Proxying and unproxying a connection using a forwarding agent
First Claim
Patent Images
1. A method of controlling access to a server comprising:
- sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;
establishing the client connection with the client;
establishing a server connection from the service manager to the server; and
transferring data from the server connection to the client connection.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are disclosed for controlling access to a server. Instructions are sent to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from clients attempting to establish a client connection to the server. A client connection is established with the client. A server connection is established from the service manager to the server and data is transferred from the server connection to the client connection.
171 Citations
63 Claims
-
1. A method of controlling access to a server comprising:
-
sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;
establishing the client connection with the client;
establishing a server connection from the service manager to the server; and
transferring data from the server connection to the client connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
determining that it is appropriate to allow packets to flow between the client and the server; and
sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager.
-
-
4. A method of controlling access to a server as recited in claim 3 wherein the instructions to allow packets to flow between the client and the server without passing through the service manager include instructions to inspect the packets.
-
5. A method of controlling access to a server as recited in claim 3 wherein the instructions to allow packets to flow between the client and the server without passing through the service manager include instructions to inspect the packets and to reject packets that are undesirable.
-
6. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the client to the server.
-
7. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the server to the client.
-
8. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the client to the server.
-
9. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the server to the client.
-
10. A method of controlling access to a server as recited in claim 1 wherein the forwarding agent is one of a plurality of forwarding agents transferring packets between the client and the server and wherein the instructions sent to the forwarding agent are sent to the plurality of forwarding agents.
-
11. A method of controlling access to a server as recited in claim 1 further including:
-
determining that it is appropriate to allow packets to flow between the client and the server; and
adjusting the sequence numbers in packets sent from the client and forwarding the packets to the server.
-
-
12. A method of controlling access to a server as recited in claim 1 further including:
-
determining that it is appropriate to allow packets to flow between the client and the server; and
adjusting the sequence numbers in packets sent from the server and forwarding the packets to the client.
-
-
13. A method of controlling access to a server as recited in claim 1 further including:
-
determining that it is appropriate to allow packets to flow between the client and the server without passing through the service manager; and
adjusting the acknowledgement numbers in packets sent from the client and forwarding the packets to the server.
-
-
14. A method of controlling access to a server as recited in claim 1 further including:
-
determining that it is appropriate to allow packets to flow between the client and the server without passing through the service manager; and
adjusting the acknowledgement numbers in packets sent from the server and forwarding the packet to the client.
-
-
15. A method of controlling access to a server as recited in claim 1 further including:
-
determining that it is appropriate to allow packets to flow between the client and the server without passing through the service manager;
adjusting the sequence and acknowledgement numbers in packets sent from the client and forwarding the packets to the server; and
adjusting the sequence and acknowledgement numbers in packets sent from the server and forwarding the packets to the client.
-
-
16. A method of controlling access to a server as recited in claim 15 further including inspecting packets and rejecting packets are undesirable.
-
17. A service manager configured to control access to a server including:
-
a forwarding agent interface configured to send instructions to a forwarding agent that instruct the forwarding agent to forward packets to the service manger from a client attempting to establish a client connection to the server;
a client interface configured to establish the client connection with the client;
a server interface configured to establish a server connection from the service manager to the server; and
a processor configured to transfer data from the server connection to the client connection. - View Dependent Claims (18, 19)
-
-
20. A forwarding agent configured to control access to a server including:
-
a packet interface configured to send and receive packets on a network;
a service manager interface configured to;
receive instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server;
forward packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
receive instructions from the service manager to stop forwarding packets received from the client; and
receive instructions from a service manager to adjust sequence and acknowledgement numbers in selected packets; and
a processor configured to adjust the sequence and acknowledgement numbers in the selected packets. - View Dependent Claims (21, 22, 23, 24, 25, 27, 28, 43)
-
-
29. A computer program product for controlling access to a server, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
-
sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;
establishing the client connection with the client;
establishing a server connection from the service manager to the server; and
transferring data from the server connection to the client connection. - View Dependent Claims (26, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
determining that it is appropriate to allow packets to flow between a client and the server; and
sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager.
-
-
31. The computer program product of claim 29, further comprising computer instructions for sending instructions to the forwarding agent to forward packets to the service manager that are sent from the server to the client.
-
32. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending instructions to the forwarding agent to inspect the packets.
-
33. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending instructions to the forwarding agent to inspect the packets and to reject packets that are undesirable.
-
34. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the client to the server.
-
35. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the server to the client.
-
36. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the client to the server.
-
37. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the server to the client.
-
38. The computer program product of claim 29, further including instructions for:
-
determining that it is appropriate to allow packets to flow between the client and the server; and
adjusting the sequence numbers in packets sent from the client and forwarding the packets to the server.
-
-
39. The computer program product of claim 29, further including instructions for:
-
determining that it is appropriate to allow packets to flow between the client and the server; and
adjusting the sequence numbers in packets sent from the server and forwarding the packets to the client.
-
-
40. The computer program product of claim 29, further including instructions for:
-
determining that it is appropriate to allow packets to flow between the client and the server; and
adjusting the acknowledgement numbers in packets sent from the client and forwarding the packets to the server.
-
-
41. The computer program product of claim 29, further including instructions for:
-
determining that it is appropriate to allow packets to flow between the client and the server; and
adjusting the acknowledgement numbers in packets sent from the server and forwarding the packet to the client.
-
-
42. The computer program product of claim 29, further including instructions for:
-
determining that it is appropriate to allow packets to flow between the client and the server;
adjusting the sequence and acknowledgement numbers in packets sent from the client and forwarding the packets to the server; and
adjusting the sequence and acknowledgement numbers in packets sent from the server and forwarding the packets to the client.
-
-
44. A computer program product for controlling access to a server, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
-
receiving instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server, forwarding packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
receive instructions from the service manager to stop forwarding packets received from the client;
receiving instructions from a service manager to adjust sequence numbers in selected packets;
adjusting the sequence and acknowledgement numbers in packets sent to the server and forwarding the packets to the server; and
adjusting the sequence and acknowledgement numbers in packets sent from the server and forwarding the packets to a destination. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52)
-
-
53. A method of controlling access to a server comprising:
-
receiving instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server;
forwarding packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
receiving instructions from the service manager to stop forwarding packets received from the client; and
receiving instructions from a service manager to adjust sequence and acknowledgement numbers in selected packets. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61)
-
-
62. A system for controlling access to a server comprising:
-
means for sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;
means for establishing the client connection with the client;
means for establishing a server connection from the service manager to the server; and
means for transferring data from the server connection to the client connection.
-
-
63. A system for controlling access to a server comprising:
-
means for receiving instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server;
means for forwarding packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
means for receiving instructions from the service manager to stop forwarding packets received from the client; and
means for receiving instructions from a service manager to adjust sequence and acknowledgement numbers in selected packets.
-
Specification