-
公开(公告)号:US20120215916A1
公开(公告)日:2012-08-23
申请号:US13459160
申请日:2012-04-28
申请人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
IPC分类号: G06F15/173
CPC分类号: H04L67/1097 , H04L43/16 , H04L47/193 , H04L47/27 , H04L47/822 , H04L63/1458 , H04L67/143 , H04L69/16 , H04L69/163
摘要: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.
摘要翻译: 提供了一种编程介质和系统的方法,用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中,NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程,它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值,则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时,服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。
-
公开(公告)号:US09516142B2
公开(公告)日:2016-12-06
申请号:US13459160
申请日:2012-04-28
申请人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
IPC分类号: H04L29/08 , H04L29/06 , H04L12/801 , H04L12/807 , H04L12/26
CPC分类号: H04L67/1097 , H04L43/16 , H04L47/193 , H04L47/27 , H04L47/822 , H04L63/1458 , H04L67/143 , H04L69/16 , H04L69/163
摘要: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.
摘要翻译: 提供了一种编程介质和系统的方法,用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中,NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程,它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值,则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时,服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。
-
公开(公告)号:US20110066851A1
公开(公告)日:2011-03-17
申请号:US12558744
申请日:2009-09-14
IPC分类号: H04L9/00 , G06F15/173
CPC分类号: H04L63/04 , H04L45/42 , H04L63/08 , H04L63/105
摘要: A computer implemented method and computer program product for obtaining a secure route. A trusted host sets a node security association for a trusted host. The trusted host receives, at the trusted host, a client communication request directed to a destination host. The trusted host builds a secure route query comprising a trusted host address, a destination host address, and at least one security level, to form at least one secure route. The trusted host sends packets from the trusted host to the destination host based on the at least one secure route. The packets are responsive to the client communication request, and the packets each have a security label that matches the security level.
摘要翻译: 一种用于获得安全路线的计算机实现的方法和计算机程序产品。 可信主机为可信主机设置节点安全关联。 可信主机在受信任的主机处接收指向目的地主机的客户端通信请求。 可信主机构建包括可信主机地址,目的主机地址和至少一个安全级别的安全路由查询,以形成至少一个安全路由。 可信主机基于至少一个安全路由将信息包从可信主机发送到目的地主机。 分组响应于客户端通信请求,并且分组各自具有与安全级别匹配的安全标签。
-
公开(公告)号:US08914456B2
公开(公告)日:2014-12-16
申请号:US13313088
申请日:2011-12-07
申请人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
IPC分类号: G06F15/16 , G06F15/177
CPC分类号: G06F11/2005 , G06F17/30203
摘要: A computer implemented method, system and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.
摘要翻译: 一种用于重新启动具有多个网络接口的主机的计算机实现的方法,系统和装置。 服务器通过停止主机上的NFS服务器进程重新启动主机。 服务器向合并通知表中标识的多个客户端发送至少一个综合通知,其中合并通知包括主机的网络接口的至少两个地址。 服务器确定从多个客户端中的每一个接收到确认。 响应于确定从多个客户端中的每一个接收到确认,服务器停止重新发送合并的通知。
-
公开(公告)号:US20130151828A1
公开(公告)日:2013-06-13
申请号:US13313088
申请日:2011-12-07
申请人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
IPC分类号: G06F15/177
CPC分类号: G06F11/2005 , G06F17/30203
摘要: A computer implemented method, system and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.
摘要翻译: 一种用于重新启动具有多个网络接口的主机的计算机实现的方法,系统和装置。 服务器通过停止主机上的NFS服务器进程重新启动主机。 服务器向合并通知表中标识的多个客户端发送至少一个综合通知,其中合并通知包括主机的网络接口的至少两个地址。 服务器确定从多个客户端中的每一个接收到确认。 响应于确定从多个客户端中的每一个接收到确认,服务器停止重新发送合并的通知。
-
公开(公告)号:US08095628B2
公开(公告)日:2012-01-10
申请号:US12605880
申请日:2009-10-26
申请人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
IPC分类号: G06F15/177 , G06F15/173
摘要: A computer implemented method and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.
摘要翻译: 一种用于重新启动具有多个网络接口的主机的计算机实现的方法和装置。 服务器通过停止主机上的NFS服务器进程重新启动主机。 服务器向合并通知表中标识的多个客户端发送至少一个综合通知,其中合并通知包括主机的网络接口的至少两个地址。 服务器确定从多个客户端中的每一个接收到确认。 响应于确定从多个客户端中的每一个接收到确认,服务器停止重新发送合并的通知。
-
公开(公告)号:US20110099253A1
公开(公告)日:2011-04-28
申请号:US12605880
申请日:2009-10-26
申请人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Aruna Yedavilli
IPC分类号: G06F15/177
摘要: A computer implemented method and apparatus for rebooting a host having a plurality of network interfaces. A server reboots the host by stopping an NFS server process on the host. The server sends at least one consolidated notification to a plurality of clients identified in a consolidated notification table, wherein the consolidated notification comprises at least two addresses of network interfaces of the host. The server determines that an acknowledgement is received from each of the plurality of clients. The server halts resending of consolidated notifications, responsive to determining that an acknowledgement is received from the each of the plurality of clients.
摘要翻译: 一种用于重新启动具有多个网络接口的主机的计算机实现的方法和装置。 服务器通过停止主机上的NFS服务器进程重新启动主机。 服务器向合并通知表中标识的多个客户端发送至少一个综合通知,其中合并通知包括主机的网络接口的至少两个地址。 服务器确定从多个客户端中的每一个接收到确认。 响应于确定从多个客户端中的每一个接收到确认,服务器停止重新发送合并的通知。
-
公开(公告)号:US20110113134A1
公开(公告)日:2011-05-12
申请号:US12614511
申请日:2009-11-09
申请人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
发明人: Adekunle Bello , Radhika Chirra , Nikhil Hegde , Aruna Yedavilli
IPC分类号: G06F15/173
CPC分类号: H04L67/1097 , H04L43/16 , H04L47/193 , H04L47/27 , H04L47/822 , H04L63/1458 , H04L67/143 , H04L69/16 , H04L69/163
摘要: A method, programmed medium and system are provided for preventing the denial of file system access to a plurality of clients accessing a NFS server. In one example, an NFS server is configured to listen on a server port. The server runs a separate daemon which “watches” client requests as they are received at the NFS server. The server processing system tracks the number of times a client sends consecutive TCP zero-window packets in response to a data packet from the server. If the number of zero-window packets crosses a user-defined threshold, then a routine is called to stop responding to that client using a backoff algorithm. When the server reaches a point where the number of available threads or any other relevant resource dips below a user-defined threshold, the server process starts terminating connections to the clients starting from the ones with the oldest entry in the table.
摘要翻译: 提供了一种编程介质和系统的方法,用于防止文件系统访问访问NFS服务器的多个客户机的访问。 在一个示例中,NFS服务器配置为在服务器端口上侦听。 服务器运行一个单独的守护进程,它在NFS服务器上收到客户端请求。 服务器处理系统跟踪客户端响应于来自服务器的数据分组发送连续的TCP零窗口分组的次数。 如果零窗口数据包的数量跨越用户定义的阈值,则调用例程以使用退避算法停止对该客户端的响应。 当服务器达到可用线程数或任何其他相关资源下降到低于用户定义阈值的点时,服务器进程将从具有表中最早条目的服务器开始终止与客户端的连接。
-
公开(公告)号:US20130091538A1
公开(公告)日:2013-04-11
申请号:US13269897
申请日:2011-10-10
IPC分类号: G06F17/00
CPC分类号: H04L63/0263 , H04L63/0428 , H04L63/20
摘要: A kernel extension is configured to intercept a call to associate a socket with a port of a node in a network. The call originates from a kernel of the node. The kernel extension is configured to determine the port from the call. The kernel extension is configured to determine that the port is one of a plurality of ports for which the node has authority to modify firewall rules of a firewall of the network. The kernel extension is configured to modify firewall rules maintained by the firewall to allow communications for the port to the node through the firewall.
摘要翻译: 内核扩展被配置为截取一个呼叫以将一个套接字与网络中某个节点的端口相关联。 呼叫源自节点的内核。 内核扩展配置为从呼叫确定端口。 内核扩展被配置为确定端口是节点有权修改网络的防火墙的防火墙规则的多个端口之一。 内核扩展被配置为修改由防火墙维护的防火墙规则,以允许通过防火墙将端口通信到节点。
-
公开(公告)号:US08555369B2
公开(公告)日:2013-10-08
申请号:US13269897
申请日:2011-10-10
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , H04L63/0428 , H04L63/20
摘要: A kernel extension is configured to intercept a call to associate a socket with a port of a node in a network. The call originates from a kernel of the node. The kernel extension is configured to determine the port from the call. The kernel extension is configured to determine that the port is one of a plurality of ports for which the node has authority to modify firewall rules of a firewall of the network. The kernel extension is configured to modify firewall rules maintained by the firewall to allow communications for the port to the node through the firewall.
摘要翻译: 内核扩展被配置为截取一个呼叫以将一个套接字与网络中某个节点的端口相关联。 呼叫源自节点的内核。 内核扩展配置为从呼叫确定端口。 内核扩展被配置为确定端口是节点有权修改网络的防火墙的防火墙规则的多个端口之一。 内核扩展被配置为修改由防火墙维护的防火墙规则,以允许通过防火墙将端口通信到节点。
-
-
-
-
-
-
-
-
-
搜索结果
16 条记录 (耗时 0.02 秒)
