WO2019062479A1 - 报文处理方法、装置、存储介质及终端 - Google Patents
报文处理方法、装置、存储介质及终端 Download PDFInfo
- Publication number
- WO2019062479A1 WO2019062479A1 PCT/CN2018/103782 CN2018103782W WO2019062479A1 WO 2019062479 A1 WO2019062479 A1 WO 2019062479A1 CN 2018103782 W CN2018103782 W CN 2018103782W WO 2019062479 A1 WO2019062479 A1 WO 2019062479A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data packet
- data
- application
- sent
- sent out
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2483—Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2475—Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Definitions
- the present application relates to the field of communications, but is not limited to the field of communications, and in particular, to a packet processing method, apparatus, storage medium, and terminal.
- the current ocean broadband satellite network provides a wireless fidelity (WiFi) access method for a user terminal (for example, a smart terminal).
- WiFi wireless fidelity
- the applications on many smart terminals will enable the cloud synchronization function and the software automatic update function by default. Even if the user does not know, the terminal application will secretly collect information such as the model and geographic location, and secretly upload it. To the designated server, causing user traffic to be wasted.
- the embodiment of the present application provides a packet processing method, device, storage medium, and network device.
- a packet processing method including: acquiring a data message to be sent out from an application in a terminal; and determining that the data message to be sent out needs to be intercepted The outgoing data message is forwarded for outgoing interception.
- a message processing apparatus including: an obtaining module configured to acquire a data message to be sent from an application in the terminal; and an intercepting module configured to determine that the interception is required When the data packet is sent out, the data packet to be sent is sent out for interception.
- a storage medium comprising a stored program, wherein the program is executed to perform the method of any of the above.
- a processor for running a program wherein the program is executed to perform the method of any of the above.
- a terminal is further provided, the terminal includes: a transceiver and a processor; the processor is connected to the transceiver, and configured to control the transceiver by executing a program The data is sent and received, and the message processing method provided by one or more of the foregoing technical solutions is executed.
- FIG. 1 is a block diagram showing the hardware structure of a mobile terminal of a message processing method according to an embodiment of the present application
- FIG. 2 is a flowchart of a message processing method according to an embodiment of the present application.
- FIG. 3 is a block diagram showing the overall structure of an embodiment of the present application.
- FIG. 4 is a structural block diagram of a message processing apparatus according to an embodiment of the present application.
- FIG. 5 is a diagram of a terminal application data transmission processing according to a specific embodiment of the present application.
- FIG. 6 is a flow chart of data forwarding and receiving processing according to an embodiment of the present application.
- FIG. 7 is a flowchart of a session maintenance process according to an embodiment of the present application.
- FIG. 8 is a structural block diagram of a terminal according to an embodiment of the present invention.
- the traditional security butler terminal software in order to realize the control of the intelligent terminal application traffic, either need to root the intelligent terminal (for example, obtain the highest management authority of the intelligent terminal), based on the setting of the highest management authority.
- the security housekeeper software obtains the highest authority of the intelligent terminal operating system, thereby realizing reading the routing information of the intelligent terminal network device file, thereby implementing the addition or modification of the routing rule to achieve the interception function; or separately establishing a virtual private network (Virtual Private Network, Referred to as a VPN server, the intelligent terminal establishes a VPN tunnel with the VPN server to control and intercept the data packets of the terminal application on the VPN tunnel.
- the satellite traffic cost is still relatively expensive compared to the land cost.
- it is necessary to control the traffic consumption of the smart terminal application under the satellite network WiFi condition. It is very necessary.
- the embodiments of the present application are directed to the limitations and shortcomings of the current industry for the application of the flow control of the intelligent terminal, and propose a new packet processing method, which can implement the smart terminal for the user under the condition that the intelligent terminal is free of root and does not need to set up a VPN server.
- the application's traffic control prevents unnecessary traffic waste, thus saving users network costs.
- the present application is described below in conjunction with the embodiments:
- FIG. 1 is a hardware structural block diagram of a mobile terminal of a message processing method according to an embodiment of the present application.
- mobile terminal 10 may include one or more (only one shown in FIG. 1) processor 102 (processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA.
- FIG. 1 is merely illustrative and does not limit the structure of the above electronic device.
- the mobile terminal 10 may also include more or fewer components than those shown in FIG. 1, or have a different configuration than that shown in FIG.
- the memory 104 can be configured as a software program and a module for storing application software, such as program instructions/modules corresponding to the message processing method in the embodiment of the present application, and the processor 102 executes by executing a software program and a module stored in the memory 104.
- application software such as program instructions/modules corresponding to the message processing method in the embodiment of the present application
- the processor 102 executes by executing a software program and a module stored in the memory 104.
- Various functional applications and data processing, that is, the above methods are implemented.
- Memory 104 may include high speed random access memory, and may also include non-volatile memory such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory.
- memory 104 may further include memory remotely located relative to processor 102, which may be connected to mobile terminal 10 over a network. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
- Transmission device 106 is configured to receive or transmit data via a network.
- the above-described network specific example may include a wireless network provided by a communication provider of the mobile terminal 10.
- the transmission device 106 includes a Network Interface Controller (NIC) that can be connected to other network devices through a base station to communicate with the Internet.
- the transmission device 106 can be a Radio Frequency (RF) module for communicating with the Internet wirelessly.
- NIC Network Interface Controller
- RF Radio Frequency
- a packet processing method that can be operated on the mobile terminal is provided.
- FIG. 2 is a flowchart of a packet processing method according to an embodiment of the present application. As shown in FIG. 2, the method includes the following steps:
- Step S202 Acquire a data packet to be sent out from an application in the terminal.
- step S204 when it is determined that the data packet to be sent out needs to be intercepted, the data packet to be sent is sent out for interception.
- the main body performing the above steps may be a traffic control device in the terminal.
- the traffic control device can be applied to the terminal, can be a component or a plug-in in the operating system of the terminal, or can be an application installed in an operating system.
- the data message of the external party may include: the terminal needs to send a message of another terminal or device. After the data packet of the foreign party reaches the destination address, it must be transmitted to the network through the outgoing interface of the terminal and then transmitted to another device where the destination address is located.
- Step S202 may include: the traffic management device may read the data packet from a buffer space of a data packet to be sent by the terminal.
- Step S204 may include: filtering the data packet that needs to be intercepted before the data packet is sent out. For example, the data packet to be intercepted is excluded from the data packet queue to be sent. For example, in order to distinguish between the data packet to be intercepted and the data packet to be intercepted, the interception label of the intercepted data packet may be processed; thus, the transceiver transmits the data packet according to the The intercepting tag intercepts the data packet, that is, the masked sending operation of the data packet to be intercepted.
- the foregoing embodiment can prevent unnecessary outgoing data packets from being intercepted before the data packets to be sent out are sent out, thereby avoiding unnecessary traffic waste. Therefore, the problem of waste of traffic existing in the related art can be solved, and the effect of controlling the traffic of the terminal application to save the traffic cost can be achieved.
- the data message to be sent out from the application in the terminal is: when the data is written in the TUN port in the terminal, the data to be sent is read from the TUN port.
- a packet, in which the data to be sent by the application in the terminal is redirected to the TUN port.
- the terminal creates a virtual TUN interface, and all the data packets to be sent by the application on the terminal can be redirected and sent to the virtual TUN interface.
- the data packet can be read from the TUN port to the cache, and then processed according to the information of the data packet in the cache.
- TUN port is a computer terminology, which can refer to the virtual network device in the Linux operating system kernel.
- the terminal after starting some applications, creates a virtual port, which may be a virtual network card, and is not directly mapped to the physical network card.
- the virtual port may include a TUN port and a Tap port.
- the TUN port is a Layer 3 virtual NIC that can be used to process IP data packets.
- the tap port is a Layer 2 virtual network card that can process data packets of the data link layer network, for example, Ethernet packets.
- the intercepting the corresponding data packet may include: not transmitting the data packet generated in the buffer space or the application to the physical network card, so that the corresponding data packet cannot be sent out, and thus, The interception of data messages is realized.
- the method further includes: in the session list according to the header information of the data packet to be sent out. Determining whether there is a session corresponding to the data packet to be sent out; if it is determined to exist, updating the session corresponding to the data packet to be sent according to the data packet to be sent out; determining that the non-existent In the case, a new session is created and a new socket socket connection is created based on the address information in the new session.
- a session may be created for the data to be sent out, and the session corresponding to the data packet to be sent out is found in the session session list according to the packet header information of the data packet to be sent out.
- the information such as the effective time and the ID of the session corresponding to the data packet to be sent out may be updated according to the data packet to be sent out.
- the protocol, time, and user identity are recorded.
- User Identifier (UID), version, address, ID, etc. and call the system socket to establish a new Internet Control Message Protocol (ICMP) connection to protect the protect connection so that data sent from the socket will not be intercepted.
- ICMP Internet Control Message Protocol
- determining that the data packet to be sent out needs to be intercepted includes: determining that the data packet to be sent needs to be sent to be used for processing to be sent out by listening to the socket connection in the session linked list
- the remote server of the data packet determines the identifier of the application according to the target network protocol IP address and port of the data packet to be sent out; and determines that the application is a non-foreground application according to the identifier of the application. , to determine the need to intercept data packets to be sent out.
- whether the data packet to be sent is to be intercepted is generated according to whether the application of the data packet to be sent is the application running in the foreground, and the data packet to be sent is generated.
- the application When the application is an application running in the foreground, it does not need to be intercepted. Otherwise, it needs to be intercepted. It should be noted that the manner in which the application that sends the data packet to be sent is the application running in the foreground to intercept the outgoing data packet is only an optional embodiment.
- the packet may also be intercepted according to other interception conditions, for example, the interception processing of the packet according to whether the application is in the whitelist, or the interception processing according to the sending period of the packet.
- the keyword of the data packet to be sent is extracted, and the data packet to be intercepted is determined according to the keyword, and if the keyword is a keyword of the data packet to be intercepted, Intercept the data message.
- the specific method for intercepting includes: deleting the data packet to be sent from the data packet to be sent, or discarding the data packet directly.
- the keyword may be from the header and/or body of the data message.
- the method further includes: when it is determined that the data message to be sent out is not required to be intercepted, The data message is forwarded to the predetermined network card, and the predetermined network card is instructed to forward the data message to be sent out to the predetermined server for processing the data message to be sent out.
- the description is mainly for the case that the data packet to be sent out is not required to be intercepted. If the interception is not required, the packet needs to be sent to the remote server for transmission. The remote server is caused to perform corresponding processing according to the request of the application.
- determining that the data message to be sent out is not required to be intercepted includes: determining, by listening to the socket connection in the session list, that the data message to be sent needs to be sent to be used for processing
- the identifier of the application is determined according to the target network protocol IP address and port of the data packet to be sent out; and the application is determined to be the application running in the foreground according to the identifier of the application, and it is determined that the application is not required.
- Block data packets to be sent out the manner in which the application for transmitting the data packet to be sent is the application running in the foreground to intercept the outgoing data packet is only a preferred embodiment.
- the packet may also be intercepted according to other interception conditions, for example, the interception processing of the packet according to whether the application is in the whitelist, or the interception processing according to the sending period of the packet, and the like.
- the method further includes: determining to receive the received datagram from the predetermined server by listening to the socket connection in the session list. And searching for a session corresponding to the received data packet in the session linked list according to the packet header information of the received data packet, and reading the address information of the application to receive the data packet from the found session corresponding to the received data packet ; Forward the received data message to the application.
- the predetermined server after processing the request of the application, the predetermined server returns a corresponding processing result, that is, the received data packet, and the received data packet can be forwarded to the application.
- forwarding the received data packet to the application includes: reassembling the received data packet; and writing the reassembled received data packet into a virtual network device TUN port, so that the virtual The TUN port sends the reassembled received data packet to the above application.
- the received data packet can be forwarded to the application through the TUN interface.
- the traffic control application listens to the TUN port when the data packet is written, reads the original packet, determines whether to intercept according to the interception rule, and then forwards it to the real network card, and the real network card forwards to the remote server; and the traffic monitoring application according to the network protocol Apply a reply control response to the terminal.
- the traffic control application monitors the smart terminal to re-write the original data packet to the TUN interface, and the TUN port forwards the packet to the terminal application.
- the traffic control application monitors the smart terminal to re-write the original data packet to the TUN interface, and the TUN port forwards the packet to the terminal application.
- the traffic control device of the terminal can read data from the TUN, perform data packet reassembly, intercept judgment, and then forward to the real network card (ie, the predetermined network card), the limitation can be automatically implemented.
- Application traffic sent and received in the background of the intelligent terminal Therefore, the problem of the sneak traffic of the background application of the user intelligent terminal can be solved, and the traffic control of the user intelligent terminal application can be achieved, thereby saving the network cost for the user.
- an embodiment of the present application further provides a terminal, where the terminal includes: a transceiver and a processor; the processor is connected to the transceiver, and is configured to control the sending and receiving by executing a program.
- the data processing of the device is performed, and the message processing method provided by one or more of the foregoing technical solutions is executed.
- the message processing method as shown in any of FIG. 2, FIG. 5 to FIG. 7 can be executed.
- the transceiver may correspond to an antenna, which may correspond to various types of processors, such as a central processing unit, a microprocessor, a digital signal processor, a programmable array, and the like.
- processors such as a central processing unit, a microprocessor, a digital signal processor, a programmable array, and the like.
- the processor and the antenna are connected through an intra-device interface such as a bus.
- the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
- the technical solution of the present application which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
- the optical disc includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present application.
- a message processing device is also provided, which is used to implement the foregoing embodiments and preferred embodiments, and has not been described again.
- the term "module” may implement a combination of software and/or hardware of a predetermined function.
- the devices described in the following embodiments are preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
- FIG. 4 is a structural block diagram of a message processing apparatus according to an embodiment of the present application. As shown in FIG. 4, the apparatus includes the following modules:
- the obtaining module 42 is configured to obtain a data packet to be sent out from the application in the terminal, and the intercepting module 44 is connected to the obtaining module 42 for determining that the data packet to be sent out needs to be intercepted.
- the data packet to be sent is sent out for interception.
- the device further includes a reading unit configured to read a data message to be sent from the TUN port when the data is written in the TUN port of the virtual network device in the terminal.
- the data to be sent out of the application in the terminal is redirected to the TUN port.
- the foregoing apparatus further includes a searching module, configured to: after acquiring the data packet to be sent from the application in the terminal, according to the header information of the data packet to be sent out in the session session Querying, in the linked list, whether there is a session corresponding to the data packet to be sent out, and the updating module is configured to update, according to the data packet to be sent, the data packet corresponding to the data packet to be sent out, Session; create a module, configured to create a new session if it is determined to not exist, and create a new socket socket connection based on the address information in the new session.
- the foregoing apparatus may determine that the data packet to be sent out needs to be intercepted by: determining, by using a socket connection in the listening session list, that the data packet to be sent out needs to be sent to be used for
- the identifier of the application is determined according to the target network protocol IP address and port of the data packet to be sent out; and the application is determined to be a non-foreground application according to the identifier of the application. In the case of the case, it is determined that the data message to be sent out needs to be intercepted.
- the foregoing apparatus is further configured to: after acquiring the data message to be sent from the application in the terminal, after determining that the data message to be sent is not required to be intercepted, The data packet to be sent is forwarded to the predetermined network card, and the predetermined network card is instructed to forward the data packet to be sent out to the predetermined server for processing the data packet to be sent out.
- the foregoing apparatus may determine that the data packet to be sent out is not required to be intercepted by: determining that the data packet to be sent needs to be sent by using the socket connection in the session list.
- the identifier of the application is determined according to the target network protocol IP address and port of the data packet to be sent out; and the application is determined to be running in the foreground according to the identifier of the application. In the case of the application, it is determined that the data message to be sent out does not need to be intercepted.
- the apparatus is further configured to: after receiving the data packet to be sent to the predetermined network card, determine to receive the received datagram from the predetermined server by listening to the socket connection in the session list. And searching for a session corresponding to the received data packet in the session linked list according to the packet header information of the received data packet, and reading the application to receive the received data packet from the found session corresponding to the received data packet Address information; forwards the received data message to the application.
- the foregoing apparatus may forward the received data packet to the application by: reassembling the received data packet; and writing the reassembled received data packet to the virtual network device TUN port, The virtual TUN port sends the reassembled received data packet to the application.
- the message processing device shown in FIG. 4 can be applied to a traffic control device in a terminal.
- a traffic control device in the smart terminal The following describes the application by using a traffic control device in the smart terminal as an example:
- the service module in the traffic control device starts the VPN service that is provided by the smart terminal. After the VPN service is started, a virtual TUN interface is created. All the data packets sent by the application on the smart terminal are redirected to the virtual TUN. mouth.
- the main control module (corresponding to the above-mentioned acquisition module 42) in the flow control device monitors the virtual TUN port, and when the TUN port has data to be written, the data packet is read from the TUN port to the cache.
- the main control module reads the header information of the data packet in the cache, including IP address information, port information, protocol status information, window information, etc., according to the type of the transmission protocol in the packet header, calls data transmission and reception of different transmission protocols.
- the module processes, and the transport protocols include TCP, UDP, and ICMP.
- the data transceiver module in the flow control device creates a session according to the data packet header information. When creating a session, it will first find the session list. If it is the same protocol packet and the address is the same, the session is considered to exist. If the session does not exist, a new session is created and created according to the address information in the session. A new socket connection for forwarding data.
- the data transceiver module listens to all the socket connections in the session list. When there is data to be sent to the remote server, the interception module is called to control.
- the intercepting module finds the identifier UID of the corresponding terminal application according to the target IP and port of the sent data packet, and compares it with the terminal application UID currently used by the user in the foreground. If the data sent by the application is running in the foreground, the intercepting session is called.
- the socket connection forwards the original data packet to the real network card, and the real network card forwards it to the remote server, otherwise it intercepts.
- the remote server sends a data packet to the real network card of the smart terminal, it can listen to the forwarding socket for data reception, and the data transceiver module reads the data from the socket to the cache, according to the address information in the data packet header. The corresponding session is found, the terminal application address information is read from the session, the received data packet is reorganized and then written into the virtual TUN port, and the virtual TUN port forwards the data to the terminal application.
- the main control module maintains the network connection information of all applications and clears the timeout connection at a fixed time.
- the durations of any two fixed times may be equal or unequal; for example, the duration of the fixed time in the first time period of one time period is the first duration, and the second time in the other time period.
- the duration of the fixed time in the time period is the second time length; if the first time period is the time period in which the user uses the terminal frequency is lower or the usage time is less; the second time period may be that the user uses the terminal frequency higher than the first time period
- the time period, or time period for using the terminal is longer than the time period of the first time period.
- the first duration corresponding to the first time period may be longer than the second duration, reducing unnecessary operations of the main control module, reducing power consumption of the terminal, and reducing the number of times the terminal is awakened in a low power consumption mode (eg, a sleep mode).
- FIG. 5 is a process diagram of terminal application data transmission processing according to an embodiment of the present application. As shown in FIG. 5, the method includes the following steps:
- Step S501 monitors whether the TUN port has data to be sent. If the data of the TUN port needs to be sent, the data packet to be sent by the TUN interface is one of the data packets to be sent.
- Step S502 determines whether it is an EPOLL error event, and if so, enters error processing.
- step S503 if it is a data read event, the data is read from the TUN port to the cache.
- Step S504 performs format check and protocol judgment on the data packet, for example, performing packet format check and protocol judgment. If it is a TCP protocol packet, it will jump to S505; if it is a UDP protocol packet, it will jump to S517; if it is an ICMP protocol packet, it will jump to S522.
- Step S505 calls the TCP data packet transceiving processing module to determine whether it is an emergency packet. If it is not an emergency package (ie, non-emergency package), it will jump to S506; if it is an emergency package, it will jump to S507. There are various ways to determine whether it is an emergency package, for example, determining whether to carry an emergency field of an emergency packet; determining whether to send a data packet to a specific receiving end; and determining whether to delay the packet within a specified time. In the embodiment of the present invention, "data message” and "data packet" are synonymous.
- step S506 the validity of the TCP packet is detected. If the packet is legal, the packet jumps to S508. If the packet is invalid, the packet jumps to S509.
- step S507 the emergency packet is discarded.
- Step S508 searching for the current TCP session from the session list, determining whether it exists, does not exist, and the message is a syn packet, then jumping to S510, if yes, jumping to S511; if not, representing an error packet, jumping Go to S509.
- Step S509 The invalid data packet is discarded.
- Step S510 creates a new session.
- the session records the protocol type, time, UID, version, address, ID, etc. (and other fields) information, and calls the system socket to establish a Transmission Control Protocol (TCP) connection, protect the connection, so that the socket is sent from the socket.
- TCP Transmission Control Protocol
- the data will not be intercepted by TUN, register the socket read and error event listener in EPOLL, and then add the new session to the session list.
- Step S511 updates the information such as the effective time, the ID, and the total length of the transmission in the session list.
- Step S512 determines whether the data message is a TCP status packet, and if so, jumps to S513; if not, it is a data packet, and jumps to S514.
- Step S513 performs error or state transition modification according to the packet status information according to the TCP protocol, responds to the terminal application, and updates the TCP state in the session.
- Step S514 first determines the TCP state in the session. If it is TCP_CLOSING or TCP_CLOSE, it indicates that it has been closed, and jumps to S515; if it is not closed, it jumps to S516.
- Step S515 does not transmit data.
- Step S516 stores the data in the transmission data queue of the session.
- Step S517 calls the UDP data transceiving processing module to find the current UDP session from the session list, and if not, jumps to S518; if yes, it jumps to S519.
- Step S518 creates a new session, records protocol, time, UID, version, address, ID and other information, and calls the system socket to create a new UDP connection, protect connection, so that the data sent from the socket will not be intercepted by TUN. Register the socket's read and error events in EPOLL, and then add the new session to the session queue.
- Step S519 finds the corresponding session, and updates the valid time, the ID, the total length of the transmission, and the like in the session.
- Step S520 determines whether it is a DNS packet or a DHCP packet, and performs reorganization processing.
- step S521 whether to intercept the judgment is made. If the message is sent by the foreground application, the process jumps to S522, and if it is the message sent by the background application, the process jumps to S523.
- Step S522 reorganizes the UDP packet, modifies the current ID, recalculates the checksum, modifies the address information, and sends the address to the remote server through the new socket.
- Step S523 needs to be intercepted and not sent.
- Step S524 calls the ICMP data transceiving processing module to process, the packet check type, if supported, jumps to S523, and does not support jumping to S526.
- Step S525 searches for the current ICMP session from the session list, and if not, jumps to S526; if it does, it jumps to S527.
- Step S526 skips the unsupported type.
- Step S527 creates a new session, records protocol, time, UID, version, address, ID and other information, and calls the system socket to create a new ICMP connection, protect connection, so that the data sent from the socket will not be intercepted by TUN. Register the socket's read and error events in EPOLL, and then add the new session to the session queue.
- Step S528 finds the corresponding session, and updates the valid time, ID and other information in the session.
- step S529 whether to intercept the judgment is made. If the message is sent by the foreground application, the process jumps to S530, and if it is the message sent by the background application, the process jumps to S531.
- Step S530 reorganizes the ICMP packet, modifies the current ID, recalculates the checksum, and the address information is sent to the remote server through the new socket.
- Step S531 needs to be intercepted and not sent.
- FIG. 6 is a flowchart of data forwarding and receiving processing according to an embodiment of the present application. As shown in FIG. 6, the method includes the following steps:
- step S601 If the EPOLL event is detected in step S601, it indicates that the socket has data to be sent or received.
- Step S602 copies the data to the cache.
- Step S603 performs format check and protocol judgment on the data packet. If it is a TCP protocol packet, it will jump to S604; if it is a UDP protocol packet, it will jump to S614; if it is an ICMP protocol packet, it will jump to S620.
- Step S604 invokes a TCP data packet transceiving processing module. Determine the EPOLL event, if it is an EPOLL ERROR event, jump to S605; if it is an EPOLL OUT event, jump to S606; if it is an EPPOLL IN event, jump to S611.
- Step S605 performs error processing.
- Step S606 receives the data sent from the remote end, acquires the current receiving window size, and if there is forwarding data, determines whether the forwarding data confirms the receiving. If the TCP status is TCP_ESTABLISHED or TCP_CLOSE_WAIT, the size of the send window is obtained, and the data is received by the buffer. If the data length is less than 0, the process jumps to S607. If the data length is equal to 0, the process jumps to S608. If the data length is greater than 0, Go to S609. Otherwise, there is a message that the data has not been sent.
- Step S607 identifies an error, sends a FIN command to the application, and closes the socket.
- Step S608 is described as ending the data message. If no data is forwarded, the FIN instruction can be sent to the application and the socket is closed.
- Step S609 represents data transmission, reassembling TCP packets, and modifying address information.
- Step S610 sends the reassembled TCP packet to the TUN port.
- Step S611 illustrates that the data needs to be forwarded, and whether the forwarding data is intercepted or not, if it is the terminal foreground application data, the process jumps to S612; if it is the background application data, the process jumps to S613.
- Step S612 is forwarded to the remote server through the new socket.
- Step S613 needs to be intercepted and not sent.
- Step S614 calls the UDP data transceiving processing module to process, determines the EPOLL event, if it is an EPOLL ERROR event, jumps to S615; if it is an EPPOLL IN event, it jumps to S616.
- Step S615 performs error processing.
- Step S616 Obtaining data from the socket to the buffer, and modifying the receiving length of the UDP session in the session list.
- step S617 if it is a DNS response, additional processing is adjusted.
- Step S618 reorganizes the UDP packet and modifies the address information.
- Step S619 sends the reassembled UDP packet to the TUN port.
- Step S620 calls the ICMP data transceiving processing module to process, and determines an EPOLL event. If it is an EPOLL ERROR event, it jumps to S621; if it is an EPPOLL IN event, it jumps to S622.
- Step S621 performs error processing.
- Step S622 acquires a data buffer from the socket.
- Step S623 reorganizes the ICMP message, restores the ICMP ID, calculates the ICMP checksum, and modifies the address information.
- Step S624 sends the reassembled ICMP message to the TUN port.
- FIG. 7 is a flowchart of a session maintenance process according to still another embodiment of the present application. As shown in FIG. 7, the method includes the following steps:
- Step S701 traverses the session list and checks the session record.
- Step S702 performs protocol determination on the data packet type in the session. If it is a TCP protocol packet, it will jump to S703; if it is a UDP protocol packet, it will jump to S708; if it is an ICMP protocol packet, it will jump to S713.
- Step S703 calls the TCP data transceiving processing module to determine whether the TCP status is timed out.
- step S704 If step S704 times out and the TCP status is LISTEN, the session TCP status is marked as CLOSING status.
- Step S705 If the session TCP state is CLOSING, CLOSE state, the socket in the session is closed, and the session TCP state is marked as the CLOSE state.
- the data transmission length is cleared in step S706session.
- the data reception length is cleared in step S707session.
- Step S708 calls the UDP data transceiving processing module to determine whether the UDP status has timed out.
- step S709 the session TCP state is marked as FINISHING state.
- Step S710 If the session TCP status is UDP_FINISHING, UDP_CLOSED, UDP_BLOCKED, if yes, the socket in the session is closed, and the session UDP status is marked as CLOSED.
- the data transmission length is cleared in step S711session.
- the data reception length is cleared in step S712session.
- Step S713 calls the ICMP data transceiving processing module to determine whether the UDP status has timed out.
- Step S714 closes the socket in the session.
- Step S715 clears the invalid session in the session list.
- the embodiment of the present application further provides a storage medium including a stored program, wherein the program runs to perform the method described in any of the above.
- the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM). ), removable hard disk, disk or optical disk, and other media that can store program code.
- ROM Read-Only Memory
- RAM Random Access Memory
- Embodiments of the present application also provide a processor for running a program, wherein the program executes the steps of any of the above methods when executed.
- the foregoing embodiment can solve the problem that the user intelligent terminal uses the background to sneak traffic.
- the embodiment of the present application can implement the traffic control of the user intelligent terminal application under the condition that the smart terminal is free of root and does not need to set up a VPN server. Therefore, the purpose of preventing the background application from stealing traffic and saving the network cost for the user is achieved; the following effects can be achieved:
- Smart terminal is free of root. It is not necessary to change the setting of the user intelligent terminal, and avoid the complexity of operating the intelligent terminal for the user to prevent the background application traffic from being stolen. 2) No additional VPN server is required. In the satellite network environment, the air interface resources are limited, which avoids additional network overhead after the user terminal establishes a VPN connection with the VPN server. 3) On the basis of the technology of the present application, the anti-smuggling interception function of the background application of the user intelligent terminal is realized, and the traffic cost is saved for the user. 4) This application is not only used for marine satellite network communication, but also for satellite network communication in places where existing mobile networks such as airplanes, vehicles, mountains, and coal mines cannot communicate. 5) This application is not only used in the field of satellite network communication, but also applicable to the network field where WiFi is expensive in international roaming, mobile WiFi, remote areas or countries.
- modules or steps of the present application can be implemented by a general computing device, which can be concentrated on a single computing device or distributed in a network composed of multiple computing devices.
- they may be implemented by program code executable by a computing device such that they may be stored in a storage device for execution by the computing device and, in some cases, may differ from this
- the steps shown or described are performed sequentially, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module.
- the application is not limited to any particular combination of hardware and software.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请提供了一种报文处理方法、装置、存储介质及处理器,该方法包括:获取来自终端中的应用的待外发的数据报文;在确定需要拦截待外发的数据报文时,对待外发的数据报文进行外发拦截。
Description
相关申请的交叉引用
本申请基于申请号为201710907981.1、申请日为2017年09月29日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。
本申请涉及通信领域但不限于通信领域,尤其涉及一种报文处理方法、装置、存储介质及终端。
随着科技的发展,人们对上网的需求也越来越多,而网络连接势必要涉及到流量的耗费,而在实际使用中,有些流量的耗费是不必要的,下面以卫星通讯为例进行说明:
随着海上渔民从近海捕捞向远洋捕捞的发展,海上渔民的通讯和上网要求日益迫切,加上大容量的通讯卫星技术的发展,使得原来面向高端用户的宽带卫星上网服务普及到普通的渔民以及旅游人群成为可能。
当前海洋宽带卫星网络提供用户终端(例如,智能终端)无线保真(Wireless Fidelity,简称为WiFi)接入方式。在WiFi使用网络环境下,很多智能终端上的应用会默认开启云端同步功能、软件自动更新功能,甚至在用户不知情的情况下,终端应用会暗地里搜集机型、地理位置等信息,并偷偷上传至指定服务器,从而导致用户流量白白浪费。
发明内容
本申请实施例提供了一种报文处理方法、装置、存储介质及网络设备。
根据本申请的一个实施例,提供了一种报文处理方法,包括:获取来自终端中的应用的待外发的数据报文;在确定需要拦截所述待外发的数据报文时对所述待外发的数据报文进行外发拦截。
根据本申请的另一个实施例,提供了一种报文处理装置,包括:获取模块,配置为获取来自终端中的应用的待外发的数据报文;拦截模块,配置为在确定需要拦截所述待外发的数据报文时,对所述待外发的数据报文进行外发拦截。
根据本申请的又一个实施例,还提供了一种存储介质,所述存储介质包括存储的程序,其中,所述程序运行时执行上述任一项所述的方法。
根据本申请的又一个实施例,还提供了一种处理器,所述处理器用于运行程序,其中,所述程序运行时执行上述任一项所述的方法。
根据本申请的再一个实施例,还提供一种终端,所述终端包括:收发器及处理器;所述处理器与所述收发器连接,配置为通过程序的执行,控制所述收发器的数据收发,并执行前述一个或多个技术方案提供的报文处理方法。
通过本申请,能够实现在待外发的数据报文进行外发之前,对不必要外发的数据报文进行拦截,从而避免了不必要的流量浪费。因此,可以解决相关技术中存在的流量浪费的问题,达到对终端应用流量进行管控,节省流量费用的效果。
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申 请的不当限定。在附图中:
图1是本申请实施例的一种报文处理方法的移动终端的硬件结构框图;
图2是根据本申请实施例的报文处理方法的流程图;
图3是根据本申请实施例的整体结构框图;
图4是根据本申请实施例的报文处理装置的结构框图;
图5是根据本申请具体实施例的终端应用数据发送处理图;
图6是根据本申请具体实施例的数据转发和接收处理流程图;
图7是根据本申请具体实施例的Session维护处理流程图;
图8是本发明实施例提供的一种终端的结构框图。
下文中将参考附图并结合实施例来详细说明本申请。
需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。
为了解决流量耗损的问题,传统的安全管家类终端软件,要实现对智能终端应用流量的管控,要么需要先root智能终端(例如,获得智能终端的最高管理权限),基于最高管理权限的设置让安全管家类软件获取智能终端操作系统的最高权限,从而实现读取智能终端网络设备文件的路由信息,从而实现增加或修改路由规则来达到拦截功能;要么需要另外建立虚拟专用网络(Virtual Private Network,简称为VPN)服务器,智能终端通过与VPN服务器建立VPN通道,在VPN通道上进行对终端应用数据报文的控制和拦截。
在一些情况下,例如进行卫星通信时,由于卫星网络带宽资源有限,卫星流量费用比较陆地费用依然昂贵,为了节省用户流量费用,需要在卫星网络WiFi条件下,实现对智能终端应用流量消耗的管控就十分有必要了。
受限于海洋宽带卫星网络用户群对智能终端的熟悉程度不高,通过root智能终端来实现应用流量管控非常困难,而且会导致用户智能终端无法保修。另外由于卫星资源带宽资源有限,智能终端与陆地VPN服务器之间建立数据通道后,会增加VPN协议和数据加密的开销,上述两种方式在海洋宽带卫星网络环境中不适用。
本申请实施例针对目前业界对智能终端应用流量管控的局限性和缺陷,提出一种新的报文处理方法,能够在智能终端免root,且不需要搭建VPN服务器条件下,实现对用户智能终端应用的流量管控,防止不必要的流量浪费,从而为用户节省网络费用。下面结合实施例对本申请进行说明:
在本申请实施例中所提供的方法是可以在移动终端、计算机终端或者类似的运算装置中执行的。以运行在移动终端上为例,图1是本申请实施例的一种报文处理方法的移动终端的硬件结构框图。如图1所示,移动终端10可以包括一个或多个(图1中仅示出一个)处理器102(处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)、用于存储数据的存储器104、以及用于通信功能的传输装置106。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述电子装置的结构造成限定。例如,移动终端10还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。
存储器104可配置为存储应用软件的软件程序以及模块,如本申请实施例中的报文处理方法对应的程序指令/模块,处理器102通过运行存储在存储器104内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至移动终端10。上述网 络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。
传输装置106配置为经由一个网络接收或者发送数据。上述的网络具体实例可包括移动终端10的通信供应商提供的无线网络。在一个实例中,传输装置106包括一个网络适配器(Network Interface Controller,简称为NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输装置106可以为射频(Radio Frequency,简称为RF)模块,其用于通过无线方式与互联网进行通讯。
在本实施例中提供了一种可以运行于上述移动终端的报文处理方法,
图2是根据本申请实施例的报文处理方法的流程图,如图2所示,该方法包括如下步骤:
步骤S202,获取来自终端中的应用的待外发的数据报文;
步骤S204,在确定需要拦截该待外发的数据报文时,对所述待外发的数据报文进行外发拦截。
其中,执行上述步骤的主体可以是终端中的流量管控装置。该流量管控装置可应用于所述终端,可为所述终端内操作系统中的一个组件或插件,还可以是安装在操作系统中的一个应用。
所述待外方的数据报文可包括:所述终端需要发送另一个终端或设备的报文。待外方的数据报文达到目的地址必须经过所述终端的外发接口进入到网络后传输到目的地址所在的另一个设备。
步骤S202可包括:所述流量管控装置可以从终端的待外发的数据报文的缓存空间内读取所述数据报文。步骤S204可包括:在将数据报文外发之前,过滤需要拦截的数据报文。例如,将需要拦截的数据报文剔除待发送数据报文队列。再例如,为了区分需要拦截的待外方的数据报文和无需拦截的待外方的数据报文,可能对待拦截的数据报文的拦截标签;如此,收 发器在传输数据报文之前,根据所述拦截标签拦截数据报文,即屏蔽的待拦截的数据报文的发送操作。
通过上述实施例,能够实现在待外发的数据报文进行外发之前,对不必要外发的数据报文进行拦截,从而避免了不必要的流量浪费。因此,可以解决相关技术中存在的流量浪费的问题,达到对终端应用流量进行管控,节省流量费用的效果。
在一个可选的实施例中,获取来自上述终端中的应用的待外发的数据报文包括:在监听到终端中的TUN口中有数据写入时,从TUN口中读取待外发的数据报文,其中,终端中的应用的待外发的数据均会重定向到TUN口。在本实施例中,终端在启动VPN服务后,会创建虚拟TUN口,终端上的所有应用的待外发的数据报文都可以重定向发给该虚拟TUN口。在本实施例中,在监听到TUN口中有数据写入时,可以先从TUN口读取数据报文到缓存,再根据缓存中的数据报文的信息进行后续处理。其中,TUN口是计算机的专业术语,可以指linux操作系统内核中的虚拟网络设备。
在一些实施例中,终端在启动一些应用后,会创建虚拟口,该虚拟口可为虚拟网卡,没有直接映射到物理网卡上。所述虚拟口可包括TUN口和Tap口。TUN口为一种三层虚拟网卡,可以用于处理IP数据报文。Tap口为一种二层虚拟网卡,能够处理数据链路层网络的数据报文,例如,以太网报文。
在本实施例中,拦截对应的数据报文,可包括:不将缓存空间内或应用产生的数据报文传输到物理网卡上,如此,对应的数据报文就无法外发了,如此,就实现了数据报文的拦截。
在一个可选的实施例中,在获取来自上述终端中的应用的待外发的数据报文之后,上述方法还包括:根据待外发的数据报文的包头信息在会话(session)链表中查找是否存在与所述待外发的数据报文对应的session; 在确定存在的情况下,根据待外发的数据报文更新与待外发的数据报文对应的session;在确定不存在的情况下,创建新的session,并根据所述新的session中的地址信息创建新的套接字socket连接。在本实施例中,可以先为待外发的数据创建会话,其中,在根据待外发的数据报文的包头信息在会话session链表中查找到与该待外发的数据报文对应的session时,可以根据待外发的数据报文更新与待外发的数据报文对应的session的有效时间、标识ID等信息,在需要创建新的session时,需要记录协议、时间、用户身份标识(User Identifier,UID)、版本、地址、ID等信息,并调用系统socket新建网络控制协议(Internet Control Message Protocol,简称为ICMP)连接,保护protect连接从而使得从该socket发出的数据不会被截获。
在一个可选的实施例中,确定需要拦截上述待外发的数据报文包括:当通过监听所述session链表中的socket连接确定待外发的数据报文需要发送给用于处理待外发的数据报文的远端服务器时,根据待外发的数据报文的目标网络协议IP地址和端口确定所述应用的标识;在根据应用的标识确定所述应用为非前台运行的应用的情况,确定需要拦截待外发的数据报文。在本实施例中,可根据产生该待外发的数据报文的应用是否是前台运行的应用来确定是否拦截该待外发的数据报文的,当产生该待外发的数据报文的应用是前台运行的应用时,不需要拦截,否则,需要拦截。需要说明的是,将发送该待外发的数据报文的应用是否是前台运行的应用来对待外发的数据报文进行拦截处理的方式仅是一种可选的实施例,在实际应用时,也可以根据其他拦截条件来对报文进行拦截,例如,根据应用是否处于白名单中来进行报文的拦截处理,或者,根据报文的发送时间段来进行拦截处理等等。
在一个可选的实施例中,提取待发送数据报文的关键字,根据所述关键字确定是否需拦截的数据报文,若所述关键字为需拦截的数据报文的关 键字,则拦截该数据报文。拦截的具体方式包括:将存储有待发送数据报文队列剔除该数据报文,或者,直接丢弃该数据报文。
所述关键字可来自数据报文的包头和/或正文。
在一个可选的实施例中,在获取来自上述终端中的应用的待外发的数据报文之后,上述方法还包括:在确定不需要拦截待外发的数据报文时将待外发的数据报文转发给预定网卡,并指示预定网卡将待外发的数据报文转发给用于处理待外发的数据报文的预定服务器。在本实施例中,主要是对不需要拦截待外发的数据报文的情况进行说明,在不需要拦截的情况下,需要将该报文进行外发处理,发送到远端服务器中,以使得该远端服务器根据应用的请求进行对应的处理。
在一个可选的实施例中,确定不需要拦截上述待外发的数据报文包括:当通过监听所述session链表中的socket连接确定待外发的数据报文需要发送给用于处理待外发的数据报文的远端服务器时,根据待外发的数据报文的目标网络协议IP地址和端口确定应用的标识;在根据应用的标识确定应用为前台运行的应用的情况,确定不需要拦截待外发的数据报文。在本实施例中,将发送该待外发的数据报文的应用是否是前台运行的应用来对待外发的数据报文进行拦截处理的方式仅是一种优选的实施例,在实际应用时,也可以根据其他拦截条件来对报文进行拦截,例如,根据应用是否处于白名单中来进行报文的拦截处理,或者,根据报文的发送时间段来进行拦截处理,等等。
在一个可选的实施例中,在将上述待外发的数据报文转发给预定网卡之后,上述方法还包括:通过监听所述session链表中的socket连接确定接收到来自预定服务器的接收数据报文;根据接收数据报文的包头信息在session链表中查找与接收数据报文对应的session,并从查找到的与接收数据报文对应的session中读取待接收数据报文的应用的地址信息;将接收数 据报文转发给应用。在本实施例中,预定服务器在对应用的请求进行处理之后,会返回对应的处理结果,即上述的接收数据报文,进而可以将该接收数据报文转发给应用。
在一个可选的实施例中,将上述接收数据报文转发给上述应用包括:对上述接收数据报文进行重组;将重组后的接收数据报文写入虚拟网络设备TUN口中,以使该虚拟TUN口将重组后的接收数据报文发送给上述应用。在本实施例中,可以通过TUN口将接收数据报文转发给应用。
由上述的实施例可知,本申请主要是通过如下步骤实现的流量管控:
1.启动流量管控功能,用户确认创建VPN连接后,流量管控应用启动VPN服务重定向终端数据到虚拟TUN口。
2.流量管控应用监听TUN口有数据报文写入时,读取原始报文,根据拦截规则判断是否拦截,后转发给真实网卡,真实网卡转发给远端服务器;同时流量监控应用根据网络协议给终端应用回复控制响应。
3.流量管控应用监听智能终端接收到数据时,将原始数据报文进行重组写入TUN口,TUN口转发报文给终端应用。具体的整体结构框图可以参考图3。
通过本申请的上述实施例,由于终端的流量管控装置能够实现从TUN读取数据,进行数据报文的重组、拦截判断、然后转发给真实网卡(即,上述的预定网卡),能自动实现限制智能终端后台运行的应用流量发送和接收。因此,可以解决用户智能终端后台应用偷跑流量的问题,达到对用户智能终端应用流量管控,为用户节省网络费用的效果。
如图8所示,本申请一个实施例还提供一种终端,所述终端包括:收发器及处理器;所述处理器与所述收发器连接,配置为通过程序的执行,控制所述收发器的数据收发,并执行前述一个或多个技术方案提供的报文处理方法,例如,可执行如图2、图5至图7任意所示的报文处理方法。
所述收发器可对应于天线,所述处理器可对应于各种类型的处理器,例如,中央处理器、微处理器、数字信号处理器、可编程阵列等。
所述处理器与所述天线之间通过总线等设备内接口连接,
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本申请各个实施例所述的方法。
在本实施例中还提供了一种报文处理装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。
图4是根据本申请实施例的报文处理装置的结构框图,如图4所示,该装置包括如下模块:
获取模块42,配置为获取来自终端中的应用的待外发的数据报文;拦截模块44,连接至上述获取模块42,用于在确定需要拦截所述待外发的数据报文时,对所述待外发的数据报文进行外发拦截。
在一个可选的实施例中,上述装置还包括读取单元,配置为在监听到终端中的虚拟网络设备TUN口中有数据写入时,从TUN口中读取待外发的数据报文,其中,该终端中的应用的待外发的数据均会重定向到TUN口。
在一个可选的实施例中,上述装置还包括查找模块,配置为在获取来 自上述终端中的应用的待外发的数据报文之后,根据待外发的数据报文的包头信息在会话session链表中查找是否存在与该待外发的数据报文对应的session;更新模块,配置为在确定存在的情况下,根据该待外发的数据报文更新与待外发的数据报文对应的session;创建模块,配置为在确定不存在的情况下,创建新的session,并根据新的session中的地址信息创建新的套接字socket连接。
在一个可选的实施例中,上述装置可以通过如下方式确定需要拦截上述待外发的数据报文:当通过监听session链表中的socket连接确定上述待外发的数据报文需要发送给用于处理待外发的数据报文的远端服务器时,根据该待外发的数据报文的目标网络协议IP地址和端口确定上述应用的标识;在根据应用的标识确定应用为非前台运行的应用的情况,确定需要拦截上述待外发的数据报文。
在一个可选的实施例中,上述装置还配置为在获取来自上述终端中的应用的待外发的数据报文之后,在确定不需要拦截所述待外发的数据报文时,将上述待外发的数据报文转发给预定网卡,并指示该预定网卡将待外发的数据报文转发给用于处理该待外发的数据报文的预定服务器。
在一个可选的实施例中,上述装置可以通过如下方式确定不需要拦截上述待外发的数据报文:当通过监听上述session链表中的socket连接确定待外发的数据报文需要发送给用于处理该待外发的数据报文的远端服务器时,根据上述待外发的数据报文的目标网络协议IP地址和端口确定上述应用的标识;在根据上述应用的标识确定应用为前台运行的应用的情况,确定不需要拦截该待外发的数据报文。
在一个可选的实施例中,上述装置还配置为在将上述待外发的数据报文转发给上述预定网卡之后,通过监听上述session链表中的socket连接确定接收到来自预定服务器的接收数据报文;根据该接收数据报文的包头信 息在session链表中查找与接收数据报文对应的session,并从查找到的与接收数据报文对应的session中读取待接收该接收数据报文的应用的地址信息;将接收数据报文转发给应用。
在一个可选的实施例中,上述装置可以通过如下方式将接收数据报文转发给上述应用:对接收数据报文进行重组;将重组后的接收数据报文写入虚拟网络设备TUN口中,以使该虚拟TUN口将重组后的接收数据报文发送给上述应用。
在一个可选的实施例中,图4所示的报文处理装置是可以应用于终端中的流量管控装置中,下面以该智能终端中的流量管控装置为例,对本申请进行说明:
本实施例中的流量管控装置可以执行如下操作:
1.流量管控装置中的业务模块启动智能终端自带的VPN Service服务,VPN Service服务启动后,会创建虚拟TUN口,智能终端上所有应用外发的数据报文都会重定向发给虚拟的TUN口。
2.流量管控装置中的主控模块(对应于上述的获取模块42)监听虚拟TUN口,当TUN口有数据写入时,从TUN口读取数据报文到缓存。
3.主控模块读取缓存中数据报文的包头信息,包括IP地址信息、端口信息、协议状态信息、窗口信息等,根据报文包头中的传输协议类型,调用不同的传输协议的数据收发模块进行处理,传输协议包括TCP、UDP和ICMP等。
4.流量管控装置中的数据收发模块根据数据报文包头信息创建session。创建session时,会先到session链表中找,如果是同一种协议报文,且地址一致,则认为session已经存在,相反如果session不存在,则创建新的session,并根据session中的地址信息创建新的socket连接,用于数据的转发。
5.数据收发模块监听session链表中所有的socket连接,当有数据需要发送给远端服务器时,调用拦截模块进行管控。拦截模块根据发送的数据报文的目标IP和端口,找到对应的终端应用的标识UID,再跟用户当前正在前台使用的终端应用UID比较,如果为前台运行应用发送的数据,则调用session中的socket连接,将原始数据报文转发给真实网卡,真实网卡再转发给远程服务器,否则拦截。
6.当远端服务器有数据报文发送给智能终端真实网卡时,可以监听到转发socket有数据接收,数据收发模块从socket读取数据到缓存,根据数据报文包头中的地址信息在session链表中找到对应的session,从session中读取终端应用地址信息,将接收的数据报文进行重组后写入虚拟TUN口,虚拟TUN口会转发数据给终端应用。
7.主控模块维护所有应用的网络连接信息,并隔固定时间清除超时的连接。在一些实施例中,任意两个固定时间对应的时长可以相等或不等;例如,在一个时间周期的第一时间段内的固定时间的时长为第一时长,在另一个时间周期的第二时间段内的固定时间的时长为第二时长;若第一时间段为用户使用终端频率较低或者使用时间较少的时间段;第二时间段可为用户使用终端频率高于第一时间段的时间段,或者,用于使用终端的时间多于第一时间段的时间段。第一时间段对应的第一时长可长于第二时长,减少主控模块不必要的操作,降低终端的功耗,降低终端处于低功耗模式(例如,休眠模式)下被唤醒的次数等。图5是根据本申请一个实施例的终端应用数据发送处理图,如图5所示,包括如下步骤:
步骤S501监听TUN口是否有数据需要发送。若TUN口有数据需要发送,则TUN口需要发送的数据报文,即为前述待发送的数据报文的一种。
步骤S502判断是否为EPOLL错误事件,如果是,则进入错误处理。
步骤S503如果是数据读取事件,则从TUN口读取数据到缓存。
步骤S504对数据报文进行格式检查和协议判断,例如,进行包格式检查、协议判断。如果是TCP协议报文,则跳转到S505;如果是UDP协议报文,则跳转到S517;如果是ICMP协议报文,则跳转到S522。
步骤S505调用TCP数据报文收发处理模块处理,判断是否是紧急包。如果不是紧急包(即非紧急包)则跳转到S506;如果是紧急包则跳转到S507。判断是否是紧急包的方式有多种,例如,判断是否携带有紧急包的紧急字段;判断是否发送给特定接收端的数据包;判断是否要求延迟在指定时间内的包。在本发明实施例中“数据报文”和“数据包”是同义词。
步骤S506进行TCP报文的合法性检测,如果报文合法则跳转到S508,如果报文不合法则跳转到S509。
步骤S507紧急包丢弃。
步骤S508从session链表中寻找当前TCP session,判断是否存在,不存在,并且报文为syn包,则跳转到S510,存在则跳转到S511;如果不是syn包,则表示错误包,跳转到S509。
步骤S509不合法的数据报文丢弃。
步骤S510创建新的session。session记录协议类型、时间、UID、版本、地址、ID等(还有其他字段)信息,并调用系统socket建立传输控制协议(Transfer Control Protocol,简称为TCP)连接,protect连接,使从该socket发出的数据不会被TUN截获,在EPOLL注册该socket的读取和错误事件监听,之后把新的session加入session链表中。
步骤S511在session链表中更新有效时间、ID、发送总长度等信息。
步骤S512判断数据报文是否是TCP状态包,如果是,则跳转到S513;如果不是,则是数据包,跳转到S514。
步骤S513根据TCP协议,按包状态信息进行出错或者状态转移修改,响应终端应用,并更新session中TCP状态。
步骤S514先判断session中TCP状态,如果是TCP_CLOSING或者TCP_CLOSE,则表明已经关闭,跳转到S515;如果未关闭,则跳转到S516。
步骤S515不发送数据。
步骤S516将数据存入session的发送数据队列中。
步骤S517调用UDP数据收发处理模块,从session链表中寻找当前UDP session,如果不存在,则跳转到S518;存在,则跳转到S519。
步骤S518创建新的session,记录协议、时间、UID、版本、地址、ID等信息,并调用系统socket新建UDP连接,protect连接,使从该socket发出的数据不会被TUN截获。在EPOLL注册该socket的读取和错误事件监听,之后把新的session加入session队列中。
步骤S519找到对应的session,在session中更新有效时间、ID、发送总长度等信息。
步骤S520判断是否是DNS包或DHCP包,进行重组处理。
步骤S521进行是否拦截判断,如果是前台应用发出的报文,则跳转到S522,如果是后台应用发出的报文,则跳转到S523。
步骤S522重组UDP包,修改当前ID,重新计算校验和,修改地址信息,通过新的socket发送到远端服务器。
步骤S523需要拦截,不发送。
步骤S524调用ICMP数据收发处理模块处理,包检查类型,如果支持,跳转到S523,不支持跳转到S526。
步骤S525从session链表中寻找当前ICMP session,如果不存在,则跳转到S526;如果存在,则跳转到S527。
步骤S526跳过不支持的类型。
步骤S527创建新的session,记录协议、时间、UID、版本、地址、ID等信息,并调用系统socket新建ICMP连接,protect连接,使从该socket 发出的数据不会被TUN截获。在EPOLL注册该socket的读取和错误事件监听,之后把新的session加入session队列。
步骤S528找到对应的session,在session中更新有效时间、ID等信息。
步骤S529进行是否拦截判断,如果是前台应用发出的报文,则跳转到S530,如果是后台应用发出的报文,则跳转到S531。
步骤S530重组ICMP包,修改当前ID,重新计算校验和,地址信息,通过新的socket发送到远端服务器。
步骤S531需要拦截,不发送。
图6是根据本申请一个实施例的数据转发和接收处理流程图,如图6所示,包括如下步骤:
步骤S601如果监听到EPOLL事件,说明socket有数据需要发送或接收。
步骤S602拷贝数据到缓存。
步骤S603对数据报文进行格式检查和协议判断。如果是TCP协议报文,则跳转到S604;如果是UDP协议报文,则跳转到S614;如果是ICMP协议报文,则跳转到S620。
步骤S604调用TCP数据报文收发处理模块。判断EPOLL事件,如果是EPOLL ERROR事件则跳转到S605;如果是EPOLL OUT事件,则跳转到S606;如果是EPPOLL IN事件,则跳转到S611。
步骤S605进行错误处理。
步骤S606接收从远端发送的数据,获取当前接收窗口大小,如果有转发数据,则判断转发数据是否确认接收。如果TCP状态为TCP_ESTABLISHED或者TCP_CLOSE_WAIT,则获取发送窗口大小,用该buffer接收数据,如果数据长度小于0,跳转到S607,如果数据长度等 于0,则跳转到S608,如果数据长度大于0,则跳转到S609。否则,提示还有数据没有发送完毕。
步骤S607标识出错,发送FIN指令给应用并关闭socket。
步骤S608说明为结束数据报文,此时如果没有转发数据,则可以发送FIN指令给应用并关闭socket。
步骤S609表示数据传输,重组TCP报文,修改地址信息。
步骤S610把重组后的TCP报文发送到TUN口。
步骤S611说明需要转发数据,对转发数据进行是否拦截判断,如果是终端前台应用数据,则跳转到S612;如果是后台应用数据,则跳转到S613。
步骤S612通过新的socket转发给远端服务器。
步骤S613需要拦截,不发送。
步骤S614调用UDP数据收发处理模块处理,判断EPOLL事件,如果是EPOLL ERROR事件则跳转到S615;如果是EPPOLL IN事件,则跳转到S616。
步骤S615进行错误处理。
步骤S616从socket获取数据到buffer,修改session链表中该UDP session对应的接收长度。
步骤S617如果是DNS响应,则调额外处理。
步骤S618重组UDP报文,修改地址信息。
步骤S619把重组后的UDP报文发送到TUN口。
步骤S620调用ICMP数据收发处理模块处理,判断EPOLL事件,如果是EPOLL ERROR事件则跳转到S621;如果是EPPOLL IN事件,则跳转到S622。
步骤S621进行错误处理。
步骤S622从socket获取数据buffer。
步骤S623重组ICMP报文,恢复ICMP ID,计算ICMP校验和,修改地址信息。
步骤S624把重组后的ICMP报文发送到TUN口。
图7是根据本申请又一个实施例的session维护处理流程如图,如图7所示,包括如下步骤:
步骤S701遍历session链表,检查session记录。
步骤S702对session中数据报文类型进行协议判断。如果是TCP协议报文,则跳转到S703;如果是UDP协议报文,则跳转到S708;如果是ICMP协议报文,则跳转到S713。
步骤S703调用TCP数据收发处理模块处理,判断TCP状态是否超时。
步骤S704如果超时,且TCP状态为LISTEN,则标记session TCP状态为CLOSING状态。
步骤S705如果session TCP状态为CLOSING、CLOSE状态,关闭session中的socket,标记session TCP状态为CLOSE状态。
步骤S706session中数据发送长度清零。
步骤S707session中数据接收长度清零。
步骤S708调用UDP数据收发处理模块处理,判断UDP状态是否超时。
步骤S709如果超时,则标记session TCP状态为FINISHING状态。
步骤S710如果session TCP状态为UDP_FINISHING、UDP_CLOSED、UDP_BLOCKED,如果是,关闭session中的socket,标记session UDP状态为CLOSED状态。
步骤S711session中数据发送长度清零。
步骤S712session中数据接收长度清零。
步骤S713调用ICMP数据收发处理模块处理,判断UDP状态是否超时。
步骤S714关闭session中的socket。
步骤S715清除session链表中无效的session。
本申请的实施例还提供了一种存储介质,该存储介质包括存储的程序,其中,上述程序运行时执行上述任一项所述的方法。
在一些实施例中,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。
本申请的实施例还提供了一种处理器,该处理器用于运行程序,其中,该程序运行时执行上述任一项方法中的步骤。
通过上述实施例,可以解决用户智能终端后台应用偷跑流量的问题,本申请中的实施例能够在智能终端免root,且不需要搭建VPN服务器条件下,实现对用户智能终端应用的流量管控,从而达到防止后台应用偷跑流量,为用户节省网络费用的目的;具体可以达到以下效果:
1)智能终端免root。不需改变用户智能终端的设置,避免为了实现防后台应用流量偷跑,而给用户带来的操作智能终端的复杂度。2)不需要额外建立VPN服务器。在卫星网络环境下,空口资源有限,避免了用户终端与VPN服务器建立VPN连接后,带来额外的网络开销。3)在本申请技术基础上,实现了用户智能终端的后台应用防偷跑拦截功能,为用户节省了流量费用。4)本申请不仅用于海洋卫星网络通讯,还适用于飞机、车载、高山、煤矿等现有移动网络无法通讯的地方的卫星网络通讯。5)本申请不仅用于卫星网络通讯领域,还适用于国际漫游、移动WiFi、偏远地区或国家等WiFi费用昂贵的网络领域。
显然,本领域的技术人员应该明白,上述的本申请的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者 分布在多个计算装置所组成的网络上,在一些实施例中,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本申请不限制于任何特定的硬件和软件结合。
以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。
Claims (13)
- 一种报文处理方法,包括:获取来自终端中的应用的待外发的数据报文;在确定需要拦截所述待外发的数据报文时,对所述待外发的数据报文进行外发拦截。
- 根据权利要求1所述的方法,其中,获取来自终端中的应用的待外发的数据报文包括:在监听到所述终端中的TUN口中有数据写入时,从所述TUN口中读取所述待外发的数据报文,其中,所述终端中的应用的待外发的数据均会重定向到所述TUN口。
- 根据权利要求1所述的方法,其中,在获取来自终端中的应用的待外发的数据报文之后,所述方法还包括:根据所述待外发的数据报文的包头信息在会话链表中查找是否存在与所述待外发的数据报文对应的会话;在确定存在的情况下,根据所述待外发的数据报文更新与所述待外发的数据报文对应的会话;在确定不存在的情况下,创建新的会话,并根据所述新的会话中的地址信息创建新的套接字连接。
- 根据权利要求3所述的方法,其中,确定需要拦截待外发的数据报文包括:当通过监听所述会话链表中的套接字连接确定所述待外发的数据报文需要发送给用于处理所述待外发的数据报文的远端服务器时,根据所述待外发的数据报文的目标网络协议IP地址和端口确定所述应用的标识;在根据所述应用的标识确定所述应用为非前台运行的应用的情况, 确定需要拦截所述待外发的数据报文。
- 根据权利要求3所述的方法,其中,在获取来自终端中的应用的待外发的数据报文之后,所述方法还包括:在确定不需要拦截所述待外发的数据报文时,将所述待外发的数据报文转发给预定网卡,并指示所述预定网卡将所述待外发的数据报文转发给用于处理所述待外发的数据报文的预定服务器。
- 根据权利要求5所述的方法,其中,确定不需要拦截待外发的数据报文包括:当通过监听所述会话链表中的套接字连接确定所述待外发的数据报文需要发送给用于处理所述待外发的数据报文的远端服务器时,根据所述待外发的数据报文的目标网络协议IP地址和端口确定所述应用的标识;在根据所述应用的标识确定所述应用为前台运行的应用的情况,确定不需要拦截所述待外发的数据报文。
- 根据权利要求5所述的方法,其中,在将所述待外发的数据报文转发给预定网卡之后,所述方法还包括:通过监听所述会话链表中的套接字连接确定接收到来自所述预定服务器的接收数据报文;根据所述接收数据报文的包头信息在会话链表中查找与所述接收数据报文对应的会话,并从查找到的与所述接收数据报文对应的会话中读取待接收所述接收数据报文的应用的地址信息;将所述接收数据报文转发给所述应用。
- 根据权利要求7所述的方法,其中,将所述接收数据报文转发给所述应用包括:对所述接收数据报文进行重组;将重组后的接收数据报文写入TUN口中,以使所述TUN口将所述重组后的接收数据报文发送给所述应用。
- 一种报文处理装置,其中,包括:获取模块,用于获取来自终端中的应用的待外发的数据报文;拦截模块,用于在确定需要拦截所述待外发的数据报文时,对所述待外发的数据报文进行外发拦截。
- 根据权利要求9所述的装置,其中,所述获取模块包括:读取单元,用于在监听到所述终端中的TUN口中有数据写入时,从所述TUN口中读取所述待外发的数据报文,其中,所述终端中的应用的待外发的数据均会重定向到所述TUN口。
- 根据权利要求9所述的装置,其中,所述装置还包括:查找模块,用于在获取来自终端中的应用的待外发的数据报文之后,根据所述待外发的数据报文的包头信息在会话链表中查找是否存在与所述待外发的数据报文对应的会话;更新模块,用于在确定存在的情况下,根据所述待外发的数据报文更新与所述待外发的数据报文对应的会话;创建模块,用于在确定不存在的情况下,创建新的会话,并根据所述新的会话中的地址信息创建新的套接字连接。
- 一种存储介质,其中,所述存储介质包括存储的程序,其中,所述程序运行时执行权利要求1至8中任一项所述的方法。
- 一种终端,所述终端包括:收发器及处理器;所述处理器与所述收发器连接,配置为通过程序的执行,控制所述收发器的数据收发,并执行运行时执行权利要求1至8中任一项所述的方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710907981.1A CN109587074B (zh) | 2017-09-29 | 2017-09-29 | 报文处理方法、装置、存储介质及处理器 |
CN201710907981.1 | 2017-09-29 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019062479A1 true WO2019062479A1 (zh) | 2019-04-04 |
Family
ID=65900660
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2018/103782 WO2019062479A1 (zh) | 2017-09-29 | 2018-09-03 | 报文处理方法、装置、存储介质及终端 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109587074B (zh) |
WO (1) | WO2019062479A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111224893A (zh) * | 2019-12-30 | 2020-06-02 | 中国人民解放军国防科技大学 | 一种基于vpn的安卓手机流量采集与标注系统及方法 |
CN113468081A (zh) * | 2021-07-01 | 2021-10-01 | 福建信息职业技术学院 | 基于ebi总线的串口转udp的装置及方法 |
CN113645308A (zh) * | 2021-08-18 | 2021-11-12 | 平安普惠企业管理有限公司 | 移动终端tcp通信、装置、设备及存储介质 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115150189B (zh) * | 2022-07-28 | 2023-11-07 | 深圳市瑞云科技有限公司 | 一种基于企业私有云盘文件外发自动拦截的方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103916394A (zh) * | 2014-03-31 | 2014-07-09 | 魏强 | 公共wifi环境下的数据传输方法及系统 |
CN104010000A (zh) * | 2014-06-13 | 2014-08-27 | 北京联宇益通科技发展有限公司 | 安卓系统非超级用户权限下数据包过滤方法、装置和系统 |
CN106330584A (zh) * | 2015-06-19 | 2017-01-11 | 中国移动通信集团广东有限公司 | 一种业务流的识别方法及识别装置 |
US20170034737A1 (en) * | 2012-07-25 | 2017-02-02 | Huawei Technologies Co., Ltd. | Higher Layer Compression with Lower Layer Signaling |
CN106714287A (zh) * | 2016-12-01 | 2017-05-24 | 腾讯科技(深圳)有限公司 | 基于网络访问控制的终端节省电量的方法及装置 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6816455B2 (en) * | 2001-05-09 | 2004-11-09 | Telecom Italia S.P.A. | Dynamic packet filter utilizing session tracking |
CN104468269B (zh) * | 2014-12-01 | 2018-02-13 | 郭丹 | 一种基于Android终端设备的定向流量监管方法 |
US9961105B2 (en) * | 2014-12-31 | 2018-05-01 | Symantec Corporation | Systems and methods for monitoring virtual networks |
CN105512549A (zh) * | 2015-12-02 | 2016-04-20 | 珠海市君天电子科技有限公司 | 一种应用程序拦截方法及装置 |
-
2017
- 2017-09-29 CN CN201710907981.1A patent/CN109587074B/zh active Active
-
2018
- 2018-09-03 WO PCT/CN2018/103782 patent/WO2019062479A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170034737A1 (en) * | 2012-07-25 | 2017-02-02 | Huawei Technologies Co., Ltd. | Higher Layer Compression with Lower Layer Signaling |
CN103916394A (zh) * | 2014-03-31 | 2014-07-09 | 魏强 | 公共wifi环境下的数据传输方法及系统 |
CN104010000A (zh) * | 2014-06-13 | 2014-08-27 | 北京联宇益通科技发展有限公司 | 安卓系统非超级用户权限下数据包过滤方法、装置和系统 |
CN106330584A (zh) * | 2015-06-19 | 2017-01-11 | 中国移动通信集团广东有限公司 | 一种业务流的识别方法及识别装置 |
CN106714287A (zh) * | 2016-12-01 | 2017-05-24 | 腾讯科技(深圳)有限公司 | 基于网络访问控制的终端节省电量的方法及装置 |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111224893A (zh) * | 2019-12-30 | 2020-06-02 | 中国人民解放军国防科技大学 | 一种基于vpn的安卓手机流量采集与标注系统及方法 |
CN113468081A (zh) * | 2021-07-01 | 2021-10-01 | 福建信息职业技术学院 | 基于ebi总线的串口转udp的装置及方法 |
CN113468081B (zh) * | 2021-07-01 | 2024-05-28 | 福建信息职业技术学院 | 基于ebi总线的串口转udp的装置及方法 |
CN113645308A (zh) * | 2021-08-18 | 2021-11-12 | 平安普惠企业管理有限公司 | 移动终端tcp通信、装置、设备及存储介质 |
CN113645308B (zh) * | 2021-08-18 | 2022-09-16 | 平安普惠企业管理有限公司 | 移动终端tcp通信、装置、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN109587074A (zh) | 2019-04-05 |
CN109587074B (zh) | 2022-04-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019062479A1 (zh) | 报文处理方法、装置、存储介质及终端 | |
CN108601043B (zh) | 用于控制无线接入点的方法和设备 | |
US8824480B2 (en) | Method and apparatus for end-host based mobility, multi-homing and multipath protocols | |
EP3208974A1 (en) | Power line carrier communication terminal control device, system and method | |
US7596151B2 (en) | System and method for discovering path MTU in ad hoc network | |
US20140092723A1 (en) | Methods and apparatus for controlling wireless access points | |
CN112753204A (zh) | 使用单独的传输服务vnfc递送数据平面分组的方法、设备和计算机可读介质 | |
JP7091186B2 (ja) | 双方向通信を提供する低消費電力型無線通信デバイス | |
CN110536481A (zh) | 数据传输链路建立方法、装置以及计算机可读存储介质 | |
EP4183191A1 (en) | Data forwarding in centralized unit and distributed unit split architectures | |
CN105453509A (zh) | 使用基于数据报的协议与vpn服务器通信 | |
CN108777712B (zh) | 区块链节点通信方法、装置及区块链节点 | |
EP3926932A1 (en) | Duplex load balancing for massive iot applications | |
US11477619B2 (en) | Variable volume data transmission in a mobile communication network | |
JP6802530B2 (ja) | 通信方法 | |
CN109587749B (zh) | 数据发送方法和系统 | |
US20050028011A1 (en) | Automatic setting of security in communication network system | |
JP6971118B2 (ja) | IoT機器とのデータの送受信を行うための装置、方法及びプログラム | |
US9998376B2 (en) | Control device, communication system, control method, and non-transitory recording medium | |
TWI701925B (zh) | 邊緣運算網路服務提供方法 | |
CN108650179B (zh) | 一种配置转发表的方法、转发装置及计算机可读存储介质 | |
US11563722B2 (en) | Firewall coordination in a network | |
US9961562B2 (en) | System and method for extending coverage of a communication network | |
CN115296996A (zh) | 数据传输方法、空中升级方法、网络设备、网络系统 | |
CN114666745A (zh) | 数据传输方法、节点控制方法、网络设备、网络系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18861236 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/09/2020) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18861236 Country of ref document: EP Kind code of ref document: A1 |