CN102761534A - Method and device for realizing transparent proxy of media access control layer - Google Patents
Method and device for realizing transparent proxy of media access control layer Download PDFInfo
- Publication number
- CN102761534A CN102761534A CN2011101197210A CN201110119721A CN102761534A CN 102761534 A CN102761534 A CN 102761534A CN 2011101197210 A CN2011101197210 A CN 2011101197210A CN 201110119721 A CN201110119721 A CN 201110119721A CN 102761534 A CN102761534 A CN 102761534A
- Authority
- CN
- China
- Prior art keywords
- frame
- mac address
- destination
- point
- stem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and a device for realizing transparent proxy of a media access control (MAC) layer. After application layer data which is included in a first frame sent from a source station to a destination station and is intercepted by a first network card capable of communicating with the source station in a gateway is processed, source MAC address information in the head part of a second frame sent to the destination station in response to the first frame and including the application layer data is modified to be an MAC address of the source station, besides, a sending function of a second network card capable of communicating with the destination station in the gateway is called, and the second frame is sent to the destination station.
Description
Technical field
Present invention relates in general to field of information processing, more specifically, relate to a kind of method and apparatus of realizing medium access control (MAC) layer Transparent Proxy.
Background technology
Content filtering equipment (for example, fire compartment wall) based on gateway has two kinds of implementations usually: a kind of is filter-type, a kind of for acting on behalf of type.The data that so-called filter-type gateway is meant transmission over networks are intercepted and captured and analyze content wherein by this gateway device through gateway device the time; The type gateway of agency then is at first to be communicated with gateway proxy by the client that communicates to server, and gateway proxy goes to communicate with real server again, and in this process, gateway proxy can data cached content.
More specifically, as a kind of type of acting on behalf of gateway of realizing transparent transmission, the communication between the client and server is acted on behalf of on one's body the gateway device of centre; Client is thought and is directly being communicated with server, but in fact it is to communicate with gateway device, and gateway device communicates with the identity and the server of client again.And this is acted on behalf of identity that the type gateway can emulating server and changes behavior and details with client communication; Only can select and to return to client with the data of the safety of server communication.
In this transparent transmission model, as previously mentioned, gateway device is to communicate with server with the identity of client.The identity of called customer terminal is that Internet protocol (IP) address with client identifies in common agent model.For example, gateway device uses the IP address of client to come to communicate with server and transmit data, and particularly, as Transparent Proxy, the IP address of source IP address information and actual customer end that gateway device guarantees to mail to the grouping of server is the same.In typical network seven layer protocol architectures, IP is in network layer (that is, the 3rd layer), therefore common agent model realized the 3rd layer transparent.
Summary of the invention
A kind of method of the MAC of realization layer Transparent Proxy is disclosed according to one embodiment of present invention.Said method comprises: mailing to after the application layer data that comprises first frame of point of destination handled from said source station of first network interface card institute intercepting that in gateway, can communicate with the source station, be revised as the MAC Address of said source station to the source MAC address information in the stem that will issue second frame said point of destination, that comprise treated said application layer data in response to said first frame; And, through calling in the said gateway transmission function of second network interface card that can communicate with said point of destination, said second frame is sent to said point of destination.
A kind of device of the MAC of realization layer Transparent Proxy is disclosed according to another embodiment of the invention.Said device comprises: modified module; Be used for being revised as the MAC Address of said source station to the source MAC address information in the stem that will issue second frame said point of destination, that comprise treated said application layer data in response to said first frame the mailing to from said source station after the application layer data that comprises first frame of point of destination handled of first network interface card institute intercepting that gateway can communicate with the source station; And sending module, be used for said second frame being sent to said point of destination through calling the transmission function of second network interface card that said gateway can communicate with said point of destination.
Description of drawings
With reference to attached drawings exemplary embodiment of the present invention has been described.Should be appreciated that these accompanying drawings only are exemplary and nonrestrictive, and the corresponding or similar key element of same or analogous reference marker indication in the accompanying drawing.
Fig. 1 shows the general view according to the system of one exemplary embodiment of the present invention;
Fig. 2 illustrates in greater detail the system according to one exemplary embodiment of the present invention;
Fig. 3 shows the flow chart according to the method for one exemplary embodiment of the present invention; And
Fig. 4 shows the block diagram according to the device of one exemplary embodiment of the present invention.
Embodiment
In the detailed description below, provided a large amount of details, so that the thorough to embodiments of the invention to be provided.Yet, it should be appreciated by those skilled in the art that these details only are illustrative rather than restrictive, can not have to realize the present invention under the situation of these details.In specification, do not describe some known parts, structure and operation in detail, in order to avoid fuzzy undeservedly the present invention.
The phrase of mentioning in the specification " embodiment " or expressions such as " embodiment " combine this embodiment and special characteristic, structure or the characteristic described are included among at least one embodiment of the present invention.Therefore, the phrase " in one embodiment " that occurs everywhere in this manual or " according to an embodiment " etc. might not refer to same embodiment.
It will be understood by those skilled in the art that embodiment as herein described can be realized by hardware, software, firmware, middleware, microcode or its combination in any.
At first with reference to figure 1, it shows the general view according to the system 100 of one exemplary embodiment of the present invention.
In a kind of typical case of system 100 realized, client 101 was positioned in the zone of network (for example, local area network (LAN), not shown), and server 102 is arranged in another zone of consolidated network, and gateway 103 then between these two zones, plays the effect of bridge joint.For for simplicity,, only show single equipment here, yet the present invention is not limited to this for each building block of this system.
Similarly, server 102 and gateway 103 also can comprise multiple based in the computing equipment of processor any one respectively; Equally, server 102 and gateway 103 also can move one or more in the various operating systems respectively.Server 102 is used to the various requesting services that comprise client 101 various types of services is provided.Gateway 103 is in bridge mode, is used to realize the communication between client 101 and the server 102.In an embodiment of the present invention, gateway 102 can also provide the application level proxy service, and its agent functionality also is transparent for the second layer in the network seven layer protocol architectures (data link layer, more particularly, media access control sublayer wherein).
Below, send data instance with source station (for example, client 101) to point of destination (for example, server 102), the actual a kind of communication process that takes place between client 101 and the server 102 is described under the situation that gateway (or Transparent Proxy gateway) 103 exists.It will be understood by those skilled in the art that only be a kind of sample situation as the source station, with server 102 as the point of destination with client 101 here, the present invention is not limited to this.
The data that client 101 is sent can be at first by 103 interceptings of Transparent Proxy gateway, and the latter goes to send these data with the identity of client 101 to server 102 again.Thus, through Transparent Proxy gateway 103 between two parties, between client 101 and server 102, realize transfer of data.From the angle of client 101, it is to communicate at direct and server 102, but actual really not so.
More specifically; With reference to Fig. 1, receive (or intercepting) to client 101 during at Transparent Proxy gateway 103 to frame 110 (shown in the arrow on the left of among the figure) that server 102 sends, can stem to this frame 110 in contained MAC layer information carry out record; For example; At least comprise source MAC address information (that is, the MAC Address of client 101 self), or the like.The MAC layer information that is write down can also comprise the target MAC (Media Access Control) address information (that is the MAC Address of server 202) of frame 110.In addition; Depend on actual needs; Can also write down out of Memory; For example under the situation of using the 802.1Q Virtual Local Area Network, (wherein insert the VLAN mark of one 4 byte in the frame format at Ethernet), can also write down vlan identifier (ID) in the VLAN mark or the like, the present invention is not limited to this.
After above-mentioned recording operation finishes, in one embodiment, can begin that the application layer data that comprises in the received frame 110 is carried out application level proxy and handle.Said application layer data is meant the data relevant with the operation of application process, for example, includes but not limited to Email, HTTP message or the like, and it is handled in the application layer of layered protocol message structure.In Transparent Proxy gateway 103, application level proxy is handled and is for example included but not limited to killing virus, information filtering or the like, as used in the prior art.
After application level proxy disposes, be in due course, Transparent Proxy gateway 103 will send frame 111 (shown in the arrow on right side among the figure), the application layer data of having handled before having comprised in this frame 111 to server 102 with the identity of client 101.It should be noted that according to the present invention for this frame 111, the source MAC address information of the frame 110 that is write down before can using is revised the corresponding informance in the stem of frame 111, and then amended frame 111 is issued server 102.Through such processing, the MAC layer information that is appreciated that the frame 111 that Transparent Proxy gateway 103 sends is to be consistent with the primitive frame 110 that client 101 is sent, and therefore can realize that the second layer is transparent.
By comparison; Moving on the existing Transparent Proxy gateway of linux system for example; Although the IP address that can revise the initiator through calling system API and port (directly send from original client so that look like from the grouping of the past destination server of gateway forwards; With this realize the 3rd layer transparent, as previously mentioned), but but can't revise source MAC.In this case; For example, as some second layer filter plants between gateway device and the server, possibly can't see original real client mac address fully; And cause a series of problems such as control corresponding, access strategy to solve; Cause such agency to realize not to be real transparent, that is to say, it is said that it has revised some identification information of client in logarithm is input into row agency's process.
As previously mentioned, utilize design of the present invention, can realize that the second layer is transparent, thereby convenient user network deployment has improved user experience simultaneously.
Fig. 2 illustrates in greater detail the system 200 according to one exemplary embodiment of the present invention.Hereinafter, omitted to Fig. 1 in the explanation of identical unit (for example, client 201, server 202 or the like), and specifically describe gateway of the present invention (or Transparent Proxy) 203 emphatically.
As shown in the figure, according to one embodiment of present invention, Transparent Proxy gateway 203 can comprise record logic 204, application level proxy 205 and Microsoft Loopback Adapter (VIF) 206.As the gateway that is in bridge mode, it typically has a plurality of interfaces (that is network interface card) and communicates with each self-corresponding Target Station being used for.For the convenience of describing, in Fig. 2, only show two interfaces to Transparent Proxy gateway 203, network interface card 207 that promptly can communicate with client 201 and the network interface card 208 that can communicate with server 202.
Known like those skilled in the art; Usually safeguarding in the gateway device has to transmit a (not shown); Clauses and subclauses wherein (if any) show the corresponding relation between the interface of Target Station (identifying with its MAC Address) and this gateway, for example client 201 corresponding to network interface card 207, server 202 corresponding to network interface card 208 or the like.Transparent Proxy gateway 203 (more specifically; For example, network interface card 207) be truncated to when mailing to the frame (for example, frame 210) as the server 202 of point of destination from client 201 as the source station; Confirm that this gateway can communicate with server 202; For example, transmit, find to exist and server 202 corresponding network interface cards 208 through search.
In Fig. 2, the frame 210 that mails to server 202 from client 201 that record logic 204 is used to write down 207 interceptings of network interface card for information about.In one exemplary embodiment of the present invention, said information comprises source (that is, the client 201) MAC Address of frame 210 at least, and this can obtain from the stem of this frame.Said information for example can also include but not limited to: the purpose of frame 210 (that is, server 202) MAC Address, and this also can obtain from the stem of this frame; With the corresponding interface (that is, network interface card 208) that belongs to gateway 203 of this target MAC (Media Access Control) address, this can acquisition from said transmitting; Or the like.These information can be by storage explicitly, so that use.
As the example of an indefiniteness, in Transparent Proxy gateway, can use connection tracking to allow kernel to follow the tracks of and write down all logical network and connect or session based on Linux.In a kind of example implementation of the present invention, can expand the data structure of safeguarding to each connection (for example, identifying as it) so that store more information with IP address and port.For example, record logic 204 can will required information (for example, source and destination MAC Address of frame 210 or the like) be recorded in the structure after the expansion explicitly, supplies the subsequent process use.
Pass through network protocol stack; The frame 210 that before receives is successively peelled off stem and is transmitted to more high-rise; The final application layer data that wherein comprises is delivered to application level proxy 206 and handles to carry out conventional application level proxy, for example, includes but not limited to killing virus, information filtering or the like.Main improvement of the present invention does not lie in this, therefore omits further describing it.
Continuation is with reference to figure 2; In one exemplary embodiment of the present invention; For Transparent Proxy gateway 203 in response to the frame that receives 210 with the identity of client 101 to the frame 211 that server 102 sends, can realize the recovery of source MAC in this frame through VIF 206.
Microsoft Loopback Adapter VIF 206 can realize through the form that network interface card drives.After thereby this driving of loading was registered this network interface card in operating system, it was a common network interface card that VIF 206 is identified as by operating system.According to one exemplary embodiment of the present invention; The routing policy that VIF 206 can revise Transparent Proxy gateway 203 (for example; Routing table); So that send for all being routed to VIF 206 through application level proxy 205 data that handle, that need transparent sending (for example, issuing server 202).
VIF 206 has the ability of the source MAC of revising the frame 211 corresponding with frame 210.According to one embodiment of the present of invention, for example, VIF 206 can with reference to before by the frame 210 of record logic 204 record (in the connection tracking of expansion) for information about in corresponding content, as the MAC Address of client 201; Then, the source MAC address information in the stem of frame 211 is revised as the source MAC (that is the MAC Address of client 201) that is write down; Then, the transmission function that directly calls network interface card 208 sends to server 202 with amended frame 211.
Thus, send in the frame 211 of server 202, can guarantee that source MAC address information also is the same with the MAC Address of client 201 self, thereby realize that the second layer (MAC layer) is transparent in the identity of Transparent Proxy gateway 203 with client 201.
In one embodiment of the invention, information recorded before for example can utilizing with reference to transmitting of this gateway, is confirmed to send through network interface card 208.
Here; (for example directly call physical network card by VIF 206; Network interface card 208) transmission function; Avoided to carry out the process of framing, thereby the source MAC of the frame of having guaranteed to send through this physical network card remains through above-mentioned amended source MAC (that is the MAC Address of client 201) to this physical network card through network protocol stack.
It will be understood by those skilled in the art that above-mentioned each functions of components also can make up each other, for example, record logic 204 can be by in realizing single parts with VIF 205.
In addition; Consider the situation of 802.1Q VLAN; According to one embodiment of present invention, record logic 204 can also additionally write down the VLAN ID of received frame (for example, frame 210); For example, can the information such as MAC Address of itself and this frame be recorded in the expansion structure of connection tracking explicitly; Correspondingly, the VLAN ID of the frame (for example, frame 211) that VIF 206 can also utilize this VLAN ID that is write down to change will to issue server 202, thus also can realize second layer Transparent Proxy to VLAN.
In addition; Utilize design philosophy of the present invention, it will be understood by those skilled in the art that (at this moment for the data that mail to client 201 from server 202; Server 202 can be regarded as the source station; Client 201 then can be regarded as the point of destination), Transparent Proxy gateway 203 can similarly be handled, and makes in client 201; Being that real server 202 is carrying out direct communication with it, in fact then is that between two parties Transparent Proxy gateway 203 communicates with it in the identity with server 202.
In addition, consideration need connect (or session) through shaking hands with the situation of carrying out transfer of data (for example, using transmission control protocol (TCP)).According to one exemplary embodiment of the present invention, in this case, send when connect setting up request to server 202 for the first time when client 201, corresponding claim frame can be by 207 interceptings of the network interface card of Transparent Proxy gateway 203.Gateway 203 is confirmed oneself can communicate with server 202; For example; Here be (otherwise through network interface card 208; Gateway 203 can be selected this claim frame is directly broadcasted through other network interface card beyond the inter nic on this gateway 207, as bridging device of the prior art is realized).Then, record logic 204 can write down this claim frame for information about, for example; Source MAC in the stem of this frame is as the MAC Address of client 201; Target MAC (Media Access Control) address in the stem of this frame is as the MAC Address of server 202, or the like, the present invention is not limited to this.
According to one exemplary embodiment of the present invention; After such information is write down; According to Handshake Protocol; As the acknowledgement frame that Transparent Proxy gateway 203 sends to client 201 with the identity of server 202 in response to this claim frame, VIF 206 can be revised as the source MAC address information in the stem of this acknowledgement frame the MAC Address of the server 202 that is write down, and through the transmission function that directly calls network interface card 207 amended this acknowledgement frame is issued client 201.It will be understood by those skilled in the art that client 201 can send and reaffirm frame then in response to receiving this acknowledgement frame, as prior art realized.Through such handshake procedure, between client 201 and Transparent Proxy gateway 203, set up and be connected (certainly, in client 201, it is directly to have set up with server 202 to be connected).In addition, after suitable opportunity, Transparent Proxy gateway 203 is not described in detail in this with situation about connecting between the identity (more specifically, the MAC Address of this client) of client 201 and the server 202 and above-mentioned similar.
Transfer of data between client 201 and the server 202 (for example, frame 210) is carried out through the connection of such foundation just.Institute's information recorded before utilizing; VIF 206 can to issue server 202, be revised as the MAC Address of the client 201 that is write down with source MAC address information in the stem of frame 210 corresponding frames 211; Realize that with this second layer is transparent, as previously mentioned.
With reference to figure 3, show flow chart below according to the method 300 of one exemplary embodiment of the present invention.Said method 300 can realize in the gateway with application level proxy function (for example, the Transparent Proxy gateway 103,203).
As shown in the figure, this process starts from step S301, in this step, and mailing to the application layer data that comprises first frame of point of destination from the source station and handle first network interface card institute intercepting in the gateway.With reference to the example that combines Fig. 2 to provide; For Transparent Proxy gateway 203 (more specifically; The network interface card 207 that can communicate with client 201 wherein) institute's intercepting mails to the application layer data that comprises the frame 210 of server 202 from client 201; For example include but not limited to Email, HTTP message or the like; As the gateway with application level proxy function 203, application level proxy 205 wherein can be handled this application layer data, for example includes but not limited to killing virus, information filtering or the like.
Gateway is in order to realize agent functionality, need with the identity of source station with before the data (it has passed through the processing of gateway) of intercepting from the source station mail to destination.According to one exemplary embodiment of the present invention,, be revised as the MAC Address of said source station to the source MAC address information in the stem that will issue second frame said point of destination, that comprise treated application layer data in response to said first frame at step S302.Continuation is with reference to figure 2; After the application layer data that in 205 pairs of frames 210 of application level proxy, comprises was handled, VIF 206 can be revised as the source MAC address information in the stem of formed second frame 211 that comprises this treated application layer data the MAC Address of client 201 self.That is to say that the mac address information in the stem of amended like this frame 211 is that the mac address information in the stem with the client 201 original frames that send 210 is consistent.
Then, this process advances to step S303, in this step, through directly calling the transmission function of second network interface card in the said gateway, said second frame is sent to said point of destination.Continuation is with reference to figure 2, and VIF 206 can directly call the transmission function of real physical network card 208 (it can communicate with server 202) in the Transparent Proxy gateway 203 after above-mentioned retouching operation is accomplished, make frame 211 really issued server 202.Thus, the method 300 of MAC layer Transparent Proxy that can realize according to an embodiment of the invention can finish.
In addition, in one embodiment of the invention, before step S301; (for example can also work as said first frame; During frame 210) by the intercepting of said first network interface card (for example, network interface card 207) institute, the source MAC address information in the stem of record frame 210; As the MAC Address of client 201, use for the subsequent modification step.In addition, in this recording step, can also write down the target MAC (Media Access Control) address information in the stem of frame 210, as the MAC Address of server 202.And, have at frame 210 under the situation of VLAN mark, in this recording step, can also write down the vlan identifier of frame 210; And in said modify steps S302, can also the vlan identifier of frame 211 be revised as the vlan identifier of the frame 210 that is write down.As a kind of concrete implementation, these information that write down for example include but not limited to be stored in MAC Address and the vlan identifier or the like of MAC Address, the point of destination of source station in the connection tracking of expansion, as previously mentioned.
In addition; In one embodiment of the invention, before step S301, can also the claim frame that requires between as the client 201 of source station and server 202, to connect as the point of destination during by 207 interceptings of network interface card (for example; Consideration need connect through shaking hands to continue the situation of transfer of data; Wherein, the frame 210 that comprises application layer data is to transmit through the connection after setting up), write down the source MAC address information in the stem of this claim frame; As the MAC Address of client 201, use for subsequent modification step S302.Similarly, the target MAC (Media Access Control) address information that can also write down this claim frame is with MAC Address and vlan identifier as server 202, or the like.And; This claim frame in response to institute's intercepting; A part that connects through shaking hands with the identity and the client 201 of server 202 as Transparent Proxy gateway 203; Can also for example pass through VIF 206, will be revised as the MAC Address of the server 202 that is write down in response to the source MAC address information in the stem of the acknowledgement frame of this claim frame, the transmission function that calls network interface card 207 then sends to client 201 with such acknowledgement frame.
Abovely described exemplary method 300, it will be understood by those skilled in the art that the said method step only is illustrative rather than restrictive, depended on concrete realization with reference to Fig. 3, said method can also comprise more additional/step that substitutes.In one or more schemes, the function that these method steps are corresponding can realize in hardware, software, firmware or its combination in any.
Fig. 4 shows the block diagram according to the device 400 of one exemplary embodiment of the present invention.
Said device 400 comprises like the lower part at least: modified module 401; Be used for being revised as the MAC Address of said source station to the source MAC address information in the stem that will send to second frame said point of destination, that comprise treated said application layer data in response to said first frame the mailing to from said source station after the application layer data that comprises first frame of point of destination handled of first network interface card institute intercepting that gateway can communicate with the source station; And sending module 402 is used for through calling the transmission function of second network interface card that said gateway can communicate with said point of destination said second frame being sent to said point of destination.
In addition, additional/alternative module that said device 400 can also comprise, in order to realize more corresponding functions, for example, front associated methods 300 is described.Said device 400 for example can be corresponding to Fig. 1, gateway device 103,203 shown in Figure 2, or one or more assembly.Should be understood that device 400 is described to comprise a plurality of modules, it can be the functional module that expression is realized by hardware, software or its combination.
Also show some embodiments of the present invention although the front is described, those skilled in the art are easy to just can expect, are feasible too for many modifications and the modification of these embodiment.Therefore, should be appreciated that accompanying claims is intended to contain all such modifications and the modification that falls within essence of the present invention and the scope.
Claims (18)
1. method that realizes medium access controls (MAC) layer Transparent Proxy comprises:
Mailing to after the application layer data that comprises first frame of point of destination handled from said source station of first network interface card institute intercepting that in gateway, can communicate with the source station is revised as the MAC Address of said source station to the source MAC address information in the stem that will issue second frame said point of destination, that comprise treated said application layer data in response to said first frame; And
Through calling in the said gateway transmission function of second network interface card that can communicate with said point of destination, said second frame is sent to said point of destination.
2. method according to claim 1 also comprises:
When said first frame during, write down the source MAC address information in the stem of said first frame, as the MAC Address of said source station by the said first network interface card intercepting.
3. method according to claim 2, wherein,
Said recorded steps also comprises: write down the target MAC (Media Access Control) address information in the stem of said first frame, as the MAC Address of said point of destination.
4. method according to claim 2, wherein, said first frame has the Virtual Local Area Network mark, and wherein,
Said recorded steps also comprises: write down the vlan identifier in the VLAN mark of said first frame; And
The step of said modification also comprises: the vlan identifier that the vlan identifier in the VLAN mark of said second frame is revised as first frame that is write down.
5. method according to claim 1 also comprises:
When the claim frame that requires between said source station and said point of destination, to connect during by the said first network interface card intercepting; Source MAC address information in the stem of record described request frame; As the MAC Address of said source station, wherein, said first frame be through the connection that will set up transmit.
6. method according to claim 5, wherein,
Said recorded steps also comprises: the target MAC (Media Access Control) address information in the stem of record described request frame, and as the MAC Address of said point of destination.
7. method according to claim 6 also comprises:
To be revised as the MAC Address of the said point of destination of being write down in response to the source MAC address information in the stem of the acknowledgement frame of described request frame; And
Through calling the transmission function of said first network interface card, said acknowledgement frame is sent to said source station.
8. method according to claim 5, wherein, the described request frame has the Virtual Local Area Network mark, and wherein,
Said recorded steps also comprises: the vlan identifier in the VLAN mark of record described request frame; And
The step of said modification also comprises: the vlan identifier that the vlan identifier in the VLAN mark of said second frame is revised as the claim frame that is write down.
9. according to the arbitrary described method of claim 2 to 8, wherein, institute's information recorded is stored in the connection tracking of expansion.
10. device of realizing medium access controls (MAC) layer Transparent Proxy comprises:
Modified module; Be used for being revised as the MAC Address of said source station to the source MAC address information in the stem that will issue second frame said point of destination, that comprise treated said application layer data in response to said first frame the mailing to from said source station after the application layer data that comprises first frame of point of destination handled of first network interface card institute intercepting that gateway can communicate with the source station; And
Sending module is used for through calling the transmission function of second network interface card that said gateway can communicate with said point of destination said second frame being sent to said point of destination.
11. device according to claim 10 also comprises:
Logging modle is used for when said first frame during by the said first network interface card intercepting, writes down the source MAC address information in the stem of said first frame, as the MAC Address of said source station.
12. device according to claim 11, wherein,
Said logging modle also writes down the target MAC (Media Access Control) address information in the stem of said first frame, as the MAC Address of said point of destination.
13. device according to claim 11, wherein, said first frame has the Virtual Local Area Network mark, and wherein,
Said logging modle also writes down the vlan identifier in the VLAN mark of said first frame; And
Said modified module also is revised as the vlan identifier in the VLAN mark of said second frame vlan identifier of first frame that is write down.
14. device according to claim 10 also comprises:
Logging modle; Be used for when the claim frame that requires between said source station and said point of destination, to connect during by the said first network interface card intercepting; Source MAC address information in the stem of record described request frame; As the MAC Address of said source station, wherein, said first frame be through the connection that will set up transmit.
15. device according to claim 14, wherein,
Said logging modle also writes down the target MAC (Media Access Control) address information in the stem of described request frame, as the MAC Address of said point of destination.
16. device according to claim 15 also comprises:
Be used for to be revised as in response to the source MAC address information of the stem of the acknowledgement frame of described request frame the module of the MAC Address of the said point of destination of being write down; And
Be used for said acknowledgement frame being sent to the module of said source station through calling the transmission function of said first network interface card.
17. device according to claim 14, wherein, the described request frame has the Virtual Local Area Network mark, and wherein,
Said logging modle also writes down the vlan identifier in the VLAN mark of described request frame; And
Said modified module also is revised as the vlan identifier in the VLAN mark of said second frame vlan identifier of the claim frame that is write down.
18. according to each described device of claim 9 to 17, wherein, institute's information recorded is stored in the connection tracking of expansion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110119721.0A CN102761534B (en) | 2011-04-29 | 2011-04-29 | Realize the method and apparatus of media access control layer Transparent Proxy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110119721.0A CN102761534B (en) | 2011-04-29 | 2011-04-29 | Realize the method and apparatus of media access control layer Transparent Proxy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102761534A true CN102761534A (en) | 2012-10-31 |
| CN102761534B CN102761534B (en) | 2016-05-11 |
Family
ID=47055856
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110119721.0A Active CN102761534B (en) | 2011-04-29 | 2011-04-29 | Realize the method and apparatus of media access control layer Transparent Proxy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102761534B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103428095A (en) * | 2013-08-26 | 2013-12-04 | 深信服网络科技(深圳)有限公司 | Proxy server and proxy method thereof |
| CN104205764A (en) * | 2012-03-26 | 2014-12-10 | 惠普发展公司,有限责任合伙企业 | Frame passing based on ethertype |
| CN104994137A (en) * | 2015-05-27 | 2015-10-21 | 四川卫士通信息安全平台技术有限公司 | Method of network readezvous point |
| CN106534794A (en) * | 2016-11-30 | 2017-03-22 | 浙江宇视科技有限公司 | Video monitoring system remote control method and device |
| CN107205005A (en) * | 2016-03-18 | 2017-09-26 | 上海有云信息技术有限公司 | A kind of transparent application level proxy Realization Method of Communication of link layer |
| CN108848202A (en) * | 2018-06-21 | 2018-11-20 | Oppo(重庆)智能科技有限公司 | electronic device, data transmission method and related product |
| CN108924138A (en) * | 2018-07-05 | 2018-11-30 | 成都安恒信息技术有限公司 | A method of realizing that TCP agent is fully transparent |
| CN109981701A (en) * | 2017-12-27 | 2019-07-05 | 新智数字科技有限公司 | Transmitting method, transparent transmission system and proxy server |
| CN110120895A (en) * | 2019-04-11 | 2019-08-13 | 北京字节跳动网络技术有限公司 | Test method, apparatus, medium and the electronic equipment of mobile terminal communication |
| CN114125030A (en) * | 2021-11-30 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Connection tracking method, device, electronic equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1765090A (en) * | 2003-03-24 | 2006-04-26 | 雷·斯尔科有限公司 | Multiconfigurable device masking shunt and method of use |
| US7249191B1 (en) * | 2002-09-20 | 2007-07-24 | Blue Coat Systems, Inc. | Transparent bridge that terminates TCP connections |
| US7290050B1 (en) * | 2002-09-20 | 2007-10-30 | Blue Coat Systems, Inc. | Transparent load balancer for network connections |
-
2011
- 2011-04-29 CN CN201110119721.0A patent/CN102761534B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7249191B1 (en) * | 2002-09-20 | 2007-07-24 | Blue Coat Systems, Inc. | Transparent bridge that terminates TCP connections |
| US7290050B1 (en) * | 2002-09-20 | 2007-10-30 | Blue Coat Systems, Inc. | Transparent load balancer for network connections |
| CN1765090A (en) * | 2003-03-24 | 2006-04-26 | 雷·斯尔科有限公司 | Multiconfigurable device masking shunt and method of use |
Non-Patent Citations (1)
| Title |
|---|
| 王钢: "应用网关防火墙——网络的中间检查站", 《计算机安全》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104205764A (en) * | 2012-03-26 | 2014-12-10 | 惠普发展公司,有限责任合伙企业 | Frame passing based on ethertype |
| CN103428095B (en) * | 2013-08-26 | 2016-12-28 | 深信服网络科技(深圳)有限公司 | A kind of proxy server and Proxy Method thereof |
| CN103428095A (en) * | 2013-08-26 | 2013-12-04 | 深信服网络科技(深圳)有限公司 | Proxy server and proxy method thereof |
| CN104994137B (en) * | 2015-05-27 | 2019-01-22 | 四川卫士通信息安全平台技术有限公司 | A kind of method of network readezvous point agency |
| CN104994137A (en) * | 2015-05-27 | 2015-10-21 | 四川卫士通信息安全平台技术有限公司 | Method of network readezvous point |
| CN107205005A (en) * | 2016-03-18 | 2017-09-26 | 上海有云信息技术有限公司 | A kind of transparent application level proxy Realization Method of Communication of link layer |
| CN106534794A (en) * | 2016-11-30 | 2017-03-22 | 浙江宇视科技有限公司 | Video monitoring system remote control method and device |
| CN109981701A (en) * | 2017-12-27 | 2019-07-05 | 新智数字科技有限公司 | Transmitting method, transparent transmission system and proxy server |
| CN108848202A (en) * | 2018-06-21 | 2018-11-20 | Oppo(重庆)智能科技有限公司 | electronic device, data transmission method and related product |
| CN108924138A (en) * | 2018-07-05 | 2018-11-30 | 成都安恒信息技术有限公司 | A method of realizing that TCP agent is fully transparent |
| CN108924138B (en) * | 2018-07-05 | 2020-10-23 | 成都安恒信息技术有限公司 | Method for realizing TCP proxy complete transparency |
| CN110120895A (en) * | 2019-04-11 | 2019-08-13 | 北京字节跳动网络技术有限公司 | Test method, apparatus, medium and the electronic equipment of mobile terminal communication |
| CN110120895B (en) * | 2019-04-11 | 2023-01-17 | 北京字节跳动网络技术有限公司 | Method, device, medium and electronic equipment for testing communication of mobile terminal |
| CN114125030A (en) * | 2021-11-30 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Connection tracking method, device, electronic equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102761534B (en) | 2016-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102761534A (en) | Method and device for realizing transparent proxy of media access control layer | |
| US7630368B2 (en) | Virtual network interface card loopback fastpath | |
| US6324583B1 (en) | Method and apparatus for enabling communication between dissimilar protocol stacks | |
| US7684423B2 (en) | System and method for virtual network interface cards based on internet protocol addresses | |
| CN101997673B (en) | Network agent implementation method and device | |
| US8149866B2 (en) | System and method for filtering communications at a network interface controller | |
| CN1571398A (en) | Network safety isolating and information exchanging system and method based on proxy mapping | |
| US7433349B2 (en) | Automatic compiling of address filter information | |
| US7587758B2 (en) | Systems and methods for distributing data packets over a communication network | |
| TWI239732B (en) | A method, computer readable medium and system for providing QoS for an iSCSI environment | |
| CN101834783B (en) | Method and device for forwarding messages and network equipment | |
| JP2001517899A (en) | Method and system for identifying and suppressing executable objects | |
| US10742768B2 (en) | Relaying system and method of transmitting IP address of client to server using encapsulation protocol | |
| CN100589434C (en) | Method for implementing anti-spurious business server address under access mode | |
| CN105939240A (en) | Load balancing method and device | |
| CN106101297B (en) | A kind of message answer method and device | |
| CN103905510A (en) | Processing method and background server for data package | |
| CN110830434A (en) | Universal transparent proxy method | |
| CN102045379B (en) | Method and system for IP storage and storage equipment | |
| CN105991353A (en) | Fault location method and device | |
| US8050266B2 (en) | Low impact network debugging | |
| CN105763599B (en) | T-CDP implementation method and device under a kind of IPSAN | |
| US20040172473A1 (en) | Wireless modem simulation of a LAN card | |
| CN104780106B (en) | More example implementation methods and device | |
| JP2001077857A (en) | Filtering processing device, network provided with it and its storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| CB02 | Change of applicant information |
Address after: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301 Applicant after: Beijing Rising Information Technology Co., Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301 Applicant before: Beijing Rising Information Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301 Patentee after: Beijing net an Technology Limited by Share Ltd Address before: 100190 Beijing City, Haidian District Zhongguancun street, No. 22, building 1301 Patentee before: Beijing Rising Information Technology Co., Ltd |
|
| CP01 | Change in the name or title of a patent holder |