Using hypertext transfer protocol as a transport for bi-directional data streams

摘要

The present invention extends to methods, systems, and computer program products for using HyperText Transfer Protocol communication as a transport for bi-directional data streams. Embodiments of the invention facilitate passing otherwise blocked TCP communication through a firewall. Embodiments of the invention can be used to pass legitimate TCP communication through a firewall even though a firewall is configured to block the legitimate TCP communication.

主权项

1. At a computer system, the computer system including one or more processors and system memory, a method for using an application layer protocol as a transport for a bi-directional data stream, the method comprising:
attempting to initiate establishment of a transport layer communications session with another computer system using a transport layer protocol, including:
sending a transport layer communication to a specified port on the other computer system using a transport layer protocol for exchanging particular data with the other computer system; andsubsequent to sending the transport layer communication, receiving an indication that a firewall blocked the transport-layer communication to the specified port on the other computer system; and subsequent to, and in response to, the firewall blocking the transport layer communication, initiating establishment of an application-layer communications session with the other computer system using an application-layer communication mode that simulates a transport-layer bi-directional data socket in an application layer to exchange the particular data with the other computer system, including:
sending an application-layer communication through the firewall to the other computer system using an application layer protocol;in response to sending the application-layer communication, receiving an upstream identifier from the other computer system that identifies a first computing resource on the other computing system to which the computer system is to send requests to send data to the other computing system, and receiving a downstream identifier from the other computer system that identifies a second computing resource on the other computing system to which the computer system is to send requests to receive data from the other computer system, wherein the upstream and downstream identifiers are received using the application layer protocol;based at least on receiving the upstream identifier, establishing a first single-directional data stream with the other computer system using the application layer protocol, including sending a single-directional request to send first data to the first computing system resource corresponding to the upstream identifier;based at least on receiving the downstream identifier, establishing a second single-directional data stream with the other computer system using the application layer protocol, including sending a single-directional request to receive second data from the second computing system resource corresponding to the downstream identifier; andsimulating the transport-layer bi-directional data socket using the first and second single-directional data streams in the application layer protocol, including binding the first data stream and the second data stream to both send the first data to the other computer system and receive the second data from the other computer system using the application layer protocol.