公开(公告)号：US20140149605A1

公开(公告)日：2014-05-29

申请号：US13685169

申请日：2012-11-26

Applicant: Saravana Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Syed Ahmed ,  Ashwin Jagadish

Inventor： Saravana Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Syed Ahmed ,  Ashwin Jagadish

IPC: H04L12/24

CPC classification number: H04L41/00 ,  H03M7/3088

Abstract: This disclosure is directed to dictionary-based compression, which may be employed to achieve stateful header compression without maintaining a complete deflate state. The compressor may maintain a history of data streams compressed by the compressor, compressed according to a compression dictionary. Responsive to the compression of the one or more data streams, the compressor may delete the first compression dictionary from the memory. Subsequent to the deletion, the compressor may compress an additional data stream using the maintained history. The compressor may generate a second compression dictionary from at least one of: the maintained history and a portion of the additional data stream. The compressor may allocate memory for a compression state of the additional data stream and may load the maintained history into the compression state.

Abstract translation: 本公开涉及基于字典的压缩，其可以用于实现状态报头压缩而不维持完全的放气状态。 压缩器可以维护由压缩机压缩的数据流的历史，根据压缩字典压缩。 响应于一个或多个数据流的压缩，压缩器可以从存储器中删除第一压缩字典。 在删除之后，压缩器可以使用维护的历史压缩附加的数据流。 压缩器可以从维护的历史和附加数据流的一部分中的至少一个生成第二压缩字典。 压缩器可以为附加数据流的压缩状态分配存储器，并且可以将维护的历史记录加载到压缩状态。

公开(公告)号：US09088611B2

公开(公告)日：2015-07-21

申请号：US12954319

申请日：2010-11-24

Applicant: Ashok Kumar Jagadeeswaran ,  Saravanakumar Annamalaisami

Inventor： Ashok Kumar Jagadeeswaran ,  Saravanakumar Annamalaisami

IPC: G06F15/173 ,  G06F15/16 ,  H04L29/06 ,  H04L12/801 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L69/16 ,  G06F15/16 ,  H04L29/12066 ,  H04L47/10 ,  H04L61/1511 ,  H04L67/2804 ,  H04L69/08 ,  H04L69/161 ,  H04L69/163

Abstract: The present disclosure presents systems and methods for maintaining identification of network devices sending or traversing a network packet en route to an intermediary device deployed between a source and a destination network device. An intermediary may receive an acknowledgement packet comprising an option field identified by an option number for a transport layer connection established via the intermediary, comprising overlay network data that identifies IP addresses of the originating network device and host network devices intercepting and forwarding the network packet to the intermediary, and may determine the option number for the option field from which to obtain the overlay network data identifying IP addresses. The intermediary device may receive a second request of the client to access the server via the transport layer connection and insert IP addresses from the overlay network data into an application layer protocol header of the second request forwarded to the server.

Abstract translation: 本公开提供了用于维护在路由上发送或遍历网络分组的网络设备的识别的系统和方法，所述中间设备部署在源网络设备和目的地网络设备之间。 中介可以接收确认分组，该确认分组包括由通过中介建立的传输层连接的选项号码所标识的选项字段，包括标识始发网络设备的IP地址的覆盖网络数据和拦截并转发网络分组的主机网络设备 并且可以确定用于获取识别IP地址的覆盖网络数据的选项字段的选项号。 中间设备可以接收客户端经由传输层连接访问服务器的第二请求，并将IP地址从覆盖网络数据插入转发到服务器的第二请求的应用层协议头。

公开(公告)号：US08644157B2

公开(公告)日：2014-02-04

申请号：US13073709

申请日：2011-03-28

Applicant: Ashok Kumar Jagadeeswaran ,  Saravana Annamalaisami ,  Ramanjaneyulu Talla ,  Jyotheesh Rao Kurma ,  Mohit Saxena

Inventor： Ashok Kumar Jagadeeswaran ,  Saravana Annamalaisami ,  Ramanjaneyulu Talla ,  Jyotheesh Rao Kurma ,  Mohit Saxena

IPC: H04L1/00

CPC classification number: H04L47/30 ,  H04L47/12 ,  H04L47/17

Abstract: The present solution is directed to a system for handling network interface card (NIC) congestion by a NIC aware application. The system may include a device having a plurality of network interface cards (NICs), a transmission queue corresponding to a NIC of the plurality of NICs; and an overflow queue for storing packets for the NIC when congested. The system may also include an application executing on the device outputting a plurality of packets to the transmission queue responsive to detecting that the NIC is identified as not congested. The device identifies the NIC as congested responsive to determining that a number of packets stored in the transmission queue has reached a predetermined threshold and responsive to detecting identification of the NIC as congested, the application stores one or more packets to the overflow queue. The device transmits one or more of the plurality of packets stored in the transmission queue and transmits a predetermined number of packets from the overflow queue.

Abstract translation: 本解决方案涉及用于由NIC感知应用处理网络接口卡（NIC）拥塞的系统。 该系统可以包括具有多个网络接口卡（NIC）的设备，对应于多个NIC的NIC的传输队列; 以及用于在拥塞时为NIC存储数据包的溢出队列。 响应于检测到NIC被识别为不拥塞，系统还可以包括在设备上执行的应用向输送队列输出多个分组。 响应于确定存储在传输队列中的数量的分组已经达到预定的阈值并且响应于将NIC的识别检测为拥塞，该设备将NIC识别为拥塞，该应用将一个或多个分组存储到溢出队列。 设备发送存储在传输队列中的多个分组中的一个或多个分组，并从溢出队列发送预定数量的分组。

公开(公告)号：US08910165B2

公开(公告)日：2014-12-09

申请号：US12579103

申请日：2009-10-14

Applicant: Sivakumar Krishnasamy ,  Ashok Kumar Jagadeeswaran ,  Ismail S. Khan ,  Shajith Chandran

Inventor： Sivakumar Krishnasamy ,  Ashok Kumar Jagadeeswaran ,  Ismail S. Khan ,  Shajith Chandran

IPC: G06F9/44 ,  G06F9/46 ,  G06F15/16 ,  G06F21/00

CPC classification number: G06F9/468

Abstract: Techniques are disclosed for providing thread specific protection levels in a multithreaded processing environment. An associated method includes generating a group of threads in a process, one of the group of threads opening a thread entity, and that one of the group of threads specifying one or more levels of access to the thread entity for the other threads. In one embodiment, when a first of the threads attempts to perform a specified operation on the thread entity, the method of this invention determines whether that first thread is the one of the group of threads that opened the thread entity. When the first thread is not that one of the group of threads, the first thread is allowed to perform the specified operation if and only if such operation is permitted by the specified one or more levels of access.

Abstract translation: 公开了在多线程处理环境中提供线程特定保护级别的技术。 相关联的方法包括在进程中生成一组线程，该组线程中的一个打开线程实体，并且该组线程中的一个线程指定对其他线程的线程实体的一个或多个访问级别。 在一个实施例中，当第一线程尝试对线程实体执行指定的操作时，本发明的方法确定该第一线程是否是打开线程实体的一组线程中的一个线程。 当第一个线程不是该组线程中的一个，当且仅当指定的一个或多个访问级别允许这样的操作时，允许第一个线程执行指定的操作。

公开(公告)号：US08843645B2

公开(公告)日：2014-09-23

申请号：US12822825

申请日：2010-06-24

Applicant: Saravanakumar Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Mahesh Mylarappa ,  Roy Rajan

Inventor： Saravanakumar Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Mahesh Mylarappa ,  Roy Rajan

IPC: G06F15/16 ,  H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/166 ,  H04L63/168

Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.

Abstract translation: 这里描述了防止拒绝服务（DoS）攻击的方法和系统。 中间设备部署在客户端和服务器之间。 设备经由设备和客户端之间的传输层连接来接收应用层事务的第一分组。 设备根据第一个数据包的时间戳记记录传输层连接的最后活动时间。 该设备接收后续的数据包，并确定包中的数据是否完成了应用层协议的协议数据结构。 如果设备确定后续分组完成协议数据结构，则最后的活动时间被更新。 如果设备确定应用层协议保持不完整，则设备保留最后的活动时间，并确定传输层连接的不活动持续时间超过预定阈值。 该设备可以随后丢弃连接。

公开(公告)号：US08717916B2

公开(公告)日：2014-05-06

申请号：US13073705

申请日：2011-03-28

Applicant: Ashok Kumar Jagadeeswaran ,  Saravana Annamalaisami

Inventor： Ashok Kumar Jagadeeswaran ,  Saravana Annamalaisami

IPC: G01R31/08

CPC classification number: H04L65/605 ,  H04L43/04 ,  H04L43/08 ,  H04L47/36 ,  H04L67/1008 ,  H04L67/1023 ,  H04L69/166

Abstract: The virtual Server (vServer) of an intermediary device deployed between a plurality of clients and services supports parameters for setting maximum segment size (MSS) on a per vServer/service basis and for automatically learning the MSS among the back-end services. In case of vServer/service setting, all vServers will use the MSS value set through the parameter for the MSS value set in TCP SYN+ACK to clients. In the case of learning mode, the backend service MSS will be learnt through monitor probing. The vServer will monitor and learn the MSS that is being frequently used by the services. When the learning is active, the intermediary device may keep statistics of the MSS of backend services picked up during load balancing decisions and once an interval timer expires, the MSS value may be picked by a majority and set on the vServer. If there is no majority, then the highest MSS is picked up to be set on the vServer.

Abstract translation: 部署在多个客户端和服务之间的中间设备的虚拟服务器（vServer）支持用于在每个vServer /服务基础上设置最大段大小（MSS）的参数，并用于在后端服务中自动学习MSS。 在vServer /服务设置的情况下，所有vServer将使用通过该参数设置的MSS值，以将TCP SYN + ACK中设置的MSS值设置为客户端。 在学习模式的情况下，后端服务MSS将通过监视器探测来学习。 vServer将监视和学习服务频繁使用的MSS。 当学习活动时，中介设备可以保持负载均衡决策期间所接收的后台服务的MSS的统计信息，并且一旦间隔定时器到期，则MSS值可以通过多数被选择并设置在vServer上。 如果没有多数，那么最高的MSS被拾取在vServer上设置。

公开(公告)号：US08214505B2

公开(公告)日：2012-07-03

申请号：US12820730

申请日：2010-06-22

Applicant: Ashok Kumar Jagadeeswaran ,  Roy Rajan ,  Saravanakumar Annamalaisami

Inventor： Ashok Kumar Jagadeeswaran ,  Roy Rajan ,  Saravanakumar Annamalaisami

IPC: G06F15/16

CPC classification number: H04L67/22 ,  H04L67/02

Abstract: The present application presents systems and methods for handling by an HTTP virtual server (HTTPVS), connections via which non-HTTP data is transmitted between clients and servers. HTTPVS intercepts a request from a client to establish first transport layer connection (TLC) with a server. HTTPVS establishes second TLC with the servers in response to receiving an acknowledgment from a client to establish the first TLC. HTTPVS determines if a first network packet transmitted via first TLC comprises an HTTP payload or non-HTTP payload. If HTTPVP the first network packet includes HTTP payload, HTTPVS may process all transmissions from the first TLC in accordance with connection tracking and forward the processed transmissions to the server via the second TLC. If HTTPVS determines that the first network packet does not include an HTTP payload, HTTPVS may link the first TLC and the second TLC so the client and server exchange non-HTTP communication without interruption.

Abstract translation: 本应用程序提供了由HTTP虚拟服务器（HTTPVS）处理的系统和方法，通过该连接在客户端和服务器之间传输非HTTP数据。 HTTPVS拦截来自客户端的请求，以建立与服务器的第一传输层连接（TLC）。 HTTPVS与服务器建立第二个TLC，响应于从客户端收到建立第一个TLC的确认。 HTTPVS确定通过第一TLC发送的第一网络分组是否包含HTTP有效载荷或非HTTP有效载荷。 如果第一网络分组的HTTPVP包括HTTP有效载荷，则HTTPVS可以根据连接跟踪处理来自第一TLC的所有传输，并且经由第二TLC将处理后的传输转发到服务器。 如果HTTPVS确定第一个网络数据包不包含HTTP有效载荷，则HTTPVS可以链接第一个TLC和第二个TLC，以便客户端和服务器不间断地交换非HTTP通信。

公开(公告)号：US20110320617A1

公开(公告)日：2011-12-29

申请号：US12822825

申请日：2010-06-24

Applicant: Saravanakumar Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Mahesh Mylarappa ,  Roy Rajan

Inventor： Saravanakumar Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Mahesh Mylarappa ,  Roy Rajan

IPC: G06F15/16

CPC classification number: H04L63/1458 ,  H04L63/166 ,  H04L63/168

Abstract: Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.

Abstract translation: 这里描述了防止拒绝服务（DoS）攻击的方法和系统。 中间设备部署在客户端和服务器之间。 设备经由设备和客户端之间的传输层连接来接收应用层事务的第一分组。 设备根据第一个数据包的时间戳记记录传输层连接的最后活动时间。 该设备接收后续的数据包，并确定包中的数据是否完成了应用层协议的协议数据结构。 如果设备确定后续分组完成协议数据结构，则最后的活动时间被更新。 如果设备确定应用层协议保持不完整，则设备保留最后的活动时间，并确定传输层连接的不活动持续时间超过预定阈值。 该设备可以随后丢弃连接。

公开(公告)号：US20110185073A1

公开(公告)日：2011-07-28

申请号：US12954319

申请日：2010-11-24

Applicant: Ashok Kumar Jagadeeswaran ,  Saravanakumar Annamalaisami

Inventor： Ashok Kumar Jagadeeswaran ,  Saravanakumar Annamalaisami

IPC: G06F15/16

CPC classification number: H04L69/16 ,  G06F15/16 ,  H04L29/12066 ,  H04L47/10 ,  H04L61/1511 ,  H04L67/2804 ,  H04L69/08 ,  H04L69/161 ,  H04L69/163

Abstract: The present disclosure presents systems and methods for maintaining identification of network devices sending or traversing a network packet en route to an intermediary device deployed between a source and a destination network device. An intermediary may receive an acknowledgement packet comprising an option field identified by an option number for a transport layer connection established via intermediary. The acknowledgement packet may comprise overlay network data that identifies IP addresses of the originating network device and host network devices intercepting and forwarding the network packet to the intermediary. The intermediary device may determine the option number for the option field from which to obtain the overlay network data identifying IP addresses. The intermediary device may receive a second request of the client to access the server via the transport layer connection and insert IP addresses from the overlay network data into an application layer protocol header of the second request forwarded to the server.

Abstract translation: 本公开提供了用于维护在路由上发送或遍历网络分组的网络设备的识别的系统和方法，所述中间设备部署在源网络设备和目的地网络设备之间。 中介可以接收确认分组，该确认分组包括由通过中介建立的传输层连接的选项号码所标识的选项字段。 确认分组可以包括标识发起网络设备的IP地址和主机网络设备的覆盖网络数据，该网络设备拦截并转发网络分组到中间设备。 中间设备可以确定用于获取识别IP地址的覆盖网络数据的选项字段的选项号。 中间设备可以接收客户端经由传输层连接访问服务器的第二请求，并将IP地址从覆盖网络数据插入转发到服务器的第二请求的应用层协议头。

公开(公告)号：US20110088033A1

公开(公告)日：2011-04-14

申请号：US12579103

申请日：2009-10-14

Applicant: Sivakumar Krishnasamy ,  Ashok Kumar Jagadeeswaran ,  Ismail S. Khan ,  Shajith Chandran

Inventor： Sivakumar Krishnasamy ,  Ashok Kumar Jagadeeswaran ,  Ismail S. Khan ,  Shajith Chandran

IPC: G06F9/46

CPC classification number: G06F9/468

Abstract: A method, system and computer program product is disclosed for providing thread specific protection levels in a multithreaded processing environment. The method comprises generating a group of threads in a process, one of the group of threads opening a thread entity, and that one of the group of threads specifying one or more levels of access to the thread entity for the other threads. In one embodiment, when a first of the threads attempts to perform a specified operation on the thread entity, the method of this invention determines whether that first thread is the one of the group of threads that opened the thread entity. When the first thread is not that one of the group of threads, the first thread is allowed to perform the specified operation if and only if that operation is permitted by the specified one or more levels of access.

Abstract translation: 公开了一种用于在多线程处理环境中提供线程特定保护级别的方法，系统和计算机程序产品。 该方法包括在进程中生成一组线程，该组线程中的一个打开线程实体，并且该组线程中的一个线程为其他线程指定线程实体的一个或多个访问级别。 在一个实施例中，当第一线程尝试对线程实体执行指定的操作时，本发明的方法确定该第一线程是否是打开线程实体的一组线程中的一个线程。 当第一个线程不是该组线程中的一个线程时，当且仅当该指定的一个或多个访问级别允许该操作时，才允许第一个线程执行指定的操作。