TCP data reassembly

US 20090161568A1
Filed: 12/21/2007
Published: 06/25/2009
Est. Priority Date: 12/21/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for processing computer network data, said method comprising the steps of:

receiving a stream of data at a first device, said stream comprising at least a first data frame, said first data frame having been sent from a second device to a third device, and said first data frame containing a payload section and at least one header section;

classifying the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet;

supplying a monitoring application with a copy of the first data frame and sending the first data frame to the third device from the first device when the first data frame is classified as containing a non-IP packet;

checking an associated header checksum for validity when the first data frame is classified as containing one of a UDP/IP datagram and non-TCP/UDP IP packet, supplying a monitoring application with a copy of a payload section associated with the first data frame, and sending the first data frame to the third device from the first device when the UDP header checksum is valid; and

checking an associated TCP header checksum for validity, when the first data frame is classified as containing a TCP/IP segment, and sending the first data frame to the third device from the first device and comparing an actual TCP header sequence number with an expected TCP header sequence number when the TCP header checksum is valid, and,supplying the monitoring application with a copy of the TCP/IP segment when no gap exists between the actual TCP header sequence number and the expected TCP header sequence number, andstoring the first data frame when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and apparatus for processing computer network data. An embodiment of the invention comprises a first device for receiving a stream of data, said stream comprising at least a first data frame, said first data frame having been sent from a second device 101 to a third device 201, the first data frame containing a payload section and at least one header section, the first device comprising: a TCP data reassembly apparatus 10 communicatively coupled to a monitoring application 16 and a memory 14. The TCP data reassembly apparatus 10 is adapted to receive the stream of data and classify the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet; supply the monitoring application 16 with a copy of the first data frame and send the first data frame to the third device 201 from the first device 101 when the first data frame is classified as containing one of a non-TCP/UDP IP packet and a non-IP packet. The TCP data reassembly apparatus 10 is also adapted to check an associated UDP header checksum for validity when the first data frame is classified as containing a UDP/IP datagram and supply the monitoring application 16 with a copy of the first data frame and send the first data frame to the third device from the first device 101 when the UDP header checksum is valid. The TCP data reassembly apparatus 10 is further adapted to check an associated TCP header checksum for validity when the first data frame is classified as containing a TCP/IP segment, and send the first data frame to the third device 201 from the first device 101 and compare an actual TCP header sequence number with an expected TCP header sequence number when the associated TCP header checksum is valid; and supply the monitoring application 16 with a copy of the TCP/IP segment when no gap exists between the sequence number and the expected sequence number, and, store the first data frame in the memory 14 when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number.

Citations

11 Claims

1. A method for processing computer network data, said method comprising the steps of:
- receiving a stream of data at a first device, said stream comprising at least a first data frame, said first data frame having been sent from a second device to a third device, and said first data frame containing a payload section and at least one header section;
  
  classifying the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet;
  
  supplying a monitoring application with a copy of the first data frame and sending the first data frame to the third device from the first device when the first data frame is classified as containing a non-IP packet;
  
  checking an associated header checksum for validity when the first data frame is classified as containing one of a UDP/IP datagram and non-TCP/UDP IP packet, supplying a monitoring application with a copy of a payload section associated with the first data frame, and sending the first data frame to the third device from the first device when the UDP header checksum is valid; and
  
  checking an associated TCP header checksum for validity, when the first data frame is classified as containing a TCP/IP segment, and sending the first data frame to the third device from the first device and comparing an actual TCP header sequence number with an expected TCP header sequence number when the TCP header checksum is valid, and,supplying the monitoring application with a copy of the TCP/IP segment when no gap exists between the actual TCP header sequence number and the expected TCP header sequence number, andstoring the first data frame when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising:
    - receiving at the first device a second data frame, said second data frame having been sent from the second device to the third device, and said second data frame comprising a TCP/IP segment and an associated TCP header;
      
      checking a header checksum in the associated TCP header for validity and comparing a sequence number of the associated TCP header with the sequence gap when the header checksum in the associated TCP header is valid; and
      
      ,storing the second data frame when the sequence number of the associated TCP header fails to fill the sequence gap; and
      
      ,supplying the monitoring application with an ordered sequence of TCP/IP segments when the sequence number of the associated TCP header fills the sequence gap, said ordered sequence being reassembled from the TCP/IP segments contained in the first and second data frame.

3. Apparatus for processing computer network data, said apparatus comprising:
- a first device for receiving a stream of data, said stream comprising at least a first data frame, said first data frame having been sent from a second device to a third device, the first data frame containing a payload section and at least one header section, the first device comprising;
  
  a TCP data reassembly apparatus communicatively coupled to a monitoring application and a memory, said TCP data reassembly apparatus adapted toreceive the stream of data and classify the first data frame as containing one of a TCP/IP segment, a UDP/IP datagram, a non-TCP/UDP IP packet, and a non-IP packet;
  
  supply the monitoring application with a copy of the first data frame and send the first data frame to the third device from the first device when the first data frame is classified as containing one of a non-TCP/UDP IP packet and a non-IP packet;
  
  check an associated header checksum for validity when the first data frame is classified as containing one of a UDP/IP datagram and non-TCP/UDP IP packet, supply the monitoring application with a copy of a payload section associated with the first data frame, and send the first data frame to the third device from the first device when the UDP header checksum is valid; and
  
  check an associated TCP header checksum for validity when the first data frame is classified as containing a TCP/IP segment, and send the first data frame to the third device from the first device and compare an actual TCP header sequence number with an expected TCP header sequence number when the associated TCP header checksum is valid; and
  
  supply the monitoring application with a copy of the TCP/IP segment when no gap exists between the sequence number and the expected sequence number, and,store the first data frame in the memory when a sequence gap exists between the actual TCP header sequence number and the expected TCP header sequence number.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
- - 4. The apparatus of claim 3, wherein the TCP data reassembly apparatus is further adapted toreceive a second data frame, said second data frame having been sent from the second device to the third device, said second data frame comprising a TCP/IP segment and an associated TCP header;
    - check a header checksum in the associated TCP header for validity and drop the second data frame when the header checksum in the associated TCP header is invalid;
      
      compare a sequence number of the associated TCP header with the sequence gap when the header checksum in the associated TCP header is valid; and
      
      ,store the second data frame in the memory when the sequence number fails to fill the sequence gap; and
      
      supply the monitoring application with an ordered sequence of TCP/IP segments when the sequence number of the associated TCP header fills the sequence gap, said ordered sequence being reassembled from the TCP/IP segments contained in the first and second data frame.
  - 5. The apparatus of claim 3, wherein the first device is in a flow path between the second device and the third device.
  - 6. The apparatus of claim 3, wherein the first device operates as a passive tap of a flow path between the second device and the third device.
  - 7. The apparatus of claim 3, wherein the TCP data reassembly apparatus is further adapted to receive and implement commands from an external application.
  - 8. The apparatus of claim 7, wherein the TCP data reassembly apparatus, responsive to a command from the external application, is adapted to block any packets from a connection.
  - 9. The apparatus of claim 7, wherein the TCP data reassembly apparatus, responsive to a command from the external application, is adapted to send a reset segment operable to shut down transmission of any subsequent data between the second device and the third device.
  - 10. The apparatus of claim 7, wherein the TCP data reassembly apparatus, responsive to a command from the external application, is adapted to allow disabling inspection of data between the second device and the third device.
  - 11. The apparatus of claim 7, wherein the TCP data reassembly apparatus, responsive to a command from the external application, is adapted to reroute all data arriving from at least one of the first device and the second device to the monitoring application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Global Velocity, Inc.
Original Assignee
Global Velocity, Inc.
Inventors
Kastner, Charles

Application Number

US12/004,791
Publication Number

US 20090161568A1
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 69/16   Implementation or adaptatio...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/166   IP fragmentation; TCP segme...

TCP data reassembly

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

TCP data reassembly

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links