Accessing SSL connection data by a third-party
    1.
    发明授权
    Accessing SSL connection data by a third-party 有权
    由第三方访问SSL连接数据

    公开(公告)号:US08782393B1

    公开(公告)日:2014-07-15

    申请号:US11420677

    申请日:2006-05-26

    IPC分类号: G06F21/00

    摘要: A method, system, and apparatus are directed towards enabling access to payload by a third-party sent over an SSL session. The third-party may be a proxy situated between a client and a server. SSL handshake messages are sent between the client and the server to establish the SSL connection. As the SSL handshake messages are routed through the proxy, the proxy may extract data. In addition, one of the client or the server may send another message within, or out-of-band to, the series of SSL handshake message directly to the proxy. The other SSL message may include secret data that the proxy may use to generate a session key for the SSL connection. With the session key, the proxy may receive SSL messages over the SSL connection, modify and/or transpose the payload within the received SSL messages, and/or terminate the SSL connection at the proxy.

    摘要翻译: 一种方法,系统和装置旨在使得能够通过SSL会话发送的第三方对负载进行访问。 第三方可以是位于客户端和服务器之间的代理。 在客户端和服务器之间发送SSL握手消息,建立SSL连接。 当SSL握手消息通过代理路由时,代理可以提取数据。 此外,客户端或服务器中的一个可以直接向该代理发送一系列SSL握手消息内或带外的另一消息。 另一SSL消息可以包括代理可用于生成用于SSL连接的会话密钥的秘密数据。 通过会话密钥,代理可以通过SSL连接接收SSL消息,修改和/或转发收到的SSL消息内的有效负载,和/或终止代理服务器上的SSL连接。

    TCP throughput control by imposing temporal delay
    2.
    发明授权
    TCP throughput control by imposing temporal delay 有权
    TCP吞吐量控制通过施加时间延迟

    公开(公告)号:US08379515B1

    公开(公告)日:2013-02-19

    申请号:US11670410

    申请日:2007-02-01

    申请人: Arindum Mukerji

    发明人: Arindum Mukerji

    IPC分类号: G01R31/08

    摘要: A system, apparatus, and method are directed towards managing traffic over a network by imposing temporal delays in acknowledgments (ACKs). A Traffic Management Device (TMD), interposed between two network session end-points monitors a buffer of relayed packets. If the contents of the buffer exceed a threshold value, delays are imposed on sending of acknowledgements. If the buffer contents exceed the threshold, and the buffer's contents are increasing, the delays may be increased. If the buffer's contents are about at steady state, the acknowledgement delays may be decreased, or maintained at a current delay status. In one embodiment, if the sender is sending packets at a rate above a receiver's ability to receive the packets, and the sender appears not to be decreasing its rate of transmission, an explicit congestion notification echo (ECE) may be sent to the sender.

    摘要翻译: 系统,装置和方法旨在通过在确认(ACK)中施加时间延迟来管理网络上的流量。 介于两个网络会话端点之间的流量管理设备(TMD)监视中继分组的缓冲区。 如果缓冲区的内容超过了一个阈值,则会发送确认的延迟。 如果缓冲区内容超过阈值,并且缓冲区的内容正在增加,则可能会增加延迟。 如果缓冲器的内容处于稳定状态,则可以减小确认延迟,或者保持当前的延迟状态。 在一个实施例中,如果发送者以高于接收方接收分组的能力的速率发送分组,并且发送方似乎不降低其传输速率,则可以向发送方发送明确的拥塞通知回显(ECE)。

    TCP-over-TCP using multiple TCP streams
    3.
    发明授权
    TCP-over-TCP using multiple TCP streams 有权
    TCP TCP over TCP使用多个TCP流

    公开(公告)号:US07493383B1

    公开(公告)日:2009-02-17

    申请号:US11618620

    申请日:2006-12-29

    申请人: Arindum Mukerji

    发明人: Arindum Mukerji

    IPC分类号: G06F15/173

    摘要: A system, apparatus, and method for managing TCP over TCP communications using multiple TCP network connections. A plurality of tunneled network connections may be established between network devices. The network devices may employ one of the tunneled network connections over which to establish a plurality of application sessions. If congestion is detected on the employed tunneled network connection that exceeds a threshold, then a reset flag may be sent to abort that tunneled network connection. At least some of the application sessions are also transferred to another one of plurality of tunneled network connections, without terminating the moved application sessions. In one embodiment, at least one more tunneled network connection may be established between the network devices.

    摘要翻译: 一种用于使用多个TCP网络连接来管理TCP over TCP通信的系统,装置和方法。 可以在网络设备之间建立多个隧道化网络连接。 网络设备可以使用隧道网络连接之一来建立多个应用会话。 如果在超过阈值的所采用的隧道网络连接上检测到拥塞,则可以发送复位标志以中止该隧道网络连接。 至少一些应用会话也被转移到多个隧道化网络连接中的另一个,而不终止移动的应用会话。 在一个实施例中,可以在网络设备之间建立至少一个更多的隧道化网络连接。

    Selectively enabling packet concatenation based on a transaction boundary

    公开(公告)号:US08611222B1

    公开(公告)日:2013-12-17

    申请号:US13592187

    申请日:2012-08-22

    IPC分类号: H04L12/28

    CPC分类号: H04L69/321

    摘要: A system, apparatus, and method are directed towards selectively combining data into a packet to modify a number of packets transmitted over a network based on a detection of a transaction boundary. If it is determined to concatenate the data, such concatenation may continue until an acknowledgement (ACK) is received, or a predetermined amount of data is concatenated in the packet, or a transaction boundary is detected. If at least one of these conditions is satisfied, concatenation may be inhibited, and the packet may be sent. Concatenation is then re-enabled. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. In one embodiment, an ACK may be sent based on a write completion indicator included within a packet. Receipt of the ACK may disable concatenation.

    Adaptive compression
    5.
    发明授权
    Adaptive compression 有权
    自适应压缩

    公开(公告)号:US08516156B1

    公开(公告)日:2013-08-20

    申请号:US12838280

    申请日:2010-07-16

    IPC分类号: G06F15/16

    CPC分类号: H04L69/04 H04L67/06

    摘要: A method, system, and apparatus are directed towards compression of content over a network. The content may include content length information, such as within a header. In one embodiment, a portion of the content may be compressed to approximately fill a buffer of a predefined size. If there remains additional uncompressed content, a new content length may be determined based in part on the length of the compressed content and the remaining uncompressed content. The buffered content and the new content length may then be forwarded in response to the request. The remaining uncompressed content may be split into predefined blocks using identity compression. Identity compression may then be applied to the remaining uncompressed content which is then forwarded to a destination in response to the request.

    摘要翻译: 一种方法,系统和装置旨在通过网络压缩内容。 内容可以包括内容长度信息,例如在标题内。 在一个实施例中,内容的一部分可以被压缩以大致填充预定大小的缓冲器。 如果仍然存在额外的未压缩内容,则可以部分地基于压缩内容的长度和剩余的未压缩内容来确定新的内容长度。 然后可以响应于该请求转发缓冲的内容和新的内容长度。 剩余的未压缩内容可以使用身份压缩分割成预定义的块。 然后,可以将身份压缩应用于剩余的未压缩内容,然后响应于请求将身份压缩转发到目的地。

    Selectively enabling network packet concatenation based on metrics
    6.
    发明授权
    Selectively enabling network packet concatenation based on metrics 有权
    根据指标选择性地启用网络数据包连接

    公开(公告)号:US08477798B1

    公开(公告)日:2013-07-02

    申请号:US12969519

    申请日:2010-12-15

    IPC分类号: H04L12/54

    摘要: A method, system, and apparatus are directed towards selectively concatenating data into a packet to modify a number of packets transmitted over a network based on a combination of network and/or send-queue metrics. In one embodiment, Nagle's algorithm is used for concatenating data into a packet. The concatenation may be selectively enabled based on heuristics applied to the combination of metrics. In one embodiment, the result may indicate that there should be a concatenation, or that data should be sent immediately, or that a current state for whether to concatenate or not should be maintained. The heuristics may include an expert system, decision tree, truth table, function, or the like. The heuristics may be provided by a user, or another computing device. In another embodiment, the concatenation may be enabled based on a conditional probability determined from the combination of metrics.

    摘要翻译: 方法,系统和装置旨在将数据有选择地连接到分组中,以基于网络和/或发送队列度量的组合来修改通过网络传输的分组的数量。 在一个实施例中,Nagle的算法用于将数据连接到分组中。 可以基于应用于度量的组合的启发式来选择性地启用级联。 在一个实施例中,结果可以指示应该存在级联,或者应该立即发送数据,或者应当保持是否连接的当前状态。 启发式可以包括专家系统,决策树,真值表,功能等。 启发式可以由用户或另一种计算设备提供。 在另一个实施例中,可以基于从度量的组合确定的条件概率来启用级联。

    Adaptive network traffic classification using historical context
    7.
    发明授权
    Adaptive network traffic classification using historical context 有权
    使用历史背景的自适应网络流量分类

    公开(公告)号:US08125908B2

    公开(公告)日:2012-02-28

    申请号:US12326672

    申请日:2008-12-02

    IPC分类号: H04J1/16

    CPC分类号: H04L47/10 H04L47/2483

    摘要: Adaptive network traffic classification using historical context. Network traffic may be monitored and classified by considering several attributes using packet filters, regular expressions, context-free grammars, rule sets, and/or protocol dissectors, among other means and by applying a variety of techniques such as signature matching and statistical analysis. Unlike static systems, the classification decisions may be reexamined from time to time or after subsequent processing determines that the traffic does not conform to the protocol specification corresponding to the classification decision. Historical context may be used to adjust the classification strategy for similar or related traffic.

    摘要翻译: 使用历史背景的自适应网络流量分类。 网络流量可以通过考虑使用分组过滤器,正则表达式,无上下文语法,规则集和/或协议解析器等的几个属性以及通过应用诸如签名匹配和统计分析的各种技术来进行监视和分类。 与静态系统不同,分类决定可以不时地重新检查,或者在后续处理确定流量不符合与分类决定相对应的协议规范。 历史背景可用于调整类似或相关流量的分类策略。

    Capture and resumption of network application sessions
    8.
    发明授权
    Capture and resumption of network application sessions 有权
    捕获并恢复网络应用程序会话

    公开(公告)号:US07979555B2

    公开(公告)日:2011-07-12

    申请号:US11679356

    申请日:2007-02-27

    IPC分类号: G06F15/16

    摘要: A system and method for capture and resumption of network application sessions in a network system. A transaction may be detected between a client and server that includes application session state information. The session state information may relate to a session between the client and the server. The Application session state information may be recorded in response to the detection of the transaction, and the application session state information may not be deleted according to session information expiration policies (e.g., of the client). User input may be received which requests to review the captured network application session. Correspondingly, a network request comprising captured credentials of the captured session may be generated and forwarded to the server. The network request may be usable to enable resumption of the captured network application session.

    摘要翻译: 一种用于在网络系统中捕获和恢复网络应用会话的系统和方法。 可以在包括应用会话状态信息的客户端和服务器之间检测到事务。 会话状态信息可以涉及客户端和服务器之间的会话。 可以响应于事务的检测来记录应用会话状态信息,并且可以不根据会话信息到期策略(例如,客户端)来删除应用会话状态信息。 可以接收用户输入哪个请求来查看所捕获的网络应用会话。 相应地,可以生成包括捕获的会话的捕获凭证的网络请求并将其转发到服务器。 网络请求可以用于使能捕获的网络应用会话的恢复。

    Selective compression for network connections
    9.
    发明授权
    Selective compression for network connections 有权
    网络连接的选择性压缩

    公开(公告)号:US08326984B1

    公开(公告)日:2012-12-04

    申请号:US13212841

    申请日:2011-08-18

    IPC分类号: G06F15/173 G06F15/16

    CPC分类号: H04W4/18 H04L69/04

    摘要: A system, apparatus, and method selectively provides content compression to a client based, in part, on whether the network connection from the client is determined to be a high latency, low-bandwidth connection. The present invention gathers one or more network metrics associated with the connection from the client. In one embodiment, the metrics include estimated TCP metrics, including smoothed round trip time, maximum segment size (MSS), and bandwidth delay product (BWDP). These estimated network metrics are employed to make an application layer decision of whether the client connection is a high latency, low-bandwidth connection. If it is, then content may be selectively compressed virtually on the fly for transfer over the network connection. In one embodiment, the selective compression uses a content encoding compression feature of the HTTP protocol standard.

    摘要翻译: 系统,装置和方法部分地基于来自客户机的网络连接是否被确定为高延迟低带宽连接,有选择地向客户端提供内容压缩。 本发明从客户端收集与该连接相关联的一个或多个网络度量。 在一个实施例中,度量包括估计的TCP度量,包括平滑的往返时间,最大段大小(MSS)和带宽延迟乘积(BWDP)。 采用这些估计的网络度量来做出应用层决定客户端连接是否是高延迟,低带宽连接。 如果是,则内容可以被虚拟地虚拟地选择性地压缩以通过网络连接传送。 在一个实施例中,选择性压缩使用HTTP协议标准的内容编码压缩特征。

    Dynamic trunk distribution on egress
    10.
    发明授权
    Dynamic trunk distribution on egress 有权
    出口动态中继分配

    公开(公告)号:US08189476B1

    公开(公告)日:2012-05-29

    申请号:US11925381

    申请日:2007-10-26

    IPC分类号: H04J3/16

    CPC分类号: H04L47/125 H04L47/127

    摘要: A method, apparatus, and system are directed toward managing network traffic over a plurality of Open Systems Interconnection (OSI) Level 2 switch ports. A network traffic is received over the plurality of OSI Level 2 switch ports. At least a part of the network traffic is categorized into a flow. The categorization may be based on a IP address, an OSI Level 4 port, a protocol type, a Virtual Local Area Network (VLAN) number, or the like, associated with the network traffic. One of the plurality of OSI Level 2 switch ports is selected based on a load-balancing metric. The load-balancing metric may be a priority of the flow, a congestion characteristic, a prediction of a load usage for the flow, a combination thereof, or the like. A frame associated with the flow is sent over the selected one of the plurality of OSI Level 2 switch ports.

    摘要翻译: 一种方法,装置和系统旨在通过多个开放系统互连(OSI)2级交换机端口来管理网络业务。 在多个OSI 2级交换机端口上接收网络流量。 网络流量的至少一部分被分为流。 分类可以基于与网络业务相关联的IP地址,OSI 4级端口,协议类型,虚拟局域网(VLAN)号码等。 基于负载均衡度量来选择多个OSI 2级交换机端口中的一个。 负载平衡度量可以是流的优先级,拥塞特性,流的负载使用的预测,其组合等。 与流相关联的帧通过多个OSI 2级交换机端口中的所选择的一个发送。