Transparent inline content inspection and modification in a TCP session

Assignee

• International Business Machines Corporation · US

Inventors

• Gregory L. Galloway · Cumming, US
• Paul Coccoli · Marietta, US
• David Allen Dennerline · Sandy Springs, US
• Steven Mazur · Johns Creek, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity's TCP stack for congestion control, as well as the receiving entity's re-transmission behavior to determine how the device manages packets internally.