公开(公告)号：US06334162B1

公开(公告)日：2001-12-25

申请号：US09653733

申请日：2000-09-01

申请人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

发明人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

IPC分类号： G06F300

CPC分类号： G06F5/065 ,  G06F3/06 ,  G06F2205/064 ,  G06F2205/066

摘要： A method for transferring data between non-contiguous buffers in a memory and an I/O device via a system I/O bus uses a descriptor queue stored in memory. Each descriptor points to a buffer and includes the length of the buffer. The I/O device is provided with the base address of the queue, the length of the queue and a current address which at initialization is the same as the base address. When data is to be transferred a device driver located in the processor sends the number of available descriptors (DescrEnq) to the I/O device which accesses the descriptors individually or in burst mode to gain access to the data buffers identified by the descriptors.

摘要翻译： 通过系统I / O总线在存储器和I / O设备中的非连续缓冲器之间传送数据的方法使用存储在存储器中的描述符队列。 每个描述符指向缓冲区并包括缓冲区的长度。 I / O设备提供队列的基地址，队列的长度以及初始化时的基址与基地址相同的当前地址。 当要传送数据时，位于处理器中的设备驱动程序将可用描述符（DescrEnq）的数量发送到单独或以突发模式访问描述符的I / O设备，以访问由描述符标识的数据缓冲区。

公开(公告)号：US06272564B1

公开(公告)日：2001-08-07

申请号：US09420699

申请日：1999-10-19

申请人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

发明人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

IPC分类号： G06F1338

CPC分类号： G06F5/065 ,  G06F3/06 ,  G06F2205/064 ,  G06F2205/066

摘要： A method for transferring data between non-contiguous buffers in a memory and an I/O device via a system I/O bus uses a descriptor queue stored in memory. Each descriptor points to a buffer and includes the length of the buffer. The I/O device is provided with the base address of the queue, the length of the queue and a current address which at initialization is the same as the base address. When data is to be transferred a device driver located in the processor sends the number of available descriptors (DescrEnq) to the I/O device which accesses the descriptors individually or in burst mode to gain access to the data buffers identified by the descriptors.

摘要翻译： 通过系统I / O总线在存储器和I / O设备中的非连续缓冲器之间传送数据的方法使用存储在存储器中的描述符队列。 每个描述符指向缓冲区并包括缓冲区的长度。 I / O设备提供队列的基地址，队列的长度以及初始化时的基址与基地址相同的当前地址。 当要传送数据时，位于处理器中的设备驱动程序将可用描述符（DescrEnq）的数量发送到单独或以突发模式访问描述符的I / O设备，以访问由描述符标识的数据缓冲区。

公开(公告)号：US06338102B1

公开(公告)日：2002-01-08

申请号：US09421075

申请日：1999-10-19

申请人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

发明人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

IPC分类号： G06F1310

CPC分类号： G06F5/065 ,  G06F3/06 ,  G06F2205/064 ,  G06F2205/066

摘要： A method for transferring data between non-contiguous buffers in a memory and an I/O device via a system I/O bus uses a descriptor queue stored in memory. Each descriptor points to a buffer and includes the length of the buffer. The I/O device is provided with the base address of the queue, the length of the queue and a current address which at initialization is the same as the base address. When data is to be transferred a device driver located in the processor sends the number of available descriptors (DescrEnq) to the I/O device which accesses the descriptors individually or in burst mode to gain access to the data buffers identified by the descriptors.

摘要翻译： 通过系统I / O总线在存储器和I / O设备中的非连续缓冲器之间传送数据的方法使用存储在存储器中的描述符队列。 每个描述符指向缓冲区并包括缓冲区的长度。 I / O设备提供队列的基地址，队列的长度以及初始化时的基址与基地址相同的当前地址。 当要传送数据时，位于处理器中的设备驱动程序将可用描述符（DescrEnq）的数量发送到单独或以突发模式访问描述符的I / O设备，以访问由描述符标识的数据缓冲区。

公开(公告)号：US06163820A

公开(公告)日：2000-12-19

申请号：US419552

申请日：1999-10-19

申请人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

发明人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

IPC分类号： G06F3/06 ,  G06F5/06 ,  G06F13/14

CPC分类号： G06F5/065 ,  G06F3/06 ,  G06F2205/064 ,  G06F2205/066

摘要： A method for transferring data between non-contiguous buffers in a memory and an I/O device via a system I/O bus uses a descriptor queue stored in memory. Each descriptor points to a buffer and includes the length of the buffer. The I/O device is provided with the base address of the queue, the length of the queue and a current address which at initialization is the same as the base address. When data is to be transferred a device driver located in the processor sends the number of available descriptors (DescrEnq) to the I/O device which accesses the descriptors individually or in burst mode to gain access to the data buffers identified by the descriptors.

摘要翻译： 通过系统I / O总线在存储器和I / O设备中的非连续缓冲器之间传送数据的方法使用存储在存储器中的描述符队列。 每个描述符指向缓冲区并包括缓冲区的长度。 I / O设备提供队列的基地址，队列的长度以及初始化时的基址与基地址相同的当前地址。 当要传送数据时，位于处理器中的设备驱动程序将可用描述符（DescrEnq）的数量发送到单独或以突发模式访问描述符的I / O设备，以访问由描述符标识的数据缓冲区。

公开(公告)号：US6049842A

公开(公告)日：2000-04-11

申请号：US847034

申请日：1997-05-01

申请人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

发明人： Henry Michael Garrett ,  William G. Holland ,  Joseph Franklin Logan ,  Joseph Gerald McDonald ,  John Kenneth Stacy

IPC分类号： G06F3/06 ,  G06F5/06 ,  G06F13/14

CPC分类号： G06F5/065 ,  G06F3/06 ,  G06F2205/064 ,  G06F2205/066

摘要： A method for transferring data between non-contiguous buffers in a memory and an I/O device via a system I/O bus uses a descriptor queue stored in memory. Each descriptor points to a buffer and includes the length of the buffer. The I/O device is provided with the base address of the queue, the length of the queue and a current address which at initialization is the same as the base address. When data is to be transferred a device driver located in the processor sends the number of available descriptors (DescrEnq) to the I/O device which accesses the descriptors individually or in burst mode to gain access to the data buffers identified by the descriptors.

公开(公告)号：US07411957B2

公开(公告)日：2008-08-12

申请号：US10811195

申请日：2004-03-26

申请人： John Kenneth Stacy ,  Trevor Garner ,  Martin W. Hughes ,  William R. Lee

发明人： John Kenneth Stacy ,  Trevor Garner ,  Martin W. Hughes ,  William R. Lee

IPC分类号： H04L12/28 ,  G06F11/30

CPC分类号： H04L49/901 ,  H04L47/32 ,  H04L49/90 ,  H04L49/9042 ,  H04L49/9047 ,  H04L63/1416 ,  H04L63/1458

摘要： A system and method is provided for automatically identifying and removing malicious data packets, such as denial-of-service (DoS) packets, in an intermediate network node before the packets can be forwarded to a central processing unit (CPU) in the node. The CPU's processing bandwidth is therefore not consumed identifying and removing the malicious packets from the system memory. As such, processing of the malicious packets is essentially “off-loaded” from the CPU, thereby enabling the CPU to process non-malicious packets in a more efficient manner. Unlike prior implementations, the invention identifies malicious packets having complex encapsulations that can not be identified using traditional techniques, such as ternary content addressable memories (TCAM) or lookup tables.

摘要翻译： 提供了一种系统和方法，用于在分组可以转发到节点中的中央处理单元（CPU）之前自动识别和去除中间网络节点中的恶意数据分组，例如拒绝服务（DoS）分组。 因此，CPU的处理带宽不被识别并从系统内存中删除恶意数据包。 因此，恶意数据包的处理本质上从CPU中“卸载”，从而使CPU能够以更有效的方式处理非恶意数据包。 与先前的实现不同，本发明识别具有复杂封装的恶意数据包，这些封装不能使用诸如三进制内容可寻址存储器（TCAM）或查找表之类的传统技术来识别。

公开(公告)号：US07346059B1

公开(公告)日：2008-03-18

申请号：US10657497

申请日：2003-09-08

申请人： Trevor Garner ,  William R. Lee ,  John Kenneth Stacy ,  Martin W. Hughes ,  Dennis Briddell

发明人： Trevor Garner ,  William R. Lee ,  John Kenneth Stacy ,  Martin W. Hughes ,  Dennis Briddell

IPC分类号： H04L12/26 ,  H04J3/14 ,  G08C15/00 ,  G06F11/00

CPC分类号： H04L12/4625

摘要： A technique efficiently searches a hash table containing a plurality of “ranges.” In contrast with previous implementations, the technique performs fewer searches to locate one or more ranges stored in the hash table. To that end, the hash table is constructed so each hash-table entry is associated with a different linked list, and each linked-list entry stores, inter alia, “signature” information and at least one pair of values defining a range associated with the signature. The technique modifies the signature based on the results of one or more preliminary range checks. As a result, the signature's associated ranges are more evenly distributed among the hash table's linked lists. Thus, the linked lists are on average shorter in length, thereby enabling faster and more efficient range searches. According to an illustrative embodiment, the technique is applied to flow-based processing implemented in an intermediate network node, such as a router.

摘要翻译： 技术有效地搜索包含多个“范围”的散列表。 与先前的实现相比，该技术执行较少的搜索来定位存储在散列表中的一个或多个范围。 为此，构建哈希表，使得每个散列表条目与不同的链表相关联，并且每个链表列表条目尤其存储“签名”信息和至少一对定义与 签名。 该技术基于一个或多个初步范围检查的结果修改签名。 因此，签名的关联范围在哈希表的链表之间更均匀地分布。 因此，链表的长度平均更短，从而实现更快更有效的范围搜索。 根据说明性实施例，该技术被应用于在诸如路由器的中间网络节点中实现的基于流的处理。