CN112887255A - Network communication method and device - Google Patents

Network communication method and device Download PDF

Info

Publication number
CN112887255A
CN112887255A CN201911200174.1A CN201911200174A CN112887255A CN 112887255 A CN112887255 A CN 112887255A CN 201911200174 A CN201911200174 A CN 201911200174A CN 112887255 A CN112887255 A CN 112887255A
Authority
CN
China
Prior art keywords
domain name
address
server
target domain
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201911200174.1A
Other languages
Chinese (zh)
Inventor
万明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yiyi Education Information Consulting Co ltd
Original Assignee
Beijing Yiyi Education Information Consulting Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yiyi Education Information Consulting Co ltd filed Critical Beijing Yiyi Education Information Consulting Co ltd
Priority to CN201911200174.1A priority Critical patent/CN112887255A/en
Publication of CN112887255A publication Critical patent/CN112887255A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • H04L67/5683Storage of data provided by user terminals, i.e. reverse caching

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a network communication method and a device, which are applied to a network agent module, wherein the network agent module is integrated in a client, analyzes a network request sent by the client to obtain a target domain name, acquires a first IP address corresponding to the target domain name from a domain name analysis server defaulted by a local gateway, and sends the first IP address to an HTTPDNS server to judge whether the first IP address is hijacked or not, and if the first IP address is not hijacked, the IP address is determined to be credible; if the client is hijacked, the HTTPDNS server returns a credible IP address, and establishes safe communication between the network proxy module and a target server corresponding to a target domain name according to the credible IP address to realize the safe communication between the client and the target server.

Description

Network communication method and device
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a network communication method and apparatus.
Background
A Domain Name System (DNS), which is a distributed database on the Internet in which Domain names and Internet Protocol (IP) addresses are mapped to each other, allows users to access the Internet more conveniently.
At present, China has a plurality of communication network service operators, and the technical strength of the communication network service operators is different, so that the network security problem is caused. If users access an insecure network, when the users use client programs to send network requests, problems that DNS is hijacked or request contents are hijacked and tampered can occur, if the problems occur, normal use of the client programs by the users is affected, even some insecure fraud information can be displayed to the users, and serious consequences are caused.
Disclosure of Invention
In view of this, the present invention provides a network communication method and device, and provides a method for solving a DNS hijacking problem across operating systems, so as to implement secure communication between a client and a target server. The technical scheme is as follows:
in a first aspect, the present invention discloses a network communication method, which is applied to a network proxy module, the network proxy module is integrated in a client, and the method includes:
analyzing the network request sent by the client to obtain a target domain name of the network request;
acquiring a first IP address corresponding to the target domain name from a default domain name resolution server of a local gateway;
sending the first IP address to an HTTPDNS server so that the HTTPDNS server judges whether the first IP address is hijacked or not;
after receiving a first feedback message of the first IP address safety returned by the HTTPDNS server, determining that the first IP address is credible;
after receiving a second feedback message returned by the HTTPDNS server that the first IP address is hijacked, obtaining a credible IP address corresponding to the target domain name from the second feedback message;
and establishing communication between the network agent module and a target server corresponding to the target domain name according to the credible IP address corresponding to the target domain name.
Optionally, the method further comprises:
and storing the target domain name and the credible IP address corresponding to the target domain name into a local storage space of the network agent module.
Optionally, before the obtaining the first IP address corresponding to the target domain name from the default domain name resolution server of the local gateway, the method further includes:
searching whether an IP address corresponding to the target domain name exists in the domain name and the corresponding IP address stored in the local storage space of the network agent module;
if the IP address corresponding to the target domain name exists in the local storage space, determining that the IP address is credible;
and if the IP address corresponding to the target domain name does not exist in the local storage space, executing the step of acquiring the first IP address corresponding to the target domain name from a default domain name resolution server of the local gateway.
Optionally, establishing communication between the network proxy module and the target server corresponding to the target domain name according to the trusted IP address corresponding to the target domain name includes:
receiving the network request sent by the client, and sending the network request to the target server in a tunnel mode;
and receiving a response message returned by the target server in a tunnel mode, and sending the response message to the client.
Optionally, the establishing, according to the trusted IP address corresponding to the target domain name, communication between the network proxy module and the target server corresponding to the target domain name includes:
detecting whether the connection between the credible IP address corresponding to the target domain name and the target server is successful;
if the connection between the credible IP address corresponding to the target domain name and the target server is successful, realizing data interaction between the network agent module and the target server corresponding to the target domain name through the connection;
if the connection between the credible IP address corresponding to the target domain name and the target server fails, continuing to connect the credible IP address corresponding to the target domain name with the target server again, and generating a connection failure message when the number of reconnection failures reaches a preset number.
Optionally, the method further comprises:
and when the HTTPDNS server is requested to fail, acquiring a credible IP address corresponding to the target domain name from a credible domain name resolution server.
In a second aspect, the present invention discloses a network communication device, which is applied to a network proxy module, the network proxy module is integrated in a client, and the device includes:
the analysis unit is used for analyzing the network request sent by the client to obtain a target domain name of the network request;
a first obtaining unit, configured to obtain a first IP address corresponding to the target domain name from a default domain name resolution server of a local gateway;
a sending unit, configured to send the first IP address to an http dns server, so that the http dns server determines whether the first IP address is hijacked;
a first determining unit, configured to determine that the first IP address is trusted after receiving a first feedback message that is returned by the http dns server and that is secure for the first IP address;
a second obtaining unit, configured to, after receiving a second feedback message that the first IP address is hijacked and that is returned by the http dns server, obtain, from the second feedback message, a trusted IP address corresponding to the target domain name;
and the communication connection establishing unit is used for establishing communication between the network agent module and a target server corresponding to the target domain name according to the credible IP address corresponding to the target domain name.
Optionally, the method further comprises: a searching unit and a second determining unit;
the searching unit is used for searching whether an IP address corresponding to a target domain name exists in the domain name and the corresponding IP address stored in the local storage space of the network agent module; if the IP address corresponding to the target domain name does not exist in the local storage space, triggering the first acquisition unit to acquire the first IP address corresponding to the target domain name from a default domain name resolution server of the local gateway;
and the second determining unit is used for determining that the IP address is credible when the IP address corresponding to the target domain name exists in the local storage space.
In a third aspect, the present invention discloses a storage medium, where the storage medium stores a program, and when the program runs, a device in which the storage medium is located is controlled to execute the network communication method disclosed in any one of the possible implementation manners of the first aspect.
In a fourth aspect, the invention discloses a computer device comprising a processor and a memory;
a program is stored in the memory;
the processor is configured to call a program stored in the memory to perform the network communication method disclosed in any one of the possible implementation manners of the first aspect.
The technical scheme shows that the invention discloses a network communication method and a device, which are applied to a network agent module, wherein the network agent module is integrated in a client, analyzes a network request sent by the client to obtain a target domain name, acquires a first IP address corresponding to the target domain name from a domain name analysis server defaulted by a local gateway, and sends the first IP address to an HTTPDNS server to judge whether the first IP address is hijacked or not, and if the first IP address is not hijacked, the IP address is determined to be credible; if the client is hijacked, the HTTPDNS server returns a credible IP address, and establishes safe communication between the network proxy module and a target server corresponding to a target domain name according to the credible IP address to realize the safe communication between the client and the target server.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flow chart of a network communication method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of another network communication method disclosed in the embodiment of the present invention;
fig. 3 is a schematic structural diagram of a network communication device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of another network communication device according to an embodiment of the disclosure;
fig. 5 is a schematic structural diagram of another network communication device according to an embodiment of the disclosure;
fig. 6 is a schematic structural diagram of another network communication device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
China has many communication network service operators, which have varying technical strength and thus raise network security problems. If users access an insecure network, when the users use client programs to send network requests, problems that DNS is hijacked or request contents are hijacked and tampered can occur, if the problems occur, normal use of the client programs by the users is affected, even some insecure fraud information can be displayed to the users, and serious consequences are caused.
In order to solve the problem, the invention discloses a network communication method and a device, which provide a credible IP address corresponding to a target domain name and establish the communication between a network agent module and a target server corresponding to the credible IP address, and the scheme is used as the network agent module to operate in a client, so that a network request does not need to be sent to a proxy server at a far-end network side, and the transmission time from the client to a server at the far-end network side is saved; and providing a credible IP address corresponding to the target domain name, establishing the safe communication between the network agent module and the target server corresponding to the target domain name, and realizing the safe communication between the client and the target server.
Fig. 1 is a schematic flow chart of a network communication method according to an embodiment of the present invention, where the method operates in a client as a network proxy module, and the network proxy module operates as a lightweight thread in a resident thread of a client program. The client starts the network agent module, the client forwards all network requests to the network agent module, and the network agent module can prevent DNS hijacking and content hijacking by using the following procedures.
As shown in fig. 1, the method may include the steps of:
s101: and analyzing the network request sent by the client to obtain the target domain name of the network request.
In an embodiment of the present invention, the network agent module monitors a network request sent by the client, and according to a format requirement of an agent protocol, the client sends a data packet to the network agent module, and the network agent module receives the data packet and then resolves the network request according to the agent protocol to obtain the target domain name.
The client side carries out indirect communication with the target server through the network agent module, and a selected protocol is used as configuration parameters to be transmitted to the network agent module when the client side starts the network agent module when the network agent module is connected with the server.
It should be noted that a hypertext Transfer Protocol (HTTP) proxy Protocol is a general proxy Protocol based on the HTTP Protocol. There are other types of proxy protocols depending on the proxy implementation, and the present invention preferably employs the HTTP proxy protocol.
Compared with a network proxy server on a network side, the network proxy module operates on the client side, data interaction between the client and the network proxy module does not need to be transmitted through an external public network, time consumed by the data interaction between the network proxy module and the client is greatly shortened, and response speed of network requests is improved.
S102: and acquiring a first IP address corresponding to the target domain name from a default domain name resolution server of the local gateway.
Firstly, a default list of domain name resolution servers of a local gateway is obtained, then, a domain name resolution server in the list of the domain name resolution servers is used for requesting the domain name resolution server to carry out address resolution on a target domain name, and an IP address corresponding to the target domain name is obtained and is called as a first IP address.
The local gateway refers to a gateway device provided by a local network operator. The network proxy module communicates with a default domain name resolution server based on a User Datagram Protocol (UDP).
S103: and sending the first IP address to an HTTPDNS server so that the HTTPDNS server judges whether the first IP address is hijacked or not.
And executing S104 after receiving a first feedback message that the first IP address returned by the HTTPDNS server is safe, and executing S105 after receiving a second feedback message that the first IP address returned by the HTTPDNS server is hijacked.
It should be noted that, the communication with the HTTP DNS server is based on the HTTP protocol, and the HTTP DNS server receives the domain name resolution request and bypasses the Local DNS server of the operator, thereby avoiding the domain name hijacking problem and the scheduling inaccuracy problem caused by the Local DNS server.
The process of sending the first IP address to the http dns server to make the http dns server determine whether the first IP address is hijacked is as follows:
firstly, the network agent module encapsulates a first IP address into a request parameter of an HTTPDNS and sends the request parameter to the HTTPDNS, and then the HTTPDNS checks the first IP address based on the request parameter of the HTTPDNS. For example, the HTTPDNS server checks whether the first IP address is in the domain name resolution pool IP list, and if the HTTPDNS server determines that the first IP address is not in the domain name resolution pool IP list, it determines that the first IP address is hijacked, and sends a second feedback message that the first IP address is hijacked to the client; and if the HTTPDNS server determines that the first IP address is in the domain name resolution pool IP list, determining that the first IP address is not hijacked, and sending a first feedback message of the first IP address security to the client.
Preferably, the http dns server may obtain the optimal trusted IP address according to domain name resolution rules, regardless of whether the first IP address is hijacked.
For example, the optimal trusted IP address may be the trusted IP address corresponding to the server closest to the geographic location where the client is located.
For convenience of understanding the process of obtaining the optimal trusted IP address according to the domain name resolution rule, the following description is given by way of example:
obtaining credible IP addresses 59.49.201.39 and 183.197.59.179 corresponding to the target domain name from a default domain name resolution server of the local gateway; wherein, the IP address 59.49.201.39 is an IP address in south china hainan province, the IP address 183.197.59.179 is an IP address in north china hebei province, the geographic location of the client is in the cantonese province, and according to the domain name and area resolution rule, the trusted IP address corresponding to the server closest to the geographic location of the client is 59.49.201.39.
In a preferred embodiment of the invention, the http dns server stores not only the target domain name and the first IP address, but also the egress IP address of the user's network to provide data support for the scheduling of optimization requests.
S104: it is determined that the first IP address is authentic.
Then, the network agent module establishes communication connection with the target server through the first IP address, so that the client indirectly communicates with the target server through the network agent module.
In this case, the network agent module can directly establish connection with the target server by using the IP address obtained from the default domain name resolution server of the local gateway, and does not need to obtain a trusted IP address from other domain name resolution servers, thereby accelerating the response speed of the network request.
S105: and obtaining the credible IP address corresponding to the target domain name from the second feedback message.
If the HTTPDNS server judges that the first IP address is hijacked, the HTTPDNS server returns a credible IP address corresponding to the target domain name, and if the HTTPDNS server returns the credible IP address, the resolution process is ended.
In addition, it should be noted that, if the request of the network proxy module to the http dns server fails, for example, the http dns server goes wrong, or the process of requesting the http dns server fails, the target domain name may also be resolved from the domain name resolution server trusted by the third party, so as to obtain the trusted IP address.
S106: and establishing communication between the network agent module and a target server corresponding to the target domain name according to the credible IP address corresponding to the target domain name.
After the network agent module is successfully connected with the target server corresponding to the target domain name through the credible IP address corresponding to the target domain name, the client program is informed to start network communication according to the HTTP agent protocol, namely, the client sends data to the network agent module, the network agent module sends the data to the target server, and correspondingly, the target server sends response data to the network agent module, and the network agent module sends the response data to the client.
In order to improve the security of the communication between the client and the target server, in a preferred embodiment of the present invention, the communication between the network proxy module and the client and the target server may be implemented in a tunnel mode, specifically, the network proxy module sends the network request to the target server in the tunnel mode, and the network proxy module receives a response message returned by the target server in the tunnel mode and then sends the response message to the client.
It should be noted that the tunnel mode is a mode in which a communication line with another server is established as required, and communication is performed by using encryption means such as Secure Sockets Layer (SSL), and the tunnel mode may support a hypertext Transfer protocol Secure Socket Layer (HTTPS), and the tunnel mode may be ended when both communication parties disconnect. In the tunnel mode, the client and the target server exchange data through the network agent module. And after the data interaction is finished, the client or the target server can actively disconnect the network proxy module.
Since the tunnel mode can support communication of the HTTPS protocol, the tunnel mode can prevent data contents from being intercepted and hijacked, so that the client can perform secure communication with the target server.
In another embodiment of the invention, the network agent module detects whether the connection with the target server is successful through the credible IP address corresponding to the target domain name; if the connection with the target server is successful through the credible IP address, realizing data interaction between the client and the target server through the connection; if the connection between the credible IP address corresponding to the target domain name and the target server fails, the network agent module continues to be connected with the target server through the credible IP address corresponding to the target domain name, and when the continuous connection failure times reach the preset times, a connection failure message is generated.
It should be noted that, when the number of consecutive connection failures of the network proxy module to the target server reaches a preset number, a connection failure message is generated according to the HTTP proxy protocol, where the connection failure message is used to prompt the client, and the network proxy module fails to connect with the target server.
The determination of the preset times is set according to the actual situation, the present invention is not particularly limited, and the preset times in the present invention is preferably 3.
In the embodiment of the invention, the network agent module detects whether the connection between the credible IP address corresponding to the target domain name and the target server is successful, thereby realizing the purpose of exchanging data between the client and the target server through the network agent module.
The invention discloses a network communication method, which comprises the steps of firstly obtaining a first IP address corresponding to a target domain name to be accessed from a default domain name resolution server of a local gateway, sending the first IP address to an HTTPDNS server, and judging whether the first IP address is hijacked or not by the HTTPDNS server; after a first feedback message of first IP address security returned by the HTTPDNS server is received, determining that the first IP address is credible; and after receiving a second feedback message that the first IP address returned by the HTTPDNS server is hijacked, acquiring a credible IP address corresponding to the target domain name from the second feedback message, and establishing communication between the network agent module and the target server corresponding to the target domain name according to the credible IP address corresponding to the target domain name. By the scheme, the network request does not need to be sent to the proxy server of the network side, so that the transmission time from the client to the server of the network side is saved; if the first IP address is not hijacked, the first IP address is directly utilized to establish communication between the network agent module and the target server, so that the response speed of the network request is accelerated; and if the first IP address is hijacked, acquiring a credible IP address corresponding to the target domain name from a second feedback message returned by the HTTPDNS server, establishing the safe communication between the network agent module and the target server corresponding to the target domain name, and realizing the safe communication between the client and the server.
In order to quickly obtain a trusted IP address corresponding to a target domain name, the present invention further provides another network communication method, as shown in fig. 2, the method adds a process of storing an IP address corresponding to the target domain name into a local storage space on the basis of the embodiment shown in fig. 1, as shown in fig. 2, the method is a schematic flow chart of another network communication method disclosed in the embodiment of the present invention, and the method further includes S202-S203 on the basis of fig. 1, and the method may include the following steps:
s201: and analyzing the network request sent by the client to obtain the target domain name of the network request.
The execution process of S201 is the same as the execution process of S101 shown in fig. 1, and the execution principle is also the same, which is not described herein again.
S202: and searching whether the IP address corresponding to the target domain name exists in the domain name and the corresponding IP address stored in the local storage space of the network agent module. If so, executing S203; if not, S204 is performed.
It should be noted that the local storage space in the present invention is preferably a cache space, that is, a memory allocated to the network proxy module.
After obtaining a credible IP address corresponding to a target domain name, storing the mapping relation between the target domain name and the credible IP into a local storage space, namely a cache space, after receiving a network request containing the target domain name again, firstly searching the IP address corresponding to the target domain name from the local storage space, if the IP address corresponding to the target domain name is searched in the local storage space, the IP address is credible, and if the IP address corresponding to the target domain name is not searched in the local storage space, acquiring a first IP address of the target domain name from a domain name resolution server defaulted by a local gateway.
Due to the fact that the speed of accessing data in the cache space is high, the credible IP address corresponding to the target domain name can be obtained quickly, and the response speed of the network request is improved.
S203: it is determined that the IP address is authentic.
After determining that the IP address is authentic, S208 is performed.
S204: and acquiring a first IP address corresponding to the target domain name from a default domain name resolution server of the local gateway.
S205: and sending the first IP address to an HTTPDNS server so that the HTTPDNS server judges whether the first IP address is hijacked or not, executing S206 after receiving a first feedback message that the first IP address returned by the HTTPDNS server is safe, and executing S207 after receiving a second feedback message that the first IP address returned by the HTTPDNS server is hijacked.
S206: it is determined that the first IP address is authentic.
S207: and obtaining the credible IP address corresponding to the target domain name from the second feedback message.
S208: and establishing communication between the network agent module and a target server corresponding to the target domain name according to the credible IP address corresponding to the target domain name.
The execution process of S205-S208 is the same as the execution process of S103-S106 shown in fig. 1, and the execution principle is also the same, which can be referred to and is not described herein again.
The invention discloses another network communication method, after analyzing and obtaining a target domain name corresponding to a network request sent by a client, firstly searching whether a local storage space of a network agent module contains a credible IP address corresponding to the target domain name, if so, directly utilizing the IP address to realize the communication between the network agent module and a target server, and obtaining the credible IP address from a network side (such as a domain name analyzing server defaulted by a local gateway or a credible domain name analyzing server of a third party). Moreover, the time required for searching the IP address from the local storage space is far shorter than the time for acquiring the credible IP address from the domain name resolution server on the network side, so the scheme can further improve the response speed of the network request.
Based on the network communication method disclosed in the embodiment of the present invention, the embodiment of the present invention also correspondingly discloses a network communication device, as shown in fig. 3, which mainly includes:
the parsing unit 301 is configured to parse the network request sent by the client to obtain a target domain name of the network request.
A first obtaining unit 302, configured to obtain a first IP address corresponding to a target domain name from a default domain name resolution server of a local gateway.
A sending unit 303, configured to send the first IP address to the http dns server, so that the http dns server determines whether the first IP address is hijacked.
The first determining unit 304 is configured to determine that the first IP address is trusted after receiving a first feedback message that the first IP address is secure and is returned by the http dns server.
A second obtaining unit 305, configured to, after receiving a second feedback message that the first IP address is hijacked and returned by the http dns server, obtain a trusted IP address-corresponding to the target domain name from the second feedback message.
The communication connection establishing unit 306 is configured to establish communication between the network proxy module and the target server corresponding to the target domain name according to the trusted IP address corresponding to the target domain name.
Further, the communication connection establishing unit 306 includes:
the first sending module is used for receiving the network request sent by the client and sending the network request to the target server in a tunnel mode.
And the second sending module is used for receiving the response message returned by the target server in the tunnel mode and sending the response message to the client.
Further, the communication connection establishing unit 306 includes:
and the detection module is used for detecting whether the connection between the credible IP address corresponding to the target domain name and the target server is successful.
And the data interaction module is used for successfully connecting the target server through the credible IP address corresponding to the target domain name and realizing data interaction between the client and the target server corresponding to the target domain name through the connection.
And the generation module is used for continuing to connect with the target server through the credible IP address corresponding to the target domain name if the connection between the credible IP address corresponding to the target domain name and the target server fails, and generating a connection failure message when the continuous connection failure times reach the preset times.
As shown in fig. 4, another network communication device disclosed in the embodiment of the present invention further includes, on the basis of fig. 3: a memory unit 401.
The storage unit 401 is configured to store the target domain name and the trusted IP address corresponding to the target domain name in a local storage space of the network agent module.
The embodiment of the invention discloses another network communication device, which sends a target domain name and a first IP address to an HTTPDNS server for storage and also stores an exit IP address of a user network so as to provide data support for scheduling of an optimization request.
As shown in fig. 5, another network communication device disclosed in the embodiment of the present invention further includes, on the basis of fig. 4: a look-up unit 501 and a second determination unit 502.
It should be noted that fig. 5 is a schematic diagram of an embodiment of the present invention, and a search unit 501 and a second determination unit 502 may be added to the embodiment of fig. 3, which is not described in detail herein.
A searching unit 501, configured to search whether an IP address corresponding to a target domain name exists in the domain name and the corresponding IP address stored in the local storage space; if the IP address corresponding to the target domain name does not exist in the local storage space, the first obtaining unit 302 is triggered to obtain the first IP address corresponding to the target domain name from the default domain name resolution server of the local gateway.
A second determining unit 502, configured to determine that the IP address is trusted if the IP address corresponding to the target domain name exists in the local storage space.
The embodiment of the invention discloses another network communication device, which is characterized in that after a target domain name corresponding to a network request sent by a client is obtained through analysis, whether a local storage space contains a credible IP address corresponding to the target domain name is firstly searched, if the local storage space contains the credible IP address, the communication between the client and a target server is directly realized by using the IP address, and the credible IP address does not need to be obtained from a network side (such as a domain name analysis server defaulted by a local gateway or a credible domain name analysis server of a third party). And the time required for searching the IP address from the local storage space is far shorter than the time for acquiring the credible IP address from the domain name resolution server on the network side, so the scheme can further improve the response speed of the network request.
As shown in fig. 6, another network communication device disclosed in the embodiment of the present invention further includes, on the basis of fig. 3: a third acquisition unit 601.
A third obtaining unit 601, configured to obtain, after the http dns server is requested to fail, the trusted IP address corresponding to the target domain name from the trusted domain name resolution server.
The embodiment of the invention discloses another network communication device, which can obtain the credible IP address corresponding to the target domain name from the credible domain name resolution server after the HTTPDNS server is requested to fail, and can still obtain the credible IP address corresponding to the target domain name after the HTTPDNS server is requested to fail.
The invention also provides a network agent module which is applied to the client and comprises a lightweight network library, wherein the lightweight network library can be fused with the client developed based on different operating system platforms. And when the starting instruction is detected, starting the lightweight network library to start an event processing thread so as to execute any one of the network communication methods.
It should be noted that the lightweight web library can be integrated with clients developed by different operating system platforms across platforms.
Management construction is carried out by using an open-source Cross-platform automatic construction system (Cross platform Make, CMake), and Cross-platform development is carried out according to a third-party Cross-platform network library libervent.
The different operating systems may be an Android operating system, a Windows operating system, an IOS operating system, and the like, and the specific operating system is not specifically limited in the present invention.
And constructing a dynamic library based on the Android platform and the Windows platform, packaging the dynamic library into client programs corresponding to the respective Android platform and Windows platform, constructing a static library based on the IOS platform, and packaging the static library into the client program corresponding to the IOS platform.
The present invention also provides a storage medium having stored therein program instructions that, when loaded and executed by a processor, implement any of the above-described embodiments of a network communication method.
The invention also provides computer equipment. The apparatus includes a processor and a memory; the memory stores program instructions; the processor invokes program instructions in the memory to perform any of the network communication method embodiments described above.
The processor herein may be a CPU of the terminal, or an MCU integrated within the terminal, or a combination of the CPU and the MCU. Moreover, the processor comprises a kernel, the kernel calls a corresponding program from the memory, and the kernel can set one or more than one.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
While, for purposes of simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present invention is not limited by the illustrated ordering of acts, as some steps may occur in other orders or concurrently with other steps in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The steps in the method of each embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs.
The device and the modules and sub-modules in the terminal in the embodiments of the present invention can be combined, divided and deleted according to actual needs.
In the embodiments provided in the present invention, it should be understood that the disclosed terminal, apparatus and method may be implemented in other ways. For example, the above-described terminal embodiments are merely illustrative, and for example, the division of a module or a sub-module is only one logical division, and there may be other divisions when the terminal is actually implemented, for example, a plurality of sub-modules or modules may be combined or integrated into another module, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules or sub-modules described as separate parts may or may not be physically separate, and parts that are modules or sub-modules may or may not be physical modules or sub-modules, may be located in one place, or may be distributed over a plurality of network modules or sub-modules. Some or all of the modules or sub-modules can be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, each functional module or sub-module in each embodiment of the present invention may be integrated into one processing module, or each module or sub-module may exist alone physically, or two or more modules or sub-modules may be integrated into one module. The integrated modules or sub-modules may be implemented in the form of hardware, or may be implemented in the form of software functional modules or sub-modules.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (10)

1. A network communication method applied to a network proxy module integrated in a client, the method comprising:
analyzing the network request sent by the client to obtain a target domain name of the network request;
acquiring a first IP address corresponding to the target domain name from a default domain name resolution server of a local gateway;
sending the first IP address to an HTTPDNS server so that the HTTPDNS server judges whether the first IP address is hijacked or not;
after receiving a first feedback message of the first IP address safety returned by the HTTPDNS server, determining that the first IP address is credible;
after receiving a second feedback message returned by the HTTPDNS server that the first IP address is hijacked, obtaining a credible IP address corresponding to the target domain name from the second feedback message;
and establishing communication between the network agent module and a target server corresponding to the target domain name according to the credible IP address corresponding to the target domain name.
2. The method of claim 1, further comprising:
and storing the target domain name and the credible IP address corresponding to the target domain name into a local storage space of the network agent module.
3. The method according to claim 1, wherein before the obtaining the first IP address corresponding to the target domain name from the default domain name resolution server of the local gateway, the method further comprises:
searching whether an IP address corresponding to the target domain name exists in the domain name and the corresponding IP address stored in the local storage space of the network agent module;
if the IP address corresponding to the target domain name exists in the local storage space, determining that the IP address is credible;
and if the IP address corresponding to the target domain name does not exist in the local storage space, executing the step of acquiring the first IP address corresponding to the target domain name from a default domain name resolution server of the local gateway.
4. The method according to claim 1, wherein establishing communication between the network proxy module and the target server corresponding to the target domain name according to the trusted IP address corresponding to the target domain name comprises:
receiving the network request sent by the client, and sending the network request to the target server in a tunnel mode;
and receiving a response message returned by the target server in a tunnel mode, and sending the response message to the client.
5. The method according to any one of claims 1 to 4, wherein the establishing communication between the network proxy module and the target server corresponding to the target domain name according to the trusted IP address corresponding to the target domain name comprises:
detecting whether the connection between the credible IP address corresponding to the target domain name and the target server is successful;
if the connection between the credible IP address corresponding to the target domain name and the target server is successful, realizing data interaction between the network agent module and the target server corresponding to the target domain name through the connection;
if the connection between the credible IP address corresponding to the target domain name and the target server fails, continuing to connect the credible IP address corresponding to the target domain name with the target server again, and generating a connection failure message when the number of reconnection failures reaches a preset number.
6. The method of claim 1, further comprising:
and when the HTTPDNS server is requested to fail, acquiring a credible IP address corresponding to the target domain name from a credible domain name resolution server.
7. A network communication device applied to a network proxy module integrated in a client, the device comprising:
the analysis unit is used for analyzing the network request sent by the client to obtain a target domain name of the network request;
a first obtaining unit, configured to obtain a first IP address corresponding to the target domain name from a default domain name resolution server of a local gateway;
a sending unit, configured to send the first IP address to an http dns server, so that the http dns server determines whether the first IP address is hijacked;
a first determining unit, configured to determine that the first IP address is trusted after receiving a first feedback message that is returned by the http dns server and that is secure for the first IP address;
a second obtaining unit, configured to, after receiving a second feedback message that the first IP address is hijacked and that is returned by the http dns server, obtain, from the second feedback message, a trusted IP address corresponding to the target domain name;
and the communication connection establishing unit is used for establishing communication between the network agent module and a target server corresponding to the target domain name according to the credible IP address corresponding to the target domain name.
8. The apparatus of claim 7, further comprising: a searching unit and a second determining unit;
the searching unit is used for searching whether an IP address corresponding to a target domain name exists in the domain name and the corresponding IP address stored in the local storage space of the network agent module; if the IP address corresponding to the target domain name does not exist in the local storage space, triggering the first acquisition unit to acquire the first IP address corresponding to the target domain name from a default domain name resolution server of the local gateway;
and the second determining unit is used for determining that the IP address is credible when the IP address corresponding to the target domain name exists in the local storage space.
9. A storage medium storing a program, wherein the program is executed to control a device on which the storage medium is provided to perform the network communication method according to any one of claims 1 to 6.
10. A computer device comprising a processor and a memory;
a program is stored in the memory;
the processor is configured to invoke a program stored in the memory to perform the network communication method of any of claims 1-6.
CN201911200174.1A 2019-11-29 2019-11-29 Network communication method and device Withdrawn CN112887255A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911200174.1A CN112887255A (en) 2019-11-29 2019-11-29 Network communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911200174.1A CN112887255A (en) 2019-11-29 2019-11-29 Network communication method and device

Publications (1)

Publication Number Publication Date
CN112887255A true CN112887255A (en) 2021-06-01

Family

ID=76038504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911200174.1A Withdrawn CN112887255A (en) 2019-11-29 2019-11-29 Network communication method and device

Country Status (1)

Country Link
CN (1) CN112887255A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338630A (en) * 2021-12-13 2022-04-12 海尔优家智能科技(北京)有限公司 Domain name access method, device, electronic equipment, storage medium and program product

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610867A (en) * 2016-03-01 2016-05-25 阿继琛 DNS (Domain Name System) hijack prevention method and apparatus
CN106331215A (en) * 2016-08-30 2017-01-11 常州化龙网络科技股份有限公司 Data request processing system and processing method
CN108650211A (en) * 2018-03-14 2018-10-12 北京奇艺世纪科技有限公司 A kind of detection method and device of DNS abduction
CN109769043A (en) * 2019-03-14 2019-05-17 中国工商银行股份有限公司 Domain name analytic method, apparatus and system
CN110191203A (en) * 2019-05-15 2019-08-30 聚好看科技股份有限公司 Realize the method and electronic equipment of server dynamic access

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105610867A (en) * 2016-03-01 2016-05-25 阿继琛 DNS (Domain Name System) hijack prevention method and apparatus
CN106331215A (en) * 2016-08-30 2017-01-11 常州化龙网络科技股份有限公司 Data request processing system and processing method
CN108650211A (en) * 2018-03-14 2018-10-12 北京奇艺世纪科技有限公司 A kind of detection method and device of DNS abduction
CN109769043A (en) * 2019-03-14 2019-05-17 中国工商银行股份有限公司 Domain name analytic method, apparatus and system
CN110191203A (en) * 2019-05-15 2019-08-30 聚好看科技股份有限公司 Realize the method and electronic equipment of server dynamic access

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338630A (en) * 2021-12-13 2022-04-12 海尔优家智能科技(北京)有限公司 Domain name access method, device, electronic equipment, storage medium and program product
CN114338630B (en) * 2021-12-13 2024-04-19 海尔优家智能科技(北京)有限公司 Domain name access method, device, electronic equipment, storage medium and program product

Similar Documents

Publication Publication Date Title
CN110096659B (en) Page display method, device and equipment and readable storage medium
CN109587254B (en) Cloud server access method and device, cloud server and storage medium
CN108809890B (en) Vulnerability detection method, test server and client
CN107613037B (en) Domain name redirection method and system
CN107295116B (en) Domain name resolution method, device and system
CN111866124B (en) Method, device, server and machine-readable storage medium for accessing webpage
CN111917900B (en) Domain name agent request processing method and device
CN107707683B (en) A kind of method and apparatus for reducing DNS message lengths
CN111106983B (en) Method and device for detecting network connectivity
CN110113447B (en) Domain name resolution method and device
CN110839046A (en) Multi-protocol intercommunication method and system
CN108712428A (en) A kind of method and device carrying out device type identification to terminal
CN108076003A (en) The detection method and device of Session Hijack
CN110730189B (en) Communication authentication method, device, equipment and storage medium
CN114745356B (en) Domain name resolution method, device, equipment and readable storage medium
CN112350892A (en) IPv4/IPv6 network detection method, storage device and processing device
CN114338597B (en) Network access method and device
CN113938474B (en) Virtual machine access method and device, electronic equipment and storage medium
CN107517248B (en) Network connection method and device based on SDK
CN114285821A (en) Domain name resolution method, device, electronic equipment, storage medium and product
CN112887255A (en) Network communication method and device
CN113872933A (en) Method, system, device, equipment and storage medium for hiding source station
CN116488844A (en) Remote operation and maintenance method, device, equipment and storage medium
CN114866596A (en) Session processing method, device, server and storage medium
CN114466011A (en) Metadata service request method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20210601

WW01 Invention patent application withdrawn after publication