Establishing Tunnels Between Selective Endpoint Devices Along Communication Paths
First Claim
Patent Images
1. A method comprising:
- by a first computing device,receiving a first communication packet from a second computing device destined to a third computing device;
if the first communication packet is a connection-initiating packet having no customization indicator, then;
generating a second connection-initiating packet having a customization indicator and addressed to the third computing device;
setting a value of the customization indicator of the second connection-initiating packet to 0; and
sending the second connection-initiating packet to the third computing device;
if the first communication packet is a connection-initiating packet having a customization indicator with a value of 0, then;
generating a third connection-initiating packet having a customization indicator and addressed to the third computing device;
setting a value of the customization indicator of the third connection-initiating packet to 1; and
sending the third connection-initiating packet to the third computing device;
if the first communication packet is a connection-initiating packet having a customization indicator with a value of 1, then;
generating a first connection-acknowledgement packet having a customization indicator and addressed to the second computing device;
setting a value of the customization indicator of the first connection-acknowledgement packet to 1; and
sending the first connection-acknowledgement packet to the second computing device;
if the first communication packet is a connection-acknowledgement packet having no customization indicator, then;
installing an intercept rule;
generating a second connection-acknowledgement packet having a customization indicator and addressed to the second computing device;
setting a value of the customization indicator of the second connection-acknowledgement packet to 1; and
sending the second connection-acknowledgement packet to the second computing device; and
if the first communication packet is a connection-acknowledgement packet having a customization indicator with a value of 1, then;
installing a bypass rule.
9 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, an intermediary device situated along a communication path between two endpoint devices may receive communication packets sent along the communication path. If the intermediary device receives a connection-initiating packet having a customization indicator and a connection-acknowledgement packet having a customization indicator, then the intermediary device may install a bypass rule.
-
Citations
21 Claims
-
1. A method comprising:
- by a first computing device,
receiving a first communication packet from a second computing device destined to a third computing device; if the first communication packet is a connection-initiating packet having no customization indicator, then; generating a second connection-initiating packet having a customization indicator and addressed to the third computing device; setting a value of the customization indicator of the second connection-initiating packet to 0; and sending the second connection-initiating packet to the third computing device; if the first communication packet is a connection-initiating packet having a customization indicator with a value of 0, then; generating a third connection-initiating packet having a customization indicator and addressed to the third computing device; setting a value of the customization indicator of the third connection-initiating packet to 1; and sending the third connection-initiating packet to the third computing device; if the first communication packet is a connection-initiating packet having a customization indicator with a value of 1, then; generating a first connection-acknowledgement packet having a customization indicator and addressed to the second computing device; setting a value of the customization indicator of the first connection-acknowledgement packet to 1; and sending the first connection-acknowledgement packet to the second computing device; if the first communication packet is a connection-acknowledgement packet having no customization indicator, then; installing an intercept rule; generating a second connection-acknowledgement packet having a customization indicator and addressed to the second computing device; setting a value of the customization indicator of the second connection-acknowledgement packet to 1; and sending the second connection-acknowledgement packet to the second computing device; and if the first communication packet is a connection-acknowledgement packet having a customization indicator with a value of 1, then; installing a bypass rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- by a first computing device,
-
9. A first system comprising:
-
a memory comprising instructions executable by one or more processors; and the one or more processors coupled to the memory and operable to execute the instructions, the one or more processors being operable when executing the instructions to; receive a first communication packet from a second system destined to a third system; if the first communication packet is a connection-initiating packet having no customization indicator, then; generate a second connection-initiating packet having a customization indicator and addressed to the third system; set a value of the customization indicator of the second connection-initiating packet to 0; and send the second connection-initiating packet to the third system; if the first communication packet is a connection-initiating packet having a customization indicator with a value of 0, then; generate a third connection-initiating packet having a customization indicator and addressed to the third system; set a value of the customization indicator of the third connection-initiating packet to 1; and send the third connection-initiating packet to the third system; if the first communication packet is a connection-initiating packet having a customization indicator with a value of 1, then; generate a first connection-acknowledgement packet having a customization indicator and addressed to the second system; set a value of the customization indicator of the first connection-acknowledgement packet to 1; and send the first connection-acknowledgement packet to the second system; if the first communication packet is a connection-acknowledgement packet having no customization indicator, then; install an intercept rule; generate a second connection-acknowledgement packet having a customization indicator and addressed to the second system; set a value of the customization indicator of the second connection-acknowledgement packet to 1; and send the second connection-acknowledgement packet to the second system; and if the first communication packet is a connection-acknowledgement packet having a customization indicator with a value of 1, then; install a bypass rule. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more computer-readable non-transitory storage media embodying software operable when executed by a first computer system to:
-
receive a first communication packet from a second computer system destined to a third computer system; if the first communication packet is a connection-initiating packet having no customization indicator, then; generate a second connection-initiating packet having a customization indicator and addressed to the third computer system; set a value of the customization indicator of the second connection-initiating packet to 0; and send the second connection-initiating packet to the third computer system; if the first communication packet is a connection-initiating packet having a customization indicator with a value of 0, then; generate a third connection-initiating packet having a customization indicator and addressed to the third computer system; set a value of the customization indicator of the third connection-initiating packet to 1; and send the third connection-initiating packet to the third computer system; if the first communication packet is a connection-initiating packet having a customization indicator with a value of 1, then; generate a first connection-acknowledgement packet having a customization indicator and addressed to the second computer system; set a value of the customization indicator of the first connection-acknowledgement packet to 1; and send the first connection-acknowledgement packet to the second computer system; if the first communication packet is a connection-acknowledgement packet having no customization indicator, then; install an intercept rule; generate a second connection-acknowledgement packet having a customization indicator and addressed to the second computer system; set a value of the customization indicator of the second connection-acknowledgement packet to 1; and send the second connection-acknowledgement packet to the second computer system; and if the first communication packet is a connection-acknowledgement packet having a customization indicator with a value of 1, then; install a bypass rule. - View Dependent Claims (18, 19, 20)
-
-
21-24. -24. (canceled)
Specification