Method of session payload editing
First Claim
1. A method of session payload editing by an intelligent transparent application gateway between a private and a public network, the private network serving at least one client and the public network including at least one server, comprising the steps of:
- binding a session payload editor application to a local socket;
commanding, by the session payload editor application, a dynamic port-redirect from a destination port number to the local socket;
receiving from a client a request to connect to the destination port number, the request including application-layer data;
redirecting the request to the local socket;
editing the application-layer data of the request by the session payload editor application; and
forwarding the request to the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of payload editing in an intelligent transparent gateway is provided. Certain applications include addressing information within the data streams of their sessions. When running on clients that are sharing a connection, such applications would send private, unreachable addressing information to remote peers, and the latter would be unable to respond to the clients'"'"'s requests. The system of the instant invention supports an extensible means of modifying a session'"'"'s application-layer data in flight, beyond the modifications made to the session'"'"'s network-layer and transport-layer addressing information. Extensibility is achieved by allowing drivers to inspect the application-layer data in each packet received for a session, and to edit the application data in each packet. These editors register themselves with the gNAT of the instant invention as handlers for a specific TCP/UDP port number, and are henceforth invoked for each message translated in matching sessions.
26 Citations
18 Claims
-
1. A method of session payload editing by an intelligent transparent application gateway between a private and a public network, the private network serving at least one client and the public network including at least one server, comprising the steps of:
-
binding a session payload editor application to a local socket;
commanding, by the session payload editor application, a dynamic port-redirect from a destination port number to the local socket;
receiving from a client a request to connect to the destination port number, the request including application-layer data;
redirecting the request to the local socket;
editing the application-layer data of the request by the session payload editor application; and
forwarding the request to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of session payload editing of application-layer data of message packets communicated between a client and a server through a gateway, comprising the steps of:
-
commanding a dynamic port-redirect within the gateway from a first port to a second port, the second port being bound to a session payload editing application;
receiving a message packet having application-layer data contained therein directed to the first port;
performing a kernel-mode dynamic address translation in accordance with the commanded dynamic port-redirect to direct the message packet to the session payload editing application;
editing the application-layer data of the message packet; and
forwarding the message packet with the edited application-layer data to the server. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method of performing session payload editing of application-layer data within message packets sent between a client on a private network and a server via an intelligent transparent gateway, comprising the steps of:
-
registering a session payload editor with a kernel-mode generalized network address translator (gNAT) of the gateway for at least one port number to enable the gNAT to create a dynamic address redirect of message packets directed to the at least one port number to the session payload editor;
receiving a message packet dynamically redirected by the gNAT to the session payload editor; and
inspecting the application-layer data of the message packet. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification