主权项 |
1. A method in a transparent Transmission Control Protocol (TCP) proxy for transparent bridging of TCP connections, comprising:
intercepting a first TCP SYN packet sent from a TCP client and destined for a TCP server that initiates a TCP connection between the TCP client and the TCP server; transmitting a first TCP SYN-ACK packet to the TCP client as if the transparent TCP proxy is the TCP server in response to intercepting the first TCP SYN packet, wherein the first TCP SYN-ACK packet includes a first sequence number that is chosen by the transparent TCP proxy, wherein the first sequence number is a first initial sequence number (ISN); intercepting a first TCP ACK packet sent from the TCP client and destined for the TCP server in response to transmitting the first TCP SYN-ACK packet, wherein the first TCP ACK packet acknowledges receipt of the TCP client of the first TCP SYN-ACK packet; transmitting, in response to intercepting the first TCP ACK packet, a second TCP SYN packet to the TCP server as if the transparent TCP proxy is the TCP client, wherein the second TCP SYN packet is substantially the same as the first TCP SYN packet; intercepting a second TCP SYN-ACK packet sent from the TCP server and destined for the TCP client in response to transmitting the second TCP SYN packet to the TCP server, wherein the second TCP SYN-ACK packet includes a second sequence number that is chosen by the TCP server, wherein the second sequence number is a second ISN; transmitting a second TCP ACK packet to the TCP server as if the transparent TCP proxy is the TCP client in response to intercepting the second TCP SYN-ACK packet; calculating and storing a difference between the first ISN included in the first TCP SYN-ACK packet and the second ISN included in the second TCP SYN-ACK packet; intercepting a first data packet sent from the TCP client and destined for the TCP server, wherein the first data packet includes a first acknowledgement number based on the first sequence number, and wherein the first data packet includes a first TCP checksum; updating the first acknowledgement number to a second acknowledgement number using the difference between the first ISN and the second ISN so that the updated acknowledgement number is a value that is expected by the TCP server; calculating a second TCP checksum that uses the second acknowledgement number instead of the first acknowledgement number; transmitting a second data packet to the TCP server as if the transparent TCP proxy is the TCP client, wherein the second data packet includes the second acknowledgement number and the second TCP checksum; intercepting a third data packet sent from the TCP server and destined for the TCP client, wherein the third data packet includes a third TCP checksum and a third sequence number; updating the third sequence number to a fourth sequence number using the difference between the first sequence number and the second sequence number so that the fourth sequence number is a value that is expected by the TCP client; calculating a fourth TCP checksum that uses the fourth sequence number instead of the third sequence number; transmitting a fourth data packet to the TCP client as if the transparent TCP proxy is the TCP server, wherein the fourth data packet includes the fourth TCP checksum and the fourth sequence number; calculating and storing a difference between the first TCP checksum and the second TCP checksum; intercepting a fifth data packet transmitted from the TCP client and destined for the TCP server, wherein the fifth data packet includes a third acknowledgement number and a fifth TCP checksum; updating the third acknowledgement number to a fourth acknowledgement number using the difference between the first sequence number and the second sequence number so that the fourth acknowledgement number is a value that is expected by the TCP server; updating the fifth TCP checksum to a sixth TCP checksum using the difference between the first TCP checksum and the second TCP checksum; transmitting a sixth data packet to the TCP server as if the transparent TCP proxy is the TCP client, wherein the sixth data packet includes the fourth acknowledgement number and the sixth TCP checksum; calculating and storing a difference between the third TCP checksum and the fourth TCP checksum; intercepting a seventh data packet transmitted from the TCP server and destined for the TCP client, wherein the seventh data packet includes a seventh TCP checksum and a fifth sequence number; updating the fifth sequence number to a sixth sequence number using the difference between the first sequence number and the second sequence number so that the sixth sequence number is a value that is expected by the TCP client; updating the seventh TCP checksum to an eighth TCP checksum using the difference between the third TCP checksum and the fourth TCP checksum; and transmitting an eighth data packet to the TCP client as if the transparent TCP proxy is the TCP server, wherein the eighth data packet includes the eighth TCP checksum and the sixth sequence number. |