CN110198251B - Method and device for obtaining client address - Google Patents

Method and device for obtaining client address Download PDF

Info

Publication number
CN110198251B
CN110198251B CN201910261947.0A CN201910261947A CN110198251B CN 110198251 B CN110198251 B CN 110198251B CN 201910261947 A CN201910261947 A CN 201910261947A CN 110198251 B CN110198251 B CN 110198251B
Authority
CN
China
Prior art keywords
address
client
intermediate server
target data
data packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910261947.0A
Other languages
Chinese (zh)
Other versions
CN110198251A (en
Inventor
闵江涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910261947.0A priority Critical patent/CN110198251B/en
Publication of CN110198251A publication Critical patent/CN110198251A/en
Application granted granted Critical
Publication of CN110198251B publication Critical patent/CN110198251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a method and a device for obtaining a client address, which relate to the technical field of data transmission, and the method comprises the following steps: and monitoring the data stream received by the network interface, and determining a target data packet from the data stream according to a filtering rule, wherein the target data packet is forwarded by the intermediate server. When the target data packet is a network connection request packet, the TOA field of the header of the network connection request packet is analyzed to obtain the address of the client, so that the problem that the service server cannot directly obtain the address of the client because the address of the client is hidden by the intermediate server is solved. Secondly, the network interface of the monitoring service server obtains the data stream and obtains the target data packet from the data stream, so the process of obtaining the client address is independent of the actual service process of the service server, the service logic of the service server does not need to be changed, and the operation of the normal service is not influenced. In addition, deep transformation on a bottom layer protocol stack is not needed, and dependency on a system is avoided.

Description

Method and device for obtaining client address
Technical Field
The embodiment of the invention relates to the technical field of data transmission, in particular to a method and a device for obtaining a client address.
Background
Currently, many network service providers need to obtain a real Internet Protocol Address (IP Address for short) and a Port (Port) of a client for making and optimizing a service policy. In addition, the IP and Port information of the client is used as basic statistical data, and has very important significance for monitoring and evaluating the online service operation. The service server may directly obtain the address of the client through an Application Programming Interface (API), but when a proxy server is added to the front side of the service server, the proxy server hides the address of the client, and then sends the address of the proxy server to the service server, and at this time, the API is used to directly obtain the address of the proxy server instead of the address of the client.
Disclosure of Invention
The embodiment of the invention provides a method and a device for obtaining a client address, which solve the problem that a business server cannot directly obtain the client address because the client address is hidden when a proxy server forwards a data packet of the client.
In one aspect, an embodiment of the present invention provides a method for obtaining a client address, including:
monitoring a data stream received by a network interface;
determining a target data packet from the data stream according to a filtering rule, wherein the target data packet is forwarded by the intermediate server;
and when the target data packet is a network connection request packet, analyzing the TOA field of the header of the network connection request packet to obtain a client address.
In one aspect, an embodiment of the present invention provides an apparatus for obtaining a client address, where the apparatus includes:
the monitoring module is used for monitoring the data stream received by the network interface;
a filtering module, configured to determine a target data packet from the data stream according to a filtering rule, where the target data packet is forwarded by the intermediate server;
and the analysis module is used for analyzing the TOA field of the network connection request packet header to obtain the client address when the target data packet is the network connection request packet.
Optionally, the system further comprises a control module;
the control module is used for acquiring the address of the intermediate server from the target data packet; and correspondingly storing the address of the intermediate server and the address of the client into a hash table by taking the address of the intermediate server as an index.
Optionally, the control module is further configured to receive a query instruction, where the query instruction carries an address of the intermediate server;
inquiring the hash table according to the address of the intermediate server to obtain a corresponding client address;
and sending the obtained client address to the query end.
Optionally, the control module is further configured to, when the target data packet is a network disconnection request packet, query and obtain a client address corresponding to the hash table by using the address of the intermediate server as an index;
and deleting the client address obtained by the query.
Optionally, the control module is further configured to store the address of the intermediate server and the time information of the address of the client in an aging table by using the address of the intermediate server as an index.
Optionally, the control module is further configured to periodically scan time information of each client address in the aging table;
for each client address, when the time information of the client address does not meet a preset condition, deleting the time information of the client address and the address of the corresponding saved intermediate server from the aging table;
and deleting the client address correspondingly stored in the hash table by taking the address of the intermediate server as an index.
In one aspect, an embodiment of the present invention provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method for obtaining the client address when executing the program.
In one aspect, an embodiment of the present invention provides a computer-readable storage medium storing a computer program executable by a computer device, the program, when running on the computer device, causing the computer device to perform the steps of the method for obtaining a client address.
The method comprises the steps of filtering a target data packet from data flow by monitoring the data flow received by a network interface, and when the target data packet is a network connection request packet, analyzing a TOA field of a network connection request packet header to obtain a client address, so that the problem that a service server cannot directly obtain the client address because the client address is hidden by an intermediate server is avoided. Secondly, the network interface of the monitoring service server obtains the data stream and obtains the target data packet from the data stream, so the process of obtaining the client address is independent of the actual service process of the service server, the service logic of the service server does not need to be changed, and the operation of the normal service is not influenced. In addition, the bottom layer protocol stack of the system is not required to be deeply reformed, and the system is not dependent.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for obtaining an address of a client according to an embodiment of the present invention;
fig. 3 is a system architecture diagram of a service server according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus for obtaining an address of a client according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
For convenience of understanding, terms referred to in the embodiments of the present invention are explained below.
TOA field: the TOA field is present in an optional field of the TCP header of the packet.
SYN: synchronization Sequence Numbers (synchronization Sequence Numbers) are handshake signals used when TCP/IP establishes a connection. When a normal TCP network connection is established between the client and the server, the client first sends out a SYN message, the server uses a SYN + ACK response to indicate that the message was received, and finally the client responds with an ACK message. This way a reliable TCP connection can be established between the client and the server and data can be transferred between the client and the server.
FIN: indicating the end of the TCP/IP connection between the client and the server.
RST: indicating a reset for closing the connection abnormally.
In a specific practical process, the inventor of the present invention finds that, for a network architecture in which a proxy server is added between a client and a server, when forwarding a data packet of the client, the proxy server often hides an address of the client, and then adds the address of the proxy server to the data packet. Therefore, when the server receives the data packet of the client, the address directly read from the data packet header is the address of the proxy server, not the address of the client.
As can be seen from the analysis, the proxy server typically hides the client address in the TOA field of the packet, where the TOA field is located in an optional field of the TCP header of the packet. In addition, most proxy servers add the client address in the TOA field when forwarding SYN packets, and other proxy servers may add the client address in the TOA field when forwarding each packet. In view of this, an embodiment of the present invention provides a method for obtaining a client address, where a data stream received by a network interface of a service server is monitored, a target data packet is then determined from the data stream according to a filtering rule, and when the target data packet is a network connection request packet, a TOA field of a header of the network connection request packet is analyzed to obtain the client address, where the network connection request packet may be a SYN packet.
The method comprises the steps of filtering a target data packet from data flow by monitoring the data flow received by a network interface, and when the target data packet is a network connection request packet, analyzing a TOA field of a network connection request packet header to obtain a client address, so that the problem that a service server cannot directly obtain the client address because the client address is hidden by an intermediate server is avoided. Secondly, the network interface of the monitoring service server obtains the data stream, and the target data packet is obtained from the data stream, so the process of obtaining the client address is independent of the actual service process of the service server, the service logic of the service server does not need to be changed, and the kernel of an operating system of the service server does not need to be modified, thereby on one hand, the service process of the service server is prevented from being influenced, and on the other hand, the process of obtaining the client address is simplified.
The method for obtaining the client address in the embodiment of the present invention may be applied to an application scenario as shown in fig. 1, where the application scenario includes a client 101, an intermediate server 102, and a service server 103.
The client 101 is an electronic device with network communication capability, which may be a smart phone, a tablet computer, a portable personal computer, or the like. The client 101 has an application installed thereon, such as a game application, a social application, and the like. When a user uses an application program of the client 101, for example, when starting a game application program to play a game, the client 101 sends a data packet to the intermediate server 102, and the intermediate server 102 forwards the data packet to the service server 103. The service server 103 returns a response packet to the client 101 through the intermediate server 102. The client 101 is connected to the intermediate server 102 via a wireless network, and the intermediate server 102 is connected to the service server 103 via a wireless network. The service server 103 is a server or a server cluster or a cloud computing center composed of a plurality of servers. The means for obtaining the client address may be located in the service server 103 or may be independent of the service server 103. The device for obtaining the client address monitors data flow received by a network interface of a service server, then determines a target data packet from the data flow according to a filtering rule, and when the target data packet is a network connection request packet, analyzes a TOA field of a network connection request packet header to obtain the client address.
Based on the application scenario diagram shown in fig. 1, an embodiment of the present invention provides a process of a method for obtaining a client address, where the process of the method may be executed by an apparatus for obtaining a client address, as shown in fig. 2, and includes the following steps:
step S201, monitoring a data stream received by the network interface.
Specifically, the network interface may be a network card in the service server, and the data stream received by the network card is monitored by the wincap to obtain all the data streams on the network card. The data stream includes traffic data as well as other non-traffic data.
Step S202, determining a target data packet from the data stream according to the filtering rule, wherein the target data packet is forwarded by the intermediate server.
The filtering rules are preset according to actual requirements, and the embodiment of the invention at least provides the following two implementation modes for setting the filtering rules:
in one possible implementation, the filtering rules are set according to the attributes of the target data packet.
Illustratively, when the target packet is a SYN packet, the identification field of the SYN packet is obtained, and then the filtering rule is set to filter out packets that contain the identification field of the SYN packet.
In a possible implementation manner, the filtering rule is set according to the attribute of the target data packet and the address of the service server for providing the service to the outside.
Illustratively, when the target data packet is a SYN packet, the identification field of the SYN packet is obtained. And when the service server establishes TCP/IP connection with the client, the service server provides the IP address and the port address of the server to the outside. The filtering rule is set as: the method comprises the steps of screening data streams according to the IP address and the port address of an externally provided server of a service server, and then filtering out data packets containing identification fields of SYN packets from the screened data streams.
Step S203, when the target data packet is the network connection request packet, the TOA field of the network connection request packet header is analyzed to obtain the client address.
The network connection request packet may be a SYN packet sent by the client to the traffic server when establishing a TCP/IP connection. When the intermediate server forwards the SYN packet, the client address is added to the TOA field of the SYN packet, and when the device for obtaining the client address filters out the SYN packet, the TOA field of the SYN packet is analyzed, so that the client address can be obtained. The client address includes an IP address and a port address of the client.
The method comprises the steps of filtering a target data packet from data flow by monitoring the data flow received by a network interface, and when the target data packet is a network connection request packet, analyzing a TOA field of a network connection request packet header to obtain a client address, so that the problem that a service server cannot directly obtain the client address because the client address is hidden by an intermediate server is avoided. Secondly, the network interface of the monitoring service server obtains the data stream and obtains the target data packet from the data stream, so the process of obtaining the client address is independent of the actual service process of the service server, the service logic of the service server does not need to be changed, and the operation of the normal service is not influenced. In addition, deep transformation on a bottom layer protocol stack is not needed, and dependency on a system is avoided.
Optionally, after the client address is obtained, the address of the intermediate server may be obtained from the target data packet, and then the address of the intermediate server and the client address are correspondingly stored in the hash table by using the address of the intermediate server as an index.
In a specific implementation, the address of the intermediate server and the address of the client may be stored in the hash table in the form of a key-value pair. Because the intermediate server uses different IP addresses and/or port addresses when forwarding the data packets of different clients, the addresses of the intermediate server corresponding to different client addresses are different in the hash table.
Exemplarily, the hash table is as shown in table 1, and when the intermediate server forwards the data packet of the client 1, the IP address used is: 192.169.1.0, if the port address is 80, generating key1 according to the IP address 192.169.1.0 and the port address 80, and if the address of the client 1 is value1, storing a key-value pair consisting of key1 and value1 in a hash table. When the intermediate server forwards the data packet of the client 2, the IP address adopted is: 192.169.1.0, the port address is 90, then key2 is generated according to the IP address 192.169.1.0 and the port address 90, the address of the client 2 is value2, and then the key value pair composed of key2 and value2 is saved in the hash table.
Table 1.
key value
key 1: IP address 192.169.1.0 and Port Address 80 value 1: address of client 1
key 2: IP address 192.169.1.0 and port address 90 value 2: address of client 2
In a possible implementation manner, when the device for obtaining the client address is independent of the service server, the device for obtaining the client address receives a query instruction, the query instruction carries an address of the intermediate server, then the hash table is queried according to the address of the intermediate server to obtain a corresponding client address, and then the obtained client address is sent to the query end.
Specifically, the query end may be an application layer of the service server, or may be another end other than the service server that needs to obtain the address of the client, and the query end may query the hash table at any time according to a requirement to obtain the address of the client. Illustratively, the application layer of the traffic server obtains the address of the intermediate server when establishing the TCP connection as: IP address 192.169.1.0 and port address 80. And the application layer of the service server sends a query instruction to the device for obtaining the address of the client, wherein the query instruction comprises the address of the intermediate server, the device for obtaining the address of the client generates a key1 according to the IP address 192.169.1.0 and the port address 80, and then the key1 is adopted to query the hash table to obtain the address of the client 1.
In a possible implementation manner, when the device for obtaining the client address is located in the service server, the application layer of the service server may directly query the hash table according to the address of the intermediate server to obtain the corresponding client address.
Illustratively, the application layer of the service server obtains the address of the intermediate server when establishing communication as follows: IP address 192.169.1.0 and port address 90. The application layer of the service server generates a key2 according to the IP address 192.169.1.0 and the port address 90, and then queries the hash table by using the key2 to obtain the address of the client 2.
After the client address is obtained, the client address and the address of the intermediate server are correspondingly stored in the hash table, when the inquiry end needs to obtain the client address, the hash table is inquired according to the address of the intermediate server obtained when TCP connection is established or a data packet is transmitted, and the corresponding client address is obtained, so that the client address is convenient to manage on one hand, and the client address is convenient to inquire on the other hand.
Optionally, since the TCP connection is life-cycle, when the TCP connection fails, the port address of the client may be recycled for use on other connections, and the client address in the hash table also needs to be updated accordingly. Therefore, when the target data packet is a network disconnection request packet, the device for obtaining the client address queries and obtains the corresponding client address in the hash table by taking the address of the intermediate server as an index, and deletes the queried and obtained client address.
The network disconnection request packet may be an FIN packet or an RST packet. Illustratively, when the target data packet is a FIN packet, the address of the intermediate server obtained from the FIN packet is: the IP address 192.169.1.0 and the port address 90, then key2 is generated according to the IP address 192.169.1.0 and the port address 90, the hash table is queried by using key2, the address of the client 2 is obtained, and then the address of the client 2 is deleted from the hash table.
When the client address is recovered due to network connection failure, the client address in the hash table is updated, so that the client address acquired by the query end is guaranteed to be an effective address, and influence on business strategy formulation caused by the failed client address is avoided.
In order to avoid that the hash table always stores the failed client address when the network disconnection request packet is lost, which causes resource residue, the embodiment of the present invention provides at least the following two implementation manners for clearing the failed client address:
in one possible implementation, the address of the intermediate server and the time information of the address of the client are saved into the aging table by using the address of the intermediate server as an index.
The time information of the client address may be initial cache time of the client address in the hash table, the address of the intermediate server and the initial cache time of the client address are stored in the aging table, and the address of the intermediate server and the initial cache time of the client address may be stored in a key-value key value pair form.
Illustratively, the aging table is shown in fig. 2, and the address of the intermediate server is set as: the IP address 192.169.1.0 and the port address 80 correspond to the client address which is the address of the client 1, the initial caching time of the address of the client 1 is 2019-1-2117: 30, key1 is generated according to the IP address 192.169.1.0 and the port address 80, the initial caching time 2019-1-2117: 30 is value3, and then the key value pair consisting of key1 and value3 is stored in an aging table. The address of the intermediate server is: the IP address 192.169.1.0 and the port address 90 correspond to the client address which is the address of the client 2, the initial caching time of the address of the client 2 is 2019-1-2119: 30, key2 is generated according to the IP address 192.169.1.0 and the port address 90, the initial caching time 2019-1-2119: 30 is value4, and then the key value pair consisting of the key2 and the value4 is stored in an aging table.
Table 2.
key value
key 1: IP address 192.169.1.0 and Port Address 80 value3:2019-1-21 17:30
key 2: IP address 192.169.1.0 and port address 90 value4:2019-1-21 19:30
Further, the time information of each client address in the aging table is periodically scanned. And for each client address, when the time information of the client address does not meet the preset condition, deleting the time information of the client address and the address of the corresponding stored intermediate server from the aging table, and then deleting the corresponding stored client address in the hash table by taking the address of the intermediate server as an index.
In specific implementation, a cache timer is started, when the cache timer reaches a timing time, the aging table is traversed, and the cache time of each client address is calculated according to the initial cache time and the timing time of the client address. And when the cache time of the client address is greater than the aging threshold value, deleting the key value pair corresponding to the initial cache time of the client address in the aging table. And meanwhile, acquiring the address of the intermediate server corresponding to the initial caching time of the client address from the aging table, then inquiring the hash table by taking the address of the intermediate server as an index to acquire the client address, and deleting the key value pair corresponding to the client address in the hash table.
Illustratively, the time interval of the timer is set to 1 hour, the aging threshold is 24 hours, when the timer reaches the timing time 2019-1-2218: 00, the aging table shown in table 2 is traversed, the cache time of the client address in value3 is calculated to be 24.5 hours, the cache time of the client address in value4 is calculated to be 22.5 hours, and the key value pair key1-value3 in the key aging table is deleted because the cache time of the client address in value3 is greater than the aging time. Then, using key 1: the IP address 192.169.1.0 and the port address 80 look up the hash table shown in table 1 to obtain value 1: the address of client 1, and then the key value pair key1-value1 in the hash table are deleted.
The initial cache time of the client address is stored in the aging table, then the cache time of each client address is determined by traversing the aging table at regular time, and when the cache time of the client address is greater than the aging threshold value, the relevant information of the client address stored in the aging table and the hash table is deleted, so that the residual invalid client address is avoided. Secondly, the aging table is independently set to store the initial cache time of the client address and the address of the intermediate server, so that the hash table does not need to be accessed every time the timing time is reached, and the over-high frequency of accessing the hash table is prevented.
In one possible implementation, the address of the intermediate server and the time information of the address of the client are saved in the hash table by using the address of the intermediate server as an index.
Illustratively, the hash table is shown in table 3, and when the intermediate server forwards the data packet of the client 1, the IP address used is: 192.169.1.0, if the port address is 80, key1 is generated according to the IP address 192.169.1.0 and the port address 80, the initial cache time 2019-1-2117: 30 of the address of the client 1 and the address of the client 1 is value1, and the key value pair consisting of key1 and value1 is stored in the hash table. When the intermediate server forwards the data packet of the client 2, the IP address adopted is: 192.169.1.0, the port address is 90, then key2 is generated according to the IP address 192.169.1.0 and the port address 90, the initial cache time 2019-1-2119: 30 of the address of the client 2 and the address of the client 2 is value2, and then the key value pair composed of key2 and value2 is stored in the hash table.
Table 3.
Figure BDA0002015575140000111
Further, the time information of each client address in the hash table is periodically scanned. And for each client address, when the time information of the client address does not meet the preset condition, deleting the time information of the client address, the client address and the address of the corresponding saved intermediate server from the hash table.
Illustratively, the time interval of the timer is set to 1 hour, the aging threshold is 24 hours, when the timer reaches the timing time 2019-1-2218: 00, the hash table shown in table 3 is traversed, the cache time of the client address in value1 is calculated to be 24.5 hours, the cache time of the client address in value2 is calculated to be 22.5 hours, and the key value pair key1-value1 in the key hash table is deleted because the cache time of the client address in value1 is greater than the aging time.
The client address and the initial cache time of the client address are saved in the hash table, the initial cache time of the client address in the hash table is regularly traversed to determine whether the client address is aged, and the key value pair corresponding to the client address in the hash table is deleted when the client address is aged, so that the client address which is invalid and remains in the hash table is avoided.
For better explaining the embodiment of the present invention, the following describes, in combination with a specific implementation scenario, a method for obtaining a client address provided by the embodiment of the present invention, where the method is executed by a device for obtaining a client address, the device for obtaining a client address may be a service device shown in fig. 1, a system architecture of the service server is shown in fig. 3, and the service server includes a network interface 301, an application layer 302, a bypass thread 303, a cache timer 304, a hash table 305, and an aging table 306.
The application layer 302 creates a bypass thread 303 according to the network card information of the service server and the IP address and the port address of the external service, the bypass thread 303 starts the network card monitoring service, sets the filtering rule and the aging threshold of the data stream, initializes the hash table and the aging table, and starts the buffer timer 304. The traffic server receives the data stream through the network interface 301 and sends the data stream to the application layer 302. The bypass thread 303 listens to the data stream received by the network interface 301 and then filters out the target data packet from the data stream using the filtering rule, where the target data packet includes a SYN packet, a FIN packet, and a RST packet. When the target data packet is a SYN packet, the bypass thread 303 parses the TOA field of the SYN packet header to obtain the client address. The address of the intermediate server is acquired from the SYN packet, and the address of the intermediate server and the address of the client are stored in the hash table 305 in association with each other using the address of the intermediate server as an index. The current timestamp is obtained as the initial cache time of the client address, and then the initial cache time of the client address and the address of the intermediate server are stored in the aging table 306 with the address of the intermediate server as an index. When the target data packet is an FIN packet or an RST packet, the bypass thread 303 acquires the address of the intermediate server from the FIN packet or the RST packet, then queries and acquires the corresponding client address in the hash table 305 by using the address of the intermediate server as an index, and then deletes the address of the intermediate server and the client address acquired by the query. In addition, the address of the intermediate server is used as an index to query the initial cache time of the corresponding client address in the aging table 306, and then the address of the intermediate server and the initial cache time of the client address obtained by the query are deleted. When the cache timer 304 reaches the timing time, the bypass thread 303 traverses the aging table 306, and then determines the cache time of each client address according to the initial cache time and the timing time of each client address. And when the cache time of the client address is larger than the aging threshold value, deleting the initial cache time of the client address and the address of the intermediate server in the aging table. The hash table 305 is queried with the address of the intermediate server, the corresponding client address is determined, and then the client address and the address of the intermediate server in the hash table 305 are deleted. When the application layer 302 needs to obtain the address of the client, the address of the intermediate server is obtained from the data packet received when the TCP connection is established or data is transmitted, and then the address of the intermediate server is used as an index to query the hash table to obtain the address of the client.
The method comprises the steps of filtering a target data packet from data flow by monitoring the data flow received by a network interface, and when the target data packet is a network connection request packet, analyzing a TOA field of a network connection request packet header to obtain a client address, so that the problem that a service server cannot directly obtain the client address because the client address is hidden by an intermediate server is avoided. Secondly, the network interface of the monitoring service server obtains the data stream and obtains the target data packet from the data stream, so the process of obtaining the client address is independent of the actual service process of the service server, the service logic of the service server does not need to be changed, and the operation of the normal service is not influenced. In addition, deep transformation on a bottom layer protocol stack is not needed, and dependency on a system is avoided.
Based on the same technical concept, an embodiment of the present invention provides an apparatus for obtaining a client address, as shown in fig. 4, where the apparatus 400 includes:
a monitoring module 401, configured to monitor a data stream received by a network interface;
a filtering module 402, configured to determine a target data packet from the data stream according to a filtering rule, where the target data packet is forwarded by the intermediate server;
the parsing module 403 is configured to, when the target data packet is a network connection request packet, parse the TOA field of the header of the network connection request packet to obtain a client address.
Optionally, a control module 404;
the control module 404 is configured to obtain an address of an intermediate server from the target data packet; and correspondingly storing the address of the intermediate server and the address of the client into a hash table by taking the address of the intermediate server as an index.
Optionally, the control module 404 is further configured to receive a query instruction, where the query instruction carries an address of an intermediate server;
inquiring the hash table according to the address of the intermediate server to obtain a corresponding client address;
and sending the obtained client address to the query end.
Optionally, the control module 404 is further configured to, when the target data packet is a network disconnection request packet, query and obtain a client address corresponding to the hash table by using the address of the intermediate server as an index;
and deleting the client address obtained by the query.
Optionally, the control module 404 is further configured to save the address of the intermediate server and the time information of the address of the client in an aging table by using the address of the intermediate server as an index.
Optionally, the control module 404 is further configured to periodically scan time information of each client address in the aging table;
for each client address, when the time information of the client address does not meet a preset condition, deleting the time information of the client address and the address of the corresponding saved intermediate server from the aging table;
and deleting the client address correspondingly stored in the hash table by taking the address of the intermediate server as an index.
Based on the same technical concept, the embodiment of the present invention provides a computer device, as shown in fig. 5, including at least one processor 501 and a memory 502 connected to the at least one processor, where the specific connection medium between the processor 501 and the memory 502 is not limited in the embodiment of the present invention, and the processor 501 and the memory 502 are connected through a bus in fig. 5 as an example. The bus may be divided into an address bus, a data bus, a control bus, etc.
In the embodiment of the present invention, the memory 502 stores instructions executable by the at least one processor 501, and the at least one processor 501 may execute the steps included in the method for obtaining a client address by executing the instructions stored in the memory 502.
The processor 501 is a control center of the computer device, and may connect various parts of the terminal device by using various interfaces and lines, and obtain the client address by running or executing the instructions stored in the memory 502 and calling the data stored in the memory 502. Optionally, the processor 501 may include one or more processing units, and the processor 501 may integrate an application processor and a modem processor, wherein the application processor mainly handles an operating system, a user interface, an application program, and the like, and the modem processor mainly handles wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 501. In some embodiments, processor 501 and memory 502 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.
The processor 501 may be a general-purpose processor, such as a Central Processing Unit (CPU), a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof, configured to implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor.
Memory 502, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 502 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory 502 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 502 of embodiments of the present invention may also be circuitry or any other device capable of performing a storage function to store program instructions and/or data.
Based on the same technical concept, embodiments of the present invention provide a computer-readable storage medium storing a computer program executable by a computer device, the program, when running on the computer device, causing the computer device to perform the steps of the method of obtaining a client address.
It should be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (8)

1. A method for obtaining a client address, comprising:
receiving a data stream through a network interface, and sending the data stream to an application layer;
monitoring a data stream received by the network interface through a bypass thread;
determining, by the bypass thread, a target data packet from the data stream according to a filtering rule, the target data packet being forwarded by an intermediate server, the filtering rule being determined according to an attribute of the target data packet and an address provided externally by a service server;
when the target data packet is a network connection request packet, analyzing a TOA field of a header of the network connection request packet through the bypass thread to obtain a client address;
and acquiring the address of the intermediate server from the target data packet through the bypass thread, and correspondingly storing the address of the intermediate server and the address of the client into a hash table by taking the address of the intermediate server as an index.
2. The method of claim 1, further comprising:
receiving a query instruction, wherein the query instruction carries an address of an intermediate server;
inquiring the hash table according to the address of the intermediate server to obtain a corresponding client address;
and sending the obtained client address to the query end.
3. The method of claim 1, further comprising:
when the target data packet is a network disconnection request packet, inquiring and obtaining a corresponding client address in the hash table by taking the address of the intermediate server as an index;
and deleting the client address obtained by the query.
4. The method of claim 1, further comprising:
and storing the address of the intermediate server and the time information of the address of the client into an aging table by taking the address of the intermediate server as an index.
5. The method of claim 4, further comprising:
periodically scanning the time information of each client address in the aging table;
for each client address, when the time information of the client address does not meet a preset condition, deleting the time information of the client address and the address of the corresponding saved intermediate server from the aging table;
and deleting the client address correspondingly stored in the hash table by taking the address of the intermediate server as an index.
6. A service server for obtaining a client address, comprising:
a network interface, an application layer and a bypass thread;
the network interface is used for receiving a data stream and sending the data stream to an application layer;
the application layer is used for receiving the data stream;
the bypass thread is used for monitoring the data stream received by the network interface and determining a target data packet from the data stream according to a filtering rule, wherein the target data packet is forwarded by an intermediate server, and the filtering rule is determined according to the attribute of the target data packet and an address provided by a service server; when the target data packet is a network connection request packet, analyzing a TOA field of a header of the network connection request packet to obtain a client address; and acquiring the address of the intermediate server from the target data packet, and correspondingly storing the address of the intermediate server and the address of the client into a hash table by taking the address of the intermediate server as an index.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the method of any one of claims 1 to 5 are performed when the program is executed by the processor.
8. A computer-readable storage medium, having stored thereon a computer program executable by a computer device, for causing the computer device to perform the steps of the method of any one of claims 1 to 5, when the program is run on the computer device.
CN201910261947.0A 2019-04-02 2019-04-02 Method and device for obtaining client address Active CN110198251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910261947.0A CN110198251B (en) 2019-04-02 2019-04-02 Method and device for obtaining client address

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910261947.0A CN110198251B (en) 2019-04-02 2019-04-02 Method and device for obtaining client address

Publications (2)

Publication Number Publication Date
CN110198251A CN110198251A (en) 2019-09-03
CN110198251B true CN110198251B (en) 2022-08-02

Family

ID=67751880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910261947.0A Active CN110198251B (en) 2019-04-02 2019-04-02 Method and device for obtaining client address

Country Status (1)

Country Link
CN (1) CN110198251B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113098727A (en) * 2019-12-23 2021-07-09 上海云盾信息技术有限公司 Data packet detection processing method and device
CN113315849B (en) * 2020-04-10 2023-04-28 阿里巴巴集团控股有限公司 Data processing method, device, equipment and storage medium
CN113014693B (en) * 2021-03-31 2023-05-26 贵州航天电子科技有限公司 Multi-client temperature control combined server
CN113676540B (en) * 2021-08-23 2023-04-25 北京奇艺世纪科技有限公司 Connection establishment method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104115526A (en) * 2012-02-16 2014-10-22 皇家飞利浦有限公司 Efficient proxy table management in communication networks
CN104243344A (en) * 2014-10-11 2014-12-24 网宿科技股份有限公司 Effective data packet capturing method and request redirection server
CN105915658A (en) * 2016-07-04 2016-08-31 上海优刻得信息科技有限公司 Data calling method for acquiring client IP address and data transmission method
CN107465666A (en) * 2017-07-12 2017-12-12 北京潘达互娱科技有限公司 A kind of client ip acquisition methods and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321171A (en) * 2008-07-04 2008-12-10 北京锐安科技有限公司 Method and apparatus for detecting distributed refusal service attack
CN102055817B (en) * 2010-12-30 2014-07-30 中国人民解放军信息工程大学 Method for gathering homologous address beam and homologous gathering network route system
CN102752303B (en) * 2012-07-05 2015-06-17 北京锐安科技有限公司 Bypass-based data acquisition method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104115526A (en) * 2012-02-16 2014-10-22 皇家飞利浦有限公司 Efficient proxy table management in communication networks
CN104243344A (en) * 2014-10-11 2014-12-24 网宿科技股份有限公司 Effective data packet capturing method and request redirection server
CN105915658A (en) * 2016-07-04 2016-08-31 上海优刻得信息科技有限公司 Data calling method for acquiring client IP address and data transmission method
CN107465666A (en) * 2017-07-12 2017-12-12 北京潘达互娱科技有限公司 A kind of client ip acquisition methods and device

Also Published As

Publication number Publication date
CN110198251A (en) 2019-09-03

Similar Documents

Publication Publication Date Title
CN110198251B (en) Method and device for obtaining client address
US10257224B2 (en) Method and apparatus for providing forensic visibility into systems and networks
JP6599538B2 (en) Method and apparatus for identifying application information in network traffic
CN108429777B (en) Data updating method based on cache and server
US10218733B1 (en) System and method for detecting a malicious activity in a computing environment
JP2018531527A6 (en) Method and apparatus for identifying application information in network traffic
TW201824047A (en) Attack request determination method, apparatus and server
CN112434039A (en) Data storage method, device, storage medium and electronic device
CN110445828B (en) Data distributed processing method based on Redis and related equipment thereof
CN108228322B (en) Distributed link tracking and analyzing method, server and global scheduler
CN114513488B (en) Resource access method, device, computer equipment and storage medium
US20170155712A1 (en) Method and device for updating cache data
CN107992489B (en) Data processing method and server
CN114386037A (en) Malicious request defense method based on Web front-end page and related equipment
CN116155539A (en) Automatic penetration test method, system, equipment and storage medium based on information flow asynchronous processing algorithm
CN111464629B (en) Hot spot data determination method and device
CN112165466B (en) Method and device for false alarm identification, electronic device and storage medium
EP3961414B1 (en) Method and apparatus for processing time records
CN112153011A (en) Detection method and device for machine scanning, electronic equipment and storage medium
CN110865845A (en) Method for improving interface access efficiency and storage medium
CN115996203B (en) Network traffic domain division method, device, equipment and storage medium
CN112367304B (en) Request limiting method and device, computer equipment and storage medium
US20230224275A1 (en) Preemptive threat detection for an information system
WO2021237431A1 (en) Data processing method and apparatus, processing device, and data storage system
CN108833559B (en) Method and device for caching and distributing video data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant