Search

US-12621267-B2 - Hostname based reverse split tunnel with wildcard support

US12621267B2US 12621267 B2US12621267 B2US 12621267B2US-12621267-B2

Abstract

The present solution provides systems and methods for establishing and implementing a hostname-based split tunneling of client-side network traffic. A driver on a client can receive a first packet of an application that includes a hostname of a destination. The driver can receive from an agent of the client a real IP address and a spoofed IP address corresponding to the hostname, when the hostname matches one of a plurality of hostnames to exclude packet traffic from a VPN tunnel of the agent. The driver can receive from the agent a domain name service (DNS) response that includes the spoofed IP address and send the DNS response to cause the application to include the spoofed IP address in a second packet for the destination.

Inventors

  • Vishnu Prateek Ponaka
  • Pradeep Gaikwad
  • Jateen Mittal
  • Vinay Kumar Kothiyal

Assignees

  • CITRIX SYSTEMS, INC.

Dates

Publication Date
20260505
Application Date
20220627

Claims (18)

  1. 1 . A method comprising: receiving, by a driver, a first packet of an application that includes a hostname of a destination; receiving, by the driver from an agent, a real IP address and a spoofed IP address corresponding to the hostname, when the hostname matches one of a plurality of hostnames to exclude packet traffic from a virtual private network (VPN) tunnel of the agent; receiving, by the driver from the agent, a domain name service (DNS) response that includes the spoofed IP address; sending, by the driver, the DNS response to cause the application to include the spoofed IP address in a second packet for the destination; receiving, by the driver from the application via an operating system, a third packet that includes second hostname of a second destination; and receiving, by the driver from the agent, a second DNS response that includes a second real IP address corresponding to the second hostname, when the second hostname fails to match any of the plurality of hostnames; and sending, by the driver, the second DNS response to cause the application to include the second real IP address corresponding to the second hostname, in a fourth packet.
  2. 2 . The method of claim 1 , wherein the agent, the driver and the application are executable on a same client device.
  3. 3 . The method of claim 1 , comprising: receiving, by the driver from the application via an operating system, the second packet that includes the spoofed IP address; and updating, by the driver, the second packet by replacing the spoofed IP address with the real IP address.
  4. 4 . The method of claim 3 , comprising: sending, by the driver, the updated second packet to the destination by bypassing the VPN tunnel of the agent.
  5. 5 . The method of claim 1 , comprising: receiving, by the driver from an operating system, a third packet that includes the real IP address; and updating, by the driver, the third packet by replacing the real IP address with the spoofed IP address.
  6. 6 . The method of claim 5 , comprising: sending, by the driver, the updated third packet to the application via the operating system.
  7. 7 . The method of claim 1 , comprising: receiving, by the driver from the application via the operating system, the fourth packet that includes the second real IP address; determining, by the driver, that the second real IP address does not correspond to any spoofed IP address; and sending, by the driver responsive to the determination, the fourth packet to the agent to send to the second destination via the VPN tunnel.
  8. 8 . The method of claim 1 , comprising: receiving, by the driver from the agent, an indication of spoofed IP addresses, wherein the agent configures an operating system to direct packets with any of the spoofed IP addresses to the driver.
  9. 9 . A device comprising: at least one processor configured to execute a driver to: receive a first packet of an application that includes a hostname of a destination; receive, from an agent, a real IP address and a spoofed IP address corresponding to the hostname, when the hostname matches one of a plurality of hostnames to exclude packet traffic from a virtual private network (VPN) tunnel of the agent; receive, from the agent, a domain name service (DNS) response that includes the spoofed IP address; send the DNS response to the application to cause the application to include the spoofed IP address in a second packet for the destination; receive, from the application via an operating system, a third packet that includes second hostname of a second destination; and receive, from the agent, a second DNS response that includes a second real IP address corresponding to the second hostname, when the second hostname fails to match any of the plurality of hostnames; and send the second DNS response to cause the application to include the second real IP address corresponding to the second hostname, in a fourth packet.
  10. 10 . The device of claim 9 , wherein the agent, the driver and the application are executable on the device.
  11. 11 . The device of claim 9 , wherein the at least one processor is configured to execute the driver to: receive, from the application via an operating system, the second packet that includes the spoofed IP address; and update the second packet by replacing the spoofed IP address with the real IP address.
  12. 12 . The device of claim 11 , wherein the at least one processor is configured to execute the driver to: send the updated second packet to the destination by bypassing the VPN tunnel of the agent.
  13. 13 . The device of claim 9 , wherein the at least one processor is configured to execute the driver to: receive, from an operating system, a third packet that includes the real IP address; and update the third packet by replacing the real IP address with the spoofed IP address.
  14. 14 . The device of claim 13 , wherein the at least one processor is configured to execute the driver to: send the updated third packet to the application via the operating system.
  15. 15 . The device of claim 9 , wherein the at least one processor is configured to execute the driver to: receive, from the application via the operating system, the fourth packet that includes the second real IP address; determine that the second real IP address does not correspond to any spoofed IP address; and send, responsive to the determination, the fourth packet to the agent to send to the second destination via the VPN tunnel.
  16. 16 . The device of claim 9 , wherein the at least one processor is configured to execute the driver to: receive, from the agent, an indication of spoofed IP addresses, wherein the agent configures an operating system to direct packets with any of the spoofed IP addresses to the driver.
  17. 17 . A non-transitory computer-readable medium storing instructions that, when executed by at least one processor of a service, cause the at least one processor to: receive a first packet of an application that includes a hostname of a destination; receive, from an agent, a real IP address and a spoofed IP address corresponding to the hostname, when the hostname matches one of a plurality of hostnames to exclude packet traffic from a virtual private network (VPN) tunnel of the agent; receive, from the agent, a domain name service (DNS) response that includes the spoofed IP address; send the DNS response to the application to cause the application to include the spoofed IP address in a second packet for the destination; receive, from the application via an operating system, a third packet that includes second hostname of a second destination; and receive, from the agent, a second DNS response that includes a second real IP address corresponding to the second hostname, when the second hostname fails to match any of the plurality of hostnames; and send the second DNS response to cause the application to include the second real IP address corresponding to the second hostname, in a fourth packet.
  18. 18 . The non-transitory computer-readable medium of claim 17 , wherein the instructions, when executed by the at least one processor of a service, cause the at least one processor to: receive, from the application via an operating system, the second packet that includes the spoofed IP address; update the second packet by replacing the spoofed IP address with the real IP address; and send the updated second packet to the destination by bypassing the VPN tunnel of the agent.

Description

FIELD OF THE DISCLOSURE The present application generally relates to computing systems and environments, including but not limited to systems and methods for managing network traffic. BACKGROUND Network communication is increasingly relying on cloud technologies. As users access online resources that can be provided by various remote servers and network devices, the network traffic of the users can increasingly be handled using various cloud-based products or services. Sometimes client interaction with particular services or resources on the network may involve using cloud products and services that can be handled by various aspects of network traffic delivery. SUMMARY This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features, nor is it intended to limit the scope of the claims included herewith. The present solution can relate to a method, such as a method for hostname based reverse split tunneling of network traffic. The method can include a driver receiving a first packet of an application that includes a hostname of a destination. The driver can receive, from an agent, a real IP address and a spoofed IP address corresponding to the hostname. The driver can receive the real IP address and the spoofed IP address when the hostname matches one of a plurality of hostnames to exclude packet traffic from a virtual private network (VPN) tunnel of the agent. The driver can receive, from the agent, a domain name service (DNS) response that includes the spoofed IP address. The driver can send the DNS response to cause the application to include the spoofed IP address in a second packet for the destination. The method can include/involve the agent, the driver and the application executable/executing on a same client device. The method can include the driver receiving, from the application via an operating system, the second packet that includes the spoofed IP address. The driver can update the second packet by replacing the spoofed IP address with the real IP address. The driver can send the updated second packet to the destination by bypassing the VPN tunnel of the agent. The driver can receive, from an operating system, a third packet that includes the real IP address. The driver can update the third packet by replacing the real IP address with the spoofed IP address. The driver can send the updated third packet to the application via the operating system. The driver can receive, from the application via an operating system, a third packet that includes second hostname of a second destination. The driver can receive, from the agent, a second DNS response that includes a second real IP address corresponding to the second hostname, when the second hostname fails to match any of the plurality of hostnames. The driver can send the second DNS response to cause the application to include the second real IP address corresponding to the second hostname, in a fourth packet. The driver can receive, from the application via the operating system, the fourth packet that includes the second real IP address. The driver can determine that the second real IP address does not correspond to any spoofed IP address and send, responsive to the determination, the fourth packet to the agent to send to the second destination via the VPN tunnel. The driver can receive, from the agent, an indication of spoofed IP addresses, wherein the agent configures an operating system to direct packets with any of the spoofed IP addresses to the driver. The present solution can relate to a system, such as a system for hostname based reverse split tunneling of network traffic. The system can include a device. The device can include at least one processor configured to execute a driver. The driver can receive a first packet of an application that includes a hostname of a destination. The driver can receive, from an agent, a real IP address and a spoofed IP address corresponding to the hostname. The driver can receive the real IP address and the spoofed IP address when the hostname matches one of a plurality of hostnames to exclude packet traffic from a virtual private network (VPN) tunnel of the agent. The driver can receive, from the agent, a domain name service (DNS) response that includes the spoofed IP address. The driver can send the DNS response to the application to cause the application to include the spoofed IP address in a second packet for the destination. The device can include the agent, the driver and the application that are executable on the device. The device can include the least one processor configured to execute the driver to receive, from the application via an operating system, the second packet that includes the spoofed IP address and update the second packet by replacing the spoofed IP address with the real IP address. The device can include the at least one processor c