公开(公告)号：US08121043B2

公开(公告)日：2012-02-21

申请号：US11207270

申请日：2005-08-19

申请人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

发明人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

IPC分类号： G06F11/30

CPC分类号： H04L43/026 ,  H04L43/024 ,  Y02D50/30

摘要： An approach for managing the consumption of resources uses adaptive random sampling to decrease the collection of flow statistical data as the consumption of resources increases. When a packet is received from a network, a determination is made whether the packet belongs to an existing flow, for which flow statistical data is being collected, or to a new flow. If the packet belongs to an existing flow, then the flow statistical data for the existing flow is updated to reflect the packet. If the packet belongs to the new flow, then a sampling probability is used to determine whether the new flow is to be sampled. The sampling probability is determined, at least in part, upon a current usage of resources.

摘要翻译： 管理资源消耗的方法使用自适应随机抽样来减少流量统计数据的收集，随着资源消耗的增加。 当从网络接收到分组时，确定分组是否属于正在收集流量统计数据的现有流或新流。 如果分组属于现有流，则更新现有流的流统计数据以反映分组。 如果分组属于新流，则采用抽样概率来确定新流是否被采样。 至少部分地根据资源的当前使用来确定抽样概率。

公开(公告)号：US07496035B1

公开(公告)日：2009-02-24

申请号：US10355831

申请日：2003-01-31

申请人： Ganesh Sadasivan ,  Rengabashyam Srinivas ,  William N. Eatherton ,  Xiaoxue Ma ,  Peram Marimuthu

发明人： Ganesh Sadasivan ,  Rengabashyam Srinivas ,  William N. Eatherton ,  Xiaoxue Ma ,  Peram Marimuthu

IPC分类号： G08C15/00

CPC分类号： H04L49/901 ,  H04L47/10 ,  H04L47/2441 ,  H04L49/90 ,  Y10S707/99943

摘要： Methods and apparatus are disclosed for defining flow types and instances thereof such as for identifying packets corresponding to instances of the flow types. A flow type is defined and includes a set of properties including at least one of the possible properties selectable when defining a flow type. An instance of the flow type is defined and a set of corresponding associative memory entries is generated. A lookup word generator of a packet processing engine is typically notified of the use of the flow type, and one or more lookup words are generated typically by extracting fields from a received packet and/or from other sources. Based on a result of lookup operations on the set of associative memories entries using the generated one or more lookup words, the received packet can be identified as whether it matches or does not match the instance of the flow type.

摘要翻译： 公开了用于定义流类型和实例的方法和装置，例如用于识别与流类型的实例对应的分组。 定义流类型并且包括一组属性，其包括在定义流类型时可选择的可能属性中的至少一个。 定义流类型的实例，并生成一组对应的关联内存条目。 典型地通过从所接收的分组和/或来自其它来源提取字段来生成分组处理引擎的查找词生成器，使用流类型，并且生成一个或多个查找词。 基于使用所生成的一个或多个查找词的关联存储器条目集合的查找操作的结果，可以将接收的分组识别为与流类型的实例匹配还是不匹配。

公开(公告)号：US08156230B2

公开(公告)日：2012-04-10

申请号：US13069304

申请日：2011-03-22

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US20060217923A1

公开(公告)日：2006-09-28

申请号：US11088325

申请日：2005-03-23

申请人： Xiaoxue Ma ,  Paul Gleichauf ,  Paul Atkins

发明人： Xiaoxue Ma ,  Paul Gleichauf ,  Paul Atkins

IPC分类号： G06F17/18

CPC分类号： H04L43/00 ,  H04L41/0893 ,  H04L41/22 ,  H04L43/026

摘要： A policy-based approach for managing the export of network flow statistical data uses constraints and prioritization to select flow data to be exported by flow monitoring processes. According to the approach, a flow monitoring process monitors a plurality of flows at an observation point. The flow monitoring process generates flow statistical data for the plurality of flows. Policy data is made available to the flow monitoring process and includes constraint data and priority data. The constraint data indicates usage constraints for one or more resources available to the flow monitoring process. The priority data indicates a desired priority of flow attributes. The flow monitoring process uses the policy data to select one or more flows from the plurality of flows, such that the resource usage constraints are satisfied. The flow monitoring process exports a portion of the flow statistical data that corresponds to the selected one or more flows.

公开(公告)号：US20110173295A1

公开(公告)日：2011-07-14

申请号：US13069304

申请日：2011-03-22

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US07143006B2

公开(公告)日：2006-11-28

申请号：US11088325

申请日：2005-03-23

申请人： Xiaoxue Ma ,  Paul Harry Gleichauf ,  Paul Atkins

发明人： Xiaoxue Ma ,  Paul Harry Gleichauf ,  Paul Atkins

IPC分类号： G06F17/08

CPC分类号： H04L43/00 ,  H04L41/0893 ,  H04L41/22 ,  H04L43/026

摘要： A policy-based approach for managing the export of network flow statistical data uses constraints and prioritization to select flow data to be exported by flow monitoring processes. According to the approach, a flow monitoring process monitors a plurality of flows at an observation point. The flow monitoring process generates flow statistical data for the plurality of flows. Policy data is made available to the flow monitoring process and includes constraint data and priority data. The constraint data indicates usage constraints for one or more resources available to the flow monitoring process. The priority data indicates a desired priority of flow attributes. The flow monitoring process uses the policy data to select one or more flows from the plurality of flows, such that the resource usage constraints are satisfied. The flow monitoring process exports a portion of the flow statistical data that corresponds to the selected one or more flows.

摘要翻译： 用于管理网络流统计数据导出的基于策略的方法使用约束和优先级来选择要由流监视进程导出的流数据。 根据该方法，流量监视处理在观察点监视多个流。 流量监视过程产生用于多个流的流统计数据。 政策数据可用于流量监控过程，并包括约束数据和优先级数据。 约束数据指示对于流监视过程可用的一个或多个资源的使用限制。 优先级数据表示流属性的期望优先级。 流监视处理使用策略数据来选择来自多个流的一个或多个流，从而满足资源使用约束。 流量监视过程导出对应于所选择的一个或多个流的流统计数据的一部分。

公开(公告)号：US08127412B2

公开(公告)日：2012-03-06

申请号：US11731728

申请日：2007-03-30

申请人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

发明人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F11/1415 ,  H04L63/1433 ,  H04L67/306

摘要： A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

摘要翻译： 一种计算机系统，包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档，其中所述漏洞简档中的每一个包括应用程序标识符，操作系统标识符，描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行，以检测与所述漏洞相关联的异常，以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介，并采取补救措施。

公开(公告)号：US20070041331A1

公开(公告)日：2007-02-22

申请号：US11207270

申请日：2005-08-19

申请人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

发明人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

IPC分类号： G06F15/173 ,  G01R31/08

CPC分类号： H04L43/026 ,  H04L43/024 ,  Y02D50/30

摘要： An approach for managing the consumption of resources uses adaptive random sampling to decrease the collection of flow statistical data as the consumption of resources increases. When a packet is received from a network, a determination is made whether the packet belongs to an existing flow, for which flow statistical data is being collected, or to a new flow. If the packet belongs to an existing flow, then the flow statistical data for the existing flow is updated to reflect the packet. If the packet belongs to the new flow, then a sampling probability is used to determine whether the new flow is to be sampled. The sampling probability is determined, at least in part, upon a current usage of resources.

摘要翻译： 管理资源消耗的方法使用自适应随机抽样来减少流量统计数据的收集，随着资源消耗的增加。 当从网络接收到分组时，确定分组是否属于正在收集流量统计数据的现有流或新流。 如果分组属于现有流，则更新现有流的流统计数据以反映分组。 如果分组属于新流，则采用抽样概率来确定新流是否被采样。 至少部分地根据资源的当前使用来确定抽样概率。

公开(公告)号：US07949766B2

公开(公告)日：2011-05-24

申请号：US11472678

申请日：2006-06-21

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US20080244747A1

公开(公告)日：2008-10-02

申请号：US11731728

申请日：2007-03-30

申请人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

发明人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

IPC分类号： G06F11/00

CPC分类号： G06F11/1415 ,  H04L63/1433 ,  H04L67/306

摘要： A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

摘要翻译： 一种计算机系统，包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档，其中所述漏洞简档中的每一个包括应用程序标识符，操作系统标识符，描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行，以检测与所述漏洞相关联的异常，以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介，并采取补救措施。