Pseudo network adapter for frame capture, encapsulation and encryption

US 6,101,543 A
Filed: 10/25/1996
Issued: 08/08/2000
Est. Priority Date: 10/25/1996
Status: Expired due to Term

First Claim

Patent Images

1. A pseudo network adapter providing a virtual private network, comprising:

an interface for capturing packets from a local communications protocol stack for transmission on said virtual private network, said interface appearing to said local communications protocol stack as a network adapter device driver for a network adapter connected to said virtual private network;

a first server emulator, providing a first reply packet responsive to a first request packet captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network, said first request packet requesting a network layer address for said pseudo network adapter, said first reply indicating a network layer address for said pseudo network adapter; and

a second server emulator, providing a second reply packet responsive to an second request packet captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network, said second request packet requesting a physical address corresponding to a network layer address of a second pseudo network adapter, said second pseudo network adapter located on a remote server node, said second reply indicating a predetermined, reserved physical address.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new pseudo network adapter is disclosed providing an interface for capturing packets from a local communications protocol stack for transmission on the virtual private network. The system further includes a Dynamic Host Configuration Protocol (DHCP) server emulator, and an Address Resolution Protocol (ARP) server emulator. The new system indicates to the local communications protocol stack that nodes on a remote private network are reachable through a gateway that is in turn reachable through the pseudo network adapter. The new pseudo network adapter includes a transmit path for processing data packets from the local communications protocol stack for transmission through the pseudo network adapter. The transmit path includes an encryption engine for encrypting the data packets and an encapsulation engine for encapsulating the encrypted data packets into tunnel data frames. The pseudo network adapter passes the tunnel data frames back to the local communications protocol stack for transmission to a physical network adapter on a remote server node. The new pseudo network adapter further includes an interface into a transport layer of the-local communications protocol stack for capturing received data packets from the remote server node, and a receive path for processing received data packets captured from the transport layer of the local communications protocol stack. The receive path includes a decapsulation engine, and a decryption engine, and passes the decrypted, decapsulated data packets back to the local communications protocol stack for delivery to a user.

410 Citations

22 Claims

1. A pseudo network adapter providing a virtual private network, comprising:
- an interface for capturing packets from a local communications protocol stack for transmission on said virtual private network, said interface appearing to said local communications protocol stack as a network adapter device driver for a network adapter connected to said virtual private network;
  
  a first server emulator, providing a first reply packet responsive to a first request packet captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network, said first request packet requesting a network layer address for said pseudo network adapter, said first reply indicating a network layer address for said pseudo network adapter; and
  
  a second server emulator, providing a second reply packet responsive to an second request packet captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network, said second request packet requesting a physical address corresponding to a network layer address of a second pseudo network adapter, said second pseudo network adapter located on a remote server node, said second reply indicating a predetermined, reserved physical address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The pseudo network adapter of claim 1, further comprising a means for indicating to said local communications protocol stack that said predetermined, reserved physical address is reachable through said pseudo network adapter.
  - 3. The pseudo network adapter of claim 2, wherein said means for indicating to said local communications protocol stack that said predetermined, reserved physical address is reachable through said pseudo network adapter modifies a data structure in said local communications protocol stack indicating which nodes or networks are reachable through each network interface of the local system.
  - 4. The pseudo network adapter of claim 1, further comprising a means for indicating to said local communications protocol stack that one or more nodes on a remote private network connected to said remote server node are reachable through a gateway node equal to said second pseudo network adapter on said remote server node.
  - 5. The pseudo network adapter of claim 4, wherein said means for indicating to said local communications protocol stack that one or more nodes on said remote private network connected to said remote server node are reachable through a gateway node equal to said second pseudo network adapter on said remote server node modifies a network layer routing table in said local communications protocol stack.
  - 6. The pseudo network adapter of claim 1, further comprising:
    - a transmit path for processing data packets captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network;
      
      an encryption engine, within said transmit path, for encrypting said data packets;
      
      an encapsulation engine, within said transmit path, for encapsulating said encrypted data packets into tunnel data frames; and
      
      a means for passing said tunnel data frames back to said local communications protocol stack for transmission to a physical network adapter on said remote server node.
  - 7. The pseudo network adapter of claim 6, wherein said transmit path further includes means for storing a digest value in a digest field in each of said tunnel data frames, said digest value equal to an output of a keyed hash function applied to said data packet encapsulated within said tunnel data frame concatenated with a counter value equal to a total number of tunnel data frames previously transmitted to said remote server node.
  - 8. The pseudo network adapter of claim 6, wherein said transmit path further includes means for processing an Ethernet header in each one of said captured data packets, said processing of said Ethernet header including removing said Ethernet header.
  - 9. The pseudo network adapter of claim 1, further comprising an interface into a transport layer of said local communications protocol stack for capturing received data packets from said remote server node.
  - 10. The pseudo network adapter of claim 9, further comprising:
    - a receive path for processing received data packets captured by said interface into said transport layer of said local communications protocol stack for capturing received data packets from said remote server node;
      
      an decapsulation engine, within said receive path, for decapsulating said received data packets by removing a tunnel frame header; and
      
      an decryption engine, within said receive path, for decrypting said received data packets;
      
      a means for passing said received data packets back to said local communications protocol stack for delivery to a user.
  - 11. The pseudo network adapter of claim 1, wherein said network layer address for said pseudo network adapter and said predetermined, reserved physical address is communicated to said pseudo network adapter from said remote server node as client data in a connection response frame.

12. A method for providing a pseudo network adapter for a virtual private network, comprising:
- capturing packets from a local communications protocol stack for transmission on said virtual private network, said capturing through an interface appearing to said local communications stack as a network adapter device driver for a network adapter connected to said virtual private network;
  
  issuing a first reply packet responsive to a first request packet captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network, said first request packet requesting a network layer address for said pseudo network adapter, said first reply indicating a network layer address for said pseudo network adapter; and
  
  issuing a second reply packet responsive to a second request packet captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network, said second request packet requesting a physical address corresponding to a network layer address of a second pseudo network adapter, said second pseudo network adapter located on a remote server node, said ARP Reply indicating a predetermined, reserved physical address.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, further comprising indicating to said local communications protocol stack that said predetermined, reserved physical address is reachable through said pseudo network adapter.
  - 14. The method of claim 13, wherein said step of indicating to said local communications protocol stack that said predetermined, reserved physical address is reachable through said pseudo network adapter modifies a data structure in said local communications protocol stack indicating which nodes or networks are reachable through each network interface of the local system.
  - 15. The method of claim 12, further comprising indicating to said local communications protocol stack that one or more nodes on a remote private network connected to said remote server node are reachable through a gateway node equal to said second pseudo network adapter on said remote server node.
  - 16. The method of claim 15, wherein said step of indicating to said local communications protocol stack that one or more nodes on said remote private network connected to said remote server node are reachable through a gateway node equal to said second pseudo network adapter on said remote server node modifies a network layer routing table in said local communications protocol stack.
  - 17. The method of claim 12, further comprising:
    - processing data packets captured by said interface for capturing packets from said local communications protocol stack for transmission on said virtual private network in a transmit data path;
      
      encrypting said data packets in an encryption engine, within said transmit path;
      
      encapsulating said encrypted data packets into tunnel data frames by an encapsulation engine, within said transmit path; and
      
      passing said tunnel data frames back to said local communications protocol stack for transmission to a physical network adapter on said remote server node.
  - 18. The method of claim 17, wherein said transmit path further includes storing a digest value in a digest field in each of said tunnel data frames, said digest value equal to an output of a keyed hash function applied to said data packet encapsulated within said tunnel data frame concatenated with a counter value equal to a total number of tunnel data frames previously transmitted to said remote server node.
  - 19. The method of claim 17, wherein said transmit path further includes processing an Ethernet header in each one of said captured data packets, said processing of said Ethernet header including removing said Ethernet header.
  - 20. The method of claim 12, further comprising capturing received data packets from said remote server node through an interface into a transport layer of said local communications protocol stack.
  - 21. The method of claim 20, further comprising:
    - processing received data packets captured by said interface into said transport layer of said local communications protocol stack for capturing received data packets from said remote server node in a receive path;
      
      decapsulating said received data packets by removing a tunnel frame header in an decapsulation engine, within said receive path; and
      
      decrypting said received data packets in a decryption engine within said receive path;
      
      passing said received data frames packets back to said local communications protocol stack for delivery to a user.
  - 22. The method of claim 12, wherein said network layer address for said pseudo network adapter and said predetermined, reserved physical address is communicated to said pseudo network adapter from said remote server node as client data in a connection response frame.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Lichtenberg, Mitchell P., Wobber, Edward P., Alden, Kenneth F.
Primary Examiner(s)
Maung, Zarni
Assistant Examiner(s)
Najjar, Saleh

Application Number

US08/738,155
Time in Patent Office

1,383 Days
Field of Search

395/200.55, 395/200.56, 395/200.57, 395/200.58, 395/200.59, 395/200.66, 395/200.68, 395/200.69, 709/229, 709/225, 709/226, 709/227, 709/228, 709/236, 709/238, 709/239
US Class Current

709/229
CPC Class Codes

H04L 61/103   across network layers, e.g....

H04L 61/5014   using dynamic host configur...

H04L 63/0272   Virtual private networks

H04L 63/0485   Networking architectures fo...

H04L 63/123   received data contents, e.g...

Pseudo network adapter for frame capture, encapsulation and encryption

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

410 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Pseudo network adapter for frame capture, encapsulation and encryption

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

410 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links