Reproxying an unproxied connection

US 8,224,966 B2
Filed: 08/24/2004
Issued: 07/17/2012
Est. Priority Date: 08/24/2004
Status: Active Grant

First Claim

Patent Images

1. A method of reproxying a previously unproxied connection, the method comprising the computer-implemented steps of:

establishing a proxied connection between a client and a first server through an intermediate network element,at the intermediate network element;

creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client;

storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client;

creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server;

storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server;

unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact;

receiving a first packet after the first and second TCP endpoints have been dissolved; and

in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises;

at the intermediate network element;

based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, reconstructing the first TCP endpoint of the first TCP connection to the client; and

based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server;

wherein the first packet is not a TCP SYN packet;

wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client;

wherein the method is performed by one or more computing devices comprising a processor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for reproxying connections. According to one aspect, a first connection is established between a client and a proxy device. A second connection is established between the proxy device and a server. The first connection comprises a first endpoint at the client and a second endpoint at the proxy device. The second connection comprises a third endpoint at the proxy device and a fourth endpoint at the server. The first and second connections are unproxied by dissolving the second and third endpoints while maintaining the first and fourth endpoints. After the connections have been unproxied, a packet is received at the proxy device. In response, the first and second connections are reproxied by creating fifth and sixth endpoints at the proxy device, so that the first connection comprises the fifth endpoint and the second connection comprises the sixth endpoint.

61 Citations

View as Search Results

35 Claims

1. A method of reproxying a previously unproxied connection, the method comprising the computer-implemented steps of:
- establishing a proxied connection between a client and a first server through an intermediate network element,at the intermediate network element;
  
  creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client;
  
  storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client;
  
  creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server;
  
  storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server;
  
  unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact;
  
  receiving a first packet after the first and second TCP endpoints have been dissolved; and
  
  in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises;
  
  at the intermediate network element;
  
  based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, reconstructing the first TCP endpoint of the first TCP connection to the client; and
  
  based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server;
  
  wherein the first packet is not a TCP SYN packet;
  
  wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client;
  
  wherein the method is performed by one or more computing devices comprising a processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method as recited in claim 1, the method further comprising:
    - negotiating the first Transmission Control Protocol (TCP) parameters with the client; and
      
      negotiating the second TCP parameters with the first server.
  - 3. A method as recited in claim 1, wherein the first packet does not indicate either (a) the one or more of the first TCP parameters stored in the first connection block data structure or (b) the one or more of the second TCP parameters stored in the second connection block data structure.
  - 4. A method as recited in claim 1, wherein (a) the first TCP parameters indicate a TCP sequence number and (b) the first connection block data structure does not indicate a TCP sequence number.
  - 5. A method as recited in claim 4, wherein (a) the first packet indicates a particular TCP sequence number and (b) reconstructing the first TCP endpoint is based on the particular TCP sequence number.
  - 6. A method as recited in claim 1, wherein (a) the first TCP parameters indicate a maximum segment size, (b) the first connection block data structure indicates the maximum segment size, (c) the first packet does not indicate the maximum segment size, and (d) reconstructing the first TCP endpoint is based on the maximum segment size.
  - 7. A method as recited in claim 1, wherein (a) the first TCP parameters indicate a window scaling factor, (b) the first connection block data structure indicates the maximum segment size, (c) the first packet does not indicate the maximum segment size, and (d) reconstructing the first TCP endpoint is based on the maximum segment size.
  - 8. A method as recited in claim 1, the method further comprising:
    - receiving a second packet at the first TCP endpoint;
      
      in response to receiving the second packet, selecting the first server from among a plurality of servers; and
      
      in response to selecting the first server, sending the second packet through the second TCP endpoint.
  - 9. A method as recited in claim 1, the method further comprising:
    - in response to receiving the first packet, selecting the first server from among a plurality of servers; and
      
      in response to selecting the first server, sending the first packet through the second TCP endpoint after the second TCP endpoint is reconstructed.
  - 10. A method as recited in claim 1, the method further comprising:
    - in response to receiving the first packet, selecting a second server from among a plurality of servers, wherein the second server is not the first server; and
      
      in response to selecting the second server, performing steps comprising;
      
      negotiating third TCP parameters with the second server;
      
      creating a fifth TCP endpoint that is an endpoint in a TCP connection to the second server and that is based on the third TCP parameters; and
      
      sending the first packet through the fifth TCP endpoint.
  - 11. A method as recited in claim 1, the method further comprising:
    - after receiving the first packet, modifying content contained in a payload of the first packet; and
      
      after modifying the content, sending the first packet through the first TCP endpoint after the first endpoint is reconstructed.
  - 12. A method as recited in claim 1, the method further comprising:
    - after receiving the first packet, modifying content contained in a payload of the first packet; and
      
      after modifying the content, sending the first packet through the second TCP endpoint after the second endpoint is reconstructed.
  - 13. A method as recited in claim 1, wherein the first connection block data structure indicates a first source Internet Protocol (IP) address, a first destination IP address, a first protocol identifier, a first source port, and a first destination port.
  - 14. A method as recited in claim 13, the method further comprising:
    - determining whether the first source IP address matches a second source IP address indicated in the first packet;
      
      determining whether the first destination IP address matches a second destination IP address indicated in the first packet;
      
      determining whether the first protocol identifier matches a second protocol identifier indicated in the first packet;
      
      determining whether the first source port matches a second source port indicated in the first packet; and
      
      determining whether the first destination port matches a second destination port indicated in the first packet.

15. An apparatus for reproxying a previously unproxied connection, comprising:
- a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  establishing a proxied connection between a client and a first server through an intermediate network element,at the intermediate network element;
  
  creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client;
  
  storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client;
  
  creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server;
  
  storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server;
  
  unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact;
  
  receiving a first packet after the first and second TCP endpoints have been dissolved; and
  
  in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises;
  
  at the intermediate network element;
  
  based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, reconstructing the first TCP endpoint of the first TCP connection to the client; and
  
  based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server;
  
  wherein the first packet is not a TCP SYN packet;
  
  wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. An apparatus as recited in claim 15, wherein the one or more stored sequences of instructions further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - negotiating the first Transmission Control Protocol (TCP) parameters with the client; and
      
      negotiating the second TCP parameters with the first server.
  - 17. An apparatus as recited in claim 15, wherein the first packet does not indicate either (a) the one or more of the first TCP parameters stored in the first connection block data structure or (b) the one or more of the second TCP parameters stored in the second connection block data structure.
  - 18. An apparatus as recited in claim 15, wherein (a) the first TCP parameters indicate a TCP sequence number and (b) the first connection block data structure does not indicate a TCP sequence number.
  - 19. An apparatus as recited in claim 18, wherein (a) the first packet indicates a particular TCP sequence number and (b) reconstructing the first TCP endpoint is based on the particular TCP sequence number.
  - 20. An apparatus as recited in claim 15, wherein (a) the first TCP parameters indicate a maximum segment size, (b) the first connection block data structure indicates the maximum segment size, (c) the first packet does not indicate the maximum segment size, and (d) reconstructing the first TCP endpoint is based on the maximum segment size.
  - 21. An apparatus as recited in claim 15, wherein (a) the first TCP parameters indicate a window scaling factor, (b) the first connection block data structure indicates the maximum segment size, (c) the first packet does not indicate the maximum segment size, and (d) reconstructing the first TCP endpoint is based on the maximum segment size.
  - 22. An apparatus as recited in claim 15, wherein the one or more stored sequences of instructions further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - receiving a second packet at the first TCP endpoint;
      
      in response to receiving the second packet, selecting the first server from among a plurality of servers; and
      
      in response to selecting the first server, sending the second packet through the second TCP endpoint.
  - 23. An apparatus as recited in claim 15, wherein the one or more stored sequences of instructions further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - in response to receiving the first packet, selecting the first server from among a plurality of servers; and
      
      in response to selecting the first server, sending the first packet through the second TCP endpoint after the second TCP endpoint is reconstructed.
  - 24. An apparatus as recited in claim 15, wherein the one or more stored sequences of instructions further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - in response to receiving the first packet, selecting a second server from among a plurality of servers, wherein the second server is not the first server; and
      
      in response to selecting the second server, performing steps comprising;
      
      negotiating third TCP parameters with the second server;
      
      creating a fifth TCP endpoint that is an endpoint in a TCP connection to the second server and that is based on the third TCP parameters; and
      
      sending the first packet through the fifth TCP endpoint.
  - 25. An apparatus as recited in claim 15, wherein the one or more stored sequences of instructions further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - after receiving the first packet, modifying content contained in a payload of the first packet; and
      
      after modifying the content, sending the first packet through the first TCP endpoint after the first TCP endpoint is reconstructed.
  - 26. An apparatus as recited in claim 15, wherein the one or more stored sequences of instructions further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - after receiving the first packet, modifying content contained in a payload of the first packet; and
      
      after modifying the content, sending the first packet through the second TCP endpoint after the second TCP endpoint is reconstructed.
  - 27. An apparatus as recited in claim 15, wherein the first connection block data structure indicates a first source Internet Protocol (IP) address, a first destination IP address, a first protocol identifier, a first source port, and a first destination port.
  - 28. An apparatus as recited in claim 27, wherein the one or more stored sequences of instructions further comprise instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - determining whether the first source IP address matches a second source IP address indicated in the first packet;
      
      determining whether the first destination IP address matches a second destination IP address indicated in the first packet;
      
      determining whether the first protocol identifier matches a second protocol identifier indicated in the first packet;
      
      determining whether the first source port matches a second source port indicated in the first packet; and
      
      determining whether the first destination port matches a second destination port indicated in the first packet.

29. A non-transitory computer-readable medium storing instructions for reproxying a previously unproxied connection, which instructions, when executed by one or more processors, cause performance of:
- establishing a proxied connection between a client and a first server through an intermediate network element,at the intermediate network element;
  
  creating, based on first TCP parameters, a first Transmission Control Protocol (TCP) endpoint of a first TCP connection to the client;
  
  storing, in a first connection block data structure, (a) one or more of the first TCP parameters, and (b) information that identifies the client;
  
  creating, based on second TCP parameters, a second TCP endpoint of a second TCP connection to the first server;
  
  storing, in a second connection block data structure, (a) one or more of the second TCP parameters, and (b) information that identifies the first server;
  
  unproxying the first TCP connection and the second TCP connection by dissolving the first and second TCP endpoints while maintaining the first and second connection block data structures and leaving TCP connection endpoints on the client and the first server intact;
  
  receiving a first packet after the first and second TCP endpoints have been dissolved; and
  
  in response to receiving the first packet after the first and second TCP endpoints have been dissolved, reproxying the first TCP connection and the second TCP connection, without re-engaging in a handshake session with either of the first server and the client, wherein said reproxying the first TCP connection and the second TCP connection comprises;
  
  at the intermediate network element;
  
  based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the first TCP parameters stored in the first connection block data structure, creating a third reconstructing the first TCP endpoint of the first TCP connection to the client; and
  
  based on (a) one or more TCP parameters indicated in the first packet and (b) the one or more of the second TCP parameters stored in the second connection block data structure, reconstructing the second TCP endpoint of the second TCP connection to the first server;
  
  wherein the method is performed by one or more computing devices comprising a processor;
  
  wherein the first packet is not a TCP SYN packet;
  
  wherein reconstructing the first TCP endpoint comprises reconstructing the first TCP endpoint without renegotiating the first TCP parameters with the client.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. A non-transitory computer-readable medium as recited claim 29, wherein the first packet does not indicate either (a) the one or more of the first TCP parameters stored in the first connection block data structure or (b) the one or more of the second TCP parameters stored in the second connection block data structure.
  - 31. A non-transitory computer-readable medium as recited claim 29, wherein instructions for reconstructing the first TCP endpoint comprises instructions for reconstructing the first TCP endpoint without renegotiating TCP parameters with the client.
  - 32. A non-transitory computer-readable medium as recited in claim 29, wherein (a) the first TCP parameters indicate a TCP sequence number and (b) the first connection block data structure does not indicate a TCP sequence number.
  - 33. A non-transitory computer-readable medium as recited in claim 29, wherein (a) the first packet indicates a particular TCP sequence number and (b) reconstructing the first TCP endpoint is based on the particular TCP sequence number.
  - 34. A non-transitory computer-readable medium as recited in claim 29, wherein (a) the first TCP parameters indicate a maximum segment size, (b) the first connection block data structure indicates the maximum segment size, (c) the first packet does not indicate the maximum segment size, and (d) reconstructing the first TCP endpoint is based on the maximum segment size.
  - 35. A non-transitory computer-readable medium as recited in claim 29, wherein (a) the first TCP parameters indicate a window scaling factor, (b) the first connection block data structure indicates the maximum segment size, (c) the first packet does not indicate the maximum segment size, and (d) reconstructing the first TCP endpoint is based on the maximum segment size.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Tate, Patrick Darrell, Waterman, Alexander S., Grimm, Martin David, Kahol, Anurag
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
NAJEE-ULLAH, TARIQ S

Application Number

US10/925,396
Publication Number

US 20060047839A1
Time in Patent Office

2,884 Days
Field of Search

709/230, 709/227
US Class Current

709/227
CPC Class Codes

H04L 67/1001   for accessing one among a p...

H04L 67/563   Data redirection of data ne...

H04L 67/568   Storing data temporarily at...

H04L 69/16   Implementation or adaptatio...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/165   Combined use of TCP and UDP...

Reproxying an unproxied connection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Reproxying an unproxied connection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links