A data transmission method, a proxy server and a service client

By generating and carrying a business identifier between the proxy server and the business client, the problem of associating user information between the protocol handshake phase and the business proxy phase is solved, enabling accurate identification of business messages and improving security, and supporting precise user profile analysis and traffic control.

CN116032507BActive Publication Date: 2026-06-05CHINA MOBILEHANGZHOUINFORMATION TECH CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA MOBILEHANGZHOUINFORMATION TECH CO LTD
Filing Date
2021-10-27
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing proxy servers operate independently of the protocol handshake phase and the business proxy phase, making it impossible to associate user information with business messages and determine whether the user to whom the business message belongs is legitimate.

Method used

A service identifier is generated by obtaining the Internet Protocol address, port number, and user information of the service client. This identifier is carried during the negotiation handshake phase and the service proxy phase to establish an association and ensure that the proxy server can identify the user to which the service message belongs.

Benefits of technology

It enables the proxy server to accurately identify business messages, improves the security of business proxy, supports precise user profile analysis and traffic control, and ensures the authentication of legitimate users.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116032507B_ABST
    Figure CN116032507B_ABST
Patent Text Reader

Abstract

The application discloses a data transmission method, which comprises the following steps: obtaining a first Internet protocol address of a service client, a first port number of the service client and user information sent by the service client; generating a service identifier based on the first Internet protocol address, the first port number and the user information; if a proxy connection request sent by the service client is received, responding to the proxy connection request, and generating connection information carrying the service identifier; wherein the proxy connection request carries a second Internet protocol address and a second port number of a service server; the connection information stores a mapping relationship, which is used for indicating the second Internet protocol address and the second port number corresponding to the service identifier; and feeding back the connection information to the service client, so that the service client encapsulates the service identifier in a head of a service message to obtain tunnel head information of the service identifier. The application further discloses a proxy server and a service client.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to, but is not limited to, the field of computers, and in particular to a data transmission method, a proxy server, and a business client. Background Technology

[0002] With the continuous development of networks and the increasing diversification of network service applications, network proxy services are playing an increasingly important role in complex network environments. The function of a proxy server is to act as an intermediary for network users to obtain network information. Figuratively speaking, it is a relay station for network information. With a proxy service, network interruptions do not directly retrieve network resources from the server; instead, a request is sent to the proxy server, which then retrieves the information needed by the terminal and transmits it to the user terminal. Moreover, most proxy servers have a buffering function, acting like a large-capacity cache. They have a large storage space and continuously store newly acquired data on the server's local memory, thus significantly improving the efficiency of resource acquisition and enriching the means of resource acquisition. More importantly, proxy servers are an important security function provided by Internet link-level gateways, and their operation mainly occurs at the session layer of the Open Systems Interconnection Reference Model (OSI).

[0003] Existing proxy services can be broadly categorized into two types: line-layer proxies and application-layer proxies. The most widely used line-layer proxy is the Protocol for Sessions Traversal Across Firewall Securely Protocol Version 5 (SOCKS5) proxy. SOCKS5 is a proxy protocol widely used in scenarios where business clients and business servers cannot communicate directly, and it is also widely used in various acceleration scenarios, such as cloud gaming acceleration and Augmented Reality (AR) / Virtual Reality (VR) acceleration. A typical SOCKS5 communication system involves four roles: the business client, the SOCKS5 client, the SOCKS5 proxy server, and the business server. In different deployment scenarios, the business client and the SOCKS5 client can be deployed separately or in a single communication terminal. The interaction process between the business client, proxy server, and business server can be divided into two phases: the protocol handshake phase and the business proxy phase.

[0004] However, in the interaction process between the business client, the proxy server, and the business server, the protocol handshake phase session and the business proxy phase session are independent of each other. This means that the user information in the protocol handshake phase session cannot be associated with the business messages in the business proxy phase. As a result, the proxy server has no way of knowing which user the business message belongs to or whether the business message comes from a legitimate user during the business proxy phase. Summary of the Invention

[0005] In view of this, this application provides a data transmission method, a proxy server, and a business client, which solves the problem in related technologies that causes user information in the protocol handshake phase session to be unable to be associated with business messages in the business proxy phase, making it impossible for the proxy server to know which user the business message belongs to or to determine whether the business message comes from a legitimate user during the business proxy phase.

[0006] To achieve the above objectives, the technical solution of this application is implemented as follows:

[0007] A data transmission method, the method being applied to a proxy server, comprising:

[0008] Obtain the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client;

[0009] A service identifier is generated based on the first Internet Protocol address, the first port number, and the user information;

[0010] If a proxy connection request is received from the service client, the system responds to the proxy connection request and generates connection information carrying the service identifier; wherein, the proxy connection request carries the second Internet Protocol address and the second port number of the service server; the connection information stores a mapping relationship, which is used to indicate the second Internet Protocol address and the second port number corresponding to the service identifier;

[0011] The connection information is fed back to the service client so that after receiving the connection information, the service client encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier.

[0012] A data transmission method, applied to a business client, comprising:

[0013] If a proxy server sends an identifier indicating that the user information verification has passed, a proxy connection request is sent to the proxy server.

[0014] If a connection message carrying a service identifier is received from the proxy server, the service identifier is encapsulated in the header of the service message to obtain the tunnel header information of the service identifier; wherein, the service identifier is generated by the proxy server based on the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client;

[0015] Send a service message containing the tunnel header information to the proxy server.

[0016] A proxy server, the proxy server comprising:

[0017] The first acquisition unit is used to acquire the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client.

[0018] The first processing unit is configured to generate a service identifier based on the first Internet Protocol address, the first port number, and the user information;

[0019] The first processing unit is further configured to, upon receiving a proxy connection request sent by the service client, respond to the proxy connection request and generate connection information carrying the service identifier; wherein, the proxy connection request carries the second Internet Protocol address and the second port number of the service server; the connection information stores a mapping relationship, the mapping relationship being used to indicate the second Internet Protocol address and the second port number corresponding to the service identifier;

[0020] The first processing unit is further configured to feed back the connection information to the service client, so that after receiving the connection information, the service client encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier.

[0021] A business client, the business client comprising:

[0022] The second sending unit is configured to send a proxy connection request to the proxy server if it receives an identifier sent by the proxy server indicating that the user information verification has passed.

[0023] The second processing unit is configured to, upon receiving connection information carrying a service identifier, encapsulate the service identifier in the header of a service message to obtain tunnel header information of the service identifier; wherein, the service identifier is generated based on the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client;

[0024] The second sending unit is also used to send a service message encapsulating the tunnel header information to the proxy server.

[0025] A computer-readable storage medium storing one or more applications, which can be executed by one or more processors to implement the steps of the data transmission method described above.

[0026] The data transmission method, proxy server, and service client provided in this application include: obtaining the first Internet Protocol address (IPA) of the service client, the first port number of the service client, and user information sent by the service client; generating a service identifier based on the first IPA, the first port number, and the user information; responding to a proxy connection request sent by the service client and generating connection information carrying the service identifier if a proxy connection request is received; wherein the proxy connection request carries the second IPA and the second port number of the service server; the connection information stores a mapping relationship, which is used to indicate the second IPA and the second port number corresponding to the service identifier; and feeding back the connection information to the service client, so that the service client, after receiving the connection information, encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier. In other words, during the negotiation and handshake phase between the proxy server and the service client, the proxy server feeds back a proxy connection result carrying the service identifier based on the proxy connection request; simultaneously, during the service proxy phase, the service message sent by the service client carries the service identifier. Clearly, using a business identifier allows for the establishment of an association between the proxy server and the business client during the negotiation handshake and business proxy phases. The proxy server can quickly determine the session associated with the business message based on the business identifier, identifying which user the message belongs to. This enables the correct determination of whether the sender of the business message is a legitimate user who has undergone identity verification during the protocol handshake phase, avoiding risks caused by business messages sent by illegitimate users. Furthermore, the business messages in this application can be precisely matched to users, associating the business with specific user information, increasing the security of the business proxy, and allowing technical personnel to conduct precise user profiling analysis of business behavior, implement traffic control based on user information, and accurately bill user-related business traffic in acceleration scenarios such as game acceleration. Attached Figure Description

[0027] Figure 1 This is a schematic diagram of the interaction process between the business client, SOCKS5 proxy server, and business server in related technologies;

[0028] Figure 2A This is a schematic diagram illustrating the format of the authentication negotiation request sent by the business client to the SOCKS5 proxy server in related technologies.

[0029] Figure 2B This is a schematic diagram illustrating the format of the negotiation results returned by the SOCKS5 proxy server to the business client in related technologies;

[0030] Figure 2C This is a schematic diagram illustrating the format of the authentication request sent by the business client to the SOCKS5 proxy server in related technologies;

[0031] Figure 2D This is a schematic diagram illustrating the format of the authentication result returned by the SOCKS5 proxy server to the business client in related technologies;

[0032] Figure 2E This is a schematic diagram illustrating the format of a proxy connection request sent by a business client to a SOCKS5 proxy server in related technologies.

[0033] Figure 2F This is a schematic diagram illustrating the format of the proxy connection results returned by the SOCKS5 proxy server to the business client in related technologies.

[0034] Figure 2G This is a schematic diagram illustrating the format of the business messages sent by the business client to the SOCKS5 proxy server in related technologies.

[0035] Figure 2H This is a schematic diagram illustrating the format of the proxy business message sent by the SOCKS5 proxy server to the business server in related technologies.

[0036] Figure 2I This is a schematic diagram illustrating the format of the feedback packets sent by the business server to the SOCKS5 proxy server in related technologies.

[0037] Figure 2J This is a schematic diagram illustrating the format of the business response packet sent by the SOCKS5 proxy server to the business client after being proxied in related technologies.

[0038] Figure 3 This is a schematic diagram of the network architecture for implementing the data transmission method provided in this application;

[0039] Figure 4 This is a flowchart illustrating a data transmission method provided in this application. Figure 1 ;

[0040] Figure 5 This is a flowchart illustrating a data transmission method provided in this application (Figure 2).

[0041] Figure 6 This is a flowchart illustrating a data transmission method provided in this application. Figure 3 ;

[0042] Figure 7AThis is a schematic diagram illustrating the format of the proxy connection result returned by the proxy server to the business client in this application;

[0043] Figure 7B This is a schematic diagram illustrating the format of the business messages sent by the business client to the proxy server in this application;

[0044] Figure 7C This is a schematic diagram of the format of the processed business message encapsulated with the business identifier, which is fed back by the proxy server to the business client in this application;

[0045] Figure 8 This is a schematic diagram of the structure of a proxy server provided in this application.

[0046] Figure 9 This is a schematic diagram of the structure of a business client provided in this application. Detailed Implementation

[0047] To make the objectives, technical solutions, and advantages of this application clearer, the application will be further described in detail below with reference to the accompanying drawings. The described embodiments should not be regarded as limitations on this application. All other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0048] In the following description, references to "some embodiments" refer to a subset of all possible embodiments. However, it is understood that "some embodiments" may be the same or different subsets of all possible embodiments and may be combined with each other without conflict. Unless otherwise defined, all technical and scientific terms used in the embodiments of this application have the same meaning as commonly understood by one of ordinary skill in the art to which the embodiments of this application pertain. The terminology used in the embodiments of this application is for the purpose of describing the embodiments of this application only and is not intended to limit the application.

[0049] Before explaining this application, a brief description is given here of proxy servers in related technologies, such as SOCKS5 proxy servers:

[0050] Figure 1This diagram illustrates the interaction flow between the business client, proxy server, and business server in related technologies. It should be noted that during the protocol handshake phase, the business client uses Internet Protocol (IP) address A1 and port a1 to communicate with the SOCKS5 proxy server's IP address B1 and port b1. During the business proxy phase, the business client uses IP address A2 and port a2 to communicate with the SOCKS5 proxy server's IP address B2 and port b2, and both the business client and the SOCKS5 proxy server communicate using Transmission Control Protocol (TCP) sockets. During the business proxy phase, the SOCKS5 proxy server uses IP address B3 and port b3 to communicate with the business server's IP address C and port c.

[0051] Step 101: The business client sends an authentication negotiation request to the SOCKS5 proxy server.

[0052] The business client sends an authentication method negotiation request to the SOCKS5 proxy server, and the business client packages all the authentication methods it supports and sends them to the SOCKS5 proxy server. Figure 2A This is a schematic diagram illustrating the format of the authentication negotiation request sent by a business client to a SOCKS5 proxy server in related technologies. For example... Figure 2A As shown, the IP header, encapsulated at the network layer, records the source address A1 and destination address B1 of the negotiation request. The TCP header, encapsulated at the transport layer, records the source port a1 and destination port b1 of the negotiation request. The negotiation payload of the negotiation request carries all authentication methods supported by the service client. Specifically, the VER field indicates the SOCKS version, occupying 1 byte; SOCKS5 uses 0x05 for the version number. The NMETHODS field indicates the length of the METHODS field, occupying 1 byte. The METHODS field is a list of authentication methods supported by the service client, with each authentication method occupying 1 byte.

[0053] In related technologies, the values ​​for the METHODS field are as follows: 0x00 indicates that no authentication is required; 0x01 indicates the authentication method of the Generic Security Services Application Programming Interface (GSSAPI); 0x02 indicates the authentication method of username and password; 0x03-0x7F are assigned by the Internet Assigned Numbers Authority (IANA); 0x80-0xFE are reserved for private methods; and 0xFF indicates that there is no acceptable authentication method.

[0054] Step 102: The SOCKS5 proxy server responds to the authentication negotiation request and sends the negotiation result back to the business client.

[0055] The SOCKS5 proxy server selects the optimal authentication method from among the multiple authentication methods supported by the business client and responds to the business client with the selection result. At this point, the business client and the SOCKS5 proxy server reach an agreement on the authentication method. Figure 2B This is a schematic diagram illustrating the format of the negotiation results returned by the SOCKS5 proxy server to the business client in related technologies. For example... Figure 2B As shown, the IP header, encapsulated at the network layer, records the source address B1 and destination address A1 of the negotiation result. The TCP header, encapsulated at the transport layer, records the source port b1 and destination port a1 of the negotiation result. The negotiation payload of the negotiation result carries the information of the SOCKS5 proxy server in selecting the optimal authentication method from multiple authentication methods. The NMETHOD field, occupying 1 byte, is used to characterize the authentication method selected by the SOCKS5 proxy server.

[0056] In related technologies, the value of the METHOD field is 0xFF to indicate that no authentication method is selected and the business client needs to close the connection.

[0057] Step 103: The business client sends an authentication request to the SOCKS5 proxy server.

[0058] The business client uses an authentication method agreed upon by both parties, such as username and password authentication, to send an authentication request to the SOCKS5 proxy server. Figure 2C This is a schematic diagram illustrating the format of the authentication request sent by a business client to a SOCKS5 proxy server in related technologies. For example... Figure 2CAs shown, the IP header, encapsulated at the network layer, records the source address A1 and destination address B1 of the authentication request. The TCP header, encapsulated at the transport layer, records the source port a1 and destination port b1 of the authentication request. The negotiation payload of the authentication request carries the username and password. Specifically, the ULEN field indicates the username length and occupies 1 byte; the UNAME field indicates the username and occupies 1 byte; the PLEN field indicates the password length and occupies 1 byte; and the PASSWD field indicates the password and occupies 1 to 255 bytes.

[0059] Step 104: The SOCKS5 proxy server responds to the authentication request and sends the authentication result back to the business client.

[0060] The SOCKS5 proxy server authenticates the username and password sent by the business server and sends the authentication result back to the business client; if the authentication result indicates that the authentication has failed, the negotiation is terminated. Figure 2D This is a diagram illustrating the format of the authentication result returned by the SOCKS5 proxy server to the business client in related technologies. For example... Figure 2D As shown, the IP header, encapsulated at the network layer, records the source address B1 and destination address A1 of the authentication result. The TCP header, encapsulated at the transport layer, records the source port b1 and destination port a1 of the authentication result. The negotiation payload of the authentication result carries the authentication result from the SOCKS5 proxy server. The STATUS field, occupying one byte, is used to characterize the authentication status.

[0061] In related technologies, the values ​​for the STATUS field are: 0x00 indicates successful authentication, and 0x01 indicates authentication failure.

[0062] Step 105: The business client sends a proxy connection request to the SOCKS5 proxy server.

[0063] The business client sends a proxy connection request to the SOCKS5 proxy server. Figure 2E This is a schematic diagram illustrating the format of a proxy connection request sent by a business client to a SOCKS5 proxy server in related technologies. For example... Figure 2EAs shown, the IP header, encapsulated at the network layer, records the source address A1 and destination address B1 of the proxy connection request. The TCP header, encapsulated at the transport layer, records the source port a1 and destination port b1 of the proxy connection request. The negotiation payload of the proxy connection request carries the destination address and destination port of the service server. Specifically, the CMD field, occupying 1 byte, indicates the type of service connection requested by the service client; the RSV field is a reserved byte, represented by 0x00, occupying 1 byte; the ATYP field characterizes the type of the DST.ADDR field; the DST.ADDR field characterizes the destination address of the service server; and the DST.PORT field characterizes the destination port of the service server.

[0064] In related technologies, the values ​​for the CMD field are as follows: 0x01 indicates a CONNECT request; 0x02 indicates a BIND request; and 0x03 indicates a User Datagram Protocol (UDP) forwarding.

[0065] In related technologies, the values ​​for the ATYP field are as follows: 0x01 represents an Internet Protocol version 4 (IPv4) address; 0x03 represents a domain name, where the first byte of the DST.ADDR field is the domain name length, and the remaining bytes of the DST.ADDR field are the domain name, without a null terminator (\0). 0x04 represents an Internet Protocol version 6 (IPv6) address.

[0066] Step 106: The SOCKS5 proxy server responds to the proxy connection request and sends the proxy connection result back to the business client.

[0067] The SOCKS5 proxy server uses the information in the proxy connection request to initiate a connection to the business server and returns the proxy connection result to the business client. Figure 2F This is a schematic diagram illustrating the format of the proxy connection results returned by the SOCKS5 proxy server to the business client in related technologies. For example... Figure 2FAs shown, the IP header is encapsulated at the network layer, recording the source address B1 and destination address A1 of the proxy connection result. The TCP header is encapsulated at the transport layer, recording the source port b1 and destination port a1 of the proxy connection result. Regarding the negotiation payload of the proxy connection result, the REP field is used to represent the acknowledgment field; the RSV field is a reserved byte, represented by 0x00, occupying 1 byte; the ATYP field is used to represent the type of BND.ADDR; the BND.ADDR field is used to represent the address bound to the SOCKS5 proxy server; the BND.PORT field is used to represent the port bound to the SOCKS5 proxy server; the BND.ADDR and BND.PORT fields explicitly indicate the UDP socket (SOCKET) listening address and listening port provided by the SOCKS5 proxy server to the business client for proxy connections.

[0068] In related technologies, the values ​​for the REP field are as follows: 0x00 indicates a successful connection; 0x01 indicates a failed connection to a regular SOCKS proxy server; 0x02 indicates that the connection is not allowed by existing rules; 0x03 indicates that the network is unreachable; 0x04 indicates that the host is unreachable; 0x05 indicates that the connection was refused; 0x06 indicates that the Time To Live (TTL) value has expired; 0x07 indicates an unsupported command; and 0x08 indicates an unsupported address type.

[0069] It should be noted that after executing steps 101 to 106, the business client and the SOCKS5 proxy server complete the SOCKS5 protocol handshake and establish a SOCKS5 negotiation session, and then enter the business proxy stage.

[0070] Step 107: The business client sends a business message to the SOCKS5 proxy server.

[0071] For UDP service proxying, the SOCKS5 protocol explicitly requires that a SOCKS5 tunnel header be encapsulated between the UDP header and the UDP service payload.

[0072] The business client sends business messages to the SOCKS5 proxy server, which are the actual business messages transmitted by the business client. Figure 2G This is a schematic diagram illustrating the format of business messages sent by a business client to a SOCKS5 proxy server in related technologies. For example... Figure 2GAs shown, the IP header is encapsulated at the network layer and records the source address A2 and destination address B2 of the sent service message. The UDP header is encapsulated at the transport layer and records the source port a2 and destination port b2 of the sent service message. The FRAG field in the SOCKS5 tunnel header indicates the amount of data in the service message; the DST.ADDR field represents the destination address of the service server; and the DST.PORT field represents the destination port of the service server.

[0073] Step 108: The SOCKS5 proxy server sends the proxied business message to the business server.

[0074] After receiving the business message sent by the business client, the SOCKS5 proxy server filters out the SOCKS5 tunnel header from the business message and sends the business message with the SOCKS5 tunnel header filtered out, i.e., the proxyed business message, to the business server. Figure 2H This is a diagram illustrating the format of the proxy message sent by the SOCKS5 proxy server to the business server in related technologies. For example... Figure 2H As shown, the IP header, encapsulated at the network layer, records the source address B3 and destination address C of the proxy connection result. The UDP header, encapsulated at the transport layer, records the source port b3 and destination port c of the proxy connection result.

[0075] Step 109: The business server sends a business response packet back to the SOCKS5 proxy server.

[0076] The service server processes the service packets that have had their SOCKS5 tunnel headers filtered out, and obtains the processed service response packets. Figure 2I This is a schematic diagram illustrating the format of the feedback packets sent by the service server to the SOCKS5 proxy server in related technologies. For example... Figure 2I As shown, the IP header is encapsulated at the network layer and records the source address C and destination address B3 of the sent service response packet. The UDP header is encapsulated at the transport layer and records the source port c and destination port b3 of the sent service response packet.

[0077] Step 110: The SOCKS5 proxy server sends the proxyed business response packet back to the business server.

[0078] After receiving the service response packet from the service server, the SOCKS5 proxy server adds the service response packet to the SOCKS5 tunnel header and then sends the service packet with the SOCKS5 tunnel header added (i.e., the proxyed service response packet) to the service client. Figure 2J This is a schematic diagram illustrating the format of the business response packet sent by the SOCKS5 proxy server to the business client after being proxied, in related technologies. For example... Figure 2JAs shown, the IP header is encapsulated at the network layer and records the source address B2 and destination address A2 of the proxy connection result. The UDP header is encapsulated at the transport layer and records the source port b2 and destination port a2 of the proxy connection result.

[0079] After the business client's business messages pass through the SOCKS5 proxy server, the SOCKS5 proxy server will act as a proxy for the business client's business and communicate with the business server on behalf of the business client.

[0080] The business client forwards the business request, originally intended for the actual business server, to the SOCKS5 proxy server. Upon receiving the message from the business client, the SOCKS5 proxy server communicates with the backend business server using the same transport layer protocol. After receiving the response from the business server, the SOCKS5 proxy device then forwards it to the business client.

[0081] See Figure 3 , Figure 3 This is a schematic diagram of the network architecture for implementing the data transmission method provided in this application. The network architecture includes a business client 301, a proxy server 302, and a business server 303. The business client 301 and the proxy server 302 are connected via network 1; the proxy server 302 and the business server 303 are connected via network 2. For example, the business client 301 is deployed on an electronic device to provide local services to customers. Electronic devices include, but are not limited to, smartphones, tablets, personal digital assistants (PDAs), wearable devices, smart TVs, smart cameras, smart projectors, laptops, and desktop computers. The proxy server 302 can receive business messages sent by the business client 301 and forward them to the corresponding business server 303 for processing. The proxy server 302 can be a single server or a server cluster or cloud computing center composed of multiple servers. The business server 303 can process the business messages sent by the proxy server 302 and return the processing results to the proxy server 302. The business server 303 can be a single server or a server cluster or cloud computing center composed of multiple servers. Network 1 includes, but is not limited to, local area networks (LANs), metropolitan area networks (MANs), and wide area networks (WANs). Network 2 includes, but is not limited to, LANs, MANs, and WANs. It should be noted that Network 1 and Network 2 are used only to represent two networks that cannot communicate directly.

[0082] See Figure 4 , Figure 4 This is a schematic diagram illustrating an implementation flow of the data transmission method provided in an embodiment of this application. This data transmission method can be applied to... Figure 3The proxy server 302 shown; the data transmission method includes the following steps:

[0083] Step 401: Obtain the first Internet Protocol address of the business client, the first port number of the business client, and the user information sent by the business client.

[0084] In this embodiment, the business client first packages all the authentication methods it supports and sends them to the proxy server. That is, the business client sends a negotiation handshake message for authentication methods to the proxy server. The proxy server selects the optimal authentication method from the multiple authentication methods supported by the business client and responds to the business client with the selection result. Here, the proxy server records the first Internet Protocol address and first port number of the business client received from the authentication method negotiation handshake message sent by the business client. Then, the business client sends an authentication request carrying user information to the proxy server according to the authentication method agreed upon by both parties. The proxy server authenticates the user information sent by the business server and returns the authentication result to the business client. When the proxy server confirms successful authentication, it records the user information sent by the business client from the authentication request carrying user information.

[0085] It should be noted that the proxy server can also record the first Internet Protocol address and first port number of the business client from the handshake message corresponding to the authentication request carrying user information sent by the business client.

[0086] In this embodiment of the application, the first Internet Protocol address includes, but is not limited to, IPv4 addresses, domain names, and IPv6 addresses.

[0087] In this embodiment, the first port number may be a preset port number on the business client, or it may be set by relevant technical personnel according to actual needs. This application does not impose any limitations on this.

[0088] In this embodiment of the application, user information includes, but is not limited to, username, password, username length, and password length.

[0089] Step 402: Generate a service identifier based on the first Internet Protocol address, the first port number, and the user information.

[0090] In this embodiment of the application, the proxy server processes the first Internet Protocol address, the first port number, and the user information to obtain a service identifier used to represent the target service.

[0091] In some embodiments, the proxy server can convert the first Internet Protocol address, the first port number, and the user information into a triple to obtain a service identifier. For example, if the first Internet Protocol address is A1, the first port number is a1, and the user information is admin, then the service identifier can be (A1, a1, admin) or (admin, A1, a1).

[0092] Step 403: If a proxy connection request is received from a business client, respond to the proxy connection request and generate connection information carrying the business identifier.

[0093] The proxy connection request carries the second Internet Protocol address and the second port number of the business server; the connection information stores a mapping relationship, which is used to indicate the second Internet Protocol address and the second port number corresponding to the business identifier.

[0094] Step 404: Feed back connection information to the service client so that after receiving the connection information, the service client can encapsulate the service identifier in the header of the service message and obtain the tunnel header information of the service identifier.

[0095] In this embodiment, if a proxy connection request is received from a business client, the proxy server responds to the request and sends connection information carrying a business identifier back to the client. Combined with... Figure 2F The proxy server can append a service identifier field to the negotiation payload of the proxy connection result to carry the service identifier. For example, adding a service identifier field to the BND.PORT field means that the negotiation payload of the proxy connection result also includes a service identifier field.

[0096] In this embodiment, the proxy server sends connection information carrying a service identifier back to the service client, so that after receiving the connection information, the service client encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier. Combined with... Figure 2G Service clients can add a service identifier field to the SOCKS5 tunnel header to carry the service identifier. For example, by adding a service identifier field to the DST.PORT field, the service client can obtain the tunnel header information of the service identifier. Service clients can also replace the DST.PORT and DST.ADDR fields in the SOCKS5 tunnel header with the service identifier field to obtain the tunnel header information of the service identifier.

[0097] In this embodiment of the application, the business client can send a proxy connection request to the proxy server through the access network.

[0098] This application discloses a data transmission method, which includes: obtaining a first Internet Protocol (IP) address of a business client, a first port number of the business client, and user information sent by the business client; generating a service identifier based on the first IP address, the first port number, and the user information; if a proxy connection request is received from the business client, responding to the proxy connection request and generating connection information carrying the service identifier; wherein the proxy connection request carries a second IP address and a second port number of the business server; the connection information stores a mapping relationship, which is used to indicate the second IP address and the second port number corresponding to the service identifier; and feeding back the connection information to the business client, so that the business client, after receiving the connection information, encapsulates the service identifier in the header of the business message to obtain the tunnel header information of the service identifier. It should be noted that during the negotiation and handshake phase between the proxy server and the business client, the proxy server feeds back the proxy connection result based on the proxy connection request, carrying the service identifier. Simultaneously, during the business proxy phase, the business message sent by the business client carries the service identifier. Clearly, using a business identifier allows for the establishment of an association between the proxy server and the business client during the negotiation handshake and business proxy phases. The proxy server can quickly determine the session associated with the business message based on the business identifier, identifying which user the message belongs to. This enables the correct determination of whether the sender of the business message is a legitimate user who has undergone identity verification during the protocol handshake phase, avoiding risks caused by business messages sent by illegitimate users. Furthermore, the business messages in this application can be precisely matched to users, associating the business with specific user information, increasing the security of the business proxy, and allowing technical personnel to conduct precise user profiling analysis of business behavior, implement traffic control based on user information, and accurately bill user-related business traffic in acceleration scenarios such as game acceleration.

[0099] See Figure 5 , Figure 5 This is a schematic diagram illustrating an implementation flow of the data transmission method provided in an embodiment of this application. This data transmission method can be applied to... Figure 3 The business client 301 shown; the data transmission method includes the following steps:

[0100] Step 501: If an identifier indicating that the user information verification has passed is received from the proxy server, send a proxy connection request to the proxy server.

[0101] In this embodiment of the application, if the proxy server returns an authentication result indicating that the user information verification is successful, the business client sends a proxy connection request to the proxy server.

[0102] In this embodiment of the application, if the authentication result returned by the proxy server indicates that the user information verification failed, the service is suspended.

[0103] Step 502: If a connection information carrying a service identifier is received from the proxy server, the service identifier is encapsulated in the header of the service message to obtain the tunnel header information of the service identifier.

[0104] The service identifier is generated by the proxy server based on the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client.

[0105] In this embodiment, after the proxy server sends connection information carrying a service identifier to the service client, the service client, upon receiving the connection information, encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier. Combined with... Figure 2G Service clients can add a service identifier field to the SOCKS5 tunnel header to carry the service identifier. For example, by adding a service identifier field to the DST.PORT field, the service client can obtain the tunnel header information of the service identifier. Service clients can also replace the DST.PORT and DST.ADDR fields in the SOCKS5 tunnel header with the service identifier field to obtain the tunnel header information of the service identifier.

[0106] Step 503: Send a service message containing tunnel header information to the proxy server.

[0107] In this embodiment, after the proxy server obtains the service message encapsulated with tunnel header information, it parses the tunnel header information to obtain the service identifier. Then, based on the mapping relationship between the second Internet Protocol address and the second port number corresponding to the service identifier stored in the connection information, and the service identifier, it quickly locates the second Internet Protocol address and the second port number of the service server of the service message to be processed.

[0108] This application discloses a data transmission method, which includes: if a proxy server sends an identifier indicating that user information verification has passed, sending a proxy connection request to the proxy server; if a proxy server sends connection information carrying a service identifier, encapsulating the service identifier in the header of a service message to obtain tunnel header information of the service identifier; wherein, the service identifier is generated by the proxy server based on the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client; and sending a service message encapsulated with the tunnel header information to the proxy server. It should be noted that during the negotiation and handshake phase between the proxy server and the service client, the proxy server carries the service identifier in the proxy connection result returned according to the proxy connection request; simultaneously, during the service proxy phase between the proxy server and the service client, the service identifier is carried in the service message sent by the service client. Clearly, using service identifiers allows for the establishment of a connection between the proxy server and the service client during the negotiation handshake and service proxy phases. The proxy server can quickly determine the session associated with a service message based on the service identifier, identifying which user the message belongs to. This enables the correct determination of whether the sender of the service message is a legitimate user who has undergone identity verification during the protocol handshake phase, avoiding risks caused by service messages sent by illegitimate users. Simultaneously, the precise matching of service messages to users allows technical personnel to conduct accurate user profiling analysis of service behavior, enabling traffic control for users and, in acceleration scenarios such as game acceleration, precise billing of user service traffic.

[0109] See Figure 6 , Figure 6 This is a schematic diagram illustrating an implementation flow of the data transmission method provided in an embodiment of this application. This data transmission method can be applied to... Figure 3 The network architecture shown; the method includes the following steps:

[0110] Step 601: The proxy server obtains the first Internet Protocol address and the first port number of the business client.

[0111] In this embodiment, the business client packages all the authentication methods it supports and sends them to the proxy server. That is, the business client sends a negotiation handshake message for authentication methods to the proxy server. The proxy server selects the optimal authentication method from the multiple authentication methods supported by the business client and responds to the business client with the selection result. Here, the proxy server records the first Internet Protocol address and first port number received from the business client in the negotiation handshake message for authentication methods sent by the business client.

[0112] In this embodiment, if there is no Network Address Translation (NAT) between the service client and the proxy server, the proxy server records the first Internet Protocol address and the first port number received from the service client in the authentication handshake message sent by the service client. If there is NAT between the service client and the proxy server, then the first Internet Protocol address and the first port number received from the service client in the authentication handshake message sent by the service client are the first Internet Protocol address and the first port number after NAT translation.

[0113] Step 602: The proxy server obtains the user information sent by the business client.

[0114] In this embodiment, the business client sends an authentication request carrying user information to the proxy server according to the authentication method agreed upon by both parties. The proxy server authenticates the user information sent by the business server and returns the authentication result to the business client. When the proxy server determines that the authentication is successful, it records the user information sent by the business client from the authentication request carrying user information.

[0115] Step 603: The proxy server generates a service identifier based on the first Internet Protocol address, the first port number, and the user information.

[0116] In this embodiment of the application, step 603, which generates a service identifier based on the first Internet Protocol address, the first port number, and user information, can be achieved through the following steps:

[0117] Step 6031: Process the user information to obtain the first sub-identifier that has not been occupied by other users.

[0118] The first sub-identifier is used to uniquely represent the user information.

[0119] In this embodiment, the proxy server performs random encryption on the user information to obtain a first sub-identifier that is not occupied by other users. Here, "other users" refers to users different from those corresponding to the user information. "Not occupied by other users" means that the first sub-identifiers of other users are all different from the first sub-identifier corresponding to the user information.

[0120] In this embodiment of the application, step 6031 processes the user information to obtain a first sub-identifier that is not occupied by other users, which can be achieved through the following steps:

[0121] Step A1: Perform a hash transformation on the user information to obtain the first hash value corresponding to the user information.

[0122] In this embodiment, user information is hashed, and a first sub-identifier is obtained based on the first hash value. This helps the proxy server quickly locate different users, enabling the proxy server to perform two-level queries when matching sessions: first matching the user, then matching the specific session under that user name. This reduces the time complexity from O(n) to O(n).

[0123] Step A2: Extract the first value corresponding to a portion of the first hash value as the user identifier.

[0124] In this embodiment of the application, a first value corresponding to a portion of the bytes of the first hash value is extracted as the user identifier. For example, the proxy server can extract the first value corresponding to the first 4 bytes of the first hash value as the user identifier; the proxy server can also extract the first value corresponding to the last 5 bytes of the first hash value as the user identifier; the proxy server can also extract the first value corresponding to any 4 bytes in the middle of the first hash value as the user identifier.

[0125] It should be noted that the length and position of the partial bytes of the extracted first hash value are related to the weight of each byte. For example, the first hash value is obtained by hashing the user information 1: the group leader admin of village A, company B, and department C. The user information contained in the business client, proxy server, and business server are all information of all members of village A, company B, and department C. Obviously, the byte weight of the group leader admin in user information 1 is higher. Therefore, for user information 1, the first value corresponding to the partial bytes of the extracted first hash value is the value corresponding to the hash transformation of the group leader admin.

[0126] Step A3: If the user identifier is not occupied by other users, determine the user identifier as the first sub-identifier.

[0127] Step A4: If the user identifier is occupied by another user, determine the first sub-identifier that is not occupied by another user from the value range to which the first value belongs.

[0128] In this embodiment of the application, if a user identifier is occupied by another user, the number of bytes in the partial byte is determined; based on the number of bytes in the partial byte, a reference range is determined; and a first sub-identifier not occupied by another user is determined from the reference range. For example, if the partial byte is a 4-bit byte, the reference range for the 4-bit byte is 0x00000001 to 0xffffffff, and the process is sequentially traversed starting from 0x00000001 until a first sub-identifier not occupied by another user is found.

[0129] In this embodiment of the application, if a user identifier is occupied by another user, the range of values ​​to which the first value belongs is determined, and a first sub-identifier that is not occupied by another user is determined from the reference range based on the value range. For example, if the first value is 0x00000011, then the value range can be 0x00000011 to 0xffffffff, or the value range can be 0x00000001 to 0x00000010. The proxy server traverses the above value ranges in sequence until it finds a first sub-identifier that is not occupied by another user.

[0130] Step 6032: Process the first Internet Protocol address and the first port number to obtain the second sub-identifier that is not occupied by other services associated with the user information.

[0131] The second sub-identifier is used to distinguish different services corresponding to the same user.

[0132] In this embodiment of the application, the second sub-identifiers corresponding to different services under the same user information are different.

[0133] In this embodiment, the proxy server performs random encryption on the first Internet Protocol address and the first port number to obtain a second sub-identifier that is not occupied by other services associated with the user information. "Not occupied by other services associated with the user information" means that the second sub-identifiers of other services associated with the user information are all different from the second sub-identifier of the target service corresponding to the first Internet Protocol address and the first port number.

[0134] In this embodiment of the application, step 6032 processes the first Internet Protocol address and the first port number to obtain a second sub-identifier that is not occupied by other services, which can be achieved through the following steps:

[0135] Step B1: Convert the first Internet Protocol address and the first port number into a tuple to obtain the session identifier.

[0136] For example, the first Internet Protocol address A1 and the first port number a1 are converted into a tuple to obtain the session identifier (A1, a1).

[0137] Step B2: Perform a hash transformation on the session identifier to obtain the second hash value corresponding to the session identifier.

[0138] In this embodiment, the session identifier undergoes a hash transformation, and a second sub-identifier is obtained based on the second hash value. This helps the proxy server locate different business proxy sessions for the same user. The proxy server can leverage the uniqueness of the local TCP socket port allocation on the business client to ensure the uniqueness of the second sub-identifier (SESSION-ID) for each session of the same user, greatly reducing the complexity of maintaining the SESSION-ID for the proxy server.

[0139] It should be noted that in a NAT environment, the uniqueness of the local TCP socket port allocation for the business client can be ensured by using NAT addresses in combination with port mapping.

[0140] Step B3: Extract the second value corresponding to a portion of the bytes of the second hash value as the session identifier for the target service.

[0141] In this embodiment, a second value corresponding to a portion of the bytes of the second hash value is extracted as the session identifier of the target service. For example, the proxy server can extract the second value corresponding to the first 4 bytes of the second hash value as the session identifier of the target service; the proxy server can also extract the second value corresponding to the last 5 bytes of the second hash value as the session identifier of the target service; or the proxy server can extract any 4 bytes from the middle of the second hash value as the session identifier of the target service.

[0142] It should be noted that the length and position of the bytes extracted from the second hash value are related to the weight percentage of the importance of each byte.

[0143] Step B4: If the session identifier of the target service is not occupied by other services, determine the session identifier of the target service as the second sub-identifier.

[0144] Step B5: If the session identifier of the target service is occupied by other services, determine the second sub-identifier that is not occupied by other services from the value range to which the second value belongs.

[0145] In this embodiment of the application, if the session identifier of the target service is occupied by other services, the number of bytes in the partial bytes is determined; based on the number of bytes in the partial bytes, a reference range is determined; and a second sub-identifier that is not occupied by other services is determined from the reference range. For example, if the partial bytes are 4 bits, the reference range for the 4 bits is 0x00000001 to 0xffffffff. The process is sequentially traversed starting from 0x00000001 until a second sub-identifier that is not occupied by other services is found.

[0146] In this embodiment of the application, if the session identifier of the target service is occupied by other services, the value range to which the second value belongs is determined, and a second sub-identifier not occupied by other services is determined from the reference range based on the value range. For example, if the second value is 0x00000011, then the value range can be 0x00000011 to 0xffffffff, or the value range can be 0x00000001 to 0x00000010. The proxy server traverses the above value ranges sequentially until it finds a second sub-identifier not occupied by other services.

[0147] Step 6033: Concatenate the first sub-identifier and the second sub-identifier to obtain the business identifier.

[0148] In this embodiment, the proxy server concatenates the first sub-identifier and the second sub-identifier to obtain a service identifier that is not occupied by other services. In other words, this application uses the first sub-identifier, which uniquely represents user information, combined with the second sub-identifier, used to distinguish different services corresponding to the same user, to form a service identifier that uniquely identifies the current service.

[0149] For example, if the first sub-identifier is 0x00000034 and the second sub-identifier is 0x00000043, the resulting service identifier can be (0x00000034, 0x00000043), or it can be 0x00000034:0x00000043, or it can be 0x00000043-0x00000034. It should be noted that this application does not impose any limitations on the concatenation method or order of the first and second sub-identifiers.

[0150] Step 604: The proxy server sends an identifier indicating that the user information verification has passed to the business client.

[0151] Step 605: The business client receives an identifier sent by the proxy server to indicate that the user information verification has passed.

[0152] Step 606: The business client sends a proxy connection request to the proxy server.

[0153] Step 607: The proxy server receives the proxy connection request sent by the business client, responds to the proxy connection request, and generates connection information carrying the business identifier.

[0154] The proxy connection request carries the second Internet Protocol address and the second port number of the business server; the connection information stores a mapping relationship, which is used to indicate the second Internet Protocol address and the second port number corresponding to the business identifier.

[0155] Step 608: The proxy server sends connection information carrying the service identifier to the service client.

[0156] In this embodiment, the proxy server receives a proxy connection request sent by the business client, encapsulates the business identifier in the proxy connection result, and feeds back the proxy connection result encapsulated with the business identifier to the business client. Figure 7A This is a schematic diagram illustrating the format of the proxy connection result returned by the proxy server to the business client in this application. For example... Figure 7AAs shown, the IP header is encapsulated at the network layer, recording the source address B1 and destination address A1 of the proxy connection result. The TCP header is encapsulated at the transport layer, recording the source port b1 and destination port a1 of the proxy connection result. Regarding the negotiation payload of the proxy connection result, the REP field is used to represent the acknowledgment field; the RSV field is a reserved byte, represented by 0x00, occupying 1 byte; the ATYP field is used to represent the type of BND.ADDR; the BND.ADDR field is used to represent the address bound to the proxy server; the BND.PORT field is used to represent the port bound to the proxy server; the BND.ADDR and BND.PORT fields explicitly indicate the UDP socket listening address and listening port provided by the proxy server to the business client for proxy connections. The TOKEN field is used to represent the service identifier.

[0157] For example, the TOKEN field consists of a 4-byte first sub-identifier (USER-ID) and a 4-byte second sub-identifier (SESSION-ID). It should be noted that an 8-byte TOKEN field is just an example; of course, the TOKEN field can also be 9 bytes, and this application does not impose any limitation on this.

[0158] Step 609: The business client receives the connection information carrying the business identifier sent by the proxy server, encapsulates the business identifier in the header of the business message, and obtains the tunnel header information of the business identifier.

[0159] In this embodiment of the application, the tunnel header information consists of a service identifier, reserved bytes, and bytes used to indicate the amount of service message data.

[0160] In this embodiment, the service client encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier, and sends the service message encapsulated with the tunnel header information to the proxy server, which is the service message actually transmitted by the service client. Figure 7B This is a schematic diagram illustrating the format of the business messages sent by the business client to the proxy server in this application. For example... Figure 7B As shown, the FRAG field in the SOCKS5 tunnel header is used to indicate the amount of service message data. Combined with... Figure 2GThis application replaces the DST.ADDR, DST.PORT, and VER fields with the TOKEN field. It should be noted that if the DST.ADDR field is represented in IPv4, 7 bytes of data can be removed; if the DST.ADDR field is represented in IPv6, 19 bytes of data can be removed; if the DST.ADDR field is represented in domain name, the removed length is indeterminate. Using an 8-byte TOKEN field, and considering the most typical scenario where the DST.ADDR field is represented in IPv6, this application saves 11 bytes of overhead compared to the SOCKS5 tunnel header in related technologies.

[0161] Step 610: The business client sends a business message containing tunnel header information to the proxy server.

[0162] Step 611: The proxy server receives the service message containing tunnel header information sent by the service client, parses the tunnel header information, and obtains the service identifier.

[0163] Step 612: The proxy server determines the second Internet Protocol address and the second port number based on the business identifier and mapping relationship.

[0164] In this embodiment, the proxy server determines the destination address and destination port number of the business server carried in the proxy connection request sent by the business client to the proxy server during the negotiation phase, based on the business identifier and the mapping relationship carried in the connection information. That is, the second Internet Protocol address and the second port number.

[0165] Step 613: The proxy server sends the service message to the second Internet Protocol address and the second port number to the service server corresponding to the second Internet Protocol address and the second port number.

[0166] In this embodiment, the proxy server identifies the service server corresponding to the second Internet Protocol address and the second port number, and sends the service message with the SOCKS5 tunnel header removed to the service server.

[0167] Step 614: The business server receives the business message and processes it.

[0168] Step 615: The business server sends the processed business message back to the proxy server.

[0169] Step 617: The proxy server receives the processed business message sent by the business server, encapsulates the business identifier in the header of the processed business message, and obtains the tunnel header information.

[0170] In this embodiment of the application, the proxy server receives the processed business message from the business server and sends the processed business message encapsulated with the business identifier back to the business client. Figure 7C This is a schematic diagram illustrating the format of the processed business message, encapsulated with the business identifier, that the proxy server sends back to the business client in this application. For example... Figure 7C As shown, the TOKEN field in the SOCKS5 tunnel header is used to indicate the service identifier. Combined with... Figure 2G This application replaces the DST.ADDR, DST.PORT, and VER fields with the TOKEN field. It should be noted that if the DST.ADDR field is represented in IPv4, 7 bytes of data can be removed; if the DST.ADDR field is represented in IPv6, 19 bytes of data can be removed; if the DST.ADDR field is represented in domain name, the removed length is indeterminate. Using an 8-byte TOKEN field, and considering the most typical scenario where the DST.ADDR field is represented in IPv6, this application saves 11 bytes of overhead compared to the SOCKS5 tunnel header in related technologies.

[0171] Step 618: The proxy server sends the processed business message, which encapsulates the tunnel header information, to the business client.

[0172] Step 619: The business client receives the processed business message sent by the proxy server, which encapsulates the tunnel header information.

[0173] In this embodiment, the application uses a service identifier to associate service sessions and user information. At the same time, based on the service identifier, the proxy server does not need to allocate different proxy listening IPs and ports for different service proxy sessions. Each proxy server only needs to listen to a pair of IP addresses and ports to meet communication requirements. This not only greatly reduces the SOCKRT management pressure of the proxy server, but also eliminates the limitation on the number of listening ports, thereby improving the concurrency and throughput of the entire system consisting of service clients, proxy servers, and service servers.

[0174] It should be noted that the descriptions of the same steps and contents as in other embodiments in this embodiment can be found in the descriptions in other embodiments, and will not be repeated here.

[0175] Embodiments of this application provide a proxy server that can be applied to... Figure 4 , Figure 6 In a data transmission method provided in a corresponding embodiment, referring to Figure 8 As shown, the proxy server 302 ( Figure 8 Proxy server 302 and Figure 3 The proxy servers (corresponding to 302 errors) include:

[0176] The first acquisition unit 802 is used to acquire the first Internet Protocol address of the business client, the first port number of the business client, and the user information sent by the business client.

[0177] The first processing unit 801 is used to generate a service identifier based on the first Internet Protocol address, the first port number, and user information;

[0178] The first processing unit 801 is further configured to, upon receiving a proxy connection request sent by a service client, respond to the proxy connection request and generate connection information carrying the service identifier; wherein, the proxy connection request carries the second Internet Protocol address and the second port number of the service server; the connection information stores a mapping relationship, the mapping relationship being used to indicate the second Internet Protocol address and the second port number corresponding to the service identifier.

[0179] The first processing unit 801 is also used to send connection information back to the service client, so that after receiving the connection information, the service client encapsulates the service identifier in the header of the service message and obtains the tunnel header information of the service identifier.

[0180] In other embodiments of this application, the first processing unit 801 is configured to, if it receives a service message encapsulating tunnel header information sent by a service client, parse the tunnel header information to obtain a service identifier.

[0181] The first processing unit 801 is also used to determine the second Internet Protocol address and the second port number based on the service identifier and mapping relationship;

[0182] The first sending unit 803 is used to send a service message to the service server corresponding to the second Internet Protocol address and the second port number, so that the service server can process the service message and send the processed service message back to the proxy server.

[0183] The first processing unit 801 is also used to encapsulate the service identifier in the header of the processed service message if it receives the processed service message sent by the service server, so as to obtain the tunnel header information.

[0184] The first sending unit 803 is also used to send processed service messages encapsulated with tunnel header information to the service client.

[0185] In other embodiments of this application, the first processing unit 801 is used to process user information to obtain a first sub-identifier that is not occupied by other users; process the first Internet Protocol address and the first port number to obtain a second sub-identifier that is not occupied by other services associated with the user information; and concatenate the first sub-identifier and the second sub-identifier to obtain a service identifier.

[0186] In other embodiments of this application, the tunnel header information consists of a service identifier, reserved bytes, and bytes used to indicate the amount of service message data.

[0187] In other embodiments of this application, the first processing unit 801 is configured to perform a hash transformation on the user information to obtain a first hash value corresponding to the user information; extract a first value corresponding to a portion of the bytes of the first hash value as a user identifier; if the user identifier is not occupied by other users, determine the user identifier as a first sub-identifier; if the user identifier is occupied by other users, determine the first sub-identifier not occupied by other users from the value range to which the first value belongs.

[0188] In other embodiments of this application, the first processing unit 801 is configured to convert the first Internet Protocol address and the first port number into a tuple to obtain a session identifier; perform a hash transformation on the session identifier to obtain a second hash value corresponding to the session identifier; extract a second value corresponding to a portion of the bytes of the second hash value as the session identifier of the target service; if the session identifier of the target service is not occupied by other services, determine the session identifier of the target service as the second sub-identifier; if the session identifier of the target service is occupied by other services, determine the second sub-identifier that is not occupied by other services from the value range to which the second value belongs.

[0189] It should be noted that the specific implementation process of the steps performed by the first processing unit 801, the first acquisition unit 802, and the first sending unit 803 in this embodiment can be referred to Figure 4 , Figure 6 The implementation process of the data transmission method provided in the corresponding embodiments will not be described in detail here.

[0190] Embodiments of this application provide a service client that can be applied to... Figure 5 , Figure 6 In a data transmission method provided in a corresponding embodiment, referring to Figure 9 As shown, the service client 301 ( Figure 9 301 in the business client and Figure 3 The business client 301 corresponding to the following includes:

[0191] The second sending unit 902 is used to send a proxy connection request to the proxy server if it receives an identifier sent by the proxy server to indicate that the user information verification has passed.

[0192] The second processing unit 901 is used to encapsulate the service identifier in the header of a service message and obtain the tunnel header information of the service identifier if connection information carrying a service identifier is received; wherein, the service identifier is generated based on the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client.

[0193] The second sending unit 902 is also used to send a service message encapsulated with tunnel header information to the proxy server.

[0194] In other embodiments of this application, the second receiving unit 903 is used to receive a processed service message sent by the proxy server, which encapsulates tunnel header information.

[0195] It should be noted that the specific implementation process of the steps performed by the second processing unit 901, the second sending unit 902, and the second receiving unit 903 in this embodiment can be referred to Figure 5 , Figure 6 The implementation process of the data transmission method provided in the corresponding embodiments will not be described in detail here.

[0196] This application provides a computer-readable storage medium storing one or more programs that can be executed by one or more processors to perform, as follows: Figures 4 to 6 The implementation process of the data transmission method provided in the corresponding embodiments will not be described in detail here.

[0197] It should be noted that the aforementioned computer-readable storage media can be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), magnetic random access memory (FRAM), flash memory, magnetic surface memory, optical disc, or compact disc read-only memory (CD-ROM), etc.; or it can be various electronic devices that include one or any combination of the above-mentioned memories, such as mobile phones, computers, tablet devices, personal digital assistants, etc.

[0198] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element.

[0199] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0200] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0201] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer application products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer application instructions. These computer application instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.

[0202] These computer application instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0203] These computer application instructions can also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.

[0204] The above are merely preferred embodiments of this application and do not limit the patent scope of this application. Any equivalent structural or procedural transformations made using the content of this application's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of this application.

Claims

1. A data transmission method, characterized in that, The method includes: Obtain the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client; A service identifier is generated based on the first Internet Protocol address, the first port number, and the user information; If a proxy connection request is received from the service client, the system responds to the proxy connection request and generates connection information carrying the service identifier; wherein, the proxy connection request carries the second Internet Protocol address and the second port number of the service server; the connection information stores a mapping relationship, which is used to indicate the second Internet Protocol address and the second port number corresponding to the service identifier; The connection information is fed back to the service client so that after receiving the connection information, the service client encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier.

2. The method according to claim 1, characterized in that, The method further includes: If a service message containing the tunnel header information is received from the service client, the tunnel header information is parsed to obtain the service identifier; Based on the service identifier and the mapping relationship, the second Internet Protocol address and the second port number are determined; The service message is sent to the service server corresponding to the second Internet Protocol address and the second port number, so that the service server processes the service message and sends the processed service message back to the proxy server. If a processed service message is received from the service server, the service identifier is encapsulated in the header of the processed service message to obtain the tunnel header information. The processed service message, which encapsulates the tunnel header information, is sent to the service client.

3. The method according to claim 1, characterized in that, The step of generating a service identifier based on the first Internet Protocol address, the first port number, and the user information includes: The user information is processed to obtain a first sub-identifier that is not occupied by other users; The first Internet Protocol address and the first port number are processed to obtain a second sub-identifier that is not occupied by other services associated with the user information; The service identifier is obtained by concatenating the first sub-identifier and the second sub-identifier.

4. The method according to claim 1, characterized in that, The tunnel header information consists of the service identifier, reserved bytes, and bytes indicating the amount of service message data.

5. The method according to claim 3, characterized in that, The process of processing the user information to obtain a first sub-identifier that is not occupied by other users includes: The user information is hashed to obtain the first hash value corresponding to the user information; Extract a portion of the bytes corresponding to the first value of the first hash value as the user identifier; If the user identifier is not occupied by the other user, the user identifier is determined to be the first sub-identifier; If the user identifier is occupied by another user, determine the first sub-identifier that is not occupied by the other user from the range of values ​​to which the first value belongs.

6. The method according to claim 3, characterized in that, The process of processing the first Internet Protocol address and the first port number to obtain a second sub-identifier that is not occupied by other services includes: Convert the first Internet Protocol address and the first port number into a tuple to obtain the session identifier; Perform a hash transformation on the session identifier to obtain the second hash value corresponding to the session identifier; Extract a portion of the bytes corresponding to the second hash value as the session identifier for the target service; If the session identifier of the target service is not occupied by the other services, the session identifier of the target service is determined to be the second sub-identifier; If the session identifier of the target service is occupied by the other service, determine the second sub-identifier that is not occupied by the other service from the value range to which the second value belongs.

7. A data transmission method, characterized in that, The method includes: If a proxy server sends an identifier indicating that the user information verification has passed, a proxy connection request is sent to the proxy server. If a connection message carrying a service identifier is received from the proxy server, the service identifier is encapsulated in the header of the service message to obtain the tunnel header information of the service identifier; wherein, the service identifier is generated by the proxy server based on the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client; Send a service message containing the tunnel header information to the proxy server.

8. The method according to claim 7, characterized in that, The method further includes: Receive the processed service message sent by the proxy server, which encapsulates the tunnel header information.

9. A proxy server, characterized in that, The proxy server includes: The first acquisition unit is used to acquire the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client. The first processing unit is configured to generate a service identifier based on the first Internet Protocol address, the first port number, and the user information; The first processing unit is further configured to, upon receiving a proxy connection request sent by the service client, respond to the proxy connection request and generate connection information carrying the service identifier; wherein, the proxy connection request carries the second Internet Protocol address and the second port number of the service server; the connection information stores a mapping relationship, the mapping relationship being used to indicate the second Internet Protocol address and the second port number corresponding to the service identifier; The first processing unit is further configured to feed back the connection information to the service client, so that after receiving the connection information, the service client encapsulates the service identifier in the header of the service message to obtain the tunnel header information of the service identifier.

10. A business client, characterized in that, The business clients include: The second sending unit is configured to send a proxy connection request to the proxy server if it receives an identifier sent by the proxy server indicating that the user information verification has passed. The second processing unit is configured to, upon receiving connection information carrying a service identifier, encapsulate the service identifier in the header of a service message to obtain tunnel header information of the service identifier; wherein, the service identifier is generated based on the first Internet Protocol address of the service client, the first port number of the service client, and the user information sent by the service client; The second sending unit is also used to send a service message encapsulating the tunnel header information to the proxy server.