CN116489207A - TCP connection processing method and device for intermediate equipment - Google Patents
TCP connection processing method and device for intermediate equipment Download PDFInfo
- Publication number
- CN116489207A CN116489207A CN202310625002.9A CN202310625002A CN116489207A CN 116489207 A CN116489207 A CN 116489207A CN 202310625002 A CN202310625002 A CN 202310625002A CN 116489207 A CN116489207 A CN 116489207A
- Authority
- CN
- China
- Prior art keywords
- message
- client
- tcp
- tcp connection
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 22
- 230000032683 aging Effects 0.000 claims abstract description 75
- 238000000034 method Methods 0.000 claims abstract description 40
- 230000002452 interceptive effect Effects 0.000 claims abstract description 10
- 230000005540 biological transmission Effects 0.000 claims description 37
- 230000003993 interaction Effects 0.000 claims description 24
- 238000012790 confirmation Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 abstract description 17
- 238000004891 communication Methods 0.000 abstract description 11
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 9
- 238000009825 accumulation Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000002431 foraging effect Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/143—Termination or inactivation of sessions, e.g. event-controlled end of session
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The application relates to a TCP connection processing method and device for an intermediate device. The method comprises the following steps: the method comprises the steps that a client and a server establish TCP connection; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; and the client and the server end the TCP connection based on the reset message. The TCP connection processing method and the TCP connection processing device for the intermediate equipment can save TCP port resources of the server side and the client side, avoid packet loss, and ensure reliability of communication connection between the server side and the client side.
Description
Technical Field
The disclosure relates to the field of communication information processing, in particular to a TCP connection processing method and device for an intermediate device.
Background
When a TCP connection passes through intermediate equipment, the intermediate firewall equipment establishes a session (five-tuple identification) aiming at the current TCP request so as to record the state of the current TCP connection, when the three-way handshake of the TCP is completed, the firewall establishes a TCP session aiming at the current connection, the session uniquely identifies the current TCP connection, and meanwhile, an aging time for aging the session is set for the session, and the aging time has the function of controlling the entries of a session table, so that the entries of the session table of the intermediate firewall are not accumulated too much, and the forwarding performance of the equipment is not affected; and when the TCP data passes through the intermediate firewall device, the session aging time is reset to an initial value each time, until the data is sent, the TCP session is finished, a FIN message is sent, and after the last four times of waving, the session aging time is reset to a smaller value, and after the aging time, the session is sent to an aging process for aging.
After the connection is established at the two ends of the C/S (client/server), data interaction does not always exist, some connections can be released immediately after the interaction is finished, some connections cannot exist, accidents such as dead halt and restarting can occur at the two ends when the two ends do not conduct data interaction for a long time, the current TCP session is sent into an aging queue to be finally aged after the session of the middle firewall device is aged, the firewall releases current connection resources, and for the waiting client or server, the TCP connection is not closed, and at the moment or in a semi-connection state, then:
(1) When the two ends do not send data any more, the connection always exists in the client or the server, so that a certain port of the client or the server is always occupied and not released, equipment resources are wasted, the semi-connection is always accumulated, other application services cannot be responded quickly due to light weight, the current equipment resources are exhausted due to heavy weight, and the device is restarted due to paralysis;
(2) When one end, such as a server, performs data transmission again, the session of the intermediate firewall device is aged, if the intermediate firewall device starts the state detection of the TCP packet, and the last TCP session is aged, so that the data packets are intercepted by the intermediate firewall and failed to be transmitted due to state errors, and the server can retransmit the data packets all the time, thereby wasting equipment resources.
Therefore, a new TCP connection processing method and apparatus for an intermediate device are needed.
The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present application provides a method and apparatus for processing a TCP connection for an intermediate device, which can save TCP port resources of a server and a client, avoid a packet loss phenomenon, and also ensure reliability of communication connection between the server and the client.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.
According to an aspect of the present application, there is provided a TCP connection processing method for an intermediate device, the method including: the method comprises the steps that a client and a server establish TCP connection; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; and the client and the server end the TCP connection based on the reset message.
In an exemplary embodiment of the present application, the intermediary device obtains a TCP connection and sets an aging time, including: the intermediate device acquires the TCP connection; establishing a TCP session for the TCP connection based on quintuple information; and setting aging time for the TCP session.
In an exemplary embodiment of the present application, the interaction message between the client and the server through the intermediate device and the TCP connection includes: the client sends a message to the server based on the TCP connection; the intermediate equipment analyzes the message and records first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length; and storing the first message information in a TCP session associated with the TCP connection.
In an exemplary embodiment of the present application, the interaction message between the client and the server through the intermediate device and the TCP connection includes: the server sends a message to the client based on the TCP connection; the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length; and storing the second message information in a TCP session associated with the TCP connection.
In an exemplary embodiment of the present application, when the aging time reaches a threshold, the intermediate device generates a reset message, including: when the aging time reaches a threshold value, the intermediate device executes an aging event; and the intermediate equipment generates a first reset message and a second reset message.
In an exemplary embodiment of the present application, the intermediate device performs an aging event, including: and adding the TCP session associated with the TCP connection into an aging queue, and sequentially executing aging events.
In an exemplary embodiment of the present application, the intermediate device generates a first reset message and a second reset message, including: the intermediate device generates a first transmission number based on the first transmission number, the first confirmation number and the second confirmation number; and generating a first reset message based on the first transmission number.
In an exemplary embodiment of the present application, the intermediate device generates a first reset message and a second reset message, including: the intermediate device generates a second transmission number based on the second transmission number, the second acknowledgement number and the first acknowledgement number; and generating a second reset message based on the second transmission number.
In an exemplary embodiment of the present application, sending the reset message to the client and the server respectively includes: sending a first reset message to the server; and sending a second reset message to the client.
According to an aspect of the present application, there is provided a TCP connection processing apparatus for an intermediate device, the apparatus including: the connection module is used for establishing TCP connection between the client and the server; the time module is used for obtaining TCP connection and setting aging time by the intermediate equipment; the interaction module is used for connecting the client and the server with the interaction message through the intermediate equipment and the TCP; the message module is used for generating a reset message by the intermediate equipment when the aging time reaches a threshold value; the sending module is used for respectively sending the reset message to the client and the server; and the ending module is used for ending the TCP connection by the client and the server based on the reset message.
According to an aspect of the present application, there is provided an electronic device including: one or more processors; a storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods as described above.
According to an aspect of the present application, a computer-readable medium is presented, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above.
According to the TCP connection processing method and device for the intermediate equipment, TCP connection is established through the client and the server; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; the client and the server end the TCP connection based on the reset message, so that TCP port resources of the server end and the client end can be saved, the occurrence of packet loss phenomenon is avoided, and the reliability of communication connection between the server end and the client end can be ensured.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a system block diagram illustrating a method and apparatus for TCP connection processing for an intermediary device according to an exemplary embodiment.
Fig. 2 is a flow chart illustrating a TCP connection processing method for an intermediary device in accordance with an exemplary embodiment.
Fig. 3 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment.
Fig. 4 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment.
Fig. 5 is a flowchart illustrating a TCP connection processing method for an intermediary device in accordance with another exemplary embodiment.
Fig. 6 is a block diagram illustrating a TCP connection processing apparatus for an intermediary device in accordance with an example embodiment.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
Fig. 8 is a block diagram of a computer-readable medium shown according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present application. One skilled in the relevant art will recognize, however, that the aspects of the application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Thus, a first component discussed below could be termed a second component without departing from the teachings of the present application concept. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments, and that the modules or flows in the drawings are not necessarily required to practice the present application, and therefore, should not be taken to limit the scope of the present application.
The technical abbreviations involved in this application are explained as follows:
1. TCP protocol
TCP is a connection-oriented, reliable, byte-stream based transport layer communication protocol that carries data segments. The TCP protocol establishes a point-to-point, one-to-one and reliable connection, which can send data to the opposite party as much as possible, and can inform the application layer of data sending failure under the condition that the opposite party can not receive the data, ensure that the application layer of the receiving party receives the data strictly according to the sending sequence, maintain the network quality as much as possible, and exchange high-reliability service at the expense of efficiency compared with UDP. The TCP protocol connection-oriented means that a TCP session must be established before the host exchanges data, and the current TCP session is ended after the data exchange is completed.
2. Transmission number and acknowledgement number
The TCP protocol guarantees the transmission order by sequence numbers. The transmitted data Number is the serial Number (Sequence Number-SN) of the TCP, the acknowledged data Number is called as acknowledgement serial Number (Ackonwledge Sequence Number-ASN), the numbering rule is that each byte occupies a serial Number, the initial Number at the time of transmission is the initial serial Number, which is a random value, and then the SN is added with the increase of the transmission of the TCP data, the SN fills out the data Number of the first byte in the data transmitted at this time, the acknowledgement Number needs to be filled out in the ACK flag position 1 in the TCP header, and the acknowledgement Number is to be filled out the next byte of the last byte of the data received at this time.
3. reset message
The establishment of the TCP connection is completed through three-way handshake, and the normal TCP connection release is completed through four-way hand waving, but in some cases, some accidents occur in the interaction process of the TCP, so that the TCP cannot release the connection according to the normal four-way hand waving, and if the TCP connection is not released through other ways at the moment, the TCP connection always exists, and part of the resources of the system are occupied. In this case, there is a need for a mechanism that can release the TCP connection, which is the reset message of TCP. The reset message refers to a message of reset position 1 in a flag field of a TCP header, and the common usage scenario is as follows: the client tries to establish TCP connection with a port which is not provided with service by the service end; the receiving end receives the TCP message, but discovers that the TCP message is not in the established TCP connection list; a certain party of the interactive parties does not receive a confirmation message from the other party for a long time; some application developers use reset messages to quickly release TCP connections that have completed data interactions when designing an application system.
The applicant finds out after investigation that in the prior art, the intermediate firewall device does not notify the C/S end of ending the current TCP connection when the session ages.
In the prior art, when the intermediate firewall device detects the aging time, the current TCP session is aged, and the tracing of the current TCP connection by the intermediate firewall device is finished. When TCP connection is not used any more, such useless connection exists on the client or the server device all the time, and the gradual accumulation can lead to the continuous occupation of device ports, the continuous consumption of resources and the influence on the performance of the device; when one end continues to start sending data, the middle firewall device discards the current TCP message due to the TCP state error at the moment, so that the packet loss is generated at the two ends, and the data transmission is incomplete.
In order to solve the technical defects in the prior art, the applicant provides a TCP connection processing method for an intermediate device, in the application, reset messages aiming at the current connection are respectively sent to a client and a server when the session of the intermediate firewall device is aged, so that the current TCP connection is guaranteed to be closed quickly, the accumulation of invalid TCP connections is prevented, and the forwarding performance of the device is improved.
The following describes the content of the present application in detail with the aid of specific examples.
Fig. 1 is a system block diagram illustrating a method and apparatus for TCP connection processing for an intermediary device according to an exemplary embodiment.
As shown in fig. 1, the system architecture 10 may include clients 101, 102, 103, a network 104 and intermediate devices 105, a server 106. The network 104 is a medium used to provide communication links between the clients 101, 102, 103 and the intermediate device 105, the server 106. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 106 through the intermediary 105 using the clients 101, 102, 103 to receive or send messages, etc. Various communication client applications may be installed on clients 101, 102, 103, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, and the like.
The clients 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The intermediate device 105 may be, for example, a firewall or the like.
The server 106 may be a server providing various services, such as a server providing support for data service-like websites browsed by the user using clients 101, 102, 103.
The client 101 (or 102 or 103) and the server 106 establish a TCP connection; the intermediate device 105 obtains the TCP connection and sets the aging time; the client 101 and the server 106 connect interactive messages with the TCP through the intermediate equipment 105; when the aging time reaches a threshold, the intermediate device 105 generates a reset message; the reset message is respectively sent to the client 101 and the server 106; the client 101 and the server 106 end the TCP connection based on the reset message.
It should be noted that, the TCP connection processing method for an intermediate device provided in the embodiment of the present application may be executed by the intermediate device 105, and accordingly, the TCP connection processing apparatus for an intermediate device may be disposed in the intermediate device 105.
Fig. 2 is a flow chart illustrating a TCP connection processing method for an intermediary device in accordance with an exemplary embodiment. The TCP connection processing method 20 for the intermediate device includes at least steps S202 to S212.
As shown in fig. 2, in S202, the client and the server establish a TCP connection. The client may establish a connection with the server, for example, through a three-way handshake.
In S204, the intermediate device acquires a TCP connection and sets an aging time. The intermediary device may, for example, obtain the TCP connection; establishing a TCP session for the TCP connection based on quintuple information; and setting aging time for the TCP session.
After the connection is established between the client and the server, the intermediate firewall device establishes a TCP session about the current TCP connection, sets a session aging time for the current session, and continuously reduces the current aging time to 0 before the next TCP interaction message arrives.
In S206, the client and the server connect to each other the packet through the intermediate device and the TCP.
In one embodiment, the client sends a message to the server based on the TCP connection; the intermediate equipment analyzes the message and records first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length; and storing the first message information in a TCP session associated with the TCP connection.
In one embodiment, the server sends a message to the client based on the TCP connection; the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length; and storing the second message information in a TCP session associated with the TCP connection.
In S208, when the aging time reaches the threshold, the intermediate device generates a reset message. When the aging time reaches a threshold value, the intermediate device executes an aging event; and the intermediate equipment generates a first reset message and a second reset message.
More specifically, the TCP session associated with the TCP connection may be added to an aging queue, which in turn performs aging events.
In S210, the reset message is sent to the client and the server respectively. Sending a first reset message to the server; and sending a second reset message to the client.
In S212, the client and the server end the TCP connection based on the reset message.
More specifically, the client ends the TCP connection based on the second reset message, and the server ends the TCP connection based on the first reset message.
After receiving the reset message, the client and the server immediately release the current TCP connection, and the corresponding TCP resources are also released, so that the existence of useless TCP connection which does not perform data interaction for a long time is avoided, and the performance of equipment is improved;
when the client has new data transmission, TCP three-way handshake is carried out again, new TCP connection is established, TCP session is reestablished when the new TCP connection passes through the device, aging time is set for the current session, and the new TCP data can be successfully matched with the session when the new TCP data is transmitted through the device and then received by the server.
According to the TCP connection processing method for the intermediate equipment, TCP connection is established through the client and the server; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; the client and the server end the TCP connection based on the reset message, so that TCP port resources of the server end and the client end can be saved, the occurrence of packet loss phenomenon is avoided, and the reliability of communication connection between the server end and the client end can be ensured.
It should be clearly understood that this application describes how to make and use particular examples, but the principles of this application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment. The flow 30 shown in fig. 3 is a detailed description of the flow shown in fig. 2.
As shown in fig. 3, in S302, the client and the service end establish a TCP connection based on the three-way handshake.
In S304, the intermediary establishes a session for the TCP connection, creating an aging time.
In S306, the client sends a message to the server.
In S308, the intermediate device records the message information into the session.
In S310, the server sends a message to the client.
In S312, the intermediate device records the message information into the session.
In S314, the session aging time arrives, and a first reset message and a second reset message are generated.
In S316, the first reset message is sent to the server.
In S318, the second reset message is sent to the client.
In S320, the TCP connection is closed between the client and the server.
According to the method, the device and the system, the middle device sends the reset message to the two ends when finishing the current TCP session, so that the devices at the two ends are informed of timely closing some useless TCP connections, and the situation that the TCP ports are occupied in a large amount, the device resources are exhausted and then data interaction of other application programs is affected due to accumulation of the TCP connections which are not used for a long time by the devices at the two ends is avoided; the phenomenon that the intermediate equipment loses packets caused by the fact that the intermediate firewall equipment continues to send TCP data after the intermediate firewall equipment finishes the session is avoided, so that the performance of the intermediate equipment is effectively improved, and effective guarantee is provided for the intermediate equipment to be capable of correctly forwarding the TCP data.
Fig. 4 is a flowchart illustrating a TCP connection processing method for an intermediate device according to another exemplary embodiment. The process 40 shown in fig. 4 is a detailed description of the process S206 "the client and the server interact with the packet through the intermediate device and the TCP connection".
As shown in fig. 4, in S402, the client and the server connect interactive messages with the TCP through the intermediate device.
In S404, the client sends a message to the server based on the TCP connection.
In S406, the intermediate device parses the packet and records first packet information, where the first packet information includes a first transmission number, a first acknowledgement number, and a first data payload length.
More specifically, when the client sends a TCP packet to the server, the intermediate device may parse the TCP header of the current packet, record the sending number seq_number1 and the acknowledgement number ack_number1 of the current packet, record the current TCP data payload length payload_len1, and store the recorded value in the five-tuple session that uniquely identifies the current connection, for example, for the firewall device.
In S408, the first message information is stored in a TCP session associated with the TCP connection.
In S410, the server sends a message to the client based on the TCP connection.
In S412, the intermediate device parses the message and records second message information, where the second message information includes: a second transmission number, a second acknowledgement number, a second data payload length.
More specifically, when the server sends a TCP packet to the client, the firewall device also parses the current TCP header, records the sending number seq_number2 and acknowledgement number ack_number2 of the current packet, and stores the data in the associated TCP session.
In S414, the second message information is stored in a TCP session associated with the TCP connection.
Fig. 5 is a flowchart illustrating a TCP connection processing method for an intermediary device in accordance with another exemplary embodiment. The process 50 shown in fig. 5 is a detailed description of the process S208 "when the aging time reaches the threshold value", which is shown in fig. 2, the intermediate device generates a reset message ".
As shown in fig. 5, in S502, the intermediate device performs an aging event when the aging time reaches a threshold. When the two ends do not conduct data interaction for a long time, the middle firewall equipment detects that the aging time of the session is up, the current session is added into an aging queue, and aging events are sequentially executed.
In S504, the intermediate device generates a first reset message and a second reset message.
In one embodiment, the intermediate device generates a first transmission number based on the first transmission number, the first acknowledgement number, and the second acknowledgement number; and generating a first reset message based on the first transmission number.
In a specific application, the intermediate device may respectively construct a second reset message reset2 sent to the client and a first reset message reset1 sent to the server.
In one embodiment, by comparing the sizes of (seq_number1+payload_len1) and (ack_number2), the larger one is used as the transmission number (i.e. the sequence number seq) of the reset1 message, and the reset flag of the configuration message is 1, and the reset1 message is available for transmission to the server.
In one embodiment, the intermediate device generates a second transmission number based on the second transmission number, the second acknowledgement number, and the first acknowledgement number; and generating a second reset message based on the second transmission number.
In one embodiment, the sizes of (seq_number2+payload_len2) and (ack_number1) are compared, the larger one is taken as the transmission number of the reset2 message, and the reset flag position of the constructed message is 1, and the reset2 message is available for transmission to the client.
In S506, a first reset message is sent to the server.
In S508, a second reset message is sent to the client.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. When executed by a CPU, performs the functions defined by the above methods provided herein. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiments of the present application, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are device embodiments of the present application, which may be used to perform method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.
Fig. 6 is a block diagram illustrating a TCP connection processing apparatus for an intermediary device according to another exemplary embodiment. As shown in fig. 6, the TCP connection processing apparatus 60 for an intermediate device includes: a connection module 602, a time module 604, an interaction module 606, a message module 608, a sending module 610, and an ending module 612.
The connection module 602 is used for establishing a TCP connection between the client and the server;
the time module 604 is used for the intermediate device to acquire the TCP connection and set the aging time; the time module 604 is further configured to obtain the TCP connection by the intermediate device; establishing a TCP session for the TCP connection based on quintuple information; and setting aging time for the TCP session.
The interaction module 606 is configured to connect the client and the server with an interaction packet through the intermediate device and the TCP; the interaction module 606 is further configured to, when the client sends a message to the server based on the TCP connection; analyzing the message and recording first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length; and storing the first message information in a TCP session associated with the TCP connection. The interaction module 606 is further configured to, when the server sends a message to the client based on the TCP connection; the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length; storing the second message information in a TCP session associated with the TCP connection
The message module 608 is configured to generate a reset message by the intermediate device when the aging time reaches a threshold; the message module 608 is further configured to execute an aging event by the intermediary device when the aging time reaches a threshold; and the intermediate equipment generates a first reset message and a second reset message.
The sending module 610 is configured to send the reset message to the client and the server respectively; the sending module 610 is further configured to send a first reset message to the server; and sending a second reset message to the client.
An ending module 612 is configured to end the TCP connection by the client and the server based on the reset message.
According to the TCP connection processing device for the intermediate equipment, TCP connection is established through the client and the server; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; the client and the server end the TCP connection based on the reset message, so that TCP port resources of the server end and the client end can be saved, the occurrence of packet loss phenomenon is avoided, and the reliability of communication connection between the server end and the client end can be ensured.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 700 according to this embodiment of the present application is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments herein.
As shown in fig. 7, the electronic device 700 is embodied in the form of a general purpose computing device. Components of electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 connecting the different system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 710 such that the processing unit 710 performs steps described in the present specification according to various exemplary embodiments of the present application. For example, the processing unit 710 may perform the steps as shown in fig. 2, 3, 4, 5.
The memory unit 720 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 7201 and/or cache memory 7202, and may further include Read Only Memory (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 730 may be a bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 700, and/or any devices (e.g., routers, modems, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 750. Also, electronic device 700 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 760. Network adapter 760 may communicate with other modules of electronic device 700 via bus 730. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 700, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 8, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiments of the present application.
In general, the present disclosure faces the prior art problem that the intermediate firewall device detects that the aging time is up, which ages the current TCP session, at which point the intermediate firewall device's tracking of the current TCP connection has ended. When TCP connection is not used any more, such useless connection exists on the client or server end equipment all the time, and the gradual accumulation can lead to the continuous occupation of equipment ports, the continuous consumption of resources and the influence on equipment performance; when one end continues to start sending data, the middle firewall device discards the current TCP message due to the TCP state error at the moment, so that the packet loss is generated at the two ends, and the data transmission is incomplete. That is, the middleware session ages without informing the C/S side to close the TCP connection. Therefore, when the session of the intermediate firewall equipment ages, the method and the device send a reset message to the client and the server respectively, the sequence number of the reset message is filled by the intermediate firewall, and when the two end devices receive the reset message, the current TCP connection can be immediately ended, so that useless connection is prevented from being always existed, and equipment resources are occupied and consumed. Specifically, the client establishes a connection with the server through three-way handshake, at this time, the intermediate firewall device establishes a TCP session related to the current TCP connection, sets a session aging time for the current session, and before the next TCP interaction message arrives, the current aging time is continuously reduced, and when the current aging time is reduced to 0, the session is aged. When a Client (Client) sends a TCP message to a Server (Server), the intermediate firewall device analyzes the TCP header of the current message, records the sending number seq_number1 and the acknowledgement number ack_number1 of the current message, records the current TCP data load length payload_len1, and stores the recorded value in a five-tuple session uniquely identifying the current connection. When a Server sends a TCP message to a Client (Client), the intermediate firewall device also analyzes the current TCP header, records the sending number seq_number2 and the acknowledgement number ack_number2 of the current message, and stores the data in the associated TCP session, wherein the TCP data payload length payload_len2. When the two ends do not perform data interaction for a long time, the middle firewall equipment detects that the aging time of the session is up, adds the current session into an aging queue, sequentially executes aging events, at this time, respectively constructs a reset1 message sent to the client and a reset2 message sent to the server, firstly constructs the reset1 message, compares the sizes of (seq_number 1+payload_len1) and (ack_number 2), takes the larger one as the sending number (namely the sequence number seq) of the reset1 message, takes the reset mark position of the constructed message as 1, sends the reset1 message to the server, constructs the reset2 message, compares the sizes of (seq_number 2+payload_len2) and (ack_number 1), takes the larger one as the sending number of the reset2 message, takes the reset mark position of the constructed message as 1, and sends the reset2 message to the client. After receiving the reset message, the client and the server immediately release the current TCP connection, and the corresponding TCP resources are also released, so that the existence of useless TCP connection which does not perform data interaction for a long time is avoided, and the equipment performance is improved. When the client has new data transmission, TCP three-way handshake is carried out again, new TCP connection is established, TCP session is reestablished when the new TCP connection passes through the device, aging time is set for the current session, and the new TCP data can be successfully matched with the session when the new TCP data is transmitted through the device and then received by the server. According to the method, the device and the system, the intermediate device sends the reset message to the two ends when finishing the current TCP session, so that the devices at the two ends are informed of timely closing some useless TCP connections, and the situation that the TCP ports are occupied in a large amount, the device resources are exhausted and then data interaction of other application programs is affected due to accumulation of the TCP connections which are not used for a long time by the devices at the two ends is avoided; the phenomenon that the intermediate equipment loses packets caused by the fact that the intermediate firewall equipment continues to send TCP data after the intermediate firewall equipment finishes the session is avoided, so that the performance of the intermediate equipment is effectively improved, and effective guarantee is provided for the intermediate equipment to be capable of correctly forwarding the TCP data.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: the method comprises the steps that a client and a server establish TCP connection; the intermediate equipment acquires TCP connection and sets ageing time; the client and the server connect interactive messages with the TCP through the intermediate equipment; when the aging time reaches a threshold value, the intermediate equipment generates a reset message; the reset message is respectively sent to the client and the server; and the client and the server end the TCP connection based on the reset message.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a usb disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present application.
Exemplary embodiments of the present application are specifically illustrated and described above. It is to be understood that this application is not limited to the details of construction, arrangement or method of implementation described herein; on the contrary, the application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A TCP connection processing method for an intermediate device, comprising:
the method comprises the steps that a client and a server establish TCP connection;
the intermediate equipment acquires TCP connection and sets ageing time;
the client and the server connect interactive messages with the TCP through the intermediate equipment;
when the aging time reaches a threshold value, the intermediate equipment generates a reset message;
the reset message is respectively sent to the client and the server;
and the client and the server end the TCP connection based on the reset message.
2. The method of claim 1, wherein the intermediary device acquiring the TCP connection and setting the aging time comprises:
the intermediate device acquires the TCP connection;
establishing a TCP session for the TCP connection based on quintuple information;
and setting aging time for the TCP session.
3. The method of claim 1, wherein the client and the server interact with messages through the intermediary device and the TCP connection, comprising:
the client sends a message to the server based on the TCP connection;
the intermediate equipment analyzes the message and records first message information, wherein the first message information comprises a first sending number, a first confirmation number and a first data load length;
And storing the first message information in a TCP session associated with the TCP connection.
4. The method of claim 1, wherein the client and the server interact with messages through the intermediary device and the TCP connection, comprising:
the server sends a message to the client based on the TCP connection;
the intermediate device analyzes the message and records second message information, wherein the second message information comprises: a second transmission number, a second acknowledgement number, a second data payload length;
and storing the second message information in a TCP session associated with the TCP connection.
5. The method of claim 1, wherein the intermediate device generating the reset message when the aging time reaches a threshold comprises:
when the aging time reaches a threshold value, the intermediate device executes an aging event;
and the intermediate equipment generates a first reset message and a second reset message.
6. The method of claim 5, wherein the intermediary device performs the aging event comprising:
and adding the TCP session associated with the TCP connection into an aging queue, and sequentially executing aging events.
7. The method of claim 5, wherein the intermediate device generating the first reset message and the second reset message comprises:
The intermediate device generates a first transmission number based on the first transmission number, the first confirmation number and the second confirmation number;
and generating a first reset message based on the first transmission number.
8. The method of claim 1, wherein the intermediate device generating the first reset message and the second reset message comprises:
the intermediate device generates a second transmission number based on the second transmission number, the second acknowledgement number and the first acknowledgement number;
and generating a second reset message based on the second transmission number.
9. The method of claim 1, wherein sending the reset message to the client and the server, respectively, comprises:
sending a first reset message to the server;
and sending a second reset message to the client.
10. A TCP connection processing method for an intermediate device, comprising:
the connection module is used for establishing TCP connection between the client and the server;
the time module is used for obtaining TCP connection and setting aging time by the intermediate equipment;
the interaction module is used for connecting the client and the server with the interaction message through the intermediate equipment and the TCP;
The message module is used for generating a reset message by the intermediate equipment when the aging time reaches a threshold value;
the sending module is used for respectively sending the reset message to the client and the server;
and the ending module is used for ending the TCP connection by the client and the server based on the reset message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310625002.9A CN116489207A (en) | 2023-05-30 | 2023-05-30 | TCP connection processing method and device for intermediate equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310625002.9A CN116489207A (en) | 2023-05-30 | 2023-05-30 | TCP connection processing method and device for intermediate equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116489207A true CN116489207A (en) | 2023-07-25 |
Family
ID=87225309
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310625002.9A Pending CN116489207A (en) | 2023-05-30 | 2023-05-30 | TCP connection processing method and device for intermediate equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116489207A (en) |
-
2023
- 2023-05-30 CN CN202310625002.9A patent/CN116489207A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9706371B2 (en) | Push notification middleware | |
US10142425B2 (en) | Session reliability for a redirected USB device | |
US9015822B2 (en) | Automatic invocation of DTN bundle protocol | |
US20070058531A1 (en) | Method and apparatus for improved data transmission through a data connection | |
WO2019227427A1 (en) | File download method, device and apparatus/terminal/server | |
US20190173960A1 (en) | Method, device and computer program product for protocol selection | |
JP6195465B2 (en) | Remote card content management using synchronous server-side scripting | |
US11463549B2 (en) | Facilitating inter-proxy communication via an existing protocol | |
CN112887420B (en) | Message pushing method and device, computer readable storage medium and electronic equipment | |
CN111988776A (en) | Network switching method, device, equipment and storage medium | |
CN116489207A (en) | TCP connection processing method and device for intermediate equipment | |
Narita et al. | Reliable cloud-based robot services | |
CN113849449A (en) | Communication system and information interaction method, device and medium | |
JP2008197885A (en) | Application abnormal end processing system method therefor and program | |
CN110764932A (en) | Data processing method, system, medium and computing device | |
CN113179317A (en) | Test system and method for content rewriting device | |
CN112769960A (en) | Active flow control method and system based on Nginx server | |
CN112714420A (en) | Network access method and device of wifi hotspot providing equipment and electronic equipment | |
CN113572809B (en) | Single request source multi-target source data communication method, computer equipment and storage medium | |
CN114650271B (en) | Global load DNS neighbor site learning method and device | |
US20070055788A1 (en) | Method for forwarding network file system requests and responses between network segments | |
CN112087510B (en) | Request processing method, device, electronic equipment and medium | |
CN115277506B (en) | Load balancing equipment testing method and system | |
US11134137B1 (en) | Filter-based request processing in a web server | |
CN116781571A (en) | Health detection method and device of load balancing equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |