, the access management component of the present invention further includes a gateway management module, which is used for maintaining the ARP/ICMP stack, responding to the ARP and ICMP requests of the user internet access devices in time, maintaining the communication connection with the plurality of user internet access devices, and forwarding the user data.
furthermore, the data processing component of the invention comprises a virtual network port management module, an agent communication module, a data analysis and encapsulation module, a connection tracking management module, a TCP/UDP concurrent connection management module and a connection aging destruction module;
The virtual network port management module is responsible for creating a virtual network card, setting an IP address for the virtual network card, creating other virtual IP addresses in the same network segment and monitoring a fixed port; the virtual network card IP and the virtual IP address are used by the access management component;
The TCP/UDP concurrent connection management module monitors the management and the event of the concurrent connection and triggers the proxy communication module when acquiring a connection;
The data analysis and encapsulation module is responsible for analyzing and encapsulating the user data;
the agent communication module establishes connection according to the agent resource selected in the agent resource management component when triggered, and sends out the user data;
the connection aging destruction module is used for notifying the access management component and the agent resource management component to release corresponding resources when receiving a connection disconnection event;
And the connection tracking management module is used for establishing a connection mapping table to realize the association of uplink and downlink data.
Furthermore, the agent resource management component of the invention comprises an agent interface management module, a resource selection strategy management module and an outlet resource management module;
the exit resource management module presents the marked and maintained available agent resources to a user;
The resource selection strategy management module acquires resource outlet strategy information selected by a user;
The agent interface management module is used for managing various types of agent resources and finishing the selection of the actual agent resources according to the resource strategy information selected by the user.
Furthermore, the agent interface management module of the invention comprises agent transceiving interface packaging, agent type management and agent resource acquisition.
Further, the proxy resource of the present invention, 1) can be divided into: FTP proxy, HTTP proxy, SSL/TLS proxy, SOCKS proxy; 2) according to the anonymity degree, the method can be divided into: a high anonymity proxy, a common anonymity proxy, a transparent proxy, a obfuscation proxy; 3) the result mark of the website access according to verification can be divided into: domestic resources, overseas resources.
Further, the proxy resources described in the present invention are roughly divided into three types from the state: the resource management method comprises candidate resources, offline resources and online resources, wherein the candidate resources refer to resources which are acquired from the Internet and are not verified by a system, the online resources refer to resources which are verified by the system from the offline resources, and the offline resources refer to resources which are invalid in confirmation.
advantageous effects
First, the present invention constructs a distributed access system by using the proxy service disclosed in the internet, increases the types and the number of the export resources of the access system, enriches the available resources of the access system, shields the proxy of multi-proxy switching and the restriction of proxy application scenarios, solves the instability problem caused by proxy resources, and greatly saves the cost.
Secondly, the invention realizes the distributed access system by using the public agent resource, so that the user can simultaneously use a plurality of agent resources to access the Internet, thereby saving the time overhead generated by local configuration and shielding the overhead of manually switching the agents.
thirdly, the invention shields the application scene of the agent by using the public agent resource to realize the distributed access method. That is, when the user uses a plurality of proxy resources at the same time, the system automatically selects the proxy resource using the corresponding protocol each time the corresponding application is initiated, for example, the http proxy serves the http protocol, and the sock-type proxy serves the tcp/udp protocol. The user does not need to care about the problem of adaptation of the currently used agent and the network protocol, the requirement of multi-user distributed access is met, the sources, types and quantity of agent resources are expanded, and the cost is greatly saved.
Fourthly, the invention divides the proxy resources into three types from the state, and well solves the problem of instability caused by the proxy resources by the means of proxy resource availability verification and proxy resource validity maintenance.
Drawings
FIG. 1 is a diagram of a user usage scenario;
FIG. 2 is a schematic diagram of the overall architecture of the system.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention.
The present invention relates to a scenario of a user accessing the internet, which is roughly described as follows: as shown in fig. 1, a user acquires and selects proxy information (including an IP address and a port) that the user wants to use on an intranet machine, and performs address translation and connection tracking on a data packet through a proxy gateway, so as to convert a direct interaction mode between the user and a target into an interaction mode between a proxy resource (i.e., a proxy server) and the target. And then the proxy gateway packages the data packet and sends the data packet to the proxy resource, the proxy resource is connected with a target website on the Internet, the requested response content is obtained from the target website and returned to the proxy gateway, and then the proxy gateway returns the response content to the user Internet machine.
The overall architecture of the system constructed by the invention mainly comprises three components, namely an access management component, a data processing component and an agent resource management component, which are specifically shown in fig. 2.
the user internet machine is directly connected to the access management means which acts like a gateway and is responsible for receiving user data. The access management component receives the user data and then analyzes the user data by using a message analysis module, changes a source address into a virtual IP address, changes a destination address and a destination port into an IP address of a virtual network card and a monitoring port of the virtual network card, then establishes a connection tracking table, finally writes the user data into the virtual network card through the message analysis module, transmits the user data to the data processing component, and also reads the response data from the virtual network card through the message analysis module.
The agent resource management component selects the agent resource meeting the requirement according to the resource export strategy specified by the user and transmits the agent resource to the data processing component.
The data processing part acquires the user data from the access management part, establishes corresponding proxy connection, establishes a connection mapping table, and then sends the user data to a target of the Internet through the established proxy connection according to the proxy information given by the user in the proxy resource management part.
The flow of response data returned from the internet to the user intranet machine is reverse.
An access management unit:
the system comprises a message receiving and sending interface management module, a message analysis module, a gateway management module, an address translation module, a connection tracking management module and a virtual network card interface module.
The access management part acquires user data through the message transceiving interface management module, analyzes the user data by using the message analysis module to acquire quintuple information of the data, and simultaneously acquires a new virtual IP address (other IP in the same network segment as the virtual network card IP address) by using the virtual network card interface module. And then the address translation module supports the conversion of user data quintuple information, namely, an IP address layer (a source address is converted into a virtual IP address, and a destination IP address is converted into a virtual network card IP address) and a port layer conversion (a destination port is converted into a virtual network card monitoring port) are provided. And then establishing a connection table through a connection tracking management module, wherein each connection table entry corresponds to one quintuple, and each quintuple corresponds to each session generated when the user accesses the Internet one by one. And finally, after the user data is repackaged by using the message parsing module, writing the user data into the virtual network card, namely, transmitting the data to the data processing component, and ending the processing of the uplink flow by the access management component.
the access management part reads response data from the virtual network card through the message analysis module, inquires a connection table in the connection tracking management module to obtain quintuple information of the original message, repackages the data by using the message analysis module, and finally returns the data to the user host through the message transceiving interface management module until the downlink flow is processed.
the access management part has gateway management function, has ARP/ICMP stack maintenance function, is responsible for responding ARP and ICMP requests of the user host in time, maintains communication connection with a plurality of user hosts, and forwards user data, and plays a role similar to a gateway.
A data processing section:
The system comprises a virtual internet access management module, an agent communication module, a data analysis and encapsulation module, a connection tracking management module, a TCP/UDP (transmission control protocol/user datagram protocol) concurrent connection management module and a connection aging destruction module. The data processing part mainly acquires user data from the virtual network card, writes response data into the virtual network card and returns the response data to the access management part.
The data processing part is responsible for creating a virtual network card through a virtual network port management module, and performs TCP/UDP concurrent connection management through a TCP/UDP concurrent connection management module, wherein the TCP/UDP connection is a socket connection created based on a linux system standard API, and the epoll mode is used for monitoring the management and events of the concurrent connection.
the data analysis and encapsulation module is responsible for analyzing and encapsulating user data, the encapsulated uplink user data is sent to the agent communication module through a circulating queue, and the data processing component acquires and analyzes returned downlink data from the queue through the data analysis and encapsulation module.
When a connection is obtained, the agent communication module establishes a connection with the agent resource according to the agent information specified in the user-selected resource strategy in the agent resource management component, then establishes a connection between the agent resource and the target according to the target information in the user data, and finally sends out the user data. The connection tracking management module is used for reversely establishing the connection mapping table, so that the association of uplink data and downlink data is realized, and a complete connection message is maintained.
The data processing component can simultaneously acquire a connection disconnection event, the connection disconnection event can be triggered by a user or triggered by proxy resources, when the data processing component acquires the connection disconnection event, the connection aging destruction module can be informed of the connection aging destruction module, the connection aging destruction module can sequentially inform the access management component through a thread communication mechanism, the proxy resource management component releases corresponding resources, and certainly, the data processing component can also release resources, such as connection table release, descriptor release and the like.
a proxy resource management component:
The system comprises an agent interface management module, a resource selection strategy management module and an outlet resource management module. The agent resource management component presents the marked and maintained available agent resources to the user through the outlet resource management module, and acquires the resource strategy information selected by the user through the resource selection strategy management module. And acquiring the proxy resource specified by the user through the proxy interface management module.
the proxy interface management module comprises proxy transceiving interface packaging, proxy type (SOCKS, HTTP, SHADOOWSOCKS) management and proxy resource acquisition. The agent interface management module is responsible for uniformly packaging the agent transceiving interface, the agent interface management is used as a module of the agent resource management component, the agent resource management component does not need to care about the details of the flow of each type of agent, and the agent transceiving interface provided by the agent interface management module can be directly used for transceiving data. The agent interface management module manages various types (SOCKS, HTTP and SHADOWNSOCKS) of agent resources, and completes the selection of actual agent resources according to resource strategy information specified by a user in the resource selection strategy management module. All the agents access to the implementation process, the negotiation process is independent and not interfered with each other, and each user can select various agents to surf the internet at the same time. Of course, there is a special proxy resource obtaining module in charge of obtaining the proxy resource information from the egress resource management module.
the resource selection policy management module assigns certain agent attributes to the user according to the agent resource information.
The exit resource management module comprises agent resource marking and agent resource maintenance.
The proxy resources are classified differently according to different labeling methods. 1) According to the protocol types, the protocol can be divided into: FTP proxy, HTTP proxy, SSL/TLS proxy, SOCKS proxy; 2) according to the anonymity degree, the method can be divided into: a high anonymity proxy, a common anonymity proxy, a transparent proxy, a obfuscation proxy; 3) the result mark of the website access according to verification can be divided into: domestic resources, overseas resources.
the agent resource maintenance mainly comprises agent resource availability verification and validity maintenance. The proxy resources mentioned in the present invention are roughly classified into three types from the state: candidate resources, offline resources, online resources. The candidate resource refers to a resource acquired from the internet but not verified by the system. An online resource refers to a resource that has been system verified from an offline resource. An offline resource refers to a resource for which an acknowledgement is invalid. The method comprises the steps of detecting proxy resources regularly and automatically for multiple times, verifying the availability of the proxy resources by accessing a specific website, removing unavailable proxy resources, storing various attributes of the verified effective proxy resources according to the configured proper storage time, re-verifying the resources exceeding the storage time, and deleting the proxy resources failed in re-verification.
The invention constructs a distributed access system based on public proxy resources, saves cost by utilizing the public proxy server, increases the types and the quantity of export resources of the access system and enriches the available resources of the access system.
in summary, the above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A distributed access system based on public agent is characterized in that the system is mainly composed of an access management component, a data processing component and an agent resource management component;
The access management part receives and analyzes the user data, performs address translation and establishes a connection tracking table after acquiring quintuple information, and then transmits the user data to the data processing part;
The agent resource management component selects agent resources meeting the requirements according to an agent resource use strategy specified by a user and transmits the agent resources to the data processing component;
and the data processing component establishes connection with the selected proxy resource, establishes a connection mapping table, and then encapsulates the user data and sends out the encapsulated user data.
2. The distributed access system based on public agency of claim 1, wherein the access management component comprises a message transceiving interface management module, a message parsing module, an address translation module, a connection tracking management module and a virtual network card interface module;
the message receiving and sending interface management module is used for acquiring user data and returning response data acquired from the message analysis module to the user Internet machine;
The message analysis module analyzes the user data to obtain five-tuple information of the data, and the five-tuple information is processed by the address translation module and finally the user data is written into the virtual network card;
The virtual network card interface module acquires a new virtual IP address from a virtual network port management module of the data processing part, wherein the virtual IP address is other IP addresses in the same network segment as the current virtual network card IP address;
The address translation module converts user data quintuple information, the conversion comprises IP address layer and port layer conversion, and the IP address layer conversion comprises: converting the original quintuple source address into a virtual IP address, converting the original quintuple destination address into a virtual network card IP address, and converting the port layer into: converting an original quintuple destination port into a port monitored by a virtual network card;
And the connection tracking management module is used for establishing a connection tracking table and writing the quintuple information and the quintuple information after address translation into a corresponding table entry.
3. the distributed public agent based access system of claim 2 wherein said access management means further comprises a gateway management module for maintaining an ARP/ICMP stack, responding to ARP and ICMP requests from the user network computers in time, maintaining communication connections with the plurality of user network computers, and forwarding user data.
4. the distributed access system based on the public agent according to claim 1, wherein the data processing means comprises a virtual network port management module, an agent communication module, a data parsing and packaging module, a connection tracking management module, a TCP/UDP concurrent connection management module and a connection aging destruction module;
The virtual network port management module is responsible for creating a virtual network card, setting an IP address for the virtual network card, creating other virtual IP addresses in the same network segment and monitoring a fixed port; the virtual network card IP and the virtual IP address are used by the access management component;
The TCP/UDP concurrent connection management module monitors the management and the event of the concurrent connection and triggers the proxy communication module when acquiring a connection;
The data analysis and encapsulation module is responsible for analyzing and encapsulating the user data;
the agent communication module establishes connection according to the agent resource selected in the agent resource management component when triggered, and sends out the user data;
The connection aging destruction module is used for notifying the access management component and the agent resource management component to release corresponding resources when receiving a connection disconnection event;
And the connection tracking management module is used for establishing a connection mapping table to realize the association of uplink and downlink data.
5. The distributed access system based on public agency of claim 1, wherein the agency resource management component comprises an agency interface management module, a resource selection policy management module and an export resource management module;
the exit resource management module presents the marked and maintained available agent resources to a user;
the resource selection strategy management module acquires resource outlet strategy information selected by a user;
the agent interface management module is used for managing various types of agent resources and finishing the selection of the actual agent resources according to the resource strategy information selected by the user.
6. The distributed public agent-based access system of claim 5, wherein the agent interface management module comprises agent transceiving interface encapsulation, agent type management, agent resource acquisition.
7. The public agent based distributed access system of claim 5 wherein the agent resources are classified, 1) according to protocol type, as: FTP proxy, HTTP proxy, SSL/TLS proxy, SOCKS proxy; 2) according to the anonymity degree, the method can be divided into: a high anonymity proxy, a common anonymity proxy, a transparent proxy, a obfuscation proxy; 3) the result mark of the website access according to verification can be divided into: domestic resources, overseas resources.
8. The public agent based distributed access system of claim 7 wherein said agent resources are broadly categorized into three types: the resource management method comprises candidate resources, offline resources and online resources, wherein the candidate resources refer to resources which are acquired from the Internet and are not verified by a system, the online resources refer to resources which are verified by the system from the offline resources, and the offline resources refer to resources which are invalid in confirmation.
CN201910683148.2A 2019-07-26 2019-07-26 Distributed access system based on public agent Active CN110557462B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910683148.2A CN110557462B (en) 2019-07-26 2019-07-26 Distributed access system based on public agent

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910683148.2A CN110557462B (en) 2019-07-26 2019-07-26 Distributed access system based on public agent

Publications (2)

Publication Number Publication Date
CN110557462A true CN110557462A (en) 2019-12-10
CN110557462B CN110557462B (en) 2022-11-25

Family

ID=68736513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910683148.2A Active CN110557462B (en) 2019-07-26 2019-07-26 Distributed access system based on public agent

Country Status (1)

Country Link
CN (1) CN110557462B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995339A (en) * 2021-04-16 2021-06-18 湖南联智科技股份有限公司 Automatic adaptive sensor data analysis method based on dynamic byte code technology
CN116708551A (en) * 2022-09-27 2023-09-05 荣耀终端有限公司 Proxy internet surfing method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080107112A1 (en) * 2006-11-03 2008-05-08 Hon Hai Precision Industry Co., Ltd. Network device and packet forwarding method thereof
US20090106830A1 (en) * 2005-06-03 2009-04-23 Thomas Maher Secure Network Communication System and Method
CN101931635A (en) * 2009-06-18 2010-12-29 北京搜狗科技发展有限公司 Network resource access method and proxy device
CN109743238A (en) * 2018-12-27 2019-05-10 北京天元特通信息技术股份有限公司 A kind of distributed access systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090106830A1 (en) * 2005-06-03 2009-04-23 Thomas Maher Secure Network Communication System and Method
US20080107112A1 (en) * 2006-11-03 2008-05-08 Hon Hai Precision Industry Co., Ltd. Network device and packet forwarding method thereof
CN101931635A (en) * 2009-06-18 2010-12-29 北京搜狗科技发展有限公司 Network resource access method and proxy device
CN109743238A (en) * 2018-12-27 2019-05-10 北京天元特通信息技术股份有限公司 A kind of distributed access systems

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112995339A (en) * 2021-04-16 2021-06-18 湖南联智科技股份有限公司 Automatic adaptive sensor data analysis method based on dynamic byte code technology
CN116708551A (en) * 2022-09-27 2023-09-05 荣耀终端有限公司 Proxy internet surfing method and device
CN116708551B (en) * 2022-09-27 2024-04-02 荣耀终端有限公司 Proxy internet surfing method and device

Also Published As

Publication number Publication date
CN110557462B (en) 2022-11-25

Similar Documents

Publication Publication Date Title
US8289968B1 (en) Distributed network address translation in computer networks
US20110317554A1 (en) Distributed and Scalable Network Address Translation
WO2021073565A1 (en) Service providing method and system
US10320788B2 (en) Method for transferring authorization information, relay device, and server
CN112583618B (en) Method, device and computing equipment for providing network service for business
US10191760B2 (en) Proxy response program, proxy response device and proxy response method
JP5753172B2 (en) Management method and management device for network address translation
EP2499787A2 (en) Smart client routing
CN108259632B (en) CGN implementation method and device
US9654540B2 (en) Load balancing among network servers
CN111327668B (en) Network management method, device, equipment and storage medium
CN113810512A (en) Internet of things terminal access system, method and device and storage medium
CN110557462B (en) Distributed access system based on public agent
WO2011140910A1 (en) Service process unit and method, and service control gateway and load equalization method
US20130262637A1 (en) Dns proxy service for multi-core platforms
CN104065688B (en) A kind of method and device for calling underlying services
US20140185626A1 (en) Systems and Methods for Providing a ReNAT Virtual Private Network
US20140189793A1 (en) Virtual file system for interworking between content server and information-centric network server and operating method thereof
TW201818699A (en) Data transmission method, equipment, device and system
JP6990647B2 (en) Systems and methods that provide a ReNAT communication environment
CN113014680A (en) Broadband access method, device, equipment and storage medium
CN116320061A (en) Resource access method, electronic equipment and computer readable storage medium
CN107979656B (en) Method for supporting dynamic identification of incoming flow by static NAT service
WO2023007248A1 (en) System and method for independent binding of virtual networks overlay using a physical network topology
US20230412558A1 (en) Methods and Apparatuses for Implementing a Service Request

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant