[go: up one dir, main page]

CN110324436A - A kind of Proxy Method and device of transport-layer proxy - Google Patents

A kind of Proxy Method and device of transport-layer proxy Download PDF

Info

Publication number
CN110324436A
CN110324436A CN201910606284.1A CN201910606284A CN110324436A CN 110324436 A CN110324436 A CN 110324436A CN 201910606284 A CN201910606284 A CN 201910606284A CN 110324436 A CN110324436 A CN 110324436A
Authority
CN
China
Prior art keywords
address
domain name
proxy
access request
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910606284.1A
Other languages
Chinese (zh)
Other versions
CN110324436B (en
Inventor
佘江宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN201910606284.1A priority Critical patent/CN110324436B/en
Publication of CN110324436A publication Critical patent/CN110324436A/en
Application granted granted Critical
Publication of CN110324436B publication Critical patent/CN110324436B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/58Caching of addresses or names
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of Proxy Method of transport-layer proxy and devices, wherein the described method includes: obtaining the IP address in the access request after application layer initiates access request;Determine the corresponding domain name of IP address in the access request;Judge whether the access request meets the condition of agency based on domain name;If met, the access request is sent to proxy server.The present invention can use domain name matching way being filtered and distribute to proxy data, so the access request that can be suitable for initiating domain name, and since the same domain name can correspond to multiple IP address, for domain name matching way compared with IP address matching way, domain name matching way can simplify the setting of matching condition.

Description

一种传输层代理的代理方法及装置Agent method and device for transport layer agent

技术领域technical field

本发明涉及传输层代理技术领域,特别涉及一种传输层代理的代理方法及装置。The invention relates to the technical field of transport layer proxy, in particular to a proxy method and device for transport layer proxy.

背景技术Background technique

客户端与服务器之间可以由代理服务器作为中转站进行数据传输。例如,客户端发送的访问请求经过代理服务器发送给待访问的服务器。如果客户端发送的访问请求符合代理条件,则由代理服务器发送给待访问的服务器,否则直接发送给服务器。TCP/UDP传输层代理所代理的数据若要进行过滤或分发,则利用IP地址和端口的正则匹配方法设置代理条件。由于在传输层代理过程中,传输层只能获取到待访问的服务器的IP地址和端口,如果只使用IP地址和端口的正则匹配,只能支持简单的IP请求,不能适用于域名请求。The proxy server can be used as a transfer station for data transmission between the client and the server. For example, the access request sent by the client is sent to the server to be accessed through the proxy server. If the access request sent by the client meets the proxy conditions, it will be sent to the server to be accessed by the proxy server, otherwise it will be sent directly to the server. If the data proxied by the TCP/UDP transport layer proxy is to be filtered or distributed, the proxy condition is set using the regular matching method of the IP address and port. Since the transport layer can only obtain the IP address and port of the server to be accessed during the proxy process of the transport layer, if only the regular matching of the IP address and port is used, it can only support simple IP requests and cannot be applied to domain name requests.

发明内容Contents of the invention

为了解决现有技术的问题,本发明实施例提供了一种传输层代理方法及装置。所述技术方案如下:In order to solve the problems in the prior art, the embodiment of the present invention provides a transport layer proxy method and device. Described technical scheme is as follows:

第一方面,提供了一种传输层代理的代理方法,所述方法应用于客户端,所述方法包括:In a first aspect, a proxy method of a transport layer proxy is provided, the method is applied to a client, and the method includes:

在应用层发起访问请求之后,获取所述访问请求中的IP地址;After the application layer initiates the access request, obtain the IP address in the access request;

确定所述访问请求中的IP地址对应的域名;determining the domain name corresponding to the IP address in the access request;

基于所述域名判断所述访问请求是否符合代理条件;judging whether the access request meets a proxy condition based on the domain name;

如果符合,则向代理服务器发送所述访问请求。If so, send the access request to the proxy server.

可选的,所述方法还包括:Optionally, the method also includes:

应用层发起DNS请求,并通过代理接口发送所述DNS请求;The application layer initiates a DNS request, and sends the DNS request through a proxy interface;

通过所述代理接口接收DNS服务器基于所述DNS请求发送的IP地址;receiving the IP address sent by the DNS server based on the DNS request through the proxy interface;

从所述代理接口获取所述DNS请求中的域名以及所述DNS服务器发送的IP地址;Obtaining the domain name in the DNS request and the IP address sent by the DNS server from the proxy interface;

建立域名与IP地址的映射关系;Establish a mapping relationship between domain names and IP addresses;

相应的,所述确定所述访问请求中的IP地址对应的域名的步骤,包括:Correspondingly, the step of determining the domain name corresponding to the IP address in the access request includes:

基于所建立的域名与IP地址的映射关系,确定所述访问请求中的IP地址对应的域名。Based on the established mapping relationship between the domain name and the IP address, determine the domain name corresponding to the IP address in the access request.

可选的,所述通过代理接口发送所述DNS请求的步骤,包括:Optionally, the step of sending the DNS request through a proxy interface includes:

若操作系统是iOS系统,选择OC层的原始DNS请求接口,并利用iOS MethodSwizzling技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求;If the operating system is an iOS system, select the original DNS request interface of the OC layer, and use the iOS MethodSwizzling technology to take over the original DNS request interface by the proxy interface, and send the DNS request through the proxy interface;

若操作系统是Android系统,选择java层的原始DNS请求接口,并利用java反射技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求;If the operating system is an Android system, select the original DNS request interface of the java layer, and utilize java reflection technology to take over the original DNS request interface by the proxy interface, and send the DNS request through the proxy interface;

若采用自定义DNS请求,选择native层的原始DNS请求接口,并利用函数劫持技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求。If a custom DNS request is adopted, the original DNS request interface of the native layer is selected, and the function hijacking technology is used to take over the original DNS request interface by the proxy interface, and the DNS request is sent through the proxy interface.

可选的,所述建立域名与IP地址的映射关系的步骤之后,包括:Optionally, after the step of establishing the mapping relationship between the domain name and the IP address, it includes:

判断域名与IP地址关系列表中是否已经缓存所建立的域名与IP地址的映射关系;如果否,将所建立的域名与IP地址的映射关系缓存到所述域名与IP地址关系列表中;Judging whether the established domain name and IP address mapping relationship has been cached in the domain name and IP address relationship list; if not, the established domain name and IP address mapping relationship is cached in the domain name and IP address relationship list;

相应的,所述确定所述访问请求中的IP地址对应的域名的步骤,包括:Correspondingly, the step of determining the domain name corresponding to the IP address in the access request includes:

在所述域名与IP地址关系列表中查询所述访问请求中的IP地址;Query the IP address in the access request in the domain name and IP address relationship list;

如果查找成功,则在所述域名与IP地址关系列表中确定所述访问请求中的IP地址对应的域名。If the search is successful, the domain name corresponding to the IP address in the access request is determined in the domain name-IP address relationship list.

可选的,所述域名与IP地址关系列表缓存在内存的map列表中。Optionally, the list of relationships between domain names and IP addresses is cached in a map list in memory.

第二方面,提供了一种传输层代理的代理装置,所述装置包括:In a second aspect, a proxy device of a transport layer proxy is provided, the device comprising:

发送模块,用于从应用层发起访问请求;A sending module, configured to initiate an access request from the application layer;

获取模块,用于获取所述访问请求中的IP地址;An acquisition module, configured to acquire the IP address in the access request;

确定模块,用于确定所述访问请求中的IP地址对应的域名;A determining module, configured to determine the domain name corresponding to the IP address in the access request;

判断模块,用于基于所述域名判断所述访问请求是否符合代理条件;A judging module, configured to judge whether the access request meets proxy conditions based on the domain name;

所述发送模块,还用于当所述访问请求符合代理条件时,向代理服务器发送所述访问请求。The sending module is further configured to send the access request to a proxy server when the access request meets a proxy condition.

可选的,所述装置还包括接收模块以及创建模块;Optionally, the device further includes a receiving module and a creating module;

所述发送模块,还用于在应用层发起DNS请求时,通过代理接口发送所述DNS请求;The sending module is further configured to send the DNS request through the proxy interface when the application layer initiates the DNS request;

所述接收模块,用于通过所述代理接口接收DNS服务器基于所述DNS请求发送的IP地址;The receiving module is configured to receive the IP address sent by the DNS server based on the DNS request through the proxy interface;

所述创建模块,用于从所述代理接口获取所述DNS请求中的域名以及所述DNS服务器发送的IP地址,并建立域名与IP地址的映射关系;The creating module is configured to obtain the domain name in the DNS request and the IP address sent by the DNS server from the proxy interface, and establish a mapping relationship between the domain name and the IP address;

相应的,所述确定模块,具体用于基于所建立的域名与IP地址的映射关系,确定所述访问请求中的IP地址对应的域名。Correspondingly, the determining module is specifically configured to determine the domain name corresponding to the IP address in the access request based on the established mapping relationship between the domain name and the IP address.

可选的,所述发送模块,具体用于:Optionally, the sending module is specifically used for:

若操作系统是iOS系统,选择OC层的原始DNS请求接口,并利用iOS MethodSwizzling技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求;If the operating system is an iOS system, select the original DNS request interface of the OC layer, and use the iOS MethodSwizzling technology to take over the original DNS request interface by the proxy interface, and send the DNS request through the proxy interface;

若操作系统是Android系统,选择java层的原始DNS请求接口,并利用java反射技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求;If the operating system is an Android system, select the original DNS request interface of the java layer, and utilize java reflection technology to take over the original DNS request interface by the proxy interface, and send the DNS request through the proxy interface;

若采用自定义DNS请求,选择native层的原始DNS请求接口,并利用函数劫持技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求。If a custom DNS request is adopted, the original DNS request interface of the native layer is selected, and the function hijacking technology is used to take over the original DNS request interface by the proxy interface, and the DNS request is sent through the proxy interface.

可选的,所述创建模块,具体用于:Optionally, the creating module is specifically used for:

判断域名与IP地址关系列表中是否已经缓存所建立的域名与IP地址的映射关系;如果否,将所建立的域名与IP地址的映射关系缓存到所述域名与IP地址关系列表中;Judging whether the established domain name and IP address mapping relationship has been cached in the domain name and IP address relationship list; if not, the established domain name and IP address mapping relationship is cached in the domain name and IP address relationship list;

相应的,所述确定模块,具体用于:Correspondingly, the determination module is specifically used for:

在所述域名与IP地址关系列表中查询所述访问请求中的IP地址;Query the IP address in the access request in the domain name and IP address relationship list;

如果查找成功,则在所述域名与IP地址关系列表中确定所述访问请求中的IP地址对应的域名。If the search is successful, the domain name corresponding to the IP address in the access request is determined in the domain name-IP address relationship list.

第三方面,提供了一种代理装置,所述代理装置包括处理器和存储器,所述存储器中存储有至少一条指令、至少一段程序、代码集或指令集,所述至少一条指令、所述至少一段程序、所述代码集或指令集由所述处理器加载并执行以实现上述第一方面所述的传输层代理的代理方法。In a third aspect, an agent device is provided, the agent device includes a processor and a memory, at least one instruction, at least one program, code set or instruction set are stored in the memory, the at least one instruction, the at least A program, the code set or instruction set is loaded and executed by the processor to implement the proxy method of the transport layer proxy described in the first aspect above.

第四方面,提供了一种计算机可读存储介质,存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现上述第一方面所述的传输层代理的代理方法。A fourth aspect provides a computer-readable storage medium storing a computer program, wherein when the computer program is executed by a processor, the proxy method of the transport layer proxy described in the first aspect is implemented.

本发明实施例在利用传输层代理获取到IP地址之后,确定出该IP地址对应的域名,所以可以利用域名匹配方式对代理的数据进行过滤和分发,也能够适用于对域名发起的访问请求,并且由于同一个域名可以对应多个IP地址,域名匹配方式与IP地址匹配方式相比,域名匹配方式可以简化匹配条件的设置。In the embodiment of the present invention, after the IP address is obtained by using the transport layer agent, the domain name corresponding to the IP address is determined, so the data of the agent can be filtered and distributed by using the domain name matching method, and it can also be applied to the access request initiated by the domain name. And because the same domain name can correspond to multiple IP addresses, compared with the IP address matching method, the domain name matching method can simplify the setting of matching conditions.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.

图1是本发明实施例提供的一种网络框架的结构框图;FIG. 1 is a structural block diagram of a network framework provided by an embodiment of the present invention;

图2是本发明实施例提供的一种传输层代理的代理方法的流程图;Fig. 2 is a flowchart of a proxy method of a transport layer proxy provided by an embodiment of the present invention;

图3是本发明实施例提供的一种传输层代理的代理方法的流程示意图;Fig. 3 is a schematic flowchart of a proxy method of a transport layer proxy provided by an embodiment of the present invention;

图4是本发明实施例提供的一种建立域名与IP地址映射关系的流程示意图;FIG. 4 is a schematic flow diagram of establishing a mapping relationship between a domain name and an IP address provided by an embodiment of the present invention;

图5是本发明实施例提供的一种传输层代理的代理装置的结构框图;Fig. 5 is a structural block diagram of a proxy device of a transport layer proxy provided by an embodiment of the present invention;

图6是本发明实施例提供的一种电子设备的结构框图。Fig. 6 is a structural block diagram of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明实施方式作进一步地详细描述。In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

本发明实施例提供了一种传输层代理的代理方法,该方法可以应用于图1所示的网络框架中。该网络框架包括代理装置、代理服务器以及待访问服务器。其中,该代理装置可以是客户端。代理装置中内嵌传输层代理SDK(Software Development Kit,软件开发工具包),代理装置通过调用输层代理SDK执行本发明实施提供的代理方法。所述代理方法包括:代理装置在从应用层发起访问请求之后,获取所述访问请求中的IP地址,然后确定所述访问请求中的IP地址对应的域名,基于所述域名判断所述访问请求是否符合代理条件;如果符合,则向代理服务器发送所述访问请求,由代理服务器向待访问服务器发送访问请求。An embodiment of the present invention provides a proxy method of a transport layer proxy, which can be applied to the network framework shown in FIG. 1 . The network framework includes a proxy device, a proxy server and a server to be accessed. Wherein, the proxy device may be a client. A transport layer proxy SDK (Software Development Kit, software development kit) is embedded in the proxy device, and the proxy device executes the proxy method provided by the implementation of the present invention by calling the transport layer proxy SDK. The proxy method includes: after the proxy device initiates the access request from the application layer, obtains the IP address in the access request, then determines the domain name corresponding to the IP address in the access request, and judges the access request based on the domain name Whether the proxy condition is met; if so, the access request is sent to the proxy server, and the proxy server sends the access request to the server to be accessed.

参照图2,为本发明实施例提供的一种传输层代理的代理方法的流程图,该方法具体包括以下步骤。Referring to FIG. 2 , it is a flowchart of a proxy method of a transport layer proxy provided by an embodiment of the present invention, and the method specifically includes the following steps.

步骤201,代理装置的应用层发送DNS请求,并通过代理接口发送所述DNS请求。Step 201, the application layer of the proxy device sends a DNS request, and sends the DNS request through a proxy interface.

步骤202,代理装置通过所述代理接口接收DNS服务器基于所述DNS请求发送的IP地址。Step 202, the proxy device receives the IP address sent by the DNS server based on the DNS request through the proxy interface.

在具体应用中,代理装置在接收到IP地址的同时还接收到端口号。In a specific application, the proxy device also receives the port number while receiving the IP address.

步骤203,代理装置从所述代理接口获取所述DNS请求中的域名以及所述DNS服务器发送的IP地址。Step 203, the proxy device acquires the domain name in the DNS request and the IP address sent by the DNS server from the proxy interface.

如图3所示,应用层发起访问请求的步骤包括:第一步对域名发起DNS请求,并获取IP地址,第二步使用所述IP地址发起连接,即连接待访问服务器,发送访问请求,并接收数据。在代理装置内嵌传输层代理SDK的场景中,代理接口接管原始DNS请求接口,即利用代理接口替换原始DNS请求接口,由代理接口连接DNS服务器,代理接口用于代理数据收发。具体的,应用层发起DNS请求时,由代理接口截获DNS请求,并向DNS服务器发送DNS请求,然后接收DNS服务器返回的IP地址。As shown in Figure 3, the steps for the application layer to initiate an access request include: the first step is to initiate a DNS request for the domain name and obtain an IP address, and the second step is to use the IP address to initiate a connection, that is, to connect to the server to be accessed and send an access request, and receive data. In the scenario where the transport layer proxy SDK is embedded in the proxy device, the proxy interface takes over the original DNS request interface, that is, the proxy interface is used to replace the original DNS request interface, and the proxy interface is connected to the DNS server, and the proxy interface is used for proxy data sending and receiving. Specifically, when the application layer initiates a DNS request, the proxy interface intercepts the DNS request, sends the DNS request to the DNS server, and then receives the IP address returned by the DNS server.

如图4所示,本发明实施例适用于iOS系统以及Android系统的代理装置。若代理装置的操作系统是iOS系统,选择OC层的原始DNS请求接口,并利用iOS Method Swizzling(iOS方法变换)技术,由代理接口接管该原始DNS请求接口。若代理装置的操作系统是Android系统,选择java层的原始DNS请求接口,并利用java反射技术,由代理接口接管该原始DNS请求接口。代理装置若采用自定义DNS请求,选择native层的原始DNS请求接口,并利用函数劫持技术,由代理接口接管该原始DNS请求接口。As shown in FIG. 4 , the embodiment of the present invention is applicable to agent devices of iOS system and Android system. If the operating system of the proxy device is an iOS system, select the original DNS request interface of the OC layer, and utilize iOS Method Swizzling (iOS method conversion) technology to take over the original DNS request interface by the proxy interface. If the operating system of the proxy device is the Android system, select the original DNS request interface of the java layer, and use java reflection technology to take over the original DNS request interface by the proxy interface. If the proxy device adopts custom DNS request, select the original DNS request interface of the native layer, and use the function hijacking technology to let the proxy interface take over the original DNS request interface.

本发明实施例由于直接从代理接口获取域名,所以在传输层代理的代理过程中无需进行应用协议解析,所以本发明实施例能够适用于所有应用协议场景,也能够减少代理本身的代码量。Because the embodiment of the present invention obtains the domain name directly from the proxy interface, there is no need to analyze the application protocol during the proxy process of the transport layer proxy, so the embodiment of the present invention can be applied to all application protocol scenarios, and can also reduce the amount of code of the proxy itself.

并且在应用层发起域名的访问请求的情况下,能够从代理接口获取域名与IP地址的映射关系并缓存,所以不需要新开接口传入域名和IP地址关系列表,减少开发难度,提升传输层代理SDK的嵌入效率以及提升域名匹配过程中的运营效率,也不需要代理主动对DNS请求进行域名解析,能够简化嵌入操作。And when the application layer initiates a domain name access request, the mapping relationship between the domain name and the IP address can be obtained from the proxy interface and cached, so there is no need to open a new interface to pass in the domain name and IP address relationship list, reducing development difficulty and improving the transport layer The embedding efficiency of the agent SDK and the operational efficiency in the process of domain name matching are improved, and the agent does not need to actively perform domain name resolution on DNS requests, which can simplify the embedding operation.

步骤204,代理装置建立域名与IP地址的映射关系。In step 204, the proxy device establishes a mapping relationship between domain names and IP addresses.

在实施中可以将域名与IP地址的映射关系缓存在列表,即域名与IP地址关系列表中。该域名与IP地址关系列表可以缓存在内存的map(关联容器)列表中。In an implementation, the mapping relationship between the domain name and the IP address may be cached in a list, that is, a list of domain name and IP address relationships. The domain name and IP address relationship list can be cached in a memory map (associated container) list.

代理装置缓存域名与IP地址的映射关系的流程可概括为:代理装置在建立域名与IP地址的映射关系之后,判断域名与IP地址关系列表中是否已经缓存所建立的域名与IP地址的映射关系,具体的,可以通过IP地址查询判断所述列表中是否已经缓存所建立的域名与IP地址的映射关系;如果否,将所建立的域名与IP地址的映射关系缓存到所述域名与IP地址关系列表中,如果是,则无需再进行缓存,并且转下一步;将域名解析结果返回给原始DNS请求接口。代理装置在利用代理接口接收到DNS服务器发送的域名解析结果,即IP地址以及端口号之后,将接收到的域名解析结果返回给原始DNS请求接口,从而完成域名解析流程。The process of caching the mapping relationship between the domain name and the IP address by the proxy device can be summarized as follows: after the proxy device establishes the mapping relationship between the domain name and the IP address, it determines whether the established mapping relationship between the domain name and the IP address has been cached in the relationship list between the domain name and the IP address , specifically, it may be determined whether the established mapping relationship between the domain name and the IP address has been cached in the list through an IP address query; if not, the established mapping relationship between the domain name and the IP address is cached in the domain name and the IP address In the relationship list, if yes, there is no need to cache, and go to the next step; return the domain name resolution result to the original DNS request interface. After the proxy device receives the domain name resolution result sent by the DNS server through the proxy interface, that is, the IP address and port number, it returns the received domain name resolution result to the original DNS request interface, thereby completing the domain name resolution process.

步骤205,代理装置在从应用层发起访问请求之后,获取所述访问请求中的IP地址。Step 205, after the proxy device initiates the access request from the application layer, obtains the IP address in the access request.

代理装置在接收到DNS服务器发送的IP地址之后,可以向该IP地址的服务器发送访问请求,以获取目标数据。After receiving the IP address sent by the DNS server, the proxy device may send an access request to the server at the IP address to obtain the target data.

步骤206,代理装置确定所述访问请求中的IP地址对应的域名。Step 206, the agent device determines the domain name corresponding to the IP address in the access request.

代理装置确定访问请求中的IP地址对应的域名的流程具体包括:在获取到访问请求中的IP地址之后,在所述域名与IP地址关系列表中查询该IP地址;如果查找成功,则在所述域名与IP地址关系列表中确定该IP地址对应的域名;如果没有查找到该IP地址,则结束流程。The procedure for the agent device to determine the domain name corresponding to the IP address in the access request specifically includes: after obtaining the IP address in the access request, querying the IP address in the list of relationships between domain names and IP addresses; Determine the domain name corresponding to the IP address in the above domain name and IP address relationship list; if the IP address is not found, the process ends.

步骤207,代理装置基于所述域名判断所述访问请求是否符合代理条件。In step 207, the proxy device judges whether the access request meets proxy conditions based on the domain name.

代理装置可以利用域名正则表达式对该域名进行正则匹配,如果匹配成功,则说明针对该域名的访问请求符合代理条件;如果没有匹配成功,则说明该访问请求不符合代理条件。The proxy device can use the domain name regular expression to perform regular matching on the domain name. If the match is successful, it means that the access request for the domain name meets the proxy conditions; if the match is not successful, it means that the access request does not meet the proxy conditions.

步骤208,如果符合,则向代理服务器发送所述访问请求。Step 208, if it matches, send the access request to the proxy server.

如果所述域名符合代理条件,说明访问所述IP地址的请求需要进行代理,所以代理装置需要向代理服务器发送访问所述IP地址的请求,由代理服务器向待访问服务器发送访问请求。If the domain name meets the proxy condition, it means that the request to access the IP address needs to be proxied, so the proxy device needs to send a request to access the IP address to the proxy server, and the proxy server sends the access request to the server to be accessed.

在实施中,可以设置多个代理条件,也即设置多个域名正则表达式。每个代理条件对应不同功能的代理,例如,加速代理或加密代理。代理装置将域名与每个域名正则表达式进行匹配,每匹配成功,则对访问请求进行相应的代理许可。In implementation, multiple proxy conditions can be set, that is, multiple domain name regular expressions can be set. Each proxy condition corresponds to a proxy with different functions, for example, an acceleration proxy or an encryption proxy. The proxy device matches the domain name with the regular expression of each domain name, and performs corresponding proxy permission for the access request when the match is successful.

本发明实施例在利用传输层代理获取到IP地址之后,确定出该IP地址对应的域名,所以可以利用域名匹配方式对代理的数据进行过滤和分发,也能够适用于对域名发起的访问请求,并且由于同一个域名可以对应多个IP地址,域名匹配方式与IP地址匹配方式相比,域名匹配方式可以简化匹配条件的设置。In the embodiment of the present invention, after the IP address is obtained by using the transport layer agent, the domain name corresponding to the IP address is determined, so the data of the agent can be filtered and distributed by using the domain name matching method, and it can also be applied to the access request initiated by the domain name. And because the same domain name can correspond to multiple IP addresses, compared with the IP address matching method, the domain name matching method can simplify the setting of matching conditions.

参照图5,为本发明实施例提供的一种传输层代理的代理装置的结构框图,所述装置包括:Referring to Fig. 5, it is a structural block diagram of a proxy device of a transport layer proxy provided by an embodiment of the present invention, the device includes:

发送模块501,用于从应用层发起访问请求;A sending module 501, configured to initiate an access request from the application layer;

获取模块502,用于获取所述访问请求中的IP地址;Obtaining module 502, configured to obtain the IP address in the access request;

确定模块503,用于确定所述访问请求中的IP地址对应的域名;A determining module 503, configured to determine the domain name corresponding to the IP address in the access request;

判断模块504,用于基于所述域名判断所述访问请求是否符合代理条件;A judging module 504, configured to judge whether the access request meets proxy conditions based on the domain name;

所述发送模块501,还用于当所述访问请求符合代理条件时,向代理服务器发送所述访问请求。The sending module 501 is further configured to send the access request to a proxy server when the access request meets the proxy condition.

可选的,所述装置还包括接收模块505以及创建模块506;Optionally, the device further includes a receiving module 505 and a creating module 506;

所述发送模块501,还用于在应用层发起DNS请求时,通过代理接口发送所述DNS请求;The sending module 501 is further configured to send the DNS request through the proxy interface when the application layer initiates the DNS request;

所述接收模块505,用于通过所述代理接口接收DNS服务器基于所述DNS请求发送的IP地址;The receiving module 505 is configured to receive the IP address sent by the DNS server based on the DNS request through the proxy interface;

所述创建模块506,用于从所述代理接口获取所述DNS请求中的域名以及所述DNS服务器发送的IP地址,并建立域名与IP地址的映射关系;The creating module 506 is configured to obtain the domain name in the DNS request and the IP address sent by the DNS server from the proxy interface, and establish a mapping relationship between the domain name and the IP address;

相应的,所述确定模块503,具体用于基于所建立的域名与IP地址的映射关系,确定所述访问请求中的IP地址对应的域名。Correspondingly, the determining module 503 is specifically configured to determine the domain name corresponding to the IP address in the access request based on the established mapping relationship between the domain name and the IP address.

可选的,所述发送模块501,具体用于:Optionally, the sending module 501 is specifically used for:

若操作系统是iOS系统,选择OC层的原始DNS请求接口,并利用iOS MethodSwizzling技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求;If the operating system is an iOS system, select the original DNS request interface of the OC layer, and use the iOS MethodSwizzling technology to take over the original DNS request interface by the proxy interface, and send the DNS request through the proxy interface;

若操作系统是Android系统,选择java层的原始DNS请求接口,并利用java反射技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求;If the operating system is an Android system, select the original DNS request interface of the java layer, and utilize java reflection technology to take over the original DNS request interface by the proxy interface, and send the DNS request through the proxy interface;

若采用自定义DNS请求,选择native层的原始DNS请求接口,并利用函数劫持技术,由代理接口接管该原始DNS请求接口,通过所述代理接口发送所述DNS请求。If a custom DNS request is adopted, the original DNS request interface of the native layer is selected, and the function hijacking technology is used to take over the original DNS request interface by the proxy interface, and the DNS request is sent through the proxy interface.

可选的,所述创建模块506,具体用于:Optionally, the creating module 506 is specifically used for:

判断域名与IP地址关系列表中是否已经缓存所建立的域名与IP地址的映射关系;如果否,将所建立的域名与IP地址的映射关系缓存到所述域名与IP地址关系列表中;Judging whether the established domain name and IP address mapping relationship has been cached in the domain name and IP address relationship list; if not, the established domain name and IP address mapping relationship is cached in the domain name and IP address relationship list;

相应的,所述确定模块503,具体用于:Correspondingly, the determining module 503 is specifically used for:

在所述域名与IP地址关系列表中查询所述访问请求中的IP地址;Query the IP address in the access request in the domain name and IP address relationship list;

如果查找成功,则在所述域名与IP地址关系列表中确定所述访问请求中的IP地址对应的域名。If the search is successful, the domain name corresponding to the IP address in the access request is determined in the domain name-IP address relationship list.

本发明实施例在利用传输层代理获取到IP地址之后,确定出该IP地址对应的域名,所以可以利用域名匹配方式对代理的数据进行过滤和分发,也能够适用于对域名发起的访问请求,并且由于同一个域名可以对应多个IP地址,域名匹配方式与IP地址匹配方式相比,域名匹配方式可以简化匹配条件的设置。In the embodiment of the present invention, after the IP address is obtained by using the transport layer agent, the domain name corresponding to the IP address is determined, so the data of the agent can be filtered and distributed by using the domain name matching method, and it can also be applied to the access request initiated by the domain name. And because the same domain name can correspond to multiple IP addresses, compared with the IP address matching method, the domain name matching method can simplify the setting of matching conditions.

需要说明的是:上述实施例提供的传输层代理的代理装置可基于计算机程序实现,该装置在进行筛选时,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的传输层代理的代理装置与传输层代理的代理方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that: the proxy device of the transport layer proxy provided by the above-mentioned embodiment can be realized based on a computer program, and when the device performs screening, it is only illustrated with the division of the above-mentioned functional modules. In practical applications, the The above function allocation is accomplished by different functional modules, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the proxy device of the transport layer proxy provided by the above embodiment and the proxy method embodiment of the transport layer proxy belong to the same concept, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.

图6是本发明实施例提供的电子设备的结构示意图。该电子设备600可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上中央处理器622(例如,一个或一个以上处理器)和存储器632,一个或一个以上存储应用程序642或数据644的存储介质630,也即计算机可读存储介质(例如一个或一个以上海量存储设备)。其中,存储器632和存储介质630可以是短暂存储或持久存储。存储在存储介质630的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对电子设备中的一系列指令操作。更进一步地,中央处理器622可以设置为与存储介质630通信,在电子设备600上执行存储介质630中的一系列指令操作。Fig. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention. The electronic device 600 may have relatively large differences due to different configurations or performances, and may include one or more central processing units 622 (for example, one or more processors) and memory 632, and one or more storage application programs 642 or The storage medium 630 of the data 644 is also a computer-readable storage medium (such as one or more mass storage devices). Wherein, the memory 632 and the storage medium 630 may be temporary storage or persistent storage. The program stored in the storage medium 630 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations on the electronic device. Furthermore, the central processing unit 622 may be configured to communicate with the storage medium 630 , and execute a series of instruction operations in the storage medium 630 on the electronic device 600 .

电子设备600还可以包括一个或一个以上电源624,一个或一个以上有线或无线网络接口650,一个或一个以上输入输出接口658,一个或一个以上键盘654,和/或,一个或一个以上操作系统641,例如Windows ServerTM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTM等等。Electronic device 600 may also include one or more power supplies 624, one or more wired or wireless network interfaces 650, one or more input and output interfaces 658, one or more keyboards 654, and/or, one or more operating systems 641, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and so on.

电子设备600可以包括有存储器,所述存储器中存储有至少一条指令、至少一段程序、代码集或指令集,所述至少一条指令、所述至少一段程序、所述代码集或指令集由所述处理器加载并执行以实现如上述所述的传输层代理的代理方法。The electronic device 600 may include a memory, and at least one instruction, at least one program, code set or instruction set is stored in the memory, and the at least one instruction, the at least one program, the code set or the instruction set are controlled by the The processor loads and executes the agent method for implementing the above-mentioned transport layer agent.

本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above embodiments can be completed by hardware, and can also be completed by instructing related hardware through a program. The program can be stored in a computer-readable storage medium. The above-mentioned The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, and the like.

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (10)

1. a kind of Proxy Method of transport-layer proxy, which is characterized in that the method is applied to agent apparatus, the method packet It includes:
After application layer initiates access request, the IP address in the access request is obtained;
Determine the corresponding domain name of IP address in the access request;
Judge whether the access request meets the condition of agency based on domain name;
If met, the access request is sent to proxy server.
2. the method according to claim 1, wherein the method also includes:
Application layer initiates DNS request, and sends the DNS request by proxy interface;
The IP address that dns server is sent based on the DNS request is received by the proxy interface;
The domain name in the DNS request and the IP address of dns server transmission are obtained from the proxy interface;
Establish the mapping relations of domain name and IP address;
Correspondingly, the step of IP address in the determination access request corresponding domain name, comprising:
Based on the mapping relations of the domain name and IP address established, the corresponding domain name of IP address in the access request is determined.
3. according to the method described in claim 2, it is characterized in that, the step for sending the DNS request by proxy interface Suddenly, comprising:
If operating system is iOS system, OC layers of original DNS request interface is selected, and utilize iOS Method Swizzling Technology takes over the original DNS request interface by proxy interface, sends the DNS request by the proxy interface;
If operating system is android system, java layers of original DNS request interface is selected, and utilize java reflection technology, by Proxy interface takes over the original DNS request interface, sends the DNS request by the proxy interface;
According to customized DNS request, native layers of original DNS request interface is selected, and kidnaps technology using function, by generation Reason interface takes over the original DNS request interface, sends the DNS request by the proxy interface.
4. according to the method described in claim 2, it is characterized in that, the step of the mapping relations for establishing domain name and IP address Later, comprising:
Judge in domain name and IP address relation list whether the mapping relations of buffered established domain name and IP address;If It is no, the mapping relations of the domain name established and IP address are cached in domain name and IP address relation list;
Correspondingly, the step of IP address in the determination access request corresponding domain name, comprising:
The IP address in the access request is inquired in domain name and IP address relation list;
It is corresponding with the IP address in the access request determining in IP address relation list in domain name if searched successfully Domain name.
5. according to the method described in claim 4, it is characterized in that, domain name and IP address relation list are buffered in memory In map list.
6. a kind of agent apparatus of transport-layer proxy, which is characterized in that described device includes:
Sending module, for initiating access request from application layer;
Module is obtained, for obtaining the IP address in the access request;
Determining module, for determining the corresponding domain name of IP address in the access request;
Judgment module, for judging whether the access request meets the condition of agency based on domain name;
The sending module is also used to when the access request meets and acts on behalf of condition, sends the access to proxy server Request.
7. device according to claim 6, which is characterized in that further include receiving module and creation module;
The sending module is also used to send the DNS request by proxy interface when application layer initiates DNS request;
The receiving module, for by the proxy interface with receiving the IP that sends based on the DNS request of dns server Location;
The creation module, for obtaining domain name and dns server hair in the DNS request from the proxy interface The IP address sent, and establish the mapping relations of domain name and IP address;
Correspondingly, the determining module determines the visit specifically for the mapping relations based on the domain name and IP address established Ask the corresponding domain name of IP address in request.
8. device according to claim 7, which is characterized in that the creation module is specifically used for:
Judge in domain name and IP address relation list whether the mapping relations of buffered established domain name and IP address;If It is no, the mapping relations of the domain name established and IP address are cached in domain name and IP address relation list;
Correspondingly, the determining module, is specifically used for:
The IP address in the access request is inquired in domain name and IP address relation list;
It is corresponding with the IP address in the access request determining in IP address relation list in domain name if searched successfully Domain name.
9. a kind of electronic equipment, which is characterized in that the electronic equipment includes processor and memory, is stored in the memory Have at least one instruction, at least a Duan Chengxu, code set or instruction set, at least one instruction, an at least Duan Chengxu, The code set or instruction set are loaded by the processor and are executed to realize the transmission as described in any in claim 1 to 5 The Proxy Method of layer proxy.
10. a kind of computer readable storage medium, is stored with computer program, which is characterized in that the computer program is located Reason device realizes the Proxy Method of transport-layer proxy described in any one of claims 1 to 5 when executing.
CN201910606284.1A 2019-07-05 2019-07-05 Proxy method and device for transport layer proxy Expired - Fee Related CN110324436B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910606284.1A CN110324436B (en) 2019-07-05 2019-07-05 Proxy method and device for transport layer proxy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910606284.1A CN110324436B (en) 2019-07-05 2019-07-05 Proxy method and device for transport layer proxy

Publications (2)

Publication Number Publication Date
CN110324436A true CN110324436A (en) 2019-10-11
CN110324436B CN110324436B (en) 2023-04-18

Family

ID=68122908

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910606284.1A Expired - Fee Related CN110324436B (en) 2019-07-05 2019-07-05 Proxy method and device for transport layer proxy

Country Status (1)

Country Link
CN (1) CN110324436B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261660A (en) * 2020-10-16 2021-01-22 深圳安软信创技术有限公司 Android mobile phone end application proxy access security control method
CN113364741A (en) * 2021-05-17 2021-09-07 网宿科技股份有限公司 Application access method and proxy server

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792994B1 (en) * 2005-06-15 2010-09-07 Symantec Corporation Correlating network DNS data to filter content
CN102340554A (en) * 2011-09-29 2012-02-01 奇智软件(北京)有限公司 Method and device for selecting optimal application server of domain name system DNS
CN103294507A (en) * 2013-05-09 2013-09-11 优视科技有限公司 Method and device for providing information of downloading resources
CN104735174A (en) * 2015-03-30 2015-06-24 北京奇艺世纪科技有限公司 HTTP transparent proxy implementing method and device
US20170374017A1 (en) * 2016-06-27 2017-12-28 Cisco Technology, Inc. Verification of server name in a proxy device for connection requests made using domain names
CN108390955A (en) * 2018-05-09 2018-08-10 网宿科技股份有限公司 Domain Name acquisition method, Website access method and server
CN109359019A (en) * 2018-08-15 2019-02-19 中国平安人寿保险股份有限公司 Application program capacity monitoring method, device, electronic equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7792994B1 (en) * 2005-06-15 2010-09-07 Symantec Corporation Correlating network DNS data to filter content
CN102340554A (en) * 2011-09-29 2012-02-01 奇智软件(北京)有限公司 Method and device for selecting optimal application server of domain name system DNS
CN103294507A (en) * 2013-05-09 2013-09-11 优视科技有限公司 Method and device for providing information of downloading resources
CN104735174A (en) * 2015-03-30 2015-06-24 北京奇艺世纪科技有限公司 HTTP transparent proxy implementing method and device
US20170374017A1 (en) * 2016-06-27 2017-12-28 Cisco Technology, Inc. Verification of server name in a proxy device for connection requests made using domain names
CN108390955A (en) * 2018-05-09 2018-08-10 网宿科技股份有限公司 Domain Name acquisition method, Website access method and server
CN109359019A (en) * 2018-08-15 2019-02-19 中国平安人寿保险股份有限公司 Application program capacity monitoring method, device, electronic equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261660A (en) * 2020-10-16 2021-01-22 深圳安软信创技术有限公司 Android mobile phone end application proxy access security control method
CN112261660B (en) * 2020-10-16 2024-06-04 深圳安软信创技术有限公司 Android mobile phone end application proxy access security control method
CN113364741A (en) * 2021-05-17 2021-09-07 网宿科技股份有限公司 Application access method and proxy server

Also Published As

Publication number Publication date
CN110324436B (en) 2023-04-18

Similar Documents

Publication Publication Date Title
US11856065B2 (en) Data transmission for service integration between a virtual private cloud and an intranet
CN111193773B (en) Load balancing method, device, equipment and storage medium
CN106933648B (en) Method and system for multi-tenant container resource management
CN109067936B (en) Method and device for domain name resolution
US10191760B2 (en) Proxy response program, proxy response device and proxy response method
CN112333017B (en) Service configuration method, device, equipment and storage medium
CN107613037B (en) Domain name redirection method and system
US11134117B1 (en) Network request intercepting framework for compliance monitoring
WO2009097776A1 (en) System, device and method for achieving service upgrade
EP2633667A2 (en) System and method for on the fly protocol conversion in obtaining policy enforcement information
CN112104640B (en) Data processing method, device and equipment of gateway and readable storage medium
CN109542862B (en) Method, device and system for controlling mounting of file system
CN113949695B (en) Method for accessing network, media gateway, electronic device and storage medium
CN113259479A (en) Data processing method and equipment
CN103533080A (en) Dispatching method and device for LVS (Linux virtual server)
CN115695580B (en) Resource acquisition method, device, equipment and storage medium
CN113676564B (en) Data transmission method, device and storage medium
CN113596119B (en) Edge capability distribution method, system, device and computer readable storage medium
CN107241254B (en) Network connection device, network system and networking method
CN102984277B (en) Prevent the system and method that malice connects
CN110324436B (en) Proxy method and device for transport layer proxy
CN104462488B (en) The High Availabitity of database solves method and apparatus
CN102546613A (en) Method for accessing GAE (Google app engine) hosted website, corresponding control device and corresponding system
CN111813826A (en) WHOIS query method, system and storage medium
CN110457559A (en) Distributed data crawling system, method and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20230418

CF01 Termination of patent right due to non-payment of annual fee