CN113328877A - Method and device for determining port protocol - Google Patents
Method and device for determining port protocol Download PDFInfo
- Publication number
- CN113328877A CN113328877A CN202110492235.7A CN202110492235A CN113328877A CN 113328877 A CN113328877 A CN 113328877A CN 202110492235 A CN202110492235 A CN 202110492235A CN 113328877 A CN113328877 A CN 113328877A
- Authority
- CN
- China
- Prior art keywords
- connection
- protocol
- port
- determining
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/18—Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
Abstract
The invention discloses a method and a device for determining a port protocol, and relates to the technical field of computers. One embodiment of the method comprises: establishing a first connection between a client and a proxy server and a second connection between the proxy server and a server; monitoring data in the first connection and the second connection so as to determine a protocol type corresponding to a port of the proxy server according to the connection of the data monitored first; analyzing the data monitored from the connection according to the protocol type to determine the protocol supported by the port of the proxy server; processing the request received by the port of the proxy server according to the determined protocol. The embodiment can identify the application layer protocol pointed by the port before processing the request, and improves the efficiency and reliability of processing the data packet by the proxy server.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for determining a port protocol.
Background
Generally, when a proxy server is used to forward a request or a message between a client and a server, the proxy server needs to be enabled to initiate a port service, that is, an application layer protocol, such as an HTTP protocol, an SMTP protocol, a POP3 protocol, an IMAP protocol, etc., which should be supported by a proxy server port specifically for a connection between the client and the server is needed. Since the application layer protocols that can be supported by the port are various and the processing operations for requests of different application layer protocols are different, it is necessary to identify the protocol that the port should support as early as possible so as to perform corresponding processing on the received client request or server request according to the protocol that the port should support.
Currently, for a common port (e.g., a listening port) of a client or a server, the supported application layer protocol of the common port may be determined based on a default configuration of the common port, for example, the application layer protocol supported by the port 80 is usually HTTP, and the application layer protocol supported by the port 143 is usually IMAP; for the non-use port, the historical data of the proxy server for processing the received request can be obtained only in a packet capturing mode, so as to determine the application layer protocol supported by the started proxy server port.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art: if the application layer protocol that should be supported by the port cannot be identified when or before the application layer request is received at the port of the proxy server, and the request is processed based on the application layer protocol, the efficiency of the proxy server in processing the data packet forwarding may be reduced, and the reliability of the proxy server may be affected — for example, the packet loss rate is increased.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for determining a port protocol, which can identify an application layer protocol that should be supported by a port of a proxy server before processing a request received by the port, complete port configuration in time, and perform corresponding processing on the request based on the application layer protocol, thereby improving efficiency of forwarding a data packet between a client and a server by the proxy server, and facilitating improvement of reliability of the proxy server.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a method for determining a port protocol, including:
establishing a first connection between a client and a proxy server and a second connection between the proxy server and a server;
monitoring data in the first connection and the second connection so as to determine a protocol type corresponding to a port of the proxy server according to the connection of the data monitored first;
analyzing the data monitored from the connection according to the protocol type to determine the protocol supported by the port of the proxy server;
processing the request received by the port of the proxy server according to the determined protocol.
Optionally, the determining, according to the connection where data is first monitored, a protocol type corresponding to a port of the proxy server includes:
attempting to establish a secure connection in a case where data is first listened to from the first connection to determine the protocol type based on an establishment result of the secure connection;
and under the condition that the data is firstly monitored from the second connection, determining the protocol type as the server side priority.
Optionally, the attempting to establish a secure connection to determine the protocol type based on the establishment result of the secure connection includes:
performing a first handshake based on the first connection;
if the handshake fails, determining that the protocol type is client-side priority;
and if the handshake is successful, performing second handshake based on the second connection to establish the secure connection, and determining the protocol type based on an ALPN field or an NPN field corresponding to the secure connection.
Optionally, when the protocol type cannot be determined based on the ALPN field or the NPN field corresponding to the secure connection, continue to listen to data in the first connection and the second connection:
determining that the protocol type is client-side preferred under the condition that data is monitored from the first connection firstly;
and determining the protocol type as server-side priority under the condition that data is monitored from the second connection firstly.
Optionally, the parsing, according to the protocol type, data heard from the connection to determine a protocol supported by a port of the proxy server includes:
under the condition that the protocol type is the client-side priority, if the analyzed data indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP2 protocol;
and if the analyzed data does not indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP protocol.
Optionally, the parsing, according to the protocol type, data heard from the connection to determine a protocol supported by a port of the proxy server includes:
under the condition that the protocol type is the server-side priority, if the analyzed data indicate + OK, determining that the protocol supported by the port is POP 3;
if the analyzed data indicates the OK, determining that the protocol supported by the port is the IMAP protocol;
if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server;
if the parsed data does not indicate any of + OK,. fwdarw.220, the protocol supported by the port is determined to be an unrecognizable protocol.
Optionally, if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server includes:
sending a NOOP command to the server through the second connection;
receiving response information returned by the server based on the NOOP command;
if the response information indicates 250OK, determining that the protocol supported by the port is an SMTP protocol;
and if the response information indicates 200, determining that the protocol supported by the port is the FTP protocol.
Optionally, in a case of monitoring data in the first connection and the second connection, a callback function is set, so that in a case of monitoring data from the first connection or the second connection, monitoring of the second connection or the first connection is correspondingly turned off.
Optionally, the establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server includes:
in a display proxy mode, establishing the first connection and the second connection based on a connection request sent by the client to the proxy server;
and under a transparent proxy mode, forwarding a connection request sent by the client to the server through network configuration to establish the first connection and the second connection.
Optionally, the secure connection is an SSL connection or a TLS connection.
To achieve the above object, according to another aspect of the embodiments of the present invention, there is provided a port protocol determining apparatus including: the device comprises a connection establishing module, a connection monitoring module, a protocol determining module and a request processing module; wherein the content of the first and second substances,
the connection establishing module is used for establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server;
the connection monitoring module is used for monitoring data in the first connection and the second connection so as to determine a protocol type corresponding to a port of the proxy server according to the connection of the data which is monitored firstly;
the protocol determining module is used for analyzing the data monitored from the connection according to the protocol type so as to determine the protocol supported by the port of the proxy server;
and the request processing module is used for processing the request received by the port of the proxy server according to the determined protocol.
Optionally, the determining, according to the connection where data is first monitored, a protocol type corresponding to a port of the proxy server includes:
attempting to establish a secure connection in a case where data is first listened to from the first connection to determine the protocol type based on an establishment result of the secure connection;
and under the condition that the data is firstly monitored from the second connection, determining the protocol type as the server side priority.
Optionally, the attempting to establish a secure connection to determine the protocol type based on the establishment result of the secure connection includes:
performing a first handshake based on the first connection;
if the handshake fails, determining that the protocol type is client-side priority;
and if the handshake is successful, performing second handshake based on the second connection to establish the secure connection, and determining the protocol type based on an ALPN field or an NPN field corresponding to the secure connection.
Optionally, the connection monitoring module is further configured to continue monitoring data in the first connection and the second connection when the protocol type cannot be determined based on an ALPN field or an NPN field corresponding to the secure connection:
determining that the protocol type is client-side preferred under the condition that data is monitored from the first connection firstly;
and determining the protocol type as server-side priority under the condition that data is monitored from the second connection firstly.
Optionally, the parsing, according to the protocol type, data heard from the connection to determine a protocol supported by a port of the proxy server includes:
under the condition that the protocol type is the client-side priority, if the analyzed data indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP2 protocol;
and if the analyzed data does not indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP protocol.
Optionally, the parsing, according to the protocol type, data heard from the connection to determine a protocol supported by a port of the proxy server includes:
under the condition that the protocol type is the server-side priority, if the analyzed data indicate + OK, determining that the protocol supported by the port is POP 3;
if the analyzed data indicates the OK, determining that the protocol supported by the port is the IMAP protocol;
if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server;
if the parsed data does not indicate any of + OK,. fwdarw.220, the protocol supported by the port is determined to be an unrecognizable protocol.
Optionally, if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server includes:
sending a NOOP command to the server through the second connection;
receiving response information returned by the server based on the NOOP command;
if the response information indicates 250OK, determining that the protocol supported by the port is an SMTP protocol;
and if the response information indicates 200, determining that the protocol supported by the port is the FTP protocol.
Optionally, the connection monitoring module is further configured to set a callback function when monitoring data in the first connection and the second connection, so as to correspondingly close monitoring on the second connection or the first connection when monitoring data from the first connection or the second connection.
Optionally, the establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server includes:
in a display proxy mode, establishing the first connection and the second connection based on a connection request sent by the client to the proxy server;
and under a transparent proxy mode, forwarding a connection request sent by the client to the server through network configuration to establish the first connection and the second connection.
Optionally, the secure connection is an SSL connection or a TLS connection.
To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided an electronic device for determining a port protocol, including: one or more processors; a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method of any one of the above-described methods of determining a port protocol.
To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, the program implementing any one of the determination methods of a port protocol as described above when executed by a processor.
One embodiment of the above invention has the following advantages or benefits: the protocol type supported by the started port (server side is prior or client side is prior) is determined by the proxy server according to which TCP connection the data monitored first comes from, so that the port is started in time for monitoring, and the efficiency and reliability of processing the data packet by the proxy server are improved.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic diagram of a main flow of a port protocol determination method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a main flow of a protocol type determination method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a main flow of a determination method of another port protocol according to an embodiment of the present invention;
fig. 4 is a schematic diagram of the main blocks of a determination apparatus of a port protocol according to an embodiment of the present invention;
FIG. 5 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 6 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a schematic diagram of a main flow of a port protocol determination method according to an embodiment of the present invention, the flow being implemented by a proxy server. As shown in fig. 1, the method for determining the port protocol may specifically include the following steps:
step S101, a first connection between the client and the proxy server and a second connection between the proxy server and the server are established.
The first connection and the second connection are connections established based on a Transmission Control Protocol (TCP).
In an optional embodiment, the establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server includes: and establishing the first connection and the second connection based on a connection request sent by the client to the proxy server in a display proxy mode. Specifically, the client knows the network information of its proxy server, sends a connection request to the proxy server, and the proxy server parses the received connection request to establish a connection with the server. In the transparent proxy mode, a network device such as a firewall, a router, etc. forwards a connection request intended by the client to the server to a proxy server according to its network configuration to establish the first connection and the second connection step by step. Specifically, the client does not know the network information of its proxy server, and directly sends the connection request to the network device "directly connected" to the client, and the network device forwards the connection request to the proxy server according to its network configuration, so as to gradually establish a first connection between the client and the proxy server and a second connection between the proxy server and the server.
Step S102, monitoring the data in the first connection and the second connection, and determining the protocol type corresponding to the port of the proxy server according to the connection of the data monitored first.
The protocol type is predefined based on the application layer protocol characteristics supported by the agent service port, and comprises two types of client-side priority (ClientFirst) and server-side priority (ServerFirst). Specifically, the client preferentially represents an application layer protocol, such as an HTTP protocol, an HTTPs protocol, or the like, in which a request is sent by the client after establishing a TCP connection; the server preferably indicates an application layer protocol, such as FTP, IMAP, POP3, SMTP, etc., to which the server first sends a request after establishing a connection.
In an optional implementation manner, the determining, according to the connection on which data is first monitored, a protocol type corresponding to a port of the proxy server includes: attempting to establish a secure connection in a case where data is first listened to from the first connection to determine the protocol type based on an establishment result of the secure connection; and under the condition that the data is firstly monitored from the second connection, determining the protocol type as the server side priority.
Wherein, the secure connection is an SSL connection or a TLS connection. Ssl (secure Sockets layer) is a security protocol for providing security and data integrity for network communications, and is used to encrypt network connections between the transport layer and the application layer. Tls (transport Layer security) is another security protocol developed on the basis of SSL to provide security and data integrity for network communication, and is used to encrypt network connection between the transport Layer and the application Layer. The data monitored may be security configuration related data such as keys, certificates, etc. configured to improve transmission security, e.g., SSL or TLS, or may be messages that do not require secure transmission, e.g., ICMP messages. That is, when a request or a message is forwarded between the client and the server through the proxy server, the request or the message may be directly transmitted through the established TCP connection, or encrypted transmission may be performed through SSL or TLS based on the TCP connection, so as to improve the security of data.
It can be understood that, in the embodiment of the present application, it is preferentially described by taking an example that a client initiates a connection establishment request first to establish a TCP connection, that is, a first connection and a second connection, for a protocol type with a server priority, a server initiates an SSL message such as a ClientHello or a TLS message first, so that in a case where data is first monitored from the second connection, that is, after the TCP connection is established, the server sends the data first, it can be directly determined that a protocol type corresponding to a port is the server priority. However, in the case of monitoring data from the first connection first, the data may be an SSL message or TLS message such as ClientHello initiated by the client first to establish an application layer session (session) or a transaction (transaction) if the protocol type is client-first, or may be other messages (such as a message that is initiated by the client tentatively and does not require secure transmission, for example, a ping message in the ICMP protocol), so that it cannot be directly determined whether the scenario in which the client sends the data first after the TCP connection is established corresponds to the protocol type that is client-first, and therefore the proxy server is required to attempt to establish an SSL connection (i.e., SSL handshake) or other secure connection such as TLS with the client first, and further determine the protocol type according to the handshake or result.
On this basis, the attempting to establish the secure connection to determine the protocol type based on the establishment result of the secure connection includes: performing a first handshake based on the first connection; if the handshake fails, determining that the protocol type is client-side priority; and if the handshake is successful, performing second handshake based on the second connection to establish the secure connection, and determining the protocol type based on an ALPN field or an NPN field corresponding to the secure connection.
It is understood that if the first handshake fails, it indicates that the data monitored from the first connection is not data for establishing a secure connection, but a request sent by the client first after the connection is established, such as a message initiated by the client in an attempt without secure transmission, such as ICMP, and these conditions indicate that the client is attempting to actively communicate with the server, so that the protocol type can be determined as client-preferred. If the first handshake is successful (i.e., the secure connection is established between the client and the proxy server), it indicates that the data monitored from the first connection is data for establishing the secure connection, in which case, since the client may not be able to completely determine the Protocol type by first sending an SSL message such as a ClientHello or a TLS message to request Application Layer communication triggered first by the server or Application Layer communication triggered first by the client on the basis of a secure transmission, regardless of the Application Layer Protocol, the proxy server is required to establish a secure connection with the server based on the second connection to determine the Protocol type based on a specific Application Layer Protocol indicated in an ALPN (Application-Layer Protocol connectivity) field or an npn (next Protocol connectivity) field between the client and the server. The ALPN field or NPN field refers to a negotiation of an application layer protocol supported by a port by the client and the server, and an extension field is used to indicate the application layer protocol used by the client and the server in the handshake process. That is, while the protocol type is obtained through the ALPN field or the NPN field, the specific application layer protocol used can also be directly obtained.
Further, although the application layer protocol may be obtained from the ALPN field or the NPN field, it cannot be excluded that the ALPN field or the NPN field is null (that is, does not include the application layer protocol) or the included application layer protocol is a private protocol, in this case, the monitoring of the data in the first connection and the second connection is continued after the first handshake and the second handshake are completed: determining that the protocol type is client-side preferred under the condition that data is monitored from the first connection firstly; and determining the protocol type as server-side priority under the condition that data is monitored from the second connection firstly. It can be understood that, because the SSL or TLS connection is established between the client and the proxy server and between the proxy server and the server, the monitored data is application layer data, and according to whether the first monitored data is from the first connection or the second connection, it can be directly determined whether the client or the server sends the data first, and further, the corresponding protocol type can be directly determined.
In an optional embodiment, in the case of monitoring data in the first connection and the second connection, a callback function is set to correspondingly turn off monitoring of the second connection or the first connection in the case of monitoring data from the first connection or the second connection. In this way, when data is monitored from any one of the first connection and the second connection, monitoring of the other connection can be turned off to avoid waste of monitoring resources.
Step S103, according to the protocol type, analyzing the data monitored from the connection to determine the protocol supported by the port of the proxy server.
Specifically, if data is first monitored from the second connection in step S102, the analyzed data is data transmitted from the server that is continuously monitored from the second connection. In step S102, under the condition that data is first monitored from the first connection, if the secure connection is failed to be established, the analyzed data is the data currently monitored from the first connection; if the secure connection is successfully established, the analyzed data is an ALPN field or an NPN field corresponding to the secure connection. If the ALPN field or NPN field corresponding to the secure connection is empty or the application layer protocol supported by the port cannot be determined from the ALPN field or NPN field, the monitoring continues for the first connection and the second connection, and the analyzed data is the data monitored first, that is, if the data in the first connection is monitored first, the analyzed data is the data sent by the client in the first connection, and if the data in the second connection is monitored first, the analyzed data is the data sent by the server in the second connection.
In an optional embodiment, the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server includes: under the condition that the protocol type is the client-side priority, if the analyzed data indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP2 protocol; and if the analyzed data does not indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP protocol.
In an optional embodiment, the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server includes: under the condition that the protocol type is the server-side priority, if the analyzed data indicate + OK, determining that the protocol supported by the port is POP 3; if the analyzed data indicates the OK, determining that the protocol supported by the port is the IMAP protocol; if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server; if the parsed data does not indicate any of + OK,. fwdarw.220, the protocol supported by the port is determined to be an unrecognizable protocol.
In an optional implementation manner, if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server includes: sending a NOOP command to the server through the second connection; receiving response information returned by the server based on the NOOP command; if the response information indicates 250OK, determining that the protocol supported by the port is an SMTP protocol; and if the response information indicates 200, determining that the protocol supported by the port is the FTP protocol.
Step S104, according to the determined protocol, processing the request received by the port of the proxy server.
Specifically, different processing rules may be set for the ports according to different application layer protocols, for example, if the protocol supported by the ports is the HTTP protocol, the content XXX indicated by the HTTP request received by the ports may be uniformly replaced by YYY; for another example, when the protocol supported by the port is the SMTP protocol, the content, size, format, and the like of the response message sent by the server and received by the port may be verified; or, the designated port may be only used to support the FTP protocol, and if it is recognized that the application layer protocol currently supported by the port is not the FTP protocol, the connection between the client and the proxy server, and the connection between the proxy server and the server may be directly closed, and the processing of the request received by the port may be prohibited.
Based on the embodiment, the protocol type (server side first or client side first) supported by the started port is determined according to which TCP connection the data monitored first comes from, so that the port is started in time for monitoring, and the efficiency and reliability of processing the data packet by the proxy server are improved.
Referring to fig. 2, on the basis of the foregoing embodiment, the embodiment of the present invention provides a method for determining a protocol type, which is described by taking establishment of an SSL connection as an example only, and the method may specifically include the following steps:
step S201, monitoring data in the first connection and the second connection.
Meanwhile, setting a first callback function to correspondingly close the monitoring of the second connection or the first connection under the condition that data is monitored from the first connection or the second connection. In this way, when data is monitored from any one of the first connection and the second connection, monitoring of the other connection can be turned off to avoid waste of monitoring resources.
Step S202, judging the connection of the data which is monitored firstly; if the data is first monitored from the first connection, the following step S203 is continuously executed; if the data is first monitored from the second connection, the following step S204 is continuously performed.
Step S203, perform a first SSL handshake based on the first connection.
Step S204, determining the protocol type as server-side priority.
Step S205, judging whether the first SSL handshake is successful; if the handshake is successful, the following step S206 is continuously executed; if the handshake fails, the following step S207 is continuously performed.
And step S206, performing a second SSL handshake based on the second connection to establish the SSL connection.
Step S207, determining that the protocol type is client-side preferred.
Step S208, obtaining an ALPN field or an NPN field corresponding to the SSL connection; if the protocol type is indicated in the ALPN field or the NPN field, the following step S210 is continuously performed; if the ALPN field or the NPN field is empty or does not indicate protocol information, the following step S209 is continuously performed.
Step S209, continue to monitor the data in the first connection and the second connection. At this time, the monitored first connection and the second connection have corresponding SSL connection. Meanwhile, setting a second callback function to correspondingly close the monitoring of the second connection or the first connection when the data is monitored from the first connection or the second connection. In this way, when data is monitored from any one of the first connection and the second connection, monitoring of the other connection can be turned off to avoid waste of monitoring resources.
Step S210, determining the protocol type to be the protocol type indicated by the ALPN field or the NPN field. It will be appreciated that if the ALPN field or NPN field also indicates a particular application layer protocol then the protocol supported by the port is directly determined to be that application layer protocol.
Step S211, judging the connection of the data which is monitored first; if the data is first monitored from the first connection, the following step S212 is continuously executed; if the data is first monitored from the second connection, the following step S213 is continuously performed.
Step S212, determining the protocol type as the client-side priority.
Step S213, determining that the protocol type is server-side preferred.
Therefore, the interference of SSL connection establishment on the protocol type determination is eliminated through monitoring the first connection and the second connection, the accuracy and the reliability of the determined protocol type are improved, and the application layer protocol supported by the port can be accurately identified based on the protocol type.
Referring to fig. 3, on the basis of the foregoing embodiment, an embodiment of the present invention provides another method for determining a port protocol, where the method specifically includes the following steps:
step S301, a first connection between the client and the proxy server and a second connection between the proxy server and the server are established.
Step S302, monitoring data in the first connection and the second connection, so as to determine a protocol type corresponding to a port of the proxy server according to a connection where data is monitored first.
Step S303, judging the determined protocol type; if the protocol type is the server-side priority, the following step S304 is continuously executed; if the protocol type is client-side preferred, the following step S305 is continuously performed.
Step S304, analyzing the data monitored from the second connection to judge whether the analyzed data indicates any one of + OK,. multidot.OK and 220; if the first four bytes of the parsed data are "+ OK", the following step S308 is continuously executed; if the first three bytes of the parsed data are "220", the following step S309 is continuously performed; if the first five bytes of the parsed data are ". multidot.ok", the following step S310 is continuously performed. If the analyzed data does not indicate any of + OK, # OK, and 220, the protocol supported by the port is determined to be an unrecognizable protocol, and all connections or transmission requests are closed. It should be understood that this embodiment is only described by taking the minimum number of bytes obtained as an example, and several more bytes may be obtained in the actual execution process, such as determining whether the first six bytes contain "+ OK".
Step S305, analyzing the data monitored from the first connection to judge whether the analyzed data indicates HTTP/2.0; if the first 24 bytes of the analyzed data are "PRI + HTTP/2.0\ r \ n \ r \ nSM \ r \ n \ r \ n", then the following step S306 is continuously executed; if the first twenty-four bytes of the parsed data are not "PRI + HTTP/2.0\ r \ n \ r \ nSM \ r \ n \ r \ n", the following step S307 is continuously executed. It should be understood that, in the embodiment, only the previous 24 bytes are taken as an example for explanation, several bytes may be obtained in the actual execution process to determine whether "PRI _ HTTP/2.0\ r \ n \ r \ nSM \ r \ n \ r \ n".
Step S306, determining that the protocol supported by the port is the HTTP2 protocol.
Step S307, determining that the protocol supported by the port is the HTTP protocol.
Step S308, determining that the protocol supported by the port is POP3 protocol.
Step S309, sending a NOOP command to the server through the second connection.
Step S310, determining that the protocol supported by the port is an IMAP protocol.
Step S311, receiving response information returned by the server based on the NOOP command.
Step S312, determining information indicated by the received response information; if the information indicated by the response information is 250OK, the following step S313 is continuously executed; if the information indicated by the response information is 200, the following step S314 is continuously executed.
Step S313, determining that the protocol supported by the port is the SMTP protocol.
Step S314, determining that the protocol supported by the port is the FTP protocol.
Referring to fig. 4, on the basis of the above embodiment, an embodiment of the present invention provides a port protocol determining apparatus 400, including: a connection establishing module 401, a connection monitoring module 402, a protocol determining module 403, and a request processing module 404; wherein the content of the first and second substances,
the connection establishing module 401 is configured to establish a first connection between the client and the proxy server and a second connection between the proxy server and the server;
the connection monitoring module 402 is configured to monitor data in the first connection and the second connection, so as to determine a protocol type corresponding to a port of the proxy server according to a connection where data is monitored first;
the protocol determining module 403 is configured to parse, according to the protocol type, data monitored from the connection to determine a protocol supported by a port of the proxy server;
the request processing module 404 is configured to process the request received by the port of the proxy server according to the determined protocol.
In an optional implementation manner, the determining, according to the connection on which data is first monitored, a protocol type corresponding to a port of the proxy server includes:
attempting to establish a secure connection in a case where data is first listened to from the first connection to determine the protocol type based on an establishment result of the secure connection;
and under the condition that the data is firstly monitored from the second connection, determining the protocol type as the server side priority.
In an alternative embodiment, the attempting to establish the secure connection to determine the protocol type based on the establishment result of the secure connection includes:
performing a first handshake based on the first connection;
if the handshake fails, determining that the protocol type is client-side priority;
and if the handshake is successful, performing second handshake based on the second connection to establish the secure connection, and determining the protocol type based on an ALPN field or an NPN field corresponding to the secure connection.
In an optional implementation manner, the connection monitoring module 402 is further configured to continue monitoring data in the first connection and the second connection when the protocol type cannot be determined based on an ALPN field or an NPN field corresponding to the secure connection:
determining that the protocol type is client-side preferred under the condition that data is monitored from the first connection firstly;
and determining the protocol type as server-side priority under the condition that data is monitored from the second connection firstly.
In an optional embodiment, the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server includes:
under the condition that the protocol type is the client-side priority, if the analyzed data indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP2 protocol;
and if the analyzed data does not indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP protocol.
In an optional embodiment, the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server includes:
under the condition that the protocol type is the server-side priority, if the analyzed data indicate + OK, determining that the protocol supported by the port is POP 3;
if the analyzed data indicates the OK, determining that the protocol supported by the port is the IMAP protocol;
if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server;
if the parsed data does not indicate any of + OK,. fwdarw.220, the protocol supported by the port is determined to be an unrecognizable protocol.
In an optional implementation manner, if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server includes:
sending a NOOP command to the server through the second connection;
receiving response information returned by the server based on the NOOP command;
if the response information indicates 250OK, determining that the protocol supported by the port is an SMTP protocol;
and if the response information indicates 200, determining that the protocol supported by the port is the FTP protocol.
In an optional implementation manner, the connection monitoring module 402 is further configured to set a callback function when data in the first connection and the second connection is monitored, so as to correspondingly close monitoring on the second connection or the first connection when data is monitored from the first connection or the second connection.
In an optional embodiment, the establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server includes:
in a display proxy mode, establishing the first connection and the second connection based on a connection request sent by the client to the proxy server;
and under a transparent proxy mode, forwarding a connection request sent by the client to the server through network configuration to establish the first connection and the second connection.
In an alternative embodiment, the secure connection is an SSL connection or a TLS connection.
Fig. 5 shows an exemplary system architecture 500 to which the determination method of the port protocol or the determination apparatus of the port protocol of the embodiment of the present invention can be applied.
As shown in fig. 5, the system architecture 500 may include terminal devices 501, 502, 503, a network 504, and a server 505. The network 504 serves to provide a medium for communication links between the terminal devices 501, 502, 503 and the server 505. Network 504 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 501, 502, 503 to interact with a server 505 over a network 504 to receive or send messages or the like. The terminal devices 501, 502, 503 may have various communication client applications installed thereon, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 501, 502, 503 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 505 may be a server that provides various services, such as a background management server that supports shopping websites browsed by users using the terminal devices 501, 502, 503. The background management server can analyze and process the received data such as the product information inquiry request and feed back the processing result to the terminal equipment.
It should be noted that the method for determining the port protocol provided by the embodiment of the present invention is generally executed by the server 505, and accordingly, the determining apparatus of the port protocol is generally disposed in the server 505.
It should be understood that the number of terminal devices, networks, and servers in fig. 5 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 6, a block diagram of a computer system 600 suitable for use with a terminal device implementing an embodiment of the invention is shown. The terminal device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 601.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises a connection establishing module, a connection monitoring module, a protocol determining module and a request processing module. The names of these modules do not in some cases form a limitation on the module itself, for example, the connection monitoring module may also be described as a "module for monitoring data in the first connection and the second connection".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: establishing a first connection between a client and a proxy server and a second connection between the proxy server and a server; monitoring data in the first connection and the second connection so as to determine a protocol type corresponding to a port of the proxy server according to the connection of the data monitored first; analyzing the data monitored from the connection according to the protocol type to determine the protocol supported by the port of the proxy server; processing the request received by the port of the proxy server according to the determined protocol.
According to the technical scheme of the embodiment of the invention, the protocol type (server side priority or client side priority) supported by the started port is determined according to the TCP connection from which the data which is monitored firstly comes, so that the port is started to monitor in time, and the efficiency and the reliability of processing the data packet by the proxy server are improved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (22)
1. A method for determining a port protocol, comprising:
establishing a first connection between a client and a proxy server and a second connection between the proxy server and a server;
monitoring data in the first connection and the second connection so as to determine a protocol type corresponding to a port of the proxy server according to the connection of the data monitored first;
analyzing the data monitored from the connection according to the protocol type to determine the protocol supported by the port of the proxy server;
processing the request received by the port of the proxy server according to the determined protocol.
2. The method for determining a port protocol according to claim 1, wherein the determining a protocol type corresponding to the port of the proxy server according to the connection on which data is first monitored comprises:
attempting to establish a secure connection in a case where data is first listened to from the first connection to determine the protocol type based on an establishment result of the secure connection;
and under the condition that the data is firstly monitored from the second connection, determining the protocol type as the server side priority.
3. The method for determining a port protocol according to claim 2, wherein the attempting to establish a secure connection to determine the protocol type based on the establishment result of the secure connection includes:
performing a first handshake based on the first connection;
if the handshake fails, determining that the protocol type is client-side priority;
and if the handshake is successful, performing second handshake based on the second connection to establish the secure connection, and determining the protocol type based on an ALPN field or an NPN field corresponding to the secure connection.
4. The method for determining a port protocol according to claim 3,
continuing to monitor data in the first connection and the second connection when the protocol type cannot be determined based on an ALPN field or an NPN field corresponding to the secure connection:
determining that the protocol type is client-side preferred under the condition that data is monitored from the first connection firstly;
and determining the protocol type as server-side priority under the condition that data is monitored from the second connection firstly.
5. The method for determining a port protocol according to claim 4, wherein the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server includes:
under the condition that the protocol type is the client-side priority, if the analyzed data indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP2 protocol;
and if the analyzed data does not indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP protocol.
6. The method for determining a port protocol according to claim 4, wherein the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server includes:
under the condition that the protocol type is the server-side priority, if the analyzed data indicate + OK, determining that the protocol supported by the port is POP 3;
if the analyzed data indicates the OK, determining that the protocol supported by the port is the IMAP protocol;
if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server;
if the parsed data does not indicate any of + OK,. fwdarw.220, the protocol supported by the port is determined to be an unrecognizable protocol.
7. The method according to claim 6, wherein if the parsed data indicates 220, determining the protocol supported by the port based on the response information of the server comprises:
sending a NOOP command to the server through the second connection;
receiving response information returned by the server based on the NOOP command;
if the response information indicates 250OK, determining that the protocol supported by the port is an SMTP protocol;
and if the response information indicates 200, determining that the protocol supported by the port is the FTP protocol.
8. The method for determining a port protocol according to claim 1 or 4,
and setting a callback function under the condition of monitoring the data in the first connection and the second connection, so as to correspondingly close the monitoring of the second connection or the first connection under the condition of monitoring the data in the first connection or the second connection.
9. The method for determining a port protocol according to claim 1, wherein the establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server comprises:
in a display proxy mode, establishing the first connection and the second connection based on a connection request sent by the client to the proxy server;
and under a transparent proxy mode, forwarding a connection request sent by the client to the server through network configuration to establish the first connection and the second connection.
10. The method of determining a port protocol according to claim 2,
the secure connection is an SSL connection or a TLS connection.
11. An apparatus for determining a port protocol, comprising: the device comprises a connection establishing module, a connection monitoring module, a protocol determining module and a request processing module; wherein the content of the first and second substances,
the connection establishing module is used for establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server;
the connection monitoring module is used for monitoring data in the first connection and the second connection so as to determine a protocol type corresponding to a port of the proxy server according to the connection of the data which is monitored firstly;
the protocol determining module is used for analyzing the data monitored from the connection according to the protocol type so as to determine the protocol supported by the port of the proxy server;
and the request processing module is used for processing the request received by the port of the proxy server according to the determined protocol.
12. The apparatus for determining a port protocol according to claim 11, wherein the determining a protocol type corresponding to the port of the proxy server according to the connection on which data is first monitored comprises:
attempting to establish a secure connection in a case where data is first listened to from the first connection to determine the protocol type based on an establishment result of the secure connection;
and under the condition that the data is firstly monitored from the second connection, determining the protocol type as the server side priority.
13. The apparatus for determining a port protocol according to claim 12, wherein the attempting to establish a secure connection to determine the protocol type based on the establishment result of the secure connection comprises:
performing a first handshake based on the first connection;
if the handshake fails, determining that the protocol type is client-side priority;
and if the handshake is successful, performing second handshake based on the second connection to establish the secure connection, and determining the protocol type based on an ALPN field or an NPN field corresponding to the secure connection.
14. The apparatus for determining a port protocol according to claim 13,
the connection monitoring module is further configured to continue monitoring data in the first connection and the second connection when the protocol type cannot be determined based on the ALPN field or the NPN field corresponding to the secure connection:
determining that the protocol type is client-side preferred under the condition that data is monitored from the first connection firstly;
and determining the protocol type as server-side priority under the condition that data is monitored from the second connection firstly.
15. The apparatus for determining a port protocol according to claim 14, wherein the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server comprises:
under the condition that the protocol type is the client-side priority, if the analyzed data indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP2 protocol;
and if the analyzed data does not indicate HTTP/2.0, determining that the protocol supported by the port is the HTTP protocol.
16. The apparatus for determining a port protocol according to claim 14, wherein the parsing the data heard from the connection according to the protocol type to determine the protocol supported by the port of the proxy server comprises:
under the condition that the protocol type is the server-side priority, if the analyzed data indicate + OK, determining that the protocol supported by the port is POP 3;
if the analyzed data indicates the OK, determining that the protocol supported by the port is the IMAP protocol;
if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server;
if the parsed data does not indicate any of + OK,. fwdarw.220, the protocol supported by the port is determined to be an unrecognizable protocol.
17. The apparatus for determining a port protocol according to claim 16, wherein if the parsed data indicates 220, determining a protocol supported by the port based on the response information of the server comprises:
sending a NOOP command to the server through the second connection;
receiving response information returned by the server based on the NOOP command;
if the response information indicates 250OK, determining that the protocol supported by the port is an SMTP protocol;
and if the response information indicates 200, determining that the protocol supported by the port is the FTP protocol.
18. The apparatus for determining a port protocol according to claim 11 or 14,
the connection monitoring module is further configured to set a callback function when monitoring data in the first connection and the second connection, so as to correspondingly close monitoring on the second connection or the first connection when monitoring data in the first connection or the second connection.
19. The apparatus for determining a port protocol according to claim 11, wherein the establishing a first connection between the client and the proxy server and a second connection between the proxy server and the server comprises:
in a display proxy mode, establishing the first connection and the second connection based on a connection request sent by the client to the proxy server;
and under a transparent proxy mode, forwarding a connection request sent by the client to the server through network configuration to establish the first connection and the second connection.
20. The apparatus for determining a port protocol according to claim 11,
the secure connection is an SSL connection or a TLS connection.
21. An electronic device for determining a port protocol, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-10.
22. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110492235.7A CN113328877B (en) | 2021-05-06 | 2021-05-06 | Method and device for determining port protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110492235.7A CN113328877B (en) | 2021-05-06 | 2021-05-06 | Method and device for determining port protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113328877A true CN113328877A (en) | 2021-08-31 |
| CN113328877B CN113328877B (en) | 2022-03-15 |
Family
ID=77414151
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110492235.7A Active CN113328877B (en) | 2021-05-06 | 2021-05-06 | Method and device for determining port protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113328877B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113783957A (en) * | 2021-09-10 | 2021-12-10 | 西安热工研究院有限公司 | Network port multiplexing method, system, equipment and storage medium |
| CN114900427A (en) * | 2022-04-29 | 2022-08-12 | 网宿科技股份有限公司 | Port multiplexing method, device and readable storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020078371A1 (en) * | 2000-08-17 | 2002-06-20 | Sun Microsystems, Inc. | User Access system using proxies for accessing a network |
| US20040098484A1 (en) * | 2002-11-19 | 2004-05-20 | Wuebker Carl L. | Method and system for communication between two devices by editing machine specific information at a proxy server |
| US20080130900A1 (en) * | 2003-10-20 | 2008-06-05 | Hsieh Vincent W | Method and apparatus for providing secure communication |
| US20080209028A1 (en) * | 2007-02-22 | 2008-08-28 | Yahoo! Inc. | Discovering and determining characteristics of network proxies |
| US20160119288A1 (en) * | 2014-10-23 | 2016-04-28 | Aruba Networks, Inc. | Method and apparatus for content filtering on spdy connections |
| CN105659654A (en) * | 2013-06-11 | 2016-06-08 | 七网络有限责任公司 | System and method for providing application and/or server stability in signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
| US20170180184A1 (en) * | 2015-10-12 | 2017-06-22 | Vmware, Inc. | Remote Access Over Internet Using Reverse Session-Origination (RSO) Tunnel |
| CN108093041A (en) * | 2017-12-12 | 2018-05-29 | 武汉噢易云计算股份有限公司 | Single channel VDI proxy servers and implementation method |
| CN108173838A (en) * | 2017-12-26 | 2018-06-15 | 福建星瑞格软件有限公司 | A kind of control auditing method accessed the network equipment |
| CN111049844A (en) * | 2019-12-18 | 2020-04-21 | 深信服科技股份有限公司 | Internet access behavior management method, device, equipment and storage medium based on Socks agents |
| CN112243002A (en) * | 2020-10-10 | 2021-01-19 | 腾讯科技(深圳)有限公司 | Data forwarding method and device, electronic equipment and computer readable medium |
-
2021
- 2021-05-06 CN CN202110492235.7A patent/CN113328877B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020078371A1 (en) * | 2000-08-17 | 2002-06-20 | Sun Microsystems, Inc. | User Access system using proxies for accessing a network |
| US20040098484A1 (en) * | 2002-11-19 | 2004-05-20 | Wuebker Carl L. | Method and system for communication between two devices by editing machine specific information at a proxy server |
| US20080130900A1 (en) * | 2003-10-20 | 2008-06-05 | Hsieh Vincent W | Method and apparatus for providing secure communication |
| US20080209028A1 (en) * | 2007-02-22 | 2008-08-28 | Yahoo! Inc. | Discovering and determining characteristics of network proxies |
| CN105659654A (en) * | 2013-06-11 | 2016-06-08 | 七网络有限责任公司 | System and method for providing application and/or server stability in signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
| US20160119288A1 (en) * | 2014-10-23 | 2016-04-28 | Aruba Networks, Inc. | Method and apparatus for content filtering on spdy connections |
| US20170180184A1 (en) * | 2015-10-12 | 2017-06-22 | Vmware, Inc. | Remote Access Over Internet Using Reverse Session-Origination (RSO) Tunnel |
| CN108093041A (en) * | 2017-12-12 | 2018-05-29 | 武汉噢易云计算股份有限公司 | Single channel VDI proxy servers and implementation method |
| CN108173838A (en) * | 2017-12-26 | 2018-06-15 | 福建星瑞格软件有限公司 | A kind of control auditing method accessed the network equipment |
| CN111049844A (en) * | 2019-12-18 | 2020-04-21 | 深信服科技股份有限公司 | Internet access behavior management method, device, equipment and storage medium based on Socks agents |
| CN112243002A (en) * | 2020-10-10 | 2021-01-19 | 腾讯科技(深圳)有限公司 | Data forwarding method and device, electronic equipment and computer readable medium |
Non-Patent Citations (1)
| Title |
|---|
| A. HUTTON等: "The ALPN HTTP Header Field", 《IETF RFC7639》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113783957A (en) * | 2021-09-10 | 2021-12-10 | 西安热工研究院有限公司 | Network port multiplexing method, system, equipment and storage medium |
| CN114900427A (en) * | 2022-04-29 | 2022-08-12 | 网宿科技股份有限公司 | Port multiplexing method, device and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113328877B (en) | 2022-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11140162B2 (en) | Response method and system in virtual network computing authentication, and proxy server | |
| US10264079B2 (en) | Fastpath web sessions with HTTP header modification by redirecting clients | |
| US10419968B2 (en) | Dynamic selection of TCP congestion control for improved performances | |
| CN113328877B (en) | Method and device for determining port protocol | |
| CN111787517A (en) | Method and device for binding activation of intelligent equipment | |
| CN113382062A (en) | Data transmission method, device and system | |
| CN112165480B (en) | Information acquisition method and device and electronic equipment | |
| CN113905030B (en) | Intranet and extranet communication method and device, intranet terminal, proxy server and storage medium | |
| US10367894B2 (en) | Information processing apparatus, method for controlling the same, non-transitory computer-readable storage medium, and information processing system | |
| CN112751812A (en) | Method and device for self-adapting application protocol | |
| CN115297164A (en) | Network proxy method, device, electronic equipment and computer readable storage medium | |
| CN113595927A (en) | Method and device for processing mirror flow in bypass mode | |
| US8416754B2 (en) | Network location based processing of data communication connection requests | |
| CN108886533B (en) | Accelerating connections to host servers | |
| CN111478974A (en) | Network connection method and device, electronic equipment and readable storage medium | |
| CN113438256A (en) | Data transmission method, system and proxy server based on double-layer SSL | |
| CN111385068A (en) | Data transmission method and device, electronic equipment and communication system | |
| CN113079055B (en) | AGV operation data dynamic acquisition method and device | |
| CN111049949B (en) | Domain name identification method and device, electronic equipment and medium | |
| CN113343155A (en) | Request processing method and device | |
| CN113315833B (en) | File transfer mode processing method and device | |
| CN113542431A (en) | Information processing method, information processing device, electronic equipment and storage medium | |
| CN114978643B (en) | Communication method, network equipment and storage medium | |
| CN114301968B (en) | Access method, system, equipment and storage medium of server | |
| CN111988319B (en) | Access control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |