Efficient intercept of connection-based transport layer connections
First Claim
1. A network device, comprising:
- a memory; and
means for;
a) monitoring first information passing across a TCP (Transmission Control Protocol) connection, wherein the first information is communicated via the TCP connection through the network device;
b) as a result of the monitoring of (a) making a determination that the first information has a first characteristic;
c) in response to the making of the determination in (b) splitting a single TCP control loop that manages flow across the TCP connection into two TCP control loops, wherein after the splitting the memory stores two TCP Transmission Control Blocks (TCBs) for the TCP connection;
d) after the splitting of (c) monitoring second information communicated via the TCP connection and making a determination that the second information does not have a second characteristic;
e) in response to the making of the determination in (d) connecting the two TCP control loops into one TCP control loop such that the one TCP control loop manages flow across the TCP connection; and
(f) after the connecting of (e) communicating third information through the network device via the TCP connection, wherein at no time from the monitoring of (a) to the communicating of (f) is the TCP connection terminated on the network device, and wherein all of the first information, the second information, and the third information is at least received onto the network device via the TCP connection.
2 Assignments
0 Petitions
Accused Products
Abstract
A TCP connection is established between a client and a server, such that packets communicated across the TCP connection pass through a proxy. Based at least in part on a result of monitoring packets flowing across the TCP connection, the proxy determines whether to split the TCP control loop into two TCP control loops so that packets can be inspected more thoroughly. If the TCP control loop is split, then a first TCP control loop manages flow between the client the proxy and a second TCP control loop manages flow between the proxy and the server. Due to the two control loops, packets can be held on the proxy long enough to be analyzed. In some circumstances, a decision is then made to stop inspecting. The two TCP control loops are merged into a single TCP control loop, and thereafter the proxy passes packets of the TCP connection through unmodified.
12 Citations
19 Claims
-
1. A network device, comprising:
-
a memory; and means for; a) monitoring first information passing across a TCP (Transmission Control Protocol) connection, wherein the first information is communicated via the TCP connection through the network device; b) as a result of the monitoring of (a) making a determination that the first information has a first characteristic; c) in response to the making of the determination in (b) splitting a single TCP control loop that manages flow across the TCP connection into two TCP control loops, wherein after the splitting the memory stores two TCP Transmission Control Blocks (TCBs) for the TCP connection; d) after the splitting of (c) monitoring second information communicated via the TCP connection and making a determination that the second information does not have a second characteristic; e) in response to the making of the determination in (d) connecting the two TCP control loops into one TCP control loop such that the one TCP control loop manages flow across the TCP connection; and (f) after the connecting of (e) communicating third information through the network device via the TCP connection, wherein at no time from the monitoring of (a) to the communicating of (f) is the TCP connection terminated on the network device, and wherein all of the first information, the second information, and the third information is at least received onto the network device via the TCP connection. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network device comprising:
-
a memory; and a processor, wherein the processor communicates information through the network device across a single TCP (Transmission Control Protocol) connection, wherein the single TCP connection is between a client and a server, wherein communication across the TCP connection between the client and the server is initially managed by a single TCP control loop but then the processor splits the TCP control loop thereby forming a first TCP control loop and a second TCP control loop, wherein at least some of the information communicated via the single TCP connection is decrypted, and wherein based at least in part on a result of the decryption a determination is made to connect the first TCP control loop and the second TCP control loop, wherein the processor thereafter combines the first TCP control loop and the second TCP control loop to reform the single TCP control loop, wherein packets are forwarded through the network device across the single TCP connection, and wherein after the reforming of the single TCP control loop flow control for the single TCP connection is managed by the single TCP control loop. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory processor-readable medium that stores instructions which when executed by a processor causes the processor to perform a method comprising:
-
(a) communicating information through a first network device across a single TCP (Transmission Control Protocol) connection, wherein the single TCP connection is between a second network device and a third network device, wherein flow control for the single TCP connection is initially managed by a single TCP control loop but then the first network device splits the single TCP control loop into a first TCP control loop that manages flow control between the second network device and the first network device and a second TCP control loop that manages flow control between the first network device and the third network device, wherein at least some of the information communicated via the single TCP connection is decrypted, and wherein based at least in part on a result of the decryption a determination is made to connect the first TCP control loop and the second TCP control loop; and (b) combining the first TCP control loop and the second TCP control loop thereby reforming the single TCP control loop, wherein packets are forwarded through the first network device across the single TCP connection, and wherein after the combining of (b) flow control for the single TCP connection is managed by the single TCP control loop. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification