公开(公告)号：US11824965B2

公开(公告)日：2023-11-21

申请号：US17667188

申请日：2022-02-08

Applicant: VMWARE, INC.

Inventor： Suman Aluvala ,  Craig Farley Newell ,  Amit Kumar Yadav ,  Pavan Rajkumar Rangain ,  Rohit Pradeep Shetty

IPC: H04L69/22 ,  H04L69/16 ,  H04L69/326 ,  H04L12/46 ,  H04L9/40 ,  H04W88/18

CPC classification number: H04L69/22 ,  H04L12/4633 ,  H04L12/4641 ,  H04L63/0272 ,  H04L69/16 ,  H04L69/326 ,  H04W88/18

Abstract: The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The first connection is established based on authentication of user information received from the first connection endpoint. The method further provides adding the user information to a packet header of one or more first packets carrying a request to establish a second connection between the gateway and a second connection endpoint within the network environment. Also, the method provides transferring the one or more first packets towards the second connection endpoint.

公开(公告)号：US20210227056A1

公开(公告)日：2021-07-22

申请号：US16815037

申请日：2020-03-11

Applicant: VMWARE, INC.

Inventor： Suman Aluvala ,  Craig Farley Newell ,  Amit Kumar Yadav ,  Pavan Rajkumar Rangain ,  Rohit Pradeep Shetty

IPC: H04L29/06 ,  H04L29/08 ,  H04W88/18 ,  H04L12/46

Abstract: The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The method further provides identifying first user information associated with the first connection and adding the first user information to a packet header of one or more first packets associated with the first connection. Also, the method provides transferring the one or more first packets into the network environment.

公开(公告)号：US11057340B2

公开(公告)日：2021-07-06

申请号：US16574116

申请日：2019-09-18

Applicant: VMWARE, INC.

Inventor： Puran Chand ,  Craig Farley Newell ,  Amit Kumar Yadav

IPC: G06F15/16 ,  H04L29/12 ,  H04L29/06

Abstract: Disclosed are various embodiments for providing split-tunneled network connectivity on a per-application basis. A request to make a universal datagram protocol (UDP) connection to a remote host specified by an internet protocol (IP) address in the request is received from a network driver. A hostname lookup table is queried to determine a hostname associated with the IP address for the remote host. A policy is identified based on the hostname associated with the IP address for the remote host. Then, the UDP connection is routed based on the policy.

公开(公告)号：US11792202B2

公开(公告)日：2023-10-17

申请号：US17452854

申请日：2021-10-29

Applicant: VMware, Inc.

Inventor： Sanjay Patil ,  Craig Farley Newell ,  Leung Tao Kwok ,  Amit Kumar Yadav

IPC: H04L9/40 ,  G06F21/31

CPC classification number: H04L63/102 ,  G06F21/31 ,  H04L63/029 ,  H04L63/0272 ,  H04L63/166 ,  H04L63/101 ,  H04L63/104

Abstract: Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.

公开(公告)号：US11272043B2

公开(公告)日：2022-03-08

申请号：US16815037

申请日：2020-03-11

Applicant: VMWARE, INC.

Inventor： Suman Aluvala ,  Craig Farley Newell ,  Amit Kumar Yadav ,  Pavan Rajkumar Rangain ,  Rohit Pradeep Shetty

IPC: H04L29/06 ,  H04L69/22 ,  H04L69/16 ,  H04L69/326 ,  H04L12/46 ,  H04W88/18

Abstract: The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The method further provides identifying first user information associated with the first connection and adding the first user information to a packet header of one or more first packets associated with the first connection. Also, the method provides transferring the one or more first packets into the network environment.

公开(公告)号：US11190521B2

公开(公告)日：2021-11-30

申请号：US16384968

申请日：2019-04-16

Applicant: VMWARE, INC.

Inventor： Sanjay Patil ,  Craig Farley Newell ,  Leung Tao Kwok ,  Amit Kumar Yadav

IPC: H04L29/06 ,  G06F21/31

Abstract: Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies.

公开(公告)号：US11190480B2

公开(公告)日：2021-11-30

申请号：US16574128

申请日：2019-09-18

Applicant: VMWARE, INC.

Inventor： Puran Chand ,  Craig Farley Newell ,  Amit Kumar Yadav

IPC: H04L29/12 ,  H04L12/46 ,  H04L29/08

Abstract: Disclosed are various embodiments for providing split-tunneled network connectivity on a per-application basis. A DNS query is received from a locally hosted DNS resolver. A first recursive DNS query is sent to an external DNS server and a second recursive DNS query is sent to an internal DNS server. A first recursive DNS response is then received from the external DNS server and a second recursive DNS response is received from the external DNS server. A response is then provided to the DNS query.

公开(公告)号：US10992579B2

公开(公告)日：2021-04-27

申请号：US16574088

申请日：2019-09-18

Applicant: VMWARE, INC.

Inventor： Puran Chand ,  Craig Farley Newell ,  Amit Kumar Yadav

IPC: G06F15/173 ,  H04L29/12 ,  H04L12/26 ,  H04L12/741 ,  H04L12/755 ,  H04L29/06 ,  H04L12/46

Abstract: Disclosed are various embodiments for providing split-tunneled network connectivity on a per-application basis. A request to make a connection, such as a transmission control protocol (TCP) or a universal datagram protocol (UDP) connection, to a remote host specified by an internet protocol (IP) address in the request is received from a network driver. A hostname lookup table is queried to determine a hostname associated with the IP address for the remote host. A policy is identified based on the hostname associated with the IP address for the remote host. Then, the connection is routed based on the policy.