Splicing of TCP/UDP sessions in a firewalled network environment
First Claim
1. A method of peer-to-peer communication over a data network wherein first and second peers are coupled to said data network by respective firewalls, said method comprising the steps of:
- each of said first and second peers establishing a respective persistent control connection with a socket welding control module connected within said data network;
using said persistent connections to perform respective protocol capability exchanges;
one of said first and second peers using said respective persistent control connection to request a communication channel between said peers;
said socket welding control module informing a socket welder of addresses, ports, and protocol capabilities corresponding to said peers;
said socket welding control module informing said peers of connection information corresponding to said socket welder;
each peer sending application packets through its respective firewall to said socket welder;
said socket welder modifying said application packets into a form for tunneling through said firewall of the other peer; and
said socket welder forwarding said modified application packets to the other peer.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer peers located behind respective firewalls create special network sessions with a central mediator/translator or socket welder so that the peers can run applications that utilize the transmission of unsolicited data packets to each other through their respective firewalls. For example, two home networking users can dynamically connect to each other for the purpose of exchanging real-time data or communications, or a mobile enterprise user can access, in real-time, firewalled computing resources while the mobile user is outside of the firewalled enterprise environment. The firewall is maintained unaltered for continued protection from unauthorized network traffic while achieving an inexpensive and very secure system for splicing together multiple, firewall-compliant network sessions via the socket welder.
-
Citations
28 Claims
-
1. A method of peer-to-peer communication over a data network wherein first and second peers are coupled to said data network by respective firewalls, said method comprising the steps of:
-
each of said first and second peers establishing a respective persistent control connection with a socket welding control module connected within said data network; using said persistent connections to perform respective protocol capability exchanges; one of said first and second peers using said respective persistent control connection to request a communication channel between said peers; said socket welding control module informing a socket welder of addresses, ports, and protocol capabilities corresponding to said peers; said socket welding control module informing said peers of connection information corresponding to said socket welder; each peer sending application packets through its respective firewall to said socket welder; said socket welder modifying said application packets into a form for tunneling through said firewall of the other peer; and said socket welder forwarding said modified application packets to the other peer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for routing network packets between first and second peers via a data network through at least one firewall separating at least one of said first and second peers from said data network, said method comprising the steps of:
-
each of said first and second peers establishing a respective channel setup session with a control module coupled to said data network, wherein said control module determines network protocol capabilities of said peers within each respective channel setup session; said first peer sending a first connection request message to said control module identifying said second peer; said control module forwarding a second connection request message to said second peer; said second peer transmitting a connection accept message to said control module; in response to said connection accept message, said control module
1) forwarding peer information to a socket welder including data network addresses and port numbers and protocol capabilities of said first and second peers, and
2) forwarding socket welder information to said first and second peers including at least one data network address and port number corresponding to a dedicated data communication channel through said socket welder;said socket welder receiving network packets from each one of said first and second peers directed to said dedicated data communication channel; said socket welder modifying said network packets, including alteration of source and destination address and port data in said network packets; and forwarding said modified packets to the other one of said first and second peers. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. Apparatus for routing network packets between first and second peers via a data network, said apparatus comprising:
-
a control module coupled to said data network and having a first predetermined data network address; and a socket welder coupled to said control module and to said data network, said socket welder having a second predetermined data network address; said control module
1) accepting first and second channel setup sessions initiated to said first predetermined data network address by said first and second peers, respectively, for determining network protocol capabilities of said first and second peers,
2) processing a first connection request message from said first peer for connecting with said second peer,
3) forwarding a second connection request message to said second peer,
4) if said second peer responds with a connection accept message then sending peer information to said socket welder including data network addresses and port numbers and protocol capabilities of said first and second peers and sending socket welder information to said first and second peers including at least one data network address and port number corresponding to a dedicated data communication channel through said socket welder;said socket welder receiving network packets from each one of said first and second peers directed to said dedicated data communication channel and modifying said network packets for forwarding to the other one of said first and second peers.
-
-
28. A network server for coupling within a data network and comprising a program including a control module and a socket welder module for performing the steps of:
-
establishing respective persistent control connections with a plurality of peers connected within said data network; using said persistent connections to perform respective protocol capability exchanges with said peers; receiving a request via a respective persistent control connection from one of said peers for a communication channel between at least two of said peers; said control module informing said socket welder module of addresses, ports, and protocol capabilities corresponding to said peers; said control module informing said peers of connection information corresponding to said socket welder; said socket welder module receiving application packets from said peers; and said socket welder module modifying application packets from one peer into a form for tunneling through a firewall of another peer; and said socket welder forwarding said modified application packets to said another peer.
-
Specification