Reproxying an unproxied connection
First Claim
1. A method of reproxying a previously unproxied connection, the method comprising the computer-implemented steps of:
- establishing a proxied connection between a client and a first server through an intermediate network element,at the intermediate network element;
creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client;
storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client;
creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server;
storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server;
unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact;
receiving a first packet after the first and second TCP endpoints have been dissolved; and
in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises;
at the intermediate network element;
based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, reconstructing the first TCP endpoint of the first TCP connection to the client; and
based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server;
wherein the first packet is not a TCP SYN packet;
wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client;
wherein the method is performed by one or more computing devices comprising a processor.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is disclosed for reproxying connections. According to one aspect, a first connection is established between a client and a proxy device. A second connection is established between the proxy device and a server. The first connection comprises a first endpoint at the client and a second endpoint at the proxy device. The second connection comprises a third endpoint at the proxy device and a fourth endpoint at the server. The first and second connections are unproxied by dissolving the second and third endpoints while maintaining the first and fourth endpoints. After the connections have been unproxied, a packet is received at the proxy device. In response, the first and second connections are reproxied by creating fifth and sixth endpoints at the proxy device, so that the first connection comprises the fifth endpoint and the second connection comprises the sixth endpoint.
61 Citations
35 Claims
-
1. A method of reproxying a previously unproxied connection, the method comprising the computer-implemented steps of:
-
establishing a proxied connection between a client and a first server through an intermediate network element, at the intermediate network element; creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client; storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client; creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server; storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server; unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact; receiving a first packet after the first and second TCP endpoints have been dissolved; and in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises; at the intermediate network element; based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, reconstructing the first TCP endpoint of the first TCP connection to the client; and based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server; wherein the first packet is not a TCP SYN packet; wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client; wherein the method is performed by one or more computing devices comprising a processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for reproxying a previously unproxied connection, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom; a processor; one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; establishing a proxied connection between a client and a first server through an intermediate network element, at the intermediate network element; creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client; storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client; creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server; storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server; unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact; receiving a first packet after the first and second TCP endpoints have been dissolved; and in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises; at the intermediate network element; based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, reconstructing the first TCP endpoint of the first TCP connection to the client; and based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server; wherein the first packet is not a TCP SYN packet; wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A non-transitory computer-readable medium storing instructions for reproxying a previously unproxied connection, which instructions, when executed by one or more processors, cause performance of:
-
establishing a proxied connection between a client and a first server through an intermediate network element, at the intermediate network element; creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client; storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client; creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server; storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server; unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact; receiving a first packet after the first and second TCP endpoints have been dissolved; and in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises; at the intermediate network element; based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, creating a third reconstructing the first TCP endpoint of the first TCP connection to the client; and based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server; wherein the method is performed by one or more computing devices comprising a processor; wherein the first packet is not a TCP SYN packet; wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
Specification