CN104410724A - Method for realizing device type recognition in intelligent gateway based on HTTP protocol - Google Patents
Method for realizing device type recognition in intelligent gateway based on HTTP protocol Download PDFInfo
- Publication number
- CN104410724A CN104410724A CN201410828332.9A CN201410828332A CN104410724A CN 104410724 A CN104410724 A CN 104410724A CN 201410828332 A CN201410828332 A CN 201410828332A CN 104410724 A CN104410724 A CN 104410724A
- Authority
- CN
- China
- Prior art keywords
- intelligent gateway
- http protocol
- device type
- equipment
- network packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Abstract
The invention relates to a method for realizing device type recognition in an intelligent gateway based on an HTTP protocol. The method comprises the following steps: establishing an nfqueue queue connection channel by the intelligent gateway; after a device is accessed, setting a corresponding firewall rule according to a MAC address in accessed information of the device; marking a label value of an Internet searching message of the device according to the firewall rule; monitoring a data packet of the nfqueue queue connection channel and judging whether the Internet searching message with the label value exists or not; if so, analyzing the Internet searching message with the label value and obtaining device information of the corresponding device; and uploading the device information to a gateway management platform. According to the method for realizing the device type recognition in the intelligent gateway based on the HTTP protocol, which is provided by the invention, a traditional function can be improved in a realization process without modifying any inner core code, so that the method is more rapid, effective and intelligent and is an invasion-free method; and the method is simple in structure and easy to realize, is not restricted by environments and has a wider application range.
Description
Technical field
The present invention relates to intelligent gateway technical field, particularly relate to device type recognition technology field, specifically refer to a kind of method realizing multifunctional fingerprint unblock based on computer software.
Background technology
Along with Smart Home, the progressively development of the concepts such as intelligent gateway is with ripe, and Related product also progressively enters the life of people, and some functions of conventional gateway cannot meet intelligentized demand, can not bring convenience, effectively experience to user.
Conventional gateway mainly uses DHCP agreement OPTION option to realize to the identification of LAN side apparatus classification, this requires equipment to support, and this option just can be identified, and to operating system, there is natural defect in the identification of the information such as producer, uses this mode can not meet the identification demand of intelligent gateway to LAN side apparatus type.
Summary of the invention
The object of the invention is the shortcoming overcoming above-mentioned prior art, providing one needs to revise any kernel code, and what hang standby type identification under realizing based on http protocol header parsing realizes device type knowledge method for distinguishing based on http protocol in intelligent gateway.
To achieve these goals, of the present invention based on http protocol realize in intelligent gateway device type know method for distinguishing there is following formation:
Should realize device type based on http protocol in intelligent gateway and know method for distinguishing, its main feature is, described method comprises the following steps:
(1) intelligent gateway described in creates nfqueue queue interface channel;
(2) intelligent gateway described in sets corresponding firewall rule according to the MAC Address in the access information of this equipment after equipment access;
(3) intelligent gateway described in marks value according to the upper network packet of described firewall rule to this equipment;
(4) intelligent gateway described in monitors the packet of this nfqueue queue interface channel, and judges whether to exist the upper network packet with mark value, if so, then continues step (5), otherwise continues step (4);
(5) the upper network packet with mark value described in intelligent gateway parsing described in, and obtain the facility information of relevant device;
(6) described facility information is uploaded to gateway management platform by the intelligent gateway described in.
Further, described intelligent gateway resolve described in the upper network packet with mark value and obtain the facility information of relevant device, specifically comprise the following steps:
(5.1) whether the upper network packet with mark value described in intelligent gateway described in judges is the data message of http protocol, if so, then continues step (5.2), otherwise returns step (4);
(5.2) whether the upper network packet with mark value described in the intelligent gateway described in judges, with user profile agency agreement head, if so, then continues step (5.3), otherwise returns step (4);
(5.3) intelligent gateway described in goes out the facility information of relevant device according to the information analysis of described user profile agency agreement head.
Further, after described step (6), breathe out further comprising the steps of:
(7) intelligent gateway described in deletes the corresponding firewall rule of this equipment.
Wherein, described firewall rule is that ebtables rule or iptables are regular, and described facility information comprises the operating system of equipment, similar types and producer's model.
Have employed of the present invention based on http protocol realize in intelligent gateway device type know method for distinguishing, use ebtables/iptables rule that the protocol package that LAN side apparatus is surfed the Net is imported to application layer finger daemon by the mode of nfqueue, finger daemon parses http protocol, according to the information that user-agent carries in front, analyze the relevant information of equipment (as operating system classification, whether be mobile device, producer's title etc.), the method does not need to revise any kernel code and can improve traditional function in implementation procedure, make it quicker, effectively with intelligent, it is a kind of method without intrusive mood, structure is simple, be easy to realize, not by environmental constraints, there is range of application widely.
Accompanying drawing explanation
Fig. 1 is the flow chart realizing device type knowledge method for distinguishing based on http protocol in intelligent gateway of the present invention.
Embodiment
In order to more clearly describe technology contents of the present invention, conduct further description below in conjunction with specific embodiment.
As shown in Figure 1, in one embodiment, of the present invention based on http protocol realize in intelligent gateway device type know method for distinguishing comprise the following steps:
(1) intelligent gateway described in creates nfqueue queue interface channel;
(2) intelligent gateway described in sets corresponding firewall rule according to the MAC Address in the access information of this equipment after equipment access;
(3) intelligent gateway described in marks value according to the upper network packet of described firewall rule to this equipment;
(4) intelligent gateway described in monitors the packet of this nfqueue queue interface channel, and judges whether to exist the upper network packet with mark value, if so, then continues step (5), otherwise continues step (4);
(5) the upper network packet with mark value described in intelligent gateway parsing described in, and obtain the facility information of relevant device;
(6) described facility information is uploaded to gateway management platform by the intelligent gateway described in.
In a preferred embodiment, described intelligent gateway resolve described in the upper network packet with mark value and obtain the facility information of relevant device, specifically comprise the following steps:
(5.1) whether the upper network packet with mark value described in intelligent gateway described in judges is the data message of http protocol, if so, then continues step (5.2), otherwise returns step (4);
(5.2) whether the upper network packet with mark value described in the intelligent gateway described in judges, with user profile agency agreement head, if so, then continues step (5.3), otherwise returns step (4);
(5.3) intelligent gateway described in goes out the facility information of relevant device according to the information analysis of described user profile agency agreement head.
In a preferred embodiment, after described step (6), breathe out further comprising the steps of:
(7) intelligent gateway described in deletes the corresponding firewall rule of this equipment.
Wherein, described firewall rule is that ebtables rule or iptables are regular, and described facility information comprises the operating system of equipment, similar types and producer's model.
In actual applications, to achieve these goals, need the application layer demons designing gateway, be used for, with the kernel communication of gateway, completing nfqueue message sink and data packet analysis, mainly realizing following function:
When there being new equipment to be linked into gateway, the message notice that equipment is reached the standard grade by gateway is to finger daemon, finger daemon is according to the MAC Address of equipment, use ebtables is regular or iptables is regular stamps specific MARK (mark value), and the packet marked with this MARK can be imported to application finger daemon by nfqueue at IP layer.When should after finger daemon completes the type identification to this equipment, the ebtables rule or the iptables that remove this equipment be regular, and concrete steps are as follows:
1) after application layer finger daemon starts, set up the nfqueue queue interface channel with kernel, and configuration will with the queue of the data importing of specific MARK (its value is define combined value arbitrarily) to setting;
2) after application finger daemon receives the equipment for surfing the net announcement information of gateway, according to the MAC Address of carrying in information, setting ebtables is regular or iptables is regular, at link layer, the message of this MAC is stamped the MARK value of setting in step 1, these messages will be passed to finger daemon like this;
3) after finger daemon receives IP layer data storehouse bag, start to resolve, if find that the packet received not is http data bag, then ignore parsing, continue to monitor.
4) if find that datagram is normal http agreement, and with user-agent (user profile agency) protocol header, then according to the information of carrying in this protocol header, the operating system of equipment is analyzed, similar types and producer's model etc.Because device type upgrades very fast, the parsing of this part can coordinate my server specific to go to resolve, and allows server finishing equipment database information updating, ensures the validity of type identification.
5) facility information that will analyze of finger daemon, reports gateway management center, and delete the ebtables rule of relevant device or iptables regular.
Wherein, create nfqueue passage and the establishment when finger daemon starts of ebtables/iptables rule, and exist in finger daemon life cycle always, finger daemon monitors the packet of nfqueue queue always; Create ebtables/iptables rule to beat MARK and occur in equipment that finger daemon receives gateway and reach the standard grade after announcement information, finger daemon, when obtaining the MAC Address of equipment for surfing the net, is opened MARK to this equipment online bag and is marked; When occurring in equipment online by nfqueue channel transfer message, the packet through gateway can use the channel transfer created in step 1 to finger daemon, and finger daemon is resolved packet; The ebtables/iptables rule of having deleted the equipment of parsing occurs in after finger daemon completes certain device type identification, makes its normal flow of surfing the Net away.
Have employed of the present invention based on http protocol realize in intelligent gateway device type know method for distinguishing, use ebtables/iptables rule that the protocol package that LAN side apparatus is surfed the Net is imported to application layer finger daemon by the mode of nfqueue, finger daemon parses http protocol, according to the information that user-agent carries in front, analyze the relevant information of equipment (as operating system classification, whether be mobile device, producer's title etc.), the method does not need to revise any kernel code and can improve traditional function in implementation procedure, make it quicker, effectively with intelligent, it is a kind of method without intrusive mood, structure is simple, be easy to realize, not by environmental constraints, there is range of application widely.
In this description, the present invention is described with reference to its specific embodiment.But, still can make various amendment and conversion obviously and not deviate from the spirit and scope of the present invention.Therefore, specification and accompanying drawing are regarded in an illustrative, rather than a restrictive.
Claims (5)
1. in intelligent gateway, realize device type based on http protocol and know a method for distinguishing, it is characterized in that, described method comprises the following steps:
(1) intelligent gateway described in creates nfqueue queue interface channel;
(2) intelligent gateway described in sets corresponding firewall rule according to the MAC Address in the access information of this equipment after equipment access;
(3) intelligent gateway described in marks value according to the upper network packet of described firewall rule to this equipment;
(4) intelligent gateway described in monitors the packet of this nfqueue queue interface channel, and judges whether to exist the upper network packet with mark value, if so, then continues step (5), otherwise continues step (4);
(5) the upper network packet with mark value described in intelligent gateway parsing described in, and obtain the facility information of relevant device;
(6) described facility information is uploaded to gateway management platform by the intelligent gateway described in.
2. according to claim 1 based on http protocol realize in intelligent gateway device type know method for distinguishing, it is characterized in that, described intelligent gateway resolve described in the upper network packet with mark value and obtain the facility information of relevant device, specifically comprise the following steps:
(5.1) whether the upper network packet with mark value described in intelligent gateway described in judges is the data message of http protocol, if so, then continues step (5.2), otherwise returns step (4);
(5.2) whether the upper network packet with mark value described in the intelligent gateway described in judges, with user profile agency agreement head, if so, then continues step (5.3), otherwise returns step (4);
(5.3) intelligent gateway described in goes out the facility information of relevant device according to the information analysis of described user profile agency agreement head.
3. according to claim 1 based on http protocol realize in intelligent gateway device type know method for distinguishing, it is characterized in that, after described step (6), breathe out further comprising the steps of:
(7) intelligent gateway described in deletes the corresponding firewall rule of this equipment.
4. according to any one of claim 1 to 3 based on http protocol realize in intelligent gateway device type know method for distinguishing, it is characterized in that, described firewall rule be ebtables rule or iptables regular.
5. according to any one of claim 1 to 3 based on http protocol realize in intelligent gateway device type know method for distinguishing, it is characterized in that, described facility information comprises the operating system of equipment, similar types and producer's model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410828332.9A CN104410724A (en) | 2014-12-23 | 2014-12-23 | Method for realizing device type recognition in intelligent gateway based on HTTP protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410828332.9A CN104410724A (en) | 2014-12-23 | 2014-12-23 | Method for realizing device type recognition in intelligent gateway based on HTTP protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104410724A true CN104410724A (en) | 2015-03-11 |
Family
ID=52648319
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410828332.9A Pending CN104410724A (en) | 2014-12-23 | 2014-12-23 | Method for realizing device type recognition in intelligent gateway based on HTTP protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104410724A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105491020A (en) * | 2015-11-24 | 2016-04-13 | 上海市共进通信技术有限公司 | Method for realizing restriction of program in operating system of intelligent device on access of IP (Internet Protocol) address |
| CN105515832A (en) * | 2015-11-26 | 2016-04-20 | 北京那个网络科技有限公司 | Communication method of devices in local area network and gateway |
| CN105577496A (en) * | 2016-03-03 | 2016-05-11 | 烽火通信科技股份有限公司 | System of home gateway for identifying access device type via cloud platform |
| CN110912928A (en) * | 2019-12-11 | 2020-03-24 | 百度在线网络技术(北京)有限公司 | Firewall implementation method and device and electronic equipment |
| CN111988320A (en) * | 2020-08-21 | 2020-11-24 | 深信服科技股份有限公司 | Application identification method, device, system, equipment and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100034089A1 (en) * | 2008-08-06 | 2010-02-11 | Surya Kumar Kovvali | Content Caching in the Radio Access Network (RAN) |
| CN102577328A (en) * | 2010-07-15 | 2012-07-11 | 莫维克网络公司 | Hierarchical device type recognition, caching control and enhanced CDN communication in a wireless mobile network |
| CN104038414A (en) * | 2013-08-21 | 2014-09-10 | 江南大学 | Multiprotocol intelligent household gateway apparatus and system thereof |
| CN104079477A (en) * | 2014-07-17 | 2014-10-01 | 上海斐讯数据通信技术有限公司 | Method and system for identifying client-side device of household gateway equipment |
-
2014
- 2014-12-23 CN CN201410828332.9A patent/CN104410724A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100034089A1 (en) * | 2008-08-06 | 2010-02-11 | Surya Kumar Kovvali | Content Caching in the Radio Access Network (RAN) |
| CN102577328A (en) * | 2010-07-15 | 2012-07-11 | 莫维克网络公司 | Hierarchical device type recognition, caching control and enhanced CDN communication in a wireless mobile network |
| CN104038414A (en) * | 2013-08-21 | 2014-09-10 | 江南大学 | Multiprotocol intelligent household gateway apparatus and system thereof |
| CN104079477A (en) * | 2014-07-17 | 2014-10-01 | 上海斐讯数据通信技术有限公司 | Method and system for identifying client-side device of household gateway equipment |
Non-Patent Citations (3)
| Title |
|---|
| WANG YU-GANG: ""The certain equipment recognition system based on LabSQL and IMAQ vision"", 《THE 2ND INTERNATIONAL CONFERENCE ON INFORMATION SCIENCE AND ENGINEERING》 * |
| WES NOONAN等: "《防火墙基础》", 30 December 2007 * |
| 马先卿,胡越明: ""基于LLDP的家庭网络设备自动识别的研究"", 《计算机应用与软件》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105491020A (en) * | 2015-11-24 | 2016-04-13 | 上海市共进通信技术有限公司 | Method for realizing restriction of program in operating system of intelligent device on access of IP (Internet Protocol) address |
| CN105491020B (en) * | 2015-11-24 | 2019-01-29 | 上海市共进通信技术有限公司 | The method for realizing routine access IP address limitation in the operating system of smart machine |
| CN105515832A (en) * | 2015-11-26 | 2016-04-20 | 北京那个网络科技有限公司 | Communication method of devices in local area network and gateway |
| CN105577496A (en) * | 2016-03-03 | 2016-05-11 | 烽火通信科技股份有限公司 | System of home gateway for identifying access device type via cloud platform |
| WO2017148158A1 (en) * | 2016-03-03 | 2017-09-08 | 烽火通信科技股份有限公司 | System for home gateway to recognize type of access device using cloud platform |
| CN105577496B (en) * | 2016-03-03 | 2018-06-15 | 烽火通信科技股份有限公司 | The system that a kind of home gateway identifies access device type using cloud platform |
| CN110912928A (en) * | 2019-12-11 | 2020-03-24 | 百度在线网络技术(北京)有限公司 | Firewall implementation method and device and electronic equipment |
| CN110912928B (en) * | 2019-12-11 | 2022-01-28 | 百度在线网络技术(北京)有限公司 | Firewall implementation method and device and electronic equipment |
| CN111988320A (en) * | 2020-08-21 | 2020-11-24 | 深信服科技股份有限公司 | Application identification method, device, system, equipment and medium |
| CN111988320B (en) * | 2020-08-21 | 2023-05-12 | 深信服科技股份有限公司 | Application identification method, device, system, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104410724A (en) | Method for realizing device type recognition in intelligent gateway based on HTTP protocol | |
| CN110768933B (en) | Network flow application identification method, system and equipment and storage medium | |
| US20130191890A1 (en) | Method and system for user identity recognition based on specific information | |
| CN103297270A (en) | Application type recognition method and network equipment | |
| US20160142273A1 (en) | Systems and methods for extracting media from network traffic having unknown protocols | |
| CN111970353A (en) | Data processing method and device for heterogeneous equipment in Internet of things of cloud computing platform | |
| US20110314077A1 (en) | Identification of compatible products for use with mobile devices | |
| CN107818046B (en) | A/B test method and device for application program page | |
| CN103618792B (en) | Data stream identification method and device | |
| CN113825129B (en) | Industrial Internet asset mapping method in 5G network environment | |
| WO2016082696A1 (en) | Ua recognition method and device | |
| CN107105428A (en) | The method and device in quick completion end message storehouse | |
| CN102523296B (en) | Method, device and system for optimizing wireless webpage browsing resources | |
| CN103763125A (en) | Statistical method and device for number of actual users in operator network | |
| CN103473107A (en) | Interactive interface dynamic update method based on movable middleware | |
| CN105701224B (en) | Security information customized service system based on big data | |
| CN110020161B (en) | Data processing method, log processing method and terminal | |
| CN103067389B (en) | High safety file transfer method based on short website | |
| CN111131493A (en) | Data acquisition method and device and user portrait generation method and device | |
| CN106257887B (en) | A method of the acquisition client hardware information based on WebSocket | |
| US20120042067A1 (en) | Method and system for identifying applications accessing http based content in ip data networks | |
| CN104113880A (en) | Data flow control method and system | |
| CN104184723A (en) | Application identifying method and device and network equipment | |
| CN105100246A (en) | Network flow management and control method based on downloaded resource name | |
| RU2604983C2 (en) | Service parsing method flexibly adapted to ims system service tag |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150311 |
|
| WD01 | Invention patent application deemed withdrawn after publication |