CN113824685B - Mobile terminal directional flow agent system and method based on Android VpnService - Google Patents
Mobile terminal directional flow agent system and method based on Android VpnService Download PDFInfo
- Publication number
- CN113824685B CN113824685B CN202110960231.7A CN202110960231A CN113824685B CN 113824685 B CN113824685 B CN 113824685B CN 202110960231 A CN202110960231 A CN 202110960231A CN 113824685 B CN113824685 B CN 113824685B
- Authority
- CN
- China
- Prior art keywords
- proxy
- data
- app
- server
- socks5
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 21
- 230000004044 response Effects 0.000 claims description 48
- 238000006243 chemical reaction Methods 0.000 claims description 20
- 238000012545 processing Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 2
- 238000011161 development Methods 0.000 abstract description 4
- 238000013507 mapping Methods 0.000 description 12
- 230000008901 benefit Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a mobile client directional flow agent system based on android VpnService realization, which comprises the following steps: the proxy system comprises a proxy APP, an APP to be free of streaming, an authentication server, a proxy authentication server, a Socks5 proxy server cluster and a destination server, wherein the proxy APP comprises a Socks5 client; according to the invention, by setting the proxy APP, a user does not need to subscribe the flow package aiming at different APPs to be free from flow. Meanwhile, additional development of the APP to be free of streaming is not needed, and the directional free of streaming of all APPs can be easily realized only by ordering a general directional flow package. Meanwhile, the invention carries out proxy aiming at the IP datagram of the network layer, supports all application layer protocols, and is applicable to streaming-free proxy of all service types APP.
Description
Technical Field
The invention relates to the technical field of mobile terminal directional flow agent, in particular to a mobile terminal directional flow agent system and a mobile terminal directional flow agent method based on Android VpnService.
Background
At present, the mobile terminal directional streaming-free technology is realized by accessing a streaming-free proxy SDK in the APP to be streaming-free or directly interfacing a streaming-free proxy server by a developer of the APP to be streaming-free, and the directional traffic package of the APP needs to be ordered on the proxy server. Whichever method brings invasiveness to the streaming-free APP, the development period is long, the cost is high, the technical level of each development team is different, the stability of proxy connection is not guaranteed, and the experience is poor. For users, if wanting to use the no-flow, one needs to be no-flow APP to access the no-flow proxy service, and needs to subscribe different directional traffic packets aiming at different to-be-no-flow APP, which is troublesome to operate and cannot be shared among the directional traffic packets. In addition, in the implementation mode of the streaming-free agent, data is often intercepted at an application layer, only a specific application layer protocol can be supported, and the streaming-free agent has no generality.
Disclosure of Invention
(one) solving the technical problems
Aiming at the defects of the prior art, the invention discloses a mobile terminal directional flow agent system and a mobile terminal directional flow agent method based on Android VpnService, which are used for solving the problems in the background art.
(II) technical scheme
In order to achieve the above purpose, the invention is realized by the following technical scheme: a mobile client directed traffic proxy system implemented based on Android VpnService: the proxy system comprises a proxy APP, an APP to be free of streaming, an authentication server, a proxy authentication server, a Socks5 proxy server cluster and a destination server, wherein the proxy APP comprises a Socks5 client.
The proxy APP: the method is used for intercepting network request data of other applications, interacting with the proxy authentication server to perform user authentication and flow rights and interests subscription, and establishing connection with a Socks5 proxy server cluster through the Socks5 client to forward and receive proxy data.
To-be-free APP: and the data traffic generated during use is used for streaming-free APP.
And the authentication server: the mobile phone number is used as a user identification, and the functions of general flow rights and interests ordering, use statistics and query of different product channels are provided for the user.
Proxy authentication server: the mobile phone number is used as a user name to register and log in, and a special flow right ordering and inquiring function is provided for the user. After the user subscribes to the flow through the proxy authentication server, the proxy authentication server subscribes to the universal flow rights and interests of the unified channel for the user at the authentication server. All proxy traffic of the APP to be free of flow is counted under the channel, and sharing of traffic among multiple APPs is achieved.
The Socks5 proxy server cluster: and receiving a data packet of the proxy APP, communicating with the destination server, and returning response data returned by the destination server to the Socks5 client side initiating the proxy request. And has a traffic statistics function, when the traffic overflows, the current proxy connection will be disconnected.
The destination server: and waiting for a server corresponding to the streaming-free APP.
Preferably, the proxy APP comprises:
the Vpn service module is responsible for setting APP information to be free of streaming, the TUN virtual network card intercepts the request IP datagrams of the APP to be free of streaming at a network layer, and gives the request IP datagrams to the Socks protocol conversion module for processing after the request IP datagrams are acquired by the Vpn service module, receives response IP datagrams processed by the Socks protocol conversion module, and gives the response IP datagrams to the TUN virtual network card;
the Socks protocol conversion module: and the request IP datagram from the VpnService module is responsible for analyzing the loaded request application data, and delivering the request application data to the Socks5 client for transmission. Meanwhile, response application data from the Socks5 client are assembled into response IP datagrams and delivered to the Vpn service module.
The Socks5 client: is responsible for establishing TCP proxy connection and UDP proxy relay with the Socks5 proxy server cluster. And forwarding the request application data processed by the Socks protocol conversion module to the Socks5 proxy server cluster in a TCP or UDP mode, and taking charge of receiving the response application data from the Socks5 proxy server cluster and delivering the response application data to the Socks protocol conversion module for processing.
The invention also provides a mobile client directional flow agent method based on Android VpnService implementation: the method comprises the following steps:
s1, a user registers/logs in a proxy authentication server through a proxy APP.
S2, the user makes the order of the flow rights. After the user orders the related special flow rights, the proxy authentication server stores the special flow rights of the user and orders the general flow rights for the user by using a unified product channel to the authentication server.
And S3, the proxy authentication server receives the special flow right authentication request, and the authentication server authenticates the general flow right.
And S4, the proxy APP performs application interception setting. The to-be-exempt APP is set to the application intercept whitelist. And intercepted by the network layer TUN virtual network card.
And S5, the proxy APP starts the VpnService service, the TUN virtual network card intercepts the IP datagram of the APP to be free from streaming in the network layer, judges whether the IP datagram is TCP data or UDP data according to the type of the payload data, and converts the TCP data or UDP data into the original data of the application layer through the LWIP protocol conversion module.
And S6, forwarding the data according to the transmission type of the original data by the Socks5 client side according to the TCP or UDP. And S7, after receiving the request data, the Socks5 proxy server cluster directly transmits the request data to a corresponding destination server if the request data is a TCP proxy, disassembles the destination server IP and the port of the request data header and the request data if the request data is a UDP relay, and transmits the request data to the destination server by using a UDP mode. And counting the traffic generated by the proxy, inquiring the residual proxy traffic of the current user from the authentication server every 5 minutes, and if the residual traffic is zero, terminating all the proxies of the user, wherein the subsequent traffic is not forwarded through the proxy server cluster.
S8: after receiving the response data of the destination server, the Socks5 proxy server cluster directly returns the response data to the Socks5 client in the corresponding TCP connection if the response data is received in a TCP mode; if the response data is received in the UDP mode, the response data is sent to a UDP monitoring port on the Socks5 client in the UDP datagram mode.
And S9, receiving response data returned by the Socks5 proxy server cluster by the Socks5 client. And the data is transmitted to an LWIP protocol conversion module for processing, if the data is received through TCP, the corresponding TCP connection information in the LWIP is found according to the source IP address and the port and the destination IP address and the port, and the IP datagram which needs to be sent to the TUN virtual network card is generated. If the data is received in the UDP mode, a UDP header and an IP header are added to the data, and an IP datagram which needs to be sent to the TUN virtual network card is generated. The LWIP protocol conversion module sends a response IP datagram to the VpnService.
And S10, after the Vpn service receives the IP datagram, returning the IP datagram to a network layer of the system through the virtual network card TUN, and delivering response data to the APP initiating the request after processing the IP datagram through a network protocol stack of the system.
Preferably, the step S3 includes that the proxy authentication server initiates a flow rights and interests query request to the authentication server after receiving the authentication request of the proxy APP, and performs authentication according to the response result. If the authentication is successful, returning a dynamic user name and a password required for establishing connection between the proxy APP and the Socks5 proxy server cluster; if authentication fails, failure information is returned, and the proxy APP cannot start the VpnService service and cannot establish connection with the Socks5 proxy server cluster.
Preferably, the step S7 includes periodically counting the traffic generated by the proxy, and querying the authentication server for the remaining proxy traffic of the current user, and if the remaining traffic is zero, terminating all proxies of the user, and the subsequent traffic is not forwarded through the proxy server cluster.
The beneficial effects are that:
the user does not need to subscribe the flow package aiming at different APP to be free of flow. Meanwhile, additional development of the APP to be free of streaming is not needed, and the directional free of streaming of all APPs can be easily realized only by ordering a general directional flow package. Meanwhile, the invention carries out proxy aiming at the IP datagram of the network layer, supports all application layer protocols, and is applicable to streaming-free proxy of all service types APP.
Drawings
FIG. 1 is a flow diagram of a flow agent system for a mobile end directed flow agent system implemented based on Android VpnService
FIG. 2 is a flow chart of a service side system of a mobile end directed flow agent system implemented based on Android VpnService in an embodiment of the invention
Detailed Description
A mobile client directed traffic agent system implemented based on Android VpnService has: proxy APP (including the implementation of the Socks5 client) to be free of streaming APP, authentication server, proxy authentication server, socks5 proxy server cluster, destination server.
Agent APP: and the independent APP is used for intercepting network request data of other applications, interacting with the proxy authentication server to perform user authentication and flow rights and interests ordering, and establishing connection with a Socks5 proxy server cluster through a Socks5 client realized in the APP, so as to forward and receive proxy data. Wherein proxy APP includes: the Vpn service module is responsible for setting the APP information to be prevented from flowing, and the TUN virtual network card intercepts the request IP datagram of the APP to be prevented from flowing at the network layer, and gives the request IP datagram to the Socks protocol conversion module for processing after the request IP datagram is acquired by the Vpn service module; receiving the response IP datagram processed by the Socks protocol conversion module, and delivering the response IP datagram to the TUN virtual network card;
the Socks protocol conversion module: the method comprises the steps of analyzing request application data of a load of a request IP datagram from a Vpn service module and delivering the request application data to a Socks5 client for transmission; meanwhile, response application data from the Socks5 client are assembled into response IP datagrams and delivered to the Vpn service module; the Socks5 client: is responsible for establishing TCP proxy connection and UDP proxy relay with the Socks5 proxy server cluster.
To-be-free APP: and the APP which is installed in the Android system mobile phone and is used for enabling the user to wish to perform streaming-free on data traffic generated by the user, such as video and audio APP, is shown.
And the authentication server: the mobile phone number is used as a user identification, and the functions of ordering flow rights and interests of different product channels, using statistics and inquiring are provided for the user.
Proxy authentication server: the mobile phone number is used as a user name to register and log in, and the flow right ordering and inquiring functions are provided for the user. After the user subscribes to the flow through the proxy authentication server, the proxy authentication server subscribes to the flow rights and interests of the unified channel for the user at the authentication server.
The Socks5 proxy server cluster: and receiving the data packet in the proxy APP, communicating with the destination server, and returning response data returned by the destination server to the Socks5 client side initiating the proxy request. And has a traffic statistics function, when the traffic overflows, the current proxy connection will be disconnected.
The destination server: and the server corresponding to the APP to be free of streaming.
A mobile client directed traffic proxy method implemented based on Android VpnService, the method comprising the steps of:
s1, a user registers/logs in a proxy authentication server through a proxy APP.
S2, the user makes the order of the flow rights. After the user orders the related special flow rights, the proxy authentication server stores the special flow rights of the user and orders the general flow rights for the user by using a unified product channel to the authentication server. If the user already has traffic rights at the proxy authentication server, this step need not be performed. The existing scheme is that the flow rights and interests are ordered for a single product channel of a user at an authentication server, the flow rights and interests can only be shared by a single product, and if the flow rights and interests are ordered for a certain video type APP, the rights and interests can only be used for the video type APP. The method and the device have the advantages that the proxy authentication server uses the unified product channel to order the flow rights and interests at the authentication server, and the rights and interests are associated with the user and are irrelevant to specific products, so that different APP can use the flow rights and interests. This allows for dedicated traffic to be generic without requiring separate subscription traffic benefits for each to-be-exempt APP.
And S3, authenticating the user flow rights by the proxy authentication server. After receiving the authentication request of the proxy APP, the proxy authentication server initiates a flow rights and interests inquiry request to the authentication server, and performs authentication according to the response result. If the authentication is successful, returning a dynamic user name and a password required for establishing connection between the proxy APP and the Socks5 proxy server cluster; if authentication fails, failure information is returned, and the proxy APP cannot start the VpnService service and cannot establish connection with the Socks5 proxy server cluster. To secure the locks 5 connection, a user name and a password are generally used for authentication. The existing scheme generally places the generation of the dynamic user name and the password in the proxy APP, and once the proxy APP is cracked, an attacker knows the generation rule of the dynamic user name and the password, so that the dynamic user names and the passwords of other users can be generated, and the flow rights and interests of other people are stolen. The dynamic user name and the password are generated in the proxy authentication server, so that the risk of cracking the rule is reduced, the dynamic user name and the password can be changed at any time even if the rule is cracked, and the safety is greatly improved.
And S4, the proxy APP performs application interception setting. The proxy APP firstly acquires all installed APP information of the mobile phone locally, and the user selects the APP which the user wants to avoid streaming. The agent APP sets the information of the APP to be free from flow selected by the user as an application interception white list through an addAbllowedapplication method of VpnService. The request data of the APP in the white list is intercepted by the network layer TUN virtual network card, and the request data of the APP not in the white list is interacted with the target server through the original network without being influenced. The prior art scheme aims at a single APP, namely, only the request data of the APP can be intercepted, and the scheme can intercept the request data of any application and does not need to modify any code or integrate SDK in the APP to be free of streaming.
S5, the proxy APP starts the VpnService service, the TUN virtual network card starts to intercept the IP datagram of the appointed APP at the network layer of the TCP/IP protocol stack of the operating system, judges whether the IP datagram is TCP data or UDP data according to the load data type of the IP datagram, and converts the IP datagram into the original data of the application layer through the LWIP protocol conversion module. The prior proposal is to intercept the request data of the application layer in the APP to be free of flow in a hook mode, and the mode can only support part of the application layer protocols, while the proposal is to intercept the IP datagram in the network layer, and can support all the application layer protocols. The scope of applicable agents is more extensive.
The IP datagram is restored into the original data of the application through LWIP processing, and three important parameters are added, namely a source IP address and a port, a destination IP address and a port, and whether the transmission type of the data is TCP or UDP, and the data is forwarded to a Socks5 client. The program maintains two mapping tables, a TCP mapping table and a UDP mapping table, which is a set of key-value pairs. The TCP mapping table is used for storing the mapping relation of the current existing TCP proxy connection, wherein the combination of the source IP address and the port plus the destination IP address and the port is used as a key, and the TCP proxy connection is used as a value. The UDP mapping table is used to store the mapping relation of the currently existing UDP relay agent, where the combination of the source IP address and the port plus the destination IP address and the port is used as a key, and the UDP relay is used as a value.
And S6, forwarding the data according to the transmission type of the original data by the Socks5 client side according to the TCP or UDP. If the TCP type is transmitted, the source IP address and the port and the destination IP address and the port are used as query conditions, whether the corresponding TCP connection exists in the TCP mapping table is checked, and if the corresponding TCP connection exists, the data is directly transmitted on the connection; if not, a request for establishing TCP proxy connection is initiated, after the request is received, the Socks5 proxy server cluster establishes connection with the destination server, and returns the result and the IP address and port of the corresponding proxy server to the Socks5 client, and after receiving the response, the Socks5 client establishes a piece of TCP proxy connection data and stores the TCP proxy connection data in the TCP mapping table. The proxy data to be transmitted is then transmitted over this connection. If the data is of the UDP transmission type, checking whether a corresponding UDP relay exists in the UDP mapping table, if so, adding the IP address and port information of the destination server in front of the data to be transmitted, and transmitting the data to the corresponding UDP intermediate server. If the UDP relay is not available, a request for establishing the UDP relay is initiated, after the Socks5 proxy server cluster receives the young, response information is returned, the IP address and the port of the UDP relay server and a signature related to a user are contained in the response information, firstly, a UDP message carrying the signature is sent to the UDP relay server, the UDP relay reply is waited, then a piece of mapping data is newly established and stored in a UDP mapping table, and then the IP address and the port information of a destination server are added in front of the data to be sent and are sent to a corresponding UDP intermediate server. In the existing UDP relay proxy procedure of Socks5, the user's UDP traffic cannot be metered, and since the authentication of the standard UDP connection is done through the TCP connection, the UDP relay server does not know the user's information, so it is not known under which user name the traffic meter is. According to the scheme, a signature related to the user is returned in the response of establishing the UDP relay, and before the UDP data is formally sent, a UDP message carrying the user related signature is sent to the relay server, so that the relay server knows which user the received data belongs to, and the related flow consumption is recorded under the corresponding user name, and the existing problem is solved.
And S7, after receiving the request data, the Socks5 proxy server cluster directly transmits the request data to a corresponding destination server if the request data is a TCP proxy, disassembles the destination server IP and the port of the request data header and the request data if the request data is a UDP relay, and transmits the request data to the destination server by using a UDP mode. And counting the traffic generated by the proxy, inquiring the residual proxy traffic of the current user from the authentication server every 5 minutes, and if the residual traffic is zero, terminating all the proxies of the user, wherein the subsequent traffic is not forwarded through the proxy server cluster.
S8, after the response data of the target server is received by the Socks5 proxy server cluster, if the response data is received by a TCP mode, the response data is directly returned to the Socks5 client in the corresponding TCP connection; if the response data is received in the UDP mode, the response data is sent to a UDP monitoring port on the Socks5 client in the UDP datagram mode.
And S9, receiving response data returned by the Socks5 proxy server cluster by the Socks5 client. And the data is transmitted to an LWIP protocol conversion module for processing, if the data is received through TCP, the corresponding TCP connection information in the LWIP is found according to the source IP address and the port and the destination IP address and the port, and the IP datagram which needs to be sent to the TUN virtual network card is generated. If the data is received in the UDP mode, a UDP header and an IP header are added to the data, and an IP datagram which needs to be sent to the TUN virtual network card is generated. The LWIP protocol conversion module sends a response IP datagram to the VpnService.
And S10, after the Vpn service receives the IP datagram, returning the IP datagram to a network layer of the system through the virtual network card TUN, and delivering response data to the APP initiating the request after processing the IP datagram through a network protocol stack of the system. The proxy interaction process of one IP datagram is completed.
The foregoing has shown and described the basic principles and main features of the present invention and the advantages of the present invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and that the above embodiments and descriptions are merely illustrative of the principles of the present invention, and various changes and modifications may be made without departing from the spirit and scope of the invention, which is defined in the appended claims. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (4)
1. A mobile client directed flow proxy system implemented based on Android VpnService, characterized by: the proxy system comprises a proxy APP, an APP to be free of streaming, an authentication server, a proxy authentication server, a Socks5 proxy server cluster and a destination server, wherein the proxy APP comprises a Socks5 client;
the proxy APP: the system comprises a proxy authentication server, a proxy server, a Socks5 client, a Socks5 proxy server cluster, a network request data acquisition server, a proxy data forwarding server and a proxy data forwarding server, wherein the proxy authentication server is used for intercepting network request data of other applications, the proxy authentication server is used for carrying out user authentication and traffic rights and interests subscription in interaction, and the proxy data forwarding server is used for forwarding the proxy data forwarding and receiving the proxy data forwarding server is used for forwarding the proxy data; the proxy APP comprises:
the Vpn service module is responsible for setting the APP information to be prevented from flowing, and the TUN virtual network card intercepts the request IP datagram of the APP to be prevented from flowing at the network layer, and gives the request IP datagram to the Socks protocol conversion module for processing after the request IP datagram is acquired by the Vpn service module; receiving the response IP datagram processed by the Socks protocol conversion module, and delivering the response IP datagram to the TUN virtual network card;
the Socks protocol conversion module: the method comprises the steps of analyzing request application data of a load of a request IP datagram from a Vpn service module and delivering the request application data to a Socks5 client for transmission; meanwhile, response application data from the Socks5 client are assembled into response IP datagrams and delivered to the Vpn service module;
the Socks5 client: the method is responsible for establishing TCP proxy connection and UDP proxy relay with a Socks5 proxy server cluster;
to-be-free APP: the data flow generated during use carries out streaming-free APP;
and the authentication server: the mobile phone number is used as a user identifier to provide the user with the functions of general flow rights and interests ordering, use statistics and query of different product channels;
proxy authentication server: providing a registration and login function taking a mobile phone number as a user name, and providing a special flow rights ordering and inquiring function for a user; after the user subscribes the flow through the proxy authentication server, the proxy authentication server subscribes the universal flow rights and interests of the unified channel for the user at the authentication server;
the Socks5 proxy server cluster: receiving a data packet of the proxy APP, communicating with the destination server, and returning response data returned by the destination server to the Socks5 client side initiating the proxy request; the system has a flow statistics function, and when the flow overflows, the current proxy connection is disconnected;
the destination server: and waiting for a server corresponding to the streaming-free APP.
2. A mobile client directed flow proxy method implemented based on Android VpnService, characterized in that: the method comprises the following steps:
s1, a user registers/logs in a proxy authentication server through a proxy APP;
s2, the user orders the flow rights and interests; after ordering the related special flow rights, the proxy authentication server stores the special flow rights of the user and uses a unified product channel to order the general flow rights for the user;
s3, the proxy authentication server receives a special flow right authentication request, and the authentication server authenticates the general flow right;
s4, the proxy APP performs application interception setting; the to-be-exempted APP is set as an application interception white list; and intercepted by a TUN virtual network card of the network layer;
s5, the proxy APP starts VpnService service, the TUN virtual network card intercepts the IP datagram of the APP to be free of streaming in a network layer, judges whether the IP datagram is TCP data or UDP data according to the type of the payload data, and converts the TCP data or UDP data into original data of an application layer through an LWIP protocol conversion module;
s6, the Socks5 client forwards according to whether the transmission type of the original data is TCP or UDP respectively; s7, after receiving the request data, the Socks5 proxy server cluster directly transmits the request data to a corresponding destination server if the request data is a TCP proxy, disassembles the destination server IP and the port of the request data head and the request data if the request data is a UDP relay, and transmits the request data to the destination server by using a UDP mode;
s8: after receiving the response data of the destination server, the Socks5 proxy server cluster directly returns the response data to the Socks5 client in the corresponding TCP connection if the response data is received in a TCP mode; if the response data is received in the UDP mode, the response data is sent to a UDP monitoring port on the Socks5 client in the UDP datagram mode;
s9, receiving response data returned by the Socks5 proxy server cluster by the Socks5 client; the data is delivered to an LWIP protocol conversion module for processing, if the data is received through TCP, the corresponding TCP connection information in LWIP is found according to the source IP address and port and the destination IP address and port, and an IP datagram needing to be sent to the TUN virtual network card is generated; if the data is received in the UDP mode, adding a UDP header and an IP header to the data to generate an IP datagram which needs to be sent to the TUN virtual network card; the LWIP protocol conversion module sends the response IP data to the VpnService;
and S10, after the Vpn service receives the IP datagram, returning the IP datagram to a network layer of the system through the virtual network card TUN, and delivering response data to the APP initiating the request after processing the IP datagram through a network protocol stack of the system.
3. The mobile client directed traffic proxy method implemented based on Android VpnService of claim 2, wherein: step S3 includes that after receiving authentication request of proxy APP, proxy authentication server initiates flow right inquiry request to authentication server, authentication is carried out according to response result, if authentication is successful, dynamic user name and password needed for establishing connection between proxy APP and Socks5 proxy server cluster are returned; if authentication fails, failure information is returned, and the proxy APP cannot start the VpnService service and cannot establish connection with the Socks5 proxy server cluster.
4. The mobile client directed traffic proxy method implemented based on Android VpnService of claim 2, wherein: the step S7 includes periodically counting the traffic generated by the proxy, inquiring the residual proxy traffic of the current user from the authentication server, and if the residual traffic is zero, terminating all the proxies of the user, wherein the subsequent traffic is not forwarded through the Socks5 proxy server cluster.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110960231.7A CN113824685B (en) | 2021-08-20 | 2021-08-20 | Mobile terminal directional flow agent system and method based on Android VpnService |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110960231.7A CN113824685B (en) | 2021-08-20 | 2021-08-20 | Mobile terminal directional flow agent system and method based on Android VpnService |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113824685A CN113824685A (en) | 2021-12-21 |
| CN113824685B true CN113824685B (en) | 2023-07-14 |
Family
ID=78922930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110960231.7A Active CN113824685B (en) | 2021-08-20 | 2021-08-20 | Mobile terminal directional flow agent system and method based on Android VpnService |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113824685B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113938289B (en) * | 2021-08-31 | 2024-03-01 | 联通沃音乐文化有限公司 | System and method for preventing interception mechanism from being abused and attacked by proxy client |
| CN114363351B (en) * | 2021-12-27 | 2023-05-05 | 武汉思普崚技术有限公司 | Proxy connection suppression method, network architecture and proxy server |
| CN117041899B (en) * | 2023-10-10 | 2024-02-09 | 联通在线信息科技有限公司 | Edge authentication streaming-free metering method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104902433A (en) * | 2015-06-30 | 2015-09-09 | 北京奇虎科技有限公司 | Method for accessing network by application program in mobile terminal, distribution server and system |
| CN106973107A (en) * | 2017-03-29 | 2017-07-21 | 小沃科技有限公司 | A kind of mobile client orientation flow agency plant realized based on hook modes and method |
| CN111355761A (en) * | 2018-12-24 | 2020-06-30 | 中移(杭州)信息技术有限公司 | Directional flow resource acquisition system, method, device, electronic equipment and medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023092B (en) * | 2014-04-29 | 2017-09-26 | 中国联合网络通信集团有限公司 | A kind of method and system for realizing orientation flow bag |
| CN105100015B (en) * | 2014-05-16 | 2018-07-03 | 林琳 | A kind of method and device for acquiring internet access data |
| CN106304012A (en) * | 2015-05-22 | 2017-01-04 | 中兴通讯股份有限公司 | Flow managing method, device, system, user terminal and policy, billing device |
| CN104967624B (en) * | 2015-06-30 | 2019-02-12 | 北京奇虎科技有限公司 | It is a kind of based on method, mobile terminal and the system of exempting from flow platform access network |
| CN111049844B (en) * | 2019-12-18 | 2022-02-22 | 深信服科技股份有限公司 | Internet access behavior management method, device, equipment and storage medium based on Socks agents |
-
2021
- 2021-08-20 CN CN202110960231.7A patent/CN113824685B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104902433A (en) * | 2015-06-30 | 2015-09-09 | 北京奇虎科技有限公司 | Method for accessing network by application program in mobile terminal, distribution server and system |
| CN106973107A (en) * | 2017-03-29 | 2017-07-21 | 小沃科技有限公司 | A kind of mobile client orientation flow agency plant realized based on hook modes and method |
| CN111355761A (en) * | 2018-12-24 | 2020-06-30 | 中移(杭州)信息技术有限公司 | Directional flow resource acquisition system, method, device, electronic equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113824685A (en) | 2021-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113824685B (en) | Mobile terminal directional flow agent system and method based on Android VpnService | |
| EP3259898B1 (en) | Message bus service directory | |
| US9930609B2 (en) | System and method for authentication of a communication device | |
| US8321566B2 (en) | System and method to control application to application communication over a network | |
| US8943572B2 (en) | Method for accessing a storage server of an IM service system, and an IM service system | |
| RU2344473C2 (en) | Network system, proxy-server, method of session control | |
| US10819761B2 (en) | Electronic device and method for controlling electronic device | |
| US20090319611A1 (en) | Method and System for Facilitating Exchange of A Data Between Applications Using a Communication Platform | |
| JP2012080418A (en) | Management of terminal connection state in network authentication | |
| JP2009163546A (en) | Gateway, repeating method and program | |
| US20160269382A1 (en) | Secure Distribution of Non-Privileged Authentication Credentials | |
| JP2010187314A (en) | Network relay apparatus with authentication function, and terminal authentication method employing the same | |
| US7237025B1 (en) | System, device, and method for communicating user identification information over a communications network | |
| JP4881672B2 (en) | Communication device and communication control program | |
| JP2006229265A (en) | Gateway system | |
| CN113810330A (en) | Method, device and storage medium for sending verification information | |
| JP4554420B2 (en) | Gateway device and program thereof | |
| CN110620758B (en) | Method for connecting a terminal to a network-enabled computer infrastructure | |
| US20080141343A1 (en) | Method, system and apparatus for access control | |
| CN114117401B (en) | API (application program interface) secure calling method, device, equipment and computer storage medium | |
| CN106452896A (en) | Method and system for realizing virtual special network platform | |
| RU2788673C1 (en) | Network access control system and method | |
| WO2012037759A1 (en) | Data transmission method and always online gateway system | |
| JP2014153917A (en) | Communication service authentication/connection system, and method of the same | |
| EP2981030B1 (en) | Transfer device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |