CN116489207A - TCP connection processing method and device for intermediate equipment - Google Patents

TCP connection processing method and device for intermediate equipment Download PDF

Info

Publication number
CN116489207A
CN116489207A CN202310625002.9A CN202310625002A CN116489207A CN 116489207 A CN116489207 A CN 116489207A CN 202310625002 A CN202310625002 A CN 202310625002A CN 116489207 A CN116489207 A CN 116489207A
Authority
CN
China
Prior art keywords
message
client
tcp
tcp connection
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310625002.9A
Other languages
Chinese (zh)
Inventor
李晓婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN202310625002.9A priority Critical patent/CN116489207A/en
Publication of CN116489207A publication Critical patent/CN116489207A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/143Termination or inactivation of sessions, e.g. event-controlled end of session
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application relates to a TCP connection processing method and device for an intermediate device. The method comprises the following steps: the method comprises the steps that a client and a server establish TCP connection; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; and the client and the server end the TCP connection based on the reset message. The TCP connection processing method and the TCP connection processing device for the intermediate equipment can save TCP port resources of the server side and the client side, avoid packet loss, and ensure reliability of communication connection between the server side and the client side.

Description

TCP connection processing method and device for intermediate equipment
Technical Field
The disclosure relates to the field of communication information processing, in particular to a TCP connection processing method and device for an intermediate device.
Background
When a TCP connection passes through intermediate equipment, the intermediate firewall equipment establishes a session (five-tuple identification) aiming at the current TCP request so as to record the state of the current TCP connection, when the three-way handshake of the TCP is completed, the firewall establishes a TCP session aiming at the current connection, the session uniquely identifies the current TCP connection, and meanwhile, an aging time for aging the session is set for the session, and the aging time has the function of controlling the entries of a session table, so that the entries of the session table of the intermediate firewall are not accumulated too much, and the forwarding performance of the equipment is not affected; and when the TCP data passes through the intermediate firewall device, the session aging time is reset to an initial value each time, until the data is sent, the TCP session is finished, a FIN message is sent, and after the last four times of waving, the session aging time is reset to a smaller value, and after the aging time, the session is sent to an aging process for aging.
After the connection is established at the two ends of the C/S (client/server), data interaction does not always exist, some connections can be released immediately after the interaction is finished, some connections cannot exist, accidents such as dead halt and restarting can occur at the two ends when the two ends do not conduct data interaction for a long time, the current TCP session is sent into an aging queue to be finally aged after the session of the middle firewall device is aged, the firewall releases current connection resources, and for the waiting client or server, the TCP connection is not closed, and at the moment or in a semi-connection state, then:
(1) When the two ends do not send data any more, the connection always exists in the client or the server, so that a certain port of the client or the server is always occupied and not released, equipment resources are wasted, the semi-connection is always accumulated, other application services cannot be responded quickly due to light weight, the current equipment resources are exhausted due to heavy weight, and the device is restarted due to paralysis;
(2) When one end, such as a server, performs data transmission again, the session of the intermediate firewall device is aged, if the intermediate firewall device starts the state detection of the TCP packet, and the last TCP session is aged, so that the data packets are intercepted by the intermediate firewall and failed to be transmitted due to state errors, and the server can retransmit the data packets all the time, thereby wasting equipment resources.
Therefore, a new TCP connection processing method and apparatus for an intermediate device are needed.
The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present application provides a method and apparatus for processing a TCP connection for an intermediate device, which can save TCP port resources of a server and a client, avoid a packet loss phenomenon, and also ensure reliability of communication connection between the server and the client.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.
According to an aspect of the present application, there is provided a TCP connection processing method for an intermediate device, the method including: the method comprises the steps that a client and a server establish TCP connection; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; and the client and the server end the TCP connection based on the reset message.
In an exemplary embodiment of the present application, the intermediary device obtains a TCP connection and sets an aging time, including: the intermediate device acquires the TCP connection; establishing a TCP session for the TCP connection based on quintuple information; and setting aging time for the TCP session.
In an exemplary embodiment of the present application, the interaction message between the client and the server through the intermediate device and the TCP connection includes: the client sends a message to the server based on the TCP connection; the intermediate equipment analyzes the message and records first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length; and storing the first message information in a TCP session associated with the TCP connection.
In an exemplary embodiment of the present application, the interaction message between the client and the server through the intermediate device and the TCP connection includes: the server sends a message to the client based on the TCP connection; the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length; and storing the second message information in a TCP session associated with the TCP connection.
In an exemplary embodiment of the present application, when the aging time reaches a threshold, the intermediate device generates a reset message, including: when the aging time reaches a threshold value, the intermediate device executes an aging event; and the intermediate equipment generates a first reset message and a second reset message.
In an exemplary embodiment of the present application, the intermediate device performs an aging event, including: and adding the TCP session associated with the TCP connection into an aging queue, and sequentially executing aging events.
In an exemplary embodiment of the present application, the intermediate device generates a first reset message and a second reset message, including: the intermediate device generates a first transmission number based on the first transmission number, the first confirmation number and the second confirmation number; and generating a first reset message based on the first transmission number.
In an exemplary embodiment of the present application, the intermediate device generates a first reset message and a second reset message, including: the intermediate device generates a second transmission number based on the second transmission number, the second acknowledgement number and the first acknowledgement number; and generating a second reset message based on the second transmission number.
In an exemplary embodiment of the present application, sending the reset message to the client and the server respectively includes: sending a first reset message to the server; and sending a second reset message to the client.
According to an aspect of the present application, there is provided a TCP connection processing apparatus for an intermediate device, the apparatus including: the connection module is used for establishing TCP connection between the client and the server; the time module is used for obtaining TCP connection and setting aging time by the intermediate equipment; the interaction module is used for connecting the client and the server with the interaction message through the intermediate equipment and the TCP; the message module is used for generating a reset message by the intermediate equipment when the aging time reaches a threshold value; the sending module is used for respectively sending the reset message to the client and the server; and the ending module is used for ending the TCP connection by the client and the server based on the reset message.
According to an aspect of the present application, there is provided an electronic device including: one or more processors; a storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods as described above.
According to an aspect of the present application, a computer-readable medium is presented, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above.
According to the TCP connection processing method and device for the intermediate equipment, TCP connection is established through the client and the server; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; the client and the server end the TCP connection based on the reset message, so that TCP port resources of the server end and the client end can be saved, the occurrence of packet loss phenomenon is avoided, and the reliability of communication connection between the server end and the client end can be ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a system block diagram illustrating a method and apparatus for TCP connection processing for an intermediary device according to an exemplary embodiment.
Fig. 2 is a flow chart illustrating a TCP connection processing method for an intermediary device in accordance with an exemplary embodiment.
Fig. 3 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment.
Fig. 4 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment.
Fig. 5 is a flowchart illustrating a TCP connection processing method for an intermediary device in accordance with another exemplary embodiment.
Fig. 6 is a block diagram illustrating a TCP connection processing apparatus for an intermediary device in accordance with an example embodiment.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
Fig. 8 is a block diagram of a computer-readable medium shown according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present application. One skilled in the relevant art will recognize, however, that the aspects of the application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Thus, a first component discussed below could be termed a second component without departing from the teachings of the present application concept. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments, and that the modules or flows in the drawings are not necessarily required to practice the present application, and therefore, should not be taken to limit the scope of the present application.
The technical abbreviations involved in this application are explained as follows:
1. TCP protocol
TCP is a connection-oriented, reliable, byte-stream based transport layer communication protocol that carries data segments. The TCP protocol establishes a point-to-point, one-to-one and reliable connection, which can send data to the opposite party as much as possible, and can inform the application layer of data sending failure under the condition that the opposite party can not receive the data, ensure that the application layer of the receiving party receives the data strictly according to the sending sequence, maintain the network quality as much as possible, and exchange high-reliability service at the expense of efficiency compared with UDP. The TCP protocol connection-oriented means that a TCP session must be established before the host exchanges data, and the current TCP session is ended after the data exchange is completed.
2. Transmission number and acknowledgement number
The TCP protocol guarantees the transmission order by sequence numbers. The transmitted data Number is the serial Number (Sequence Number-SN) of the TCP, the acknowledged data Number is called as acknowledgement serial Number (Ackonwledge Sequence Number-ASN), the numbering rule is that each byte occupies a serial Number, the initial Number at the time of transmission is the initial serial Number, which is a random value, and then the SN is added with the increase of the transmission of the TCP data, the SN fills out the data Number of the first byte in the data transmitted at this time, the acknowledgement Number needs to be filled out in the ACK flag position 1 in the TCP header, and the acknowledgement Number is to be filled out the next byte of the last byte of the data received at this time.
3. reset message
The establishment of the TCP connection is completed through three-way handshake, and the normal TCP connection release is completed through four-way hand waving, but in some cases, some accidents occur in the interaction process of the TCP, so that the TCP cannot release the connection according to the normal four-way hand waving, and if the TCP connection is not released through other ways at the moment, the TCP connection always exists, and part of the resources of the system are occupied. In this case, there is a need for a mechanism that can release the TCP connection, which is the reset message of TCP. The reset message refers to a message of reset position 1 in a flag field of a TCP header, and the common usage scenario is as follows: the client tries to establish TCP connection with a port which is not provided with service by the service end; the receiving end receives the TCP message, but discovers that the TCP message is not in the established TCP connection list; a certain party of the interactive parties does not receive a confirmation message from the other party for a long time; some application developers use reset messages to quickly release TCP connections that have completed data interactions when designing an application system.
The applicant finds out after investigation that in the prior art, the intermediate firewall device does not notify the C/S end of ending the current TCP connection when the session ages.
In the prior art, when the intermediate firewall device detects the aging time, the current TCP session is aged, and the tracing of the current TCP connection by the intermediate firewall device is finished. When TCP connection is not used any more, such useless connection exists on the client or the server device all the time, and the gradual accumulation can lead to the continuous occupation of device ports, the continuous consumption of resources and the influence on the performance of the device; when one end continues to start sending data, the middle firewall device discards the current TCP message due to the TCP state error at the moment, so that the packet loss is generated at the two ends, and the data transmission is incomplete.
In order to solve the technical defects in the prior art, the applicant provides a TCP connection processing method for an intermediate device, in the application, reset messages aiming at the current connection are respectively sent to a client and a server when the session of the intermediate firewall device is aged, so that the current TCP connection is guaranteed to be closed quickly, the accumulation of invalid TCP connections is prevented, and the forwarding performance of the device is improved.
The following describes the content of the present application in detail with the aid of specific examples.
Fig. 1 is a system block diagram illustrating a method and apparatus for TCP connection processing for an intermediary device according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include clients 101, 102, 103, a network 104 and intermediate devices 105, a server 106. The network 104 is a medium used to provide communication links between the clients 101, 102, 103 and the intermediate device 105, the server 106. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 106 through the intermediary 105 using the clients 101, 102, 103 to receive or send messages, etc. Various communication client applications may be installed on clients 101, 102, 103, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, and the like.
The clients 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The intermediate device 105 may be, for example, a firewall or the like.
The server 106 may be a server providing various services, such as a server providing support for data service-like websites browsed by the user using clients 101, 102, 103.
The client 101 (or 102 or 103) and the server 106 establish a TCP connection; the intermediate device 105 obtains the TCP connection and sets the aging time; the client 101 and the server 106 connect interactive messages with the TCP through the intermediate equipment 105; when the aging time reaches a threshold, the intermediate device 105 generates a reset message; the reset message is respectively sent to the client 101 and the server 106; the client 101 and the server 106 end the TCP connection based on the reset message.
It should be noted that, the TCP connection processing method for an intermediate device provided in the embodiment of the present application may be executed by the intermediate device 105, and accordingly, the TCP connection processing apparatus for an intermediate device may be disposed in the intermediate device 105.
Fig. 2 is a flow chart illustrating a TCP connection processing method for an intermediary device in accordance with an exemplary embodiment. The TCP connection processing method 20 for the intermediate device includes at least steps S202 to S212.
As shown in fig. 2, in S202, the client and the server establish a TCP connection. The client may establish a connection with the server, for example, through a three-way handshake.
In S204, the intermediate device acquires a TCP connection and sets an aging time. The intermediary device may, for example, obtain the TCP connection; establishing a TCP session for the TCP connection based on quintuple information; and setting aging time for the TCP session.
After the connection is established between the client and the server, the intermediate firewall device establishes a TCP session about the current TCP connection, sets a session aging time for the current session, and continuously reduces the current aging time to 0 before the next TCP interaction message arrives.
In S206, the client and the server connect to each other the packet through the intermediate device and the TCP.
In one embodiment, the client sends a message to the server based on the TCP connection; the intermediate equipment analyzes the message and records first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length; and storing the first message information in a TCP session associated with the TCP connection.
In one embodiment, the server sends a message to the client based on the TCP connection; the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length; and storing the second message information in a TCP session associated with the TCP connection.
In S208, when the aging time reaches the threshold, the intermediate device generates a reset message. When the aging time reaches a threshold value, the intermediate device executes an aging event; and the intermediate equipment generates a first reset message and a second reset message.
More specifically, the TCP session associated with the TCP connection may be added to an aging queue, which in turn performs aging events.
In S210, the reset message is sent to the client and the server respectively. Sending a first reset message to the server; and sending a second reset message to the client.
In S212, the client and the server end the TCP connection based on the reset message.
More specifically, the client ends the TCP connection based on the second reset message, and the server ends the TCP connection based on the first reset message.
After receiving the reset message, the client and the server immediately release the current TCP connection, and the corresponding TCP resources are also released, so that the existence of useless TCP connection which does not perform data interaction for a long time is avoided, and the performance of equipment is improved;
when the client has new data transmission, TCP three-way handshake is carried out again, new TCP connection is established, TCP session is reestablished when the new TCP connection passes through the device, aging time is set for the current session, and the new TCP data can be successfully matched with the session when the new TCP data is transmitted through the device and then received by the server.
According to the TCP connection processing method for the intermediate equipment, TCP connection is established through the client and the server; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; the client and the server end the TCP connection based on the reset message, so that TCP port resources of the server end and the client end can be saved, the occurrence of packet loss phenomenon is avoided, and the reliability of communication connection between the server end and the client end can be ensured.
It should be clearly understood that this application describes how to make and use particular examples, but the principles of this application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment. The flow 30 shown in fig. 3 is a detailed description of the flow shown in fig. 2.
As shown in fig. 3, in S302, the client and the service end establish a TCP connection based on the three-way handshake.
In S304, the intermediary establishes a session for the TCP connection, creating an aging time.
In S306, the client sends a message to the server.
In S308, the intermediate device records the message information into the session.
In S310, the server sends a message to the client.
In S312, the intermediate device records the message information into the session.
In S314, the session aging time arrives, and a first reset message and a second reset message are generated.
In S316, the first reset message is sent to the server.
In S318, the second reset message is sent to the client.
In S320, the TCP connection is closed between the client and the server.
According to the method, the device and the system, the middle device sends the reset message to the two ends when finishing the current TCP session, so that the devices at the two ends are informed of timely closing some useless TCP connections, and the situation that the TCP ports are occupied in a large amount, the device resources are exhausted and then data interaction of other application programs is affected due to accumulation of the TCP connections which are not used for a long time by the devices at the two ends is avoided; the phenomenon that the intermediate equipment loses packets caused by the fact that the intermediate firewall equipment continues to send TCP data after the intermediate firewall equipment finishes the session is avoided, so that the performance of the intermediate equipment is effectively improved, and effective guarantee is provided for the intermediate equipment to be capable of correctly forwarding the TCP data.
Fig. 4 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment. The process 40 shown in fig. 4 is a detailed description of the process S206 "the client and the server interact with the packet through the intermediate device and the TCP connection".
As shown in fig. 4, in S402, the client and the server connect interactive messages with the TCP through the intermediate device.
In S404, the client sends a message to the server based on the TCP connection.
In S406, the intermediate device parses the packet and records first packet information, where the first packet information includes a first transmission number, a first acknowledgement number, and a first data payload length.
More specifically, when the client sends a TCP packet to the server, the intermediate device may parse the TCP header of the current packet, record the sending number seq_number1 and the acknowledgement number ack_number1 of the current packet, record the current TCP data payload length payload_len1, and store the recorded value in the five-tuple session that uniquely identifies the current connection, for example, for the firewall device.
In S408, the first message information is stored in a TCP session associated with the TCP connection.
In S410, the server sends a message to the client based on the TCP connection.
In S412, the intermediate device parses the message and records second message information, where the second message information includes: a second transmission number, a second acknowledgement number, a second data payload length.
More specifically, when the server sends a TCP packet to the client, the firewall device also parses the current TCP header, records the sending number seq_number2 and acknowledgement number ack_number2 of the current packet, and stores the data in the associated TCP session.
In S414, the second message information is stored in a TCP session associated with the TCP connection.
Fig. 5 is a flowchart illustrating a TCP connection processing method for an intermediary device in accordance with another exemplary embodiment. The process 50 shown in fig. 5 is a detailed description of the process S208 "when the aging time reaches the threshold value", which is shown in fig. 2, the intermediate device generates a reset message ".
As shown in fig. 5, in S502, the intermediate device performs an aging event when the aging time reaches a threshold. When the two ends do not conduct data interaction for a long time, the middle firewall equipment detects that the aging time of the session is up, the current session is added into an aging queue, and aging events are sequentially executed.
In S504, the intermediate device generates a first reset message and a second reset message.
In one embodiment, the intermediate device generates a first transmission number based on the first transmission number, the first acknowledgement number, and the second acknowledgement number; and generating a first reset message based on the first transmission number.
In a specific application, the intermediate device may respectively construct a second reset message reset2 sent to the client and a first reset message reset1 sent to the server.
In one embodiment, by comparing the sizes of (seq_number1+payload_len1) and (ack_number2), the larger one is used as the transmission number (i.e. the sequence number seq) of the reset1 message, and the reset flag of the configuration message is 1, and the reset1 message is available for transmission to the server.
In one embodiment, the intermediate device generates a second transmission number based on the second transmission number, the second acknowledgement number, and the first acknowledgement number; and generating a second reset message based on the second transmission number.
In one embodiment, the sizes of (seq_number2+payload_len2) and (ack_number1) are compared, the larger one is taken as the transmission number of the reset2 message, and the reset flag position of the constructed message is 1, and the reset2 message is available for transmission to the client.
In S506, a first reset message is sent to the server.
In S508, a second reset message is sent to the client.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. When executed by a CPU, performs the functions defined by the above methods provided herein. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiments of the present application, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are device embodiments of the present application, which may be used to perform method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.
Fig. 6 is a block diagram illustrating a TCP connection processing apparatus for an intermediary device according to another exemplary embodiment. As shown in fig. 6, the TCP connection processing apparatus 60 for an intermediate device includes: a connection module 602, a time module 604, an interaction module 606, a message module 608, a sending module 610, and an ending module 612.
The connection module 602 is used for establishing a TCP connection between the client and the server;
the time module 604 is used for the intermediate device to acquire the TCP connection and set the aging time; the time module 604 is further configured to obtain the TCP connection by the intermediate device; establishing a TCP session for the TCP connection based on quintuple information; and setting aging time for the TCP session.
The interaction module 606 is configured to connect the client and the server with an interaction packet through the intermediate device and the TCP; the interaction module 606 is further configured to, when the client sends a message to the server based on the TCP connection; analyzing the message and recording first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length; and storing the first message information in a TCP session associated with the TCP connection. The interaction module 606 is further configured to, when the server sends a message to the client based on the TCP connection; the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length; storing the second message information in a TCP session associated with the TCP connection
The message module 608 is configured to generate a reset message by the intermediate device when the aging time reaches a threshold; the message module 608 is further configured to execute an aging event by the intermediary device when the aging time reaches a threshold; and the intermediate equipment generates a first reset message and a second reset message.
The sending module 610 is configured to send the reset message to the client and the server respectively; the sending module 610 is further configured to send a first reset message to the server; and sending a second reset message to the client.
An ending module 612 is configured to end the TCP connection by the client and the server based on the reset message.
According to the TCP connection processing device for the intermediate equipment, TCP connection is established through the client and the server; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; the client and the server end the TCP connection based on the reset message, so that TCP port resources of the server end and the client end can be saved, the occurrence of packet loss phenomenon is avoided, and the reliability of communication connection between the server end and the client end can be ensured.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 700 according to this embodiment of the present application is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments herein.
As shown in fig. 7, the electronic device 700 is embodied in the form of a general purpose computing device. Components of electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 connecting the different system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 710 such that the processing unit 710 performs steps described in the present specification according to various exemplary embodiments of the present application. For example, the processing unit 710 may perform the steps as shown in fig. 2, 3, 4, 5.
The memory unit 720 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 7201 and/or cache memory 7202, and may further include Read Only Memory (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 730 may be a bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 700, and/or any devices (e.g., routers, modems, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 750. Also, electronic device 700 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 760. Network adapter 760 may communicate with other modules of electronic device 700 via bus 730. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 700, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 8, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiments of the present application.
In general, the present disclosure faces the prior art problem that the intermediate firewall device detects that the aging time is up, which ages the current TCP session, at which point the intermediate firewall device's tracking of the current TCP connection has ended. When TCP connection is not used any more, such useless connection exists on the client or server end equipment all the time, and the gradual accumulation can lead to the continuous occupation of equipment ports, the continuous consumption of resources and the influence on equipment performance; when one end continues to start sending data, the middle firewall device discards the current TCP message due to the TCP state error at the moment, so that the packet loss is generated at the two ends, and the data transmission is incomplete. That is, the middleware session ages without informing the C/S side to close the TCP connection. Therefore, when the session of the intermediate firewall equipment ages, the method and the device send a reset message to the client and the server respectively, the sequence number of the reset message is filled by the intermediate firewall, and when the two end devices receive the reset message, the current TCP connection can be immediately ended, so that useless connection is prevented from being always existed, and equipment resources are occupied and consumed. Specifically, the client establishes a connection with the server through three-way handshake, at this time, the intermediate firewall device establishes a TCP session related to the current TCP connection, sets a session aging time for the current session, and before the next TCP interaction message arrives, the current aging time is continuously reduced, and when the current aging time is reduced to 0, the session is aged. When a Client (Client) sends a TCP message to a Server (Server), the intermediate firewall device analyzes the TCP header of the current message, records the sending number seq_number1 and the acknowledgement number ack_number1 of the current message, records the current TCP data load length payload_len1, and stores the recorded value in a five-tuple session uniquely identifying the current connection. When a Server sends a TCP message to a Client (Client), the intermediate firewall device also analyzes the current TCP header, records the sending number seq_number2 and the acknowledgement number ack_number2 of the current message, and stores the data in the associated TCP session, wherein the TCP data payload length payload_len2. When the two ends do not perform data interaction for a long time, the middle firewall equipment detects that the aging time of the session is up, adds the current session into an aging queue, sequentially executes aging events, at this time, respectively constructs a reset1 message sent to the client and a reset2 message sent to the server, firstly constructs the reset1 message, compares the sizes of (seq_number 1+payload_len1) and (ack_number 2), takes the larger one as the sending number (namely the sequence number seq) of the reset1 message, takes the reset mark position of the constructed message as 1, sends the reset1 message to the server, constructs the reset2 message, compares the sizes of (seq_number 2+payload_len2) and (ack_number 1), takes the larger one as the sending number of the reset2 message, takes the reset mark position of the constructed message as 1, and sends the reset2 message to the client. After receiving the reset message, the client and the server immediately release the current TCP connection, and the corresponding TCP resources are also released, so that the existence of useless TCP connection which does not perform data interaction for a long time is avoided, and the equipment performance is improved. When the client has new data transmission, TCP three-way handshake is carried out again, new TCP connection is established, TCP session is reestablished when the new TCP connection passes through the device, aging time is set for the current session, and the new TCP data can be successfully matched with the session when the new TCP data is transmitted through the device and then received by the server. According to the method, the device and the system, the intermediate device sends the reset message to the two ends when finishing the current TCP session, so that the devices at the two ends are informed of timely closing some useless TCP connections, and the situation that the TCP ports are occupied in a large amount, the device resources are exhausted and then data interaction of other application programs is affected due to accumulation of the TCP connections which are not used for a long time by the devices at the two ends is avoided; the phenomenon that the intermediate equipment loses packets caused by the fact that the intermediate firewall equipment continues to send TCP data after the intermediate firewall equipment finishes the session is avoided, so that the performance of the intermediate equipment is effectively improved, and effective guarantee is provided for the intermediate equipment to be capable of correctly forwarding the TCP data.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: the method comprises the steps that a client and a server establish TCP connection; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; and the client and the server end the TCP connection based on the reset message.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
Exemplary embodiments of the present application are specifically illustrated and described above. It is to be understood that this application is not limited to the details of construction, arrangement or method of implementation described herein; on the contrary, the application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (10)

1. A TCP connection processing method for an intermediate device, comprising:
the method comprises the steps that a client and a server establish TCP connection;
the intermediate equipment acquires TCP connection and sets ageing time;
the client and the server connect interactive messages with the TCP through the intermediate equipment;
when the aging time reaches a threshold value, the intermediate equipment generates a reset message;
the reset message is respectively sent to the client and the server;
and the client and the server end the TCP connection based on the reset message.
2. The method of claim 1, wherein the intermediary device acquiring the TCP connection and setting the aging time comprises:
the intermediate device acquires the TCP connection;
establishing a TCP session for the TCP connection based on quintuple information;
and setting aging time for the TCP session.
3. The method of claim 1, wherein the client and the server interact with messages through the intermediary device and the TCP connection, comprising:
the client sends a message to the server based on the TCP connection;
the intermediate equipment analyzes the message and records first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length;
And storing the first message information in a TCP session associated with the TCP connection.
4. The method of claim 1, wherein the client and the server interact with messages through the intermediary device and the TCP connection, comprising:
the server sends a message to the client based on the TCP connection;
the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length;
and storing the second message information in a TCP session associated with the TCP connection.
5. The method of claim 1, wherein the intermediate device generating the reset message when the aging time reaches a threshold comprises:
when the aging time reaches a threshold value, the intermediate device executes an aging event;
and the intermediate equipment generates a first reset message and a second reset message.
6. The method of claim 5, wherein the intermediary device performs the aging event comprising:
and adding the TCP session associated with the TCP connection into an aging queue, and sequentially executing aging events.
7. The method of claim 5, wherein the intermediate device generating the first reset message and the second reset message comprises:
The intermediate device generates a first transmission number based on the first transmission number, the first confirmation number and the second confirmation number;
and generating a first reset message based on the first transmission number.
8. The method of claim 1, wherein the intermediate device generating the first reset message and the second reset message comprises:
the intermediate device generates a second transmission number based on the second transmission number, the second acknowledgement number and the first acknowledgement number;
and generating a second reset message based on the second transmission number.
9. The method of claim 1, wherein sending the reset message to the client and the server, respectively, comprises:
sending a first reset message to the server;
and sending a second reset message to the client.
10. A TCP connection processing method for an intermediate device, comprising:
the connection module is used for establishing TCP connection between the client and the server;
the time module is used for obtaining TCP connection and setting aging time by the intermediate equipment;
the interaction module is used for connecting the client and the server with the interaction message through the intermediate equipment and the TCP;
The message module is used for generating a reset message by the intermediate equipment when the aging time reaches a threshold value;
the sending module is used for respectively sending the reset message to the client and the server;
and the ending module is used for ending the TCP connection by the client and the server based on the reset message.
CN202310625002.9A 2023-05-30 2023-05-30 TCP connection processing method and device for intermediate equipment Pending CN116489207A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310625002.9A CN116489207A (en) 2023-05-30 2023-05-30 TCP connection processing method and device for intermediate equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310625002.9A CN116489207A (en) 2023-05-30 2023-05-30 TCP connection processing method and device for intermediate equipment

Publications (1)

Publication Number Publication Date
CN116489207A true CN116489207A (en) 2023-07-25

Family

ID=87225309

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310625002.9A Pending CN116489207A (en) 2023-05-30 2023-05-30 TCP connection processing method and device for intermediate equipment

Country Status (1)

Country Link
CN (1) CN116489207A (en)

Similar Documents

Publication Publication Date Title
US9706371B2 (en) Push notification middleware
US10142425B2 (en) Session reliability for a redirected USB device
US9015822B2 (en) Automatic invocation of DTN bundle protocol
US20070058531A1 (en) Method and apparatus for improved data transmission through a data connection
WO2019227427A1 (en) File download method, device and apparatus/terminal/server
US20190173960A1 (en) Method, device and computer program product for protocol selection
JP6195465B2 (en) Remote card content management using synchronous server-side scripting
US11463549B2 (en) Facilitating inter-proxy communication via an existing protocol
CN112887420B (en) Message pushing method and device, computer readable storage medium and electronic equipment
CN111988776A (en) Network switching method, device, equipment and storage medium
CN116489207A (en) TCP connection processing method and device for intermediate equipment
Narita et al. Reliable cloud-based robot services
CN113849449A (en) Communication system and information interaction method, device and medium
JP2008197885A (en) Application abnormal end processing system method therefor and program
CN110764932A (en) Data processing method, system, medium and computing device
CN113179317A (en) Test system and method for content rewriting device
CN112769960A (en) Active flow control method and system based on Nginx server
CN112714420A (en) Network access method and device of wifi hotspot providing equipment and electronic equipment
CN113572809B (en) Single request source multi-target source data communication method, computer equipment and storage medium
CN114650271B (en) Global load DNS neighbor site learning method and device
US20070055788A1 (en) Method for forwarding network file system requests and responses between network segments
CN112087510B (en) Request processing method, device, electronic equipment and medium
CN115277506B (en) Load balancing equipment testing method and system
US11134137B1 (en) Filter-based request processing in a web server
CN116781571A (en) Health detection method and device of load balancing equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination