System and method of delaying connection acceptance to support connection request processing at layer-7

US 7,743,160 B2
Filed: 07/19/2007
Issued: 06/22/2010
Est. Priority Date: 03/29/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

suspending a transmission control protocol (TCP) connection handshake with a connection initiator while a TCP connection is being established by the connection initiator;

creating a connection state information template to account for the TCP connection being established by the connection initiator, said connection state information template artificially reflecting a successful, completed connection with the connection initiator; and

notifying an application layer process of the artificially reflected successful, completed connection with the connection initiator;

wherein creating the connection state information template comprises creating the connection state information template and performing a state transition therein to artificially reflect the successful, completed connection with the connection initiator; and

performing a second state transition in the connection state information template to move the TCP connection to an appropriate state following processing of the TCP connection by the application layer process.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for suspending a TCP three-way handshake, offering the partial connection to an L-7 application or module at a proxy to perform further processing, and then allowing the L-7 application or module to instruct the proxy'"'"'s network kernel to perform various actions are described. In various embodiments these actions may include: silently dropping the connection, verbosely rejecting the connection, accepting and processing the connection locally, or forwarding the connection to another proxy or the original destination. This additional functionality is provided, in one particular embodiment, via extensions to the POSIX socket API.

39 Citations

View as Search Results

28 Claims

1. A method, comprising:
- suspending a transmission control protocol (TCP) connection handshake with a connection initiator while a TCP connection is being established by the connection initiator;
  
  creating a connection state information template to account for the TCP connection being established by the connection initiator, said connection state information template artificially reflecting a successful, completed connection with the connection initiator; and
  
  notifying an application layer process of the artificially reflected successful, completed connection with the connection initiator;
  
  wherein creating the connection state information template comprises creating the connection state information template and performing a state transition therein to artificially reflect the successful, completed connection with the connection initiator; and
  
  performing a second state transition in the connection state information template to move the TCP connection to an appropriate state following processing of the TCP connection by the application layer process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein suspending the TCP connection handshake occurs at a proxy logically disposed between the connection initiator and a target host of the TCP connection.
  - 3. The method of claim 1, further comprising responding to the connection initiator with an action directed by the appropriate state resulting from the second state transition.
  - 4. The method of claim 3, wherein responding to the connection initiator comprises silently dropping the TCP connection.
  - 5. The method of claim 3, wherein responding to the connection initiator comprises rejecting the TCP connection.
  - 6. The method of claim 3, wherein responding to the connection initiator comprises accepting the TCP connection.
  - 7. The method of claim 3, wherein responding to the connection initiator comprises sending an error message to the connection initiator.
  - 8. The method of claim 7, wherein the error message comprises a message indicative of a network error.
  - 9. The method of claim 3, wherein responding to the connection initiator comprises forwarding the TCP connection to a network device other than the connection initiator.
  - 10. The method of claim 3, wherein responding to the connection initiator comprises bypassing packets associated with the TCP connection to a target host of the TCP connection.
  - 11. The method of claim 1, further comprising saving a TCP <
    - SYN>
      
      packet received from the connection initiator during suspension of the TCP connection handshake.
  - 12. The method of claim 11, further comprising saving a TCP <
    - SYN, ACK>
      
      packet responsive to the <
      
      SYN>
      
      packet during suspension of the TCP connection handshake.
  - 13. The method of claim 1, further comprising initiating a second TCP connection request with a target host of a TCP connection request during suspension of the TCP connection handshake with the connection initiator.
  - 14. The method of claim 13, further comprising responding to the connection initiator so as to emulate a response received from the target host of the TCP connection request responsive to the second TCP connection request.
  - 15. The method of claim 13, further comprising completing a second TCP connection handshake with the target host of the TCP connection request during suspension of the TCP connection handshake with the connection initiator.
  - 16. The method of claim 15, further comprising silently dropping the TCP connection.
  - 17. The method of claim 15, further comprising rejecting the TCP connection.
  - 18. The method of claim 15, further comprising accepting the TCP connection.
  - 19. The method of claim 15, further comprising bypassing packets associated with the TCP connection to the target host of the TCP connection.
  - 20. The method of claim 15, further comprising sending an error message to the connection initiator.
  - 21. The method of claim 20, wherein the error message comprises a message indicative of a network error.
  - 22. The method of claim 15, further comprising exchanging data with the target host of the TCP connection request after completing the second TCP connection handshake.
  - 23. The method of claim 1, wherein suspending the TCP connection handshake is facilitated through an extension to a Portable Operating System interface (POSIX) socket application programming interface (API) on a port on which a TCP connection request is received from the connection initiator.
  - 24. The method of claim 23, wherein the extension to the POSIX socket API causes an accept function for the port to create the connection state information template.
  - 25. The method of claim 24, wherein the extension to the POSIX socket API further specifies an action to be performed in response to the TCP connection request.
  - 26. The method of claim 25, wherein the action to be performed in response to the TCP connection request comprises one of:
    - dropping the TCP connection, denying the TCP connection, accepting the TCP connection, bypassing packets associated with the TCP connection, and forwarding the TCP connection to a network device other than the connection initiator.

27. A method, comprising:
- receiving, from a connection initiator, multiple transmission control protocol (TCP) connection requests, each of the requests transmitted on a different port number;
  
  delaying acceptance of all of the multiple TCP connection requests while initiating independent TCP connection requests to a target host of the multiple TCP connection requests on each of the different port numbers; and
  
  responding to the connection initiator so as to emulate one or more responses to the independent TCP connection requests, wherein the responses are received from the target host;
  
  wherein delaying acceptance of all of the multiple TCP connection requests comprises suspending TCP connection handshakes corresponding to the multiple TCP connection requests from the connection initiator;
  
  creating, for each TCP connection request, a connection state information template to account for a respective one of the multiple TCP connection requests from the connection initiator, each of said connection state information templates artificially reflecting one or a number of successful, completed TCP connections with the connection initiator; and
  
  notifying an application layer process of the artificially reflected successful, completed TCP connections with the connection initiator;
  
  wherein creating the connection state information template comprises creating the connection state information template and performing a state transition therein to artificially reflect the one or a number of successful, completed TCP connections with the connection initiator; and
  
  performing a second state transition in the connection state information template to move the TCP connections to appropriate states following processing of the TCP connections by the application layer process.
- View Dependent Claims (28)
- - 28. The method of claim 27, wherein responding to the connection initiator comprises completing a TCP connection handshake with the connection initiator on one of the different port numbers that corresponds to a port number on which a response to the independent TCP connection requests was received from the target host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Li, Qing, Frederick, Ronald
Primary Examiner(s)
Chan; Wing F
Assistant Examiner(s)
KATSIKIS, KOSTAS J

Application Number

US11/780,432
Publication Number

US 20080244085A1
Time in Patent Office

1,069 Days
Field of Search

709/230, 709/237, 709/227, 370/338
US Class Current

709/230
CPC Class Codes

H04L 12/66   Arrangements for connecting...

H04L 67/56   Provisioning of proxy servi...

H04L 69/16   Implementation or adaptatio...

H04L 69/163   In-band adaptation of TCP d...

System and method of delaying connection acceptance to support connection request processing at layer-7

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of delaying connection acceptance to support connection request processing at layer-7

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links