Search

CN-121979697-A - Full-link log tracking method, device, equipment and medium based on VLESS protocol

CN121979697ACN 121979697 ACN121979697 ACN 121979697ACN-121979697-A

Abstract

The invention provides a full-link log tracking method, device, equipment and medium based on VLESS protocol, which comprises the steps of receiving and configuring tracking option parameters when creating an agent protocol client instance, establishing a transmission layer connection of a bottom server when a client initiates an outbound connection request, detecting the context environment of a current request, extracting an identifier as a link tracking identifier, packaging the link tracking identifier into a handshake data packet of a protocol to be sent to a server when the client carries out application layer protocol handshake, receiving and analyzing the handshake data packet by the server to extract the link tracking identifier, acquiring a context object of the current session of the server, writing the extracted link tracking identifier into the context object to replace or set the log identifier of the current session of the server, realizing unification of the client and the log identifier of the server, and enabling the request of each client to correspond to the log of the server so as to be convenient for users.

Inventors

  • LIU ZHIHAI
  • WANG WENSHENG
  • LIN HONGSHEN

Assignees

  • 福建紫讯信息科技有限公司

Dates

Publication Date
20260505
Application Date
20251203

Claims (10)

  1. 1. A full-link log tracking method based on VLESS protocol is characterized by comprising the following steps: Step 1, when creating a proxy protocol client instance, receiving and configuring tracking option parameters, and determining whether to start a link tracking function; step 2, when the client initiates an outbound connection request, establishing a transport layer connection to the bottom server, detecting the context environment of the current request, and if the tracking function is started and the context contains a log identifier, extracting the identifier as a link tracking identifier; Step 3, when the client side carries out application layer protocol handshake, the link tracking identification is packaged into a handshake data packet of a protocol and sent to the server side; And step 4, the server receives and analyzes the handshake data packet, extracts a link tracking identifier from the handshake data packet, then acquires a context object of the current session of the server, and writes the extracted link tracking identifier into the context object to replace or set a log identifier of the current session of the server, thereby realizing the unification of the client and the log identifier of the server.
  2. 2. A full-link log tracking method based on VLESS protocol is characterized by comprising the steps of establishing a transmission layer connection of a bottom server when a client initiates an outbound connection request, judging whether a custom transmission layer is used according to configuration, if yes, establishing connection by using the custom transmission layer, if not, establishing TCP connection, and judging whether TLS encryption handshake is carried out according to configuration, detecting a context environment of a current request after the transmission layer connection is established successfully, and if a tracking function is started, acquiring a unique UUID generated when the current request flows in the client through a context reading method, and formatting the unique UUID into a link tracking identifier in a character string form.
  3. 3. The full link log tracking method based on VLESS protocol according to claim 1, wherein the step 3 is specifically: When the network type is TCP, a TCP handshake interface is called, the link tracking identification is taken as a parameter to be transmitted in, and the link tracking identification is sent to a server; When the network type is UDP, selecting any one of the following modes to send the link tracking identification according to the configuration mode: a standard UDP mode, namely directly calling a UDP handshake interface and sending the UDP handshake interface to a server; An extended UDP mode, namely calling an extended UDP handshake interface supporting multiplexing or specific optimization and sending the interface to a server; PACKETADDR mode, when the target address is not the domain name, packaging the special sequence packet magic address and the link tracking identification and sending to the server.
  4. 4. The full link log tracking method based on VLESS protocol as set forth in claim 1, wherein the step 4 specifically includes: The server analyzes VLESS the additional information field of the protocol request header; judging whether a non-empty link tracking identifier exists in the additional information field; if yes, the server session management interface is called to acquire the current cooperative or requested context tracking object, and the ID attribute of the object is forcedly updated to be the received link tracking identifier, so that the unification of the client and the server log identifier is realized.
  5. 5. A full-link log tracking device based on VLESS protocol is characterized by comprising: The configuration module is used for receiving and configuring tracking option parameters when the proxy protocol client instance is created, and determining whether to start a link tracking function; The connection management module is used for establishing a transmission layer connection of the bottom server when the client initiates an outbound connection request, detecting the context environment of the current request, and extracting the identifier as a link tracking identifier if the tracking function is started and the context comprises a log identifier; The tracking identification extraction module is used for packaging the link tracking identification into a handshake data packet of a protocol and sending the link tracking identification to the server when the client performs application layer protocol handshake; And then obtaining a context object of the current session of the server, writing the extracted link tracking identification into the context object to replace or set the log identification of the current session of the server, thereby realizing the unification of the log identification of the client and the server.
  6. 6. A full link log tracking device based on VLESS protocol is characterized by that when client initiates out connection request, the connection management module establishes transmission layer connection to bottom server, judges if user-defined transmission layer is used according to configuration, if there is one, it establishes connection, if there is no user-defined transmission layer, it establishes TCP connection and decides if TLS encryption handshake is carried out according to configuration, after transmission layer connection is established successfully, it detects context environment of current request, if tracking function is started, unique UUID generated when current request flows inside client is obtained by context reading method, it is formatted into link tracking identification in character string form.
  7. 7. The full link log tracking device based on VLESS protocol as set forth in claim 5, wherein the tracking identifier extraction module is specifically configured to: When the network type is TCP, a TCP handshake interface is called, the link tracking identification is taken as a parameter to be transmitted in, and the link tracking identification is sent to a server; When the network type is UDP, selecting any one of the following modes to send the link tracking identification according to the configuration mode: a standard UDP mode, namely directly calling a UDP handshake interface and sending the UDP handshake interface to a server; An extended UDP mode, namely calling an extended UDP handshake interface supporting multiplexing or specific optimization and sending the interface to a server; PACKETADDR mode, when the target address is not the domain name, packaging the special sequence packet magic address and the link tracking identification and sending to the server.
  8. 8. The full-link log tracking device based on VLESS protocol according to claim 5, wherein the protocol handshake module comprises: The server analyzes VLESS the additional information field of the protocol request header; judging whether a non-empty link tracking identifier exists in the additional information field; if yes, the server session management interface is called to acquire the current cooperative or requested context tracking object, and the ID attribute of the object is forcedly updated to be the received link tracking identifier, so that the unification of the client and the server log identifier is realized.
  9. 9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 4 when the program is executed by the processor.
  10. 10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any one of claims 1 to 4.

Description

Full-link log tracking method, device, equipment and medium based on VLESS protocol Technical Field The invention relates to the technical field of log tracking, in particular to a VLESS protocol-based full-link log tracking method, device, equipment and medium. Background In the agent architecture of Vless protocol, log records of the client and the server are mutually independent, namely, the client can only record basic information such as a connection request initiated locally, a transmission byte number, a connection state and the like, and the server can only record data such as an accessed connection source, a received data amount, a response state and the like, but cannot effectively associate the client with the server. The splitting state can cause a series of problems in actual operation and maintenance, namely when a user feeds back connection blocking, disconnection or access failure, if an operator checks a client log to find that connection is overtime, the operator cannot match a corresponding abnormal connection record in a server log, namely a server can have a plurality of connection requests at the same time, and cannot distinguish which is the one corresponding to the client, otherwise, when the server has the log of "abnormal closed connection", the operator cannot locate which client request specifically triggers the abnormality. The log fault results in extremely low investigation efficiency, operation and maintenance personnel often need to narrow the range through screening indirect information such as time stamps, IP addresses and the like, but the IP can have dynamic change, the time stamps can also deviate due to network delay, and particularly in a high concurrency scene, the indirect association modes almost fail, irrelevant connection can only be eliminated through investigation one by one, and a large amount of time and cost are consumed. Disclosure of Invention The invention aims to solve the technical problem of providing a full-link log tracking method, device, equipment and medium based on VLESS protocol, which realize end-to-end transparent transmission, and an administrator can instantly pull out a complete log stream from a client initiating request to a server receiving process and then to a target website response only by searching an ID in a log system. In a first aspect, the present invention provides a full link log tracking method based on VLESS protocol, including the following steps: Step 1, when creating a proxy protocol client instance, receiving and configuring tracking option parameters, and determining whether to start a link tracking function; step 2, when the client initiates an outbound connection request, establishing a transport layer connection to the bottom server, detecting the context environment of the current request, and if the tracking function is started and the context contains a log identifier, extracting the identifier as a link tracking identifier; Step 3, when the client side carries out application layer protocol handshake, the link tracking identification is packaged into a handshake data packet of a protocol and sent to the server side; And step 4, the server receives and analyzes the handshake data packet, extracts a link tracking identifier from the handshake data packet, then acquires a context object of the current session of the server, and writes the extracted link tracking identifier into the context object to replace or set a log identifier of the current session of the server, thereby realizing the unification of the client and the log identifier of the server. In a second aspect, the present invention provides a full link log tracking device based on VLESS protocol, including: The configuration module is used for receiving and configuring tracking option parameters when the proxy protocol client instance is created, and determining whether to start a link tracking function; The connection management module is used for establishing a transmission layer connection of the bottom server when the client initiates an outbound connection request, detecting the context environment of the current request, and extracting the identifier as a link tracking identifier if the tracking function is started and the context comprises a log identifier; The tracking identification extraction module is used for packaging the link tracking identification into a handshake data packet of a protocol and sending the link tracking identification to the server when the client performs application layer protocol handshake; And then obtaining a context object of the current session of the server, writing the extracted link tracking identification into the context object to replace or set the log identification of the current session of the server, thereby realizing the unification of the log identification of the client and the server. In a third aspect, the invention provides an electronic device comprising a memory, a processor and a computer program