Edge adapter apparatus and method

US 7,032,031 B2
Filed: 05/15/2001
Issued: 04/18/2006
Est. Priority Date: 06/23/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of processing a first data packet, transmitted over a network from a source to a first recipient, said first data packet comprising a header layer and an application data layer, and a second data packet transmitted over said network from the first recipient to the source, said method comprising:

(a) capturing said first data packet from said network prior to its reception by said first recipient;

(b) analyzing said header layer of said first data packet according to a first rule;

(c) examining, selectively, a dynamically specified portion of said application data layer of said first data packet according to a second rule;

(d) determining a first action to be taken on said first data packet according to a third rule; and

(e) performing said first action on said first data packet,wherein said first action comprises at least storing information related to said first data packet;

(f) capturing said second data packet from said network prior to its reception by said source;

(g) analyzing a header layer of said second data packet according to a fourth rule;

(h) examining, selectively, a dynamically specified portion of said application data layer of said second data packet according to a fifth rule;

(i) determining a second action to be taken on said second data packet according to a sixth rule; and

(j) performing said second action on said second data packet; and

wherein at least one of said fourth rule, said fifth rule, said sixth rule or combinations thereof, is based on said stored information.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for enhancing the infrastructure of a network such as the Internet is disclosed. A packet interceptor/processor apparatus is coupled with the network so as to be able to intercept and process packets flowing over the network. Further, the apparatus provides external connectivity to other devices that wish to intercept packets as well. The apparatus applies one or more rules to the intercepted packets which execute one or more functions on a dynamically specified portion of the packet and take one or more actions with the packets. The apparatus is capable of analyzing any portion of the packet including the header and payload. Actions include releasing the packet unmodified, deleting the packet, modifying the packet, logging/storing information about the packet or forwarding the packet to an external device for subsequent processing. Further, the rules may be dynamically modified by the external devices.

255 Citations

108 Claims

1. A method of processing a first data packet, transmitted over a network from a source to a first recipient, said first data packet comprising a header layer and an application data layer, and a second data packet transmitted over said network from the first recipient to the source, said method comprising:
- (a) capturing said first data packet from said network prior to its reception by said first recipient;
  
  (b) analyzing said header layer of said first data packet according to a first rule;
  
  (c) examining, selectively, a dynamically specified portion of said application data layer of said first data packet according to a second rule;
  
  (d) determining a first action to be taken on said first data packet according to a third rule; and
  
  (e) performing said first action on said first data packet,wherein said first action comprises at least storing information related to said first data packet;
  
  (f) capturing said second data packet from said network prior to its reception by said source;
  
  (g) analyzing a header layer of said second data packet according to a fourth rule;
  
  (h) examining, selectively, a dynamically specified portion of said application data layer of said second data packet according to a fifth rule;
  
  (i) determining a second action to be taken on said second data packet according to a sixth rule; and
  
  (j) performing said second action on said second data packet; and
  
  wherein at least one of said fourth rule, said fifth rule, said sixth rule or combinations thereof, is based on said stored information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. The method of claim 1, wherein said capturing further comprises intercepting said first data packet prior to receipt by a network router.
  - 3. The method of claim 1, wherein said capturing is performed by a packet interceptor, said method further comprising:
    - (k) allowing redefinition of at least one of said first, second, third, fourth, fifth, sixth rules, or combinations thereof, by an entity external to said packet interceptor.
  - 4. The method of claim 3, wherein said allowing further comprises allowing dynamic redefinition.
  - 5. The method of claim 1, further comprising:
    - (k) redefining, remotely, at least one of said first, second, third, fourth, fifth, sixth rules, or combinations thereof.
  - 6. The method of claim 1, wherein said second and third rules are based at least in part on said analysis of said header layer of said first data packet and said fifth and sixth rules are based at least in part on said analysis of said header layer of said second data packet.
  - 7. The method of claim 1, wherein (b) further comprises determining a first result of said first rule, (c) further comprises determining a second result of said second rule, (d) further comprising determining said first action to be taken on said first data packet according to said first and second results.
  - 8. The method of claim 1, further comprising:
    - (k) predefining said first, second and third rules.
  - 9. The method of claim 1, wherein (b) further comprises no analysis of said header layer according to said first rule.
  - 10. The method of claim 1, wherein (c) further comprises no examination of said application data layer according to said second rule.
  - 11. The method of claim 1, wherein said header layer of said first data packet further comprises a network address, (b) further comprises analyzing said network address according to said first rule.
  - 12. The method of claim 11, wherein said first rule comprises determining whether said network address matches a pre-defined criteria.
  - 13. The method of claim 1, wherein said header layer of said first and second data packets further comprises a network address and said network address comprises a transport control port address.
  - 14. The method of claim 1, wherein said header layer of said first and second data packets further comprises a network address and said network address comprises an internet protocol address.
  - 15. The method of claim 1, wherein said header layer of said first and second data packets further comprises a network address and said network address comprises a media access control address.
  - 16. The method of claim 1, wherein said application data layer of said first data packet comprises application data generated by said source.
  - 17. The method of claim 16, wherein said application data comprises a uniform resource locator and further wherein said second rule comprises determining whether said uniform resource locator matches a pre-defined criteria.
  - 18. The method of claim 1, wherein (a) further comprises capturing by a packet interceptor, said first action comprises:
    - forwarding said first data packet to an entity external to said packet interceptor, said external entity being different from said first recipient.
  - 19. The method of claim 1, wherein said first action comprises:
    - releasing said first data packet to said network.
  - 20. The method of claim 1, wherein (a) is performed by a packet interceptor, said first action comprises:
    - copying said first data packet to a third data packet; and
      
      forwarding said third data packet to an entity external to said packet interceptor, said external entity being different from said first recipient.
  - 21. The method of claim 20, wherein said first action further comprises:
    - receiving a command from said external entity dictating a second action be taken on said first data packet.
  - 22. The method of claim 21, wherein said second action comprises deleting said first data packet.
  - 23. The method of claim 21, wherein said second action comprises releasing said first data packet to said network.
  - 24. The method of claim 20, wherein said first action further comprises:
    - releasing said first data packet to said network.
  - 25. The method of claim 1, wherein said first action comprises:
    - modifying said first data packet; and
      
      releasing said modified first data packet to said network.
  - 26. The method of claim 25, wherein said modifying further includes:
    - modifying at least a portion of said header layer.
  - 27. The method of claim 25, wherein said modifying further includes:
    - modifying at least a portion of said application data layer.
  - 28. The method of claim 1, wherein said first action comprises:
    - transmitting a response to said source based on said first data packet according to a seventh rule.
  - 29. The method of claim 28, wherein said first action further comprises configuring said response to appear to originate from said first recipient.
  - 30. The method of claim 1, wherein (a) is performed by a packet interceptor, said packet interceptor comprising a plurality of rule sets and wherein a first rule set of said plurality of rule sets comprises said first, second and third rules and said first action, said method further comprising:
    - (k) determining which of said plurality of rule sets to apply to said first data packet.
  - 31. The method of claim 1, wherein (a) is performed by a packet interceptor, said method further comprising:
    - (k) facilitating performing (a)–
      
      (j) non-invasively with respect to said network for a plurality of entities external to said packet interceptor.
  - 32. The method of claim 1, said method further comprising:
    - (k) performing (a)–
      
      (j) by a router.
  - 33. The method of claim 1, wherein (a) is performed by a packet interceptor, said method further comprising:
    - (k) receiving a third data packet from an entity external to said packet interceptor, said third data packet directed to said packet interceptor; and
      
      (l) introducing said third data packet into said network.
  - 34. The method of claim 1, wherein said network is characterized by a wire speed, said method further comprising performing (a)–
    - (e) and (f)–
      
      (j) at least at said wire speed.
  - 35. The method of claim 1, wherein said first data packet is characterized seven Open Systems Interconnection (“
    - OSI”
      
      ) defined layers, said dynamically specified portion comprising any at least one of said seven layers.
  - 36. The method of claim 1, wherein said network comprises an optical network.
  - 37. The method of claim 1, wherein said network comprises an electrical network.
  - 38. The method of claim 1, wherein (b) further comprises determining a first result of said first rule and (c) further comprises determining a second result of said rule, said stored information comprising at least one of said first result, said second result or combinations thereof.
  - 39. The method of claim 1, further comprising performing (a)–
    - (j) invisibly to at least one of said source and said first recipient.

40. A method of processing a first data packet directed to a first recipient from a source over a network, said first data packet comprising header data and application data, said method comprising:
- (a) intercepting said first data packet prior to receipt by said first recipient;
  
  (b) capturing said first data packet in a buffer;
  
  (c) analyzing, selectively, said header data according to a first rule;
  
  (d) analyzing, selectively, a dynamically specified portion of said application data according to a second rule;
  
  (e) copying, selectively, said first data packet and forwarding, selectively, said copied first data packet to a second recipient different from said first recipient according to a third rule;
  
  (f) releasing, selectively, said first data packet back to said network according to a fourth rule;
  
  (g) modifying, selectively, said first data packet and releasing, selectively, said modified first data packet back to said network according to a fifth rule;
  
  (h) deleting, selectively, said first data packet from said buffer according to a sixth rule; and
  
  (i) storing, selectively, information about said first data packet according to a seventh rule; and
  
  wherein at least one of said first rule, said second rule, said third rule, said fourth rule, said fifth rule, said sixth rule, said seventh rule, or combinations thereof, are based on a second packet previously transmitted over said network from said first recipient to said source.
- View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
- - 41. The method of claim 40, further comprising:
    - (j) receiving a third data packet from said second recipient and introducing said third data packet into said network.
  - 42. The method of claim 40, further comprising:
    - (j) redefining said first, second, third, fourth, fifth, sixth and seventh rules by said second recipient.
  - 43. The method of claim 40, further comprising:
    - (j) performing (e) and (f) as a compound operation.
  - 44. The method of claim 40, further comprising:
    - (j) performing (e) and (g) as a compound operation.
  - 45. The method of claim 40, further comprising:
    - (j) performing (e) and (h) as a compound operation.
  - 46. The method of claim 40, further comprising:
    - (j) performing (g) and (h) as a compound operation.
  - 47. The method of claim 40, further comprising:
    - (j) generating a third data packet directed to said source in response to said first data packet according to an eighth rule.
  - 48. The method of claim 40, further comprising performing (e), (f), (g) and (h) in response to a command from said second recipient.

49. An apparatus for processing a first packet transmitted over a network from a source to a first destination, said first packet comprising a header layer and an application data layer, said apparatus comprising:
- a network interface operative to receive said first packet from said source;
  
  a routing processor coupled with said network interface and operative to receive said first packet from said network interface and convey said first packet to said first destination; and
  
  a packet processor coupled with said network interface and said routing processor, said packet processor comprising;
  
  a memory operative to store information about a second packet previously transmitted from said first recipient to said source;
  
  a packet analyzer coupled with said memory and operative to analyze said header layer according to a first rule and selectively analyze a dynamically specified portion of said application data layer according to a second rule; and
  
  a packet redirector coupled with said memory, said packet analyzer and said routing processor and operative to selectively perform an action on said first packet according to a third rule prior to said conveyance by said routing processor;
  
  wherein at least one of said first rule, said second rule, said third rule, or combinations thereof, are based on said stored information.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
- - 50. The apparatus of claim 49, wherein said packet processor further comprises a packet interceptor operative to buffer said first packet for analysis by said packet analyzer.
  - 51. The apparatus of claim 50, wherein said packet processor intercepts said first packet prior to receipt by said routing processor.
  - 52. The apparatus of claim 49, wherein said packet processor is further coupled between said network interface and said routing processor.
  - 53. The apparatus of claim 49, wherein said packet processor further comprises an external device interface for communicating with a device external to said apparatus.
  - 54. The apparatus of claim 53, wherein said action further comprises receiving a third packet from said external device and releasing said third packet to said routing processor.
  - 55. The apparatus of claim 53, wherein said first, second and third rules are capable of being redefined via said external device interface.
  - 56. The apparatus of claim 53, wherein said action further comprises forwarding said first packet to said device.
  - 57. The apparatus of claim 53, wherein said action further comprises creating a copy of said first packet, storing said first packet in a buffer and forwarding said copy to said device.
  - 58. The apparatus of claim 57, wherein said action further comprises deleting said first packet in response to a command received from said device.
  - 59. The apparatus of claim 57, wherein said action further comprises releasing said first packet to said routing processor in response to a command received from said device.
  - 60. The apparatus of claim 49, wherein said action further comprises releasing said first packet to said routing processor.
  - 61. The apparatus of claim 49, wherein said action further comprises storing information about said first packet for use in analyzing a third packet transmitted from said first destination to said source over said network.
  - 62. The apparatus of claim 49, wherein said action further comprises modifying said first packet and releasing said modified packet to said routing processor.
  - 63. The apparatus of claim 49, wherein said action further comprises transmitting a third packet to said source in response to said first packet.
  - 64. The apparatus of claim 49, wherein said network is characterized by an operating speed, said apparatus operative to operate at least as fast as said operating speed.
  - 65. The apparatus of claim 49, wherein said network comprises an optical network, said network interface being further operative to couple with said optical network.
  - 66. The apparatus of claim 49, wherein one of said source and said first destination is unaware of said apparatus.
  - 67. The apparatus of claim 49, is logically invisible to said network.
  - 68. The apparatus of claim 49, wherein said apparatus is selectively visible to at least one of said source and said first destination.
  - 69. The apparatus of claim 68, wherein said apparatus is selectively network addressable.

70. An adapter for a router comprising:
- a router interface operative to couple said adapter with said router;
  
  a packet processor coupled with said router interface and operative to intercept a first packet from a source to a destination, prior to receipt by said router, said packet processor further comprising;
  
  a memory operative to store information about a second packet previously transmitted from said destination to said source;
  
  a buffer operative to receive and store said first packet for processing;
  
  first logic coupled with said buffer and said memory, said first logic operative to apply a first function to a header layer of said first packet and produce a first result;
  
  second logic coupled with said buffer and said memory, said second logic operative to apply a second function to a dynamically specified portion of said application data layer of said first packet and produce a second result; and
  
  third logic coupled with said buffer, said memory and said first and second logic, said third logic operative to perform an operation on said first packet using a third function and said first and second results;
  
  wherein at least one of said first function, said second function, said third function, or combinations thereof, are based on said stored information.
- View Dependent Claims (71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87)
- - 71. The adapter of claim 70, wherein said first function comprises a comparison function.
  - 72. The adapter of claim 70, wherein said second function comprises a comparison function.
  - 73. The adapter of claim 70, wherein said third function comprises forwarding said first packet from said buffer to said router based on said first and second results.
  - 74. The adapter of claim 70, wherein said third function comprises modifying said first packet in said buffer and forwarding said modified packet from said buffer to said router based on said first and second results.
  - 75. The adapter of claim 70, wherein said first packet comprises a packet transmitted from said source to said destination over a network, said third function comprises storing information about said first packet for subsequent processing by said adapter of a third packet transmitted from said destination to said source over said network.
  - 76. The adapter of claim 70, wherein said third function comprises generating a response packet to said first packet and forwarding said response packet to said router based on said first and second results.
  - 77. The adapter of claim 70, further comprising fourth logic coupled with said first, second and third logic, and operative to store state information related to said first and second results and said operation, said first, second and third logic being further operative to use said state information to produce said first and second results and perform said operation.
  - 78. The adapter of claim 70, wherein said first, second and third logic are capable of being dynamically redefined.
  - 79. The adapter of claim 70, wherein said second logic is further coupled with said first logic and further comprises an input for receiving said first result.
  - 80. The adapter of claim 70, further comprising an external device interface operative to interconnect one or more devices to said packet processor, said devices being external to said router and said adapter.
  - 81. The adapter of claim 80, wherein said packet processor is further operative to non-invasively interconnect said one or more devices to said network.
  - 82. The adapter of claim 80, wherein said packet processor is further operative to receive a third packet from a first of said one or more devices and forward said third packet to said router.
  - 83. The adapter of claim 80, wherein said packet processor is further operative to receive one or more commands from said one or more devices and wherein said first, second and third logic are further operative to respond to said one or more commands.
  - 84. The adapter of claim 80, wherein said third function comprises forwarding said first packet from said buffer to a first of said one or more devices based on said first and second results.
  - 85. The adapter of claim 80, wherein said third function comprises forwarding a copy of said first packet to a first of said one or more devices and retaining said first packet in said buffer based on said first and second results.
  - 86. The adapter of claim 85, wherein said third function further comprises forwarding said first packet from said buffer to said router in response to a command received from said first of said one or more devices.
  - 87. The adapter of claim 85, wherein said third function further comprises purging said first packet from said buffer in response to a command received from said first of said one or more devices.

88. A system for facilitating a non-invasive interface to a network comprising:
- a router coupled with said network and operative to route a first packet from a first source to a first destination; and
  
  a packet processor coupled with said router and operative to receive said first packet from said first source and process said first packet prior to routing by said router, said packet processor including;
  
  a rule set comprising first, second and third rules;
  
  first logic operative to analyze a header layer of said first packet according to said first rule;
  
  second logic operative to analyze a dynamically specified portion of said application data layer of said first packet according to said second rule;
  
  third logic operative to perform a function on said first packet according to said third rule; and
  
  an external interface operative to transparently couple a first external device to said packet processor;
  
  wherein at least one of said first rule, said second rule, said third rule, said first logic, said second logic, said third logic, or combinations thereof, are based on a second racket previously transmitted over said network from said first destination to said first source.
- View Dependent Claims (89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105)
- - 89. The system of claim 88, wherein said function comprises forwarding a copy of said first packet to said first external device.
  - 90. The system of claim 89, wherein said function further comprises forwarding said first packet to said router.
  - 91. The system of claim 90, wherein said forwarding is in response to a command from said first external device.
  - 92. The system of claim 89, wherein said function further comprises deleting said first packet.
  - 93. The system of claim 92, wherein said deleting is in response to a command from said first external device.
  - 94. The system of claim 88, wherein said function comprises forwarding said first packet to said router.
  - 95. The system of claim 88, wherein said function further comprises storing information about said first packet.
  - 96. The system of claim 95, wherein said packet processor is further operative to receive a third packet from said first destination for routing to said first source and process said third packet prior to routing by said router, at least one of said first, second and third rules being based on said stored information.
  - 97. The system of claim 88, wherein said function comprises deleting said first packet.
  - 98. The system of claim 88, wherein said function comprises modifying said first packet and forwarding said modified first packet to said router.
  - 99. The system of claim 98, wherein said function further comprises adapting a content of said application data layer.
  - 100. The system of claim 88, wherein said packet processor further comprises an external packet receiver operative to receive a third packet generated by said first external device and forward said third packet to said router.
  - 101. The system of claim 88, wherein said function comprises formulating a response packet to said first packet and forwarding said response packet to said router for routing to said first source.
  - 102. The system of claim 88, wherein said rule set is operative to be modified by said first external device.
  - 103. The system of claim 88, wherein said first packet is allowed to be received by said router in parallel with said reception by said packet processor and wherein said function further comprises preventing said routing of said first packet.
  - 104. The system of claim 88, wherein said packet processor is characterized by a first latency and said router is characterized by a second latency, said system latency being substantially equivalent to the sum of said first and second latencies and wherein said external device is characterized by a third latency, said system latency being unaffected by said third latency.
  - 105. The system of claim 88, wherein said external interface is operative to couple one or more of said external devices with said packet processor in parallel with the others of said one or more of said external devices.

106. An edge server coupled between a point-of-presence (“
- POP”
  
  ) and a network and operative to monitor a bidirectional network traffic stream passing between said POP and said network, said bidirectional network traffic stream comprising a first stream passing from said POP to said network and a second stream passing from said network to said POP, said edge server comprising;
  
  a traffic interceptor operative to at least one of selectively intercept said first stream based on at least a portion of said second stream prior to said first stream reaching its intended destination, selectively intercept said second stream based on at least a portion of said first stream prior to said second stream reaching its intended destination, or combinations thereof; and
  
  a traffic modifier operative to modify said selectively intercepted stream and reinsert said modified selectively intercepted stream into said network.
- View Dependent Claims (107, 108)
- - 107. The edge server of claim 106, wherein said network traffic stream comprises a plurality of packets, said traffic interceptor being further operative to selectively intercept at least one of said plurality of packets.
  - 108. The edge server of claim 106, wherein said network is characterized by a transmission rate, said edge server capable of operating at least at said transmission rate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookingglass Cyber Solutions, LLC
Original Assignee
CloudShield Technologies, Inc. (ZeroFox Holdings, Inc.)
Inventors
Jungck, Peder J., Nguyen, Andrew T., Najam, Zahid, Penke, Ramachandra-Rao
Primary Examiner(s)
VU, THONG H

Application Number

US09/858,309
Publication Number

US 20020009079A1
Time in Patent Office

1,799 Days
Field of Search

709/246, 709/236, 709/227, 709/225, 709/229, 709/231, 709/240, 709/245, 709/203, 713/201, 713/166, 707/6, 707/10, 707/101, 707/104, 707/9, 715/536, 370/390, 370/401, 370/233, 370/395, 370/389
US Class Current

709/246
CPC Class Codes

H04L 47/10   Flow control; Congestion co...

H04L 47/19   at layers above the network...

H04L 61/4511   using domain name system [DNS]

H04L 63/0263   Rule management

H04L 69/22   Parsing or analysis of headers

Edge adapter apparatus and method

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

255 Citations

108 Claims

Specification

Use Cases

Quick Links

Others

Edge adapter apparatus and method

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

255 Citations

108 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others