CN101924771A - Core-level TCP adhering junction method for accelerating application proxy - Google Patents
Core-level TCP adhering junction method for accelerating application proxy Download PDFInfo
- Publication number
- CN101924771A CN101924771A CN2010102633354A CN201010263335A CN101924771A CN 101924771 A CN101924771 A CN 101924771A CN 2010102633354 A CN2010102633354 A CN 2010102633354A CN 201010263335 A CN201010263335 A CN 201010263335A CN 101924771 A CN101924771 A CN 101924771A
- Authority
- CN
- China
- Prior art keywords
- message
- tcp
- server
- client
- acting server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a core-level TCP adhering junction method for accelerating an application proxy, which comprises the following steps: a proxy server establishes a TCP connection with a server after receiving a http request message sent by a client which establishes the TCP connection with the proxy server, and forwards the http request message to the server; and the server transmits a http response-header message to the proxy server, a adhering module detects whether the http response-header message meets the pre-configured adhering conditions when the http response-header message is transmitted to a kernel-mode IP protocol stack, if so, a TCP adhering junction operation is carried out. The method enlarges the application range of the TCP adhering technology.
Description
Technical field
The present invention relates to the network security technology field, relate in particular to a kind of core-level TCP adhering junction method that is used for accelerating application proxy.
Background technology
Application level proxy is widely used in fields such as HTTP Proxy, HTTP buffer memory, the load balancing based on application, depth content detection, gateway virus filtration, is playing the part of current important network service role.Statistics shows the safety problem of current internet more and more from application layer, and application level proxy will be played the part of more and more important role in future.
Traditional application level proxy all adopts application layer to connect bonding agency, and as shown in Figure 1, application proxy is between client and accessed server.The agency plays the part of the role of server for client, and the agency plays the part of the role of client for server.Client is at first set up socket with the agency and is connected, and the agency sets up socket with server again and is connected then.Connection is acted on behalf of the transparent bi-directional of carrying out data after setting up and finishing, and assists client and server to finish network service as a go-between.
The advantage of traditional application proxy is the compatibility that has kept existing network, and can realize complicated protocol processes in application layer.The key problem that limits its large-scale application is a performance issue, shows as that the amount of telling is little, communication delay is long.Reason is for each message application proxy copy to take place twice all, at first is that message copies application proxy to from client, and application proxy copies to server again then.The context switching of kernel state of simultaneous of copy to user's attitude takes place once.Memory copying is a large amount of cpu resource of memory copying consumption between kernel state/user's attitude particularly, and context switches can consume a large amount of resources equally.This process has significantly increased communication delay simultaneously.
Available application proxy accelerated method such as the sendfile under the linux, can only be used for giving server the file transfers of buffer memory at present, can avoid the context of memory copying, minimizing kernel state/user's attitude to switch.At HTTP buffer memory, more useful based on the virus filtration of file scanning.For HTTP Proxy, based on the load balancing of using, based on the depth content of data flow detect, based on the virus filtration of data flow, then can't play a role fully, and and the routing forwarding of core layer sizable performance gap is arranged.
In the prior art, in order to address the above problem the TCP bonding connection technology that adopted, this TCP bonding connection is that with the maximum different of application level proxy the core layer that is connected operating system between the client and server connects bonding.
Wherein, TCP is bonded with three key issues to be needed to solve, otherwise can cause communication abnormality: first, must guarantee that bonding client before sends to agency's message, the complete server that is transmitted to, guarantee that simultaneously server sends to agency's message, the complete client that is transmitted to is not because Transmission Control Protocol can retransmit the message of any affirmation; The second, in fact adhering module is merged into one to two TCP connections, and the TCP sequence number has been determined when connection is set up, so adhering module need be done conversion to follow-up message.The 3rd, client and server operating system difference, the tcp option set of support is also different, so need consult tcp option when TCP three-way handshake.
Wherein, the selection on bonding opportunity is a key point, as shown in Figure 2, usually application proxy obtain HTTP request head promptly among the figure stages 2 back just can judge whether need to do bonding, such as url filtering, based on the load balancing of application etc.But technique scheme really can not be suitable for for example depth content detection, virus filtration etc. for some application.
Summary of the invention
The invention provides a kind of core-level TCP adhering junction method that is used for accelerating application proxy, use the inapplicable little problem of its range of application that causes for some in order to TCP adhering technique in the solution prior art.
Concrete, a kind of core-level TCP adhering junction method that is used for accelerating application proxy provided by the invention comprises:
Acting server and client are held consultation and are set up TCP and be connected; Wherein, when consulting, described acting server notifying clients is not supported timestamp and window expansion factor tcp option, and whether the maximum message segment segment length information MSS of the TCP sequence number of recording interactive message, client support and client support to select to confirm tcp option;
When acting server receives the http request message that described client sends, with server hold consultation set up TCP and be connected after, to the described http request message of described server forwards; Wherein, holding consultation when setting up TCP and being connected with server, the TCP sequence number of recording interactive message, and based on the negotiation result between described acting server and client, adjust the tcp option between described acting server and server, comprise: the MSS that revises in the tcp option is the MSS that described client is supported, and peels off the unsupported tcp option of client, comprises timestamp, window expansion factor, selects to confirm option;
Described server transmits http head response message to acting server, and when described http head response message is sent to the IP stack of kernel state, detect described http head response message by adhering module and whether meet pre-configured bond condition,, then carry out TCP and connect bonding if meet.
Further, in the method for the invention, described client and acting server are held consultation and are set up TCP and be connected and be specially:
Described client sends the syn message to acting server, described acting server writes down the maximum message segment length M SS that client is supported in the tcp option in the described syn message, the tcp option that the TCP sequence number of recording interactive message, client are supported comprises timestamp, window expansion factor, selects to confirm;
Described acting server sends the syn-ack message to client; Wherein, in sending described syn-ack message process, stab and window expansion factor tcp option by the adhering module splitting time;
Described client is finished client to acting server TCP establishment of connection to described acting server feedback ack message.
Further, in the method for the invention, described acting server and server are held consultation and are set up TCP and be connected and be specially:
Described acting server sends the syn message to server, wherein, in sending syn message process, result according to client and acting server negotiation, adjust tcp option by adhering module, specifically comprise: MSS is the MSS that described client is supported in the adjustment tcp option, and peels off the unsupported tcp option of client, comprises timestamp, window expansion factor, selects to confirm option.
After described server receives described syn message, to described acting server feedback syn-ack message;
Described acting server is finished acting server to server TCP establishment of connection to server feedback ack message.
Further, in the method for the invention, connect and also to comprise after bonding carrying out TCP: described adhering module notice application layer discharges the TCP that has set up and connects corresponding resource.
In the method for the invention, hold consultation when setting up TCP and being connected in acting server and client, the TCP sequence number of the mutual message of record comprises: the sequence number of client to the sequence number of the syn message of acting server and acting server to the syn-ack message of client;
Hold consultation when setting up TCP and being connected at acting server and server, the TCP sequence number of the mutual message of record comprises: the sequence number of acting server to the sequence number of the syn message of server and server to the syn-ack message of acting server.
Further, in the method for the invention, connect and also to comprise after bonding carrying out TCP: the mapping logic that described adhering module is set up TCP sequence number and confirmed number, described mapping logic comprises:
New sequence number=existing server reception sequence number of message-client that server receives message arrives the syn sequence number of message of the syn sequence number of message+acting server of acting server to server;
Affirmation number+server that new affirmation number=existing server that server receives message receives message is to for the syn-ack sequence number of message-acting server of the server syn-ack sequence number of message to client;
Client receives new sequence number=existing customer's termination of message and receives sequence number of message-server arrives client to the syn-ack sequence number of message+acting server of acting server syn-ack sequence number of message;
The syn sequence number of message of affirmation number+client that client receives new affirmation number=existing customer's termination receiving literary composition of message to the syn sequence number of message-acting server of acting server to server.
In the method for the invention, carry out TCP connect bonding after, described server and client side all to the message that sends rerun message checking and.
Carry out TCP connect bonding after, message mutual between described server and client side directly is sent to the opposite end by the IP layer.
Described adhering module detects described http head response message and whether meets pre-configured bond condition and be specially: described adhering module is carried out protocal analysis to described http head response message, obtain the packet parsing item, and detect described packet parsing item and whether satisfy pre-configured bond condition; Whether wherein, described packet parsing item comprises in following one or multinomial: file size, file type and be the http segment.
Further, described adhering module detects described http head response message when not meeting pre-configured bond condition, directly described http head response message is sent to the upper strata tcp protocol stack.
Compared with prior art, beneficial effect of the present invention is as follows:
At first, method provided by the invention increases the range that the TCP adhering technique is suitable for, such as depth content detection, virus filtration;
Secondly, the method of the invention makes a session have only the HTTP request of TCP three-way handshake and client to need application proxy to participate in, follow-up all messages are directly in IP layer routing forwarding, avoided the copy of packet from the core space to the user's space, repeatedly the context that causes of socket system call switches, significantly improve the performance of transmitting, and greatly reduced communication delay.The performance boost of application proxy to the degree suitable with routing forwarding, is made it can be applied in the large-scale network system.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 connects bonding agency's schematic diagram for application layer in the prior art;
Fig. 2 is a http protocol processes flow chart in the prior art;
Fig. 3 is http protocol processes flow chart among the present invention;
Fig. 4 is the core-level TCP adhering junction method flow chart of a kind of accelerating application proxy provided by the invention;
The flow chart of the core-level TCP adhering junction method of a kind of accelerating application proxy that Fig. 5 provides for the embodiment of the invention;
Fig. 6 is message flow graph between client, acting server and server among the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
In order to solve the technical problem that exists in the prior art, the invention provides a kind of core-level TCP adhering junction method of accelerating application proxy, this method has increased the range that the TCP adhering technique is suitable for, such as depth content detection, virus filtration etc.
As shown in Figure 2, in the prior art for TCP connect bonding opportunity all be based upon client and acting server three-way handshake after, when client sends the http request message to acting server, yet connect adhesion process if carry out TCP at this moment, really can not be suitable for for the application as information filtering and virus filtration, because, for the application need as information filtering and virus filtration when obtaining http response head, just can obtain the information of bonding needs fully, the size of response file for example, whether be the http segment, file type or the like.
The method of the invention just is based on obtaining constantly as the judgment standard on bonding opportunity of bonding information needed, has changed traditional to connect bonding opportunity at TCP, will be chosen at bonding opportunity when obtaining http response head, specifically as shown in Figure 3.
Yet, also have some problems for choosing of above-mentioned bonding opportunity because the http data arrive acting server followed by http response head, even might http response head and the http data in same IP message the inside.This just cause application layer notice IP layer do bonding in, follow-up http data may arrive the protocol stack of TCP, and protocol stack has sent the ACK message probably.At this tcp protocol stack buffer memory under the http data conditions, be difficult to guarantee the integrality of message.
In order to address this problem, the method for the invention proposes to do bonding decision-making when the IP stack of kernel state is received http response head (before arriving tcp protocol stack).As can be seen from Figure 3, all messages before this message have all sent to an other end of communication, and tcp protocol stack does not have any message of buffer memory.Whether the method for the invention is done the protocal analysis that http responds head at kernel state (IP layer), obtain file size, file type, be http segment etc., and then do bonding judgement.If meet bond condition, so from http response head this start of heading, just begin to do bonding, no longer transmit this message to tcp protocol stack.Thereby avoided the problem of tcp protocol stack buffer memory message cleverly, and, expanded the range of application of adhering technique greatly with respect to traditional realization.
Wherein, described bond condition can be provided with as the case may be flexibly, illustrates to meet bond condition under which situation below by two examples:
Example one: detect for depth content
Some realization can be accomplished the content detection to text, and other file type content-type just can do bonding so; It is more deep that some realization may be done, such as doing detection to the office file.So except text, office file other can be bonding.
Example two: gateway anti-virus
Because virus coupling is the work of CPU intensity, general gateway anti-virus product performance a little less than, may differ from a magnitude with respect to exchange, routing device.
In order to improve the availability of gateway anti-virus product, Products Development personnel are the sweep test flow optionally.File (exe, picture, script etc.) such as scanning infective virus possibility maximum.Other file type just can be bonding.
For product based on the file killing, because the memory-limited of equipment, can not the big or small arbitrarily file of reduction.So when file size Content-Length territory surpasses threshold values, bond condition can be set.
Concrete, the core-level TCP adhering junction method of a kind of accelerating application proxy provided by the invention as shown in Figure 4, specifically may further comprise the steps:
Step S401, acting server and client are held consultation and are set up TCP and be connected.
Wherein, when consulting, described acting server notifying clients is not supported timestamp and window expansion factor tcp option, and whether the maximum message segment segment length information MSS of the TCP sequence number of recording interactive message, client support and client support to select to confirm tcp option.
After step S402, acting server receive the http request message that client sends, hold consultation with server and to set up TCP and be connected, and to the described http request message of described server forwards.
Wherein, holding consultation when setting up TCP and being connected with server, the TCP sequence number of recording interactive message, and based on the negotiation result between described acting server and client, adjust the tcp option between described acting server and server, comprise: the MSS that revises in the tcp option is the MSS that described client is supported, and peels off the unsupported tcp option of client, comprises timestamp, window expansion factor, selects to confirm option.
Step S403, server transmit http head response message to acting server, and when described http head response message is sent to the IP stack of kernel state, detect described http head response message by adhering module and whether meet pre-configured bond condition, if meet execution in step S404; Otherwise, execution in step S405.
Step S404, adhering module are carried out TCP and are connected bonding.
Step S405, adhering module directly send http head response message to the upper strata tcp protocol stack.
Provide preferred embodiment of the present invention according to Fig. 5~Fig. 6 below, and, further provide ins and outs of the present invention, make it that specific implementation process of method provided by the invention can be described better in conjunction with description to embodiment.
As shown in Figure 5, the core-level TCP adhering junction method of a kind of accelerating application proxy that provides for the embodiment of the invention comprises:
Phase I: client and acting server three-way handshake, set up TCP and connect:
Step S501, client send the syn message to acting server.
Step S502, acting server receive behind the syn message to client feedback syn-ack message.
In this step, connect adhesion process, set up in the TCP connection procedure, also will hold consultation and change, be specially common tcp option at this in order to adapt to follow-up TCP:
After acting server receives the syn message, the TCP sequence number of record two-way interactive message, comprise that client arrives the sequence number of syn message of acting server and acting server to the sequence number of the syn-ack message of client, the maximum message segment length M SS that the record client is supported, and the tcp option of client support, comprising: option is confirmed in timestamp, window expansion factor and selection.Wherein, if client does not support to select to confirm that then option is confirmed in the selection acting server need be peeled off the syn message when server end sends the syn message inside; If support to select to confirm option, then do not process.
Then, acting server stabs and window expansion factor option by the adhering module splitting time in client feedback syn-ack message process, promptly closes timestamp and window expansion factor option in the tcp option.
Step S503, client send the ack message to acting server, so far set up TCP and connect.
Second stage:
Step S504, client send the http request message to acting server.
Phase III: acting server and server three-way handshake, set up TCP and connect:
Step S505, acting server send the syn message to server.
In this step, connect adhesion process in order to adapt to follow-up TCP, when described acting server sends the syn message to server, the TCP sequence number of recording interactive message, and, adjust the tcp option between described acting server and server based on the negotiation result between described acting server and client, comprising: the MSS that revises in the tcp option is the MSS that described client is supported, and peel off the unsupported tcp option of client, comprise timestamp, window expansion factor; If client does not support to select to confirm option, then also peel off this moment and select to confirm option.
Step S506, server are to acting server feedback syn-ack message.
Step S507, acting server send the ack message to server, so far set up TCP and connect.
The quadravalence section:
The http request message that step S508, acting server send to the server forwards client.
Five-stage:
Step S509, server transmit http response head message to acting server after receiving the http request message, and when this http head response message is sent to the IP stack of kernel state, by adhering module this http response head message is carried out protocal analysis, obtain the packet parsing item, the adhering module detection messages is resolved item and whether is met pre-configured bond condition, if meet, adhering module is carried out bonding to current TCP connection; Otherwise, directly described http head response message is sent to the upper strata tcp protocol stack.
Whether wherein, the packet parsing item comprises: file size, file type, be http segment etc.
In this step, carry out TCP connect bonding after, subsequent packet is no longer transmitted through application proxy, directly in the core layer routing forwarding.Comprise and do not needed resources such as socket descriptor, storage resources that at this moment, adhering module need be notified application layer to discharge to set up TCP and connect corresponding resource and application layer is distributed.
Need to prove, because connecting (comprise client to acting server and acting server to server), bonded two TCP use diverse sequence number space, therefore must have a kind of mechanism that the sequence number of message that transmits in two connections is carried out mutual conversion---mapping, so after the TCP connection is bonding, adhering module also needs to set up the TCP sequence number mapping logic, is used for adapting to the message of TCP after bonding and transmits; Further, present being seen tcp protocol stack all supports select to confirm (SACK) option, and TCP connects bonding back and selects the affirmation confirmed number to need equally to adjust.
As shown in Figure 6, be message flow graph between client, acting server and server among the present invention, four independently sequence number space: C2P_SEQ, P2S_SEQ, S2P_SEQ, P2C_SEQ (TCP is the communication protocol of full duplex, and reciprocal processing is symmetrical) have appearred among the figure.Here four sequence spaces mentioning are represented the communication sequence on some directions respectively, comprise SYN, Data and ACK message etc.Communication on any one direction of TCP all is orderly, so our defined nucleotide sequence space is: first SYN sequence number of message of initiating on this direction is as the initial number of this sequence space.Usually the length of message can not be modified in the bonding process, so the sequence number mapping only needs the skew fixed.And then among the present invention, sequence number and affirmation mapping logic are as follows:
New sequence number=existing server that server receives message receives sequence number of message-C2P_SEQ+P2S_SEQ;
New affirmation number=existing server that server receives message receives the affirmation number+S2P_SEQ-P2C_SEQ of message;
Client receives new sequence number=existing customer's termination of message and receives sequence number of message-S2P_SEQ+P2C_SEQ;
Client receives the affirmation number+C2P_SEQ-P2S_SEQ of new affirmation number=existing customer's termination receiving literary composition of message;
The amount of calculation of finishing such mapping is very little, therefore when carrying out the message conversion, has avoided complicated sequence number operation.
Further, the verification of TCP and covered whole TCP message segment: TCP head and tcp data.This is an enforceable field, must be to calculate and storage by making a start, and be verified by receiving end.If the checksum error receiving end can be the TCP packet loss.Clearly after adjusting sequence number, confirming number, select the affirmation confirmed number, the verification of TCP and necessarily need reruning, verification is reruned with partial data only, and efficient can be very high.
Carry out TCP bonding after, carried out for the 6th stage, promptly server directly sends the http data to client, client receives response message to server feedback after receiving the http data.
For clearer statement the present invention, the negotiation mechanism to tcp option describes in the TCP connection procedure to setting up between client and acting server and acting server and server among above-mentioned Fig. 5 below, and is specific as follows:
The negotiation of tcp option is a relatively thing of difficulty, because option negotiation takes place when being TCP three-way handshake.When client be connected with application proxy set up finish after, the tcp option of client and application proxy consults also to have finished.Afterwards application proxy and server negotiate tcp option the time, it is immutable that client and application proxy are consulted the option finished.So tcp option can only unidirectional delivery.Relatively the safe course is and allow the set of the less relatively tcp option of acting server support, only the option of client is passed to server, and the option of avoiding server is to the client transmission.
At first, for the TimeStamps timestamp, the timestamp option makes transmit leg place a timestamp value in each message segment.The recipient returns this numerical value in affirmation, thereby allows transmit leg to calculate RTT for each ACK that receives.At present manyly be embodied as each window and only calculate a RTT, this is correct for the window that comprises 8 message segments.Yet bigger window size needs to carry out better RTT and calculates.
This option is in order to calculate RTT, is an auxiliary function.Handle the simple way of this option and close native protocol stack tcp_timestamps function exactly.Client and server thinks that all the other side does not support this option like this, and the problem of negotiation has just solved.
Secondly, for MSS (Maximum Segment Size) maximum message segment section
Maximum message segment segment length (MSS) expression TCP passes toward the length of the largest block data of the other end.When a connection was set up, the both sides of connection will announce MSS separately.We had met MSS all is 1460, and this option does not need to do conversion usually.A kind of average case client meeting announcement server is arranged, and its MSS is less than 1460.When supporting the client of IPSEC to communicate by letter with far-end exactly, the ESP agreement that the IPSEC agreement comprises (IP protocol number is 50) can be added the ESP head in IP back of standard and be added the ESP tail in the packet back.For the length that makes whole message is not more than 1464, can keep a segment length for ESP, so meeting announcement server MSS is less than 1460.Need in this case the MSS of client is delivered to server.
Concrete way is exactly when client and application proxy are held consultation, the MSS of record client.When acting server is initiated a TCP three-way handshake connection, revise the MSS of SYN message, make it identical with the MSS of client.
The 3rd, for Windows Scale window expansion factor
Window enlarges option makes the window definition of TCP increase to 32 from 16.This is not to realize that by revising the TCP stem TCP stem is still used 16, but by option realization of definition 16 expansion operation (scaling operation) is finished.So TCP is maintained the window size of reality in inside 32 value.
Common 16 window can satisfy most demand, so this option can simple process.Similar timestamp is closed the window expansion factor option of native protocol stack and is got final product.
The 4th, for selecting to confirm (SACK)
Select to confirm that (Selective ACK selectivity ACK) SACK confirms what agreement (Cumulative Acknowledgement) proposed at the accumulation in the Transmission Control Protocol.The recipient informs the partial data bag that transmit leg has correctly received selectively in the SACK confirmation, and transmit leg just can only be retransmitted the bag of makeing mistakes according to SACK, and this has just been avoided the unnecessary data re-transmission.When communication needed more efficient carrying out, the both sides of communication need detect any grouping of losing as soon as possible, with regard to transmitting terminal, can judge which grouping is not identified according to the information of the SACK that obtains, thereby can ask to transmit again the grouping of losing.At present do not see the protocol stack of not supporting SACK yet, so this option need not to process.
Method provided by the invention increases the range that the TCP adhering technique is suitable for, such as depth content detection, virus filtration; And because the method for the invention makes a session have only the HTTP request of TCP three-way handshake and client to need application proxy to participate in, follow-up all messages are directly in IP layer routing forwarding, avoided the copy of packet from the core space to the user's space, repeatedly the context that causes of socket system call switches, significantly improve the performance of transmitting, and greatly reduced communication delay.The performance boost of application proxy to the degree suitable with routing forwarding, is made it can be applied in the large-scale network system.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (10)
1. the core-level TCP adhering junction method of an accelerating application proxy is characterized in that, comprising:
Client and acting server are held consultation and are set up TCP and be connected; Wherein, when consulting, described acting server is announced described client and is not supported timestamp and window expansion factor tcp option, and whether the maximum message segment segment length information MSS of the TCP sequence number of recording interactive message, described client support and described client support to select to confirm tcp option;
When described acting server receives the http request message that described client sends, with server hold consultation set up TCP and be connected after, to the described http request message of described server forwards; Wherein, holding consultation when setting up TCP and being connected with described server, the TCP sequence number of recording interactive message, and based on the negotiation result between described acting server and described client, adjust the tcp option between described acting server and described server, comprise: the MSS that revises in the tcp option is the MSS that described client is supported, and peels off the unsupported tcp option of described client, comprises timestamp, window expansion factor, selects to confirm option;
Described server transmits http head response message to described acting server, and when described http head response message is sent to the IP stack of kernel state, detect described http head response message by adhering module and whether meet pre-configured bond condition,, then carry out TCP and connect bonding if meet.
2. the method for claim 1 is characterized in that, described client and acting server are held consultation and set up TCP and be connected and be specially:
Described client sends the syn message to described acting server, described acting server writes down the maximum message segment length M SS that client described in the tcp option is supported in the described syn message, the tcp option that the TCP sequence number of recording interactive message, described client are supported comprises timestamp, window expansion factor, selects to confirm;
Described acting server sends the syn-ack message to described client; Wherein, in sending described syn-ack message process, stab and window expansion factor tcp option by the adhering module splitting time;
Described client is finished described client to described acting server TCP establishment of connection to described acting server feedback ack message.
3. the method for claim 1 is characterized in that, described acting server and server are held consultation and set up TCP and be connected and be specially:
Described acting server sends the syn message to described server, wherein, in sending syn message process, result according to described client and the negotiation of described acting server, adjust tcp option by adhering module, specifically comprise: MSS is the MSS that described client is supported in the adjustment tcp option, and peels off the unsupported tcp option of client, comprises timestamp, window expansion factor, selects to confirm option.
After described server receives described syn message, to described acting server feedback syn-ack message;
Described acting server is finished described acting server to described server TCP establishment of connection to described server feedback ack message.
4. as claim 1,2 or 3 described methods, it is characterized in that connect and also to comprise after bonding carrying out TCP: described adhering module notice application layer discharges the TCP that has set up and connects corresponding resource.
5. as claim 1,2 or 3 described methods, it is characterized in that,
Hold consultation when setting up TCP and being connected in acting server and client, the TCP sequence number of the mutual message of record comprises: the sequence number of described client to the sequence number of the syn message of described acting server and described acting server to the syn-ack message of described client;
Hold consultation when setting up TCP and being connected at acting server and server, the TCP sequence number of the mutual message of record comprises: the sequence number of described acting server to the sequence number of the syn message of described server and described server to the syn-ack message of described acting server.
6. method as claimed in claim 5 is characterized in that, connects and also to comprise after bonding carrying out TCP: the mapping logic that described adhering module is set up TCP sequence number and confirmed number, and described mapping logic comprises:
New sequence number=existing server that described server receives message receives sequence number of message-described client arrives described server to the syn sequence number of message+described acting server of described acting server syn sequence number of message;
Affirmation number+described server that new affirmation number=existing server that described server receives message receives message to described generation server syn-ack sequence number of message-described acting server to the syn-ack sequence number of message of described client;
Described client receives new sequence number=existing customer's termination of message and receives sequence number of message-described server arrives described client to the syn-ack sequence number of message+described acting server of described acting server syn-ack sequence number of message;
The syn sequence number of message of affirmation number+described client that described client receives new affirmation number=existing customer's termination receiving literary composition of message to the syn sequence number of message-described acting server of described acting server to described server.
7. method as claimed in claim 6 is characterized in that, carry out TCP connect bonding after, described server and described client all to the message that sends rerun message checking and.
8. method as claimed in claim 6 is characterized in that, carry out TCP connect bonding after, message mutual between described server and described client directly is sent to the opposite end by the IP layer.
9. the method for claim 1 is characterized in that, described adhering module detects described http head response message and whether meets pre-configured bond condition and be specially:
Described adhering module is carried out protocal analysis to described http head response message, obtains the packet parsing item, and detects described packet parsing item and whether satisfy pre-configured bond condition; Whether wherein, described packet parsing item comprises in following one or multinomial: file size, file type and be the http segment.
10. as claim 1 or 9 described methods, it is characterized in that described adhering module detects described http head response message when not meeting pre-configured bond condition, directly described http head response message is sent to the upper strata tcp protocol stack.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102633354A CN101924771B (en) | 2010-08-26 | 2010-08-26 | Core-level TCP adhering junction method for accelerating application proxy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102633354A CN101924771B (en) | 2010-08-26 | 2010-08-26 | Core-level TCP adhering junction method for accelerating application proxy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101924771A true CN101924771A (en) | 2010-12-22 |
| CN101924771B CN101924771B (en) | 2013-11-06 |
Family
ID=43339415
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102633354A Active CN101924771B (en) | 2010-08-26 | 2010-08-26 | Core-level TCP adhering junction method for accelerating application proxy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101924771B (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023624A (en) * | 2013-01-14 | 2013-04-03 | 北京中创信测科技股份有限公司 | Method for implementation of TCP (transmission control protocol) retransmission analysis based on HTTP (hyper text transfer protocol) application layer analysis |
| CN103701819A (en) * | 2013-12-30 | 2014-04-02 | 北京网康科技有限公司 | Hypertext transfer protocol decoding processing method and device |
| CN103825683A (en) * | 2014-03-17 | 2014-05-28 | 北京极科极客科技有限公司 | Kernel proxy method and device based on TCP (transmission control protocol) retransmission mechanism |
| WO2016095729A1 (en) * | 2014-12-16 | 2016-06-23 | 阿里巴巴集团控股有限公司 | Message processing method, device and system |
| CN105897849A (en) * | 2015-12-22 | 2016-08-24 | 乐视云计算有限公司 | Cross-process service method and system and proxy server |
| CN106357710A (en) * | 2015-07-15 | 2017-01-25 | 中国科学院声学研究所 | TCP (transmission control protocol) bonding system and TCP bonding method on basis of multi-core network processors |
| CN106685930A (en) * | 2016-12-06 | 2017-05-17 | 深圳市深信服电子科技有限公司 | Transmission control protocol option processing method and apparatus |
| WO2017107795A1 (en) * | 2015-12-22 | 2017-06-29 | 阿里巴巴集团控股有限公司 | Method and device for accelerating access to website |
| CN107231567A (en) * | 2016-03-25 | 2017-10-03 | 华为技术有限公司 | A kind of message transmitting method, apparatus and system |
| CN108429700A (en) * | 2017-02-13 | 2018-08-21 | 华为技术有限公司 | A kind of method and device sending message |
| CN108696400A (en) * | 2017-04-12 | 2018-10-23 | 北京京东尚科信息技术有限公司 | network monitoring method and device |
| CN109088892A (en) * | 2018-10-19 | 2018-12-25 | 网宿科技股份有限公司 | Data transmission method, system and proxy server |
| CN109309647A (en) * | 2017-07-27 | 2019-02-05 | 华为技术有限公司 | A kind of machinery of consultation of transport protocol, apparatus and system |
| CN109905419A (en) * | 2017-12-07 | 2019-06-18 | 中移(杭州)信息技术有限公司 | A kind of method and apparatus of data transmission |
| CN111049939A (en) * | 2020-03-16 | 2020-04-21 | 深圳益邦物联科技有限公司 | Remote debugging system and method for local protocol configuration and electronic equipment |
| CN112637236A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | HTTP proxy method, architecture and medium for separating from protocol stack |
| CN113596171A (en) * | 2021-08-04 | 2021-11-02 | 杭州朗和科技有限公司 | Cloud computing data interaction method and system, electronic equipment and storage medium |
| WO2022116178A1 (en) * | 2020-12-04 | 2022-06-09 | 华为技术有限公司 | Tcp mss adjustment method, apparatus, and system |
| CN115052049A (en) * | 2022-06-15 | 2022-09-13 | 北京天融信网络安全技术有限公司 | Message forwarding method and system based on IPsec tunnel |
| CN115297165A (en) * | 2022-09-29 | 2022-11-04 | 浙江齐安信息科技有限公司 | Agent device and data processing method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1921438A (en) * | 2006-09-15 | 2007-02-28 | 深圳市深信服电子科技有限公司 | Method for realizing acceleration between networks by using proxy |
| CN101640594A (en) * | 2008-07-31 | 2010-02-03 | 北京启明星辰信息技术股份有限公司 | Method and unit for extracting traffic attack message characteristics on network equipment |
| US20100098092A1 (en) * | 2008-10-18 | 2010-04-22 | Fortinet, Inc. A Delaware Corporation | Accelerating data communication using tunnels |
-
2010
- 2010-08-26 CN CN2010102633354A patent/CN101924771B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1921438A (en) * | 2006-09-15 | 2007-02-28 | 深圳市深信服电子科技有限公司 | Method for realizing acceleration between networks by using proxy |
| CN101640594A (en) * | 2008-07-31 | 2010-02-03 | 北京启明星辰信息技术股份有限公司 | Method and unit for extracting traffic attack message characteristics on network equipment |
| US20100098092A1 (en) * | 2008-10-18 | 2010-04-22 | Fortinet, Inc. A Delaware Corporation | Accelerating data communication using tunnels |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023624A (en) * | 2013-01-14 | 2013-04-03 | 北京中创信测科技股份有限公司 | Method for implementation of TCP (transmission control protocol) retransmission analysis based on HTTP (hyper text transfer protocol) application layer analysis |
| CN103701819A (en) * | 2013-12-30 | 2014-04-02 | 北京网康科技有限公司 | Hypertext transfer protocol decoding processing method and device |
| CN103825683A (en) * | 2014-03-17 | 2014-05-28 | 北京极科极客科技有限公司 | Kernel proxy method and device based on TCP (transmission control protocol) retransmission mechanism |
| WO2016095729A1 (en) * | 2014-12-16 | 2016-06-23 | 阿里巴巴集团控股有限公司 | Message processing method, device and system |
| CN105763507A (en) * | 2014-12-16 | 2016-07-13 | 阿里巴巴集团控股有限公司 | Message processing method, device and system |
| CN106357710A (en) * | 2015-07-15 | 2017-01-25 | 中国科学院声学研究所 | TCP (transmission control protocol) bonding system and TCP bonding method on basis of multi-core network processors |
| CN105897849A (en) * | 2015-12-22 | 2016-08-24 | 乐视云计算有限公司 | Cross-process service method and system and proxy server |
| WO2017107795A1 (en) * | 2015-12-22 | 2017-06-29 | 阿里巴巴集团控股有限公司 | Method and device for accelerating access to website |
| CN106911732A (en) * | 2015-12-22 | 2017-06-30 | 阿里巴巴集团控股有限公司 | A kind of website visiting accelerating method and device |
| CN107231567A (en) * | 2016-03-25 | 2017-10-03 | 华为技术有限公司 | A kind of message transmitting method, apparatus and system |
| CN107231567B (en) * | 2016-03-25 | 2020-10-23 | 华为技术有限公司 | Message transmission method, device and system |
| CN106685930A (en) * | 2016-12-06 | 2017-05-17 | 深圳市深信服电子科技有限公司 | Transmission control protocol option processing method and apparatus |
| CN108429700A (en) * | 2017-02-13 | 2018-08-21 | 华为技术有限公司 | A kind of method and device sending message |
| CN108696400A (en) * | 2017-04-12 | 2018-10-23 | 北京京东尚科信息技术有限公司 | network monitoring method and device |
| CN109309647A (en) * | 2017-07-27 | 2019-02-05 | 华为技术有限公司 | A kind of machinery of consultation of transport protocol, apparatus and system |
| CN109309647B (en) * | 2017-07-27 | 2021-07-09 | 华为技术有限公司 | Transmission protocol negotiation method, device and system |
| CN109905419A (en) * | 2017-12-07 | 2019-06-18 | 中移(杭州)信息技术有限公司 | A kind of method and apparatus of data transmission |
| CN109088892A (en) * | 2018-10-19 | 2018-12-25 | 网宿科技股份有限公司 | Data transmission method, system and proxy server |
| WO2020077680A1 (en) * | 2018-10-19 | 2020-04-23 | 网宿科技股份有限公司 | Data transmission method, system, and proxy server |
| CN109088892B (en) * | 2018-10-19 | 2021-02-12 | 网宿科技股份有限公司 | Data transmission method, system and proxy server |
| US11290544B2 (en) | 2018-10-19 | 2022-03-29 | Wangsu Science & Technology Co., Ltd. | Data transmission methods applied to a proxy server or a backend server, and data transmission system |
| CN111049939A (en) * | 2020-03-16 | 2020-04-21 | 深圳益邦物联科技有限公司 | Remote debugging system and method for local protocol configuration and electronic equipment |
| WO2022116178A1 (en) * | 2020-12-04 | 2022-06-09 | 华为技术有限公司 | Tcp mss adjustment method, apparatus, and system |
| CN112637236A (en) * | 2020-12-31 | 2021-04-09 | 河南信大网御科技有限公司 | HTTP proxy method, architecture and medium for separating from protocol stack |
| CN113596171A (en) * | 2021-08-04 | 2021-11-02 | 杭州朗和科技有限公司 | Cloud computing data interaction method and system, electronic equipment and storage medium |
| CN113596171B (en) * | 2021-08-04 | 2024-02-20 | 杭州网易数之帆科技有限公司 | Cloud computing data interaction method, system, electronic equipment and storage medium |
| CN115052049A (en) * | 2022-06-15 | 2022-09-13 | 北京天融信网络安全技术有限公司 | Message forwarding method and system based on IPsec tunnel |
| CN115297165A (en) * | 2022-09-29 | 2022-11-04 | 浙江齐安信息科技有限公司 | Agent device and data processing method |
| CN115297165B (en) * | 2022-09-29 | 2023-01-06 | 浙江齐安信息科技有限公司 | Agent device and data processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101924771B (en) | 2013-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101924771B (en) | Core-level TCP adhering junction method for accelerating application proxy | |
| US7184445B2 (en) | Architecture and API for of transport and upper layer protocol processing acceleration | |
| US7840651B2 (en) | Client-server emulation supporting multicast transmissions of media objects | |
| CN101536417B (en) | Method for eliminating redundant connections | |
| EP3352431B1 (en) | Network load balance processing system, method, and apparatus | |
| US8898311B2 (en) | Data communication method and information processing device | |
| US20060198296A1 (en) | Method and apparatus for replicating a transport layer protocol stream | |
| WO2017219557A1 (en) | Data transmission method and data transmission apparatus | |
| EP2741463B1 (en) | Data packet transmission method | |
| WO2013024342A1 (en) | Method for flow control and for reliable communication in a collaborative environment | |
| EP2989800B1 (en) | Data communication system and method | |
| CN102651701A (en) | Method and device for building audio and video communication connection | |
| CN105187440A (en) | Method and system for transmitting video data by using UDP protocol | |
| CN105580334A (en) | Data transmission method, terminal and server | |
| CN111385068B (en) | Data transmission method, device, electronic equipment and communication system | |
| CN109347674B (en) | Data transmission method and device and electronic equipment | |
| CN103607311A (en) | System and method for reestablishing TCP connection seamlessly | |
| WO2016154831A1 (en) | Method and device for realizing transmission control protocol (tcp) transmission | |
| CN115277649A (en) | Method and device for collaboratively editing document in multimedia conference scene | |
| CN106385409B (en) | A kind of processing method and processing device of TCP message | |
| JP2012023511A (en) | Serial device server | |
| US6725273B1 (en) | Point-to-point prefix protocol | |
| CN110602225A (en) | Efficient packet receiving and sending method of linux system suitable for industrial control environment | |
| JP2008085950A (en) | Rate control method using tcp, server and program | |
| US10079904B2 (en) | Packet transfer system, relay device, packet transfer method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING TOPSEC TECHNOLOGY CO., LTD. Free format text: FORMER NAME: BEIJING HEAVEN MELTS LETTER SCIENCE TECHNOLOGIES CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee after: BEIJING TOPSEC TECHNOLOGY CO., LTD. Address before: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee before: Beijing heaven melts letter Science Technologies Co., Ltd. |
|
| C56 | Change in the name or address of the patentee |
Owner name: BEIJING HEAVEN MELTS LETTER SCIENCE TECHNOLOGIES C Free format text: FORMER NAME: BEIJING TOPSEC TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee after: Beijing heaven melts letter Science Technologies Co., Ltd. Address before: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee before: BEIJING TOPSEC TECHNOLOGY CO., LTD. |
|
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee after: BEIJING TOPSEC TECHNOLOGY CO., LTD. Address before: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee before: Beijing heaven melts letter Science Technologies Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee after: Beijing heaven melts letter Science Technologies Co., Ltd. Address before: 100085 Beijing East Road, No. 1, building No. 301, building on the north side of the floor, room 3, room 3 Patentee before: BEIJING TOPSEC TECHNOLOGY CO., LTD. |