| 摘要 |
The present invention relates to network security systems and, more particularly, to a method and apparatus for maintaining a TCP connection when the payload data of a TCP segment transmitted from source to destination is modified. The present invention allows the payload data of a TCP segment to be modified and, specifically, changed in length by an intermediate device during a. TCP connection between any two hosts while adhering to the semantics of the TCP protocol so that the TCP connection may be maintained. More specifically, the invention comprises, in a TCP normalization engine communicating with a source and a destination, a method of maintaining a TCP connection between the source and the destination during modification of a payload associated with a TCP segment, the method comprising: receiving the TCP segment from the source at a process incoming module; determining if the TCP segment contains payload data; if the TCP segment contains payload data, invoking a process ack module and a process seq modul e, wherein the process seq module processes the payload data to determine if a payload correction is required; if a payload correction is required, updating a state table and modifying the payload data to reflect the payload data correction; modifying the TCP segme nt with at least themodified payload data; and forwarding the modified TCP segment to the destination. Advantageously, this approach allows payload data content to be changed flexibly in order to remove or neutralize protocol violations or attacks.</S DOAB>
|
