[go: up one dir, main page]

CN102035904A - Method for converting TCP network communication server into client - Google Patents

Method for converting TCP network communication server into client Download PDF

Info

Publication number
CN102035904A
CN102035904A CN2010105829520A CN201010582952A CN102035904A CN 102035904 A CN102035904 A CN 102035904A CN 2010105829520 A CN2010105829520 A CN 2010105829520A CN 201010582952 A CN201010582952 A CN 201010582952A CN 102035904 A CN102035904 A CN 102035904A
Authority
CN
China
Prior art keywords
service
client
command
server
services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010105829520A
Other languages
Chinese (zh)
Other versions
CN102035904B (en
Inventor
姚威
邓伟
王彦彬
王雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Dayang Technology Development Inc
Original Assignee
Beijing Dayang Technology Development Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Dayang Technology Development Inc filed Critical Beijing Dayang Technology Development Inc
Priority to CN 201010582952 priority Critical patent/CN102035904B/en
Publication of CN102035904A publication Critical patent/CN102035904A/en
Application granted granted Critical
Publication of CN102035904B publication Critical patent/CN102035904B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

本发明涉及一种将TCP网络通信服务端转换为客户端的方法,包括:建立在TCP网络中提供数据转发的转发服务器,至少有一个内网服务端机器通过命令端口和数据端口与转发服务器建立连接;至少有一个外网客户端机器通过所述命令端口和数据端口与转发服务器建立连接;转发服务器中设置有一个TCP网络IP地址、设置有命令端口和数据端口,转发服务器始终监听命令端口和数据端口;本发明转发服务器只负责服务注册、服务查询、通信中转等处理,内网服务端机器不直接对外网暴露服务,提高了内网安全性,不再需要配置固定IP,减少了固定IP这一宝贵资源;本发明是基于TCP通信转发的通用实现方法,现有的服务端、客户端软件不需要修改,可以充分利用已有的软件资产。

Figure 201010582952

The invention relates to a method for converting a TCP network communication server into a client, comprising: establishing a forwarding server providing data forwarding in the TCP network, at least one internal network server machine establishes a connection with the forwarding server through a command port and a data port ; At least one external network client machine is connected with the forwarding server through the command port and the data port; a TCP network IP address, a command port and a data port are arranged in the forwarding server, and the forwarding server listens to the command port and the data port all the time port; the forwarding server of the present invention is only responsible for processing such as service registration, service query, and communication transfer. A precious resource; the present invention is based on the general implementation method of TCP communication forwarding, the existing server and client software do not need to be modified, and the existing software assets can be fully utilized.

Figure 201010582952

Description

一种将TCP网络通信服务端转换为客户端的方法 A method for converting TCP network communication server to client

技术领域technical field

本发明应用于计算机网络通信领域,特别涉及一种将TCP网络通信服务端转换为客户端的方法,该方法采用一个公共的转发服务器模块,实现外网客户端与内网服务器之间的通信转发,服务端机器不需要配置固定IP,不需要修改现有的服务端和客户端软件,就能使外网机器能够访问内网机器上的服务。 The present invention is applied to the field of computer network communication, and particularly relates to a method for converting a TCP network communication server into a client. The method adopts a public forwarding server module to realize communication forwarding between an external network client and an internal network server. The server machine does not need to be configured with a fixed IP, nor does it need to modify the existing server and client software, so that the external network machine can access the services on the internal network machine. the

背景技术Background technique

在企业内部网络中,为了保证网络安全,都会设置防火墙,只允许内网机器作为客户端连接外网的服务端机器,而不允许内网机器作为服务端,让外网机器来连接。如一般公司内网中的机器都可以作为客户端访问互联网网页或者互联网上的FTP服务器,但内网的FTP服务器等机器,是不允许外网机器访问的。In the internal network of the enterprise, in order to ensure network security, a firewall is set up, and only the internal network machine is allowed to be used as the client to connect to the server machine of the external network, and the internal network machine is not allowed to be used as the server to allow the external network machine to connect. For example, machines in the general company intranet can be used as clients to access Internet web pages or FTP servers on the Internet, but machines such as FTP servers in the intranet are not allowed to be accessed by external network machines.

       不允许内网机器作为服务端被外网访问,除了安全因素,还有一个原因是,如果作为服务端被外网访问,服务端必须具备固定的外网IP和端口号。由于固定的外网IP资源数量有限,非常宝贵,因此,一般企业只是申请很少几个固定IP。通过网络地址转换(NAT)技术,可以允许很多台内网机器作为客户端连接外网,共享这几个固定IP,例如以太网络。虽然每个客户端连接使用的外网IP相同,但端口号不同,因此多个连接之间没有冲突。如果作为服务端,不但要求IP固定,还要求服务端的端口号相同,因此,无法实现端口号相同的多台服务端机器,共享外网IP。The internal network machine is not allowed to be accessed from the external network as a server. In addition to security factors, another reason is that if the server is accessed from the external network, the server must have a fixed external network IP and port number. Due to the limited number of fixed external network IP resources, they are very valuable, therefore, general enterprises only apply for a few fixed IPs. Through network address translation (NAT) technology, many intranet machines can be allowed to connect to the external network as clients and share these fixed IPs, such as Ethernet. Although the external IP used by each client connection is the same, the port number is different, so there is no conflict between multiple connections. If it is used as a server, not only the IP is required to be fixed, but also the port number of the server is required to be the same. Therefore, multiple server machines with the same port number cannot share the external network IP.

       在某些应用场景中,允许内网机器作为服务端被外网访问是必须的,比如网络管理员需要在远程以Telnet、SSH等方式连接内网机器,进行远程诊断,就必须要求内网机器作为服务端允许外网机器连接。In some application scenarios, it is necessary to allow the internal network machine to be accessed by the external network as a server. For example, if the network administrator needs to remotely connect to the internal network machine through Telnet, SSH, etc. As a server, external network machines are allowed to connect.

       对于这种只允许内网机器作为客户端联网,又要求内网机器对外提供服务允许外网机器访问的情况,目前还没有通用的解决方案。现有的一些解决方案,都是针对不同的服务开发专门的软件,无法直接利用现有的服务端软件和客户端软件。比如,国外的TeamViewer软件,是一个专门开发的远程桌面控制软件,在被控机器上安装后,只要被控机器能作为客户端联网,就可以使用TeamViewer客户端软件,远程控制被控机器,两个机器之间通过一个中间服务器进行信息转发。国内的51MyPC软件,也采用类似机制,实现了远程控制功能。There is currently no general solution for this situation where only intranet machines are allowed to be connected to the Internet as clients, and the intranet machines are required to provide external services and allow external network machines to access. Some existing solutions develop special software for different services, and cannot directly utilize existing server software and client software. For example, the foreign TeamViewer software is a specially developed remote desktop control software. After it is installed on the controlled machine, as long as the controlled machine can be connected to the Internet as a client, the TeamViewer client software can be used to remotely control the controlled machine. Information is forwarded between machines through an intermediate server. The domestic 51MyPC software also uses a similar mechanism to realize the remote control function.

现有解决方案的缺陷是,必须针对不同类型的服务进行不同开发,不能利用已有的服务端和客户端软件。比如,现有的Telnet、SSH、Windows远程桌面等,都是非常成熟、应用广泛的网络管理服务,但都必须要求服务端有固定的外网IP和端口,客户端程序才能连接。目前没有一种将TCP网络通信服务端转换为客户端的通用方法,允许直接使用现有的服务端和客户端软件。 The disadvantage of the existing solutions is that different developments must be made for different types of services, and existing server and client software cannot be used. For example, the existing Telnet, SSH, Windows remote desktop, etc. are very mature and widely used network management services, but all must require the server to have a fixed external network IP and port, so that the client program can connect. Currently there is no general method for converting a TCP network communication server to a client, allowing direct use of existing server and client software. the

发明内容Contents of the invention

本发明的目的是针对上述问题提出的一种将TCP网络通信服务端转换为客户端的方法技术方案,该方法采用一个公共的转发服务器模块,实现外网客户端与内网服务器之间的通信转发,服务端机器不直接对外网暴露服务,服务端机器不再需要配置固定IP,提高了内网安全性。The purpose of the present invention is to propose a technical solution for converting the TCP network communication service end into a client for the above problems. The method adopts a public forwarding server module to realize the communication forwarding between the external network client and the internal network server. , the server machine does not directly expose services to the external network, and the server machine no longer needs to be configured with a fixed IP, which improves the security of the internal network.

为了实现上述目的,本发明的技术方案是, 一种将TCP网络通信服务端转换为客户端的方法,包括转发服务器模块、服务端代理和客户端机器,所述方法的步骤包括:In order to achieve the above object, the technical solution of the present invention is, a kind of method that TCP network communication service end is converted into client, comprise forwarding server module, server agent and client machine, the step of described method comprises:

至少有一个提供数据转发的转发服务器模块建立在TCP网络中,转发服务器模块中设置有一个TCP网络IP地址、设置有命令端口和数据端口、设置有一个数据转发器和一个用户认证子模块,转发服务器模块始终监听命令端口和数据端口,准备接收服务端代理和客户端机器发起的连接,所述客户端机器包括客户端代理和客户端;At least one forwarding server module providing data forwarding is set up in the TCP network, a TCP network IP address, a command port and a data port, a data transponder and a user authentication submodule are provided in the forwarding server module, and the forwarding The server module always listens to the command port and the data port, and is ready to receive connections initiated by the server agent and the client machine, and the client machine includes the client agent and the client;

至少有一个内网服务端代理通过所述命令端口和数据端口与转发服务器模块建立连接,所述内网服务端代理至少连接一个内网服务端的实际服务;There is at least one intranet server proxy to establish a connection with the forwarding server module through the command port and the data port, and the intranet server proxy is connected to at least one actual service of the intranet server;

至少有一个外网客户端机器的客户端代理通过所述命令端口与转发服务器模块建立连接,同一个客户端机器的客户端与转发服务器模块的数据端口建立连接。At least one client agent of the external network client machine establishes a connection with the forwarding server module through the command port, and a client of the same client machine establishes a connection with the data port of the forwarding server module.

所述转发服务器模块执行的步骤包括:命令端口监听线程处理和数据端口监听线程处理;The steps performed by the forwarding server module include: command port monitoring thread processing and data port monitoring thread processing;

所述命令端口监听线程处理步骤包括:收到命令连接后,通过用户认证子模块进行用户名、密码验证;密码验证出错,关闭该连接,继续等待新的命令连接;密码验证成功,启动命令处理线程;The command port monitoring thread processing steps include: after receiving the command connection, user name and password verification are carried out by the user authentication submodule; the password verification is wrong, close the connection, and continue to wait for a new command connection; the password verification is successful, start the command processing thread;

所述数据端口监听线程处理步骤包括:先接收定长的数据连接命令字和服务访问ID信息,然后接收与具体服务相关的数据,所述转发服务器模块只解析开头的定长数据,然后直接进行转发处理,所述数据连接命令字有“提供服务”和“访问服务”,“提供服务”命令由服务端代理数据连接发送,“访问服务”命令由客户端数据连接发送,如果 “提供服务”连接与 “访问服务”有相同的服务访问ID,表明这两个连接对应的是同一个服务访问请求,传入两个连接的Socket信息并记为SocketS1和SocketS2,启动通信转发线程。The data port monitoring thread processing step includes: first receiving fixed-length data connection command words and service access ID information, and then receiving data related to specific services, the forwarding server module only parses the fixed-length data at the beginning, and then directly performs Forwarding processing, the data connection command words include "provide service" and "access service", the "provide service" command is sent by the server proxy data connection, and the "access service" command is sent by the client data connection, if "provide service" The connection and the "access service" have the same service access ID, indicating that the two connections correspond to the same service access request. The Socket information of the two connections is passed in and recorded as SocketS1 and SocketS2, and the communication forwarding thread is started.

所述转发服务器模块命令处理线程的步骤是:The steps of the forwarding server module command processing thread are:

a. 判断命令类型;对于服务端代理服务注册命令:保存服务注册信息和该连接的Socket信息,返回注册结果信息;对于客户端代理服务查询命令:返回目前注册的所有服务信息列表,然后等待后续的服务选择命令;a. Judging the command type; for the server proxy service registration command: save the service registration information and the connected Socket information, and return the registration result information; for the client proxy service query command: return the list of all currently registered service information, and then wait for the follow-up The service selection command;

b.收到服务选择命令后,根据命令中选择的服务条目,向对应的服务端代理Socket发送服务选择命令;b. After receiving the service selection command, send the service selection command to the corresponding server agent Socket according to the service entry selected in the command;

c. 服务端代理Socket返回服务选择命令执行结果,如果执行成功,返回服务访问ID值,转发服务器模块将该ID返回给客户端代理;如果执行失败,转发服务器模块将错误描述信息返回给客户端代理;c. The server agent Socket returns the execution result of the service selection command. If the execution is successful, it returns the service access ID value, and the forwarding server module returns the ID to the client agent; if the execution fails, the forwarding server module returns the error description information to the client acting;

d. 之后继续等待后续的服务选择命令,直到退出该线程。 d. Continue to wait for subsequent service selection commands until the thread exits. the

所述命令端口与服务端代理和客户端代理的连接采用SSL/TLS传输层加密机制。The connection between the command port and the server agent and the client agent adopts an SSL/TLS transport layer encryption mechanism.

所述服务端代理执行的步骤包括:The steps performed by the server agent include:

a1. 连接中转服务器命令端口,发送服务注册命令;a1. Connect to the command port of the transfer server and send the service registration command;

a2. 服务注册成功后,等待接收服务选择命令,直到程序被手动关闭;a2. After the service registration is successful, wait to receive the service selection command until the program is manually closed;

a3. 收到服务选择命令后,连接服务选择命令中对应的服务,创建Socket S1,如果连接出错,返回错误信息,执行步骤a2,继续等待接收服务选择命令;a3. After receiving the service selection command, connect to the corresponding service in the service selection command, create Socket S1, if the connection fails, return an error message, execute step a2, and continue to wait for the service selection command to be received;

a4. 如果连接服务成功,采用标准的GUID方式生成随机的服务ID;a4. If the connection service is successful, use the standard GUID method to generate a random service ID;

a5. 创建Socket S2,发送“提供服务”命令字+服务ID。a5. Create Socket S2, and send the "provide service" command word + service ID.

a6. 如果连接或发送出错,返回错误信息,执行步骤a2,继续等待接收服务选择命令;a6. If there is an error in connection or sending, return an error message, execute step a2, and continue to wait for the service selection command to be received;

a7. 连接并发送成功后,向服务选择命令返回服务ID信息,启动线程处理Socket S1和Socket S2的服务通信转发。a7. After the connection and sending are successful, the service ID information is returned to the service selection command, and the thread is started to process the service communication forwarding of Socket S1 and Socket S2.

所述服务通信转发的步骤是:The steps of forwarding the service communication are:

a10. 调用select函数,检测SocketS1或SocketS2的数据是否可读;a10. Call the select function to detect whether the data of SocketS1 or SocketS2 is readable;

a11. 如果SocketS1可读,从SocketS1读取数据发送到SocketS2;如果SocketS2可读,从SocketS2读取数据发送到SocketS1;a11. If SocketS1 is readable, read data from SocketS1 and send to SocketS2; if SocketS2 is readable, read data from SocketS2 and send to SocketS1;

a12. 如果没有错误,继续执行步骤a10,进行循环中转处理;a12. If there is no error, continue to step a10, and perform loop transfer processing;

a13. 如果SocketS1或者SocketS2出现任何错误,或者任何一方连接断开,关闭SocketS1和SocketS2,退出中转线程。a13. If there is any error in SocketS1 or SocketS2, or if either party is disconnected, close SocketS1 and SocketS2, and exit the transfer thread.

所述客户端代理执行的步骤包括:The steps performed by the client agent include:

b1. 连接转发服务器模块命令端口,发送服务查询命令;b1. Connect to the command port of the forwarding server module, and send the service query command;

b2. 根据服务查询命令的返回,显示可以访问的服务列表;b2. According to the return of the service query command, display the list of accessible services;

b3. 等待用户选择某个服务;b3. Wait for the user to select a service;

b4. 用户选择访问后,发送服务选择命令,如果返回失败,提示错误信息,执行步骤b3,允许用户继续选择其他服务,或者退出程序;b4. After the user chooses to access, send a service selection command. If the return fails, an error message will be prompted, and step b3 will be executed to allow the user to continue to choose other services, or exit the program;

b5. 服务选择命令返回成功后,保存返回的服务访问ID;b5. After the service selection command returns successfully, save the returned service access ID;

b6. 注册Socket Hook模块,使该模块能截获后续客户端程序中对socket connect函数的调用;b6. Register the Socket Hook module, so that the module can intercept the call to the socket connect function in the subsequent client program;

b7. 启动服务对应的客户端程序子进程,传入转发服务器模块的IP和数据端口作为连接参数,子进程启动后,主程序执行步骤b3,允许用户继续选择其他服务。b7. Start the sub-process of the client program corresponding to the service, and pass in the IP and data port of the forwarding server module as connection parameters. After the sub-process is started, the main program executes step b3, allowing the user to continue to select other services.

所述 Socket Hook模块执行的步骤包括,截获客户端程序中对socket connect函数的调用后,首先调用客户端操作系统自身的connect函数;然后获取当前执行connect函数的进程ID,向客户端代理查询该进程ID是否是由客户端代理启动的客户端子进程,如果不是,该模块直接返回到主程序;如果是由客户端代理启动的客户端子进程,客户端代理会同时返回该子进程对应的服务访问ID,Socket Hook模块向服务端发送"服务访问"命令字+对应的服务访问ID,然后返回到主程序。The steps performed by the Socket Hook module include, after intercepting the calling of the socket connect function in the client program, at first calling the connect function of the client operating system itself; Whether the process ID is a client subprocess started by a client agent, if not, the module returns directly to the main program; if it is a client subprocess started by a client agent, the client agent will return the service access corresponding to the subprocess at the same time ID, the Socket Hook module sends the "service access" command word + the corresponding service access ID to the server, and then returns to the main program.

本发明对现有技术的贡献是:The present invention's contribution to prior art is:

1.       服务端机器不直接对外网暴露服务,提高了内网安全性,不再需要配置固定IP ,减少了固定IP这一宝贵资源,可以为公司节省成本。1. The server machine does not directly expose services to the external network, which improves the security of the internal network, no longer needs to configure a fixed IP, reduces the precious resource of fixed IP, and can save costs for the company.

2.       网络中转为纯数据中转机制,没有其他附加处理逻辑,因此该方法的通信效率很高。2. The network transfer is a pure data transfer mechanism without other additional processing logic, so the communication efficiency of this method is very high.

3.       通信转发基于TCP协议层的转发,支持的服务广泛,如Windows远程桌面、VNC、TELNET、SSH等基于TCP的服务都可以使用。3. Communication forwarding is based on TCP protocol layer forwarding, and supports a wide range of services, such as Windows remote desktop, VNC, TELNET, SSH and other TCP-based services can be used.

4.       本发明是基于TCP通信转发的通用实现方法,现有的服务端、客户端软件不需要修改,可以利用已有的软件资产。4. This invention is a general implementation method based on TCP communication forwarding. The existing server and client software do not need to be modified, and existing software assets can be used.

5.     通过多服务端代理、多公共转发服务器模块机制,客户端软件通过不同的公共转发服务器模块,都能访问到位于对应的服务,大大提高了系统的容错性。5. Through the multi-server agent and multi-public forwarding server module mechanism, the client software can access the corresponding services through different public forwarding server modules, which greatly improves the fault tolerance of the system.

6.     公共转发服务器模块只负责服务注册、服务查询、通信中转等处理,其处理逻辑与具体服务没有关系;因此,可以由第三方构建公共转发服务器模块,对外提供商业或免费的通信转发服务。6. The public forwarding server module is only responsible for service registration, service query, communication transfer, etc., and its processing logic has nothing to do with specific services; therefore, a third party can build a public forwarding server module to provide commercial or free communication forwarding services.

下面结合实施例和附图对本发明做一详细描述。The present invention will be described in detail below in conjunction with the embodiments and accompanying drawings.

附图说明Description of drawings

图1为本发明方法系统逻辑框图;Fig. 1 is a logical block diagram of the method system of the present invention;

图2为命令端口监听线程处理逻辑流程图;Fig. 2 is a logical flowchart of command port monitoring thread processing;

图3为命令处理线程的处理逻辑流程图;Fig. 3 is the processing logic flowchart of command processing thread;

图4为数据端口监听线程处理逻辑流程图;Fig. 4 is a flow chart of data port monitoring thread processing logic;

图5为服务端代理程序处理模块处理逻辑流程图;Fig. 5 is a flow chart of the processing logic of the server agent processing module;

图6为客户端代理程序处理模块的处理逻辑。Fig. 6 is the processing logic of the client agent processing module.

具体实施方式Detailed ways

一种将TCP网络通信服务端转换为客户端的方法实施例,参见图1,包括转发服务器模块1、服务端代理2和客户端机器3,所述方法的步骤包括:A kind of method embodiment that TCP network communication service end is converted into client, referring to Fig. 1, comprise forwarding server module 1, server agent 2 and client machine 3, the steps of described method comprise:

至少有一个提供数据转发的转发服务器模块建立在TCP网络中,转发服务器模块中设置有一个TCP网络IP地址、设置有命令端口1-1和数据端口1-2、设置有一个数据转发器和一个用户认证子模块,转发服务器模块始终监听命令端口和数据端口,准备接收服务端代理和客户端机器发起的连接,所述客户端机器包括客户端代理和客户端;At least one forwarding server module providing data forwarding is set up in the TCP network. The forwarding server module is provided with a TCP network IP address, a command port 1-1 and a data port 1-2, a data transponder and a The user authentication submodule, the forwarding server module always listens to the command port and the data port, and is ready to receive the connection initiated by the server agent and the client machine, and the client machine includes the client agent and the client;

至少有一个内网服务端代理通过所述命令端口和数据端口与转发服务器模块建立连接,所述内网服务端代理至少连接一个内网服务端4的实际服务;其中内网服务端代理可以在同一个服务端中也可以不在同一个服务端中;There is at least one intranet server agent to establish a connection with the forwarding server module through the command port and the data port, and the intranet server agent is at least connected to the actual service of an intranet server 4; wherein the intranet server agent can be in In the same server or not in the same server;

至少有一个外网客户端机器的客户端代理通过所述命令端口与转发服务器模块建立连接,同一个客户端机器的客户端与转发服务器模块的数据端口建立连接。At least one client agent of the external network client machine establishes a connection with the forwarding server module through the command port, and a client of the same client machine establishes a connection with the data port of the forwarding server module.

当然,如图1所示,实际的应用中服务端和客户端机器不只是一个而是多个,作为内网服务端上只需要部署一个服务端代理,所述的服务端代理是一个服务程序,该程序支持与位于本服务端或与之相连的内网其他服务端的多种不同的实际服务,如Telnet、SSH、Windows远程桌面等服务,而Telnet、SSH、Windows远程桌面等服务将不再直接面对外网提供。Of course, as shown in Figure 1, in the actual application, there are not only one server and client machines but multiple ones. As an intranet server, only one server agent needs to be deployed, and the server agent is a service program. , the program supports a variety of different actual services located on this server or other intranet servers connected to it, such as Telnet, SSH, Windows Remote Desktop and other services, and Telnet, SSH, Windows Remote Desktop and other services will no longer Provide directly to the external network.

服务端中的服务程序,也可以位于该服务端能访问的其他服务端上,这样该服务端可以作为内网中的一个内部转发服务器来使用,只要这一台机器能连接外网(TCP网络)的转发服务器模块即可。这种部署方式,服务端代理的转发效率会稍有降低,但只需要这一台服务端连接外网,因此增加了网络安全性。服务端代理程序本身与平台无关,这种部署方式服务器的操作系统不受限于实际服务程序支持的运行平台。例如,可以部署一台Linux机器,上面安装服务端代理程序,通过该机器访问其他服务端上的Windows远程桌面服务。The service program in the server can also be located on other servers that the server can access, so that the server can be used as an internal forwarding server in the intranet, as long as this machine can connect to the external network (TCP network ) forwarding server module. In this deployment method, the forwarding efficiency of the server proxy will be slightly reduced, but only this server needs to be connected to the external network, thus increasing network security. The server agent program itself has nothing to do with the platform, and the operating system of the server in this deployment mode is not limited to the operating platform supported by the actual service program. For example, you can deploy a Linux machine with a server agent installed on it, and access Windows Remote Desktop Services on other servers through this machine.

服务端代理支持同时连接多个转发服务器模块,因此,可以建立部署多台公共转发服务器模块,以提高系统容错性。The server agent supports connecting multiple forwarding server modules at the same time, therefore, multiple public forwarding server modules can be established and deployed to improve system fault tolerance.

所述转发服务器模块,主要提供服务注册、服务查询、服务选择和服务访问转发功能。The forwarding server module mainly provides functions of service registration, service query, service selection and service access forwarding.

该转发服务器模块具有固定的外网IP,客户端机器和服务端代理都需要能够访问该转发服务器模块。因此作为每个用户网络中就不需要部署能够被外网访问的服务器,只要用户网络的服务端能作为服务客户端访问位于外网的转发服务器模块就行,因此这里的服务端可以被视作一个服务客户端。The forwarding server module has a fixed external network IP, and both the client machine and the server agent need to be able to access the forwarding server module. Therefore, as each user network, there is no need to deploy a server that can be accessed by the external network, as long as the server of the user network can access the forwarding server module located on the external network as a service client, so the server here can be regarded as a Serving clients.

本实施例所述转发服务器模块中包括有转发服务器模块程序处理模块,所述服务端代理是一个服务端代理程序处理模块,所述客户端代理是一个客户端代理程序处理模块,所述客户端是一个客户端处理模块,其中客户端代理程序处理模块和客户端处理模块是在同一个客户端机器中。The forwarding server module described in this embodiment includes a forwarding server module program processing module, the server agent is a server agent processing module, the client agent is a client agent processing module, and the client is a client processing module where the client agent processing module and the client processing module are in the same client machine.

转发服务器模块程序处理模块是一个后台服务程序处理模块,提供服务注册、服务查询、服务选择和服务访问转发功能,支持Windows、Linux等多种系统平台,其转发服务器模块程序处理逻辑具体说明如下:The forwarding server module program processing module is a background service program processing module that provides service registration, service query, service selection and service access forwarding functions, and supports Windows, Linux and other system platforms. The specific description of the forwarding server module program processing logic is as follows:

转发服务器模块程序启动后,作为TCP通信的服务端,开启两个线程,分别监听命令端口和数据端口;这两个端口的具体值可以在TCP端口的合法范围内任意设置,为了尽量避免修改服务端机器和客户端机器的防火墙设置,最好将这两个端口设置为常用端口值,如80端口和21端口;After the forwarding server module program is started, as the server of TCP communication, two threads are opened to listen to the command port and the data port respectively; the specific values of these two ports can be set arbitrarily within the legal range of the TCP port, in order to avoid modifying the service as much as possible It is best to set these two ports to common port values, such as port 80 and port 21;

因此,所述转发服务器模块执行的步骤包括:命令端口监听线程处理和数据端口监听线程处理。Therefore, the steps performed by the forwarding server module include: command port monitoring thread processing and data port monitoring thread processing.

所述命令端口监听线程处理逻辑是:The command port monitoring thread processing logic is:

a. 监听命令端口,等待命令连接;由于命令连接中会传递用户名、密码等敏感信息,因此,该连接采用标准的SSL/TLS传输层加密机制,对该连接通信进行加密;a. Listen to the command port and wait for the command connection; since the command connection will transmit sensitive information such as user name and password, the connection adopts the standard SSL/TLS transport layer encryption mechanism to encrypt the connection communication;

b. 收到命令连接后,进行用户名、密码验证;用户名和密码是在转发服务器模块中通过用户认证子模块配置的,目的是为了防止未经授权的命令访问;b. After receiving the command connection, verify the user name and password; the user name and password are configured in the forwarding server module through the user authentication sub-module, the purpose is to prevent unauthorized command access;

c. 密码验证出错,直接关闭该连接,返回到a,继续等待新的命令连接;c. Password verification error, close the connection directly, return to a, and continue to wait for a new command connection;

d. 密码验证成功,启动命令处理线程,对该命令单独处理;采用线程方式是为了使后续新的命令连接能及时处理。d. If the password verification is successful, the command processing thread is started and the command is processed separately; the thread mode is used to enable the subsequent new command connection to be processed in time.

所述命令处理线程的处理逻辑是:The processing logic of the command processing thread is:

e. 判断命令类型;e. Determine the command type;

e1. 对于服务端服务注册命令,保存服务注册信息和该连接的Socket信息,返回注册结果信息;e1. For the server service registration command, save the service registration information and the Socket information of the connection, and return the registration result information;

所述服务注册命令包括服务注册命令字、服务端代理ID、转发服务器模块用户名、转发服务器模块密码、消息长度、服务端机器描述、以及服务信息列表等信息;所述服务信息列表中的每个服务项包括服务IP、服务端口、服务类型、服务描述等字段; 服务端代理ID是对服务端代理的唯一标识。The service registration command includes information such as service registration command word, server agent ID, forwarding server module user name, forwarding server module password, message length, server machine description, and service information list; each in the service information list Each service item includes service IP, service port, service type, service description and other fields; the server proxy ID is the unique identification of the server proxy.

服务注册命令处理完成后,该命令处理线程退出;退出前,服务端代理连接的Socket信息,要一起保存下来,后续进行服务选择处理时还会用来进行命令交互;After the service registration command processing is completed, the command processing thread exits; before exiting, the Socket information connected by the server proxy must be saved together, and will be used for command interaction in subsequent service selection processing;

e2. 对于客户端代理服务查询命令,返回目前注册并且用户有权访问的所有服务信息列表,然后等待后续的服务选择命令,直到连接断开,才退出该线程;e2. For the client proxy service query command, return the list of all service information currently registered and the user has the right to access, and then wait for the subsequent service selection command until the connection is disconnected before exiting the thread;

f. 收到服务选择命令后,根据命令中选择的服务条目,向对应的服务端代理Socket发送服务选择命令。f. After receiving the service selection command, send the service selection command to the corresponding server agent Socket according to the service item selected in the command.

服务选择命令的内容包括服务选择命令字、服务端代理ID(不使用IP是因为多个服务端代理的IP可能相同)、服务IP、服务端口等内容。The content of the service selection command includes the service selection command word, server proxy ID (the IP is not used because multiple server proxy IPs may be the same), service IP, service port, etc.

g. 服务端代理Socket返回服务选择命令执行结果,如果执行成功,会返回服务访问ID值,转发服务器模块将该ID返回给客户端代理;如果执行失败,转发服务器模块将错误描述信息返回给客户端代理。g. The server agent Socket returns the execution result of the service selection command. If the execution is successful, it will return the service access ID value, and the forwarding server module will return the ID to the client agent; if the execution fails, the forwarding server module will return the error description information to the client. end agent.

服务访问ID是服务端代理随机生成的一个唯一ID,可以使用GUID。转发服务器模块根据该ID,对ID匹配的分别由客户端和服务端代理建立的两个数据连接进行通信转发。The service access ID is a unique ID randomly generated by the server agent, and GUID can be used. According to the ID, the forwarding server module communicates and forwards the two data connections respectively established by the client and the server agent whose IDs match.

h. 之后继续等待后续的服务选择命令,直到连接断开,才退出该线程。h. Continue to wait for subsequent service selection commands until the connection is disconnected before exiting the thread.

所述数据端口监听线程处理逻辑是:The data port monitoring thread processing logic is:

i. 监听数据端口,等待数据连接。i. Listen to the data port and wait for the data connection.

j. 收到数据连接后,保存该连接Socket以及对应的服务访问ID;j. After receiving the data connection, save the connection Socket and the corresponding service access ID;

所述转发服务器模块先收到定长的数据连接命令字和服务访问ID信息,之后是与具体服务相关的数据,所述转发服务器模块只解析开头的定长数据,对后面的具体服务相关数据的具体内容不关心,直接进行后续转发处理;The forwarding server module first receives the fixed-length data connection command word and service access ID information, and then the data related to the specific service. The forwarding server module only parses the fixed-length data at the beginning, and the subsequent specific service-related data Don't care about the specific content of , and directly carry out subsequent forwarding processing;

所述数据连接命令字有“提供服务”和“访问服务”两种,“提供服务”命令由服务端代理数据连接发送,“访问服务”命令由客户端代理数据连接发送;The data connection command word has two kinds of "provide service" and "access service", the "provide service" command is sent by the server proxy data connection, and the "access service" command is sent by the client proxy data connection;

k. 比较服务ID;k. Compare service IDs;

如果没有找到与该连接对应的服务访问ID,表明匹配的连接还没有建立,保存连接Socket和服务访问ID信息后,转到i,继续等待新的数据连接;If the service access ID corresponding to the connection is not found, it indicates that the matching connection has not been established. After saving the connection Socket and service access ID information, go to i and continue to wait for a new data connection;

如果某个“提供服务”连接与某个“访问服务”有相同的服务访问ID,表明这两个连接对应的是同一个服务访问请求,传入两个连接的Socket信息并记为SocketS1和SocketS2,启动通信转发线程,然后转到i,继续等待新的数据连接。If a "providing service" connection has the same service access ID as an "access service", it indicates that the two connections correspond to the same service access request, and the Socket information of the two connections is passed in and recorded as SocketS1 and SocketS2 , start the communication forwarding thread, then go to i, continue to wait for new data connection.

所述通信转发线程中对两个Socket S1和SocketS2的通信转发逻辑是:The communication forwarding logic to two Socket S1 and SocketS2 in described communication forwarding thread is:

l. 调用select函数,检测SocketS1或SocketS2的数据是否可读?l. Call the select function to check whether the data of SocketS1 or SocketS2 is readable?

m. 如果SocketS1可读,从SocketS1读取数据发送到SocketS2;如果SocketS2可读,从SocketS2读取数据发送到SocketS1;m. If SocketS1 is readable, read data from SocketS1 and send to SocketS2; if SocketS2 is readable, read data from SocketS2 and send to SocketS1;

n. 如果没有错误,继续执行步骤l,进行循环中转处理;n. If there is no error, continue to execute step 1 to perform circular transfer processing;

o. 如果SocketS1或者SocketS2出现任何错误,或者任何一方连接断开,关闭SocketS1和SocketS2,退出中转线程。o. If there is any error in SocketS1 or SocketS2, or if either party is disconnected, close SocketS1 and SocketS2, and exit the transfer thread.

转发服务器模块提供用户管理功能。用户分为两类:"服务管理员用户"和"服务访问用户"。服务管理员用户可以在转发服务器模块中手动配置,或者采用用户自注册方式(需要审核后注册用户才能生效)。服务端代理在注册服务时需要提供服务管理员的用户名、密码。使用服务管理员用户名、密码能访问其注册的所有服务。服务管理员用户能够登录转发服务器模块的用户管理模块,新建服务访问用户,并且设置用户能访问哪些服务。用户密码和访问权限验证工作都在转发服务器模块中进行,但用户能访问哪些服务,是由服务提供方的服务管理员决定的,而不是由转发服务器模块管理员决定。The forwarding server module provides user management functions. Users are divided into two categories: "Service Admin Users" and "Service Access Users". The service administrator user can be manually configured in the forwarding server module, or use the user self-registration method (registered users need to be reviewed to take effect). The server agent needs to provide the user name and password of the service administrator when registering the service. Use the service administrator username and password to access all services registered with it. The service administrator user can log in to the user management module of the forwarding server module, create a new service access user, and set which services the user can access. User password and access authority verification work is carried out in the forwarding server module, but which services the user can access is determined by the service administrator of the service provider, not by the administrator of the forwarding server module.

所述服务端代理程序处理模块是一个后台服务模块,该处理模块将服务端机器作为客户端连接转发服务器模块,同时连接本机或者网络中其他本机上提供的服务,实现服务注册和服务通讯中转功能。The server agent processing module is a background service module, the processing module uses the server machine as a client to connect to the forwarding server module, and simultaneously connects to the service provided by this machine or other local machines in the network to realize service registration and service communication Transit function.

所述服务端代理程序处理模块支持Linux、Windows等多种平台,如果与具体服务部署在一起,只能部署在服务支持的系统平台。The server agent processing module supports multiple platforms such as Linux and Windows, and if it is deployed with specific services, it can only be deployed on the system platforms supported by the services.

在所述服务端代理程序处理模块中,需要配置服务端代理程序处理模块可以访问的服务信息列表,包括服务IP(默认是本机IP:127.0.0.1)、服务端口、服务描述等。In the server agent processing module, it is necessary to configure a list of service information that the server agent processing module can access, including service IP (default is local IP: 127.0.0.1), service port, service description, etc.

在一个子网中,可以在多台机器上配置独立的服务端代理程序处理模块,这样大大提高了系统的容错性。In a subnet, independent server agent processing modules can be configured on multiple machines, which greatly improves the fault tolerance of the system.

所述服务端代理程序处理模块处理逻辑是:The processing logic of the server agent processing module is:

服务端代理程序处理启动;The server agent process starts;

a1. 连接转发服务器模块命令端口,发送服务注册命令;a1. Connect to the command port of the forwarding server module, and send the service registration command;

服务注册命令的内容参考转发服务器模块处理逻辑中对服务注册命令的说明,其中服务端代理ID可以是服务端代理程序处理模块自动生成的一个唯一ID,可以使用GUID;For the content of the service registration command, refer to the description of the service registration command in the processing logic of the forwarding server module, where the server agent ID can be a unique ID automatically generated by the server agent processing module, and GUID can be used;

a2. 服务注册成功后,等待接收服务选择命令,直到程序被手动关闭;a2. After the service registration is successful, wait to receive the service selection command until the program is manually closed;

a3. 收到服务选择命令后,连接服务选择命令中对应的服务,创建Socket S1,如果连接出错,返回错误信息,执行步骤a2,继续等待接收服务选择命令;a3. After receiving the service selection command, connect to the corresponding service in the service selection command, create Socket S1, if the connection fails, return an error message, execute step a2, and continue to wait for the service selection command to be received;

a4. 如果连接服务成功,采用标准的GUID方式生成随机的服务ID; a4. If the connection service is successful, use the standard GUID method to generate a random service ID;

a5. 连接转发服务器模块数据端口,创建Socket S2,发送“提供服务”命令字+服务ID。a5. Connect to the data port of the forwarding server module, create Socket S2, and send the "provide service" command word + service ID.

a6. 如果连接或发送出错,返回错误信息,执行步骤a2,继续等待接收服务选择命令;a6. If there is an error in connection or sending, return an error message, execute step a2, and continue to wait for the service selection command to be received;

a7. 连接并发送成功后,向服务选择命令返回服务ID信息,启动线程处理Socket S1和Socket S2这两个Socket的服务通信转发。线程启动后,执行步骤a2,继续等待接收服务选择命令;a7. After the connection and sending are successful, the service ID information is returned to the service selection command, and the thread is started to process the service communication forwarding of the two Sockets, Socket S1 and Socket S2. After the thread is started, execute step a2 and continue to wait for the service selection command to be received;

所述服务通信转发处理逻辑,与转发服务器模块的通信转发逻辑是一样的。The service communication forwarding processing logic is the same as the communication forwarding logic of the forwarding server module.

a10. 调用select函数,检测SocketS1或SocketS2的数据是否可读。a10. Call the select function to detect whether the data of SocketS1 or SocketS2 is readable.

a11. 如果SocketS1可读,从SocketS1读取数据发送到SocketS2;如果SocketS2可读,从SocketS2读取数据发送到SocketS1;a11. If SocketS1 is readable, read data from SocketS1 and send to SocketS2; if SocketS2 is readable, read data from SocketS2 and send to SocketS1;

a12. 如果没有错误,继续执行步骤a11,进行循环中转处理;a12. If there is no error, continue to step a11 to perform circular transfer processing;

a13. 如果SocketS1或者SocketS2出现任何错误,或者任何一方连接断开,关闭SocketS1和SocketS2,退出中转线程。a13. If there is any error in SocketS1 or SocketS2, or if either party is disconnected, close SocketS1 and SocketS2, and exit the transfer thread.

在上述流程基础上经过简单的修改,所述服务端代理程序处理模块就可以支持向多个不同转发服务器模块同时注册功能:程序启动后,对配置的每个转发服务器模块分别启动一个线程,在每个线程中执行上述流程步骤,即可支持多公共转发服务器模块方式。这样客户端代理程序处理模块通过不同的转发服务器模块,都能访问服务端代理程序处理模块中转的服务,提供了系统的容错性。After simple modification on the basis of the above process, the server agent processing module can support the simultaneous registration function to a plurality of different forwarding server modules: after the program is started, a thread is respectively started for each forwarding server module configured, and the Executing the above process steps in each thread can support multiple public forwarding server modules. In this way, the client agent processing module can access the services relayed by the server agent processing module through different forwarding server modules, which provides the fault tolerance of the system.

所述客户端代理程序处理模块是一个有界面的程序模块,作为客户端与公共转发服务器模块连接,实现服务列表展现、选择服务、访问服务等功能。The client agent processing module is a program module with an interface, which is used as a client to connect with the public forwarding server module to realize functions such as displaying a service list, selecting a service, and accessing a service.

用户在客户端代理程序处理模块的服务列表中选择服务后,服务端代理程序处理模块会启动服务对应的客户端程序,与转发服务器模块的数据端口连接,通过转发服务器模块的中转,以及服务端代理的中转,实现对服务的访问功能。After the user selects a service in the service list of the client agent processing module, the server agent processing module will start the client program corresponding to the service, connect with the data port of the forwarding server module, pass the transfer of the forwarding server module, and the server The relay of the proxy realizes the access function to the service.

系统要求客户端与转发服务器模块的数据连接建立后,先向转发服务器模块发送“服务访问”命令字+对应的服务访问ID,便于让转发服务器模块将该数据连接与对应的服务端代理数据连接匹配,进行通信转发。The system requires that after the data connection between the client and the forwarding server module is established, first send the "service access" command word + corresponding service access ID to the forwarding server module, so that the forwarding server module can connect the data connection with the corresponding server agent data connection Match and forward the communication.

但客户端程序一般都是现有的程序,大多都是没有源代码的,因此不能直接对客户端程序进行修改。可以采用Winsock SPI提供的Socket接口,或者采用通用的Windows API Hook方法,写一个Socket Hook模块,通过该模块来截获包括客户端程序在内的所有网络通信程序对socket connect函数的调用。Socket Hook模块与客户端代理程序之间有通信,该模块判断如果调用connect的是客户端代理程序启动的客户端子进程,在connect成功后,首先向服务端发送“服务访问”命令字+对应的服务访问ID。也可以通过连接中转方式实现上述功能,客户端代理启动客户端程序连接客户端代理监听的本地端口,通信数据经由客户端代理转发给转发服务器模块,但多一次通信转发效率上会稍有降低,因此该方案推荐使用Socket Hook模块的方式。However, the client programs are generally existing programs, most of which do not have source codes, so the client programs cannot be directly modified. You can use the Socket interface provided by Winsock SPI, or use the general Windows API Hook method to write a Socket Hook module, and use this module to intercept calls to the socket connect function by all network communication programs including client programs. There is communication between the Socket Hook module and the client agent program. This module judges that if the caller to connect is the client subprocess started by the client agent program, after the connect is successful, it first sends the "service access" command word + the corresponding Service access ID. The above functions can also be realized through connection transfer. The client agent starts the client program to connect to the local port monitored by the client agent, and the communication data is forwarded to the forwarding server module through the client agent, but the efficiency of communication forwarding will be slightly reduced once more. Therefore, this solution recommends using the Socket Hook module.

所述客户端代理程序处理模块的处理逻辑是:The processing logic of the client agent processing module is:

客户端代理处理启动;Client agent handles startup;

b1. 连接转发服务器模块命令端口,发送服务查询命令;b1. Connect to the command port of the forwarding server module, and send the service query command;

b2. 根据服务查询命令的返回,显示可以访问的服务列表;b2. According to the return of the service query command, display the list of accessible services;

b3. 等待用户选择某个服务;b3. Wait for the user to select a service;

b4. 用户选择访问后,发送服务选择命令;如果返回失败,提示错误信息,执行步骤b3,允许用户继续选择其他服务,或者退出程序;b4. After the user chooses to access, send a service selection command; if the return fails, an error message will be prompted, and step b3 will be executed to allow the user to continue to select other services, or exit the program;

所述服务选择命令的具体内容参考转发服务器模块处理逻辑中对服务选择命令的描述。For the specific content of the service selection command, refer to the description of the service selection command in the processing logic of the forwarding server module.

b5. 服务选择命令返回成功后,保存返回的服务访问ID;b5. After the service selection command returns successfully, save the returned service access ID;

b6. 注册Socket Hook模块,使该模块能截获后续客户端程序中对socket connect函数的调用;b6. Register the Socket Hook module, so that the module can intercept the call to the socket connect function in the subsequent client program;

b7. 启动服务对应的客户端程序子进程,传入公共转发服务器模块的IP和数据端口作为连接参数。子进程启动后,主程序执行步骤b3,允许用户继续选择其他服务;b7. Start the sub-process of the client program corresponding to the service, and pass in the IP and data port of the public forwarding server module as connection parameters. After the child process is started, the main program executes step b3, allowing the user to continue to select other services;

b8. 客户端程序会调用socket connect函数与转发服务器模块数据端口建立连接,由于注册了Socket Hook模块,客户端对socket connect函数的调用会进入到Socket Hook模块自定义connect函数中;b8. The client program will call the socket connect function to establish a connection with the data port of the forwarding server module. Since the Socket Hook module is registered, the client's call to the socket connect function will enter the custom connect function of the Socket Hook module;

下面是Socket Hook模块处理逻辑。The following is the processing logic of the Socket Hook module.

c1. Socket Hook模块首先调用操作系统自身的connect函数;c1. The Socket Hook module first calls the connect function of the operating system itself;

Socket Hook模块获取当前执行connect函数的进程ID,向客户端代理模块查询该进程ID是否是由客户端代理模块启动的客户端子进程。如果不是,该模块直接返回;The Socket Hook module obtains the process ID currently executing the connect function, and queries the client agent module whether the process ID is a client subprocess started by the client agent module. If not, the module returns directly;

c2. 如果是由客户端代理模块启动的客户端子进程,客户端代理模块会同时返回该子进程对应的服务访问ID,Socket Hook模块向服务端发送“服务访问”命令字+对应的服务访问ID;c2. If the client subprocess is started by the client proxy module, the client proxy module will return the service access ID corresponding to the sub process at the same time, and the Socket Hook module will send the "service access" command word + the corresponding service access ID to the server ;

c3. 该模块返回,后续继续执行客户端程序的内部处理逻辑,直到用户关闭客户端程序,该子进程退出。c3. The module returns, and continues to execute the internal processing logic of the client program until the user closes the client program and the child process exits.

最后应说明的是,以上仅用以说明本发明的技术方案而非限制,尽管参照较佳布置方案对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或者等同替换(例如:部署2台或2台以上的公共转发服务器模块,以提高系统整体工作的可靠性;或者为某些保密性要求高的用户提供专属使用的转发服务器模块;在部分实时性要求高的应用场合,必要的情况下可以为某些客户内网的每一个服务端设备配置独立的服务端代理程序处理模块等),而不脱离本发明技术方案的精神和范围。 Finally, it should be noted that the above is only used to illustrate the technical solution of the present invention and not to limit it. Although the present invention has been described in detail with reference to the preferred arrangement, those skilled in the art should understand that the technical solution of the present invention can be modified Or equivalent replacement (for example: deploy 2 or more public forwarding server modules to improve the reliability of the overall system work; or provide dedicated forwarding server modules for some users with high confidentiality requirements; in some real-time For applications with high requirements, if necessary, each server device in some client intranets can be configured with an independent server agent processing module, etc.), without departing from the spirit and scope of the technical solution of the present invention. the

Claims (8)

1. one kind is converted to the method for client with TCP network communication services end, it is characterized in that comprise forwarding server module, service end agency and client machine, the step of described method comprises:
Have at least one to provide the forwarding server module of data forwarding to be based upon in the TCP network, be provided with a TCP network ip address in the forwarding server module, be provided with command port and FPDP, be provided with a data transponder and an authentification of user submodule, the forwarding server module is snoop command port and FPDP all the time, prepare to receive service end agency and being connected that client machine is initiated, described client machine comprises Client Agent and client;
Have at least Intranet service end agency to connect with the forwarding server module by described command port and FPDP, described Intranet service end is acted on behalf of the active service that connects an Intranet service end at least;
Have at least the Client Agent of an outer net client machine to connect by described command port and forwarding server module, the FPDP of the client of same client machine and forwarding server module connects.
2. according to claim 1ly a kind of TCP network communication services end is converted to the method for client, it is characterized in that the step that described forwarding server module is carried out comprises: the command port watcher thread is handled and the processing of FPDP watcher thread;
Described command port watcher thread treatment step comprises: receive orders after the connection, carry out user name, password authentification by the authentification of user submodule; Password authentification makes mistakes, and closes this connection, continues to wait for that new order connects; The password authentification success, the starting command processing threads;
Described FPDP watcher thread treatment step comprises: the data bind command word and the service access id information that receive fixed length earlier, receive then and the relevant data of concrete service, described forwarding server module is only resolved the fixed-length data of beginning, directly transmit processing then, described data bind command word has " service is provided " and " access services ", order connects transmission by the service end proxy data " to provide service ", " access services " order connects transmission by client data, connection has identical service access ID with " access services " if " provide service ", what show these two connection correspondences is same service access request, import the Socket information of two connections into and be designated as SocketS1 and SocketS2, start communication and transmit thread.
3. according to claim 2ly a kind of TCP network communication services end is converted to the method for client, it is characterized in that the step of described forwarding server module command processing threads is:
A. judge command type; For service end agency service log-in command: preserve the Socket information that service registry information is connected with this, return registering result information; For Client Agent service-seeking order: return all information on services tabulations of present registration, wait for follow-up services selection order then;
B. after receiving the services selection order,, act on behalf of Socket to the service end of correspondence and send the services selection order according to the service listings of selecting in the order;
C. service end is acted on behalf of Socket and is returned the services selection command execution results, if run succeeded, returns service access ID value, and the forwarding server module returns to Client Agent with this ID; If carry out failure, the forwarding server module returns to Client Agent with error description information;
D. continue after to wait for follow-up services selection order, up to withdrawing from this thread.
4. according to claim 1ly a kind of TCP network communication services end is converted to the method for client, it is characterized in that, described command port and service end agency and Client Agent be connected employing SSL/TLS transport layer encryption mechanism.
5. according to claim 1ly a kind of TCP network communication services end is converted to the method for client, it is characterized in that the step that described service end agency carries out comprises:
A1. connect the transfer server command port, send the service registry order;
A2. after the service registry success, wait for receiving the services selection order, up to program by manual-lock;
A3. after receiving the services selection order, Socket S1 is created in the service of correspondence in the Connection Service select command, makes mistakes if connect, and returns error message, and execution in step a2 continues to wait for the order of reception services selection;
If a4. Connection Service success, the GUID mode of employing standard generates service ID at random;
A5. create Socket S2, send " service is provided " command word+service ID;
Make mistakes if a6. connect or send, return error message, execution in step a2 continues to wait for the order of reception services selection;
A7. after connecting and sending successfully, return service ID information to the services selection order, the communication for service that starts thread process Socket S1 and Socket S2 is transmitted.
6. according to claim 5ly a kind of TCP network communication services end is converted to the method for client, it is characterized in that the step that described communication for service is transmitted is:
A10. call the select function, whether the data that detect SocketS1 or SocketS2 are readable;
If a11. SocketS1 is readable, send to SocketS2 from the SocketS1 reading of data; If SocketS2 is readable, send to SocketS1 from the SocketS2 reading of data;
If a12. there is not mistake, continue execution in step a10, the transfer that circulates is handled;
If a13. any mistake appears in SocketS1 or SocketS2, perhaps either party connects disconnection, closes SocketS1 and SocketS2, withdraws from the transfer thread.
7. according to claim 1ly a kind of TCP network communication services end is converted to the method for client, it is characterized in that the step that described Client Agent is carried out comprises:
B1. connect forwarding server module command port, send the service-seeking order;
B2. return the service list that demonstration can be visited according to the service-seeking order;
B3. wait for that the user selects certain service;
B4. after the user selects visit, send the services selection order, if return failure, the prompting error message, execution in step b3 allows the user to continue to select other services, perhaps quits a program;
B5. after the services selection order returns success, preserve the service access ID that returns;
B6. register Socket Hook module, this module can be intercepted and captured in the subsequent client program socket connect function calls;
B7. start service clients corresponding program subprocess, the IP that imports the forwarding server module into and FPDP be as being connected parameter, after subprocess starts, and main program execution in step b3, the permission user continues to select other services.
8. a kind of method that TCP network communication services end is converted to client according to claim 7, it is characterized in that, the step that described Socket Hook module is carried out comprises, to after the socket connect function calls, at first call the connect function of client operating system self in the intercepting and capturing client-side program; Whether obtain the process ID of current execution connect function then, inquiring about this process ID to Client Agent is the client subprocess that is started by Client Agent, if not, this module directly turns back to main program; If the client subprocess that starts by Client Agent, Client Agent can return the service access ID of this subprocess correspondence simultaneously, Socket Hook module turns back to main program then to the service access ID of service end transmission " service access " command word+correspondence.
CN 201010582952 2010-12-10 2010-12-10 Method for converting TCP network communication server into client Expired - Fee Related CN102035904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201010582952 CN102035904B (en) 2010-12-10 2010-12-10 Method for converting TCP network communication server into client

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010582952 CN102035904B (en) 2010-12-10 2010-12-10 Method for converting TCP network communication server into client

Publications (2)

Publication Number Publication Date
CN102035904A true CN102035904A (en) 2011-04-27
CN102035904B CN102035904B (en) 2013-04-03

Family

ID=43888213

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010582952 Expired - Fee Related CN102035904B (en) 2010-12-10 2010-12-10 Method for converting TCP network communication server into client

Country Status (1)

Country Link
CN (1) CN102035904B (en)

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102890644A (en) * 2011-07-20 2013-01-23 郑州威科姆科技股份有限公司 Byte stream-based interprocess communication method
CN102916865A (en) * 2012-11-08 2013-02-06 浙江宇视科技有限公司 Monitoring service management method and device
CN102970291A (en) * 2012-11-19 2013-03-13 北京思特奇信息技术股份有限公司 Method and device for establishing TCP (Transmission Control Protocol) connection by passing through unilateral firewall
CN104836863A (en) * 2015-04-08 2015-08-12 杭州威威网络科技有限公司 System and method for realizing TCP reverse port mapping
CN105119926A (en) * 2015-09-07 2015-12-02 中科宇图天下科技有限公司 Multichannel duplex communication method based on Socket connection
CN105635338A (en) * 2015-12-31 2016-06-01 迈普通信技术股份有限公司 Data transmission method and device
CN105812079A (en) * 2016-03-08 2016-07-27 北京数码视讯科技股份有限公司 Emergency broadcast state reporting method, device, emergency broadcast state receiving method and device
CN106302416A (en) * 2016-08-04 2017-01-04 中车青岛四方机车车辆股份有限公司 Corporate intranet access method, Android terminal, transfer processing method, transfer server
CN106302413A (en) * 2016-08-04 2017-01-04 中车青岛四方机车车辆股份有限公司 Corporate intranet access method, ios terminal, transfer processing method, transfer server
CN106506565A (en) * 2017-01-04 2017-03-15 上海上讯信息技术股份有限公司 A kind of remote command executes method and apparatus
CN107154942A (en) * 2017-05-16 2017-09-12 苏州云屏网络科技有限公司 A kind of method that automation services are provided by third-party server
CN108989420A (en) * 2018-07-12 2018-12-11 上海携程商务有限公司 The method and system of registration service, the method and system for calling service
CN108989302A (en) * 2018-07-04 2018-12-11 光大环保技术研究院(南京)有限公司 A kind of OPC based on key acts on behalf of connection system and connection method
CN109257392A (en) * 2018-11-30 2019-01-22 广州市百果园信息技术有限公司 A kind of command handling method, device, server and storage medium
CN109510801A (en) * 2017-09-15 2019-03-22 华耀(中国)科技有限公司 An integrated system of explicit forward proxy and SSL interception and its operation method
CN109756474A (en) * 2018-11-23 2019-05-14 国电南瑞科技股份有限公司 A kind of trans-regional call method of the service of electric power scheduling automatization system and device
CN110266477A (en) * 2019-05-23 2019-09-20 广州河东科技有限公司 A kind of UDP communication realization dynamic encrypting method
CN110365741A (en) * 2019-06-13 2019-10-22 网宿科技股份有限公司 A connection establishment method and transit server
CN110633163A (en) * 2019-09-26 2019-12-31 深圳市七星石科技有限公司 Development method for preventing application program from crashing based on multi-process server
CN110891008A (en) * 2019-11-21 2020-03-17 成都云智天下科技股份有限公司 IP proxy method based on L2TP/IPSEC
CN111026662A (en) * 2019-12-06 2020-04-17 联陆智能交通科技(上海)有限公司 Remote debugging method, system and medium for terminal equipment of Internet of things
CN112367383A (en) * 2020-10-30 2021-02-12 深圳云之家网络有限公司 Service calling method and related equipment
CN112532568A (en) * 2019-09-19 2021-03-19 马上消费金融股份有限公司 Interaction method, device, equipment and computer readable storage medium
CN112671903A (en) * 2020-12-23 2021-04-16 杭州安司源科技有限公司 General intranet online service system
CN112929359A (en) * 2021-02-01 2021-06-08 深信服科技股份有限公司 Proxy decryption method and device, terminal and storage medium
CN113472781A (en) * 2021-06-30 2021-10-01 平安证券股份有限公司 Service acquisition method, server and computer readable storage medium
CN114040189A (en) * 2021-09-30 2022-02-11 北京欧珀通信有限公司 Multimedia test method, device, storage medium and electronic equipment
CN114125076A (en) * 2021-11-18 2022-03-01 苏州极光无限信息技术有限公司 Data forwarding system
CN114338398A (en) * 2021-12-30 2022-04-12 北京市商汤科技开发有限公司 Data transmission method and device, electronic equipment and storage medium
CN114401326A (en) * 2021-12-20 2022-04-26 浙江保信科技有限公司 Bidirectional communication method for distributed Internet of things equipment
CN114584523A (en) * 2022-03-16 2022-06-03 张斌 Safety link sinking method
CN114785761A (en) * 2022-03-22 2022-07-22 杭州指令集智能科技有限公司 Advanced k8s cluster intercommunication method in Internet of things operating system
CN115567490A (en) * 2022-10-13 2023-01-03 泉州砾鹰石科技有限公司 A method of implementing webrtc server with a single port
CN116647538A (en) * 2023-06-06 2023-08-25 深圳市捷讯云联科技有限公司 Connecting device capable of accessing different intranet services
CN116647547A (en) * 2023-05-26 2023-08-25 南京粒聚智能科技有限公司 Method and device for remote communication connection of industrial field device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043447A (en) * 2007-04-23 2007-09-26 重庆大学 Method for mapping dynamically inside and outside network of server based on DDNS and NAT
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method of Remotely Accessing Intranet Web Server and Web Proxy Server
CN101465889A (en) * 2008-12-03 2009-06-24 北京星网锐捷网络技术有限公司 Network address translation equipment and request method of response address analysis protocol

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043447A (en) * 2007-04-23 2007-09-26 重庆大学 Method for mapping dynamically inside and outside network of server based on DDNS and NAT
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method of Remotely Accessing Intranet Web Server and Web Proxy Server
CN101465889A (en) * 2008-12-03 2009-06-24 北京星网锐捷网络技术有限公司 Network address translation equipment and request method of response address analysis protocol

Cited By (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102890644A (en) * 2011-07-20 2013-01-23 郑州威科姆科技股份有限公司 Byte stream-based interprocess communication method
CN102890644B (en) * 2011-07-20 2015-01-14 郑州威科姆科技股份有限公司 Byte stream-based interprocess communication method
CN102916865A (en) * 2012-11-08 2013-02-06 浙江宇视科技有限公司 Monitoring service management method and device
CN102916865B (en) * 2012-11-08 2015-09-09 浙江宇视科技有限公司 A kind of monitoring business management method and device
CN102970291A (en) * 2012-11-19 2013-03-13 北京思特奇信息技术股份有限公司 Method and device for establishing TCP (Transmission Control Protocol) connection by passing through unilateral firewall
CN102970291B (en) * 2012-11-19 2016-01-06 北京思特奇信息技术股份有限公司 A kind of pass through monolateral fire compartment wall set up TCP connect method and device
CN104836863A (en) * 2015-04-08 2015-08-12 杭州威威网络科技有限公司 System and method for realizing TCP reverse port mapping
CN104836863B (en) * 2015-04-08 2018-06-05 杭州威威网络科技有限公司 The system and method for realizing the mapping of TCP reverse ports
CN105119926A (en) * 2015-09-07 2015-12-02 中科宇图天下科技有限公司 Multichannel duplex communication method based on Socket connection
CN105119926B (en) * 2015-09-07 2018-01-23 中科宇图天下科技有限公司 A kind of multichannel duplex signaling method based on Socket connections
CN105635338A (en) * 2015-12-31 2016-06-01 迈普通信技术股份有限公司 Data transmission method and device
CN105635338B (en) * 2015-12-31 2019-03-05 迈普通信技术股份有限公司 A kind of data transmission method and device
CN105812079A (en) * 2016-03-08 2016-07-27 北京数码视讯科技股份有限公司 Emergency broadcast state reporting method, device, emergency broadcast state receiving method and device
CN106302416B (en) * 2016-08-04 2019-11-08 中车青岛四方机车车辆股份有限公司 Enterprise intranet access method, Android terminal, transfer processing method, transfer server
CN106302416A (en) * 2016-08-04 2017-01-04 中车青岛四方机车车辆股份有限公司 Corporate intranet access method, Android terminal, transfer processing method, transfer server
CN106302413A (en) * 2016-08-04 2017-01-04 中车青岛四方机车车辆股份有限公司 Corporate intranet access method, ios terminal, transfer processing method, transfer server
CN106302413B (en) * 2016-08-04 2019-11-08 中车青岛四方机车车辆股份有限公司 Enterprise intranet access method, ios terminal, transfer processing method, transfer server
CN106506565A (en) * 2017-01-04 2017-03-15 上海上讯信息技术股份有限公司 A kind of remote command executes method and apparatus
CN107154942A (en) * 2017-05-16 2017-09-12 苏州云屏网络科技有限公司 A kind of method that automation services are provided by third-party server
CN109510801A (en) * 2017-09-15 2019-03-22 华耀(中国)科技有限公司 An integrated system of explicit forward proxy and SSL interception and its operation method
CN109510801B (en) * 2017-09-15 2021-08-31 北京华耀科技有限公司 Explicit forward proxy and SSL interception integrated system and operation method thereof
CN108989302A (en) * 2018-07-04 2018-12-11 光大环保技术研究院(南京)有限公司 A kind of OPC based on key acts on behalf of connection system and connection method
CN108989420A (en) * 2018-07-12 2018-12-11 上海携程商务有限公司 The method and system of registration service, the method and system for calling service
CN108989420B (en) * 2018-07-12 2021-08-13 上海携程商务有限公司 Method and system for registering service, method and system for invoking service
CN109756474A (en) * 2018-11-23 2019-05-14 国电南瑞科技股份有限公司 A kind of trans-regional call method of the service of electric power scheduling automatization system and device
CN109756474B (en) * 2018-11-23 2021-02-05 国电南瑞科技股份有限公司 Service cross-region calling method and device for power dispatching automation system
CN109257392A (en) * 2018-11-30 2019-01-22 广州市百果园信息技术有限公司 A kind of command handling method, device, server and storage medium
CN109257392B (en) * 2018-11-30 2021-09-17 广州市百果园信息技术有限公司 Command processing method, device, server and storage medium
CN110266477A (en) * 2019-05-23 2019-09-20 广州河东科技有限公司 A kind of UDP communication realization dynamic encrypting method
CN110365741B (en) * 2019-06-13 2022-04-05 网宿科技股份有限公司 Connection establishing method and transfer server
CN110365741A (en) * 2019-06-13 2019-10-22 网宿科技股份有限公司 A connection establishment method and transit server
CN112532568A (en) * 2019-09-19 2021-03-19 马上消费金融股份有限公司 Interaction method, device, equipment and computer readable storage medium
CN110633163A (en) * 2019-09-26 2019-12-31 深圳市七星石科技有限公司 Development method for preventing application program from crashing based on multi-process server
CN110633163B (en) * 2019-09-26 2022-12-09 深圳市七星石科技有限公司 Development method for preventing application program from crashing based on multi-process server
CN110891008A (en) * 2019-11-21 2020-03-17 成都云智天下科技股份有限公司 IP proxy method based on L2TP/IPSEC
CN111026662A (en) * 2019-12-06 2020-04-17 联陆智能交通科技(上海)有限公司 Remote debugging method, system and medium for terminal equipment of Internet of things
CN112367383A (en) * 2020-10-30 2021-02-12 深圳云之家网络有限公司 Service calling method and related equipment
CN112671903A (en) * 2020-12-23 2021-04-16 杭州安司源科技有限公司 General intranet online service system
CN112929359A (en) * 2021-02-01 2021-06-08 深信服科技股份有限公司 Proxy decryption method and device, terminal and storage medium
CN112929359B (en) * 2021-02-01 2023-05-16 深信服科技股份有限公司 Proxy decryption method and device, terminal and storage medium
CN113472781A (en) * 2021-06-30 2021-10-01 平安证券股份有限公司 Service acquisition method, server and computer readable storage medium
CN113472781B (en) * 2021-06-30 2023-11-03 平安证券股份有限公司 Service acquisition method, server and computer readable storage medium
CN114040189A (en) * 2021-09-30 2022-02-11 北京欧珀通信有限公司 Multimedia test method, device, storage medium and electronic equipment
CN114125076A (en) * 2021-11-18 2022-03-01 苏州极光无限信息技术有限公司 Data forwarding system
CN114401326A (en) * 2021-12-20 2022-04-26 浙江保信科技有限公司 Bidirectional communication method for distributed Internet of things equipment
CN114338398B (en) * 2021-12-30 2024-06-07 北京市商汤科技开发有限公司 Data transmission method, device, electronic equipment and storage medium
CN114338398A (en) * 2021-12-30 2022-04-12 北京市商汤科技开发有限公司 Data transmission method and device, electronic equipment and storage medium
CN114584523A (en) * 2022-03-16 2022-06-03 张斌 Safety link sinking method
CN114785761A (en) * 2022-03-22 2022-07-22 杭州指令集智能科技有限公司 Advanced k8s cluster intercommunication method in Internet of things operating system
CN115567490A (en) * 2022-10-13 2023-01-03 泉州砾鹰石科技有限公司 A method of implementing webrtc server with a single port
CN116647547A (en) * 2023-05-26 2023-08-25 南京粒聚智能科技有限公司 Method and device for remote communication connection of industrial field device
CN116647547B (en) * 2023-05-26 2023-10-13 南京粒聚智能科技有限公司 Method and device for remote communication connection of industrial field device
CN116647538A (en) * 2023-06-06 2023-08-25 深圳市捷讯云联科技有限公司 Connecting device capable of accessing different intranet services
CN116647538B (en) * 2023-06-06 2024-05-28 深圳市捷讯云联科技有限公司 Connecting device capable of accessing different intranet services

Also Published As

Publication number Publication date
CN102035904B (en) 2013-04-03

Similar Documents

Publication Publication Date Title
CN102035904A (en) Method for converting TCP network communication server into client
JP4965574B2 (en) Port sharing among multiple processes
US11863529B2 (en) Private cloud routing server connection mechanism for use in a private communication architecture
US9712486B2 (en) Techniques for the deployment and management of network connected devices
US11075821B2 (en) Method and apparatus for managing field device based on cloud server
US20150113172A1 (en) Deploying and managing networked devices
CN113341798A (en) Method, system, device, equipment and storage medium for remotely accessing application
CN101133618A (en) Connect VPN users in the public network
CN107493344A (en) A kind of method and system of web access Docker containers
CN103944716B (en) The method and apparatus of user authentication
WO2015131524A1 (en) Remote access server method and web server
US11683292B2 (en) Private cloud routing server connection mechanism for use in a private communication architecture
CN112437100A (en) Vulnerability scanning method and related equipment
CN109495431A (en) Connection control method, device and system and interchanger
US12542765B2 (en) Remote server isolation utilizing zero trust architecture
MX2007010921A (en) Method for communication between an application and a client.
US11888898B2 (en) Network configuration security using encrypted transport
CN112217659B (en) Method and system for adding client terminal equipment to SD-WAN system
CN105704109B (en) A kind of network access verifying method and equipment
CN114928459B (en) Connection method and computer readable medium for private communication architecture
CN115208603B (en) Connection method and computer readable medium for private communication architecture
CN114244554B (en) A login method and system based on SSH
CN103532789B (en) Inter-network transparent transmission detecting system
JP4972646B2 (en) Providing consistent application-compatible firewall traversal
CN115776517A (en) Service request processing method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130403