CN1263266C - Method and apparatus for real time replacing internet data - Google Patents
Method and apparatus for real time replacing internet data Download PDFInfo
- Publication number
- CN1263266C CN1263266C CNB2004100391228A CN200410039122A CN1263266C CN 1263266 C CN1263266 C CN 1263266C CN B2004100391228 A CNB2004100391228 A CN B2004100391228A CN 200410039122 A CN200410039122 A CN 200410039122A CN 1263266 C CN1263266 C CN 1263266C
- Authority
- CN
- China
- Prior art keywords
- data
- packet
- unit
- real
- replaced
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a method and a device for the real-time replacement of Internet data. The device comprises a judgment module, a buffer module, a processing module, a transmission module and two interfaces, wherein the two interfaces are in serial connection with the judgment module and the transmission module. After one interface receives a data package, the interface transmits the data package to the judgment module which judges the validity of the data package; if the data package is invalid, then the data package is discarded, else an acknowledgement packet is transmitted. The buffer module unpacks valid data packages, reorganizes data, and buffers the reorganized data. The processing module filters, replaces, deletes and appends the buffered data. The transmission module packages the processed data which is transmitted through the other interface. The present invention has the advantages of simple network structure, economy and practicability; moreover, the present invention can directly modify the data needing processing through an I/O (Input/Output) module. In addition, through changing the different network interfaces, the present invention can realize application in various network environments and have strong expansibility.
Description
Technical field:
The present invention relates to a kind of real-time and replace the method and apparatus of internet data.
Background technology:
Information is the grand strategy resource of social development.The struggle of obtaining, using and control around information grows in intensity in the world, and information security becomes a focus of maintaining state security and social stability.Great key issue suddenly to be solved, that influence national overall situation and long-term interest that the internet information security has become, it does not still bring into play the high efficiency that information revolution brings, the strong guarantee of high benefit, and be the important barrier of resisting information invasion, the security assurance information ability is 21 century overall national strength, an economic competition strength and the important component part of survival ability.To management of information with use the most important thing become in the information security, the majority of network information management apparatus uses bypass mode to carry out the analysis of data, make the data of checking that we can only be unidirectional like this, can't participate in the exchange of data, give the very big inconvenience of safety management arrival of network data like this, these problems public security, safety, army and industry and civilian aspect all exist, so we will go deep into and the extensive studies similar problem more, strengthen the fail safe of information and network with safety means.Solve bypass mode to the complexity on the network data management.
Summary of the invention:
At the existing problem and shortage of above-mentioned existing bypass mode data processing, the purpose of this invention is to provide a kind of method and apparatus that can replace internet data to the real-time that data are filtered and replaced.
The present invention is achieved in that a kind of method of real-time replacement internet data, may further comprise the steps:
After receiving packet, judge the legitimacy of described packet,, then abandon if illegal; If legal, send and confirm bag;
Described packet is unpacked and recombination data and with its buffer memory;
Described recombination data is filtered and handles;
Data after the described processing are packaged and send.
Further, this method also comprises, described data are filtered and processing procedure in, regular check determining step and forwarding step receive the situation of packet, if the overtime packet of not receiving then sends empty packet.
Further, the legitimacy of described judgment data bag be specially the correctness of judging described packet and check data bag TCP sequence number whether with the coupling of setting.
Further, described data are handled can be automatic or manual operation.
Further, described processing said data is drawn together data is made amendment.
Further, described data are made amendment comprises data replaced, deleted and add.
A kind of real-time is replaced the device of internet data, and this device includes:
Judging unit is used to judge the legitimacy of described packet;
Buffer unit unpacks legal packet and recombination data, and described recombination data is carried out buffer memory;
Processing unit is used for described recombination data is filtered, and replaces, deletes, adds processing;
Transmitting element is used for data set bag after handling and transmission;
With described judging unit, transmitting element two interfaces connected in series, be used for receiving and sending packet;
After one interface receives packet, be sent to described judging unit, if the legitimacy of the described packet of described judgment unit judges is illegal, then abandon, if legal, send and confirm bag, described buffer unit unpacks legal packet and recombination data, and described recombination data carried out buffer memory, the data filter of described processing unit after to buffer memory, and replace, delete, add processing, described transmitting element sends to the data set bag after handling and by another interface.
Further, this device also comprises keeps link unit, at described processing unit described data is carried out in the filter process, and described link unit regular check two interfaces of keeping are if the overtime packet of not receiving then sends empty packet.
Further, this device also comprises the input-output unit that is used for manual operation that is connected with processing unit.
Further, the legitimacy of judgment unit judges packet be specially the correctness of judging described packet and check data bag TCP sequence number whether with judging unit in the coupling set.
Utilization of the present invention is set up serial link to carrying out buffer memory, filtration and processing at the network data message that needs to control, manage that transmits on the internet between client and server, with control and the management that realizes the network message that client sends, receives is correlated with, network configuration of the present invention is simple, economical and practical, and, can by input-output unit directly to needs handle data make amendment; In addition,, present invention can be implemented under the various network environment and use, have very strong autgmentability by changing different network interfaces.
Description of drawings:
Below in conjunction with accompanying drawing, the present invention is made detailed description.
Fig. 1 is a structural representation of the present invention;
Fig. 2 is a user mode reference diagram of the present invention;
Fig. 3 is a flow chart of the present invention.
Embodiment:
As shown in Figure 1, the present invention includes judging unit, buffer unit, processing unit, transmitting element and two interfaces, wherein,
Judging unit, be used to judge the legitimacy of described packet, so-called legitimacy is divided two parts: the one, and the correctness of checking bag, the 2nd, solve the out of order problem of TCP, by the sequence number of check TCP, the bag for not being the sequence number wanted just abandons, protocol stack oneself by both sides is safeguarded link, does the complexity of just having simplified this unit like this;
Buffer unit unpacks legal packet and recombination data, replys during buffered data, by TCP sequence described recombination data is carried out buffer memory, and submits to processing unit;
Processing unit is used for described recombination data is filtered, analyzes, and replaces, deletes, adds processing, and the data after will handling are submitted a transmitting element to;
Transmitting element is used for data set bag after handling and transmission;
With described judging unit, transmitting element two interfaces connected in series, be used for receiving and sending packet.
Two interfaces of the present invention are connected with transmitting element with judging unit respectively, like this, but the equal transceive data bag of each interface.After one interface receives packet, be sent to described judging unit, the legitimacy of the described packet of described judgment unit judges, if it is illegal, then abandon, if it is legal, send and confirm bag, described buffer unit unpacks legal packet and recombination data, and described recombination data is carried out buffer memory, the data filter of described processing unit after to buffer memory, and replace, delete, add processing, described transmitting element sends to the data set bag after handling and by another interface, if send failure, then retransmits this packet.
Certainly, recombination data is filtered and replaces, delete, add in the processing procedure at processing unit, if when particularly artificially handling, processing procedure is generally long, two interfaces have a long period and can not receive packet, constantly fall in order to keep link, need handle it, therefore, the present invention also needs to keep link unit, regular check two interfaces are if the overtime packet of not receiving just sends empty bag.
For making the present invention when data are handled, adopt manual operation, also need draw input-output unit at the processing unit place, like this, can directly make amendment to data.
The present invention uses like this: as shown in Figure 2, the present invention adopts two network interface cards to realize the structure of double nip, and set up serial interface at the physical layer of network and two ends and go into relation, during use, block the communication line of desiring to monitor, also promptly be connected in the physical connection circuit of user's (client) and server, two network interface cards are set up normal physical connection with client, server end respectively, at the link layer of network, set up the basic relation of shaking hands with client, server end.Do not distinguish the connection order during connection, and both sides' physical connection type.
After serial transmission line was set up, client and server end just can realize that proper network has communicated to connect; As shown in Figure 3, when client need be with a certain server communication, the network interface that is connected with client received user's request, then enters the data message access module, data message head and message content that record connects; It is sent into judging unit, and whether judgment unit judges satisfies the Frame of associative operation demand, as mistake bag judgement etc.; If it is undesirable then abandon; If meet the requirements, then send the response message (confirming bag) to legal data message, received so that client (or server end) is confirmed the data message opposite end of response, the message of reply data is confirmed in the buffer unit inspection, remove the corresponding data message in the re-transmit queue, unpack the back buffer memory; Processing unit filters data cached, and corresponding modification is carried out in the place that needs are revised, and enters transmitting element, and transmitting element decomposes data processed content, and reorganization is to the format specification that satisfies TCP/IP protocol suite.Import the data message after the reorganization into the data transmit queue, and from outgoing queue, take out the outgoing data bag, be sent to server end (or client), and the packet that will send adds re-transmit queue by corresponding network interface.Simultaneously, transmitting element sends the solicited message of response by the network interface specified server in heading that is connected with server.After the request that client sends, server can send corresponding response message, imports into by the network interface that is connected with server.Then enter access module this moment again, also the data message head and the message content of record connection; Import it into buffer unit again, enter processing unit then, send by another network interface by transmitting element at last, this processing process is the same with above-mentioned processing procedure.
Data of the present invention are to transmit in the TCP/IP of standard standard, with the communication class of client, server like the C/S model.When connecting with client, the local terminal representative is the server of client pre-connection; When connecting with server end, the local terminal representative is a client.And, for the real-time pass-through mode of unconcerned The data, also be that judging unit of the present invention is at first judged packet, then abandon if not satisfy the Frame of associative operation demand, therefore will reduce to minimum to the influence of both sides' transmission rate.Use method of the present invention can under internet network environment, realize the control and the management of the network data message of real-time, and can replace data necessary, add, processing such as deletion.In addition, the present invention can use in various network environment by changing different network interfaces, has very strong autgmentability.
Claims (9)
1. a real-time is replaced the method for internet data, it is characterized in that this method may further comprise the steps:
After receiving packet, judge the legitimacy of described packet,, then abandon if illegal; If legal, send and confirm bag;
Described packet is unpacked and recombination data and with its buffer memory;
Described recombination data is filtered and handles;
Data after the described processing are packaged and send.
2. real-time as claimed in claim 1 is replaced the method for internet data, it is characterized in that, this method also comprises, described data are filtered and processing procedure in, regular check determining step and forwarding step receive the situation of packet, if the overtime packet of not receiving then sends empty packet.
3. real-time as claimed in claim 1 is replaced the method for internet data, it is characterized in that, the sequence number that the legitimacy of described judgment data bag is specially the correctness of judging described packet and check data bag TCP whether with the coupling of setting.
4. as any method that described real-time is replaced internet data of claim 1 to 3, it is characterized in that described processing said data comprises makes amendment to data.
5. real-time as claimed in claim 4 is replaced the method for internet data, it is characterized in that, described data are made amendment comprises data are replaced, deleted and add.
6. a real-time is replaced the device of internet data, it is characterized in that this device includes:
Judging unit is used to judge the legitimacy of described packet;
Buffer unit unpacks legal packet and recombination data, and described recombination data is carried out buffer memory;
Processing unit is used for described recombination data is filtered, and replaces, deletes, adds processing;
Transmitting element is used for data set bag after handling and transmission;
With described judging unit, transmitting element two interfaces connected in series, be used for receiving and sending packet;
After one interface receives packet, be sent to described judging unit, if the legitimacy of the described packet of described judgment unit judges is illegal, then abandon, if legal, send and confirm bag, described buffer unit unpacks legal packet and recombination data, and described recombination data carried out buffer memory, the data filter of described processing unit after to buffer memory, and replace, delete, add processing, described transmitting element sends to the data set bag after handling and by another interface.
7. real-time as claimed in claim 6 is replaced the device of internet data, it is characterized in that, this device also comprises keeps link unit, at described processing unit described data are carried out in the filter process, described link unit regular check two interfaces of keeping, if the overtime packet of not receiving then sends empty packet.
8. real-time as claimed in claim 6 is replaced the device of internet data, it is characterized in that this device also comprises the input-output unit that is used for manual operation that is connected with processing unit.
9. real-time as claimed in claim 6 is replaced the device of internet data, it is characterized in that, the sequence number that the legitimacy of described judgment unit judges packet is specially the correctness of judging described packet and check data bag TCP whether with judging unit in the coupling set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100391228A CN1263266C (en) | 2004-02-10 | 2004-02-10 | Method and apparatus for real time replacing internet data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100391228A CN1263266C (en) | 2004-02-10 | 2004-02-10 | Method and apparatus for real time replacing internet data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1558625A CN1558625A (en) | 2004-12-29 |
| CN1263266C true CN1263266C (en) | 2006-07-05 |
Family
ID=34352276
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100391228A Expired - Fee Related CN1263266C (en) | 2004-02-10 | 2004-02-10 | Method and apparatus for real time replacing internet data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1263266C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9211599B2 (en) | 2010-09-22 | 2015-12-15 | Sovema S.P.A. | Grid forming machine for making plates of electric storage cells |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101114991B (en) * | 2006-07-27 | 2012-06-13 | 北京左江科技有限公司 | Method for implementing Ethernet based data flow high speed comparison |
| CN101247352A (en) * | 2008-03-20 | 2008-08-20 | 华为技术有限公司 | Gateway equipment and method for caching and forwarding data package |
-
2004
- 2004-02-10 CN CNB2004100391228A patent/CN1263266C/en not_active Expired - Fee Related
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9211599B2 (en) | 2010-09-22 | 2015-12-15 | Sovema S.P.A. | Grid forming machine for making plates of electric storage cells |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1558625A (en) | 2004-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107390650B (en) | A kind of data collection system based on Internet of Things and the data compression method based on the system | |
| CN106534257B (en) | A kind of the multi-source security log acquisition system and method for multi-level concentrating type framework | |
| CN100558089C (en) | A kind of content filtering gateway implementation method of filter Network Based | |
| CN102739473B (en) | Network detecting method using intelligent network card | |
| US6877036B1 (en) | System and method for managing connections between a client and a server | |
| CN107980213A (en) | Intranet accelerator | |
| EP1755314A2 (en) | TCP normalisation engine | |
| CN101047720A (en) | Apparatus and method for processing network data | |
| CN107645398A (en) | A kind of method and apparatus of diagnostic network performance and failure | |
| CN104778042B (en) | A kind of stream data processing method based on event stream processing and plug-in type Development Framework | |
| CN1777142A (en) | Method for realizing data communication utilizing virtual network adapting card in network environment simulating | |
| CN104572574A (en) | GigE (gigabit Ethernet) vision protocol-based Ethernet controller IP (Internet protocol) core and method | |
| CN1209894C (en) | Reliable message transmitting method of simple network management protocol | |
| CN107666486A (en) | A kind of network data flow restoration methods and system based on message protocol feature | |
| CN109787722A (en) | Data transmission method, device and server | |
| CN102946376A (en) | Method for implementing asynchronous communication | |
| CN1263266C (en) | Method and apparatus for real time replacing internet data | |
| CN106850547A (en) | A kind of data restoration method and system based on http protocol | |
| CN101184089A (en) | Port and content interweaved detection based protocol identifying method | |
| CN1741504A (en) | Flow controlling method based on application and network equipment for making applied flow control | |
| CN100339845C (en) | Chain path layer location information filtering based on state detection | |
| WO2011057525A1 (en) | Http server based on packet processing and data processing method thereof | |
| CN109951425B (en) | TCP (Transmission control protocol) flow state integrity detection method based on FPGA (field programmable Gate array) | |
| CN1992595A (en) | Terminal and related computer implemented method for detecting malicious data for computer network | |
| CN2686223Y (en) | Apparatus for real-time replacing internet data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060705 Termination date: 20160210 |