Public network based on http agreement connects the communication means of inner net computer
Technical field
The present invention relates to computer network communication field, connect the communication means of inner net computer particularly to a kind of public network based on http agreement.
Background technology
Rise along with network technology, various network software application occur therewith, greatly enrich the experience of net surfing, but owing to there is imbalance during the track laying of network, in actual networking, there is a large amount of LAN limiting and accessing, cause external user cannot access and access the Intranet user in LAN smoothly.
In prior art, more using port mapping technology to solve the communication issue of outer net and Intranet, this method has significant limitation, and the most useful port is limited, and the resources of virtual machine in platform can constantly expand, it is more likely that do not have enough ports to carry out maps virtual machine;Secondly, indicating a virtual machine with a numeral (port), this method is the most unfriendly, it is difficult to memory, limits range of application, is unfavorable for popularization and application.
Summary of the invention
The present invention is directed to the limitation that prior art exists, it is provided that a kind of public network based on http agreement connects the communication means of inner net computer.
For achieving the above object, the present invention can take following technical proposals:
Public network based on http agreement connects the communication means of inner net computer, including double netcard computer, described double netcard computer is simultaneously allocated public network IP address and IP address of internal network, including step in detail below: described double netcard computer accepts the http request that public network computer is sent, IP address and the port numbers of the inner net computer specified is parsed from http request, and between public network computer and the inner net computer specified, forward request, respond and transmit data, described inner net computer is the computer in Intranet or virtual machine.
As preferably, also include url rule, the content of described url rule is encapsulated in the http message of http request, can be identified by double netcard computer, double netcard computer extracts IP address and the port numbers of the inner net computer specified from the http message of http request, wherein, described url rule includes the IP address of double netcard computer and port and the IP address of inner net computer specified and port numbers.
As preferably, also include that multi-process model, described multi-process model include a host process and multiple subprocess;
Described host process is for monitoring the signal of public network computer and the duty of subprocess, specifically comprise the following steps that host process first shields the signal of all public network computers, create and monitor socket, read configuration file and create the subprocess specified number according to configuration file, then opening signal mask word, begins listening for signal, the exception collapse signal of subprocess that public network computer sent, re-reads configuration file signal and timer signal;When host process receives SIGTERM signal or the SIGINT signal that public network computer sends, and the SIGTERM signal received or SIGINT signal are passed to all subprocess by host process, and after waiting that all subprocess terminate, host process terminates;When host process receives the exception collapse signal that subprocess sends, re-create this subprocess;
Described subprocess is used for forwarding request and responding, and monitors the port of double netcard computer, but does not sends other data in addition to abnormal collapse signal or information to host process;Subprocess uses epoll event model based on edge-triggered pattern, lasting monitoring is carried out with monitoring socket to connecting socket, take different process steps according to different read-write events and Socket type, the treating step comprises step in detail below:
1) IP address and the port thereof of public network computer are monitored, in the reading event write epoll monitoring socket;
2), after receiving the connection request of public network computer, create and connect socket, and read-write event write epoll monitors;
3) if the connection socket of public network computer is readable, then read the http request of public network computer, the url rule being comprised http request resolves, extract IP address and the port numbers of inner net computer, and rewrite http request, the http request of rewriting is stored in the caching of double netcard computer;If http request is request for the first time, then create the connection of connecting virtual machine;
4) if the connection socket of virtual machine is writeable, then the http request of rewriting is transmitted directly to the connection socket of virtual machine;
5) if the connection socket of virtual machine is readable, read the response data of virtual machine, response data is stored in the caching of double netcard computer;
6) if the connection socket of public network computer is writeable, then will be stored in the response data in double netcard computer buffering and be sent to the connection socket of public network computer.
Due to the fact that and have employed above technical scheme that there is significant technique effect:
The present invention can remotely connect the computer in LAN or virtual machine by this method based on http agreement, any browser.Further, the url that the inventive method uses is simple in rule clear, uses close friend, disposes convenient easy, and access process is reliable and stable, can be that in cloud platform, thousands of local network virtual machine provides long-range Connection Service, have the highest practicality.
Accompanying drawing explanation
Fig. 1 is network topology structure schematic diagram described in embodiment 1.
Fig. 2 is the schematic flow sheet of subprocess described in embodiment 1.
Detailed description of the invention
Below in conjunction with embodiment, the present invention is described in further detail.
Embodiment 1
Public network based on http agreement connects the communication means of inner net computer, and its network topology structure is as it is shown in figure 1, include double netcard computer, and this computer is as the Agent Computer of actual treatment http request.Being provided with 2 pieces of network interface cards in described double netcard computer, simultaneously allocated have public network IP address and IP address of internal network.
Specifically comprise the following steps that described double netcard computer accepts the http request that public network computer is sent, IP address and the port numbers of the inner net computer specified is parsed from http request, and between public network computer and the inner net computer specified, forward request, respond and transmit data, described inner net computer is the computer in Intranet or virtual machine.
Described passing method also includes url rule, the content of this url rule is encapsulated in the http message of http request, can be identified by double netcard computer, double netcard computer extracts IP address and the port numbers of the inner net computer specified from the http message of http request, wherein, described url rule includes the IP address of double netcard computer and port and the IP address of inner net computer specified and port numbers, and we can construct a following url rule: http: // public network Computer IP: the inner net computer IP:Port/ of Port/ mesh.
Double netcard computer also includes that multi-process model, described multi-process model include a host process and multiple subprocess.
Described host process is for monitoring the signal of public network computer and the duty of subprocess, specifically comprise the following steps that host process first shields the signal of all public network computers, create and monitor socket, read configuration file and create the subprocess specified number according to configuration file, then opening signal mask word, begins listening for signal, the exception collapse signal of subprocess that public network computer sent, re-reads configuration file signal and timer signal;When host process receives SIGTERM signal or the SIGINT signal that public network computer sends, and the SIGTERM signal received or SIGINT signal are passed to all subprocess by host process, and after waiting that all subprocess terminate, host process terminates;When host process receives the exception collapse signal SIGCHLD that subprocess sends, re-create this subprocess.
Described subprocess is used for forwarding request and response, and subprocess monitors the port of double netcard computer, generally 4200 ports, but does not sends other data in addition to abnormal collapse signal or information to host process;In order to improve number of concurrent, subprocess uses epoll event model based on edge-triggered pattern, lasting monitoring is carried out with monitoring socket to connecting socket, different process steps is taked according to different read-write events and Socket type, described process step is as in figure 2 it is shown, include step in detail below:
Monitor IP address and the port thereof of public network computer, in the reading event write epoll monitoring socket;Subprocess calls epoll_wait and waits ready socket, if a socket is ready, calls different handle process according to read-write event type and Socket type:
1) if reading event and be to monitor socket, call accept_handle processs: first call accept and create and connect socket, initialize relevant data structure, and read-write event is write in epoll monitor;
2) if reading event and be to connect socket, read_client_handle processs is called: first reading data to corresponding buffer area, the data that analysis is read, if not containing http request row, return continues to intercept;Otherwise, the virtual machine IP in the url rule of extraction request row and port, and rewrite this http request.If connected with corresponding virtual machine, then directly transmit the http request after this rewriting;Otherwise, connect the port of corresponding virtual machine, and the read-write event of this new socket is added in epoll;
3) if the connection socket of virtual machine is writeable, then the http request of rewriting is transmitted directly to the connection socket of virtual machine;
4) if the connection socket of virtual machine is readable, read the response data of virtual machine, response data is stored in the caching of double netcard computer;
5) if the connection socket of public network computer is writeable, then will be stored in the response data in double netcard computer buffering and be sent to the connection socket of public network computer.
In a word, the foregoing is only presently preferred embodiments of the present invention, all impartial changes made according to scope of the present invention patent and modification, all should belong to the covering scope of patent of the present invention.