CN110324437B - Original address transmission method, system, storage medium and processor - Google Patents

Original address transmission method, system, storage medium and processor Download PDF

Info

Publication number
CN110324437B
CN110324437B CN201910616206.XA CN201910616206A CN110324437B CN 110324437 B CN110324437 B CN 110324437B CN 201910616206 A CN201910616206 A CN 201910616206A CN 110324437 B CN110324437 B CN 110324437B
Authority
CN
China
Prior art keywords
address
ipv4
original
ipv6 address
pseudo
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910616206.XA
Other languages
Chinese (zh)
Other versions
CN110324437A (en
Inventor
王洪文
李�浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongxing Keyuan Beijing Information Technology Co ltd
Original Assignee
Zhongxing Keyuan Beijing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongxing Keyuan Beijing Information Technology Co ltd filed Critical Zhongxing Keyuan Beijing Information Technology Co ltd
Priority to CN201910616206.XA priority Critical patent/CN110324437B/en
Publication of CN110324437A publication Critical patent/CN110324437A/en
Application granted granted Critical
Publication of CN110324437B publication Critical patent/CN110324437B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/251Translation of Internet protocol [IP] addresses between different IP versions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2101/00Indexing scheme associated with group H04L61/00
    • H04L2101/60Types of network addresses
    • H04L2101/618Details of network addresses
    • H04L2101/659Internet protocol version 6 [IPv6] addresses

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an original address transmission method, an original address transmission system, a storage medium and a processor. The method comprises the following steps: the protocol conversion system adds the original IPv6 address of the client at its IPv4 network side at the XFF field of the HTTP request packet header. The invention solves the technical problem that the original IPv6 address of the client cannot be obtained in the prior art under the condition that the server and the client are in different networks.

Description

Original address transmission method, system, storage medium and processor
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, a system, a storage medium, and a processor for transmitting an original address.
Background
In the current application scenario, since the user's access request to the website is not simply directed from the browser at the user end to the source station server of the website, and may pass through a proxy server type device such as CDN, WAF, etc., the source IP address is not the original IP address of the user (client) when the source station server receives the user (client) access request.
In this case, the prior art can support tracing the original IP address of the user by adding an XFF record to the request header of HTTP. When the device forwards the access request of the user to the server of the next link, an XXF record is added in the request head of the HTTP For recording the original IP address of the user, and the record format is X-Forwarded-For, namely the original IP address of the user. If multiple proxy server type devices are passed, the record format is X-Forwarded-For: client1, proxy1, proxy2, proxy3, client1 represents user original IP, i.e. X-Forwarded-For: user original IP, first proxy server IP1, second proxy server IP2, third proxy server IP 3. The Web server side can obtain the real IP address of the visitor from the X-Forwarded-For field through the prior art.
Because the HTTP X-Forwarded-For field digest source technology in the prior art only supports the digest source of the IPv4 protocol stack, that is, under the condition that both the user client and the server operate in the IPv4 protocol stack, the server can digest the original IP address of the user. Therefore, the prior art has a defect that when a user (client) works in an IPv6 protocol stack, the middle is served by a protocol conversion system, and a server works in an IPv4 protocol stack, the server cannot obtain the original IPv6 address of the user (client).
Aiming at the technical problem that the original IPv6 address of the client cannot be obtained when the server and the client are in different networks in the prior art, an effective solution is not provided at present.
Disclosure of Invention
The invention provides a method, a device, a storage medium and a processor for transmitting an original address, which are used for solving the technical problem that the original IPv6 address of a client cannot be obtained in the prior art when a server and the client are in different networks.
According to an aspect of an embodiment of the present invention, there is provided an original address transmission method, including: the protocol conversion system adds the original IPv6 address of the client at its IPv4 network side at the XFF field of the HTTP request packet header.
Further, the protocol conversion system adding the original IPv6 address of the client at the XFF field of the HTTP request packet header at its IPv4 network side includes: dividing the original IPv6 address into 4 segments of pseudo IPv4 addresses, wherein the pseudo IPv4 address is binary 32 bits; a 4-segment pseudo IPv4 address is added at the XFF field of the HTTP request packet header.
Further, the protocol conversion system includes, before its IPv4 network side adds the original IPv6 address of the client at the XFF field of the HTTP request packet header: and receiving an access request of the client, wherein the access request contains the original IPv6 address of the client.
Further, dividing the original IPv6 address into 4 segments of pseudo IPv4 addresses includes: decomposing the original IPv6 address into 4 16-system digital symbol segments; converting and calculating 4 16-system digit symbol segments to obtain corresponding 4 10-system digit segments, wherein each 8-bit 2-system corresponding 16-system digit is converted into a 10-system digit, the 4 10-system digits are combined into a 10-system digit segment, and one 10-system digit is one of four segment numbers of the pseudo IPv4 address; each 10-digit field is taken as the pseudo IPv4 address.
Further, adding the 4-segment pseudo IPv4 address at the XFF field of the HTTP request packet header includes: the pseudo IPv4 addresses are separated by commas.
Further, adding the 4-segment pseudo IPv4 address at the XFF field of the HTTP request packet header includes: and carrying out encryption transformation on the pseudo IPv4 address according to an encryption preset rule.
According to an aspect of an embodiment of the present invention, there is provided an original address transmission method, including: the server combines all IPv4 addresses at the XFF field of the HTTP request packet header into the original IPv6 address.
Further, the server side combines all IPv4 addresses in the XFF field of the HTTP request data packet header into an IPv6 address, and the method comprises the following steps: and combining IPv4 addresses at an XFF field of the head of the HTTP request data packet into an IPv6 address according to a decryption preset rule, wherein the decryption preset rule corresponds to the encryption preset rule, the IPv4 address is a pseudo IPv4 address, and the IPV6 address is an original IPv6 address of the client.
Further, combining the IPv4 address at the XFF field of the HTTP request packet header into an IPv6 address according to a decryption preset rule includes: obtaining 10-system digital fields corresponding to 4 pseudo IPv4 addresses according to a preset decryption rule; converting 4 10-system digit sections into 4 16-system digit symbol sections; and combining 4 16-system digital symbol segments into the IPv6 address according to the preset decryption rule.
Further, before the server side combines the IPv4 address at the XFF field of the unencrypted HTTP request packet into the IPv6 address, the method comprises: and receiving an HTTP request data packet sent by a protocol conversion system, wherein the original IPv6 address of the client is added to the XFF field of the HTTP request data packet.
According to an aspect of an embodiment of the present invention, there is provided an original address transmission method, including: receiving an HTTP request data packet, wherein the original IPv6 address of the client is added to the XFF field of the header of the HTTP request data packet.
Further, the original IPv6 address of the client is divided into 4 segments of pseudo IPv4 addresses, wherein the pseudo IPv4 address is 32 bits in binary.
According to another aspect of the embodiments of the present invention, there is also provided an original address transmission system, including: and the processing unit is used for adding the original IPv6 address of the client to an XFF field of the head of the HTTP request data packet by the protocol conversion system on the IPv4 network side of the protocol conversion system.
According to another aspect of the embodiments of the present invention, there is also provided an original address transmission system, including: and the synthesis unit is used for combining all IPv4 addresses at the XFF field of the HTTP request data packet header into an original IPv6 address by the server.
According to another aspect of the embodiments of the present invention, there is also provided an original address transmission system, including: the receiving unit is used for receiving the HTTP request data packet, wherein the original IPv6 address of the client is added to the XFF field of the header of the HTTP request data packet.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium having a program stored thereon, the program being operable to perform the method described above.
According to another aspect of the embodiments of the present invention, there is also provided a processor, which is executed with the program to perform the above-mentioned method.
According to the embodiment of the invention, the technical scheme of adding the original IPv6 address of the client at the XFF field of the HTTP request data packet header is adopted. The invention solves the technical problem that the original IPv6 address of the client cannot be obtained under the condition that the server and the client are in different networks in the prior art, can realize the tracing of the client, ensures that the subsequent server in the IPv4 network can identify the original IPv6 address of the client without changing a little, fully utilizes the existing functions of various application servers working in an IPv4 protocol stack, does not need to make great changes to the existing server, has low cost and saves time.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate embodiments of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart of a method of original address transfer according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method of original address transfer according to an embodiment of the present invention;
FIG. 3 is a flow chart of a method of original address transfer according to an embodiment of the present invention;
FIG. 4 is a block diagram of a home address delivery system according to an embodiment of the present invention;
FIG. 5 is a block diagram of a home address delivery system according to an embodiment of the present invention;
fig. 6 is a block diagram of an original address transmission system according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged under appropriate circumstances in order to facilitate the description of the embodiments of the invention herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The embodiment of the invention provides an original address transmission method. Fig. 1 is a flowchart of an original address transmission method according to an embodiment of the present invention. As shown in fig. 1, the method comprises the steps of:
at step S102, the protocol conversion system adds the original IPv6 address of the client at the XFF field of the HTTP request packet header on its IPv4 network side.
In the IPv4 protocol stack, X-Forwarded-for (xff) is an HTTP request header field used to identify the most primitive IP address of a client connected to an application server by means of an HTTP proxy. Currently, most application service terminals can record X-Forwarded-For in a log through configuration. The original IPv6 address of the client is the original IPv6 address of the client. The client end of the above steps works in IPv6 protocol stack, the service end works in IPv4 protocol stack, the protocol conversion system adds the received original IPv6 address of the client end in XFF (X-Forwarded-For) field of the IPv4 address and proxy server address which should be added in the prior art, and forwards the converted message with the original IPv6 address information of the client end to the service end in IPv4 network. Compared with the prior art, if the IPv6 address is directly added into the message, the subsequent server in the IPv4 network cannot be identified, but the embodiment of the invention creatively changes and stores the original IPv6 address of the client by utilizing the XFF field originally storing the IPv4 address and the proxy server address in the prior art, so that the subsequent server in the IPv4 network can identify the original IPv6 address of the client without changing a little, fully utilizes the existing functions of various application servers working in an IPv4 protocol stack, does not need to make great changes on the existing server, has low cost and saves time, and effectively solves the technical problem that the original IPv6 address of the client cannot be obtained when the server and the client are in different networks in the prior art.
In an alternative embodiment, the step of the protocol conversion system adding the original IPv6 address of the client at the XFF field of the HTTP request packet header on its IPv4 network side includes: firstly, dividing the original IPv6 address into 4 segments of pseudo IPv4 addresses, wherein the pseudo IPv4 address is 32 bits of binary system; and then adds 4 segments of pseudo IPv4 addresses at the XFF field of the HTTP request packet header.
The 128-bit IPv6 address is averagely divided into four IPv4 addresses by the mode, the four IPv4 addresses are respectively filled in the positions of a client1 address and an IPv4 address of a proxy server in an XFF field in the prior art, each IPv4 address has 32 bits, is not a real IPv4 address, and only has a form rule of an IPv4 address, so that the server can recognize the IPv4 addresses without great change, and then recognizes an original IPv6 address of a client, the cost is saved, the method is simple and convenient, the efficiency is improved, and the technical problem that the original IPv6 address of the client cannot be obtained under the condition that a server and the client are in different networks in the prior art is solved.
In an alternative embodiment, the protocol conversion system receives an access request of a client, wherein the access request contains an original IPv6 address of the client. The protocol conversion system sends an HTTP request data packet to a server side on the IPv4 network side of the protocol conversion system, and adds the original IPv6 address of a client side to an XFF field of the head of the HTTP request data packet.
When a user client working in an IPv6 protocol stack receives and sends an HTTP message through a protocol conversion system and a server working in an IPv4 protocol stack, the protocol conversion system adds an X-Forwarded-For record containing IPv6 address information of the user client to a request header of the HTTP according to a rule agreed in advance with an application end, so that the server and a source system can easily capture an original IPv6 address of the user client, wherein in an optional implementation, the step of dividing the original IPv6 address into 4 segments of pseudo IPv4 addresses by the protocol conversion system includes: firstly, decomposing the original IPv6 address into 4 16-system digital symbol segments; secondly, 4 16-system digit symbol segments are converted and calculated to obtain corresponding 4 10-system digit segments, wherein each 8-bit 2-system corresponding 16-system digit is converted into a 10-system digit, the 4 10-system digits are combined into one 10-system digit segment, and one 10-system digit is one of four-segment numbers of the pseudo IPv4 address; each 10-digit field is then treated as one of the pseudo IPv4 addresses.
To facilitate the service side and the tracing system tracing the original IPv6 address of the user client, in an alternative embodiment, adding the 4-segment pseudo IPv4 address to the XFF field of the HTTP request packet header includes: the pseudo IPv4 addresses are comma separated. For example, the protocol conversion system adds an IPv6 address to an X-Forwarded-For field in a request header of HTTP at the IPv4 network side in the following manner, decomposes an IPv6 address represented by 16 in 128 into 4 segments, then converts each segment into a pseudo IPv4 address conforming to an IPv4 address format and expressed by 10 in advance, and finally divides the four pseudo IPv4 addresses into commas and adds the commas to the back of the X-Forwarded-For. The method specifically comprises the following steps: X-Forward-For: pseudo IPv41, pseudo IPv42, pseudo IPv43, and pseudo IPv 44.
To make the transfer process more secure, in an alternative embodiment, adding the 4-segment pseudo IPv4 address at the XFF field of the HTTP request packet header includes: and carrying out encryption transformation on the pseudo IPv4 address according to an encryption preset rule. The preset encryption rule may be to transform the order of four segments of pseudo IPv4 addresses, may be to perform operations on four segments of pseudo IPv4 addresses, such as adding 1 to each address, or may be a combination of the two addresses, or other encryption methods.
The embodiment of the invention provides an original address transmission method. Fig. 2 is a flowchart of an original address transmission method according to an embodiment of the present invention. As shown in fig. 2, the method comprises the steps of:
in step S202, the server side combines all IPv4 addresses in the XFF field of the HTTP request data packet header into an original IPv6 address.
Through the steps, the server restores the IPv4 addresses to IPv6 addresses again according to all the received IPv4 addresses, the existing server does not need to be changed greatly, the cost is low, and the time is saved, so that the technical problem that the original IPv6 addresses of the client cannot be obtained under the condition that the server and the client are in different networks in the prior art is solved efficiently.
After receiving and recording the message containing the IPv6 address, the server restores the 4 pseudo IPv4 addresses contained in the message into a standard IPv6 address again according to the rule agreed with the protocol conversion system, so that the service end source tracing system can conveniently realize the tracing of the original user IPv6 address according to the restored IPv6 address. In an alternative embodiment, the server side combining all IPv4 addresses in the XFF field of the HTTP request packet header into an IPv6 address comprises: and combining IPv4 addresses at an XFF field of the head part of the HTTP request data packet into an IPv6 address according to a decryption preset rule, wherein the decryption preset rule corresponds to the encryption preset rule, the IPv4 address is a pseudo IPv4 address, and the IPV6 address is an original IPv6 address of the client.
In an alternative embodiment, the step of combining the IPv4 address at the XFF field of the HTTP request packet header into an IPv6 address according to a decryption preset rule includes: obtaining 10-system digital fields corresponding to 4 pseudo IPv4 addresses according to a preset decryption rule; converting 4 10-system digit sections into 4 16-system digit symbol sections; and combining 4 16-system digital symbol segments into the IPv6 address according to the decryption preset rule.
Before the server side combines the IPv4 address at the XFF field of the unencrypted HTTP request packet into the IPv6 address, in an alternative embodiment, the method comprises the following steps: and receiving an HTTP request data packet sent by the protocol conversion system, wherein the original IPv6 address of the client is added to the XFF field of the HTTP request data packet.
The embodiment of the invention provides an original address transmission method. Fig. 3 is a flowchart of an original address transmission method according to an embodiment of the present invention. As shown in fig. 3, the method comprises the steps of:
step S302, an HTTP request data packet is received, wherein the original IPv6 address of the client is added to the XFF field of the header of the HTTP request data packet.
The implementer of the method can be a server, and the server can be, but is not limited to, websites such as government enterprises, finance, colleges and universities, media, e-commerce and videos and various corresponding app application service systems.
According to the method, the HTTP data request packet with the original IPv6 address of the client added to the XFF field of the head of the HTTP request packet is received, so that the technical problem that the original IPv6 address of the client cannot be obtained under the condition that the server and the client are in different networks in the prior art is solved efficiently. Compared with the prior art, if the IPv6 address is directly added into the message, the embodiment of the invention can cause the subsequent server side in the IPv4 network to be unidentifiable, but the embodiment of the invention creatively changes the original IPv6 address of the client side by utilizing the XFF field originally storing the IPv4 address and the proxy server address in the prior art, so that the subsequent server in the IPv4 network can identify the original IPv6 address of the client side without changing a little, fully utilizes the existing functions of various application server sides working in the IPv4 protocol stack, does not need to greatly change the existing server side, has low cost and saves time.
In order to facilitate the service end to identify the IPv6 address without modification, in an alternative embodiment, the original IPv6 address of the client is divided into 4 segments of pseudo IPv4 addresses, wherein the pseudo IPv4 address is 32 bits in binary.
All the above steps are illustrated below with reference to an alternative embodiment:
the original IPv6 address of the client is: 2408:84e1:42:5560:84aa:2f3c:2c00: e2 ef. when the IPv6 message sent by the client is converted into an IPv4 message by the protocol conversion system, the protocol conversion platform adds an X-Forwarded-for (xff) record to the HTTP header, and the content is as follows: X-Forward-For: 36.8.132.225,0.66.85.96, 132.170.47.60, 44.0.226.239. 36.8.132.225 is the first 32 bits of the original IPv6 address of the client, and its 16-ary correspondence is: 2408:84e 1; 0.66.85.96 is the second 32 bits of the client's original IPv6 address, whose 16-ary correspondence is: 42: 5560; 132.170.47.60 is the third 32 bits of the client original IPv6 address, whose 16-ary correspondence is: 84aa:2f3 c; 44.0.226.239 is the fourth 32 bits of the client original IPv6 address with a 16-ary correspondence of: 2c00: e2 ef. And converting the 16-system into a 10-system pseudo IPv4 address, converting the 16-system symbol corresponding to each 8-bit 2-system into a 10-system number, combining 4 10-system numbers into a 10-system number segment, and enabling one 10-system number to be one bit of the pseudo IPv4 address. Finally, the server receives four pseudo IPv4 addresses in the X-Forwarded-for (xff) field in the HTTP header: 236.8.132.225, 0.66.85.96, 132.170.47.60 and 44.0.226.239, and then the data is decrypted and restored into IPv6 addresses according to encryption rules: 2408:84e1:42:5560:84aa:2f3c:2c00: e2 ef.
Considering that each session encrypted by adopting TLS and SSL protocols needs to be created through a handshake protocol, an XFF field cannot be added in the case, but HTTPS messages in handshake packets before the encrypted session is formally established are not encrypted, the handshake packets comprise Client Hello and the like, For the HTTPS messages encrypted by adopting the TLS and SSL protocols, the same method as that used For processing the HTTP messages is used For adding an X-Forwarded-For field containing the IPv6 address of a user end into an HTTPS header of the Client Hello packet, and the source of the IPv6 address of the user end is realized.
The embodiment of the invention also provides an original address transmission system, which can realize the functions through the processing unit 42. It should be noted that an original address transmission system according to the embodiment of the present invention may be used to execute an original address transmission method provided by the embodiment of the present invention, and an original address transmission method according to the embodiment of the present invention may also be executed by an original address transmission system provided by the embodiment of the present invention. Fig. 4 is a schematic diagram of an original address transmission system according to an embodiment of the present invention. As shown in fig. 4, an original address transmission system includes:
and the processing unit 42 is used for adding the original IPv6 address of the client to the XFF field of the HTTP request data packet header by the protocol conversion system on the IPv4 network side of the protocol conversion system.
The embodiment of the present invention also provides another original address transmission system, which can realize its function through the synthesis unit 52. It should be noted that an original address transmission system according to the embodiment of the present invention may be used to execute an original address transmission method provided by the embodiment of the present invention, and another original address transmission method according to the embodiment of the present invention may also be executed by another original address transmission system provided by the embodiment of the present invention. Fig. 5 is a schematic diagram of another original address transmission system according to an embodiment of the present invention. As shown in fig. 5, an original address transmission system includes:
and the synthesis unit 52 is used for combining all IPv4 addresses in the XFF field of the HTTP request data packet header into the original IPv6 address by the server.
The embodiment of the invention also provides another original address transmission system, and the system can realize the functions through the receiving unit 62. It should be noted that an original address transmission system according to the embodiment of the present invention may be used to execute an original address transmission method provided by the embodiment of the present invention, and another original address transmission method according to the embodiment of the present invention may also be executed by another original address transmission system provided by the embodiment of the present invention. Fig. 6 is a schematic diagram of another original address transmission system according to an embodiment of the present invention. As shown in fig. 6, an original address transmission system includes:
the receiving unit 62 is configured to receive an HTTP request packet, where an original IPv6 address of the client is added to an XFF field of a header of the HTTP request packet.
The above embodiment of the original address transmission system corresponds to an original address transmission method, and therefore, the beneficial effects are not described again.
The embodiment of the invention provides a storage medium, which comprises a stored program, wherein when the program runs, a device on which the storage medium is positioned is controlled to execute the method.
The embodiment of the invention provides a processor, which comprises a processing program, wherein when the program runs, a device where the processor is located is controlled to execute the method.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a mobile terminal, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A method for original address transmission, comprising:
the protocol conversion system receives an access request of a client, wherein the access request comprises an original IPv6 address of the client;
the protocol conversion system adds the original IPv6 address of the client to the XFF field of the HTTP request data packet head on the IPv4 network side;
the protocol conversion system sends the HTTP request data packet to a server side so that the server side restores the original IPv6 address of the client side;
the protocol conversion system adding the original IPv6 address of the client at the XFF field of the HTTP request data packet header at the IPv4 network side of the protocol conversion system comprises:
dividing the original IPv6 address into 4 segments of pseudo IPv4 addresses, wherein the pseudo IPv4 address is binary 32 bits;
a 4-segment pseudo IPv4 address is added at the XFF field of the HTTP request packet header.
2. The method of claim 1, wherein the dividing the original IPv6 address into 4 segments of pseudo IPv4 addresses comprises:
decomposing the original IPv6 address into 4 16-system digital symbol segments;
converting and calculating 4 16-system digit symbol segments to obtain corresponding 4 10-system digit segments, wherein each 8-bit 2-system corresponding 16-system digit is converted into a 10-system digit, the 4 10-system digits are combined into a 10-system digit segment, and one 10-system digit is one of four segment numbers of the pseudo IPv4 address;
each 10-digit field is taken as the pseudo IPv4 address.
3. The method of claim 1, wherein adding a 4-segment pseudo IPv4 address at an XFF field of an HTTP request packet header comprises:
the pseudo IPv4 addresses are separated by commas.
4. The method of claim 1, wherein adding a 4-segment pseudo IPv4 address at an XFF field of an HTTP request packet header comprises:
and carrying out encryption transformation on the pseudo IPv4 address according to an encryption preset rule.
5. A method for original address transmission, comprising:
a server receives an HTTP request data packet sent by a protocol conversion system, wherein an original IPv6 address of a client is added to an XFF field of the HTTP request data packet, the original IPv6 address of the client is divided into 4 segments of pseudo IPv4 addresses, and the pseudo IPv4 address is subjected to encryption transformation according to an encryption preset rule;
the server side combines all IPv4 addresses in an XFF field of the head of the HTTP request data packet into an original IPv6 address;
the server side combines all IPv4 addresses at an XFF field of the HTTP request data packet header into an IPv6 address, and the method comprises the following steps:
and combining IPv4 addresses at an XFF field of the head of the HTTP request data packet into an IPv6 address according to a decryption preset rule, wherein the decryption preset rule corresponds to the encryption preset rule, the IPv4 address is a pseudo IPv4 address, and the IPV6 address is an original IPv6 address of the client.
6. The method of claim 5, wherein combining the IPv4 address at the XFF field of the HTTP request packet header into an IPv6 address according to a decryption preset rule comprises:
obtaining 10-system digital fields corresponding to 4 pseudo IPv4 addresses according to a preset decryption rule;
converting 4 10-system digit sections into 4 16-system digit symbol sections;
and combining 4 16-system digital symbol segments into the IPv6 address according to the preset decryption rule.
7. A computer-readable storage medium, having a program stored thereon, which when executed performs the method of any of claims 1 to 6.
8. A processor adapted to load and run a program, wherein the program when executed performs the method of any of claims 1 to 6.
CN201910616206.XA 2019-07-09 2019-07-09 Original address transmission method, system, storage medium and processor Active CN110324437B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910616206.XA CN110324437B (en) 2019-07-09 2019-07-09 Original address transmission method, system, storage medium and processor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910616206.XA CN110324437B (en) 2019-07-09 2019-07-09 Original address transmission method, system, storage medium and processor

Publications (2)

Publication Number Publication Date
CN110324437A CN110324437A (en) 2019-10-11
CN110324437B true CN110324437B (en) 2020-08-21

Family

ID=68123177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910616206.XA Active CN110324437B (en) 2019-07-09 2019-07-09 Original address transmission method, system, storage medium and processor

Country Status (1)

Country Link
CN (1) CN110324437B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110933190B (en) * 2019-10-18 2022-09-27 平安科技(深圳)有限公司 Client address acquisition method and device, storage medium and computer equipment
CN111586207A (en) * 2020-06-17 2020-08-25 北京宏图佳都通信设备有限公司 Method, system and related device for transferring client source address across networks
CN111586208A (en) * 2020-06-17 2020-08-25 北京宏图佳都通信设备有限公司 Method, system and related device for transferring client source address across networks
CN111586209A (en) * 2020-06-17 2020-08-25 北京宏图佳都通信设备有限公司 Method, system and related device for transferring client source address across networks
CN112422577B (en) * 2020-11-25 2021-12-24 北京微步在线科技有限公司 Method, device, server and storage medium for preventing original address spoofing attack
US20220014608A1 (en) * 2020-12-22 2022-01-13 Weiqiang Ma Network processor with command-template packet modification engine

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973600A (en) * 2013-02-01 2014-08-06 德克萨斯仪器股份有限公司 Rotate-mask-merge and deposit-field instructions for packet processing
CN105474675A (en) * 2013-06-19 2016-04-06 脸谱公司 Detecting carriers for mobile devices
CN108141704A (en) * 2015-10-30 2018-06-08 微软技术许可有限责任公司 The station location marker of former network message handling device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7349981B2 (en) * 2003-12-18 2008-03-25 Intel Corporation System, apparatus, and method for string matching
CN101068226B (en) * 2007-02-01 2010-05-19 西安交通大学 Multimedia interactive gateway realizing method under IPv4/IPv6 mixed environment
CN101247308B (en) * 2007-02-13 2011-04-27 上海亿人通信终端有限公司 Tunnel packet processing method for implementing IPv6 traversing IPv4 based on network processor
EP2504974B1 (en) * 2009-11-25 2019-04-24 Citrix Systems Inc. Systems and methods for client ip address insertion via tcp options
US10673719B2 (en) * 2016-02-25 2020-06-02 Imperva, Inc. Techniques for botnet detection and member identification

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973600A (en) * 2013-02-01 2014-08-06 德克萨斯仪器股份有限公司 Rotate-mask-merge and deposit-field instructions for packet processing
CN105474675A (en) * 2013-06-19 2016-04-06 脸谱公司 Detecting carriers for mobile devices
CN108141704A (en) * 2015-10-30 2018-06-08 微软技术许可有限责任公司 The station location marker of former network message handling device

Also Published As

Publication number Publication date
CN110324437A (en) 2019-10-11

Similar Documents

Publication Publication Date Title
CN110324437B (en) Original address transmission method, system, storage medium and processor
CN110290221B (en) Original address transmission method, system, storage medium and processor
US8064599B2 (en) Secure message transport using message segmentation
FI108827B (en) A method for implementing connection security in a wireless network
US9426176B2 (en) Method, system, and logic for in-band exchange of meta-information
CN102801695B (en) Virtual private network (VPN) communication equipment and data pack transmission method thereof
CN105791451B (en) Message response method and device
CN110535879A (en) A kind of original address transmission method, system, storage medium and processor
CN104580086A (en) Information transmission method, client side, server and system
CN112261062A (en) Internet of things security access method, gateway and system supporting multi-protocol conversion
CN113221146B (en) Method and device for data transmission among block chain nodes
KR20180130203A (en) APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME
CN103581361A (en) Domain name resolution proxy method, device and system
CN116366740A (en) Data transmission method, device, system, storage medium and processor
CN106031097A (en) Service processing method and device
CN105592030B (en) IP packet processing method and processing device
CN110351086B (en) Method and system for processing and transmitting encrypted information in robot group
CN104734944A (en) Transmission method and device for electronic mail
CN114679265B (en) Flow acquisition method, device, electronic equipment and storage medium
CN110049024B (en) Data transmission method, transfer server and access network point server
CN103458060A (en) Method and device for transmitting host machine identifiers under multistage network address translation (NAT)
CN102843335B (en) The processing method of streaming medium content and equipment
JP2010114693A (en) Transmitter
CN110995730B (en) Data transmission method and device, proxy server and proxy server cluster
KR101588549B1 (en) Tcp based network routers supporting network coding and tcp based data streaming system using network coding

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant