The present disclosure relates to the field of Internet technology, and more particularly, to a method and a proxy server for establishing a communication connection.
In the current Internet communication, a Transmission Control Protocol (TCP) connection may be established between a client and a server, and data interaction may be performed through the TCP connection. Specifically, the TCP connection may be established between the client and the server by transmitting handshake signals multiple times.
At present, the handshake signal transmitted from the client to the server generally carries an IP address and/or a port identifier of the client and an IP address and/or a port identifier of the server. The IP address and/or the port identifier of the client may be used as a source IP address and/or a source port identifier respectively, and the IP address and/or the port identifier of the server may be used as a destination IP address and/or a destination port identifier respectively.
After the TCP connection is established between the client and a proxy server, the proxy server doesn't know which target server the client actually wants to access, so access data transmitted from the client to the proxy server cannot be forwarded to the target server by the proxy server, which makes the proxy server less suitable for TCP-based communication scenarios.
An objective of the present disclosure is to provide a method and a proxy server for establishing a communication connection, such that a Multipath Transmission Control Protocol (MPTCP) at a client side is converted to a Transmission Control Protocol (TCP) suitable for a source station by the proxy server to implement the proxy of a TCP layer.
To achieve the above objective, in one aspect, the present disclosure provides a method for establishing a communication connection, which is applied to a proxy server. The method includes: receiving a first connection request transmitted from a client, wherein the first connection request includes address information of a target server that the client needs to access; establishing a communication connection with the client in response to the first connection request, and parsing the address information from the first connection request; and constructing a second connection request directed to the target server according to the address information, and transmitting the second connection request to the target server to establish a communication connection with the target server.
To achieve the above objective, in another aspect, the present disclosure also provides a proxy server. The proxy server includes: a connection request receiving unit, configured to receive a first connection request transmitted from a client, wherein the first connection request includes address information of a target server that the client needs to access; a connection establishing unit, configured to establish a communication connection with the client in response to the first connection request, and parse the address information from the first connection request; and a connection request transmitting unit, configured to construct a second connection request directed to the target server according to the address information, and transmit the second connection request to the target server to establish the communication connection with the target server.
To achieve the above objective, in still another aspect, the present disclosure also provides a proxy server, which includes a memory and a processor. The memory is configured to store a computer program, and when the computer program is executed by the processor, the above method for establishing a communication connection is implemented.
As can be seen from the above description, according to technical solutions provided by the present disclosure, when the client initiates a first connection request to the proxy server, address information of a target server that the client needs to access may be added into the first connection request. In this way, after receiving the first connection request, the proxy server may establish a communication connection with the client on the one hand, and may also parse the address information of the target server from the first connection request on the other hand. Then, the proxy server may initiate a second connection request to the target server according to the parsed address information, such that the proxy server may also establish a communication connection with the target server. In this way, only by transmitting to the proxy server, by the client, the first connection request carrying the address information of the target server, the communication connections can be established between the client and the proxy server, and between the proxy server and the target server. Subsequently, the client may perform data interaction with the target server through the proxy server. As can be seen from the above description, in the present disclosure, the address information of the target server that the client needs to access is carried in the connection request, such that a Multipath Transmission Control Protocol (MPTCP) at the client side is converted to a Transmission Control Protocol (TCP) suitable for a source station by the proxy server, which is suitable for TCP-based application scenarios, and thus facilitates the proxy services for the client normally.
To describe the technical solutions in the embodiments of the present disclosure more clearly, the accompanying drawings required for describing the embodiments will be briefly introduced below. Apparently, the accompanying drawings in the following description are merely some embodiments of the present disclosure. To those of ordinary skills in the art, other accompanying drawings may also be derived from these accompanying drawings without creative efforts.
To make the objectives, technical solutions and advantages of the present disclosure clearer, the embodiments of the present disclosure are further described below in detail with reference to the accompanying drawings.
The present disclosure provides a method for establishing a communication connection, wherein the method may be applied to a system architecture as shown in
In view of this, the present disclosure provides a method for establishing a communication connection, and the execution subject of this method may be the above proxy server. With reference to
S1: receiving a first connection request transmitted from a client, wherein the first connection request includes address information of a target server that the client needs to access.
In this embodiment, an existing communication protocol between the client and the proxy server may be improved. In an original TCP protocol, a connection request transmitted from the client to the proxy server generally only contains address information of the proxy server, and the address information may include the IP address and/or port identifier of the proxy server. However, in this embodiment, the improved communication protocol may be applied to the client and the proxy server. When the client transmits the first connection request to the proxy server through the improved communication protocol, in addition to adding the address information of the proxy server into the first connection request according to the existing method, the address information of the target server that the client needs to access may also be added into the first connection request.
In practical applications, the first connection request transmitted from the client may be a SYNchronize sequence number (SYN) packet or other TCP packets. Taking the SYN packet as an example, the address information of the proxy server may be added according to a method stipulated in the existing TCP protocol. In addition, according to the improved communication protocol, the client may add, into an option field of the SYN packet, the address information of the target server that the client actually wants to access. The address information of the target server may include an IP address of the target server and/or a port identifier to be accessed on the target server. In this way, the address information of the target server may be filled in the designated option field of the first connection request. In practical applications, the designated option field may be an option field in the above SYN packet.
The proxy server obtains, from the first connection request transmitted from the client, the IP address and/or port identifier of the target server that the client needs to access, and then initiates a TCP connection to the target server. After the connection is established, the proxy server forwards the request received from the client to the target server, and then transmits a response of the target server to the client.
In one embodiment, when data interaction is performed between the client and the proxy server through the improved communication protocol, one designated port may also be selected from the proxy server, through which the first connection request transmitted from the client may be received. In this way, when the client starts a proxy service, the IP address of the proxy server and/or the port identifier of the designated port may be automatically configured in the client. When the client initiates the first connection request, the IP address of the proxy server and/or the port identifier of the designated port may be added into the first connection request. In this way, the proxy server may listen on the designated port, and receive, through the designated port, the first connection request transmitted from the client.
S3: establishing a communication connection with the client in response to the first connection request, and parsing the address information from the first connection request.
In this embodiment, after receiving the first connection request, the proxy server may establish the communication connection with the client in response to the first connection request. Specifically, the TCP communication connection may be established between the client and the proxy server through a three-way handshake.
In this embodiment, the first connection request transmitted from the client to the proxy server may be the SYN packet into which the address information of the proxy server and the target server are added. The SYN packet may include a SYN created by the client. With reference to
It should be noted that, in order to simplify the expression, in the drawings, the SYN may represent the SYNchronize sequence number, and the ACK may represent the ACKnowledgment sequence number. Of course, in the drawings, different SYNchronize sequence numbers may be represented by the SYN, and different ACKnowledgment sequence numbers may be represented by the ACK, which is just a simplified expression approach and does not mean that the SYN and the ACK transmitted between the clients or the proxy servers are the same.
After obtaining the ACK, the proxy server may generate a new SYN, and may construct a connection answer request including the ACK and the new SYN. The new SYN is different from the SYN created by the client and the ACK. After constructing the connection answer request, the proxy server may transmit the connection answer request to the client. After receiving the connection answer request, the client may extract the ACK and the new SYN from the connection answer request. The client may compare the ACK with the SYN created by the client itself. After acknowledging that the ACK and the SYN conform to a rule in the communication protocol, the client may determine that the current connection answer request is initiated by the proxy server in response to the first connection request. In this case, the client may continue to generate a new ACK on the basis of the new SYN according to a requirement in the communication protocol, and may feed back an acknowledgment packet containing the new ACK to the proxy server. In this way, after receiving the acknowledgment packet fed back by the client in response to the connection answer request, the proxy server may extract the new ACK from the acknowledgment packet. After determining that the new ACK and the new SYN generated by the proxy server itself meet the stipulations of the communication protocol, the proxy server may establish a TCP communication connection with the client.
In this embodiment, after establishing the communication connection with the client, the proxy server may further establish a communication connection with the target server. To establish the communication connection with the target server, the proxy server may first parse the address information of the target server from the first connection request. Specifically, the address information of the target server may be filled in a designated option field of the SYN packet, and then the proxy server may read, from the designated option field of the first connection request, the IP address of the target server and/or the port identifier to be accessed on the target server, so as to parse the address information of the target server.
In one embodiment, considering the TCP connection established between the client and the proxy server generally can only support one communication mode. For example, if the TCP connection is established between the client and the proxy server via WiFi, the TCP connection can only support the WiFi communication mode. Once network fluctuations occur in this communication mode, the data interaction between the client and the proxy server may also be affected. However, with the continuous development of terminal technology, generally there is more than one communication mode supported by the client. For example, a smart phone of a user can support two communication modes, such as WiFi and Long Term Evolution (LTE). Of course, the above WiFi and LTE are only two of a plurality of communication modes supported by the client. In practical applications, the client can also support more communication modes, which will not be enumerated here.
In this embodiment, to enable data interaction to be performed between the client and the proxy server through a plurality of communication modes, a MultiPath TCP (MPTCP) communication mode may be established between the client and the proxy server. Specifically, the MPTCP communication mode may be improved on the basis of the original TCP communication mode. For example, the client may support two communication modes, such as WiFi and 4G When the MPTCP communication is established between the client and the proxy server, the WiFi and the 4G may serve as two subchannels, so as to establish a communication connection between the two subchannels. With reference to
In this embodiment, after receiving the first connection request, the proxy server may identify the SYN from the first connection request, and may generate an ACKnowledgment sequence number (ACK) on the basis of the SYN according to an existing TCP protocol. Next, the proxy server may generate a new SYN and a second key value key2, and may construct a connection answer request containing the ACK, the new SYN, the multipath enable identifier, and the second key value. Then, the proxy server may transmit the connection answer request to the client. After receiving the connection answer request, the client finds that the connection answer request also carries the multipath enable identifier, which indicates that the proxy server also supports the MPTCP communication mode. In this way, the client may construct an acknowledgment packet in response to the connection answer request in accordance with the stipulations of the MPTCP protocol. The acknowledgment packet may include the multipath enable identifier, the first key value key1, the second key value key2, and a new ACK generated based on the new SYN. Then, the client may feed back the acknowledgment packet to the proxy server. After receiving the acknowledgment packet, the proxy server may extract the new ACK from the acknowledgment packet. After determining that the new ACK and the new SYN generated by the proxy server itself meet the stipulations of the communication protocol, the communication connection of the first subchannel corresponding to the first communication mode may be established between the proxy server and the client.
As can be seen from the above description, the communication connection of the first subchannel corresponding to the first communication mode may still be established between the client and the proxy server through a three-way handshake. However, in the three-way handshake, the multipath enable identifier, the first key value and the second key value need to be carried.
With reference to
After constructing the third connection request, the client may transmit the third connection request to the proxy server. The proxy server may identify the connection join identifier and the verification signaling from the third connection request. After acknowledging that the verification signaling is a hash value generated based on the second key value, the proxy server may know that the third connection request is initiated for the communication connection of the first subchannel. According to the requirements of the MPTCP protocol, the proxy server may generate a second random number and calculate a first message authentication code. Specifically, the proxy server may generate a first message according to the first random number and the second random number, and may generate a first secret key according to the first key value and the second key value, so as to calculate the first message authentication code corresponding to the first secret key and the first message. In practical applications, the proxy server may obtain the first message by splicing the first random number after the second random number, and may obtain the first secret key by splicing the first key value after the second key value. For example, if the first random number is 010 and the second random number is 111, the first message may be 111010. For another example, if the first key value is 101 and the second key value is 001, the first secret key may be 001101. The first message authentication code may be calculated by using the first secret key and the first message as parameters according to a Hashed Message Authentication Code (HMAC) calculation method.
In this embodiment, after calculating the first message authentication code, the proxy server may feed back to the client a connection answer packet including the connection join identifier, the first message authentication code, and the second random number. Of course, the connection answer packet may also include an ACK stipulated in a normal TCP protocol and a new SYN generated by the proxy server.
After receiving the connection answer packet, the client may generate a second message according to the first random number and the second random number, may generate a second secret key according to the first key value and the second key value, and may calculate a second message authentication code corresponding to the second secret key and the second message. Specifically, the client may obtain the second message by splicing the second random number after the first random number, and may obtain the second secret key by splicing the second key value after the first key value. For example, if the first random number is 010 and the second random number is 111, the second message may be 010111. For another example, if the first key value is 101 and the second key value is 001, the second secret key may be 101001. The second message authentication code may also be calculated by using the second secret key and the second message as parameters according to the HMAC calculation method.
After calculating the second message authentication code, the client may feed back to the proxy server an acknowledgment join request containing the connection join identifier and the second message authentication code. After receiving the acknowledgment join request, the proxy server may extract the second message authentication code. After the second message authentication code is successfully verified, the proxy server may feed back the acknowledgment connection packet to the client, such that the communication connection of the second subchannel corresponding to the second communication mode is established between the proxy server and the client. Of course, the client may still add a new ACK into the acknowledgment join request according to the stipulations of the TCP protocol. The new ACK may be generated based on the new SYN transmitted from the proxy server.
As can be seen from the above description, a TCP communication connection may be established between the client and the proxy server through a common TCP protocol. In addition, to improve data communication quality between the client and the proxy server, an MPTCP communication connection may also be established according to an MPTCP protocol. The MPTCP communication connection may include communication connections of a plurality of subchannels, and communication connections of different subchannels may correspond to different communication modes supported by the client.
S5: constructing a second connection request directed to the target server according to the address information, and transmitting the second connection request to the target server to establish the communication connection with the target server.
In this embodiment, after extracting the address information of the target server from the first connection request, the proxy server may establish a TCP connection with the target server according to a TCP communication mode. Specifically, with reference to
As can be seen from the above description, a TCP or MPTCP communication connection may be established between the client and the proxy server, and a TCP communication connection may be established between the proxy server and the target server. Then, for the TCP communication connection, the proxy server may receive an access packet transmitted from the client through the TCP communication connection established with the client, and may transmit the access packet to the target server through the TCP communication connection established with the target server. Moreover, the proxy server may receive a response packet fed back by the target server in response to the access packet, and may provide the response packet to the client through the TCP communication connection established with the client.
Furthermore, for the MPTCP communication connection, the proxy server may receive an access packet transmitted from the client through the first subchannel and/or the second subchannel, and may transmit the access packet to the target server through the TCP communication connection established with the target server. Then, the proxy server may receive a response packet fed back by the target server in response to the access packet, and may provide the response packet to the client through the first subchannel and/or the second subchannel.
The present disclosure also provides a proxy server, which includes:
a connection request receiving unit, configured to receive a first connection request transmitted from a client, wherein the first connection request includes address information of a target server that the client needs to access;
a connection establishing unit, configured to establish a communication connection with the client in response to the first connection request, and parse the address information from the first connection request; and
a connection request transmitting unit, configured to construct a second connection request directed to the target server according to the address information, and transmit the second connection request to the target server to establish the communication connection with the target server.
In one embodiment, the first connection request also includes a SYN added by the client, a multipath enable identifier, and a first key value. Correspondingly, the connection establishing unit includes:
a number processing module, configured to identify the SYN from the first connection request, and generate an ACK on the basis of the SYN;
a connection answer request constructing module, configured to generate a new SYN and a second key value, and to construct a connection answer request including the ACK, the new SYN, the multipath enable identifier, and the second key value; and
a first subchannel connecting module, configured to transmit the connection answer request to the client, and establish a communication connection of a first subchannel with the client after receiving an acknowledgment packet fed back by the client in response to the connection answer request, wherein the acknowledgment packet includes the multipath enable identifier, the first key value, the second key value, and a new ACK generated based on the new SYN.
In one embodiment, the connection request receiving unit is also configured to receive a third connection request transmitted from the client, wherein the third connection request at least includes a connection join identifier, a first random number, and a verification signaling.
Correspondingly, the connection establishing unit also includes:
a first secret key generating module, configured to generate a second random number after acknowledging that the verification signaling is a hash value generated based on the second key value, and generate a first message according to the first random number and the second random number, and generate a first secret key according to the first key value and the second key value;
a connection answer packet feedback module, configured to calculate a first message authentication code corresponding to the first secret key and the first message, and feed back to the client a connection answer packet including the connection join identifier, the first message authentication code, and the second random number; and
a second subchannel connecting module, configured to receive an acknowledgment join request transmitted from the client in response to the connection answer packet, wherein the acknowledgment join request includes the connection join identifier and a second message authentication code, and to feed back an acknowledgment connection packet to the client to establish a communication connection of a second subchannel with the client after the second message authentication code is successfully verified.
In one embodiment, the proxy server also includes:
a multipath data transmitting unit, configured to receive an access packet transmitted from the client through the first subchannel and/or the second subchannel, and transmit the access packet to the target server through the communication connection established between the proxy server and the target server; and
a multipath data providing unit, configured to receive a response packet fed back by the target server in response to the access packet, and provide the response packet to the client through the first subchannel and/or the second subchannel.
With reference to
In this embodiment, the processor may include a central processing unit (CPU) or a graphics processing unit (GPU), or of course may also include other single-chip microcomputers, logic gate circuits, integrated circuits and so on with logic processing capabilities, or appropriate combinations thereof. The memory set forth in this embodiment may be a memory device for storing information. In a digital system, a device that can store binary data may be a memory. In an integrated circuit, a circuit with storage function that has no physical form may also be a memory, such as RAM, FIFO, etc. In a system, a storage device having a physical form may also be referred to as a memory and so on. When implemented, the memory may also be implemented in the form of cloud storage, and a specific implementation is not limited in this specification.
It should be noted that reference may be made to the description of the method embodiments for the specific embodiments of the proxy server in this specification, and thus repeated description is omitted herein.
As can be seen from the above description, according to technical solutions provided by the present disclosure, when the client initiates a first connection request to the proxy server, address information of a target server that the client needs to access may be added into the first connection request. In this way, after receiving the first connection request, the proxy server may establish a communication connection with the client on the one hand, and may also parse the address information of the target server from the first connection request on the other hand. Then, the proxy server may initiate a second connection request to the target server according to the parsed address information, such that a communication connection may also be established between the proxy server and the target server. In this way, only by transmitting to the proxy server, by the client, the first connection request carrying the address information of the target server, the communication connections can be established between the client and the proxy server, and between the proxy server and the target server. Subsequently, the client may perform data interaction with the target server through the proxy server. As can be seen from the above description, in the present disclosure, the address information of the target server that the client needs to access is carried in the connection request, such that a Multipath Transmission Control Protocol (MPTCP) at the client side is converted to a Transmission Control Protocol (TCP) suitable for a source station by the proxy server, which is suitable for TCP-based application scenarios, and thus facilitates the proxy services for the client normally.
From the description of the foregoing embodiments, those skilled in the art may clearly know that various embodiments may be implemented in the form of software with necessary general hardware platform, or in the form of hardware. Based on such an understanding, the above technical solutions in essence or that part of contribution to the prior art may be embodied in the form of software products, which may be stored in computer-readable storage media, such as a ROM/RAM, a diskette or an optical disk and the like, including some instructions to direct a computing device (may be a personal computer, a server, or a network device, etc.) to implement each embodiment or methods described in some parts of the embodiments.
The foregoing descriptions are merely preferred embodiments of the present disclosure, and are not intended to limit the present disclosure. Any modification, equivalent replacement and improvement made within the spirit and principle of the present disclosure shall fall into the protection scope of the present disclosure.
Number | Date | Country | Kind |
---|---|---|---|
201910017251.3 | Jan 2019 | CN | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/CN2019/074464 | 2/1/2019 | WO | 00 |