-
公开(公告)号:US06925503B2
公开(公告)日:2005-08-02
申请号:US09916766
申请日:2001-07-27
IPC分类号: G06F7/00 , G06F15/173 , H04L12/56
摘要: A method and system for finding a longest prefix match for a key in a computer network is disclosed. The method and system include providing a main engine and providing an auxiliary engine. The main engine is for storing a first plurality of addresses and for searching the first plurality of addresses for the longest prefix match for the key. None of the first plurality of addresses is a prefix for another address of the first plurality of addresses. The auxiliary engine is for storing and searching a second plurality of addresses. A first address of the second plurality of addresses is capable of including the prefix for a second address of the first plurality of addresses or for a third address for the second plurality of addresses. None of the first plurality of addresses is the prefix for any of the second plurality of addresses. Each of the second plurality of addresses is distinct from each of the first plurality of addresses.
摘要翻译: 公开了一种用于为计算机网络中的密钥找到最长前缀匹配的方法和系统。 该方法和系统包括提供主机并提供辅助发动机。 主引擎用于存储第一多个地址,并用于搜索第一多个地址以获得密钥的最长前缀匹配。 第一多个地址中没有一个是第一多个地址的另一地址的前缀。 辅助引擎用于存储和搜索第二多个地址。 第二多个地址的第一地址能够包括第一多个地址的第二地址的前缀或第二多个地址的第三地址。 第一多个地址中没有一个是第二多个地址中的任一个的前缀。 第二多个地址中的每一个与第一多个地址中的每一个不同。
-
2.发明授权Eliminating memory corruption when performing tree functions on multiple threads 有权在多个线程上执行树函数时,消除内存损坏公开(公告)号:US07036125B2
公开(公告)日:2006-04-25
申请号:US10217529
申请日:2002-08-13
申请人: Claude Basso , Matthew William Kilpatrick Brown , Gordon Taylor Davis , Marco Heddes , Piyush Chunilal Patel , Grayson Warren Randall , Sonia Kiang Rovner , Colin Beaton Verrilli
发明人: Claude Basso , Matthew William Kilpatrick Brown , Gordon Taylor Davis , Marco Heddes , Piyush Chunilal Patel , Grayson Warren Randall , Sonia Kiang Rovner , Colin Beaton Verrilli
CPC分类号: G06F9/52
摘要: A method, system and computer program product for eliminating memory corruption when performing multi-threaded tree operations. A network processor may receive a command to perform a tree operation on a tree on one or more of multiple threads. Upon performing the requested tree operation, the network processor may lock one or more resources during a portion of the execution of the requested tree operation using one or more semaphores. A semaphore may refer to a flag used to indicate whether to “lock” or make available the resource associated with the semaphore. Locking may refer to preventing the resource from being available to other threads. Hence, by locking one or more resources during a portion of the tree operation, memory corruption may be eliminated in a multiple thread system while preventing these resources from being used by other threads for a minimal amount of time.
摘要翻译: 一种用于在执行多线程树操作时消除内存损坏的方法,系统和计算机程序产品。 网络处理器可以在多个线程中的一个或多个上接收在树上执行树操作的命令。 在执行所请求的树操作时,网络处理器可以在使用一个或多个信号量的所请求的树操作的执行的一部分期间锁定一个或多个资源。 信号量可以指用于指示是否“锁定”或提供与信号量相关联的资源的标志。 锁定可能是指防止资源对其他线程可用。 因此,通过在树操作的一部分期间锁定一个或多个资源,可以在多线程系统中消除内存损坏,同时防止这些资源在最短时间内被其他线程使用。
-
公开(公告)号:US07116664B2
公开(公告)日:2006-10-03
申请号:US10144610
申请日:2002-05-13
申请人: Gordon Taylor Davis , Andreas Guenther Herkersdorf , Clark Debs Jeffries , Mark Anthony Rinaldi
发明人: Gordon Taylor Davis , Andreas Guenther Herkersdorf , Clark Debs Jeffries , Mark Anthony Rinaldi
CPC分类号: H04L49/3009 , H04L45/745 , H04L45/7453 , H04L49/351
摘要: A structure and technique for preventing collisions using a hash table in conjunction with a CAM to identify and prevent collisions of binary keys. A portion of the hash value of a binary key, which does not collide with a portion of the hash value of any other reference binary key, is used as an entry in the hash table. If two or more binary keys have identical values of the portions of the hash values, each of these binary keys are stored in their entirety, in the CAM. The key in the CAM provides a pointer to a data structure where the action associated with that binary key is stored. If the binary key is not found in the CAM, the binary key is hashed, and a specific entry in the hash table is selected using a portion of this hash value.
摘要翻译: 一种用于使用散列表与CAM结合来防止冲突的结构和技术,以识别和防止二进制键的冲突。 不与任何其他参考二进制密钥的散列值的一部分相冲突的二进制密钥的散列值的一部分被用作散列表中的条目。 如果两个或更多个二进制密钥具有相同的哈希值部分的值,则这些二进制密钥中的每一个都将全部存储在CAM中。 CAM中的关键字提供了指向数据结构的指针,其中存储与该二进制密钥相关联的动作。 如果在CAM中没有找到二进制密钥,则二进制密钥被散列,并且使用该哈希值的一部分来选择散列表中的特定条目。
-
4.发明申请Method, Program and System for Efficiently Hashing Packet Keys into a Firewall Connection Table 有权方法,程序和系统有效地将数据包密钥散列到防火墙连接表中公开(公告)号:US20100241746A1
公开(公告)日:2010-09-23
申请号:US12796363
申请日:2010-06-08
申请人: Everett Arthur Corl, JR. , Gordon Taylor Davis , Clark Debs Jeffries , Steven Richard Perrin , Hiroshi Takada , Victoria Sue Thio
发明人: Everett Arthur Corl, JR. , Gordon Taylor Davis , Clark Debs Jeffries , Steven Richard Perrin , Hiroshi Takada , Victoria Sue Thio
IPC分类号: G06F15/173
CPC分类号: H04L29/12009 , H04L29/12462 , H04L29/12481 , H04L45/745 , H04L61/255 , H04L61/2557
摘要: A method for increasing the capacity of a connection table in a firewall accelerator by means of mapping packets in one session with some common security actions into one table entry. For each of five Network Address Translation (NAT) configurations, a hash function is specified. The hash function takes into account which of four possible arrival types a packet at a firewall accelerator may have. When different arrival types of packets in the same session are processed, two or more arrival types may have the same hash value.
摘要翻译: 一种通过将一个会话中的分组映射到一个表条目中的一些常见安全措施来增加防火墙加速器中连接表的容量的方法。 对于五种网络地址转换(NAT)配置中的每一种,都指定了一个散列函数。 散列函数考虑了防火墙加速器可能具有的四个可能的到达类型中的哪一个。 当处理相同会话中的不同到达类型的分组时,两个或多个到达类型可以具有相同的哈希值。
-
公开(公告)号:US07796513B2
公开(公告)日:2010-09-14
申请号:US12187188
申请日:2008-08-06
IPC分类号: H04L12/26
CPC分类号: H04L45/00 , H04L12/4625 , H04L45/54 , H04L45/7453 , H04L63/0263
摘要: A method and system for encoding a set of range labels for each parameter field in a packet classification key in such a way as to require preferably only a single entry per rule in a final processing stage of a packet classifier. Multiple rules are sorted accorded to their respective significance. A range, based on a parameter in the packet header, is previously determined. Multiple rules are evaluated according to an overlapping of rules according to different ranges. Upon a determination that two or more rules overlap, each overlapping rule is expanded into multiple unique segments that identify unique range intersections. Each cluster of overlapping ranges is then offset so that at least one bit in a range for the rule remains unchanged. The range segments are then converted from binary to Gray code, which results in the ability to determine a CAM entry to use for each range.
摘要翻译: 一种方法和系统,用于以分组分类密钥中的每个参数字段的一组范围标签进行编码,以便在分组分类器的最后处理阶段中优选地仅需要每个规则仅一个条目。 根据各自的意义对多个规则进行排序。 预先确定基于分组报头中的参数的范围。 根据不同范围的规则重叠来评估多个规则。 在确定两个或更多个规则重叠时,每个重叠规则被扩展为识别唯一范围交点的多个唯一段。 然后,每个重叠范围的簇被偏移,使得该规则的范围中的至少一个位保持不变。 范围段然后从二进制转换为格雷码,这导致确定每个范围使用的CAM条目的能力。
-
6.发明授权Method for efficiently hashing packet keys into a firewall connection table 失效将数据包密钥高效地散列到防火墙连接表中的方法公开(公告)号:US07769858B2
公开(公告)日:2010-08-03
申请号:US11063950
申请日:2005-02-23
申请人: Everett Arthur Corl, Jr. , Gordon Taylor Davis , Clark Debs Jeffries , Steven Richard Perrin , Hiroshi Takada , Victoria Sue Thio
发明人: Everett Arthur Corl, Jr. , Gordon Taylor Davis , Clark Debs Jeffries , Steven Richard Perrin , Hiroshi Takada , Victoria Sue Thio
IPC分类号: G06F15/173
CPC分类号: H04L29/12009 , H04L29/12462 , H04L29/12481 , H04L45/745 , H04L61/255 , H04L61/2557
摘要: A method for increasing the capacity of a connection table in a firewall accelerator by means of mapping packets in one session with some common security actions into one table entry. For each of five Network Address Translation (NAT) configurations, a hash function is specified. The hash function takes into account which of four possible arrival types a packet at a firewall accelerator may have. When different arrival types of packets in the same session are processed, two or more arrival types may have the same hash value.
摘要翻译: 一种通过将一个会话中的分组映射到一个表条目中的一些常见安全措施来增加防火墙加速器中连接表的容量的方法。 对于五种网络地址转换(NAT)配置中的每一种,都指定了一个散列函数。 散列函数考虑了防火墙加速器可能具有的四个可能的到达类型中的哪一个。 当处理相同会话中的不同到达类型的分组时,两个或多个到达类型可以具有相同的哈希值。
-
公开(公告)号:US07466687B2
公开(公告)日:2008-12-16
申请号:US10425097
申请日:2003-04-28
IPC分类号: H04L12/28
CPC分类号: H04L45/00 , H04L12/4625 , H04L45/54 , H04L45/7453 , H04L63/0263
摘要: A method and system for encoding a set of range labels for each parameter field in a packet classification key in such a way as to require preferably only a single entry per rule in a final processing stage of a packet classifier. Multiple rules are sorted accorded to their respective significance. A range, based on a parameter in the packet header, is previously determined. Multiple rules are evaluated according to an overlapping of rules according to different ranges. Upon a determination that two or more rules overlap, each overlapping rule is expanded into multiple unique segments that identify unique range intersections. Each cluster of overlapping ranges is then offset so that at least one bit in a range for the rule remains unchanged. The range segments are then converted from binary to Gray code, which results in the ability to determine a CAM entry to use for each range.
摘要翻译: 一种方法和系统,用于以分组分类密钥中的每个参数字段的一组范围标签进行编码,以便在分组分类器的最后处理阶段中优选地仅需要每个规则仅一个条目。 根据各自的意义对多个规则进行排序。 预先确定基于分组报头中的参数的范围。 根据不同范围的规则重叠来评估多个规则。 在确定两个或更多个规则重叠时,每个重叠规则被扩展为识别唯一范围交点的多个唯一段。 然后,每个重叠范围的簇被偏移,使得该规则的范围中的至少一个位保持不变。 范围段然后从二进制转换为格雷码,这导致确定每个范围使用的CAM条目的能力。
-
公开(公告)号:US07403527B2
公开(公告)日:2008-07-22
申请号:US11867963
申请日:2007-10-05
申请人: Gordon Taylor Davis , Andreas Guenther Herkersdorf , Clark Debs Jeffries , Mark Anthony Rinaldi
发明人: Gordon Taylor Davis , Andreas Guenther Herkersdorf , Clark Debs Jeffries , Mark Anthony Rinaldi
CPC分类号: H04L49/3009 , H04L45/745 , H04L45/7453 , H04L49/351
摘要: A structure and technique for preventing collisions using a hash table in conjunction with a CAM to identify and prevent collision of binary keys. A portion of the hash value of a binary key, which does not collide with a portion of the hash value of any other reference binary key, is used as an entry in the hash table. If two or more binary keys have identical values of the portions of the hash values, each of these binary keys are stored in their entirety, in the CAM. The key in the CAM provides a pointer to a data structure where the action associated with that binary key is stored. If the binary key is not found in the CAM, the binary key is hashed, and a specific entry in the hash table is selected using a portion of this hash value.
摘要翻译: 一种用于使用散列表与CAM结合来防止冲突的结构和技术,以识别和防止二进制密钥的冲突。 不与任何其他参考二进制密钥的散列值的一部分相冲突的二进制密钥的散列值的一部分被用作散列表中的条目。 如果两个或更多个二进制密钥具有相同的哈希值部分的值,则这些二进制密钥中的每一个都将全部存储在CAM中。 CAM中的关键字提供了指向数据结构的指针,其中存储与该二进制密钥相关联的动作。 如果在CAM中没有找到二进制密钥,则二进制密钥被散列,并且使用该哈希值的一部分来选择散列表中的特定条目。
-
公开(公告)号:US07349397B2
公开(公告)日:2008-03-25
申请号:US11462071
申请日:2006-08-03
申请人: Gordon Taylor Davis , Andreas Guenther Herkersdorf , Clark Debs Jeffries , Mark Anthony Rinaldi
发明人: Gordon Taylor Davis , Andreas Guenther Herkersdorf , Clark Debs Jeffries , Mark Anthony Rinaldi
CPC分类号: H04L49/3009 , H04L45/745 , H04L45/7453 , H04L49/351
摘要: A structure and technique for preventing collisions using a hash table in conjunction with a CAM to identify and prevent collisions of binary keys. A portion of the hash value of a binary key, which does not collide with a portion of the hash value of any other reference binary key, is used as an entry in the hash table. If two or more binary keys have identical values of the portions of the hash values, each of these binary keys are stored in their entirety, in the CAM. The key in the CAM provides a pointer to a data structure where the action associated with that binary key is stored. If the binary key is not found in the CAM, the binary key is hashed, and a specific entry in the hash table is selected using a portion of this hash value.
摘要翻译: 一种用于使用散列表与CAM结合来防止冲突的结构和技术,以识别和防止二进制键的冲突。 不与任何其他参考二进制密钥的散列值的一部分相冲突的二进制密钥的散列值的一部分被用作散列表中的条目。 如果两个或更多个二进制密钥具有相同的哈希值部分的值,则这些二进制密钥中的每一个都将全部存储在CAM中。 CAM中的关键字提供了指向数据结构的指针,其中存储与该二进制密钥相关联的动作。 如果在CAM中没有找到二进制密钥,则二进制密钥被散列,并且使用该哈希值的一部分来选择散列表中的特定条目。
-
10.发明授权Scoping of real time signals of remote communication systems over a computer network: systems, methods and program products 失效通过计算机网络实现远程通信系统的实时信号范围:系统,方法和程序产品公开(公告)号:US06889346B2
公开(公告)日:2005-05-03
申请号:US09906371
申请日:2001-07-16
申请人: Youssef Abdelilah , Gordon Taylor Davis , Jeffrey Haskell Derby , Dongming Hwang , Clark Debs Jeffries , Malcolm Scott Ware , Hua Ye
发明人: Youssef Abdelilah , Gordon Taylor Davis , Jeffrey Haskell Derby , Dongming Hwang , Clark Debs Jeffries , Malcolm Scott Ware , Hua Ye
CPC分类号: H04L47/76 , H04L41/0896 , H04L43/50 , H04L63/083
摘要: A remote controller is coupled to a target system via a computer network A real time probe is installed in software executing on a target system, typically a Digital Signal Processor (DSP). The remote controller includes a “debugger user interface” which accepts and interprets scoping commands issued by a developer. A controller network driver constructs appropriate network packets to be sent over the network to the target system. The target system has a control processor which runs a target network driver for receiving the network packets containing the scoping commands. The scoping commands are sent to an “embedded debugger” which performs the requested probing/scoping. When the DSP code runs across an address where the probe is installed, the embedded debugger will collect the signal values. The collected scope data will be interleaved and sent to the target network driver which, will encapsulate the information into suitable packets to send back to the controller via the network.
摘要翻译: 遥控器经由计算机网络耦合到目标系统。实时探测器安装在目标系统(通常为数字信号处理器(DSP))上执行的软件中。 遥控器包括一个“调试器用户界面”,它接受并解释开发人员发出的作用域命令。 控制器网络驱动程序构建要通过网络发送到目标系统的适当网络数据包。 目标系统具有控制处理器,该控制处理器运行目标网络驱动器以接收包含范围命令的网络分组。 范围指令被发送到执行所请求的探测/范围的“嵌入式调试器”。 当DSP代码在安装探头的地址上运行时,嵌入式调试器将收集信号值。 收集的范围数据将被交织并发送到目标网络驱动程序,目标网络驱动程序将将信息封装到适当的数据包中,以通过网络发送回控制器。
-
-
-
-
-
-
-
-
-
搜索结果
99 条记录 (耗时 0.025 秒)