Ordering of multiple plugin applications using extensible layered service provider with network traffic filtering

US 6,148,336 A
Filed: 03/13/1998
Issued: 11/14/2000
Est. Priority Date: 03/13/1998
Status: Expired due to Term

First Claim

Patent Images

1. An extensible service provider for filtering, sorting, and executing plugin network-service providers, the extensible service provider comprising:

an upper interface to a higher-level network-socket library, the higher-level network-socket library for providing high-level network functions to high-level user applications by generating a socket for connecting to a remote machine on the network;

a lower interface to a network-transport layer, the network-transport layer for formatting data for transmission over a network;

a plurality of traffic filters each defining a predetermined socket state for comparing to a current state of the socket;

a plugin manager for controlling the plugin network-service providers;

a filter manager, coupled to a plurality of traffic filters, for controlling the traffic filters;

binding objects, generated at run-time, for binding a plugin network-service provider to a traffic filter;

sorting means, coupled to the binding objects, for sorting the binding objects into an execution order based on functions performed by each plugin network-service provider; and

execution means, coupled to the sorting means, for executing the plugin network-service providers in the execution order, the plugin network-service providers operating on the data for transmission over the network,whereby the extensible service provider controls and sorts the plugin network-service providers into the execution order based on functions performed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Low-level network services are provided by network-service-provider plugins. These plugins are controlled by an extensible service provider that is layered above the TCP layer but below the Winsock-2 library and API. The extensible service provider orders the plugins based on the function performed by each plugin and on ordering hints. Plugins that redirect the protocol or socket are executed first. Plugins that examine packets or block entire packets are executed before plugins that modify packets. Plugins that compress or encrypt data are executed last for outgoing packets. Ordering hints cause a plugin to be executed before or after others in its functional class. Ordering allows examining plugins that simply read data get to the packets before an encrypting or compressing plugin renders the data unreadable. The extensible service provider has a plugin manager that orders and controls execution of the plugins. A filter manager evaluates one or more packet-filters. Filters are bound to plugins by binding objects; each socket has its own binding list of filters and plugins. Execution of some plugins can be skipped when filters bound to them do not match packets sent or received. Well-ordered plugins transparently provide a variety of network services such as content-filtering and blocking, encryption and compression, and statistics-gathering.

484 Citations

22 Claims

1. An extensible service provider for filtering, sorting, and executing plugin network-service providers, the extensible service provider comprising:
- an upper interface to a higher-level network-socket library, the higher-level network-socket library for providing high-level network functions to high-level user applications by generating a socket for connecting to a remote machine on the network;
  
  a lower interface to a network-transport layer, the network-transport layer for formatting data for transmission over a network;
  
  a plurality of traffic filters each defining a predetermined socket state for comparing to a current state of the socket;
  
  a plugin manager for controlling the plugin network-service providers;
  
  a filter manager, coupled to a plurality of traffic filters, for controlling the traffic filters;
  
  binding objects, generated at run-time, for binding a plugin network-service provider to a traffic filter;
  
  sorting means, coupled to the binding objects, for sorting the binding objects into an execution order based on functions performed by each plugin network-service provider; and
  
  execution means, coupled to the sorting means, for executing the plugin network-service providers in the execution order, the plugin network-service providers operating on the data for transmission over the network,whereby the extensible service provider controls and sorts the plugin network-service providers into the execution order based on functions performed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The extensible service provider of claim 1 wherein each plugin network-service provider has a functional-class identifier, the functional-class identifier being read by the sorting means, the functional-class identifier indicating when the plugin network-service provider performs:
    - an examining function that does not modify the data;
      
      a blocking function that blocks the data from being transmitted to the network;
      
      a modifying function that modifies some but not all of the data; and
      
      an encrypting function that modifies all of the data,wherein the plugin network-service providers are sorted into the execution order that executes plugin network-service providers in the order;
      
      examining, blocking, modifying, and then encrypting functions, for outgoing data,whereby the data is examined before modified, and modified before encrypted.
  - 3. The extensible service provider of claim 2 wherein the execution order is reversed for incoming data.
  - 4. The extensible service provider of claim 2 wherein the functional-class identifier further indicates when the plugin network-service provider is a redirector that changes a network protocol or a socket address, and wherein redirector functions are executed before all other functions.
  - 5. The extensible service provider of claim 2 wherein some plugin network-service providers also have ordering hints, the ordering hints indicating when the plugin network-service provider is executed before or after other plugin network-service providers having a same functional-class identifier.
  - 6. The extensible service provider of claim 1 wherein the extensible service provider performs filtering and interfaces to the higher-level network-socket library and to network-transport layer, wherein the plugin network-service providers do not directly interface to the higher-level network-socket library and to network-transport layer,whereby the plugin network-service providers are simplified by using the extensible service provider for interfacing and filtering.
  - 7. The extensible service provider of claim 6 wherein the higher-level network-socket library is a Winsock-2 library.
  - 8. The extensible service provider of claim 6 wherein the network-transport layer is a TCP layer that interfaces to a lower IP layer, and wherein the data is formatted into TCP/IP packets.
  - 9. The extensible service provider of claim 1 further comprising:
    - a static binding list of traffic filters attached to each plugin network-service providers;
      
      a plurality of dynamic binding lists of the binding objects, wherein each socket opened by each high-level application generates a dynamic binding list of the binding objects,wherein each traffic filter has a filter-class identifier, the filter-class identifier being read by the sorting means, the filter-class identifier indicating a protocol-level of data being filtered by each traffic filter;
      
      wherein the plugin network-service providers are sorted into the execution order according to the filter-class identifier of the traffic filters attached to each plugin network-service provider;
      
      whereby attached filters alter the execution order of the plugin network-service providers.

10. A computer-implemented method for executing, in an execution order, a subset of a plurality of plugins, the plugins for performing network services, the method comprising:
- calling a socket function for opening or transmitting data through a socket-connection for connecting a high-level application to a remote machine on a network, the socket function being a function in an applications-programming interface (API) used by high-level applications to access the network;
  
  activating an extensible service provider before the data is sent from the socket function to a lower network-transport layer, wherein the data is intercepted by the extensible service provider, the extensible service provider for evaluating filters to determine which plugins need to be executed and for sorting the plugins into the execution order;
  
  the extensible service provider, for each plugin in the plurality of plugins;
  
  selecting a current plugin from a list of the plurality of plugins;
  
  reading a binding list of current filters bound to the current plugin;
  
  determining when a current filter is a matching filter by evaluating each of the current filters using a current state of the socket-connection, each filter in the current filters for comparing predetermined criteria to header information for transmission with the data;
  
  adding the current plugin to an execution list when a matching filter is found for the current filter and the current state of the socket-connection;
  
  sorting the execution list of plugins into the execution order by examining a functional-class for each plugin; and
  
  executing each of the plugins on the execution list in the execution order before the data is sent to the network-transport layer;
  
  whereby the plugins having a matching filter are executed in the execution order based on the functional-class of each plugin.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer-implemented method of claim 10 further comprising:
    - referencing a binding object for binding the matching filter to the current plugin when the current state of the socket-connection matches the current filter,wherein the execution list is generated from run-time binding objects.
  - 12. The computer-implemented method of claim 10 wherein the header information includes a protocol for network transport, a port identifier, a source and a destination network address, and a direction of transport of the data,whereby the filters select some but not all socket-connections based on the predetermined criteria.
  - 13. The computer-implemented method of claim 12 wherein the lower network-transport layer is a TCP layer and wherein the API is a Windows operating system Winsock API.
  - 14. The computer-implemented method of claim 13 wherein the list of the plurality of plugins and the binding list are stored in a general-purpose registry for a Windows operating system.
  - 15. The computer-implemented method of claim 14 wherein additional plugins are added to the plurality of plugins by adding a locator entry to the general-purpose registry, the locator entry for identifying a storage location for the additional plugins,whereby additional plugins are installed for execution by the extensible service provider, allowing for expansion of network services.
  - 16. The computer-implemented method of claim 15 further comprising:
    - at initialization, the extensible service provider loading all plugins and all filters bound to plugins into memory by reading the list of the plurality of plugins from the general-purpose registry.
  - 17. The computer-implemented method of claim 10 wherein the network services performed by the plugins are transparent to high-level applications, the plugins performing low-level network services.

18. A computer-program product comprising:
- a computer-usable medium having computer-readable program code means embodied therein for ordering execution of low-level network-service provider plugins, the computer-readable program code means in the computer-program product comprising;
  
  socket means for receiving data for transmission over a network, the data from a high-level application that uses a high-level library of socket-functions for sending the data to the socket means;
  
  transport means for sending the data to a lower-level network-transport layer, the lower-level network-transport layer for formatting the data for transmission over the network;
  
  filtering means for comparing transmission information for the data from the socket means to predetermined transmission criteria, for indicating when a socket matches the predetermined transmission criteria;
  
  matching plugin means, coupled to the filtering means, for generating an unsorted list of plugins attached to the predetermined transmission criteria;
  
  sorting means, coupled to the matching plugin means, for reading a function performed on the data by each plugin, and for re-arranging the plugins in the unsorted list into an execution order based on the function performed on the data by each plugin; and
  
  execution means, coupled to the sorting means, for activating each plugin in the execution order, each plugin operating on the data before a next plugin in the execution order operates on the data,whereby execution of the low-level network-service provider plugins is ordered by functions performed.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The computer-program product of claim 18 wherein the computer-readable program code means further comprises:
    - a functional-class identifier for each plugin, the functional-class identifier being read by the sorting means, the functional-class identifier indicating when the plugin performs;
      
      an examining function that does not modify the data;
      
      a blocking function that blocks the data from being transmitted to the network;
      
      a modifying function that modifies some but not all of the data; and
      
      an encrypting function that modifies all of the data,wherein the plugins are sorted into the execution order that executes the plugins in the order;
      
      examining, blocking, modifying, and then encrypting functions, for outgoing data,whereby the data is examined before modified, and modified before encrypted.
  - 20. The computer-program product of claim 19 wherein plugins that perform the blocking function block low-priority data from being transmitted on the network to reduce network traffic, the blocking function under control of a policy server.
  - 21. The computer-program product of claim 20 wherein some plugins perform additional filtering of the data.
  - 22. The computer-program product of claim 21 wherein the lower-level network-transport layer adds a header to the data, the header including a protocol-indicating field, a port-identifying field, a source-address field and a destination-address field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Deterministic Networks, Inc. (Gilat Satellite Networks Limited)
Inventors
Brock, Keven J., Jackowski, Steven J., Thomas, Christopher N.
Primary Examiner(s)
Geckil, Mehmet B.

Application Number

US09/042,306
Time in Patent Office

977 Days
Field of Search

709/224, 709/226, 709/230, 709/223, 709/201, 709/203, 713/200, 713/201, 345/435, 364/514, 714/4
US Class Current

709/224
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 69/16   Implementation or adaptatio...

H04L 69/162   involving adaptations of so...

H04L 69/165   Combined use of TCP and UDP...

Ordering of multiple plugin applications using extensible layered service provider with network traffic filtering

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

484 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Ordering of multiple plugin applications using extensible layered service provider with network traffic filtering

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

484 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others