Proxying and unproxying a connection using a forwarding agent

US 6,775,692 B1
Filed: 07/02/1999
Issued: 08/10/2004
Est. Priority Date: 07/31/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of controlling access to a server comprising:

sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;

establishing the client connection with the client;

establishing a server connection from the service manager to the server; and

transferring data from the server connection to the client connection.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for controlling access to a server. Instructions are sent to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from clients attempting to establish a client connection to the server. A client connection is established with the client. A server connection is established from the service manager to the server and data is transferred from the server connection to the client connection.

171 Citations

63 Claims

1. A method of controlling access to a server comprising:
- sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;
  
  establishing the client connection with the client;
  
  establishing a server connection from the service manager to the server; and
  
  transferring data from the server connection to the client connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method of controlling access to a server as recited in claim 1 further including:
    - sending instructions to the forwarding agent to forward packets to the service manager that are sent from the server to the client.
  - 3. A method of controlling access to a server as recited in claim 1 further including:
4. A method of controlling access to a server as recited in claim 3 wherein the instructions to allow packets to flow between the client and the server without passing through the service manager include instructions to inspect the packets.
5. A method of controlling access to a server as recited in claim 3 wherein the instructions to allow packets to flow between the client and the server without passing through the service manager include instructions to inspect the packets and to reject packets that are undesirable.
6. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the client to the server.
7. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the server to the client.
8. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the client to the server.
9. A method of controlling access to a server as recited in claim 3 wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server without passing through the service manager further includes sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the server to the client.
10. A method of controlling access to a server as recited in claim 1 wherein the forwarding agent is one of a plurality of forwarding agents transferring packets between the client and the server and wherein the instructions sent to the forwarding agent are sent to the plurality of forwarding agents.
11. A method of controlling access to a server as recited in claim 1 further including:
- determining that it is appropriate to allow packets to flow between the client and the server; and
  
  adjusting the sequence numbers in packets sent from the client and forwarding the packets to the server.
12. A method of controlling access to a server as recited in claim 1 further including:
- determining that it is appropriate to allow packets to flow between the client and the server; and
  
  adjusting the sequence numbers in packets sent from the server and forwarding the packets to the client.
13. A method of controlling access to a server as recited in claim 1 further including:
- determining that it is appropriate to allow packets to flow between the client and the server without passing through the service manager; and
  
  adjusting the acknowledgement numbers in packets sent from the client and forwarding the packets to the server.
14. A method of controlling access to a server as recited in claim 1 further including:
- determining that it is appropriate to allow packets to flow between the client and the server without passing through the service manager; and
  
  adjusting the acknowledgement numbers in packets sent from the server and forwarding the packet to the client.
15. A method of controlling access to a server as recited in claim 1 further including:
- determining that it is appropriate to allow packets to flow between the client and the server without passing through the service manager;
  
  adjusting the sequence and acknowledgement numbers in packets sent from the client and forwarding the packets to the server; and
  
  adjusting the sequence and acknowledgement numbers in packets sent from the server and forwarding the packets to the client.
16. A method of controlling access to a server as recited in claim 15 further including inspecting packets and rejecting packets are undesirable.

17. A service manager configured to control access to a server including:
- a forwarding agent interface configured to send instructions to a forwarding agent that instruct the forwarding agent to forward packets to the service manger from a client attempting to establish a client connection to the server;
  
  a client interface configured to establish the client connection with the client;
  
  a server interface configured to establish a server connection from the service manager to the server; and
  
  a processor configured to transfer data from the server connection to the client connection.
- View Dependent Claims (18, 19)
- - 18. A service manager configured to control access to a server as recited in claim 17 wherein the client interface and the server interface are a common interface.
  - 19. A service manager configured to control access to a server as recited in claim 17 wherein the forwarding agent interface is further configured to determine that is appropriate to allow packets to flow between the client and the server and to send instructions to the forwarding agent to allow packets to flow directly between the client and the server without passing through the service manager.

20. A forwarding agent configured to control access to a server including:
- a packet interface configured to send and receive packets on a network;
  
  a service manager interface configured to;
  
  receive instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server;
  
  forward packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
  
  receive instructions from the service manager to stop forwarding packets received from the client; and
  
  receive instructions from a service manager to adjust sequence and acknowledgement numbers in selected packets; and
  
  a processor configured to adjust the sequence and acknowledgement numbers in the selected packets.
- View Dependent Claims (21, 22, 23, 24, 25, 27, 28, 43)
- - 21. The forwarding agent of claim 20, wherein the service manager interface is further operable to receive instructions from the service manager to forward packets to the service manager that are sent from the server to the client.
  - 22. The forwarding agent of claim 20, wherein the service manager interface is further operable to receive instructions from the service manager to stop forwarding packets received from the client by receiving instructions from the forwarding agent to allow packets to flow between the client and the server without passing through the service manager.
  - 23. The forwarding agent of claim 22, wherein the service manager interface is further operable to receive instructions to allow packets to flow between the client and the server without passing through the service manager by receiving instructions to inspect the packets.
  - 24. The forwarding agent of claim 22, wherein the service manager interface is further operable to receive instructions to allow packets to flow between the client and the server without passing through the service manager by receiving instructions to inspect the packets and to reject packets that are undesirable.
  - 25. The forwarding agent of claim 22, wherein the service manager interface is further operable to receive instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the sequence numbers sent from the client to the server.
  - 27. The forwarding agent of claim 22, wherein the service manager interface is further operable to receive instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the acknowledgement numbers sent from the client to the server.
  - 28. The forwarding agent of claim 22, wherein the service manager interface is further operable to receive instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the acknowledgement numbers sent from the server to the client.
  - 43. The computer program product of claim 21, further including or inspecting packets and rejecting packets are undesirable.

29. A computer program product for controlling access to a server, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;
  
  establishing the client connection with the client;
  
  establishing a server connection from the service manager to the server; and
  
  transferring data from the server connection to the client connection.
- View Dependent Claims (26, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 26. The forwarding agent of claim 42 wherein the service manager interface is further operable to receive instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the sequence numbers sent from the server to the client.
  - 30. A computer program product for controlling access to a server as recited in claim 29, the computer program product further comprising computer instructions for:
31. The computer program product of claim 29, further comprising computer instructions for sending instructions to the forwarding agent to forward packets to the service manager that are sent from the server to the client.
32. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending instructions to the forwarding agent to inspect the packets.
33. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending instructions to the forwarding agent to inspect the packets and to reject packets that are undesirable.
34. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the client to the server.
35. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the server to the client.
36. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the client to the server.
37. The computer program product of claim 30, wherein sending instructions to the forwarding agent to allow packets to flow between the client and the server comprises sending a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the server to the client.
38. The computer program product of claim 29, further including instructions for:
- determining that it is appropriate to allow packets to flow between the client and the server; and
  
  adjusting the sequence numbers in packets sent from the client and forwarding the packets to the server.
39. The computer program product of claim 29, further including instructions for:
- determining that it is appropriate to allow packets to flow between the client and the server; and
  
  adjusting the sequence numbers in packets sent from the server and forwarding the packets to the client.
40. The computer program product of claim 29, further including instructions for:
- determining that it is appropriate to allow packets to flow between the client and the server; and
  
  adjusting the acknowledgement numbers in packets sent from the client and forwarding the packets to the server.
41. The computer program product of claim 29, further including instructions for:
- determining that it is appropriate to allow packets to flow between the client and the server; and
  
  adjusting the acknowledgement numbers in packets sent from the server and forwarding the packet to the client.
42. The computer program product of claim 29, further including instructions for:
- determining that it is appropriate to allow packets to flow between the client and the server;
  
  adjusting the sequence and acknowledgement numbers in packets sent from the client and forwarding the packets to the server; and
  
  adjusting the sequence and acknowledgement numbers in packets sent from the server and forwarding the packets to the client.

44. A computer program product for controlling access to a server, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- receiving instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server, forwarding packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
  
  receive instructions from the service manager to stop forwarding packets received from the client;
  
  receiving instructions from a service manager to adjust sequence numbers in selected packets;
  
  adjusting the sequence and acknowledgement numbers in packets sent to the server and forwarding the packets to the server; and
  
  adjusting the sequence and acknowledgement numbers in packets sent from the server and forwarding the packets to a destination.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52)
- - 45. The computer program product of claim 44, further comprising computer instructions for receiving instructions from the service manager to forward packets to the service manager that are sent from the server to the client.
  - 46. The computer program product of claim 44, further comprising computer instructions for receiving instructions from the service manager to stop forwarding packets received from the client by receiving instructions from the forwarding agent to allow packets to flow between the client and the server without passing through the service manager.
  - 47. The computer program product of claim 46, further comprising computer instructions for receiving instructions to allow packets to flow between the client and the server without passing through the service manager by receiving instructions to inspect the packets.
  - 48. The computer program product of claim 46, further comprising computer instructions for receiving instructions to allow packets to flow between the client and the server without passing through the service manager by receiving instructions to inspect the packets and to reject packets that are undesirable.
  - 49. The computer program product of claim 46, further comprising computer instructions for receiving instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the sequence numbers sent from the client to the server.
  - 50. The computer program product of claim 46, further comprising computer instructions for receiving instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the sequence numbers sent from the server to the client.
  - 51. The computer program product of claim 46, further comprising computer instructions for receiving instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the acknowledgement numbers sent from the client to the server.
  - 52. The computer program product of claim 46, further comprising computer instructions for receiving instructions to allow packets to flow between the client and the server without passing through the service manager by receiving a synchronization factor from the service manager for the purpose of adjusting the acknowledgement numbers sent from the server to the client.

53. A method of controlling access to a server comprising:
- receiving instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server;
  
  forwarding packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
  
  receiving instructions from the service manager to stop forwarding packets received from the client; and
  
  receiving instructions from a service manager to adjust sequence and acknowledgement numbers in selected packets.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61)
- - 54. The method of claim 53, further comprising receiving instructions from the service manager to forward packets to the service manager that are sent from the server to the client.
  - 55. The method of claim 53, wherein receiving instructions from the service manager to stop forwarding packets received from the client comprises receiving instructions from the forwarding agent to allow packets to flow between the client and the server without passing through the service manager.
  - 56. The method of claim 55, wherein receiving instructions to allow packets to flow between the client and the server without passing through the service manager comprises receiving instructions to inspect the packets.
  - 57. The method of claim 55, wherein receiving instructions to allow packets to flow between the client and the server without passing through the service manager comprises receiving instructions to inspect the packets and to reject packets that are undesirable.
  - 58. The method of claim 55, wherein receiving instructions to allow packets to flow between the client and the server without passing through the service manager includes receiving a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the client to the server.
  - 59. The method of claim 55, wherein receiving instructions to allow packets to flow between the client and the server without passing through the service manager includes receiving a synchronization factor to the forwarding agent for the purpose of adjusting the sequence numbers sent from the server to the client.
  - 60. The method of claim 55, wherein receiving instructions to allow packets to flow between the client and the server without passing through the service manager includes receiving a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the client to the server.
  - 61. The method of claim 55, wherein receiving instructions to allow packets to flow between the client and the server without passing through the service manager includes receiving a synchronization factor to the forwarding agent for the purpose of adjusting the acknowledgement numbers sent from the server to the client.

62. A system for controlling access to a server comprising:
- means for sending instructions to a forwarding agent that instruct the forwarding agent to forward packets to a service manager from a client attempting to establish a client connection to the server;
  
  means for establishing the client connection with the client;
  
  means for establishing a server connection from the service manager to the server; and
  
  means for transferring data from the server connection to the client connection.

63. A system for controlling access to a server comprising:
- means for receiving instructions from a service manager to forward packets received from a client attempting to establish a client connection to a server;
  
  means for forwarding packets received from the client to a service manager, until receiving instructions from the service manager to stop forwarding packets;
  
  means for receiving instructions from the service manager to stop forwarding packets received from the client; and
  
  means for receiving instructions from a service manager to adjust sequence and acknowledgement numbers in selected packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wong, Bruce F., McGuire, Jacob Mark, Albert, Mark, Tiwari, Pranav Kumar, Menditto, Louis F., Howes, Richard A., Tsang, Tzu-Ming, LeBlanc, William M., Jordan, James A., Kersey, Edward A., OʼRourke, Chris
Primary Examiner(s)
Dinh, Dung C.

Application Number

US09/347,036
Time in Patent Office

1,866 Days
Field of Search

709/217, 709/218, 709/219, 709/207, 709/228, 709/229, 709/239, 713/200, 713/207, 370/235, 370/236
US Class Current

709/207
CPC Class Codes

H04L 1/16   in which the return channel...

H04L 2001/0092   Error control systems chara...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/01   Protocols

H04L 69/16   Implementation or adaptatio...

H04L 69/161   Implementation details of T...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/326   in the transport layer [OSI...

H04L 9/40   Network security protocols

Proxying and unproxying a connection using a forwarding agent

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

171 Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Proxying and unproxying a connection using a forwarding agent

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

171 Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links