公开(公告)号：US10419348B2

公开(公告)日：2019-09-17

申请号：US15924193

申请日：2018-03-17

Applicant: Netronome Systems, Inc.

Inventor： Roelof Nico du Toit ,  Jacques Fourie ,  Peter Liudmilov Djalaliev

IPC: H04L12/801 ,  H04L29/06

Abstract: A TCP connection is established between a client and a server, such that packets communicated across the TCP connection pass through a proxy. Based at least in part on a result of monitoring packets flowing across the TCP connection, the proxy determines whether to split the TCP control loop into two TCP control loops so that packets can be inspected more thoroughly. If the TCP control loop is split, then a first TCP control loop manages flow between the client the proxy and a second TCP control loop manages flow between the proxy and the server. Due to the two control loops, packets can be held on the proxy long enough to be analyzed. In some circumstances, a decision is then made to stop inspecting. The two TCP control loops are merged into a single TCP control loop, and thereafter the proxy passes packets of the TCP connection through unmodified.

公开(公告)号：US10419406B2

公开(公告)日：2019-09-17

申请号：US15860652

申请日：2018-01-02

Applicant: Netronome Systems, Inc.

Inventor： Roelof Nico du Toit

IPC: H04L29/06

Abstract: A network device receives TCP segments of a flow via a first SSL session and transmits TCP segments via a second SSL session. Once a TCP segment has been transmitted, the TCP payload need no longer be stored on the network device. Substantial memory resources are conserved, because the device may have to handle many retransmit TCP segments at a given time. If the device receives a retransmit segment, then the device regenerates the retransmit segment to be transmitted. A data structure of entries is stored, with each entry including a decrypt state and an encrypt state for an associated SSL byte position. The device uses the decrypt state to initialize a decrypt engine, decrypts an SSL payload of the retransmit TCP segment received, uses the encrypt state to initialize an encrypt engine, re-encrypts the SSL payload, and then incorporates the re-encrypted SSL payload into the regenerated retransmit TCP segment.

公开(公告)号：US20180212879A1

公开(公告)日：2018-07-26

申请号：US15924193

申请日：2018-03-17

Applicant: Netronome Systems, Inc.

Inventor： Roelof Nico du Toit ,  Jacques Fourie ,  Peter Liudmilov Djalaliev

IPC: H04L12/801 ,  H04L29/06

CPC classification number: H04L47/10 ,  H04L29/06 ,  H04L63/0281 ,  H04L63/0464 ,  H04L63/0823 ,  H04L63/166 ,  H04L69/163

Abstract: A TCP connection is established between a client and a server, such that packets communicated across the TCP connection pass through a proxy. Based at least in part on a result of monitoring packets flowing across the TCP connection, the proxy determines whether to split the TCP control loop into two TCP control loops so that packets can be inspected more thoroughly. If the TCP control loop is split, then a first TCP control loop manages flow between the client the proxy and a second TCP control loop manages flow between the proxy and the server. Due to the two control loops, packets can be held on the proxy long enough to be analyzed. In some circumstances, a decision is then made to stop inspecting. The two TCP control loops are merged into a single TCP control loop, and thereafter the proxy passes packets of the TCP connection through unmodified.

公开(公告)号：US20180176191A1

公开(公告)日：2018-06-21

申请号：US15860652

申请日：2018-01-02

Applicant: Netronome Systems, Inc.

Inventor： Roelof Nico du Toit

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L63/168

Abstract: A network device receives TCP segments of a flow via a first SSL session and transmits TCP segments via a second SSL session. Once a TCP segment has been transmitted, the TCP payload need no longer be stored on the network device. Substantial memory resources are conserved, because the device may have to handle many retransmit TCP segments at a given time. If the device receives a retransmit segment, then the device regenerates the retransmit segment to be transmitted. A data structure of entries is stored, with each entry including a decrypt state and an encrypt state for an associated SSL byte position. The device uses the decrypt state to initialize a decrypt engine, decrypts an SSL payload of the retransmit TCP segment received, uses the encrypt state to initialize an encrypt engine, re-encrypts the SSL payload, and then incorporates the re-encrypted SSL payload into the regenerated retransmit TCP segment.

公开(公告)号：US09678738B1

公开(公告)日：2017-06-13

申请号：US14671951

申请日：2015-03-27

Applicant: Netronome Systems, Inc.

Inventor： Roelof Nico du Toit ,  Noah Zev Robbin ,  Jason Scott McMullan

IPC: G06F9/445 ,  H04L29/08

CPC classification number: G06F8/65 ,  H04L67/1095 ,  H04L67/1097

Abstract: Software update information is communicated to a network appliance either across a network or from a local memory device. The software update information includes kernel data, application data, or indicator data. The network appliance includes a first storage device, a second storage device, an operating memory, a central processing unit (CPU), and a network adapter. First and second storage devices are persistent storage devices. In a first example, both kernel data and application data are updated in the network appliance in response to receiving the software update information. In a second example, only the kernel data is updated in the network appliance in response to receiving the software update information. In a third example, only the application data is updated in the network appliance in response to receiving the software update information. Indicator data included in the software update information determines the data to be updated in the network appliance.