JP2019016995A - Repeating device, control method, program and system - Google Patents

Abstract

To provide a repeating device capable of reducing useless behaviors performed by the repeating device when a session between the repeating device and a communication destination device is disconnected, a control method, a program and a system.SOLUTION: The repeating device is a repeating device for repeating a communication between a communication source device and a communication destination device via sessions of multiple stages. The repeating device has a determination part for determining whether or not the session with the communication destination device is disconnected; and a disconnection part configured so as to, when determining the session with the communication destination device is disconnected, discontinue the session with the communication source device. The determination part is configured so as to, when a period of time has exceeded a reference without receiving any response packet from the communication destination device, check the operation of the communication destination device.SELECTED DRAWING: Figure 12

Description

  The present invention relates to a technique for relaying communication by a multi-stage session.

  For example, according to a remote operation protocol such as telnet, the operation source device and the relay device may be connected, and the relay device and the operation destination device may be connected to perform remote operation using a two-stage session.

  In this way, the command input in the operation source device is executed in the operation destination device, and the operation source device can obtain an execution result message.

  When the session between the operation source device and the relay device is disconnected for some reason, the command input in the operation source device is not transferred and is not executed in any device. On the other hand, when the session between the relay device and the operation destination device is disconnected, the command input in the operation source device reaches the relay device. The relay device may execute the command itself without transferring the command. Such a malfunction is useless.

JP 2011-129076 A JP 2011-182372 A

  An object of the present invention is, in one aspect, to reduce unnecessary operations in a relay device when a session between the relay device and a communication destination device is disconnected.

  A relay device according to one aspect is a relay device that relays communication between a communication source device and a communication destination device through a multi-stage session, and determines whether or not (A) the session with the communication destination device is disconnected. A determination unit; and (B) a disconnection unit that disconnects the session with the communication source device when it is determined that the session with the communication destination device is disconnected.

  As one aspect, when the session between the relay device and the communication destination device is disconnected, unnecessary operations in the relay device can be reduced.

FIG. 1 is a diagram illustrating an example of a two-stage session using telnet. FIG. 2 is a diagram illustrating a module configuration example of the operation source device, the relay device, and the operation destination device. FIG. 3 is a diagram illustrating a sequence relating to the connection procedure of the primary telnet. FIG. 4 is a diagram illustrating a sequence related to a secondary telnet connection procedure. FIG. 5 is a diagram illustrating a sequence on the operation source side in the use of the secondary telnet. FIG. 6 is a diagram illustrating a sequence on the operation destination side in using the secondary telnet. FIG. 7 is a diagram illustrating a sequence on the operation source side in the use of the secondary telnet. FIG. 8 is a diagram illustrating a sequence relating to disconnection of the secondary telnet. FIG. 9 is a diagram illustrating a sequence relating to a malfunction in the relay device. FIG. 10 is a diagram showing an outline of the present embodiment. FIG. 11A is a diagram illustrating an example of an IP address and a port number set in a packet. FIG. 11B is a diagram illustrating an example of an IP address and a port number set in a packet. FIG. 12 is a diagram illustrating a module configuration example of the relay management unit. FIG. 13 is a diagram illustrating an example of a relay table. FIG. 14 is a diagram showing a received packet processing flow. FIG. 15 is a diagram showing a received packet processing flow. FIG. 16 is a diagram showing a transmission packet processing flow. FIG. 17 is a diagram showing a relay monitoring process flow. FIG. 18 is a diagram showing a relay monitoring process flow. FIG. 19 is a functional block diagram of a computer.

  FIG. 1 shows an example of a two-stage session using telnet. In a state where a primary telnet session is established between the operation source apparatus 101 and the relay apparatus 103 and a secondary telnet session is established between the relay apparatus 103 and the operation destination apparatus 105, the operation source apparatus 101 executes a command Is issued, the command is transmitted to the operation destination device 105 via the relay device 103.

  Note that the two-stage session using the relay device 103 in this way may be, for example, when the network to which the operation source device 101 belongs and the network to which the operation destination device 105 belongs are separated from the viewpoint of security.

  The operation destination device 105 executes the received command and returns an execution result message. The execution result message is transmitted to the operation source apparatus 101 via the relay apparatus 103. In this way, the operation source device 101 remotely operates the operation destination device 105 via the relay device 103. In this example, it is assumed that a series of command input (text input) for remote operation is automated in the operation source apparatus 101.

  FIG. 2 shows a module configuration example of the operation source device 101, the relay device 103, and the operation destination device 105.

  The operation source apparatus 101 includes a command program 211, a primary telnet client 213, a tool 215, an interface control unit 221, and a communication interface apparatus 223.

  The command program 211 receives and executes a command. Specifically, the command program 211 is an operating system. In this example, the tool 215 automatically inputs text corresponding to the command to the command program 211. The primary telnet client 213 is activated by the command program 211 and performs processing as a client according to the telnet specification. The primary telnet client 213 communicates with the relay apparatus 103 via the interface control unit 221 that controls the communication interface apparatus 223.

  The relay device 103 includes a primary telnet server 231, a network virtual terminal 233, a command program 235, a secondary telnet client 237, a relay management unit 239, an interface control unit 241, and a communication interface device 243.

  The primary telnet server 231 performs processing as a server in accordance with the telnet specification. The primary telnet server 231 performs communication via the interface control unit 241 that controls the communication interface device 243. The network virtual terminal 233 performs formal conversion on transmission data. The operations in the primary telnet client 213 of the operation source apparatus 101, the primary telnet server 231 and the network virtual terminal 233 of the relay apparatus 103 are based on the prior art.

  When the command program 235 accepts a character or symbol code from the network virtual terminal 233 in a state where the primary telnet session is established, and interprets the accepted character string as a command, the command program 235 executes the command. Specifically, the command program 235 is an operating system. The secondary telnet client 237 is activated by the command program 235 and performs processing as a client according to the telnet specification. The secondary telnet client 237 communicates with the operation destination device 105 via the interface control unit 241 that controls the communication interface device 243.

  The operation destination device 105 includes a secondary telnet server 251, a network virtual terminal 253, a command program 255, an interface control unit 261, and a communication interface device 263.

  The secondary telnet server 251 performs processing as a server in accordance with the telnet specification. The secondary telnet server 251 performs communication via the interface control unit 261 that controls the communication interface device 263. The network virtual terminal 253 performs formal conversion regarding transmission data. Note that the operations of the secondary telnet client 237 of the relay device 103 and the secondary telnet server 251 and the network virtual terminal 253 of the operation destination device 105 are based on the prior art.

  When the secondary telnet session is established, the command program 255 receives a character or symbol code from the network virtual terminal 253, and executes the command when the received character string is interpreted as a command. . Specifically, the command program 255 is an operating system.

  FIG. 3 shows a sequence related to the primary telnet connection procedure. When the command program 211 of the operation source apparatus 101 determines that the command for the primary telnet connection has been received from the tool 215 of the operation source apparatus 101 (S301), the command program 211 of the operation source apparatus 101 determines that the primary telnet client of the operation source apparatus 101 is used. 213 is activated (S303). The command includes the IP (Internet Protocol) address of the relay apparatus 103 that is the connection target of the primary telnet.

  The primary telnet client 213 of the operation source apparatus 101 transmits a request packet for primary telnet connection to the primary telnet server 231 of the relay apparatus 103 (S305). Then, a primary telnet session is established between the primary telnet client 213 of the operation source apparatus 101 and the primary telnet server 231 of the relay apparatus 103 (S307).

  When the primary telnet session is established, the primary telnet client 213 of the operation source apparatus 101 returns a preparation completion message to the command program 211 of the operation source apparatus 101 (S309). The preparation completion message is further returned to the tool 215 of the operation source apparatus 101.

  The tool 215 of the operation source apparatus 101 inputs a character or symbol code to the command program 211 of the operation source apparatus 101. Here, it is assumed that a command for secondary telnet connection is input character by character.

  When the command program 211 of the operation source apparatus 101 receives a character or symbol code from the tool 215 of the operation source apparatus 101 (S311), the character or symbol code is passed to the primary telnet client 213 of the operation source apparatus 101. The primary telnet client 213 of the operation source apparatus 101 converts a character or symbol code into a predetermined format. Then, a primary telnet transfer packet including a character or symbol code in a predetermined format is sent from the primary telnet client 213 of the operation source apparatus 101 to the primary telnet server 231 of the relay apparatus 103 (S313).

  The network virtual terminal 233 of the relay device 103 converts the character or symbol code received from the primary telnet server 231 of the relay device 103 into the character or symbol code in the format of the relay device 103, and the command program 235 of the relay device 103. (S315, S317).

  The sequence moves to the sequence shown in FIG. When the command program 235 of the relay device 103 receives the code of the character or symbol multiple times and as a result determines that the command of the secondary telnet connection has been received (S401), the command program 235 of the relay device 103 The secondary telnet client 237 is activated (S403). The command includes the IP address of the operation destination device 105 that is the connection target of the secondary telnet.

  The secondary telnet client 237 of the relay device 103 transmits a request packet for secondary telnet connection to the secondary telnet server 251 of the operation destination device 105 (S405). Then, a secondary telnet session is established between the secondary telnet client 237 of the relay device 103 and the secondary telnet server 251 of the operation destination device 105 (S407).

  When the secondary telnet session is established, the secondary telnet client 237 of the relay apparatus 103 returns a preparation completion message to the command program 235 of the relay apparatus 103 (S409). Upon receiving this message, the command program 235 of the relay device 103 sends a message of completion of preparation to the primary telnet server 231 of the relay device 103 via the network virtual terminal 233 of the relay device 103 (S501). , S503).

  The primary telnet server 231 of the relay apparatus 103 returns a response packet of the secondary telnet including this preparation completion message to the primary telnet client 213 of the operation source apparatus 101 (S505). The preparation completion message is sent to the command program 211 of the operation source apparatus 101 (S507), and is returned from the command program 211 of the operation source apparatus 101 to the tool 215.

  The tool 215 of the operation source apparatus 101 subsequently inputs a character or symbol code to the command program 211 of the operation source apparatus 101. Here, it is assumed that a command intended to be executed by the command program 255 of the operation destination device 105, that is, a command corresponding to the content of the remote operation is input character by character. Note that the tool 215 of the operation source apparatus 101 may start the process of inputting a code after confirming the arrival of the preparation completion message regarding the secondary telnet connection (S507). Further, the tool 215 of the operation source apparatus 101 is programmed to store a series of commands corresponding to the contents of the remote operation on the operation destination apparatus 105, read the stored commands, and input them to the command program 211. May be.

  When the command program 211 of the operation source apparatus 101 receives a character or symbol code from the tool 215 of the operation source apparatus 101 (S509), the character or symbol code is passed to the primary telnet client 213 of the operation source apparatus 101. As described above, the primary telnet client 213 of the operation source apparatus 101 converts a character or symbol code into a predetermined format. A primary telnet transfer packet including a character or symbol code in a predetermined format is sent from the primary telnet client 213 of the operation source apparatus 101 to the primary telnet server 231 of the relay apparatus 103 (S511).

  The network virtual terminal 233 of the relay device 103 converts the character or symbol code received from the primary telnet server 231 of the relay device 103 into the character or symbol code in the format of the relay device 103, and the command program 235 of the relay device 103. (S513, S515).

  Here, the sequence returns to the sequence shown in FIG. When the command program 235 of the relay device 103 receives a character or symbol code from the network virtual terminal 233 of the relay device 103 (S411), the character or symbol code is passed to the secondary telnet client 237 of the relay device 103. As described above, the secondary telnet client 237 of the relay apparatus 103 converts the character or symbol code into a predetermined format. A secondary telnet transfer packet including a character or symbol code in a predetermined format is sent from the secondary telnet client 237 of the relay apparatus 103 to the secondary telnet server 251 of the operation destination apparatus 105 (S413).

  The network virtual terminal 253 of the operation destination device 105 converts the character or symbol code received from the secondary telnet server 251 of the operation destination device 105 into the character or symbol code in the format of the operation destination device 105, and the operation destination device 105 is passed to the command program 255 (S415, S417).

  The sequence moves to the sequence shown in FIG. When the command program 255 of the operation destination device 105 receives a character or symbol code, for example, a plurality of times, and determines that it has received a command to be executed by itself (S601). Processing of the command is executed (S603).

  In this way, a command corresponding to the content of the remote operation is transferred from the operation source apparatus 101 to the operation destination apparatus 105 and executed by the operation destination apparatus 105.

  Then, the command program 255 of the operation destination device 105 returns a command execution result message to the network virtual terminal 253 of the operation destination device 105 (S605). The secondary telnet server 251 of the operation destination device 105 transmits a response packet of the secondary telnet including the command execution result message received from the network virtual terminal 253 of the operation destination device 105 to the secondary telnet client 237 of the relay device 103. (S607, S609).

  The secondary telnet client 237 of the relay device 103 passes a command execution result message extracted from the response packet of the secondary telnet to the command program 235 of the relay device 103 (S611).

  The sequence moves to the sequence shown in FIG. The command program 235 of the relay device 103 passes the message of the command execution result to the network virtual terminal 233 of the relay device 103 (S701). The primary telnet server 231 of the relay device 103 transmits a response packet of the primary telnet including a command execution result message received from the network virtual terminal 233 of the relay device 103 to the primary telnet client 213 of the operation source device 101 (S703). , S705).

  The primary telnet client 213 of the operation source apparatus 101 passes a command execution result message extracted from the response packet of the primary telnet to the command program 211 of the operation source apparatus 101 (S707). The command execution result message is passed to the tool 215 of the operation source apparatus 101. In this way, remote operation is realized.

  Next, a sequence when the secondary telnet session is disconnected in a state where the primary telnet session and the secondary telnet session are established as described above will be described with reference to FIG. It is assumed that the secondary telnet session between the secondary telnet client 237 of the relay device 103 and the secondary telnet server 251 of the operation destination device 105 is disconnected for some reason (S801).

  In S803, as in S411, when the command program 235 of the relay device 103 receives a character or symbol code from the network virtual terminal 233 of the relay device 103, the character or symbol code is converted to the secondary telnet of the relay device 103. Passed to the client 237. However, in this case, the secondary telnet client 237 of the relay apparatus 103 cannot send a secondary telnet transfer packet including a character or symbol code in a predetermined format (S805).

  The sequence moves to the sequence shown in FIG. In this case, the command program 235 of the relay apparatus 103 determines that it has received a command sent with the intention of being executed by the command program 255 of the operation destination apparatus 105 (S901). As a result, the command program 235 of the relay apparatus 103 executes processing of this command (S903). Then, the command program 235 of the relay apparatus 103 returns a message of the execution result of its own command to the network virtual terminal 233 of the relay apparatus 103 (S905). The primary telnet server 231 of the relay device 103 transmits a response packet of the primary telnet including a command execution result message received from the network virtual terminal 233 of the relay device 103 to the primary telnet client 213 of the operation source device 101 (S907, S909).

  The primary telnet client 213 of the operation source apparatus 101 passes a command execution result message extracted from the response packet of the primary telnet to the command program 211 of the operation source apparatus 101 (S911). The command execution result message is passed to the tool 215 of the operation source apparatus 101. At this time, the tool 215 of the operation source apparatus 101 interprets the message of the command execution result in the command program 235 of the relay apparatus 103 as the message of the command execution result in the command program 255 of the operation destination apparatus 105. Become.

  As described above, normal operation cannot be performed on the operation destination device 105, and the relay device 103 is caused to malfunction. In addition, the operation source apparatus 101 performs erroneous recognition. And if the operation | movement automated in the tool 215 of the operation origin apparatus 101 continues, the misoperation with respect to the relay apparatus 103 will be continued.

  FIG. 10 shows an outline of the present embodiment. As shown in the upper part, in a state where a primary telnet session between the operation source apparatus 101 and the relay apparatus 103 and a secondary telnet session between the relay apparatus 103 and the operation destination apparatus 105 have been established, there are two reasons for some reason. Assume that the next telnet session is disconnected. Then, the relay apparatus 103 detects disconnection of this secondary telnet session. Then, as shown in the lower part of FIG. 10, upon receiving the detection of the disconnection of the secondary telnet session, the relay apparatus 103 disconnects the corresponding primary telnet session. In this way, the above-described problems can be prevented.

  Here, an example of the IP address and port number set in each packet in this example will be described with reference to FIGS. 11A and 11B.

  As shown in FIG. 11A, ad_A is set in the source IP address of the request packet for the primary telnet connection shown in S305 in FIG. 3, and no_N is set in the source port number. ad_A is the IP address of the operation source apparatus 101. no_N is a port number in the primary telnet client 213 of the operation source apparatus 101. Similarly, ad_B is set as the destination IP address of the request packet for the primary telnet connection, and 23 is set as the destination port number. ad_B is the first IP address of the relay apparatus 103. 23 is a port number in the primary telnet server 231 of the relay apparatus 103, that is, a telnet port number. In this example, it is assumed that the relay apparatus 103 is assigned two IP addresses. That is, it is assumed that the relay apparatus 103 is assigned an IP address: ad_B and port number 23 for primary telnet, and an IP address: ad_C and port number no_M for secondary telnet. Here, the port number: 23 is a general port number of a telnet server that provides a telnet service (well-known port number).

  The source IP address, source port number, destination IP address, and destination port number set in the primary telnet transfer packet shown in S313 of FIG. 3 are the above-mentioned primary telnet connection request packets as shown in FIG. 11A. It is the same as the case of.

  Note that the IP address added to the command “telnet” of the secondary telnet connection accepted in S401 is the IP address: ad_D of the operation destination apparatus 105 that is the target of the secondary telnet connection.

  In the secondary telnet connection request packet shown in S405 of FIG. 4, ad_C is set as the source IP address, and no_M is set as the source port number. ad_C is the second IP address of the relay apparatus 103. Similarly, ad_D is set as the destination IP address of the request packet for the secondary telnet connection, and 23 is set as the destination port number.

  Turning to the description of FIG. 11B. The transfer packet of the primary telnet shown in S511 of FIG. 5 is the same as the request packet of the primary telnet connection described with reference to FIG. 11A.

  As shown in FIG. 11B, ad_C is set in the source IP address of the secondary telnet transfer packet shown in S413 of FIG. 4, and no_M is set in the source port number. Similarly, ad_D is set as the destination IP address of the transfer packet of the secondary telnet, and 23 is set as the destination port number.

  As shown in FIG. 11B, ad_D is set in the source IP address of the secondary telnet response packet shown in S609 in FIG. 6, and 23 is set in the source port number. Similarly, ad_C is set as the destination IP address of the response packet of the secondary telnet, and no_M is set as the destination port number.

  As shown in FIG. 11B, ad_B is set in the source IP address of the primary telnet response packet shown in S705 of FIG. 7, and 23 is set in the source port number. Similarly, ad_A is set as the destination IP address of the response packet of the primary telnet, and no_N is set as the destination port number. Thus, the IP address and port number of the device that terminates the session are set in the source IP address, source port number, destination IP address, and destination port number of the packet. Here, the devices that terminate the session are the operation source device 101 and the relay device 103 in the primary telnet session, and the relay device 103 and the operation destination device 105 in the secondary telnet session. This is the end of the description of the outline of the present embodiment.

  Hereinafter, the operation of the relay apparatus 103 will be described. FIG. 12 shows a module configuration example of the relay management unit 239 in the relay apparatus 103. The relay management unit 239 includes a first acquisition unit 1201, a first extraction unit 1203, a second extraction unit 1205, a second acquisition unit 1207, a third extraction unit 1209, a determination unit 1211, a disconnection unit 1213, a relay table storage unit 1221, and A buffer 1223 is included.

  The first acquisition unit 1201 sequentially acquires one received packet from the interface control unit 241. The first extraction unit 1203 extracts the transmission source IP address and the transmission source port number from the request packet for the primary telnet connection.

  The second extraction unit 1205 extracts the IP address added to the secondary telnet connection command from the primary telnet transfer packet.

  The second acquisition unit 1207 sequentially acquires one transmission packet from the interface control unit 241. The third extraction unit 1209 extracts the source port number from the secondary telnet connection request packet. The determination unit 1211 determines whether the secondary telnet session is disconnected. In other words, the determination unit 1211 detects disconnection of the secondary telnet session. The cutting unit 1213 cuts the primary telnet session.

  The relay table storage unit 1221 stores the relay table. The relay table will be described later with reference to FIG. The buffer 1223 stores a character string input to the command line by remote control and is used for specifying a command.

  The first acquisition unit 1201, the first extraction unit 1203, the second extraction unit 1205, the second acquisition unit 1207, the third extraction unit 1209, the determination unit 1211, and the cutting unit 1213 described above are hardware resources (for example, FIG. 19). ) And a program for causing the processor to execute the processing described below.

  The relay table storage unit 1221 and the buffer 1223 described above are realized using hardware resources (for example, FIG. 19).

  FIG. 13 shows an example of the relay table. The relay table in this example has a record corresponding to the relay event of the two-stage session. The record of the relay table has a field for storing the operation source IP address, a field for storing the operation source port number, a field for storing the transfer port number, and a field for storing the operation destination IP address. doing.

  The operation source IP address indicates the IP address of the client device in the primary telnet connection. That is, the operation source IP address is the IP address of the operation source apparatus 101 (in this example, ad_A). The operation source port number indicates the port number of the client device in the primary telnet connection. That is, the operation source port number is the port number of the primary telnet client 213 in the operation source apparatus 101 (in this example, no_N). The transfer port number indicates the port number of the client device in the secondary telnet connection. That is, the transfer port number is the port number of the secondary telnet client 237 in the relay apparatus 103 (in this example, no_M). The operation destination IP address indicates the IP address of the server device in the secondary telnet connection. That is, the operation destination IP address is the IP address of the operation destination device 105 (in this example, ad_D).

  Next, processing in the relay management unit 239 will be described. FIG. 14 shows a received packet processing flow. The first acquisition unit 1201 acquires one received packet from the interface control unit 241 (S1401). The first extraction unit 1203 analyzes the acquired received packet and determines whether it is a request for telnet connection (S1403).

  When it is determined that the acquired received packet is a request for telnet connection, the first extraction unit 1203 determines the source IP address (ad_A in this example) and the source port number (in this example) from the acquired received packet. , No_N) is extracted (S1405).

  The first extraction unit 1203 provides a new record in the relay table (S1407). The first extraction unit 1203 stores the transmission source IP address in the field of the operation source IP address in the record (S1409). The first extraction unit 1203 stores the transmission source port number in the operation source port number field in the record (S1411). At this stage, the state shown in the upper part of FIG. 13 is obtained. In the transfer port number field and the operation destination IP address field, a code indicating that it is not set is stored.

  Thereafter, the process returns to S1401.

  If it is determined in S1403 that the acquired received packet is not a request for telnet connection, the process proceeds to the process of S1501 illustrated in FIG.

  Turning to the description of FIG. The second extraction unit 1205 determines whether or not the received packet acquired in S1401 of FIG. 14 is a telnet transfer packet (S1501). If it is determined that the received packet is not a telnet transfer packet, the process returns to the processing of S1401 illustrated in FIG.

  On the other hand, if it is determined that the received packet is a telnet transfer packet, the second extraction unit 1205 extracts the source IP address and the source port number from the received packet acquired in S1401 of FIG. 14 (S1503). ).

  The second extraction unit 1205 matches the extracted source IP address and source port number with the value of the “operation source IP address” field and the value of the “operation source port number” field of any record in the relay table. It is determined whether or not (S1505). If it is determined that there is no record in the relay table that matches the extracted source IP address and source port number, the processing returns to the processing of S1401 shown in FIG.

  On the other hand, if it is determined that there is a record in the relay table that matches the extracted source IP address and source port number, the second extraction unit 1205 determines the character or symbol from the received packet acquired in S1401 of FIG. Are extracted (S1507). The second extraction unit 1205 adds the character or symbol code to the buffer 1223 (S1509).

  The second extraction unit 1205 determines whether or not the character string stored in the buffer 1223 corresponds to a telnet connection command and an IP address (S1511). If it is determined that the character string stored in the buffer 1223 does not correspond to the telnet connection command and the IP address, the process returns to the process of S1401 illustrated in FIG. On the other hand, if it is determined that the character string stored in the buffer 1223 corresponds to the telnet connection command and the IP address, the second extraction unit 1205 uses the IP address in the record provided in S1407 of FIG. Store in the address field (S1513). This telnet connection command is a secondary telnet connection command transmitted from the operation source apparatus 101 through the primary telnet session. The extracted IP address is the IP address of the secondary telnet connection destination device, that is, the operation destination device 105. At this stage, the state shown in the middle of FIG. Then, the processing returns to S1401 shown in FIG. This is the end of the description of the received packet processing.

  FIG. 16 shows a transmission packet processing flow. The transmission packet processing may be executed in parallel with the reception packet processing described above.

  The second acquisition unit 1207 acquires one transmission packet from the interface control unit 241 (S1601). The third extraction unit 1209 determines whether or not the acquired transmission packet is a request for telnet connection (S1603). If it is determined that the acquired transmission packet is not a request for telnet connection, the process returns to S1601.

  On the other hand, if it is determined that the acquired transmission packet is a request for telnet connection, the third extraction unit 1209 extracts a destination IP address from the acquired transmission packet (S1605). This means that the acquired transmission packet is a request packet for secondary telnet connection. The third extraction unit 1209 identifies the record in which the extracted destination IP address corresponds to the operation destination IP address of the relay table and the transfer port number is not set (S1607).

  The third extraction unit 1209 extracts the transmission source port number from the transmission packet acquired in S1601 (S1609). The third extraction unit 1209 stores the extracted transmission source port number in the transfer port number field in the record identified in S1607 (S1611). At this stage, the relay table is in the state shown in the lower part of FIG.

  Note that this transmission packet is the secondary connection request packet in S405 described with reference to FIG. 11A, is transmitted from the relay device 103, and is received by the operation destination device 105 via the network.

  The third extraction unit 1209 activates the relay monitoring process by the determination unit 1211 (S1613). The relay monitoring process is executed in parallel with the transmission packet process. Therefore, the process returns to S1601 without waiting for the end of the relay monitoring process. The relay monitoring process monitors the relay event of the record specified in S1607. Therefore, when a plurality of relays are performed, that is, when a plurality of identified records are present, a plurality of relay monitoring processes are executed in parallel.

  FIG. 17 shows a relay monitoring process flow. The determination unit 1211 starts measuring elapsed time (S1701). The determination unit 1211 requests one received packet from the interface control unit 241 (S1703). The determination unit 1211 determines whether a received packet has been acquired (S1705). When the received packet has not been acquired, that is, when the relay apparatus 103 has not received the packet, the process proceeds to the process illustrated in S1800 of FIG.

  When the received packet is acquired, that is, when the relay apparatus 103 receives the packet, the determination unit 1211 determines whether or not the received packet is a telnet response packet (S1707). If the received packet is not a telnet response packet, the process returns to S1703.

  If the received packet is a telnet response packet, the determination unit 1211 extracts the source IP address, the source port number, and the destination port number from the received packet (S1709).

  The determination unit 1211 determines whether or not the extracted transmission source IP address matches the value of the “operation destination IP address” field of the record identified in S1607 of FIG. 16 (S1711). If it is determined that the extracted source IP address does not match the operation destination IP address, the process proceeds to the process illustrated in S1800 of FIG.

  On the other hand, if it is determined that the extracted transmission source IP address matches the operation destination IP address, the determination unit 1211 determines that the extracted transmission source port number is the telnet port number (23) of the operation destination device 105. It is determined whether or not (S1713). When it is determined that the extracted transmission source port number is not the telnet port number (23) of the operation destination apparatus 105, the processing proceeds to the processing illustrated in S1800 of FIG.

  On the other hand, if it is determined that the extracted transmission source port number is the telnet port number (23) of the operation destination device 105, the determination unit 1211 identifies the extracted destination port number in S1607 of FIG. It is determined whether or not the value matches the value of the “transfer port number” field of the record (S1715). In this case, the received packet acquired in S1703 is a telnet response packet in the secondary telnet session, and is the transmission source, the IP address of the operation destination device 105, the port number of the operation destination device, and the transmission destination relay device 103. Indicates that the port number is as expected. If it is determined that the extracted destination port number does not match the transfer port number, the process proceeds to the process shown in S1800 of FIG.

  On the other hand, if it is determined that the extracted destination port number matches the transfer port number, the determination unit 1211 once finishes measuring elapsed time (S1717). Then, the process returns to S1701.

  Turning to the description of FIG. In step S1800, the determination unit 1211 determines whether the elapsed time has exceeded a threshold value. If it is determined that the elapsed time does not exceed the threshold value, the process returns to S1703 via the terminal D.

  On the other hand, if it is determined that the elapsed time exceeds the threshold, the determination unit 1211 sets the operation destination IP address in the destination IP address field, and further sets the telnet port number (23 in the destination port number field). ) Is set (S1801).

  If it is determined that the elapsed time exceeds the threshold (Yes in S1800), in other words, the response packet for the telnet command in the secondary telnet session, that is, the telnet command from the operation destination device 105 is a certain time. This is equivalent to not being received. Further, the transmission of the operation confirmation packet in S1801 indicates that the operation confirmation packet is transmitted from the relay apparatus 103 that is a telnet client in the secondary telnet session to the operation destination apparatus 105 that is a telnet server.

  Then, the determination unit 1211 determines whether a response packet to the operation check packet has been received (S1803). If it is determined that a response packet for the operation confirmation packet has not been received, the determination unit 1211 determines whether or not a predetermined time has passed since the operation confirmation packet was transmitted (S1805). If it is determined that the predetermined time has not passed, the process returns to S1803.

  If it is determined in S1803 that a response packet has been received, the processing returns to S1701 shown in FIG.

  If it is determined in S1805 that the predetermined time has passed, the disconnection unit 1213 disconnects the session specified by the operation source IP address and the operation source port number stored in the record specified in S1607 of FIG. S1807). Then, the disconnection unit 1213 deletes the record (S1809) and ends the relay monitoring process.

  If it is determined that the predetermined time has passed (Yes in S1805), in other words, a response packet for the operation confirmation packet is received within a predetermined time from the telnet server in the secondary telnet session, that is, the operation destination device 105. Equivalent to not being done. This is equivalent to detecting an abnormal secondary telnet session or a disconnected state. The processing in S1807 corresponds to disconnecting the primary telnet session corresponding to the secondary telnet session in which this disconnection is detected.

  According to this embodiment, when the session between the relay apparatus 103 and the operation destination apparatus 105 is disconnected, an erroneous operation on the relay apparatus 103 can be prevented.

  Further, the operation confirmation of the operation destination device 105 can be performed more efficiently.

  Further, the primary telnet client 213, the primary telnet server 231, the secondary telnet client 237, and the secondary telnet server 251 are not required to be modified.

  Although one embodiment of the present invention has been described above, the present invention is not limited to this. For example, the functional block configuration described above may not match the program module configuration.

  Further, the configuration of each storage area described above is an example, and the above configuration is not necessarily required. Further, in the processing flow, if the processing result does not change, the processing order may be changed or a plurality of processes may be executed in parallel.

  In this embodiment, as shown in FIG. 13, the operation source IP address is used as the identification information of the primary session, and the operation destination IP address is used as the identification information of the secondary session. These can be referred to as device identifiers of devices with which respective sessions are established with the relay device.

  In this embodiment, as shown in FIG. 13, the operation source port number is used as the identification information of the primary session, and the transfer port number is used as the identification information of the secondary session. In the telnet protocol, since the server side port number is basically determined to be 23, the client side port number is used. For example, even when there are multiple telnet sessions of the same operation source and operation destination, if the client side port number is set differently, it can be identified as a different session.

  In this embodiment, as session identification information, the identifier of the opposite device (in the embodiment, primary session: operation source IP address, secondary session: operation destination IP address) and port number (in the embodiment, primary session: operation source (client) ) Port number, secondary session: forwarding (client) port number). As another example, as a session identifier, a pair of an opposing device identifier and, for example, a session identifier (session ID) may be used.

  When the primary session is specified by the operation source IP address and the primary session ID, the completion of the establishment of the session transmitted from the relay apparatus 103 to the operation source apparatus 101 in the procedure for establishing the primary telnet session shown in S307 of FIG. The destination IP address corresponding to the operation source IP address and the primary session ID may be extracted from the notification packet. In this case, in the relay table shown in FIG. 13, the primary session ID may be held together with the operation source IP address instead of the operation source port number. Then, the primary session specified by the operation source IP address and the primary session ID may be disconnected in S1807 of FIG.

  When the secondary session is specified by the operation destination IP address and the secondary session ID, it is transmitted from the operation destination device 105 to the relay device 103 in the secondary telnet session establishment procedure shown in S407 of FIG. The secondary session ID may be extracted from the session establishment completion notification packet. In this case, in the relay table shown in FIG. 13, the secondary session ID may be held instead of the transfer port number. Then, in place of the port number match determination process shown in S1715 of FIG. 17, whether or not the secondary session ID included in the telnet response packet matches the secondary session ID held in the relay table. You may make it perform the process to determine. Even in this case, the Yes route and the No route are the same as in the above example.

  For example, when the relay apparatus 103 has two primary telnet servers 231, a port number other than 23 is used in one primary telnet server 231. In such a case, the destination port number may be extracted from the request packet for the primary telnet connection and held as a relay port number for specifying the primary session in the relay table. In the relay monitoring process, the primary session to be disconnected may be specified based on the relay port number.

  For example, when the operation destination apparatus 105 has two secondary telnet servers 251, a port number other than 23 is used in one of the secondary telnet servers 251. In such a case, the destination port number may be extracted from the request packet for the secondary telnet connection, and this may be held as the operation destination port number for specifying the secondary session in the relay table. In the relay monitoring process, the response packet of the telnet to be monitored may be specified based on the operation destination port number.

  The operation source device 101, the relay device 103, and the operation destination device 105 described above are computer devices, and as shown in FIG. 19, a memory 2501, a CPU (Central Processing Unit) 2503, a hard disk drive (HDD). : Hard Disk Drive) 2505, a display control unit 2507 connected to the display device 2509, a drive device 2513 for the removable disk 2511, an input device 2515, and a communication control unit 2517 for connecting to the network are connected via a bus 2519. ing. An operating system (OS) and an application program for executing the processing in this embodiment are stored in the HDD 2505, and are read from the HDD 2505 to the memory 2501 when executed by the CPU 2503. The CPU 2503 controls the display control unit 2507, the communication control unit 2517, and the drive device 2513 according to the processing content of the application program, and performs a predetermined operation. Further, data in the middle of processing is mainly stored in the memory 2501, but may be stored in the HDD 2505. In the embodiment of the present invention, an application program for performing the above-described processing is stored in a computer-readable removable disk 2511 and distributed, and installed in the HDD 2505 from the drive device 2513. In some cases, the HDD 2505 may be installed via a network such as the Internet and the communication control unit 2517. Such a computer apparatus realizes various functions as described above by organically cooperating hardware such as the CPU 2503 and the memory 2501 described above and programs such as the OS and application programs. .

  The embodiment of the present invention described above is summarized as follows.

  The relay device according to the present embodiment is a relay device that relays communication between a communication source device and a communication destination device through a multi-stage session, and (A) whether or not the session with the communication destination device is disconnected. A determination unit for determining; and (B) a disconnection unit that disconnects the session with the communication source device when it is determined that the session with the communication destination device is disconnected.

  In this way, unnecessary operations in the relay device can be reduced when the session between the relay device and the communication destination device is disconnected. The operation source device 101 described above is an example of a communication source device. Further, the operation destination device 105 described above is an example of a communication destination device.

  Furthermore, the relay device may include a first extraction unit that extracts first identification data related to a session with the communication source device from communication data with the communication source device. The cutting unit may specify a session with the communication source device based on the first identification data.

  In this way, it becomes easy to specify a session with the communication source device.

  Furthermore, the relay device may include a first extraction unit that extracts a source IP (Internet Protocol) address and a first source port number from a connection request packet sent from a communication source device. . The disconnection unit may specify a session with the communication source device based on the transmission source IP address and the first transmission source port number.

  In this way, for example, when there are a plurality of communication source modules in the communication source device, it is easy to specify a session with the communication source device.

  The determination unit may check the operation of the communication destination device when a period during which no response packet is received from the communication destination device exceeds a reference.

  In this way, the operation check of the communication destination device can be performed more efficiently.

  Furthermore, the relay device may include a second extraction unit that extracts second identification data related to a session with the communication destination device from communication data with the communication destination device. The determination unit may specify a response packet based on the second identification data.

  In this way, it becomes easy to specify the response packet from the communication destination device.

  The relay device further includes: a second extraction unit that extracts an IP address of a communication destination device included in a command requesting connection with the communication destination device from a packet for transferring a code input by the communication source device; You may make it have a 3rd extraction part which extracts a 2nd transmission origin port number from the packet of the connection request | requirement sent to a destination apparatus. Further, the determination unit may specify a response packet based on the IP address of the communication destination device and the second transmission source port number.

  In this way, for example, when there are a plurality of modules that perform transfer by the relay device, it becomes easy to specify the response packet from the communication destination device.

  In addition, a program for causing a computer to perform the processing by the relay device described above can be created. The program can be read by a computer such as a flexible disk, a CD-ROM, a magneto-optical disk, a semiconductor memory, and a hard disk. It may be stored in a simple storage medium or storage device. Note that intermediate processing results are generally temporarily stored in a storage device such as a main memory.

  The following supplementary notes are further disclosed with respect to the embodiments including the above examples.

(Appendix 1)
A relay device that relays communication between a communication source device and a communication destination device through a multi-stage session,
A determination unit that determines whether or not a session with the communication destination device is disconnected;
And a disconnecting unit that disconnects the session with the communication source device when it is determined that the session with the communication destination device is disconnected.

(Appendix 2)
Furthermore,
A first extraction unit that extracts first identification data related to the session with the communication source device from communication data with the communication source device;
The relay device according to claim 1, wherein the disconnecting unit specifies the session with the communication source device based on the first identification data.

(Appendix 3)
Furthermore,
A first extraction unit for extracting a source IP (Internet Protocol) address and a first source port number from a connection request packet sent from the communication source device;
The relay device according to claim 1, wherein the disconnecting unit specifies the session with the communication source device based on the source IP address and the first source port number.

(Appendix 4)
The relay device according to any one of appendices 1 to 3, wherein the determination unit performs an operation check of the communication destination device when a period during which a response packet is not received from the communication destination device exceeds a reference.

(Appendix 5)
Furthermore,
A second extraction unit for extracting second identification data related to the session with the communication destination device from communication data with the communication destination device;
The relay device according to attachment 4, wherein the determination unit specifies the response packet based on the second identification data.

(Appendix 6)
Furthermore,
A second extraction unit that extracts an IP address of the communication destination device included in a command for requesting connection with the communication destination device from a packet for transferring a code input by the communication source device;
A third extraction unit for extracting a second transmission source port number from a connection request packet sent to the communication destination device;
The relay device according to claim 4, wherein the determination unit identifies the response packet based on an IP address of the communication destination device and the second transmission source port number.

(Appendix 7)
A control method executed by a computer that relays communication between a communication source device and a communication destination device through a multi-stage session,
Determine whether the session with the communication destination device is disconnected,
A control method including a process of disconnecting a session with the communication source device when it is determined that the session with the communication destination device is disconnected.

(Appendix 8)
To a computer that relays communication between the communication source device and the communication destination device through a multi-stage session,
Determine whether the session with the communication destination device is disconnected,
A program for executing processing for disconnecting a session with the communication source device when it is determined that the session with the communication destination device is disconnected.

(Appendix 9)
A communication source device;
A communication destination device;
A relay device that provides a first session with the communication source device in response to a request from the communication source device, and further provides a second session with the communication destination device in response to a request from the communication source device Including
The relay device is
A determination unit for determining whether or not the second session is disconnected;
And a disconnecting unit configured to disconnect the first session when it is determined that the second session is disconnected.

DESCRIPTION OF SYMBOLS 101 Operation origin apparatus 103 Relay apparatus 105 Operation destination apparatus 211 Command program 213 Primary telnet client 215 Tool 221 Interface control part 223 Communication interface apparatus 231 Primary telnet server 233 Network virtual terminal 235 Command program 237 Secondary telnet client 239 Relay management part 241 Interface Control unit 243 Communication interface device 251 Secondary telnet server 253 Network virtual terminal 255 Command program 261 Interface control unit 263 Communication interface device 1201 First acquisition unit 1203 First extraction unit 1205 Second extraction unit 1207 Second acquisition unit 1209 Third extraction Part 1211 judgment part 1213 cutting part 1221 relay tape Bull storage unit 1223 buffer

Claims (9)

A relay device that relays communication between a communication source device and a communication destination device through a multi-stage session,
A determination unit that determines whether or not a session with the communication destination device is disconnected;
And a disconnecting unit that disconnects the session with the communication source device when it is determined that the session with the communication destination device is disconnected. Furthermore,
A first extraction unit that extracts first identification data related to the session with the communication source device from communication data with the communication source device;
The relay device according to claim 1, wherein the disconnection unit specifies the session with the communication source device based on the first identification data. Furthermore,
A first extraction unit for extracting a source IP (Internet Protocol) address and a first source port number from a connection request packet sent from the communication source device;
The relay device according to claim 1, wherein the disconnecting unit specifies the session with the communication source device based on the transmission source IP address and the first transmission source port number. The relay device according to any one of claims 1 to 3, wherein the determination unit performs an operation check of the communication destination device when a period during which a response packet is not received from the communication destination device exceeds a reference. Furthermore,
A second extraction unit for extracting second identification data related to the session with the communication destination device from communication data with the communication destination device;
The relay device according to claim 4, wherein the determination unit specifies the response packet based on the second identification data. Furthermore,
A second extraction unit that extracts an IP address of the communication destination device included in a command for requesting connection with the communication destination device from a packet for transferring a code input by the communication source device;
A third extraction unit for extracting a second transmission source port number from a connection request packet sent to the communication destination device;
The relay device according to claim 4, wherein the determination unit identifies the response packet based on an IP address of the communication destination device and the second transmission source port number. A control method executed by a computer that relays communication between a communication source device and a communication destination device through a multi-stage session,
Determine whether the session with the communication destination device is disconnected,
A control method including a process of disconnecting a session with the communication source device when it is determined that the session with the communication destination device is disconnected. To a computer that relays communication between the communication source device and the communication destination device through a multi-stage session,
Determine whether the session with the communication destination device is disconnected,
A program for executing processing for disconnecting a session with the communication source device when it is determined that the session with the communication destination device is disconnected. A communication source device;
A communication destination device;
A relay device that provides a first session with the communication source device in response to a request from the communication source device, and further provides a second session with the communication destination device in response to a request from the communication source device Including
The relay device is
A determination unit for determining whether or not the second session is disconnected;
And a disconnecting unit configured to disconnect the first session when it is determined that the second session is disconnected.

Images