Method of session payload editing

US 20040210674A1
Filed: 05/11/2004
Published: 10/21/2004
Est. Priority Date: 03/29/2000
Status: Active Grant

First Claim

Patent Images

1. A method of session payload editing by an intelligent transparent application gateway between a private and a public network, the private network serving at least one client and the public network including at least one server, comprising the steps of:

binding a session payload editor application to a local socket;

commanding, by the session payload editor application, a dynamic port-redirect from a destination port number to the local socket;

receiving from a client a request to connect to the destination port number, the request including application-layer data;

redirecting the request to the local socket;

editing the application-layer data of the request by the session payload editor application; and

forwarding the request to the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of payload editing in an intelligent transparent gateway is provided. Certain applications include addressing information within the data streams of their sessions. When running on clients that are sharing a connection, such applications would send private, unreachable addressing information to remote peers, and the latter would be unable to respond to the clients'"'"'s requests. The system of the instant invention supports an extensible means of modifying a session'"'"'s application-layer data in flight, beyond the modifications made to the session'"'"'s network-layer and transport-layer addressing information. Extensibility is achieved by allowing drivers to inspect the application-layer data in each packet received for a session, and to edit the application data in each packet. These editors register themselves with the gNAT of the instant invention as handlers for a specific TCP/UDP port number, and are henceforth invoked for each message translated in matching sessions.

26 Citations

View as Search Results

18 Claims

1. A method of session payload editing by an intelligent transparent application gateway between a private and a public network, the private network serving at least one client and the public network including at least one server, comprising the steps of:
- binding a session payload editor application to a local socket;
  
  commanding, by the session payload editor application, a dynamic port-redirect from a destination port number to the local socket;
  
  receiving from a client a request to connect to the destination port number, the request including application-layer data;
  
  redirecting the request to the local socket;
  
  editing the application-layer data of the request by the session payload editor application; and
  
  forwarding the request to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the step of commanding a dynamic port-redirect comprises the steps of:
    - invoking a transparent proxy application programming interface (API) to create the dynamic port-redirect; and
      
      instructing a generalized network address translation module (gNAT), by the API, to perform the dynamic port-redirect at a kernel-mode.
  - 3. The method of claim 2, wherein the step of redirecting the request to the local socket comprises the steps of:
    - changing, by the gNAT, a destination address of the connection request to a local address of the local socket;
      
      recording the change made in a translation mapping; and
      
      forwarding the connection request to the session payload editor application.
  - 4. The method of claim 3, wherein the step of forwarding the request to the server comprises the steps of;
    - invoking the API to determine the address of the server to which the request was originally sent;
      
      establishing a session on the client'"'"'s behalf with the server; and
      
      sending the request to the server.
  - 5. The method of claim 1, wherein the step of editing the application-layer data of the request by the session payload editor application comprises the steps of:
    - inspecting the application-layer data of the request;
      
      determining that the application-layer data contains private, unreachable addressing information; and
      
      modifying the private, unreachable addressing information to addressing information of the intelligent transparent application gateway.
  - 6. The method of claim 5, further comprising the step performed by the session payload editor of establishing a data session for responses from the server.
  - 7. The method of claim 6, wherein the step of establishing a data session for responses from the server comprises the steps of:
    - commanding a dynamic address translation for message packets received from the server to the client;
      
      receiving a message packet from the server at the kernel-mode gNAT;
      
      translating a destination address of the message packet to the client in the kernel-mode gNAT; and
      
      forwarding the message packet directly to the client, thereby bypassing the session payload editor application.

8. A method of session payload editing of application-layer data of message packets communicated between a client and a server through a gateway, comprising the steps of:
- commanding a dynamic port-redirect within the gateway from a first port to a second port, the second port being bound to a session payload editing application;
  
  receiving a message packet having application-layer data contained therein directed to the first port;
  
  performing a kernel-mode dynamic address translation in accordance with the commanded dynamic port-redirect to direct the message packet to the session payload editing application;
  
  editing the application-layer data of the message packet; and
  
  forwarding the message packet with the edited application-layer data to the server.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein the step of receiving a message packet having application-layer data contained therein comprises the step of receiving a message packet having application-layer data including private address information of the client, and wherein the step of editing the application-layer data comprises the step of replacing the private address information with public address information of the gateway.
  - 10. The method of claim 9, further comprising the steps of:
    - commanding a dynamic address translation for message packets received from the server with the public address information;
      
      receiving a message packet from the server at the kernel-mode gNAT having the public address information;
      
      translating a destination address of the message packet in the kernel-mode gNAT in accordance with the dynamic address translation; and
      
      forwarding the message packet directly to the client, thereby bypassing the session payload editor application.
  - 11. The method of claim 8 further comprising the steps of:
    - establishing a session with the server to which the message packet was originally sent;
      
      commanding a dynamic address redirect associated with the server at a kernel-level within the gateway; and
      
      dynamically redirecting messages at the kernel-level in accordance with the commanded dynamic address redirect, thereby bypassing the session payload editor application.
  - 12. The method of claim 8 wherein the application-layer data of the message packet includes therein advertised port numbers, further comprising the step of replacing the advertised port numbers within the application-layer data of the message packet with reserved port number of the gateway.

13. A method of performing session payload editing of application-layer data within message packets sent between a client on a private network and a server via an intelligent transparent gateway, comprising the steps of:
- registering a session payload editor with a kernel-mode generalized network address translator (gNAT) of the gateway for at least one port number to enable the gNAT to create a dynamic address redirect of message packets directed to the at least one port number to the session payload editor;
  
  receiving a message packet dynamically redirected by the gNAT to the session payload editor; and
  
  inspecting the application-layer data of the message packet.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising the step of forwarding the message packet with the edited application-layer data to the server.
  - 15. The method of claim 13, wherein the application-layer data includes private addressing information, and wherein the step of inspecting the application-layer data of the message packet comprises the step of editing the private addressing information to provide public addressing information of the gateway.
  - 16. The method of claim 15, further comprising the step of commanding the gNAT to generate a dynamic redirect of messages sent from the server to the public addressing information within the kernel-mode thereby bypassing the session payload editor.
  - 17. The method of claim 13, wherein the step of registering a session payload editor with a kernel-mode generalized network address translator (gNAT) of the gateway for at least one port number to enable the gNAT to create a dynamic address redirect of message packets directed to the at least one port number to the session payload editor comprises the step of registering a session payload editor with a kernel-mode generalized network address translator (gNAT) of the gateway for at least one TCP port number to enable the gNAT to create a dynamic address redirect of message packets directed to the at least one TCP port number to the session payload editor.
  - 18. The method of claim 13, wherein the step of registering a session payload editor with a kernel-mode generalized network address translator (gNAT) of the gateway for at least one port number to enable the gNAT to create a dynamic address redirect of message packets directed to the at least one port number to the session payload editor comprises the step of registering a session payload editor with a kernel-mode generalized network address translator (gNAT) of the gateway for at least one UDP port number to enable the gNAT to create a dynamic address redirect of message packets directed to the at least one UDP port number to the session payload editor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gbadegesin, Abolade

Granted Patent

US 7,293,095 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/249
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/25   of the same type

H04L 67/563   Data redirection of data ne...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Method of session payload editing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method of session payload editing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links