[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN103384274B - Public network based on http agreement connects the communication means of inner net computer - Google Patents

Public network based on http agreement connects the communication means of inner net computer Download PDF

Info

Publication number
CN103384274B
CN103384274B CN201310293651.XA CN201310293651A CN103384274B CN 103384274 B CN103384274 B CN 103384274B CN 201310293651 A CN201310293651 A CN 201310293651A CN 103384274 B CN103384274 B CN 103384274B
Authority
CN
China
Prior art keywords
computer
public network
network
address
http request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201310293651.XA
Other languages
Chinese (zh)
Other versions
CN103384274A (en
Inventor
黄鹏
姜晓红
李翔
何延彰
吴朝晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University ZJU
Original Assignee
Zhejiang University ZJU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University ZJU filed Critical Zhejiang University ZJU
Priority to CN201310293651.XA priority Critical patent/CN103384274B/en
Publication of CN103384274A publication Critical patent/CN103384274A/en
Application granted granted Critical
Publication of CN103384274B publication Critical patent/CN103384274B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明涉及计算机网络通信领域,公开了一种基于http协议的公网连接内网计算机的通信方法,包括双网卡计算机,所述双网卡计算机同时被分配有公网IP地址和内网IP地址,包括以下具体步骤:所述双网卡计算机接受公网计算机发来的http请求,从http请求中解析出指定的内网计算机的IP地址和端口号,并在公网计算机和指定的内网计算机之间转发请求、响应以及传递数据。本发明的优点在于,建立了一种可以穿透内网的网络通行方法,该方法步骤少,安全可靠,具有较高的应用价值。

The invention relates to the field of computer network communication, and discloses a communication method for connecting a public network to an intranet computer based on the http protocol, including a computer with dual network cards, and the computer with dual network cards is assigned a public network IP address and an internal network IP address at the same time, The method comprises the following specific steps: the computer with dual network cards accepts the http request sent by the public network computer, resolves the IP address and the port number of the specified intranet computer from the http request, and transmits the IP address and port number between the public network computer and the specified intranet computer Forward requests, responses, and pass data between them. The invention has the advantage of establishing a network communication method capable of penetrating the intranet, the method has few steps, is safe and reliable, and has high application value.

Description

Public network based on http agreement connects the communication means of inner net computer
Technical field
The present invention relates to computer network communication field, connect the communication means of inner net computer particularly to a kind of public network based on http agreement.
Background technology
Rise along with network technology, various network software application occur therewith, greatly enrich the experience of net surfing, but owing to there is imbalance during the track laying of network, in actual networking, there is a large amount of LAN limiting and accessing, cause external user cannot access and access the Intranet user in LAN smoothly.
In prior art, more using port mapping technology to solve the communication issue of outer net and Intranet, this method has significant limitation, and the most useful port is limited, and the resources of virtual machine in platform can constantly expand, it is more likely that do not have enough ports to carry out maps virtual machine;Secondly, indicating a virtual machine with a numeral (port), this method is the most unfriendly, it is difficult to memory, limits range of application, is unfavorable for popularization and application.
Summary of the invention
The present invention is directed to the limitation that prior art exists, it is provided that a kind of public network based on http agreement connects the communication means of inner net computer.
For achieving the above object, the present invention can take following technical proposals:
Public network based on http agreement connects the communication means of inner net computer, including double netcard computer, described double netcard computer is simultaneously allocated public network IP address and IP address of internal network, including step in detail below: described double netcard computer accepts the http request that public network computer is sent, IP address and the port numbers of the inner net computer specified is parsed from http request, and between public network computer and the inner net computer specified, forward request, respond and transmit data, described inner net computer is the computer in Intranet or virtual machine.
As preferably, also include url rule, the content of described url rule is encapsulated in the http message of http request, can be identified by double netcard computer, double netcard computer extracts IP address and the port numbers of the inner net computer specified from the http message of http request, wherein, described url rule includes the IP address of double netcard computer and port and the IP address of inner net computer specified and port numbers.
As preferably, also include that multi-process model, described multi-process model include a host process and multiple subprocess;
Described host process is for monitoring the signal of public network computer and the duty of subprocess, specifically comprise the following steps that host process first shields the signal of all public network computers, create and monitor socket, read configuration file and create the subprocess specified number according to configuration file, then opening signal mask word, begins listening for signal, the exception collapse signal of subprocess that public network computer sent, re-reads configuration file signal and timer signal;When host process receives SIGTERM signal or the SIGINT signal that public network computer sends, and the SIGTERM signal received or SIGINT signal are passed to all subprocess by host process, and after waiting that all subprocess terminate, host process terminates;When host process receives the exception collapse signal that subprocess sends, re-create this subprocess;
Described subprocess is used for forwarding request and responding, and monitors the port of double netcard computer, but does not sends other data in addition to abnormal collapse signal or information to host process;Subprocess uses epoll event model based on edge-triggered pattern, lasting monitoring is carried out with monitoring socket to connecting socket, take different process steps according to different read-write events and Socket type, the treating step comprises step in detail below:
1) IP address and the port thereof of public network computer are monitored, in the reading event write epoll monitoring socket;
2), after receiving the connection request of public network computer, create and connect socket, and read-write event write epoll monitors;
3) if the connection socket of public network computer is readable, then read the http request of public network computer, the url rule being comprised http request resolves, extract IP address and the port numbers of inner net computer, and rewrite http request, the http request of rewriting is stored in the caching of double netcard computer;If http request is request for the first time, then create the connection of connecting virtual machine;
4) if the connection socket of virtual machine is writeable, then the http request of rewriting is transmitted directly to the connection socket of virtual machine;
5) if the connection socket of virtual machine is readable, read the response data of virtual machine, response data is stored in the caching of double netcard computer;
6) if the connection socket of public network computer is writeable, then will be stored in the response data in double netcard computer buffering and be sent to the connection socket of public network computer.
Due to the fact that and have employed above technical scheme that there is significant technique effect:
The present invention can remotely connect the computer in LAN or virtual machine by this method based on http agreement, any browser.Further, the url that the inventive method uses is simple in rule clear, uses close friend, disposes convenient easy, and access process is reliable and stable, can be that in cloud platform, thousands of local network virtual machine provides long-range Connection Service, have the highest practicality.
Accompanying drawing explanation
Fig. 1 is network topology structure schematic diagram described in embodiment 1.
Fig. 2 is the schematic flow sheet of subprocess described in embodiment 1.
Detailed description of the invention
Below in conjunction with embodiment, the present invention is described in further detail.
Embodiment 1
Public network based on http agreement connects the communication means of inner net computer, and its network topology structure is as it is shown in figure 1, include double netcard computer, and this computer is as the Agent Computer of actual treatment http request.Being provided with 2 pieces of network interface cards in described double netcard computer, simultaneously allocated have public network IP address and IP address of internal network.
Specifically comprise the following steps that described double netcard computer accepts the http request that public network computer is sent, IP address and the port numbers of the inner net computer specified is parsed from http request, and between public network computer and the inner net computer specified, forward request, respond and transmit data, described inner net computer is the computer in Intranet or virtual machine.
Described passing method also includes url rule, the content of this url rule is encapsulated in the http message of http request, can be identified by double netcard computer, double netcard computer extracts IP address and the port numbers of the inner net computer specified from the http message of http request, wherein, described url rule includes the IP address of double netcard computer and port and the IP address of inner net computer specified and port numbers, and we can construct a following url rule: http: // public network Computer IP: the inner net computer IP:Port/ of Port/ mesh.
Double netcard computer also includes that multi-process model, described multi-process model include a host process and multiple subprocess.
Described host process is for monitoring the signal of public network computer and the duty of subprocess, specifically comprise the following steps that host process first shields the signal of all public network computers, create and monitor socket, read configuration file and create the subprocess specified number according to configuration file, then opening signal mask word, begins listening for signal, the exception collapse signal of subprocess that public network computer sent, re-reads configuration file signal and timer signal;When host process receives SIGTERM signal or the SIGINT signal that public network computer sends, and the SIGTERM signal received or SIGINT signal are passed to all subprocess by host process, and after waiting that all subprocess terminate, host process terminates;When host process receives the exception collapse signal SIGCHLD that subprocess sends, re-create this subprocess.
Described subprocess is used for forwarding request and response, and subprocess monitors the port of double netcard computer, generally 4200 ports, but does not sends other data in addition to abnormal collapse signal or information to host process;In order to improve number of concurrent, subprocess uses epoll event model based on edge-triggered pattern, lasting monitoring is carried out with monitoring socket to connecting socket, different process steps is taked according to different read-write events and Socket type, described process step is as in figure 2 it is shown, include step in detail below:
Monitor IP address and the port thereof of public network computer, in the reading event write epoll monitoring socket;Subprocess calls epoll_wait and waits ready socket, if a socket is ready, calls different handle process according to read-write event type and Socket type:
1) if reading event and be to monitor socket, call accept_handle processs: first call accept and create and connect socket, initialize relevant data structure, and read-write event is write in epoll monitor;
2) if reading event and be to connect socket, read_client_handle processs is called: first reading data to corresponding buffer area, the data that analysis is read, if not containing http request row, return continues to intercept;Otherwise, the virtual machine IP in the url rule of extraction request row and port, and rewrite this http request.If connected with corresponding virtual machine, then directly transmit the http request after this rewriting;Otherwise, connect the port of corresponding virtual machine, and the read-write event of this new socket is added in epoll;
3) if the connection socket of virtual machine is writeable, then the http request of rewriting is transmitted directly to the connection socket of virtual machine;
4) if the connection socket of virtual machine is readable, read the response data of virtual machine, response data is stored in the caching of double netcard computer;
5) if the connection socket of public network computer is writeable, then will be stored in the response data in double netcard computer buffering and be sent to the connection socket of public network computer.
In a word, the foregoing is only presently preferred embodiments of the present invention, all impartial changes made according to scope of the present invention patent and modification, all should belong to the covering scope of patent of the present invention.

Claims (3)

1.一种基于http协议的公网连接内网计算机的通信方法,其特征在于,包括双网卡计算机,所述双网卡计算机同时被分配有公网IP地址和内网IP地址,包括以下具体步骤:所述双网卡计算机接受公网计算机发来的http请求,从http请求中解析出指定的内网计算机的IP地址和端口号,并在公网计算机和指定的内网计算机之间转发请求、响应以及传递数据,所述内网计算机为内网中的计算机或者虚拟机;1. a kind of communication method that the public network based on http agreement connects intranet computer, it is characterized in that, comprises double network card computer, described double network card computer is assigned public network IP address and internal network IP address simultaneously, comprises following concrete steps : the dual-network card computer accepts the http request sent by the public network computer, resolves the IP address and port number of the specified intranet computer from the http request, and forwards the request between the public network computer and the specified intranet computer, Responding and transmitting data, the intranet computer is a computer or a virtual machine in the intranet; 还包括多进程模型,所述多进程模型包括一个主进程和多个子进程;Also includes a multi-process model, the multi-process model includes a main process and a plurality of sub-processes; 所述主进程用于监听公网计算机的信号和子进程的工作状态,具体步骤如下:主进程先屏蔽所有公网计算机的信号,创建监听套接字,读取配置文件并根据配置文件创建指定数目的子进程,然后打开信号屏蔽字,开始监听公网计算机所发出的信号、子进程的异常崩溃信号、重新读取配置文件信号和定时器信号;当主进程接收到公网计算机发出的SIGTERM信号或者SIGINT信号,主进程将接收到的SIGTERM信号或者SIGINT信号传递给所有子进程,等待所有子进程结束后,主进程结束;当主进程接收到子进程发出的异常崩溃信号时,重新创建该子进程;The main process is used to monitor the signals of the public network computer and the working status of the sub-processes. The specific steps are as follows: the main process first shields the signals of all public network computers, creates a listening socket, reads the configuration file and creates a specified number of subprocesses according to the configuration file. Then open the signal shielding word, and start to monitor the signal sent by the public network computer, the abnormal crash signal of the child process, re-read the configuration file signal and the timer signal; when the main process receives the SIGTERM signal sent by the public network computer or SIGINT signal, the main process passes the received SIGTERM signal or SIGINT signal to all sub-processes, waits for all sub-processes to end, and the main process ends; when the main process receives the abnormal crash signal sent by the sub-process, recreates the sub-process; 所述子进程用于转发请求和响应,并监听双网卡计算机的端口,但不向主进程发送除了异常崩溃信号之外的其他数据或者信息;子进程采用基于边缘触发模式的epoll事件模型,对连接套接字和监听套接字进行持续的监听,根据不同的读写事件和套接字类型采取不同的处理步骤。Described sub-process is used for forwarding request and response, and monitors the port of dual-network card computer, but does not send other data or information except abnormal crash signal to main process; Sub-process adopts the epoll event model based on edge trigger mode, to The connection socket and listening socket are continuously monitored, and different processing steps are taken according to different read and write events and socket types. 2.根据权利要求1所述的基于http协议的公网连接内网计算机的通信方法,其特征在于,还包括url规则,所述url规则的内容被封装在http请求的http报文中,可以为双网卡计算机所识别,双网卡计算机从http请求的http报文中抽取指定的内网计算机的IP地址和端口号,其中,所述url规则包括双网卡计算机的IP地址和端口以及指定的内网计算机的IP地址和端口号。2. the communication method that the public network based on http protocol according to claim 1 connects intranet computer, it is characterized in that, also comprises url rule, the content of described url rule is encapsulated in the http message of http request, can Recognized by the dual-network card computer, the dual-network card computer extracts the IP address and port number of the specified intranet computer from the http message of the http request, wherein the url rule includes the IP address and port number of the dual-network card computer and the specified internal network IP address and port number of the computer on the network. 3.根据权利要求1所述的基于http协议的公网连接内网计算机的通信方法,其特征在于,所述子进程根据不同的读写事件和套接字类型采取不同的处理步骤,所述处理步骤包括以下具体步骤:3. the public network based on http protocol according to claim 1 connects the communication method of intranet computer, it is characterized in that, described subprocess takes different processing steps according to different read and write events and socket type, and described The processing steps include the following specific steps: 1)监听公网计算机的IP地址及其端口,把监听套接字的读事件写入epoll中;1) Monitor the IP address and port of the public network computer, and write the read event of the listening socket into epoll; 2)接收到公网计算机的连接请求后,创建连接套接字,并把读写事件写入epoll中进行监听;2) After receiving the connection request from the public network computer, create a connection socket, and write the read and write events into epoll for monitoring; 3)如果公网计算机的连接套接字可读,则读取公网计算机的http请求,对http请求所包含的url规则进行解析,抽取出内网计算机的IP地址和端口号,并重写http请求,将重写的http请求存储在双网卡计算机的缓存中;如果http请求为第一次请求,则创建连接虚拟机的连接;3) If the connection socket of the public network computer is readable, read the http request of the public network computer, analyze the url rules contained in the http request, extract the IP address and port number of the intranet computer, and rewrite http request, store the rewritten http request in the cache of the dual-network card computer; if the http request is the first request, create a connection to the virtual machine; 4)如果虚拟机的连接套接字可写,则将重写的http请求直接发送给虚拟机的连接套接字;4) If the connection socket of the virtual machine is writable, the rewritten http request is directly sent to the connection socket of the virtual machine; 5)如果虚拟机的连接套接字可读,读取虚拟机的响应数据,将响应数据存储在双网卡计算机的缓存中;5) If the connection socket of the virtual machine is readable, read the response data of the virtual machine, and store the response data in the cache memory of the dual network card computer; 6)如果公网计算机的连接套接字可写,则将存储在双网卡计算机缓冲中的响应数据发送给公网计算机的连接套接字。6) If the connection socket of the computer on the public network is writable, send the response data stored in the buffer of the computer with dual network cards to the connection socket of the computer on the public network.
CN201310293651.XA 2013-07-15 2013-07-15 Public network based on http agreement connects the communication means of inner net computer Expired - Fee Related CN103384274B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310293651.XA CN103384274B (en) 2013-07-15 2013-07-15 Public network based on http agreement connects the communication means of inner net computer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310293651.XA CN103384274B (en) 2013-07-15 2013-07-15 Public network based on http agreement connects the communication means of inner net computer

Publications (2)

Publication Number Publication Date
CN103384274A CN103384274A (en) 2013-11-06
CN103384274B true CN103384274B (en) 2016-08-10

Family

ID=49491965

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310293651.XA Expired - Fee Related CN103384274B (en) 2013-07-15 2013-07-15 Public network based on http agreement connects the communication means of inner net computer

Country Status (1)

Country Link
CN (1) CN103384274B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731308A (en) * 2013-12-29 2014-04-16 国云科技股份有限公司 Virtual machine public network management method
CN107800743B (en) * 2016-09-06 2020-11-24 中国电信股份有限公司 Cloud desktop system, cloud management system and related equipment
CN110351159B (en) * 2018-04-08 2021-07-06 上海大唐移动通信设备有限公司 Cross-intranet network performance testing method and device
CN108881518A (en) * 2018-08-01 2018-11-23 上海华测导航技术股份有限公司 A kind of method, apparatus, storage medium and system accessing Intranet equipment
CN111511041B (en) * 2019-01-31 2022-03-29 大唐移动通信设备有限公司 Remote connection method and device
CN109922159B (en) * 2019-03-27 2021-10-08 宁波大学 A method for two-way virtual connection between Internet of Things devices in the cloud
CN110380762B (en) * 2019-07-05 2021-01-01 浙江大学 Large-scale access method integrating calculation and communication
CN114356446B (en) * 2021-12-27 2023-08-22 湖北天融信网络安全技术有限公司 Processing method, device, equipment and storage medium for inter-process event
CN116232960B (en) * 2022-12-28 2025-05-27 新浪技术(中国)有限公司 Address detection method, monitoring equipment and exit network equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7398291B2 (en) * 2003-06-26 2008-07-08 International Business Machines Corporation Method, system and program product for providing a status of a transaction with an application on a server
CN101242336B (en) * 2008-03-13 2010-12-01 杭州华三通信技术有限公司 Method of Remotely Accessing Intranet Web Server and Web Proxy Server
CN103166777A (en) * 2011-12-13 2013-06-19 成都勤智数码科技有限公司 Method and device for remote operation and maintenance of equipment
CN104125243B (en) * 2013-04-23 2018-01-02 浙江大学 A kind of method for penetrating Intranet and remotely connecting large-scale virtual machine

Also Published As

Publication number Publication date
CN103384274A (en) 2013-11-06

Similar Documents

Publication Publication Date Title
CN103384274B (en) Public network based on http agreement connects the communication means of inner net computer
CN105117645B (en) The method that the operation of sandbox virtual machine multisample is realized based on file system filter driver
CN105468358B (en) A kind of data processing method and device of moving game
CN107360145B (en) Multi-node honeypot system and data analysis method thereof
CN101841470A (en) High-speed capturing method of bottom-layer data packet based on Linux
TW201340663A (en) Server system and management method thereof
CN102394885A (en) Information classification protection automatic verification method based on data stream
CN112019545B (en) A honeypot network deployment method, device, equipment and medium
CN113067810B (en) Network packet capturing method, device, equipment and medium
CN106130897B (en) Performance optimization method based on Router Simulation
CN105871643A (en) Network operation simulating method based on routing protocol
CN108206829B (en) Method for realizing network communication by GigE Vision protocol based on FPGA
CN111224893A (en) VPN-based android mobile phone traffic collection and labeling system and method
CN107733886A (en) The application layer ddos attack detection method that a kind of logic-based returns
CN103763125A (en) Statistical method and device for number of actual users in operator network
CN106559498A (en) Air control data collection platform and its collection method
CN109086119A (en) A kind of method of quick detection container operating status
CN114422337A (en) Network packet capture method and related device for locating faults
CN105592169B (en) Terminal identification method and device
US20130013755A1 (en) Diskless pc network communication agent system
CN102325156A (en) A Communication System for Transmitting Simulation Data
US20150131451A1 (en) Packet storage method and packet storage apparatus
CN106663170B (en) Information processing system, control method
CN114390114B (en) User data packet protocol port scanning method, system, terminal and storage medium
CN110061886A (en) Network Management System before a kind of print based on SNMP

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20160810

Termination date: 20210715

CF01 Termination of patent right due to non-payment of annual fee