APPLICATION PROGRAMMING INTERFACE AND GENERALIZED NETWORK ADDRESS TRANSLATION FOR TRANSLATION OF TRANSPORT LAYER SESSIONS

US 20080071915A1
Filed: 11/12/2007
Published: 03/20/2008
Est. Priority Date: 03/06/2000
Status: Active Grant

First Claim

Patent Images

1-12. -12. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An application programming interface for translation of transport-layer sessions is presented. The system includes kernel-mode support for application-controlled network address translation and user-mode implementation of the redirect API routines. An application process may request that a network gateway modify the source and/or destination of a given network session in a manner transparent to the original source host and/or the replacement destination host. With the generalized NAT (gNAT) of the instant invention and its associated API, both the source and the destination addresses of message packets may be changed. The address changes are mapped in the gNAT, and may result in apparent sessions between different clients and servers. Depending on the protocol in use (e.g. TCP or UDP), the address translation may be made dynamically by the gNAT, under the command of the application, and take place at the kernel level.

50 Citations

View as Search Results

33 Claims

1-12. -12. (canceled)

13. A computer implemented system for application controlled network address translation comprising:
- a user-mode redirect application programming interface (API) employed by one or more applications to initialize a redirection of one or more network sessions; and
  
  a kernel-mode translation module that implements the redirection by translating a first network session into a second network session upon request from the one or more applications.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, further comprising an entry point provided by the kernel-mode translation module, the entry point observes incoming and outgoing packets from a local network implementing the redirection.
  - 15. The system of claim 13, the redirect comprises of identification of a session to be translated and description of translation to be performed by the kernel-mode translation module.
  - 16. The system of claim 15, wherein the session to be translated is identified by describing protocol, source IP address, source port, destination IP address and destination port of the session.
  - 17. The system of claim 16, wherein the protocol of the session is a transport-layer protocol that includes one of TCP (Transmission Control Protocol) or UDP (User Datagram Protocol).
  - 18. The system of claim 13, further comprising a dynamic redirect mapping that ensures that all packets within the first session receive a similar translation.
  - 19. The system of claim 18, wherein all data received for proper application'"'"'s session as determined by the kernel-mode translation module is automatically translated such that a transport-layer address of the data in the first session matches the second session.
  - 20. The system of claim 13, wherein the user-mode API further comprises routines for canceling a previously requested network session redirect.

21. A method for implementing application controlled network address translation comprising the steps of:
- receiving network data to be transmitted in a network session;
  
  transmitting the network data to a network application;
  
  determining if a dynamic redirect exists for the network data;
  
  if the dynamic redirect exists then automatically translating the network data so that transport-layer address of the network data from the network session matches a transport-layer address of a second session; and
  
  transmitting the translated data to the network in the second session.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The method of claim 21, further comprising dynamically redirecting incoming network data to a client machine under control of the network application.
  - 23. The method of claim 21, wherein creating a redirect for a network session comprises supplying information identifying the network session along with information describing the translation to be done for the network session.
  - 24. The method of claim 23, wherein the network session is identified by a protocol, source IP address of the network session'"'"'s source host, source port indicating a number of the network session'"'"'s source host, destination IP address indicating an IP address of the network session'"'"'s destination host and destination port indicating an IP address of the network sessions destination host.
  - 25. The method of claim 24, wherein automatically translating the network session replaces at least one of the source IP address, source port, destination IP address, or destination port.
  - 26. The method of claim 21, wherein the network application is associated with a user mode.
  - 27. The method of claim 21, wherein the dynamic redirect causes the automatic translation of the network session to the second session in a kernel mode.
  - 28. The method of claim 21, further comprising, inspecting data packets of the network session and modifying application-layer data of the data packets to prevent transmission of unreachable private addressing information to remote peers.
  - 29. The method of claim 28, wherein the data packets are generated by a streaming application.
  - 30. The method of claim 21, wherein the dynamic redirection balances load on a plurality of servers in a multi-server environment by dynamically redirecting one or more UDP messages to a lightly-loaded server from a heavily loaded server.

31. An apparatus for implementing application controlled network address translation comprising:
- means for receiving network data to be transmitted in a network session;
  
  means for automatically translating the network data upon request by a network application so that transport-layer address of the network data from the network session matches a transport-layer address of a second session; and
  
  means for transmitting the translated data to the network in the second session.
- View Dependent Claims (32, 33)
- - 32. The apparatus of claim 31, wherein the means for automatically translating network data exists in a kernel mode.
  - 33. The apparatus of claim 31, wherein the network application is associated with one of a kernel mode or a user mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gbadegesin, Abolade

Granted Patent

US 7,610,389 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/228
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/2521   Translation architectures o...

H04L 61/255   Maintenance or indexing of ...

H04L 63/10   for controlling access to d...

H04L 69/16   Implementation or adaptatio...

H04L 69/22   Parsing or analysis of headers

H04L 69/32   Architecture of open system...

H04L 69/326   in the transport layer [OSI...

APPLICATION PROGRAMMING INTERFACE AND GENERALIZED NETWORK ADDRESS TRANSLATION FOR TRANSLATION OF TRANSPORT LAYER SESSIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

APPLICATION PROGRAMMING INTERFACE AND GENERALIZED NETWORK ADDRESS TRANSLATION FOR TRANSLATION OF TRANSPORT LAYER SESSIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links