Transparent inline content inspection and modification in a TCP session
First Claim
1. A method, comprising:
- during a TCP session established between a sending entity and a receiving entity, inspecting a stream of TCP traffic;
upon determining that a portion of the stream is to be rewritten, the portion comprising one or more input data packets received from the sending entity, placing, in an input record, the one or more input data packets constituting the portion;
returning to the sending entity an acknowledgement for each input data packet received except for a last input data packet constituting the portion;
generating, from the one or more input data packets in the input record, a modified portion of the stream, the modified portion comprising one or more output data packets to be sent to the receiving entity;
placing in an output record the one or more output data packets;
forwarding into the stream of TCP traffic to the receiving entity the one or more output data packets in the output record; and
upon receipt of acknowledgements from the receiving entity for each output data packet in the output record, transmitting an acknowledgement of the last input data packet to the sending entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity'"'"'s TCP stack for congestion control, as well as the receiving entity'"'"'s re-transmission behavior to determine how the device manages packets internally.
-
Citations
25 Claims
-
1. A method, comprising:
-
during a TCP session established between a sending entity and a receiving entity, inspecting a stream of TCP traffic; upon determining that a portion of the stream is to be rewritten, the portion comprising one or more input data packets received from the sending entity, placing, in an input record, the one or more input data packets constituting the portion; returning to the sending entity an acknowledgement for each input data packet received except for a last input data packet constituting the portion; generating, from the one or more input data packets in the input record, a modified portion of the stream, the modified portion comprising one or more output data packets to be sent to the receiving entity; placing in an output record the one or more output data packets; forwarding into the stream of TCP traffic to the receiving entity the one or more output data packets in the output record; and upon receipt of acknowledgements from the receiving entity for each output data packet in the output record, transmitting an acknowledgement of the last input data packet to the sending entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor, the computer memory comprising a first memory buffer, and a second memory buffer, the computer program instructions, comprising; program code operative during a TCP session established between a first computing entity and a second computing entity, to inspect a stream of TCP traffic; program code operative upon determining that a portion of the stream is to be rewritten, the portion comprising one or more input data packets, to store into the first memory buffer the one or more input data packets constituting the portion; program code operative to return an acknowledgement for each input data packet received except for a last input data packet constituting the portion; program code operative to generate, from the one or more input data packets, a modified portion of the stream, the modified portion comprising one or more output data packets; program code to store into the second memory buffer the one or more output data packets; program code operative to forward into the stream of TCP traffic the one or more output data packets; and program code operative upon receipt of acknowledgements for each output data packet to transmit an acknowledgement of the last input data packet. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the data processing system, the computer program instructions comprising:
-
program code operative during a TCP session established between a first computing entity and a second computing entity, to inspect a stream of TCP traffic; program code operative upon determining that a portion of the stream is to be rewritten, the portion comprising one or more input data packets, to store into a first memory buffer the one or more input data packets constituting the portion; program code operative to return an acknowledgement for each input data packet received except for a last input data packet constituting the portion; program code operative to generate, from the one or more input data packets, a modified portion of the stream, the modified portion comprising one or more output data packets; program code to store into a second memory buffer the one or more output data packets; program code operative to forward into the stream of TCP traffic the one or more output data packets; and program code operative upon receipt of acknowledgements for each output data packet to transmit an acknowledgement of the last input data packet. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A method, comprising:
-
inspecting traffic flowing between a pair of endpoints that each support a TCP stack; as the traffic is flowing, and without connection termination, selectively rewriting the traffic to generate rewritten data content; and using endpoint-generated retransmitted packets and acknowledgement messages to control transmission of the rewritten data content; wherein the inspecting, rewriting and control operations are performed in software executing in one or more hardware elements.
-
Specification