Transparent inline content inspection and modification in a TCP session

• Main Authors: Galloway, Gregory Lyle, Coccoli, Paul, Mazur, Steven Ashley, Dennerline, David Allen
• Format: Patent
• Language: English
• Published: 24.10.2019
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity's TCP stack for congestion control, as well as the receiving entity's re-transmission behavior to determine how the device manages packets internally.