CN106713355B - Network filtering method based on PC (personal computer) terminal and client PC - Google Patents
Network filtering method based on PC (personal computer) terminal and client PC Download PDFInfo
- Publication number
- CN106713355B CN106713355B CN201710058213.3A CN201710058213A CN106713355B CN 106713355 B CN106713355 B CN 106713355B CN 201710058213 A CN201710058213 A CN 201710058213A CN 106713355 B CN106713355 B CN 106713355B
- Authority
- CN
- China
- Prior art keywords
- data packet
- filtering
- network
- tdi
- driver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 114
- 238000001914 filtration Methods 0.000 title claims abstract description 107
- 230000008569 process Effects 0.000 claims abstract description 77
- 230000004044 response Effects 0.000 claims abstract description 35
- 238000007781 pre-processing Methods 0.000 claims abstract description 27
- 238000004891 communication Methods 0.000 claims description 19
- 238000012545 processing Methods 0.000 claims description 18
- 230000005540 biological transmission Effects 0.000 claims description 17
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 13
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims description 3
- 238000004886 process control Methods 0.000 claims description 3
- 238000002360 preparation method Methods 0.000 claims 1
- 238000012544 monitoring process Methods 0.000 abstract description 5
- 230000000694 effects Effects 0.000 abstract description 2
- 230000010354 integration Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network filtering method based on a PC (personal computer) end and a client PC (personal computer). when any network activity exists, a data packet is transmitted downwards through a socket, when the data packet reaches a TDI (time delay integration) driving layer, the TDI driving judges whether the data packet is a process identifier of a network application filtering program according to the process identifier of a sender, if so, the data packet is transmitted to an NDIS (network driver interface standard) driving and then transmitted to a server through a physical network card, and if not, the data packet is transmitted to the network application filtering program for preprocessing; and when the TDI driver receives a response data packet of the server through the NDIS driver, the response data packet is sent to a network application filter program for filtering and replacing. The network filtering method analyzes and processes the related information of the data packet through a network application filtering program, and the TDI drive only plays a forwarding role, so that the network filtering method is simple in service, easy to implement, comprehensive in monitoring and high in efficiency; the network application filter program is easy to expand, and can be analyzed and filtered aiming at various network protocols.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a network filtering method based on a PC (personal computer) terminal and a client PC.
Background
With the rapid popularization of the internet, the network content "garbage" has started to invade the lives of people, and like a large amount of bad information on the internet at present, people's souls have been gradually invaded. People have attracted attention to the internet by taking the essence and removing dregs to protect the internet and teenagers with extremely poor resistance, so that the network filtering technology is developed.
The network filtering technology adopts proper technical measures to filter the bad information of the internet, which can prevent the bad information from invading people and adapt to the requirements of society on consciousness and shape, and meanwhile, by standardizing the internet access behaviors of users, the working efficiency is improved, the network resources are reasonably utilized, and the invasion of viruses to the network is reduced, which is the fundamental connotation of the network filtering technology.
At present, the network filtering method based on the PC end mainly includes the following two methods:
(1) and (4) using a HOOK technology at an application layer, and performing interception filtering through a browser plug-in. The method is easy to realize and high in efficiency, but is easy to resist HOOK, and is not comprehensive in searching, killing and monitoring;
(2) interception is performed through a driving layer. This method can basically monitor the network communication, but the development cost is high, the efficiency of data analysis in the driver layer is low, and a blue screen is easily caused.
Disclosure of Invention
The present invention is directed to overcome the disadvantages of the prior art, and provides a PC-based network filtering method and a client PC, which overcome the above problems or at least partially solve the above problems, in which a TDI driver in a transport layer forwards a data request packet and a data response packet to a network application filter program in an application layer, and the network application filter program in the application layer analyzes and processes information related to the data packet, so that the TDI driver only plays a forwarding role, and has simple service, easy implementation, comprehensive monitoring, and high efficiency.
The technical scheme adopted by the invention for solving the technical problems is as follows:
on one hand, the network filtering method based on the PC terminal is applied to a network comprising a client PC and a server, wherein the client PC is communicated with the server through the Internet; the client PC comprises an application program and a transport layer driver interface TDI driver; the application programs comprise a network application program and a network application filter program; the method comprises the following steps:
the TDI driver receives a data packet sent by an application program to the server, acquires a process identifier carried by the data packet, and judges whether the process identifier is a process identifier of a network application filter program;
if yes, the TDI driver sends a data packet to the server; if not, the TDI driver forwards the data packet to a network application filter program for preprocessing, and the network application filter program forwards the preprocessed data packet to the TDI driver; the TDI driver forwards the preprocessed data packet to the server;
the server sends a response data packet to the TDI driver; the TDI driver forwards the response data packet to the network application filter program for filtering, the network application filter program forwards the filtered response data packet to the TDI driver, and the TDI driver forwards the filtered response data packet to the network application program.
Preferably, before the step of receiving, by the TDI driver, a data packet sent by an application program to the server, acquiring a process identifier carried by the data packet, and determining whether the process identifier is a process identifier of a network application filter program, the method further includes:
and the client of the network application filter program receives a control parameter setting request and acquires control parameters of preprocessing and filtering processing.
Preferably, the set preprocessing control parameters include: URL blacklisting of whether access to the network is disabled, whether TCP protocol transport is disabled, whether UDP protocol transport and HTTP protocol are disabled.
Preferably, the forbidden network comprises a global network disconnection and a process network disconnection; the disabled TCP protocol transport comprises a globally disabled TCP and a process disabled TCP; the disabled UDP protocol transport includes globally disabled UDP and process disabled UDP.
Preferably, the preprocessing of the network application filter program includes:
step a, judging whether a global network disconnection is set, if so, closing a connection request; otherwise, judging whether a process is set to be disconnected, if so, closing the connection request, otherwise, executing the step b;
step b, judging whether the communication protocol of the transmission layer is TCP or UDP; if the UDP is adopted, executing the step c; if the TCP is adopted, executing the step d;
step c, judging whether the global forbidden UDP is set or not, if so, closing the connection request; otherwise, judging whether the process is set to disable UDP, if so, closing the connection request, otherwise, forwarding the data packet to the TDI driver;
step d, judging whether a globally forbidden TCP is set or not, and if so, closing the connection request; otherwise, judging whether the process forbids the TCP, if so, closing the connection request, otherwise, executing the step e;
step e, judging whether the application layer communication protocol is HTTP, if not, forwarding the data packet to the TDI driver; if so, executing the step f,
and f, analyzing the packet head of the HTTP data packet, judging whether the website is allowed to access according to the set URL blacklist, if not, returning a prompt of forbidding to access the webpage and closing a connection request, otherwise, forwarding the data packet to the TDI driver.
Preferably, the set filtering process control parameters include: filtering keywords, replacing keywords, filtering pictures and replacing pictures.
Preferably, the filtering process comprises:
analyzing the data packet; and searching the filtering keywords and the filtering pictures included in the data packet, and replacing the filtering keywords and the filtering pictures with corresponding replacing keywords and replacing pictures.
The invention relates to a network filtering method based on a PC (personal computer) end, when any network activity exists in an application layer, a data packet is transmitted downwards through a socket, when the data packet reaches a TDI (time delay integration) driving layer, the TDI driving can judge whether the data packet is a process identifier of a network application filtering program according to the process identifier of a sender, if so, the data packet is directly transmitted downwards to a network driving interface to standardize an NDIS (network driver interface) drive and then is transmitted to a server through a physical network card, and if the process identifier of the sender is not the process identifier of the network application filtering program, the IP data packet is transmitted to the network application filtering program to be preprocessed, so that network monitoring operations such as network disconnection, website filtering and the like; when the TDI driver receives a response data packet of the server through the NDIS driver, the response data packet is sent to a network application filter program to perform operations such as keyword filtering, keyword replacement, picture filtering, picture replacement and the like.
According to another aspect of the present invention, there is provided a client PC applied in a network including the client PC and a server, the client PC communicating with the server through the internet; the client PC comprises an application module and a transport layer driver interface TDI driver module; the application module comprises a network application module and a network application filtering module; the network application module is used for sending a request data packet;
the TDI driving module is used for receiving a data packet sent by the application module to the server, acquiring a process identifier carried by the data packet, judging whether the process identifier is the process identifier of the network application filtering module, if so, forwarding the data packet to the server, and if not, forwarding the data packet to the network application filtering module; the server is also used for receiving a response data packet sent to the network application module by the server;
the network application filtering module is used for analyzing and processing the request data packet and the corresponding response data packet of the network application module and comprises a control parameter setting unit, a preprocessing unit and a filtering processing unit;
the control parameter setting unit is used for setting whether to forbid the access to the network, whether to forbid the transmission of a TCP (transmission control protocol) or not, whether to forbid the transmission of a UDP (user datagram protocol) or not, a URL (uniform resource locator) blacklist of an HTTP (hyper text transport protocol), a filtering keyword, a replacing keyword, a filtering picture and a replacing picture;
the preprocessing unit is used for preprocessing the request data packet forwarded by the TDI driving module according to the parameters set by the control parameter setting unit; after the preprocessing is finished, forwarding the preprocessed data packet to the TDI driving module;
the filtering processing unit is used for filtering the response data packet forwarded by the TDI driving module according to the parameters set by the control parameter setting unit; and after the filtering processing is finished, forwarding the filtered data packet to the TDI driving module.
Preferably, the pretreatment specifically comprises:
judging whether the global network disconnection or the process network disconnection is set, and closing the connection request; otherwise, judging a transport layer communication protocol;
judging whether a transport layer communication protocol is UDP or not, further judging whether global disabled UDP or process disabled UDP is set or not, and closing the connection request; otherwise, forwarding the data packet to the TDI driving module;
judging whether a transmission layer communication protocol is TCP or not, further judging whether globally forbidden TCP or process forbidden TCP is set or not, and closing the connection request; otherwise, further judging whether the application layer communication protocol is HTTP, if not, forwarding the data packet to the TDI driving module; if the current address is the address of the TDI driver module, analyzing the packet head of the HTTP data packet, judging whether the website is allowed to access according to a set URL blacklist, if the website is not allowed to access, returning a prompt of forbidding to access the webpage and closing a connection request, and if the website is not allowed to access, forwarding the data packet to the TDI driver module.
Preferably, the filtering treatment specifically includes:
analyzing the data packet; and searching the filtering keywords and the filtering pictures included in the data packet, and replacing the filtering keywords and the filtering pictures with corresponding replacing keywords and replacing pictures.
The technical scheme provided by the invention has the beneficial effects that:
1. the method of the invention transmits the communicated data request packet and the data response packet to the network application filtering program of the application layer through the TDI drive of the transmission layer, and the network application filtering program at the application layer analyzes and processes the related information of the data packet, so that the TDI drive only plays a role in transmitting, the service is simple, the realization is easy, the monitoring is comprehensive, and the efficiency is high;
2. the network application filtering program of the invention is easy to expand and can analyze and filter aiming at various network protocols.
The above description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the description of the technical means more comprehensible.
The above and other objects, advantages and features of the present invention will become more apparent to those skilled in the art from the following detailed description of specific embodiments thereof, taken in conjunction with the accompanying drawings.
Drawings
FIG. 1 is a flow chart of an embodiment of the method of the present invention;
FIG. 2 is a block diagram of a network driver according to an embodiment of the present invention;
FIG. 3 is a network flow diagram of a request message according to an embodiment of the method of the present invention;
FIG. 4 is a network flow diagram of a response message of an embodiment of the method of the present invention;
FIG. 5 is a flow chart of a process for web application filtering according to a method embodiment of the present invention;
fig. 6 is a schematic structural diagram of an embodiment of a client PC of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Fig. 1 is a flowchart of an embodiment of the method of the present invention, fig. 2 is a structural diagram of a network driver of the embodiment of the method of the present invention, fig. 3 is a flowchart of a request message of the embodiment of the method of the present invention, and fig. 4 is a flowchart of a response message of the embodiment of the method of the present invention. The execution subject of the embodiment is a client PC 2 machine, as shown in fig. 1, the method is applied to a network including a client PC 2 and a server 3, and the client PC 2 communicates with the server 3 through the internet; the client PC 2 comprises an application program 20 and a transport layer driver interface TDI driver 21; the application program 20 comprises a network application program 201 and a network application filter program 202 (the client PC 2 is provided with the network application program 201, and is further provided with the network application filter program 202 and a TDI driver 21 for analyzing and processing a network application program request data packet and a corresponding response data packet); the method comprises the following steps:
101, receiving a data packet sent by an application program 20 to the server 3, by the TDI driver 21, acquiring a process identifier carried by the data packet, and determining whether the process identifier is a process identifier of the network application filter program 202;
specifically, as shown in fig. 2, which is a structure diagram of a network driver according to an embodiment of the method of the present invention, the process identifier is obtained by the TDI driver 21. The Windows operating system Network Driver includes a Transport Driver Interface (TDI) Driver and a Network Driver Interface Specification (NDIS) NDIS Driver 22, where NDIS may be divided into an NDIS protocol Driver, an NDIS middle layer Driver, and an NDIS Network card Driver. The NDIS protocol driver realizes a specific network protocol, the NDIS network card driver realizes the operation on the physical network card 23, the NDIS intermediate layer driver is positioned between the NDIS network card driver and the NDIS protocol driver, and provides a portlet function set upwards and provides a protocol function set downwards, so that the upper layer driver is a portlet driver; for the underlying driver, it is the protocol driver.
102, if yes, the TDI driver 21 sends a data packet to the server 3; if not, the TDI driver 21 forwards the data packet to the network application filter 202 for preprocessing, and the network application filter 202 forwards the preprocessed data packet to the TDI driver 21; the TDI driver 21 forwards the pre-processed data packets to the server 3.
Specifically, as shown in fig. 3, when the network application 201 initiates a network request, a data packet is first transmitted to the TDI driver 21, and the TDI driver 21 identifies a process to which the data packet belongs, obviously, the process identifier at this time does not belong to the network application filter 202. In this case, the TDI driver 21 forwards the data packet to the network application filter 202 for preprocessing, after the preprocessing is completed, the network application filter 202 forwards the data packet to the TDI driver 21, at this time, the TDI driver 21 determines that the process identifier is the process identifier of the network application filter 202, so that the data packet is forwarded to the NDIS driver, and the NDIS driver sends the data packet to the server 3 through the physical network card 23.
In step 103, the TDI driver 21 receives the response data packet returned by the server 3, and forwards the response data packet to the network application filter 202 for filtering, the network application filter 202 forwards the filtered response data packet to the TDI driver 21, and the TDI driver 21 forwards the filtered response data packet to the network application 201.
Specifically, as shown in fig. 4, the NDIS driver receives a response data packet returned by the server 3 through the physical network card 23 and forwards the response data packet to the TDI driver 21, the TDI driver 21 forwards the data packet to the network application filter 202 for filtering, and after the filtering is completed, forwards the data packet to the TDI driver 21, and the TDI driver 21 forwards the filtered response data packet to the network application 201.
Further, before the step of receiving a data packet sent by the application program 20 to the server 3, the TDI driver 21 obtains a process identifier carried by the data packet, and determining whether the process identifier is a process identifier of the network application filter program 202, the method further includes:
control parameters are preset at the client of the network application filter 202, and include: whether to forbid accessing the network (global network and process network break), whether to forbid TCP protocol transmission (global forbid TCP and process forbid TCP), whether to forbid UDP protocol transmission (global forbid UDP and process forbid UDP), set up the URL blacklist of HTTP protocol, set up the filtering keyword of HTTP protocol content, set up whether to filter the yellow picture in HTTP protocol, and carry out the substituted keyword to the filtering keyword and carry out the substituted ordinary picture to the yellow picture. Specifically, the set pretreatment control parameters include: URL blacklisting of whether access to the network is disabled, whether TCP protocol transport is disabled, whether UDP protocol transport and HTTP protocol are disabled. The set filter process control parameters include: filtering keywords, replacing keywords, filtering pictures and replacing pictures.
Further, as shown in fig. 5, a flow chart of the processing of the network application filter 202 according to the embodiment of the method of the present invention is shown, and the whole flow includes the preprocessing and the filtering.
Specifically, when the network application filter 202 receives a request packet forwarded by the TDI driver 21, the preprocessing is performed, where the preprocessing includes:
step a, judging whether a global network disconnection is set, if so, closing a connection request; otherwise, judging whether a process is set to be disconnected, if so, closing the connection request, otherwise, executing the step b;
step b, judging whether the communication protocol of the transmission layer is TCP or UDP; if the UDP is adopted, executing the step c; if the TCP is adopted, executing the step d;
step c, judging whether the global forbidden UDP is set or not, if so, closing the connection request; otherwise, judging whether the process is set to disable UDP, if so, closing the connection request, otherwise, forwarding the data packet to the TDI driver 21;
step d, judging whether a globally forbidden TCP is set or not, and if so, closing the connection request; otherwise, judging whether the process forbids the TCP, if so, closing the connection request, otherwise, executing the step e;
step e, judging whether the application layer communication protocol is HTTP, if not, forwarding the data packet to the TDI driver 21; if so, executing the step f,
and f, analyzing the packet head of the HTTP data packet, judging whether the website is allowed to access according to the set URL blacklist, if not, returning a prompt of 'no access to a webpage' and closing a connection request, otherwise, forwarding the data packet to the TDI driver 21.
Specifically, if the access URL allows access, the web application filter 202 performs filtering processing when receiving a web content packet returned by the server 3 forwarded by the TDI driver 21, where the filtering processing includes:
analyzing the data packet; and searching the filtering keywords and the filtering pictures included in the data packet, and replacing the filtering keywords and the filtering pictures with corresponding replacing keywords and replacing pictures.
After the filtering process is completed, the network application filter 202 forwards the response packet after the filtering process to the TDI driver 21, and the TDI driver 21 forwards the response packet after the filtering process to the network application 201.
Fig. 6 is a schematic structural diagram of an embodiment of a client PC 2 according to the present invention, and as shown in fig. 6, a client PC 2 is applied in a network including the client PC 2 and a server 3, and the client PC 2 communicates with the server 3 through the internet; the client PC 2 comprises an application module 60, a transport layer driver interface TDI driver module 61, an NDIS driver module 62 and a physical network card module 63; the application module 60 comprises a network application module 601 and a network application filtering module 602; specifically, the method comprises the following steps:
the network application module 601 is configured to send a request packet;
the TDI driving module 61 is configured to receive a data packet sent by the application module 60 to the server 3, obtain a process identifier carried by the data packet, determine whether the process identifier is a process identifier of the network application filtering module 602, forward the data packet to the server 3 if the process identifier is the process identifier of the network application filtering module 602, and forward the data packet to the network application filtering module 602 if the process identifier is not the process identifier of the network application filtering module 602; the network application module 601 is further configured to receive a response packet sent by the server 3 to the network application module;
the network application filtering module 602 is configured to perform analysis processing on the request data packet and the corresponding response data packet of the network application module 601, and includes a control parameter setting unit 6021, a preprocessing unit 6022, and a filtering processing unit 6023;
the control parameter setting unit 6021 is configured to set whether to disable access to the network, whether to disable TCP protocol transmission, whether to disable UDP protocol transmission, a URL blacklist of the HTTP protocol, a filter keyword, a replacement keyword, a filter picture, and a replacement keyword;
the preprocessing unit 6022 is configured to preprocess the request packet forwarded by the TDI driving module 61 according to the parameter set by the control parameter setting unit; after the preprocessing is completed, forwarding the preprocessed data packet to the TDI driving module 61;
the filtering processing unit 6023 is configured to perform filtering processing on the response data packet forwarded by the TDI driving module 61 according to the parameter set by the control parameter setting unit; after the filtering process is completed, the filtered data packet is forwarded to the TDI driver module 61.
Judging whether the global network disconnection or the process network disconnection is set, and closing the connection request; otherwise, judging a transport layer communication protocol;
judging whether a transport layer communication protocol is UDP or not, further judging whether global disabled UDP or process disabled UDP is set or not, and closing the connection request; otherwise, forwarding the data packet to the TDI driving module 61;
judging whether a transmission layer communication protocol is TCP or not, further judging whether globally forbidden TCP or process forbidden TCP is set or not, and closing the connection request; otherwise, further judging whether the application layer communication protocol is HTTP, if not, forwarding the data packet to the TDI driving module 61; if the current address is the address of the TDI driver module 61, analyzing the packet header of the HTTP data packet, judging whether the website is allowed to access according to a set URL blacklist, if the website is not allowed to access, returning a prompt of forbidding to access the webpage and closing a connection request, and if the website is not allowed to access, forwarding the data packet to the TDI driver module 61.
Preferably, the filtering treatment specifically includes:
analyzing the data packet; and searching the filtering keywords and the filtering pictures included in the data packet, and replacing the filtering keywords and the filtering pictures with corresponding replacing keywords and replacing pictures.
The above description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the description of the technical means more comprehensible.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (9)
1. A network filtering method based on a PC terminal is applied to a network comprising a client PC and a server, wherein the client PC is communicated with the server through the Internet; the client PC comprises an application program and a transport layer driver interface TDI driver; the application programs comprise a network application program and a network application filter program; characterized in that the method comprises:
the client of the network application filter program receives a control parameter setting request and acquires control parameters of preprocessing and filtering processing;
the TDI driver receives a data packet sent by an application program to the server, acquires a process identifier carried by the data packet, and judges whether the process identifier is a process identifier of a network application filter program;
if yes, the TDI driver sends a data packet to the server; if not, the TDI driver forwards the data packet to a network application filter program for preprocessing, and the network application filter program forwards the preprocessed data packet to the TDI driver; the TDI driver forwards the preprocessed data packet to the server;
the TDI driver receives the response data packet returned by the server and forwards the response data packet to the network application filter program for filtering, the network application filter program forwards the filtered response data packet to the TDI driver, and the TDI driver forwards the filtered response data packet to the network application program.
2. The PC-based network filtering method according to claim 1, wherein the set preprocessing control parameters include: URL blacklisting of whether access to the network is disabled, whether TCP protocol transport is disabled, whether UDP protocol transport and HTTP protocol are disabled.
3. The PC-based network filtering method of claim 2, wherein the forbidden network comprises a global network outage and a process network outage; the disabled TCP protocol transport comprises a globally disabled TCP and a process disabled TCP; the disabled UDP protocol transport includes globally disabled UDP and process disabled UDP.
4. The PC-based network filtering method of claim 3, wherein the preprocessing of the network application filter program comprises:
step a, judging whether a global network disconnection is set, if so, closing a connection request; otherwise, judging whether a process is set to be disconnected, if so, closing the connection request, otherwise, executing the step b;
step b, judging whether the communication protocol of the transmission layer is TCP or UDP; if the UDP is adopted, executing the step c; if the TCP is adopted, executing the step d;
step c, judging whether the global forbidden UDP is set or not, if so, closing the connection request; otherwise, judging whether the process is set to disable UDP, if so, closing the connection request, otherwise, forwarding the data packet to the TDI driver;
step d, judging whether a globally forbidden TCP is set or not, and if so, closing the connection request; otherwise, judging whether the process forbids the TCP, if so, closing the connection request, otherwise, executing the step e;
step e, judging whether the application layer communication protocol is HTTP, if not, forwarding the data packet to the TDI driver; if so, executing the step f,
and f, analyzing the packet head of the HTTP data packet, judging whether the website is allowed to access according to the set URL blacklist, if not, returning a prompt of forbidding to access the webpage and closing a connection request, otherwise, forwarding the data packet to the TDI driver.
5. The PC-based network filtering method according to claim 1, wherein the set filtering process control parameters include: filtering keywords, replacing keywords, filtering pictures and replacing pictures.
6. The PC-based network filtering method of claim 5, wherein the filtering process comprises:
analyzing the data packet; and searching the filtering keywords and the filtering pictures included in the data packet, and replacing the filtering keywords and the filtering pictures with corresponding replacing keywords and replacing pictures.
7. A client PC applied in a network including the client PC and a server, the client PC communicating with the server through the internet; the client PC comprises an application module and a transport layer driver interface TDI driver module; the application module comprises a network application module and a network application filtering module; it is characterized in that the preparation method is characterized in that,
the network application module is used for sending a request data packet;
the TDI driving module is used for receiving a data packet sent by the application module to the server, acquiring a process identifier carried by the data packet, judging whether the process identifier is the process identifier of the network application filtering module, if so, forwarding the data packet to the server, and if not, forwarding the data packet to the network application filtering module; the server is also used for receiving a response data packet sent to the network application module by the server;
the network application filtering module is used for analyzing and processing the request data packet and the corresponding response data packet of the network application module and comprises a control parameter setting unit, a preprocessing unit and a filtering processing unit;
the control parameter setting unit is used for setting whether to forbid the access to the network, whether to forbid the transmission of a TCP (transmission control protocol) or not, whether to forbid the transmission of a UDP (user datagram protocol) or not, a URL (uniform resource locator) blacklist of an HTTP (hyper text transport protocol), a filtering keyword, a replacing keyword, a filtering picture and a replacing picture;
the preprocessing unit is used for preprocessing the request data packet forwarded by the TDI driving module according to the parameters set by the control parameter setting unit; after the preprocessing is finished, forwarding the preprocessed data packet to the TDI driving module;
the filtering processing unit is used for filtering the response data packet forwarded by the TDI driving module according to the parameters set by the control parameter setting unit; and after the filtering processing is finished, forwarding the filtered data packet to the TDI driving module.
8. The client PC of claim 7, wherein the preprocessing specifically comprises:
judging whether the global network disconnection or the process network disconnection is set, and closing the connection request; otherwise, judging a transport layer communication protocol;
judging whether a transport layer communication protocol is UDP or not, further judging whether global disabled UDP or process disabled UDP is set or not, and closing the connection request; otherwise, forwarding the data packet to the TDI driving module;
judging whether a transmission layer communication protocol is TCP or not, further judging whether globally forbidden TCP or process forbidden TCP is set or not, and closing the connection request; otherwise, further judging whether the application layer communication protocol is HTTP, if not, forwarding the data packet to the TDI driving module; if the current address is the address of the TDI driver module, analyzing the packet head of the HTTP data packet, judging whether the website is allowed to access according to a set URL blacklist, if the website is not allowed to access, returning a prompt of forbidding to access the webpage and closing a connection request, and if the website is not allowed to access, forwarding the data packet to the TDI driver module.
9. The client PC according to claim 7, wherein the filtering process specifically includes:
analyzing the data packet; and searching the filtering keywords and the filtering pictures included in the data packet, and replacing the filtering keywords and the filtering pictures with corresponding replacing keywords and replacing pictures.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710058213.3A CN106713355B (en) | 2017-01-23 | 2017-01-23 | Network filtering method based on PC (personal computer) terminal and client PC |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710058213.3A CN106713355B (en) | 2017-01-23 | 2017-01-23 | Network filtering method based on PC (personal computer) terminal and client PC |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106713355A CN106713355A (en) | 2017-05-24 |
| CN106713355B true CN106713355B (en) | 2020-02-21 |
Family
ID=58910216
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710058213.3A Expired - Fee Related CN106713355B (en) | 2017-01-23 | 2017-01-23 | Network filtering method based on PC (personal computer) terminal and client PC |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713355B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108011927A (en) * | 2017-11-08 | 2018-05-08 | 东软集团股份有限公司 | The method, apparatus and storage medium and electronic equipment of request data |
| CN112737973B (en) * | 2020-12-14 | 2024-04-30 | 安徽继远软件有限公司 | Power network monitoring method and system based on protocol awareness |
| CN113297567A (en) * | 2021-02-03 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Network filtering method, device, equipment and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420837A (en) * | 2009-11-10 | 2012-04-18 | 浙江省公众信息产业有限公司 | NDIS (Network Driver Interface Standard)-based method and system |
| CN104683295A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Data packet filtering rule configuration method, device and system |
| CN105656943A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Application data interception system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9183111B2 (en) * | 2011-05-10 | 2015-11-10 | Microsoft Technology Licensing, Llc | Methods and computer program products for collecting storage resource performance data using file system hooks |
-
2017
- 2017-01-23 CN CN201710058213.3A patent/CN106713355B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420837A (en) * | 2009-11-10 | 2012-04-18 | 浙江省公众信息产业有限公司 | NDIS (Network Driver Interface Standard)-based method and system |
| CN104683295A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Data packet filtering rule configuration method, device and system |
| CN105656943A (en) * | 2016-03-15 | 2016-06-08 | 上海缔安科技股份有限公司 | Application data interception system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106713355A (en) | 2017-05-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9794242B2 (en) | Method, apparatus and application platform for realizing logon to an application service website | |
| CN107145490B (en) | Webpage loading and displaying method and webpage loading and displaying device | |
| US9088481B2 (en) | Web transaction analysis | |
| WO2022083226A1 (en) | Anomaly identification method and system, storage medium and electronic device | |
| CN106713355B (en) | Network filtering method based on PC (personal computer) terminal and client PC | |
| CN105871690B (en) | Method and device for realizing instant messaging | |
| JP2018531527A (en) | Method and apparatus for identifying application information in network traffic | |
| CN101741769B (en) | Redirection method for gateway and webpage | |
| CN103297270A (en) | Application type recognition method and network equipment | |
| CN108418847B (en) | Network traffic caching system, method and device | |
| CN104601573A (en) | Verification method and device for Android platform URL (Uniform Resource Locator) access result | |
| KR20180004093A (en) | Transmitting media content during instant messaging | |
| KR20080052097A (en) | Harmful web site filtering method and apparatus using web structural information | |
| CN108229159B (en) | Malicious code detection method and system | |
| CN105975225B (en) | Multi-screen interactive connection method, device and system | |
| WO2014086222A1 (en) | Method and apparatus for setting video call parameters and sending capability parameters | |
| CN103763125A (en) | Statistical method and device for number of actual users in operator network | |
| JP2011043924A (en) | Web action history acquisition system, web action history acquisition method, gateway device and program | |
| CN102754488A (en) | User access control method, apparatus and system | |
| CN113132477B (en) | Real-time transmission interaction method and system for browser terminal and equipment | |
| CN104202432B (en) | Remote web management system and management method | |
| CN109218375B (en) | Application interaction method and device | |
| CN114116267A (en) | Method for APP awakening and non-sensing login to H5 page directly | |
| EP2846507A1 (en) | Single-pdp dual-stack serial dialing method and system | |
| CN115941224A (en) | Network access information management method and device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200805 Address after: Room 401, building 2, Xunmei science and Technology Plaza, No. 8, Keyuan Road, Science Park community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Shenzhen green onion fruit Information Technology Co.,Ltd. Address before: 361000 Fujian province Xiamen software park two sunrise Road No. 18 4 floor Patentee before: GREEN NET WORLD (FUJIAN) NETWORK TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 518057 409, building 11, Shenzhen Bay science and technology ecological park, No. 16, Keji South Road, community, high tech Zone, Yuehai street, Nanshan District, Shenzhen, Guangdong Patentee after: Green onion Education Technology (Shenzhen) Co.,Ltd. Address before: 518000 Room 401, building 2, Xunmei science and Technology Plaza, 8 Keyuan Road, science and Technology Park community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Patentee before: Shenzhen green onion fruit Information Technology Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200221 |