Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for realizing TCP proxy complete transparency

A completely transparent and transparent technology, applied in the field of network security, can solve problems such as problems, and achieve the effect of port field transparency

Active Publication Date: 2018-11-30
CHENGDU DBAPP SECURITY
View PDF7 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] There is a problem with this method: the source Mac address used by the Server's data message may not be the Mac address learned by the Client
There is still a problem in replacing the source Mac address in step 3 with the destination Mac address of the message replied by the Server, because when the Client establishes the first connection with the TCP proxy device in the traditional solution, the Server has not sent a reply message

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for realizing TCP proxy complete transparency
  • Method for realizing TCP proxy complete transparency
  • Method for realizing TCP proxy complete transparency

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] The present invention is realized through the following technical solutions, as Figure 1-Figure 3 As shown, a method for realizing the complete transparency of the TCP agent includes the following steps:

[0057] Step F1: The TCP proxy server implements MAC address transparency by intercepting and caching the TCP Syn message from the Client to the Server;

[0058] Step F2: The TCP proxy server checks and copies the header fields of the mutually sent messages between the Client and the Server, so as to realize the transparency of the TOS / TTL field of the IP header;

[0059] Step F3: The TCP proxy server establishes a network namespace for the Client to realize TCP port transparency.

[0060] It should be noted that, through the above improvements, the Client is a proxied TCP client, and the Server is a proxied server. The invention provides a method for realizing the complete transparency of the TCP proxy. The principle is to use the Tcp Syn message cache to delay the...

Embodiment 2

[0065] This embodiment is further optimized on the basis of the above embodiments, such as figure 1 As shown, the TCP proxy server includes an interconnected TCP proxy module, Syn_handler module, Bridge, and the TCP proxy module includes Tcpproxy_client, Tcpproxy_server, Fd_binder;

[0066] The step F1 specifically includes the following steps:

[0067] Step F101: Client sends a Tcp Syn message request, trying to establish a connection with Server, Bridge learns and records the source MAC address of Client;

[0068] Step F102: The Tcp Syn message sent by the Client arrives at the TCP proxy server, is intercepted and cached by the Syn_handler module;

[0069] Step F103: the Syn_handler module sends a message to the TCP proxy module, notifies the TCP proxy module to record the intercepted Tcp Syn message quintuple information and initiates a TCP connection with the Server;

[0070] Step F104: the Tcpproxy_client in the TCP proxy module sends a Tcp Syn message to the Server thr...

Embodiment 3

[0087] This embodiment is further optimized on the basis of the above embodiments, such as figure 2 As shown, the step F2 specifically includes the following steps:

[0088] Step F201: the TCP proxy server checks the header field of the message sent by the Client to the Server;

[0089] Step F202: the TOS and TTL values ​​of the message header field in the step F201 are copied by Tcpproxy_client to the request message sent to the Server by the TCP proxy server;

[0090] Step F203: the TCP proxy server checks the header field of the message sent by the Server to the Client;

[0091] Step F204: The TOS and TTL values ​​of the message header field in the step F203 are copied by the Tcpproxy_server to the request message sent from the TCP proxy server to the Client.

[0092] It should be noted that, through the above improvements, the method to realize the transparency of the TOS and TTL fields is that the Client sends a message to the Server through the TCP proxy server, the T...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for realizing TCP proxy complete transparency. A TCP proxy server realizes MAC address transparency by intercepting and caching a TCP Syn message flowing to the Serverfrom a Client; the TCP proxy server checks and copies the mutually sent head field between the Client and Server, and realizes the IP head TOS and TLL field transparency; the TCP proxy server establishes network namespace for the Client, thereby realizing TCP port transparency. The MAC address transparency, the IP head TOS / TTL field transparency and TCP head port field transparency can be realized at the same time.

Description

technical field [0001] The invention relates to the technical field of network security, specifically, a method for realizing complete transparency of a TCP proxy. Background technique [0002] Currently, security devices widely used in enterprise networks, such as behavior management devices and web firewalls, require in-depth analysis and processing of TCP traffic. The security device is usually deployed in the user network as a "middleman". If the TCP connection is not proxied, the granularity of the control of the TCP connection by the security device is very weak. [0003] For example, it is difficult for a non-proxy WAF to modify an HTTP session packet without affecting other packets in the TCP stream. To achieve strong control granularity, it is inevitable to use TCP proxy technology. There are many kinds of TCP proxy, including forward proxy, reverse proxy, transparent proxy, etc. The forward proxy needs to configure the client, which is usually not applicable to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/0281H04L61/59
Inventor 刘佳范渊吴永越郑学新刘韬
Owner CHENGDU DBAPP SECURITY