JP5423228B2 - Communication apparatus and communication system - Google Patents

Description

The present invention relates to a communication device and a communication system, and more particularly, to a communication device and a communication system that speed up message processing.
The present invention is, for example, installed between a server and a client, using a communication device that encrypts plain text data received from the server and transmits the encrypted data to the client, and decrypts encrypted data received from the client and transmits the encrypted data to the server. The present invention relates to a technique for taking over computation processing for encrypted communication of a server and speeding up encrypted communication between a server and a client.

With the expansion of commercial transactions through the Internet, there is an increasing need for encrypted communication using TLS (Transport Layer Security) / SSL (Secure Socket Layer).
Encrypted communication is performed between the server and a number of clients. As the number of clients connected to the server increases and the amount of data to be transmitted and received increases, the computation load on the server increases and the processing speed decreases.
Therefore, the TLS / SSL offloader function, which consists of a function for terminating encrypted communication on behalf of the server and encrypting / decrypting data at high speed, is added to the communication device placed in the front stage of the server to improve server processing speed. It was necessary to let them.
As a communication device with a TLS offloader function, for example, a protocol processing device as in Patent Document 1 is used.
In this protocol processing apparatus, all packets are stored in the reception buffer.

JP 2007-215031 A

FIG. 1 shows an outline of a communication apparatus with a TLS / SSL offloader function.
A communication device with a TLS / SSL offloader function (hereinafter, “offloader”) 100 is disposed between a server 101 and a client 102.
A normal TCP connection is created between the server 101 and the offloader 100. An SSL session 104 is created between the client 102 and the offloader 100, and a plurality of TCP connections and TLS / SSL connections are created therein.
The offloader 100 mediates TCP handshake processing between the client 102 and the server 101. After a SYN packet (connection request packet) from the client is transmitted to the server 101, a SYN-ACK packet (connection request receipt confirmation response packet) from the server is transmitted to the client 102, and an ACK packet from the client is further transmitted to the server. 101.
When the TCP connection establishment sequence is completed, the offloader 100 executes TLS / SSL connection establishment sequence processing with the client instead of the server.
In the sequence processing for establishing a TLS / SSL connection, first, a packet including a Client Hello message (a plurality of usable encryption method candidates are specified) is transmitted from the client 102 to the server.
When the offloader receives the Client Hello packet, the offloader transmits to the client 102 a packet including a Server Hello message (designating one encryption method to be used), a Certificate message including a public key, and a Server Hello Done message.

When the client receives the packet, it generates a premaster secret that is a secret key and encrypts it using the public key. Furthermore, a key exchange message including the encrypted master secret, a change cipher spec message for notifying start of encrypted communication, and a packet including a finished message for verifying the previous message are transmitted to the server 101. Note that the KeyExchange message, the ChangeCipherSpec message, and the Finished message may be included in the same packet or in different packets.
When the offloader 100 receives the packet, the offloader 100 transmits, to the client 102, a packet including a ChangeCipherSpec message that notifies the start of encrypted communication and a Finished message for verifying the previous message.
When the TLS / SSL connection establishment sequence described above is completed, encrypted communication by TLS / SSL is started.
When the client creates another TLS / SSL connection, it performs TCP handshake and reuses the already agreed encryption method and the master secret that has already been exchanged (hereinafter, A Client Hello message designating "Reuse session" is sent to the server 101.
When the offloader 100 receives a packet with a client hello message that specifies session reuse, the server hello message (specifies one encryption method to be used), a change cipher spec message that notifies the start of encrypted communication, A packet including a Finished message for verifying the message is transmitted to the client. A Certificate message containing the public key is not sent.
The client that has received the packet transmits to the server 101 a packet including a ChangeCipherSpec message that notifies the start of encrypted communication and a Finished message for verifying the previous message. Note that the ChangeCipherSpec message and the Finished message may be included in the same packet or in different packets.

When the offloader 100 receives a packet including the Finished message, a TLS / SSL connection is established and encrypted communication is started.
In encrypted communication using TLS / SSL, an encrypted packet from a client is decrypted by the offloader 100 and a plaintext packet is transmitted to the server 101. Further, the plaintext packet from the server is decrypted by the offloader, and the encrypted packet is transmitted to the client 102.
When the encrypted communication is completed, the offloader 100 mediates a TCP connection closing sequence. After the FIN-ACK packet (connection disconnection request) from the client 102 is transmitted to the server 101, the FIN-ACK packet (response to the connection disconnection request) from the server 101 is transmitted to the client 102. ACK packet is transmitted to the server 101.

In the following, problems in processing the TLS / SSL sequence in an apparatus using a conventional general-purpose CPU will be described.
In the above apparatus, a TCP / IP layer processing process for performing TCP / IP layer processing and a TLS / SSL message processing process for performing TLS / SSL layer processing are executed on the general-purpose CPU.
Each time a TCP / IP connection is generated, the TCP / IP layer processing process generates a paired TLS / SSL message processing process, a transmission buffer, and a reception buffer, and all the messages included in the reception packet are included in the TLS / SSL message. It accumulates in a reception buffer prepared for each processing process.
The TLS / SSL message processing process reads the messages in the reception buffer one by one and processes them sequentially.
Further, all reply messages generated by the TLS / SSL message processing process are accumulated in a transmission buffer secured for each process. The TCP / IP layer processing process encapsulates the message in the transmission buffer with a TCP / IP header and transmits the packet.
In some cases, an encryption accelerator connected to the outside takes over part of the processing performed by the TLS / SSL message processing process on the general-purpose CPU. In this case, some encrypted key data, encrypted data, plain text data, and a MAC value for tampering check in the TLS / SSL message are exchanged with the cryptographic accelerator.

Note that the MAC (Message Authentication Code) value for tampering check is a value calculated using, for example, a hash value based on a message before encryption, and the terminal that receives the message on the communication path Used to determine if a message has been tampered with.
In the apparatus using the conventional general-purpose CPU described above, all message data always goes back and forth between the reception buffer and the transmission buffer. Increasing the amount of packets to be transmitted / received to improve the performance of the offloader 100 not only increases the required memory capacity and costs, but also increases the memory bandwidth consumption and degrades the performance. there were.

SUMMARY OF THE INVENTION In view of the above, an object of the present invention is to realize message processing of packets in the order of transmission by a terminal by reading / writing only a part of packets having errors in arrival order into / from a reception buffer. .
Another object of the present invention is to realize processing not in units of messages but in units of packets.
Another object of the present invention is to reduce the number of packet reads from the client transmission buffer and / or the server transmission buffer.

In order to solve these problems, the present invention provides, for example,
TCP / IP connection table that records how far each TCP connection has received,
In a communication apparatus comprising: a TCP state transition determination unit that reads a TCP state corresponding to a received packet from a TCP / IP connection table and determines whether or not the received packet follows immediately after the end of received data ,
The terminal sends packet B after packet A,
The packet buffer A is not accumulated, and the reception buffer that accumulates the packet B only when the arrival order of the packet B precedes the packet A;
An ACK mismatch packet processing unit that stores the packet B in the reception buffer only when the TCP state transition determination unit detects that the packet B has arrived before the packet A;
A message processing unit for processing messages;
A subsequent packet re-input unit that reads out the packet B and outputs it to the message processing unit when the packet B is accumulated in the reception buffer at the end of processing of the packet A in the message processing unit,
A communication device is provided that realizes that packets arrive at the message processing unit in the order of transmission by the terminal by reading / writing only some of the packets having errors in the arrival order into / from the reception buffer.

In the communication device,
When the message processor processes TLS / SSL messages,
A packet type determining unit for determining what kind of message is included when a packet including one or a plurality of divided TLS / SSL messages is input to the message processing unit;
Based on the determination result of the packet type determination unit,
If the input packet contains one or more handshake messages sent by the client, create a packet containing a handshake message corresponding to the received one or more handshake messages;
If the input packet is a packet containing plain text data sent by the server, create a packet for the client that encrypts the plain text data,
If the input packet is a packet that includes encrypted data sent by the client and does not include a MAC value for falsification check, it creates an intermediate result of the packet addressed to the server that decrypted the encrypted data and the MAC value for falsification check. ,
If the input packet is a packet that includes encrypted data sent by the client and includes a MAC value for falsification check, create a packet addressed to the server that decrypts the encrypted data and a MAC value for falsification check. By checking the consistency of the MAC value of
Implement processing in units of packets rather than in units of messages.

Furthermore, in the communication device,
A transmission buffer for the client that accumulates packets addressed to the client created by the message processing unit together with ACK unreceived information;
When a response ACK is received from the client, the ACK unreceived information of the corresponding packet in the transmission buffer for the client is changed to ACK responded information,
By including a client transmission ACK processing unit that reads and retransmits a corresponding packet in the transmission buffer for the client when a duplicate ACK is received,
Realizes suppression of the number of packet reads from the client transmission buffer.

Furthermore, in the communication device,
A transmission buffer for the server that accumulates packets addressed to the server together with ACK unreceived and unverified information;
When a decrypted packet that does not include a MAC value for tampering check is received from the TLS / SSL message processing unit, it is stored in the transmission buffer together with information indicating that ACK has not been received and verification has not been completed,
When a decrypted packet including a correct falsification check MAC value is received from the TLS / SSL message processing unit, an unverified packet accumulated in the transmission buffer is read out and transmitted after being verified. To send a decrypted packet containing the correct tamper check MAC value,
A plaintext packet creation unit for a server for erasing unverified packets accumulated in the transmission buffer when a decrypted packet including an erroneous MAC value for tampering check is received from a TLS / SSL message processing unit;
When a response ACK is received from the server, the ACK unreceived information of the corresponding packet in the server transmission buffer is changed to ACK received,
A server ACK processing unit that, when receiving a duplicate ACK from the server, reads and retransmits the corresponding packet in the transmission buffer for the server,
Realizes the suppression of the packet read count from the server transmission buffer.

According to the first solution of the present invention,
Installed between a client terminal and a server terminal, for encrypting plain text data received from the server terminal and transmitting it to the client terminal, and for decrypting encrypted data received from the client terminal and transmitting to the server terminal In a communication device for executing a connection establishment sequence for encrypted communication on behalf of the server terminal,
Corresponding to the terminal identification information, the communication device actually receives and confirms the first terminal sequence information, which is a value for representing the amount of data transmitted from the terminal to the communication device, and the data transmitted from the terminal. First confirmation sequence information indicating the amount of data sent back to the terminal as a response, second terminal sequence information that is a value representing the amount of data transmitted from the communication device to the terminal, and the confirmation response from the terminal that the communication device actually transmits A connection status table for storing the connection status data including the second confirmation sequence information, which is the amount of data that has been received, and recording how far each connection has been received,
A reception buffer for accumulating packets that should arrive later together with the packet header when the arrival order of the packets is reversed;
Reads the connection status corresponding to the received packet from the connection status table, determines whether the received packet follows immediately after the end of the received data, and arrives later when the packet arrival order is reversed. A packet processing unit for accumulating packets to be received in the reception buffer together with a packet header ,

The packet processing unit
Receiving from the terminal a first received packet for establishing a connection for encrypted communication, including source identification information, transmission sequence information, destination sequence information, and payload length;
Referring to the connection state table, obtain connection state data that matches the source identification information of the first received packet,
For the connection status data, when the transmission sequence information A of the first received packet from the terminal and the first confirmation sequence information A match, the payload length L is added to the first terminal sequence information A to A + L Update, add the payload length L to the first confirmation sequence information A to update to A + L, and send the first transmission packet with the payload length 0 with the sequence information A + L as the destination sequence information to the terminal,
On the other hand, the transmission sequence information A + L and the second reception packet having the payload length L are transmitted from the terminal, but the transmission sequence information is transmitted from the terminal in succession before receiving the second reception packet. When a third received packet with A + 2L and payload length L is received,
Referring to the connection state table, when the transmission sequence information A + 2L included in the third received packet is different from the sequence information A + L of the first confirmation sequence information, if the payload length of the third packet is greater than 0, The third reception packet is accumulated in the reception buffer, the connection state table is updated using transmission sequence information A + 2L included in the third reception packet as first terminal sequence information, and sequence information of the first confirmation sequence information Creating a second transmission packet having a payload length of 0 with A + L as destination sequence information, and transmitting the second transmission packet to the terminal;
When the terminal receives the second transmission packet, the terminal determines transmission sequence information from the terminal by determining that the second reception packet is not received by the communication device based on destination sequence information A + L. Receiving the second received packet of A + L and payload length L or the fourth received packet having the same content as the second received packet;
Referring to the connection state table and confirming that the transmission sequence information A + L of the second or fourth received packet matches the sequence information A + L of the first confirmation sequence information, the first confirmation sequence information A + L The payload length L of the fourth received packet is added and updated to A + 2L, a third transmission packet with a payload length of 0 is generated with the sequence information A + 2L as the destination sequence information, and the third transmission packet is sent to the terminal There is provided the communication device for transmitting to.

According to the second solution of the present invention,
Installed between a client terminal and a server terminal, for encrypting plain text data received from the server terminal and transmitting it to the client terminal, and for decrypting encrypted data received from the client terminal and transmitting to the server terminal In a communication device for executing a connection establishment sequence for encrypted communication on behalf of the server terminal,
Corresponding to the terminal identification information, the communication device actually receives and confirms the first terminal sequence information, which is a value for representing the amount of data transmitted from the terminal to the communication device, and the data transmitted from the terminal. First confirmation sequence information indicating the amount of data sent back to the terminal as a response, second terminal sequence information that is a value representing the amount of data transmitted from the communication device to the terminal, and the confirmation response from the terminal that the communication device actually transmits A connection status table for storing the connection status data including the second confirmation sequence information, which is the amount of data that has been received, and recording how far each connection has been received,
A reception buffer for accumulating packets that should arrive later together with the packet header when the arrival order of the packets is reversed;
Reads the connection status corresponding to the received packet from the connection status table, determines whether the received packet follows immediately after the end of the received data, and arrives later when the packet arrival order is reversed. A packet processing unit for accumulating packets to be received in the reception buffer together with a packet header ,

The packet processing unit
Transmitting a first transmission packet for establishing a connection for encrypted communication, including transmission source identification information, transmission sequence information, destination sequence information, and payload length, to the terminal;
Referring to the connection state table, obtain connection state data that matches the source identification information of the first packet;
For the connection status data, when the transmission sequence information B of the first transmission packet having the payload length L matches the second terminal sequence information B, the payload length L is added to the second terminal sequence information B to B + L Updated,
In response to the first transmission packet, when receiving a first reception packet with a payload length of 0 having destination sequence information B + L from the terminal, the first confirmation sequence information in the connection state table includes the first confirmation sequence information. Destination sequence information B + L included in the received packet of

On the other hand, referring to the connection state table, the second transmission packet having the same transmission sequence information B + L and payload length L as the second terminal sequence information is sent to the terminal, and the second terminal sequence information B + L includes the second transmission packet. Is added to the payload length L of the transmission packet and updated to B + 2L,
Subsequently, a third transmission packet having a payload length L having the same transmission sequence information B + 2L as the second terminal sequence information is sent, and the payload length L of the third transmission packet is added to the second terminal sequence information B + 2L. Update to B + 3L,
When the terminal receives the third transmission packet before receiving the second transmission packet, the terminal determines from the transmission sequence information B + 2L that the previous second transmission packet has not been received. In order to prompt retransmission of the second transmission packet transmitted from the terminal, a second received packet having a payload length of 0 with destination sequence information B + L is received,
If the second reception packet or a packet having the same content as the second reception packet is continuously received a predetermined number of times with reference to the connection state table, the second transmission packet is discarded in the middle. Retransmit the second transmission packet with transmission sequence information B + L and payload length L or transmit a fourth transmission packet with the same content as the second transmission packet,
In response to the second or fourth transmission packet, the communication apparatus is provided that receives a third reception packet having a payload length of 0 with destination sequence information B + 3L from the terminal.

According to the third solution of the present invention,
Installed between a client terminal and a server terminal, for encrypting plain text data received from the server terminal and transmitting it to the client terminal, and for decrypting encrypted data received from the client terminal and transmitting to the server terminal In addition, in a communication system including a communication device for executing a connection establishment sequence for encrypted communication on behalf of the server terminal,
The communication device
Corresponding to the terminal identification information, the communication device actually receives and confirms the first terminal sequence information, which is a value for representing the amount of data transmitted from the terminal to the communication device, and the data transmitted from the terminal. First confirmation sequence information indicating the amount of data sent back to the terminal as a response, second terminal sequence information that is a value representing the amount of data transmitted from the communication device to the terminal, and the confirmation response from the terminal that the communication device actually transmits A connection status table for storing the connection status data including the second confirmation sequence information, which is the amount of data that has been received, and recording how far each connection has been received,
A reception buffer for accumulating packets that should arrive later together with the packet header when the arrival order of the packets is reversed;
Reads the connection status corresponding to the received packet from the connection status table, determines whether the received packet follows immediately after the end of the received data, and arrives later when the packet arrival order is reversed. A packet processing unit for accumulating packets to be received in the reception buffer together with a packet header ,

The packet processing unit
Receiving from the terminal a first received packet for establishing a connection for encrypted communication, including source identification information, transmission sequence information, destination sequence information, and payload length;
Referring to the connection state table, obtain connection state data that matches the source identification information of the first received packet,
For the connection status data, when the transmission sequence information A of the first received packet from the terminal and the first confirmation sequence information A match, the payload length L is added to the first terminal sequence information A to A + L Update, add the payload length L to the first confirmation sequence information A to update to A + L, and send the first transmission packet with the payload length 0 with the sequence information A + L as the destination sequence information to the terminal,
On the other hand, the transmission sequence information A + L and the second reception packet having the payload length L are transmitted from the terminal, but the transmission sequence information is transmitted from the terminal in succession before receiving the second reception packet. When a third received packet with A + 2L and payload length L is received,
Referring to the connection state table, when the transmission sequence information A + 2L included in the third received packet is different from the sequence information A + L of the first confirmation sequence information, if the payload length of the third packet is greater than 0, The third reception packet is accumulated in the reception buffer, the connection state table is updated using transmission sequence information A + 2L included in the third reception packet as first terminal sequence information, and sequence information of the first confirmation sequence information Creating a second transmission packet having a payload length of 0 with A + L as destination sequence information, and transmitting the second transmission packet to the terminal;
When the terminal receives the second transmission packet, the terminal determines transmission sequence information from the terminal by determining that the second reception packet is not received by the communication device based on destination sequence information A + L. Receiving the second received packet of A + L and payload length L or the fourth received packet having the same content as the second received packet;
Referring to the connection state table and confirming that the transmission sequence information A + L of the second or fourth received packet matches the sequence information A + L of the first confirmation sequence information, the first confirmation sequence information A + L The payload length L of the fourth received packet is added and updated to A + 2L, a third transmission packet with a payload length of 0 is generated with the sequence information A + 2L as the destination sequence information, and the third transmission packet is sent to the terminal There is provided the communication system for transmitting to.

Explanatory drawing of a TLS / SSL offloader. FIG. 2 is a sequence diagram (SSL basic sequence) of packets exchanged between the communication apparatus of the present embodiment and a server and a client (1). The sequence diagram (SSL basic sequence) of the packet which the communication apparatus of this Embodiment communicates with a server and a client (2). FIG. 3 is a sequence diagram of packets exchanged with a server and a client by the communication apparatus according to the present embodiment (an irregular sequence for establishing an SSL connection) (1). FIG. 6 is a sequence diagram of packets exchanged with a server and a client by the communication apparatus according to the present embodiment (an irregular sequence for establishing an SSL connection) (2). The sequence diagram of the packet which the communication apparatus of this Embodiment communicates with a server and a client. The sequence diagram of the packet which the communication apparatus of this Embodiment communicates with a server and a client. 1 is a block diagram of an example of an architecture of a communication device according to an embodiment. FIG. 3 is a block diagram of part of the communication apparatus according to the present embodiment. FIG. 3 is a block diagram of part of the communication apparatus according to the present embodiment. Explanatory drawing of the packet format exchanged between the communication apparatus in this Embodiment, a client, and a server. Explanatory drawing of an example of the format of the table which stores the state of the TCP connection in this Embodiment. The flowchart figure of the process performed in the one part block of the communication apparatus of this Embodiment. The flowchart figure of the process performed in the one part block of the communication apparatus of this Embodiment. The flowchart figure of the process performed in the one part block of the communication apparatus of this Embodiment. The flowchart figure of the process performed in the one part block of the communication apparatus of this Embodiment. Explanatory drawing of the payload format which the packet exchanged between the communication apparatus in this Embodiment, a client, and a server contains. The flowchart figure of the process performed in the one part block of the communication apparatus of this Embodiment. Explanatory drawing of an example of the format of the table which stores the state of the TLS / SSL connection in this Embodiment. Explanatory drawing when a client transmits the packet of the payload length L. FIG. An explanatory view when an offloader transmits a packet of payload length L toward a client. Explanatory drawing when a server transmits the packet of the payload length L. FIG. An explanatory view when an offloader transmits a packet of payload length L toward a server. Explanatory drawing showing the relationship between Client Seq and Acked Client Seq. Explanatory drawing showing the relationship between Seq for Client and Acked Seq for Client. Explanatory drawing showing the relationship between Server Seq and Acked Server Seq. Explanatory drawing showing the relationship between Seq for Server and Acked Seq for Server. The block diagram of a message processing part.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
1. TLS / SSL connection establishment sequence

First, FIG. 2 and FIG. 3 show sequence processing (SSL basic sequence) until TLS / SSL connection is established. 4 and 5 show an irregular sequence for establishing a TLS / SSL connection.
The offloader 100 mediates TCP handshake processing between the client 102 and the server 101. After the SYN packet 200 from the client is transmitted to the server 101 (201), the SYN-ACK packet 202 from the server is transmitted to the client 102 (203), and further, the ACK 204 packet from the client is transmitted to the server 101 (205). )
When the TCP connection establishment sequence is completed, the TLS / SSL connection establishment sequence processing with the client is executed on behalf of the server.
In the sequence processing for establishing a TLS / SSL connection, first, a packet including a Client Hello message 206 (a plurality of usable encryption method candidates are specified) is transmitted from the client 102 to the server.
Upon receiving the Client Hello packet 206, the offloader transmits to the client 102 a packet 207 including a Server Hello message (designating one encryption method to be used), a Certificate message including a public key, and a Server Hello Done message.
When the client receives the packet, it generates a master secret that is a secret key and encrypts it using the public key. Further, a packet 208 including a KeyExchange message including the encrypted master secret, a Change CipherSpec message for notifying the start of encrypted communication, and a Finished message for verifying the previous message is transmitted to the server 101. As shown in 303 to 305, 309, 310, 314, and 315 in FIG. 4 and FIG. 5, the KeyExchange message, the ChangeCipherSpec message, and the Finished message are included in the same packet and in separate packets. May be.
When the offloader 100 receives the packet 208, the offloader 100 transmits, to the client 102, a packet 209 including a Change CipherSpec message for notifying the start of encrypted communication and a Finished message for verifying the previous message.
When the TLS / SSL connection establishment sequence described above is completed, encrypted communication by TLS / SSL is started.

In the encrypted communication by TLS / SSL, the encrypted packet 213 from the client is decrypted by the offloader 100, and the plaintext packet 214 is transmitted to the server 101. Also, the plaintext packet 216 from the server is decrypted by the offloader, and the encrypted packet 215 is transmitted to the client 102.
When the encrypted communication is completed, the offloader 100 mediates a TCP connection closing sequence. A FIN-ACK packet 217 from the client 102 is transmitted to the server 101 (218), a FIN-ACK packet 220 from the server 101 is transmitted to the client 102 (219), and an ACK packet 221 from the client 102 is further transmitted. Transmit (222) to the server 101.

As shown in FIG. 3, when another TLS / SSL connection is created by the client, after performing a TCP handshake, the already agreed encryption method and the master secret that has already been exchanged. Is transmitted to the server 101. The client hello message 210 designating that the message is to be reused (hereinafter referred to as session reuse).
When the offloader 100 receives the Client Hello message-added packet 210 that specifies session reuse, the Server Hello message (specifies one encryption method to be used), the ChangeCipherSpec message that notifies the start of encrypted communication, and so far A packet 211 including a Finished message for verifying the message is transmitted to the client. A Certificate message containing the public key is not sent.
The client that has received the packet transmits, to the server 101, a packet 212 including a Change CipherSpec message for notifying the start of encrypted communication and a Finished message for verifying the previous message. As shown in 319, 320, etc. in FIG. 5, the Change CipherSpec message and the Finished message may be included in the same packet or in different packets.
When the offloader 100 receives the packet 212, a TLS / SSL connection is established and encrypted communication is started.

2. Offloader overview

FIG. 8 shows the architecture of the offloader 800 of the present embodiment.
The offloader 800 includes a network interface 802 that exchanges packets with the outside of a device such as a client or a server, a packet processing unit 803, and a memory 805.
The packet processing unit 803 includes a TCP / IP layer processing unit 807, a TLS / SSL message processing unit 812, a table size / address range designation register 806, and a cryptographic accelerator 814.
The memory 805 includes a TCP connection table 808 that manages the TCP state, a reception buffer 809 that stores only received packets that do not match ACK, a client transmission buffer 810 that stores packets addressed to clients that have not received ACK, and MAC verification. A server-destined transmission buffer 811 for accumulating packets for servers that have not been received and that have not received ACKs, and a TLS / SSL state table 813 that manages the state of TLS / SSL are provided internally.
The TCP / IP layer processing unit 807 and the TLS / SSL message processing unit 812 are arranged in the address space of the memory 805 according to the values described in the table size / address range designation register 806, the TCP connection table 808, the reception buffer 809, and the client Areas for the destination transmission buffer 810, the server transmission buffer 811, and the TLS / SSL state table 813 are secured.
FIG. 11 shows an exemplary format of packet data transmitted and received by the network interface 802.
The packet data includes Len 1100, Proto 1101, SIP 1102, DIP 1103, Sport 1104, Dport 1105, SSeq 1106, DSeq 1107, Flag 1108, Others 1109, Payload 1110, DMAC 1111, SMAC 1112, and Type 11.
The Len 1100 stores the IP layer packet length. The Proto 1101 stores an identification number for identifying the transport layer protocol. The SIP 1102 stores a transmission source address, that is, a transmission source IP address that is an address of a terminal on the transmission side. The DIP 1103 stores a destination address, that is, a destination IP address that is an address of a receiving terminal. The Sport 1104 stores a TCP transmission source port. The Dport 1105 stores a TCP destination port. The SSeq 1106 stores a transmission source sequence number. The DSeq 1107 stores the destination sequence number. Flag 1108 stores a TCP flag number. Others 1109 stores other IP / TCP header data. Payload 1110 stores data other than the packet header. The DMAC 1111 stores the destination MAC address of the physical layer. The SMAC 1112 stores the transmission source MAC address of the physical layer. Type 1113 represents the type of packet data. Note that the MAC represents a media access control frame, and a packet flowing through the physical layer is referred to as a MAC frame. It is different from the SSL MAC (Message Authentication Code).

Payload 1110 may include up to three TLS / SSL messages. SSL Len 1114/1118/1122 for storing message length, Msg Type 1115/1119/1123 for storing message type, SSL Others 1116/1120/1124 for storing other SSL header data, and TLS / SSL message body SSL Message 1117/1121/1125. Some of these may be included, and some may be included.
FIG. 12 shows the TCP status described in one entry of the TCP connection status storage table 808 that records the status of the TCP connection created by the offloader 100 between the client 102 and the server 101 (hereinafter referred to as TCP status). An example of the format is shown.
The TCP state includes a client IP 1201 for storing the client IP address, an offloader IP for client 1202 for storing the IP address that the offloader discloses to the client side, and a client port 1203 for storing the TCP port number of the client 102. Port for Client 1204 for storing the TCP port number on the client side of the offloader 100, Client Seq 1205 (first terminal sequence information) for storing the sequence number of the data transmitted by the client, and the offloader 100 toward the client side Seq for Client 1206 (second terminal sequence information) for storing the sequence number of the transmitted data, and the client's transmitted data Acked Client Seq 1207 (first confirmation sequence information) that stores the sequence number for which the offloader 100 has returned an ACK to the data, and the client returns an ACK to the data that the offloader 100 has transmitted to the client side Acknowledged Seq for Client 1208 (second confirmation sequence information) for storing the completed sequence number, Client State 1209 for storing the state of the TCP connection with the client 102, Server IP 1211 for storing the IP address of the server, and the offloader on the server side An Offloader IP for Server 1212 that stores an IP address that is open to the Internet, and a Server Port 1213 that stores the TCP port number of the server 101 Port for Server 1214 for storing the TCP port number on the server side of the offloader 100, Server Seq 1215 (first terminal sequence information) for storing the sequence number of the transmitted data of the server, and the offloader 100 has been transmitted to the server side Seq for Server 1216 (second terminal sequence information) for storing the sequence number of data, and Acked Server Seq 1217 (first confirmation sequence information) for storing the sequence number to which the offloader 100 has returned an ACK for the transmitted data of the server Then, the Acked Seq for Server 1218 (second confirmation sequence) that stores the sequence number to which the server has returned an ACK for the data that the offloader 100 has transmitted to the server side. Including information), and Server State1219 for storing the state of the TCP connection with the server 101, the.

FIG. 24 is an explanatory diagram showing the relationship between the client seq 1205 and the acked client seq 1207.
Client Seq 1205 is a value for representing the amount of data that the client has sent to the offloader out of the amount of data that the client should send to the offloader. On the other hand, Acked Client Seq 1207 represents the amount of data actually received by the offloader and returned from the ACK to the client among the data transmitted by the client. The difference between the Acked Client Seq 1207 and the Client Seq 1205 represents the amount of data transmitted by the client but not yet received by the offloader.
FIG. 25 is an explanatory diagram showing a relationship between the Seq for Client 1206 and the Acked Seq for Client 1208.
The Seq for Client 1206 is a value that represents the amount of data transmitted by the offloader among the amount of data that the offloader should send to the client. On the other hand, the Acked Seq for Client 1208 is the amount of data for which the offloader has actually received the ACK from the client. The difference between Seq for Client 1206 and Acked Seq for Client 1208 represents the amount of data transmitted by the offloader but not confirmed by the client.
FIG. 26 is an explanatory diagram showing the relationship between the Server Seq 1215 and the Acked Server Seq 1217.
Server Seq 1215 is a value for representing the amount of data that the server has sent to the offloader out of the amount of data that the server should send to the offloader. On the other hand, Acked Server Seq 1217 represents the amount of data actually received by the offloader and returned from the ACK to the server among the data transmitted by the server. The difference between the Acked Server Seq 1217 and the Server Seq 1215 represents the amount of data transmitted by the server but not yet received by the offloader.

FIG. 27 is an explanatory diagram showing a relationship between the Seq for Server 1216 and the Acked Seq for Server 1218.
The Seq for Server 1216 is a value for representing the amount of data transmitted by the offloader among the amount of data that the offloader should send to the server. On the other hand, the Acked Seq for Server 1218 is the amount of data for which the offloader has actually received the ACK from the server. The difference between the Seq for Server 1216 and the Acked Seq for Server 1218 represents the amount of data transmitted by the offloader but not confirmed by the server.
20 to 23, the sequence numbers described in the TCP state (Client Seq 1205, Seq for Client 1206, Acked Client Seq 1207, Acked Seq for Client 1208, Server Seq 1215, Seq for Server 1216, Acked Ser 1212, Acked Ser S12 An explanatory view showing a relation with a sequence number described in a packet is shown.

FIG. 20 is an explanatory diagram when the client transmits a packet having a payload length L.
When the transmission sequence number (A) of the packet 2001 from the client matches the Acked Client Seq 1207 (A), the offloader adds the payload length L to the Client Seq 1205 (A) (2008). Further, the payload length L is added to the Acked Client Seq 1207 (A) (2009), and a packet 2002 having a payload length 0 with the sequence number (A + L) as the destination sequence number is transmitted to the client.
Next, it is assumed that a packet 2003 having a payload length L with a transmission sequence number A + L is sent from the client to the offloader and discarded in the middle.
Since the client does not know that the packet 2003 has been discarded, the client continuously transmits a packet 2004 having a payload length L with the transmission sequence number A + 2L to the offloader.
When the transmission sequence number (A + 2L) described in the packet 2004 is different from the sequence number (A + L) described in the Acked Client Seq 1207, the offloader stores the packet in the reception buffer 809 if the payload length is larger than “0”. . Then, the offloader writes the transmission sequence number (A + 2L) described in the packet 2004 in the client seq 1205 (2010), and the packet 2005 having a payload length 0 with the sequence number (A + L) described in the acked client seq 1207 as the destination sequence number. Send to.
When the client receives the packet 2005, the client knows that the packet 2003 has been discarded from the value of the destination sequence number (A + L), and has a payload length L packet 2006 (the same packet as the packet 2003) with the transmission sequence number A + L. ) To the offloader again.
When the offloader confirms that the transmission sequence number (A + L) of the packet 2006 matches the sequence number (A + L) described in the Acked Client Seq 1207, the offloader sets the payload length L of the packet 2006 to the sequence number (A + L) described in the Acked Client Seq 1207. Are added (2011), and a packet 2007 having a payload length 0 with the sequence number (A + 2L) as the destination sequence number is transmitted to the client.

FIG. 21 is an explanatory diagram when the offloader transmits a packet having a payload length L toward the client.
When the transmission sequence number (B) of the packet 2101 having the payload length L sent from the offloader to the client matches the Seq for Client 1206 (B), the payload length L is added to the Seq for Client 1206 (B) (2108).
After that, when the offloader receives a packet 2102 having a payload length 0 with the destination sequence number B + L from the client, the destination sequence number (B + L) described in the packet is described in the Acked Seq for Client 1208 (2109).
Next, it is assumed that a packet 2103 having a payload length L transmitted from the offloader to the client with the same transmission sequence number (B + L) as that of the Seq for Client 1206 has been discarded. The payload length L of the packet 2103 is added to the Seq for Client 1206 (B + L) (2110).
Since the offloader does not know that the packet 2103 has been discarded halfway, the offloader continues to send a packet 2104 having a payload length L having the same transmission sequence number (B + 2L) as the Seq for Client 1206. The payload length L of the packet 2104 is added to Seq for Client 1206 (B + 2L) (2111).
When the client receives the packet 2104, the client knows from the value of the transmission sequence number (B + 2L) that the previous packet 2103 has been discarded. In order to prompt the offloader to retransmit the packet 2103, the packet 2105 and the packet 2106 having a payload length of 0 with the destination sequence number B + L are transmitted to the offloader.
When the offloader continuously receives the packet 2105 and the packet 2106 whose destination sequence number described in the packet 2105 is the same as the value of the Acked Seq for Client 1208, the offloader knows that the packet 2103 has been discarded on the way, and the transmission sequence The packet 2107 having the payload length L with the number (B + L) (the same packet as the packet 2103) is transmitted again.
Upon receiving the packet 2107, the client transmits a packet 2108 having a payload length of 0 with a destination sequence number of B + 3L toward the offloader.

FIG. 22 is an explanatory diagram when the server transmits a packet having a payload length L.
When the transmission sequence number (A) of the packet 2201 from the server matches the Acked Server Seq 1217 (A), the offloader adds the payload length L to the Server Seq 1215 (A) (2208). Further, the payload length L is added to the Acked Server Seq 1217 (A) (2209), and a packet 2202 having a payload length 0 with the sequence number (A + L) as the destination sequence number is transmitted to the server.
Next, it is assumed that a packet 2203 having a payload length L with a transmission sequence number A + L is sent from the server to the offloader and discarded in the middle.
Since the server does not know that the packet 2203 has been discarded, the server subsequently transmits a packet 2204 having a payload length L with the transmission sequence number A + 2L to the offloader.
When the transmission sequence number (A + 2L) described in the packet 2204 is different from the sequence number (A + L) described in the Acked Server Seq 1217, the offloader writes the transmission sequence number (A + 2L) described in the packet 2204 in the Server Seq 1215 (2210), A packet 2205 having a payload length of 0 having the sequence number (A + L) described in the Acked Server Seq 1217 as the destination sequence number is transmitted to the server.
When the server receives the packet 2205, it knows that the packet 2203 has been discarded from the value of the destination number (A + L), and the packet 2206 having the payload length L with the transmission sequence number A + L (the same packet as the packet 2203) Is sent again to the offloader.
When the offloader confirms that the transmission sequence number (A + L) of the packet 2206 matches the sequence number (A + L) described in the Acked Server Seq 1217, the offloader sets the payload length L of the packet 2206 to the sequence number (A + L) described in the Acked Server Seq 1217. Are added (2211), and a packet 2207 with a payload length of 0 having the sequence number (A + 2L) as the destination sequence number is transmitted to the server.

FIG. 23 illustrates an explanatory diagram when the offloader transmits a packet having a payload length L toward the server.
When the transmission sequence number (B) of the packet 2301 having the payload length L sent from the offloader to the server matches the Seq for Server 1216 (B), the payload length L is added to the Seq for Server 1216 (B) (2308).
Thereafter, when the offloader receives a packet 2302 having a payload length of 0 with the destination sequence number B + L from the server, the destination sequence number (B + L) described in the packet is described in the Acked Seq for Server 1218 (2309).
Next, it is assumed that a packet 2303 having a payload length L sent from the offloader to the server with the same transmission sequence number (B + L) as that of the Seq for Server 1216 has been discarded. The payload length L of the packet 2303 is added to Seq for Server 1216 (B + L) (2310).
Since the offloader does not know that the packet 2303 has been discarded halfway, the offloader continues to send a packet 2304 having a payload length L having the same transmission sequence number (B + 2L) as the Seq for Server 1216. The payload length L of the packet 2304 is added to Seq for Server 1216 (B + 2L) (2311).
When the server receives the packet 2304, the server knows from the transmission sequence number value (B + 2L) that the previous packet 2303 has been discarded. In order to prompt the offloader to retransmit the packet 2303, the packet 2305 and the packet 2306 having a payload length of 0 with the destination sequence number B + L are transmitted to the offloader.
When the offloader successively receives the packet 2305 and the packet 2306 whose destination sequence number described in the packet 2305 is the same as the value of the Acked Seq for Server 1218, the offloader knows that the packet 2303 has been discarded on the way, and the transmission sequence The packet 2307 (the same packet as the packet 2303) having the payload length L with the number (B + L) is transmitted again.
Upon receiving the packet 2307, the server transmits a packet 2308 having a payload length of 0 with a destination sequence number of B + 3L to the offloader.

3. TCP / IP layer processing part (1/2)

FIG. 9 shows an internal block diagram of the TCP / IP layer processing unit 807.
The TCP / IP layer processing unit 807 includes a TCP state transition determination unit 905, an ACK mismatch packet processing unit 911, a subsequent packet re-input unit 921, a client transmission ACK processing unit 922, a server transmission ACK processing unit 924, The server-addressed plaintext packet processing unit 926 and the client-addressed encrypted packet processing unit 927 are provided.
FIG. 13 shows a flowchart executed by the TCP state transition determination unit 905.
When receiving the packet 901, the TCP state transition determination unit 905 checks whether or not a value representing TCP is stored in the Proto 1101 described in the packet (step 1301). If it is not a value representing TCP, it is discarded (step 1302). Next, whether or not there is an entry in the TCP connection state storage table 808 that matches 1102 to 1105 (source address, destination address, source port, destination port) described in the packet with 1201 to 1204 or 1211 to 1214. Is determined (step 1303). If not, it is determined whether Flag 1108 of the received packet is SYN (step 1313). If it is not SYN, it is discarded (step 1304). In the case of SYN, a new entry (entry obtained by adding 110 to 1106 of the packet in 1201 to 1205 and adding “1” to Client Seq 1205) is created and written to the TCP connection state storage table 808 (948) ), A server-addressed SYN packet (949) in which the IP address and port number of the server are described is created in DIP 1103 and Dport 1105 (step 1314). If there is a matching entry in step 1303, the matching entry is read (907) (step 1305). Further, when 1102 to 1105 described in the received packet match the read 1201 to 1204 described in the TCP state, it is determined whether or not the transmission sequence number 1106 described in the received packet is larger than the Acked Client Seq 1207 described in the TCP state. On the other hand, if 11022 to 1105 described in the received packet matches 1211 to 1214 described in the TCP state, it is determined whether or not the transmission sequence number 1106 described in the received packet is larger than the Acked Server Seq 1217 described in the TCP state. (Step 1306). If larger, the packet and the read TCP state are transmitted to the ACK mismatch packet processing unit 911 (step 1309). If not, it is determined whether or not they match (step 1307). If they do not match, they are discarded (step 1308). If they match, it is determined whether payload data exists in the received packet (step 1310). If it exists, the packet and the read TCP state are transmitted to the TLS / SSL message processing unit 812 (step 1312). If not, the packet and the read TCP state are transmitted to the client / server transmission ACK processing unit 922/924 (step 1311).

FIG. 14 shows a flowchart executed by the ACK mismatch packet processing unit 911.
When receiving the packet and the TCP state from the TCP state transition determination unit 905, the ACK mismatch packet processing unit 911 determines whether or not the TCP payload length of the packet is greater than “0” (step 1401). If larger, the packet is stored in the reception buffer 809 (step 1402). Further, it is determined whether or not the transmission sequence number of the packet is larger than the Client / Server Seq 1205/1215 described in the TCP state (step 1403). If it is larger, the Client / Server Seq 1205/1215 described in the TCP state is updated to the packet transmission sequence number SSeq 1106 (step 1404). Further, an ACK packet is created with the Acked Client / Server Seq 1207/1217 described in the TCP status as the destination sequence number and the Seq for Client / Server 1206/1216 as the source sequence number (step 1405). The newly created TCP state is written into the TCP connection state storage table 808 (910). The newly created packet is output to the aggregating unit 904 (912).
As described above, the ACK mismatch packet processing unit 911 performs processing according to the flowchart of FIG. 14, so that only a part of the packets whose arrival order is reversed can be written in the reception buffer 809.
In step 1312 of FIG. 13, the packet and the TCP state are transferred to the TLS / SSL message processing unit 812, and when the processing in the TLS / SSL message processing unit 812 is completed, the TCP payload is transferred to the Acked Client / Server Seq 1207/1217. A new TCP state 831 is created by adding the length.

FIG. 15 shows a flowchart executed by the subsequent packet re-input unit 921.
When the subsequent packet re-input unit 921 receives the TCP state 831, the subsequent packet re-input unit 921 determines whether or not a packet having a transmission sequence number that matches the Acked Client / Server Seq 1207/1217 described in the TCP state is accumulated in the reception buffer 809. (Step 1501). If not, the process ends (step 1502). If accumulated, the packet is read from the reception buffer (917) and deleted from the reception buffer 809 (918). Further, the TCP state and the read packet are output to the TLS / SSL message processing unit 812 (step 1503).
FIG. 7 shows a sequence diagram in which the encrypted packet transmitted by the client 102 is decrypted by the offloader 100 and sent to the server 101.
The encrypted packet 701 transmitted by the client 102 is decrypted by the TLS / SSL message processing unit 812 of the offloader. The decrypted plaintext packet is accumulated in the server-destined transmission buffer 811 in the server-destined plaintext packet processing unit 926 if it does not have a MAC value for tampering check. Further, the ACK packet 702 is transmitted to the client 102.
When the encrypted packet 703 transmitted by the client 102 is discarded and the next transmitted encrypted packet 704 arrives at the offloader 100, the offloader 100 regards that the packet 703 is discarded halfway, and receives duplicate ACKs 705 and 717. It transmits to the client 102 continuously. When the client receives duplicate ACKs 705 and 717 twice, the client knows that the packet 703 has been discarded halfway, and retransmits the same packet 706 as the packet 703. When the offloader 100 receives the retransmission packet 706, it returns a normal ACK packet 707 to the client 102.
When the offloader 100 receives the encrypted packet 708 having the MAC value for tampering check, the TLS / SSL message processing unit 812 decrypts it, and the server-destined plaintext packet processing unit 926 stores the server-destined plaintext. After the packet is read and transmitted (712-714), the decrypted packet is transmitted (715).
As described above, the subsequent packet re-input unit 921 performs processing according to the flowchart of FIG. 15, so that packets that pass through the reception buffer are limited to only some of the packets that have errors in the order of arrival, and packets are transmitted in the order in which they are transmitted by the terminal. Can arrive at the TLS / SSL message processing unit 812.

  The client-destined packet processing unit 927 accumulates in the client-destined transmission buffer 810 the packets destined for the client that are output by the TLS / SSL message processing unit 812 and have a TCP payload length greater than 0, and then aggregates the packets destined for the client 904 (941). Furthermore, the Seq for Server 1216 that stores the sequence number of the packet that the offloader 100 has transmitted to the server side described in the TCP state is set to the transmission sequence number, and the offloader 100 has returned an ACK to the transmitted packet of the server. An ACK packet for the server is created using the Acked Server Seq 1217 that stores the sequence number of the destination as the destination sequence number, and is output to the aggregating unit 904 (941).

FIG. 16 shows a flowchart executed by the client transmission ACK processing unit 922.
When receiving the ACK packet from the client, the client transmission ACK processing unit 922 determines whether or not the destination sequence number DSeq 1107 of the received packet is smaller than the Acked Seq for Client 1208 described in the TCP state (step 1601). If it is smaller, the process is terminated and the packet is discarded (step 1602). If it is larger, it is determined whether or not the destination sequence number DSeq 1107 of the received packet is larger than the Acked Seq for Client 1208 described in the TCP state (step 1603). If it is larger, the packet with the transmission source sequence number smaller than the destination sequence number DSeq1107 of the received packet is deleted from the transmission buffer 810 addressed to the client, and the destination sequence number DSeq1107 described in the received packet is set in the Acked Seq for Client 1208 described in the TCP state. This is entered and written in the TCP connection state storage table 808 (946) (step 1604). If they match, the client state 1209 described in the TCP state is checked to determine whether or not it is a duplicate ACK that matches the second time (step 1605). If it is not a duplicate ACK that matches the second time, the fact that it is a duplicate ACK that matches the first time is entered in the Client State 1209 described in the TCP state (step 1606). If it is a duplicate ACK that matches the second time, a packet having the same source sequence number as the destination sequence number Dseq 1107 of the received packet is read from the transmission buffer 810 addressed to the client (step 1607). The read packet is output to the aggregation unit 904 (945). In addition, although it was set as 2 times here as an example, it can set to a suitable frequency | count.

FIG. 6 shows a sequence diagram in which a plaintext packet transmitted by the server 101 is encrypted by the offloader 100 and sent to the client 102.
The plaintext packet 601/604 transmitted by the server is encrypted by the TLS / SSL message processing unit 812 of the offloader. The encrypted packet is stored in the client-destined transmission buffer 810 in the client-destined packet processing unit 927 and simultaneously transmitted to the client 102 (602/605). Further, the ACK packet 603/606 is transmitted to the server.
When the client receives the encrypted packet 602 transmitted toward the client, the client transmits an ACK packet 607 toward the offloader.
When the encrypted packet 605 transmitted to the client is discarded, ACK packets (referred to as duplicate ACKs) 608 and 609 having the same destination sequence number as the ACK packet 607 are transmitted as described in FIG.
When the offloader determines that the duplicate ACK has been received twice, the offloader knows that the encrypted packet 605 has been discarded. The client transmission ACK processing unit 922 reads the encrypted packet 605 from the client-addressed transmission buffer 810, and retransmits the same encrypted packet 610 as the encrypted packet 605. The client transmission ACK processing unit 922 retransmits nothing when receiving the first duplicate ACK 608, and retransmits the encrypted packet 610 to the client 102 when receiving the second duplicate ACK 609. When the encrypted packet 610 is retransmitted, the client 102 returns an ACK packet 611.
When the offloader 100 receives the plaintext packet 613 next to the plaintext packet 604 from the server 101 regardless of before or after receiving the ACK packet 611 for the retransmitted encrypted packet 610, the TLS / SSL message processing unit 812 performs encryption. The packet 613 converted into a packet is transmitted to the client 102 at the same time as being stored in the client transmission buffer 810 in the packet processing unit 927 for the client. Further, an ACK packet 614 is transmitted to the server.
As described above, the client transmission ACK processing unit 922 performs processing according to the flowchart shown in FIG. 16, thereby limiting the packet reading from the client-addressed transmission buffer when the second duplicate ACK is received and suppressing the number of readings. It becomes possible.

4). TLS / SSL message processor

In FIG. 17, the payload 1110 of the received packet includes a case (1701) including a plurality of TLS / SSL messages, a case (1702) including one TLS / SSL message, and a case (1703) including a part of TLS / SSL messages. ~ 1705).
In a case including some TLS / SSL messages (1703 to 1705), the portion excluding the TLS / SSL header may be encrypted. Further, in the case (1705) including the tail portion, a MAC value for tampering check (a value for determining whether or not the message has been tampered with) is added at the end. In order to calculate the MAC value for tampering check, the hash value of the entire message from the head part to the tail part is necessary. Therefore, in order to determine whether or not a correct message has been received, It is necessary to wait for arrival.
FIG. 10 shows a block diagram of the TLS / SSL message processing unit 812.
The TLS / SSL message processing unit 812 reads a corresponding TLS / SSL state from the TLS / SSL state storage table, a packet type determination unit 1003, and a message process based on the packet type determination result. And a message processing unit 1009 for creating a reply packet and creating a new TLS / SSL state and writing to the TLS / SSL state storage table.
The state reading unit 1002 reads the TLS / SSL state corresponding to the TCP state from the TLS / SSL state storage table 813.
FIG. 19 shows an example of the format of the TLS / SSL state described in one entry of the TLS / SSL state storage table 813.
The TLS / SSL state storage table 813 is divided into an area 813-1 for storing a TLS / SSL connection state and an area 813-2 for storing a TLS / SSL session state.
One entry in the area 813-1 for storing the TLS / SSL connection state stores the Server Key 1901 for storing the server-side key state, the Client Key 1902 for storing the client-side key state, and the server-side MAC write secret. Server MAC Key 1903, Client MAC Key 1904 for storing the client-side MAC write secret, Server Seq 1905 for storing the server-side sequence number, Client Seq 1906 for storing the client-side sequence number, and Server Random 1907 for storing the server random number Client Random 1908 for storing client randomness, and I for storing intermediate results such as Verify and MAC ntermim Hash 1909 and Session Pointer 1910 for storing a pointer to an entry for storing the session state.
One entry of the area 813-2 for storing the TLS / SSL session state includes a master secret 1911 for storing the master secret, a session ID 1912 for storing the session ID, and a cipher suite 1913 for storing the encryption method.

The packet type determination unit 1003 is a second message when the packet is composed of TLS / SSL first to third header type specification units 1004 to 1006, a type determination unit 1008, and two or more TLS / SSL messages. A second message position determination unit 1010 for determining the position of the third message, and a third message position determination unit 1011 for determining the position of the third message when the packet is composed of three or more TLS / SSL messages. Prepare.
The second message position determination unit 1010 determines that the Len 1100 value in the TCP / IP header does not match the SSL Len 1114 value in the first TLS / SSL header, the SSL header length, and the TCP / IP header length. The position of the second TLS / SSL message is determined and notified to the TLS / SSL second header type identification unit 1005. Further, a difference between the value of Len1100 in the TCP / IP header, the value of SSL Len1114 in the first TLS / SSL header, and the sum of the SSL header length and the TCP / IP header length is determined as the third message position determination unit 1011. To notify.
If the difference notified from the second message position determination unit 1010 does not match the value of the SSL Len 1118 in the second TLS / SSL header and the sum of the SSL header lengths, the third message position determination unit 1011 The TLS / SSL message position is determined and notified to the TLS / SSL third header type identification unit 1004.

The TLS / SSL first to third header type specifying units 1004 to 1006 determine the type of each message type when the payload includes a maximum of three TLS / SSL messages as shown in FIG. The message type determined by the TLS / SSL first header type identification unit 1006 is a handshake message (Client Hello, KeyExchange, ChangeCipherSpec, Finished) transmitted by the client, plaintext data transmitted by the server, and encrypted data (first part, (Middle, last) (cases 1703 to 1705 in FIG. 17). The message type determined by the TLS / SSL second header type identification unit 1005 is any of a handshake message (ChangeCipherSpec, Finished) transmitted by the client. The message type determined by the TLS / SSL third header type specifying unit 1004 is only Finished.
The type determining unit 1008 integrates the determination results of the TLS / SSL second header type specifying unit 1005 and the TLS / SSL third header type specifying unit 1004 into the determination results of the TLS / SSL first header type specifying unit 1006. , Output the judgment result. For example, if the determination result of the TLS / SSL first header type specifying unit 1006 is Key Exchange and the determination result of the TLS / SSL second header type specifying unit 1005 is not, the determination result of packet type = Key Exchange is output. The determination result of the TLS / SSL first header type specifying unit 1006 is KeyExchange, the determination result of the TLS / SSL second header type specifying unit 1005 is ChangeCipherSpec, and the determination result of the TLS / SSL third header type specifying unit 1005 is none In this case, the determination result of packet type = KeyExchange + ChangeCipherSpec is output. The determination result of the TLS / SSL first header type specifying unit 1006 is KeyExchange, the determination result of the TLS / SSL second header type specifying unit 1005 is ChangeCipherSpec, and the determination result of the TLS / SSL third header type specifying unit 1005 is Finished. In this case, the determination result of packet type = KeyExchange + ChangeCipherSpec + Finished is output.
The message processing unit 1009 processes the TLS / SSL message based on the determination result of the packet type determination unit 1003, and displays a new TLS / SSL state and handshake message according to the handshake message included in the client transmission packet. Create a containing packet.

FIG. 28 shows a block diagram of the message processing unit 1009. The message processing unit 1009 includes a distribution unit 2801 that distributes packets and state information according to the determination result of the message, a client hello processing unit 2803 that performs message processing using the packet and state information including the client hello message, and a key exchange message. KeyExchange processing unit 2804 that processes a message using a packet including status and status information, a Packet CipherSpec processing unit 2805 that processes a message using only a packet including status Change information and a packet including status and a packet including a Finished message and status Finished processing unit 2806 that processes a message using information, and packet and state including Alert message An alert processing unit 2807 for processing a message using information, a cryptographic processing unit 2808 for processing a message using a packet containing encrypted message and status information, and a packet containing the plaintext message and status information A plaintext processing unit 2809 that performs processing, and an aggregation unit 2802 that aggregates newly output packets and state information from each processing unit.
When the input packet includes a client hello message, the client hello processing unit 2803 extracts a client random and cipher suite, creates a server random, a server hello message that specifies a cipher suite to be used, and a server including a public key. A packet including a Certificate message and a Server Hello Done message is created. The client random and server random are written in the Client Random 1908 and Server Random 1907 in the TLS / SSL state. Further, a hash value is calculated halfway using the Client Hello message, the Server Hello message, the Server Certificate message, and the Server Hello Done message, and the intermediate result and the fractional message are entered in the Interim Hash 1909. Further, the state value indicating that the client Hello message has been received is stored in the client state 1209 of the state information, and the created packet and the updated state information are output to the aggregating unit 2802.

When the input packet includes the KeyExchange message, the KeyExchange processing unit 2804 decrypts the encrypted premaster secret in the KeyExchange message, and the master secret, the server-side key state, the client-side key state, and the server-side MAC Create a write secret and a client-side MAC write secret. The data is written to the master secret 1911, the server key 1901, the client key 1902, the server MAC key 1903, and the client MAC key 1904 in the TLS / SSL state, respectively. Further, the hash value is calculated halfway using the KeyExchange message and the intermediate result and fraction message entered in the Interim Hash 1909, and the intermediate result and fraction message are entered in the Interim Hash 1909. Further, a state value indicating that the key exchange message is received is stored in the client state 1209 of the state information. When the input packet includes a KeyExchange message and a ChangeCipherSpec message, a state value indicating that the ChangeCipherSpec message has been received is stored in the Client State 1209 of the state information. Furthermore, when the input packet includes both the KeyExchange message and the Finished message, the packet from which only the Finished message is extracted and the updated status information are sent to the Finished processing unit 2806. When the Finished message is not included, the updated status information is output to the aggregation unit 2802.
If the input packet includes a ChangeCipherSpec message, the ChangeCipherSpec processing unit 2805 stores the status value indicating that the ChangeCipherSpec message has been received in the Client State 1209 of the status information, and outputs the status information to the aggregation unit 2802.
When the input packet includes the Finished message, the Finished processing unit 2806 uses the TLS / SSL state Server Key 1901 to decode the extracted packet, and extracts the verify value and the MAC value for tampering check. Furthermore, the verification value is calculated using the intermediate result and the fractional message entered in Interim Hash 1909, and it is determined whether or not it matches the verification value described in Finished. If they do not match, a packet including an Alert message is created. If they match, the verification value is calculated using the Finished message, the intermediate result entered in the Interim Hash 1909 and the fractional message, and a packet including the ChangeCipherSpec message and the Finished message is created. The Finished message is encrypted after calculating the MAC value for tampering check. Furthermore, the state value indicating that the Finished message has been received is stored in the client state 1209 of the state information, and the created packet and the updated state information are output to the aggregation unit 2802.

If the input packet includes an Alert message, the Alert processing unit 2807 creates a FIN packet for ending the TCP connection according to the content of the warning message, and indicates that the Alert message has been received in the client state 1209 of the state information. The state value to be represented is stored, and the created packet and the updated state information are output to the aggregation unit 2802.
When the input packet is a packet addressed to the server including the encrypted data, the encryption processing unit 2808 decrypts it using the server key 1901 in the TLS / SSL state, and uses the decrypted plaintext to obtain the MAC value for tampering check. calculate. When the MAC value is included in the decrypted packet, it is determined whether or not the calculated MAC value matches the MAC value included in the packet, and the state value indicating the determination result is stored in the client state 1209 of the state information. To do. Further, the decrypted packet and the updated state information are output to the aggregation unit 2802.
When the input packet is a packet addressed to the client including the plaintext data, the plaintext processing unit 2809 calculates the MAC value for the tampering check using the plaintext, adds the MAC value for the tampering check to the plaintext data, and then encrypts it. Create a new packet addressed to the client. Also, if the input packet is a packet addressed to a server that encrypts plain text data that does not include the MAC value for tampering check, an intermediate result of the packet addressed to the server that decrypted the encrypted data and the MAC value for tampering check is created. . The intermediate result of the MAC value for falsification check is accumulated in the TLS / SSL state storage table 813. Further, when the input packet is a packet addressed to the server that encrypts plain text data including the MAC value for tampering check, the intermediate result of the MAC value for tampering check stored in the TLS / SSL state storage table 813 is read. Then, the server-addressed packet obtained by decrypting the encrypted data and the MAC value for falsification check are created, and the consistency of the MAC value for falsification check is checked.
By including the packet type determination unit 1003 and the message processing unit 1009 described above, the TLS / SSL message processing unit 812 can perform processing in units of packets, not in units of messages.

5. TCP / IP layer processing part (2/2)

The server-destined plain text packet processing unit 926 processes the server-destined packet output from the TLS / SSL message processing unit 812. Hereinafter, a description will be given with reference to FIG.
The server-destined plaintext packet processing unit 926 receives a decrypted server-destined plaintext packet whose TCP payload length is greater than 0 and does not include the MAC value for tampering check, along with the MAC unverified information and the server-destined transmission buffer 811 is stored (934). Further, the Seq for Client 1206 that stores the sequence number of the packet that has been transmitted to the client side by the offloader 100 described in the TCP state is set to the transmission sequence number, and the offloader 100 has returned an ACK to the transmitted packet of the client. The ACK packet for the client is created using the Acked Client Seq 1207 storing the sequence number of the client as the destination sequence number. As shown in FIG. 7, ACK packets 702, 705, and 707 are returned in response to the encrypted packets Encrypted Data 701, 704, and 706 from the client.
When a decrypted server-destined plaintext packet having a TCP payload length larger than 0 and including a correct MAC value for tampering check is received, the MAC-unverified decrypted server-destined plaintext packet stored so far is read (933) ), First output to the aggregating unit 904, and then output a decrypted plaintext packet addressed to the server including the MAC value for falsification check (943). The stored plaintext packet destined for the MAC-unverified server is rewritten to MAC-verified (935). Further, an ACK packet for the client is created by using Seq for Client 1206 described in the TCP state as a transmission sequence number and Acked Client Seq 1207 as a destination sequence number. As shown in FIG. 7, plain text packets 712 to 715 are continuously transmitted to the server 101, and an ACK packet 711 is returned to the client.
When a decrypted server-addressed plaintext packet that has a TCP payload length greater than 0 and includes an incorrect MAC value for tampering check is received, the accumulated plaintext packet addressed to the server that has not been verified is deleted. (935) The client-destined packet including the Alert message and the server-destined FIN packet for starting the termination of the TCP connection are created and output to the aggregating unit 904. As shown in FIG. 7, an Alert packet 709 is transmitted to the client 102, and a FIN packet 710 is transmitted to the server 101.

FIG. 18 shows a flowchart executed by the server transmission ACK processing unit 924.
When receiving the ACK packet from the server, the server transmission ACK processing unit 924 determines whether or not the destination sequence number DSeq 1107 of the received packet is smaller than the Acked Seq for Server 1218 described in the TCP state (step 1801). If it is smaller, the process is terminated and the packet is discarded (step 1802). If it is larger, it is determined whether or not the destination sequence number DSeq 1107 of the received packet is larger than the Acked Seq for Server 1218 described in the TCP state (step 1803). If larger, the packet with the transmission source sequence number smaller than the destination sequence number DSeq 1107 of the received packet is deleted from the server-destined transmission buffer 811 and the destination sequence number DSeq 1107 described in the received packet is set in the Acked Seq for Server 1218 described in the TCP state. It is entered and written in the TCP connection state storage table 808 (947) (step 1804). If they match, the server state 1219 described in the TCP state is checked to determine whether or not it is a duplicate ACK that matches the second time (step 1805). If it is not the duplicate ACK that matches the second time, the fact that it is the duplicate ACK that matches the first time is entered in the Server State 1219 described in the TCP state (step 1806). If the duplicate ACK matches the second time, the packet having the same source sequence number as the destination sequence number Dseq 1107 of the received packet is read from the server-addressed transmission buffer 811 (step 1807). The read packet is output to the aggregation unit 904 (950). In addition, although it was set as 2 times here as an example, it can set to a suitable frequency | count.
As described above, the server transmission ACK processing unit 924 performs processing according to the flowchart shown in FIG. 18, thereby limiting the packet reading from the server-addressed transmission buffer when the second duplicate ACK is received and suppressing the number of readings It becomes possible.

6). Addendum In the present invention, a register for designating the size of the reception buffer 809 or the address range occupied in the memory may be provided, and the register value may be changed from an external terminal.
Further, in the present invention, a register for designating the size or address range occupied by the memory of the client transmission buffer 810 may be provided, and the register value may be changed from an external terminal.
In the present invention, a register for designating the size or address range of the server-addressed transmission buffer 811 may be provided, and the register value may be changed from an external terminal.

The present invention can be applied to establishment of connections for various encrypted communications other than establishment of TLS / SSL connections.

  800 ... Packet processing device, 807 ... TCP / IP layer processing unit, 905 ... TCP state transition determination unit, 911 ... ACK mismatch packet processing unit, 921 ... Subsequent packet re-input unit, 922 ... Client transmission ACK processing unit, 924 ... Server transmission ACK processing unit, 926... Server-directed plaintext packet processing unit, 927.

Claims (15)

Installed between a client terminal and a server terminal, for encrypting plain text data received from the server terminal and transmitting it to the client terminal, and for decrypting encrypted data received from the client terminal and transmitting to the server terminal In a communication device for executing a connection establishment sequence for encrypted communication on behalf of the server terminal,
Corresponding to the terminal identification information, the communication device actually receives and confirms the first terminal sequence information, which is a value for representing the amount of data transmitted from the terminal to the communication device, and the data transmitted from the terminal. First confirmation sequence information indicating the amount of data sent back to the terminal as a response, second terminal sequence information that is a value representing the amount of data transmitted from the communication device to the terminal, and the confirmation response from the terminal that the communication device actually transmits A connection status table for storing the connection status data including the second confirmation sequence information, which is the amount of data that has been received, and recording how far each connection has been received,
A reception buffer for accumulating packets that should arrive later together with the packet header when the arrival order of the packets is reversed;
Reads the connection status corresponding to the received packet from the connection status table, determines whether the received packet follows immediately after the end of the received data, and arrives later when the packet arrival order is reversed. A packet processing unit for accumulating packets to be received in the reception buffer together with a packet header ,

The packet processing unit
Receiving from the terminal a first received packet for establishing a connection for encrypted communication, including source identification information, transmission sequence information, destination sequence information, and payload length;
Referring to the connection state table, obtain connection state data that matches the source identification information of the first received packet,
For the connection status data, when the transmission sequence information A of the first received packet from the terminal and the first confirmation sequence information A match, the payload length L is added to the first terminal sequence information A to A + L Update, add the payload length L to the first confirmation sequence information A to update to A + L, and send the first transmission packet with the payload length 0 with the sequence information A + L as the destination sequence information to the terminal,
On the other hand, the transmission sequence information A + L and the second reception packet having the payload length L are transmitted from the terminal, but the transmission sequence information is transmitted from the terminal in succession before receiving the second reception packet. When a third received packet with A + 2L and payload length L is received,
Referring to the connection state table, when the transmission sequence information A + 2L included in the third received packet is different from the sequence information A + L of the first confirmation sequence information, if the payload length of the third packet is greater than 0, The third reception packet is accumulated in the reception buffer, the connection state table is updated using transmission sequence information A + 2L included in the third reception packet as first terminal sequence information, and sequence information of the first confirmation sequence information Creating a second transmission packet having a payload length of 0 with A + L as destination sequence information, and transmitting the second transmission packet to the terminal;
When the terminal receives the second transmission packet, the terminal determines transmission sequence information from the terminal by determining that the second reception packet is not received by the communication device based on destination sequence information A + L. Receiving the second received packet of A + L and payload length L or the fourth received packet having the same content as the second received packet;
Referring to the connection state table and confirming that the transmission sequence information A + L of the second or fourth received packet matches the sequence information A + L of the first confirmation sequence information, the first confirmation sequence information A + L The payload length L of the fourth received packet is added and updated to A + 2L, a third transmission packet with a payload length of 0 is generated with the sequence information A + 2L as the destination sequence information, and the third transmission packet is sent to the terminal The said communication apparatus which transmits toward. The communication device according to claim 1,
The packet processing unit
An encrypted communication message processing unit for processing a message included in the packet;
When the third reception packet of the transmission sequence information A + 2L is accumulated in the reception buffer at the end of the processing of the second or fourth reception packet of the transmission sequence information A + L in the encrypted communication message processing unit, A subsequent packet re-input unit that reads the third received packet of the transmission sequence information A + 2L and outputs the third received packet together with the connection state to the encrypted communication message processing unit;
And only a part of the packets having errors in arrival order pass through the reception buffer, so that the packets arrive at the encrypted communication message processing unit in the order of transmission by the terminal. The communication device according to claim 2,
Further comprising a client-addressed transmission buffer for accumulating packets addressed to the client created by the encrypted communication message processing section together with a packet header ;
The packet processing unit
The packet addressed to the client created by the encrypted communication message processing unit is stored in the transmission buffer addressed to the client together with a packet header, and the connection state created by the encrypted communication message processing unit is recorded in the connection state table. A packet processing unit;
When an acknowledgment packet notifying that it has been received from the client terminal is received, the corresponding packet in the transmission buffer addressed to the client is deleted, and when an acknowledgment packet requesting retransmission is received more than a predetermined number of times, A communication apparatus comprising: a client transmission ACK processing unit that reads and retransmits a corresponding packet in the transmission buffer addressed to the client, thereby suppressing the number of packet readings from the transmission buffer addressed to the client. The communication device according to claim 2,
The encrypted communication message processing unit
A packet including a message for one or more or divided encrypted communications is input, and the input message includes the message type for establishing a connection for encrypted communication. A packet type determination unit for determining,
The encrypted communication message processing unit
When processing a message for encrypted communication, based on the determination result of the packet type determination unit,
If the input packet is a packet containing plain text data sent by the server terminal, create a packet for the client that encrypts the plain text data,
If the input packet contains one or more handshake messages sent by the client terminal, create a packet containing a handshake message corresponding to the received one or more handshake messages;
If the input packet is a packet that contains the encrypted data sent by the client terminal and does not contain the MAC value for falsification check, create an intermediate result of the packet addressed to the server that decrypted the encrypted data and the MAC value,
If the input packet is a packet that includes encrypted data sent by the client terminal and includes a MAC value for falsification check, create a packet addressed to the server that decrypts the encrypted data and a MAC value for falsification check, and check the falsification By checking the consistency of the MAC value for
A communication apparatus that processes in units of packets instead of in units of messages. The communication device according to claim 4, wherein
A server-addressed transmission buffer for accumulating the server-addressed packet together with the MAC verify information;
The packet processing unit
When a decrypted packet that does not include a MAC value for falsification check is received from the encrypted communication message processing unit, it is stored in the transmission buffer together with MAC unverified information, and the encrypted communication message processing unit When a decrypted packet including a MAC value for correct tampering check is received from the packet, the MAC unverified packet stored in the transmission buffer is read out after being MAC verified, and then the correct tampering check is performed. When the decrypted packet including the MAC value for transmission is transmitted and the decrypted packet including the MAC value for erroneous tampering check is received from the encrypted communication message processing unit, the packet is stored in the transmission buffer. A plaintext packet processing unit addressed to the server for erasing the MAC unverified packet,
When a confirmation response notifying that it has been received is received from the server terminal, the corresponding packet in the transmission buffer addressed to the server is deleted, and the confirmation response requesting retransmission is received from the server terminal more than a predetermined number of times. A server transmission ACK processing unit that reads and retransmits a corresponding packet in the server-addressed transmission buffer;
By providing
A communication apparatus characterized in that the number of packet reads from the server-addressed transmission buffer is suppressed. The communication device according to claim 1,
A register for designating a size or an address range occupying the memory of the reception buffer;
The communication apparatus, wherein the register value is changed from a terminal external to the communication apparatus. The communication device according to claim 3,
A register for designating a size or an address range occupying memory of the transmission buffer addressed to the client;
The communication apparatus, wherein the register value is changed from a terminal external to the communication apparatus. The communication device according to claim 5,
A register for designating a size of the transmission buffer addressed to the server or an address range occupied in memory
The communication apparatus, wherein the register value is changed from a terminal external to the communication apparatus. The communication device according to claim 1,
A packet including a message for one or more or divided encrypted communications is input, and the input message includes the message type for establishing a connection for encrypted communication. An encrypted communication message processing unit for determining and processing a message included in the packet;
From the client terminal, the encrypted communication including the first connection establishment message including the encrypted master secret, the second connection establishment message for notifying the start of the encrypted communication, and the third connection establishment message for verifying the message. When receiving a packet for establishing a connection
A type in which the first to third connection establishment messages arrive in three separate packets, a type in which the first connection establishment message and the second connection establishment message plus a third connection establishment message arrive in two packets, first A connection establishment message plus a type that arrives in two packets of a second connection establishment message and a third connection establishment message, a type that arrives in two packets of a second connection establishment message and a third connection establishment message,
Receive in any type of
The encrypted communication message processing unit processes a message not in units of messages but in units of packets by determining one of the types. The communication device according to claim 1,
When the received packet is a connection request packet, a new entry is created in the connection state table. The communication device according to claim 1,
The communication apparatus, wherein the terminal is a client terminal or a server terminal. Installed between a client terminal and a server terminal, for encrypting plain text data received from the server terminal and transmitting it to the client terminal, and for decrypting encrypted data received from the client terminal and transmitting to the server terminal In a communication device for executing a connection establishment sequence for encrypted communication on behalf of the server terminal,
Corresponding to the terminal identification information, the communication device actually receives and confirms the first terminal sequence information, which is a value for representing the amount of data transmitted from the terminal to the communication device, and the data transmitted from the terminal. First confirmation sequence information indicating the amount of data sent back to the terminal as a response, second terminal sequence information that is a value representing the amount of data transmitted from the communication device to the terminal, and the confirmation response from the terminal that the communication device actually transmits A connection status table for storing the connection status data including the second confirmation sequence information, which is the amount of data that has been received, and recording how far each connection has been received,
A reception buffer for accumulating packets that should arrive later together with the packet header when the arrival order of the packets is reversed;
Reads the connection status corresponding to the received packet from the connection status table, determines whether the received packet follows immediately after the end of the received data, and arrives later when the packet arrival order is reversed. A packet processing unit for accumulating packets to be received in the reception buffer together with a packet header ,

The packet processing unit
Transmitting a first transmission packet for establishing a connection for encrypted communication, including transmission source identification information, transmission sequence information, destination sequence information, and payload length, to the terminal;
Referring to the connection state table, obtain connection state data that matches the source identification information of the first packet;
For the connection status data, when the transmission sequence information B of the first transmission packet having the payload length L matches the second terminal sequence information B, the payload length L is added to the second terminal sequence information B to B + L Updated,
In response to the first transmission packet, when receiving a first reception packet with a payload length of 0 having destination sequence information B + L from the terminal, the first confirmation sequence information in the connection state table includes the first confirmation sequence information. Destination sequence information B + L included in the received packet of

On the other hand, referring to the connection state table, the second transmission packet having the same transmission sequence information B + L and payload length L as the second terminal sequence information is sent to the terminal, and the second terminal sequence information B + L includes the second transmission packet. Is added to the payload length L of the transmission packet and updated to B + 2L,
Subsequently, a third transmission packet having a payload length L having the same transmission sequence information B + 2L as the second terminal sequence information is sent, and the payload length L of the third transmission packet is added to the second terminal sequence information B + 2L. Update to B + 3L,
When the terminal receives the third transmission packet before receiving the second transmission packet, the terminal determines from the transmission sequence information B + 2L that the previous second transmission packet has not been received. In order to prompt retransmission of the second transmission packet transmitted from the terminal, a second received packet having a payload length of 0 with destination sequence information B + L is received,
If the second reception packet or a packet having the same content as the second reception packet is continuously received a predetermined number of times with reference to the connection state table, the second transmission packet is discarded in the middle. Retransmit the second transmission packet with transmission sequence information B + L and payload length L or transmit a fourth transmission packet with the same content as the second transmission packet,
In response to the second or fourth transmission packet, the communication apparatus receives a third reception packet with a payload length of 0 having destination sequence information B + 3L from the terminal. The communication device according to claim 12, wherein
A packet including a message for one or more or divided encrypted communications is input, and the input message includes the message type for establishing a connection for encrypted communication. An encrypted communication message processing unit for determining and processing a message included in the packet;
From the client terminal, the encrypted communication including the first connection establishment message including the encrypted master secret, the second connection establishment message for notifying the start of the encrypted communication, and the third connection establishment message for verifying the message. When receiving a packet for establishing a connection
A type in which the first to third connection establishment messages arrive in three separate packets, a type in which the first connection establishment message and the second connection establishment message plus a third connection establishment message arrive in two packets, first A connection establishment message plus a type that arrives in two packets of a second connection establishment message and a third connection establishment message, a type that arrives in two packets of a second connection establishment message and a third connection establishment message,
Receive in any type of
The encrypted communication message processing unit processes a message not in units of messages but in units of packets by determining one of the types.
Installed between a client terminal and a server terminal, for encrypting plain text data received from the server terminal and transmitting it to the client terminal, and for decrypting encrypted data received from the client terminal and transmitting to the server terminal In addition, in a communication system including a communication device for executing a connection establishment sequence for encrypted communication on behalf of the server terminal,
The communication device
Corresponding to the terminal identification information, the communication device actually receives and confirms the first terminal sequence information, which is a value for representing the amount of data transmitted from the terminal to the communication device, and the data transmitted from the terminal. First confirmation sequence information indicating the amount of data sent back to the terminal as a response, second terminal sequence information that is a value representing the amount of data transmitted from the communication device to the terminal, and the confirmation response from the terminal that the communication device actually transmits A connection status table for storing the connection status data including the second confirmation sequence information, which is the amount of data that has been received, and recording how far each connection has been received,
A reception buffer for accumulating packets that should arrive later together with the packet header when the arrival order of the packets is reversed;
Reads the connection status corresponding to the received packet from the connection status table, determines whether the received packet follows immediately after the end of the received data, and arrives later when the packet arrival order is reversed. A packet processing unit for accumulating packets to be received in the reception buffer together with a packet header ,

The packet processing unit
Receiving from the terminal a first received packet for establishing a connection for encrypted communication, including source identification information, transmission sequence information, destination sequence information, and payload length;
Referring to the connection state table, obtain connection state data that matches the source identification information of the first received packet,
For the connection status data, when the transmission sequence information A of the first received packet from the terminal and the first confirmation sequence information A match, the payload length L is added to the first terminal sequence information A to A + L Update, add the payload length L to the first confirmation sequence information A to update to A + L, and send the first transmission packet with the payload length 0 with the sequence information A + L as the destination sequence information to the terminal,
On the other hand, the transmission sequence information A + L and the second reception packet having the payload length L are transmitted from the terminal, but the transmission sequence information is transmitted from the terminal in succession before receiving the second reception packet. When a third received packet with A + 2L and payload length L is received,
Referring to the connection state table, when the transmission sequence information A + 2L included in the third received packet is different from the sequence information A + L of the first confirmation sequence information, if the payload length of the third packet is greater than 0, The third reception packet is accumulated in the reception buffer, the connection state table is updated using transmission sequence information A + 2L included in the third reception packet as first terminal sequence information, and sequence information of the first confirmation sequence information Creating a second transmission packet having a payload length of 0 with A + L as destination sequence information, and transmitting the second transmission packet to the terminal;
When the terminal receives the second transmission packet, the terminal determines transmission sequence information from the terminal by determining that the second reception packet is not received by the communication device based on destination sequence information A + L. Receiving the second received packet of A + L and payload length L or the fourth received packet having the same content as the second received packet;
Referring to the connection state table and confirming that the transmission sequence information A + L of the second or fourth received packet matches the sequence information A + L of the first confirmation sequence information, the first confirmation sequence information A + L The payload length L of the fourth received packet is added and updated to A + 2L, a third transmission packet with a payload length of 0 is generated with the sequence information A + 2L as the destination sequence information, and the third transmission packet is sent to the terminal The said communication system which transmits toward. The communication system according to claim 14,
The communication device
A packet including a message for one or more or divided encrypted communications is input, and the input message includes the message type for establishing a connection for encrypted communication. An encrypted communication message processing unit for determining and processing a message included in the packet;
From the client terminal, the encrypted communication including the first connection establishment message including the encrypted master secret, the second connection establishment message for notifying the start of the encrypted communication, and the third connection establishment message for verifying the message. When receiving a packet for establishing a connection
A type in which the first to third connection establishment messages arrive in three separate packets, a type in which the first connection establishment message and the second connection establishment message plus a third connection establishment message arrive in two packets, first A connection establishment message plus a type that arrives in two packets of a second connection establishment message and a third connection establishment message, a type that arrives in two packets of a second connection establishment message and a third connection establishment message,
Receive in any type of
The encrypted communication message processing unit processes a message in units of packets instead of in units of messages by determining one of the types.

Images