Multi-layer protocol reassembly that operates independently of underlying protocols, and resulting vector list corresponding thereto

US 6,968,554 B1
Filed: 10/03/2000
Issued: 11/22/2005
Est. Priority Date: 10/03/2000
Status: Expired due to Term

First Claim

Patent Images

1. A computerized method for sequencing and reassembling messages from protocol data units exchanged in a communications channel between two computers, the method comprising:

creating a protocol flow object to represent each protocol layer used by the communications channel, each protocol flow object having a circuit element associated with each transmission direction in the channel;

arranging the protocol flow object in a logical tree structure that mirrors a hierarchy for the protocol layers;

creating circuit flow objects for each protocol layer to represent the protocol data units for the protocol layer immediately higher in the hierarchy, wherein creating the circuit flow objects for each protocol layer comprises;

creating the circuit flow objects for the protocol flow objects at the bottom of the tree structure by extracting data from the protocol data units for the protocol layer lowest in the hierarchy; and

creating the circuit flow objects for the remaining protocol flow objects in the tree structure by extracting data from the circuit flow objects linked to the protocol flow object immediately lower in the tree structure;

associating a transmission direction with each circuit flow object;

linking each circuit flow object for a protocol layer to the circuit element of the representative protocol flow object that matches the transmission direction associated with the circuit flow object;

sequencing the circuit flow objects linked to a particular protocol flow object when specified by the protocol layer represented by the particular protocol flow object; and

reassembling the messages from the circuit flow objects linked to the protocol flow object at the top of the tree structure.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A segmentation and re-assembly (SAR) decode engine receives protocol data units of data from a communication channel between two computers, sequences the protocol data units, and re-assembles the data in the protocol data units into the messages exchanged by the computers. The SAR decode engine is responsible for unpacking the payloads from the protocol data units as instructed by a protocol interpreter associated with the protocol data unit, and for creating and maintaining a flow object database containing flow objects representing the data flows at each protocol layer. The SAR decode engine creates a protocol flow object for each protocol layer and logically links the protocol flow object to circuit flow objects that define two one-way circuits within the channel. The circuit flow objects linked to a protocol flow object are logical representations of the protocol data units for the next higher protocol layer. For protocols that fragment data, each circuit flow object is a vector list containing one or more vectors that define the length, starting location and position of the data fragments in the immediately lower layer circuit flow objects.

50 Citations

View as Search Results

22 Claims

1. A computerized method for sequencing and reassembling messages from protocol data units exchanged in a communications channel between two computers, the method comprising:
- creating a protocol flow object to represent each protocol layer used by the communications channel, each protocol flow object having a circuit element associated with each transmission direction in the channel;
  
  arranging the protocol flow object in a logical tree structure that mirrors a hierarchy for the protocol layers;
  
  creating circuit flow objects for each protocol layer to represent the protocol data units for the protocol layer immediately higher in the hierarchy, wherein creating the circuit flow objects for each protocol layer comprises;
  
  creating the circuit flow objects for the protocol flow objects at the bottom of the tree structure by extracting data from the protocol data units for the protocol layer lowest in the hierarchy; and
  
  creating the circuit flow objects for the remaining protocol flow objects in the tree structure by extracting data from the circuit flow objects linked to the protocol flow object immediately lower in the tree structure;
  
  associating a transmission direction with each circuit flow object;
  
  linking each circuit flow object for a protocol layer to the circuit element of the representative protocol flow object that matches the transmission direction associated with the circuit flow object;
  
  sequencing the circuit flow objects linked to a particular protocol flow object when specified by the protocol layer represented by the particular protocol flow object; and
  
  reassembling the messages from the circuit flow objects linked to the protocol flow object at the top of the tree structure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein a circuit flow object comprises a vector list to represent fragmented data.
  - 3. The method of claim 2, wherein a vector list comprises a vector specifying a protocol data unit number, a length value, and an offset value for each fragment of the fragmented data.
  - 4. The method of claim 3 further comprising:
    - reassembling the fragmented data in accordance with the vectors in a vector list.
  - 5. The method of claim 1 wherein the protocol flow objects are created in order from the bottom to the top of the hierarchy.
  - 6. The method of claim 5, wherein the circuit flow objects for a current protocol flow object are created before creating the protocol flow object for the protocol layer immediately above the current protocol flow object in the hierarchy.
  - 7. The method of claim 1 wherein arranging the protocol flow objects into a logical tree structure comprises:
    - creating multiple branches in the tree structure when a plurality of protocol layers are immediately above a current protocol layer in the hierarchy, each branch corresponding to one of the plurality of protocol layers.
  - 8. The method of claim 1 further comprising:
    - determining the protocol layers in the hierarchy.
  - 9. The method of claim 1 further comprising:
    - storing the protocol flow objects and the circuit flow objects in a flow object database.

10. A computer-readable medium having computer-executable instructions to a cause a computer to perform a method comprising:
- creating a protocol flow object to represent each protocol layer used by a communications channel, each protocol flow object having a circuit element associated with a transmission direction in the channel;
  
  arranging the protocol flow objects in a logical tree structure that mirrors a hierarchy for the protocol layers;
  
  creating circuit flow objects for each protocol layer to represent the protocol data units for the protocol layer immediately higher in the hierarchy wherein creating the circuit flow objects for each protocol layer comprises;
  
  creating the circuit flow object for the protocol flow object at the bottom of the tree structure by extracting data from the protocol data units from the protocol layer lowest in the hierarchy; and
  
  creating the circuit flow objects for the remaining protocol layers by extracting data from the circuit flow objects linked to the protocol flow object immediately lower in the tree structure;
  
  associating a transmission direction with each circuit flow object;
  
  linking each circuit flow object for a protocol layer to the circuit element of the representative protocol flow object that matches the transmission direction associated with the circuit flow object;
  
  sequencing the circuit flow objects linked to a particular protocol flow object when specified by the protocol layer represented by the particular protocol flow object; and
  
  reassembling the messages from the circuit flow objects linked to the protocol flow object at the top of the tree structure.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer-readable medium of claim 10 having further computer-executable instructions comprising:
    - creating a circuit flow object as a vector list to represent fragmented data.
  - 12. The computer-readable medium of claim 11 having further computer-executable instructions comprising:
    - creating a vector list from a plurality of vectors, each vector specifying a protocol data unit number, a length value, and an offset value for a fragment of the fragmented data.
  - 13. The computer-readable medium of claim 12 having further computer-executable instructions comprising:
    - reassembling the fragmented data in accordance with the vectors in a vector list.
  - 14. The computer-readable medium of claim 10 having further computer-executable instructions comprising:
    - creating multiple branches in the tree structure when a plurality of protocol layers are immediately above a current protocol layer in the hierarchy, each branch corresponding to one of the plurality of protocol layers.
  - 15. The computer-readable medium of claim 11 having further computer-executable instructions comprising:
    - determining the protocol layer in the hierarchy.
  - 16. The computer-readable medium of claim 10 having further computer-readable instructions comprising:
    - storing the protocol flow objects and the circuit flow objects in a flow object database.

17. A computerized system comprising:
- a processor;
  
  a memory coupled to the processor through a bus;
  
  a computer-readable medium coupled to the processor through the bus;
  
  a plurality of protocol interpreters stored on the computer-readable medium for execution by the processor; and
  
  a decode engine executed from the computer-readable medium to cause the processor to create protocol flow objects representing protocol layers, each protocol flow object having a circuit element associated with each transmission direction in the channel,create circuit flow objects representing data flows at the protocol layers, each circuit flow object for a protocol layer linked to the circuit element for the representative protocol flow object that matches the transmission direction associated with the circuit flow object, wherein creating the circuit flow objects comprises;
  
  creating a circuit flow object for the protocol flow object at the bottom of a tree structure by extracting data from the protocol data units for the protocol layer lowest in a hierarchy of the protocol layers; and
  
  creating circuit flow objects for the remaining protocol flow objects in the tree structure by extracting data from the circuit flow objects linked to the protocol flow object immediately lowering in the tree structure,extract data from the circuit flow objects representing protocol data units at a particular protocol layer as directed by one of the protocol interpreters,sequence the circuit flow objects linked to a particular protocol flow object representing the protocol data units at a particular protocol layer if directed by one of the protocol interpreters, andreassemble messages from the circuit flow objects linked to the protocol flow object at the tope of the tree structure representing the protocol data units at a particular protocol layer if directed by one of the protocol interpreters.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer system of claim 17, wherein the decode engine further causes the processor to store the protocol flow objects and circuit flow objects in a flow database, logically link the protocol flow objects into a hierarchical tree structure, and to logically link the circuit flow objects to the protocol flow objects.
  - 19. The computer system of claim 17, wherein the decode engine further causes the processor to create a circuit flow object as a vector list to represent fragmented data.
  - 20. The computer system of claim 19, wherein the decode engine further causes the processor to create a vector list from a plurality of vectors, each vector specifying a protocol data unit number, a length value, and an offset value for a fragment of the fragmented data.
  - 21. The computer system of claim 20, wherein the decode engine further causes the processor to reassemble the fragmented data in accordance with the vectors in a vector list.

22. A computerized method for sequencing and reassembling messages from protocol data units exchanged in a communications channel between two computes, the method comprising:
- creating a protocol flow object to represent each protocol layer used by the communications channel, wherein the protocol flow objects are created in order from a bottom to a top of hierarchy determined by the protocol layers, and each protocol flow object has a circuit element associated with each transmission direction in the channel and has a data structure including a key field containing data representing an identifier for a connection between two computers at one of the protocol layers, the circuit elements including a primary circuit element containing data representing a link to a series of protocol data units flowing in one direction in the connection identified by the key field, and an alternate circuit element containing data representing a link to a series of protocol data units flowing in an opposite direction in the connection identified by the key field, wherein the links comprise hash tables for identifying the series of data units;
  
  arranging the protocol flow objects in a local tree structure that mirrors a hierarchy for the protocol layers, the logical tree structure having multiple branches when a plurality of protocol layers are immediately above a current protocol layer in the hierarchy, each branch corresponding to only one of the plurality of protocol layers, wherein the logical tree structure comprises a plurality of entries, each entry comprising a protocol field containing data representing the identifier for one of the plurality of protocol flow objects, the protocol fields including a lower protocol field containing data representing the identifier for the protocol flow object immediately lower in the hierarchy relative to the protocol flow object identified by the protocol field, and a higher protocol field containing data representing the identifier for the protocol flow object immediately higher in the hierarchy relative to the protocol flow object identified by the protocol field;
  
  creating circuit flow objects for each protocol layer to represent the protocol data units for the protocol layer immediately higher in the hierarchy, at least one of the circuit flow objects comprising a vector list to represent fragmented data to indicate how to reassemble the fragmented data, the vector list comprising a vector specifying a protocol data unit number, a length value, and an offset value for each fragment of the fragmented data, and wherein creating the circuit flow objects for each protocol layer comprises;
  
  creating the circuit flow objects for the protocol flow object at the bottom of the tree structure by extracting data form the protocol data units for the protocol layer lowest in the hierarchy; and
  
  creating the circuit flow objects for the remaining protocol flow objects in the tree structure by extracting data from the circuit flow objects linked to the protocol flow object immediately lower in the tree structure, with the circuit flow objects for a current protocol flow object being created before creating the protocol flow object for the protocol layer immediately above the current protocol flow object in the hierarchy;
  
  associating a transmission direction with each circuit flow object;
  
  linking each circuit flow object for a protocol layer to the circuit element of the representative protocol flow object that matches the transmission direction associated with the circuit flow object;
  
  sequencing the circuit flow objects linked to a particular protocol flow object when specified by the protocol layer represented by the particular protocol flow object; and
  
  reassembling the message from the circuit flow objects linked to the protocol flow object at the top of the tree structure,wherein the protocol flow objects and the circuit flow objects are stored in a flow object database and the method is invoked through an application program interface specifying at least five arguments selected from the group consisting of an hInterp argument, a uOffset argument, a uTotalLength argument, a uFragLength argument, a ulSequence argument, a ulID argument, a uPostFlags argument, and a uProtoID argument.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Network General Technology
Original Assignee
Network General Technology
Inventors
Freedman, Jerome Norman, Macdonald, Stuart John
Primary Examiner(s)
Lim, Krisna

Application Number

US09/678,145
Time in Patent Office

1,876 Days
Field of Search

709/244, 709/213, 709/227, 709218-224, 709/231, 709/238, 709/236, 709/249, 709/230, 719/316, 719/332, 370/230
US Class Current

719/316
CPC Class Codes

H04L 69/12 Protocol engines

H04L 69/32 Architecture of open system...

Multi-layer protocol reassembly that operates independently of underlying protocols, and resulting vector list corresponding thereto

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-layer protocol reassembly that operates independently of underlying protocols, and resulting vector list corresponding thereto

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links