公开(公告)号：US09882781B2

公开(公告)日：2018-01-30

申请号：US15018768

申请日：2016-02-08

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope

IPC: G06F15/177 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  H04L29/14

CPC classification number: H04L41/083 ,  H04L69/14 ,  H04L69/18 ,  H04L69/323 ,  H04L69/40

Abstract: A data processing system comprising: first and second network ports each operable to support a network connection configured according to one or more of a predetermined set of physical layer protocols; and a processor configured to, on a network message being formed for transmission to a network endpoint accessible over either of the first and second network ports: estimate the total time required to, for each of the predetermined set of physical layer protocols, negotiate a respective network connection and transmit the entire network message over that respective network connection; select the physical layer protocol having the lowest estimate of the total time required to negotiate a respective network connection and transmit the network message over that respective network connection; and configure at least one of the first and second network ports to use the selected physical layer protocol.

公开(公告)号：US09391840B2

公开(公告)日：2016-07-12

申请号：US13789221

申请日：2013-03-07

Applicant: Solarflare Communications, Inc.

Inventor： Steve L. Pope ,  David J. Riddoch ,  Kieran Mansley

IPC: G06F15/173 ,  H04L12/24 ,  H04L12/841 ,  H04L12/823 ,  G06F15/16 ,  G06F11/00 ,  H04W4/00 ,  H04L12/875

CPC classification number: H04L41/083 ,  H04L47/286 ,  H04L47/32 ,  H04L47/564

Abstract: Roughly described, a network interface device receiving data packets from a computing device for transmission onto a network, the data packets having a certain characteristic, transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses, for example. Authorizations can be programmed into the NIC by a kernel routine upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from certain kinds of compromise.

Abstract translation: 大体上描述了一种从计算设备接收数据包以便传输到网络上的网络接口设备，具有一定特性的数据分组仅在发送队列具有发送具有该特性的分组的权限时发送分组。 数据包特征可以包括传输协议号，源和目的端口号，源和目的IP地址。 基于建立队列的进程的权限级别，可以通过内核例程在建立传输队列时将授权编程到NIC中。 以这种方式，用户进程可以使用不受信任的用户级协议栈来发起到网络上的数据传输，而NIC保护系统或网络的其余部分免受某些种类的折中。

公开(公告)号：US09300599B2

公开(公告)日：2016-03-29

申请号：US14291741

申请日：2014-05-30

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope ,  David J. Riddoch ,  Martin Porter

IPC: H04L12/931 ,  H04L12/26

CPC classification number: H04L49/20 ,  H04L43/026 ,  H04L43/0852 ,  Y02D50/30

Abstract: Roughly described, a network interface device for connection between a host data processing device and a network, comprising: a controller for supporting communication with a host data processing device over a data bus interface; and a packet capture unit between the controller and the network and comprising: a packet inspector configured to parse incoming data packets to identify data packets of a first data flow; a duplication engine to generate a duplicate data flow from the first data flow; and a packet capture engine to process said duplicate data flow into a packet capture data stream having a predefined format. The network interface device is configured to cause: the first data flow to be made available to a consumer process of a host data processing device to which the network interface device is connected; and the processed packet capture data stream to be stored at a packet capture buffer.

Abstract translation: 大致描述了一种用于主机数据处理设备和网络之间的连接的网络接口设备，包括：控制器，用于通过数据总线接口支持与主机数据处理设备的通信; 以及在所述控制器和所述网络之间的分组捕获单元，包括：分组检查器，被配置为解析输入数据分组以识别第一数据流的数据分组; 复制引擎，用于从所述第一数据流生成重复数据流; 以及分组捕获引擎，用于将所述重复数据流处理成具有预定义格式的分组捕获数据流。 所述网络接口设备被配置为使得所述第一数据流被提供给所述网络接口设备连接到的主机数据处理设备的消费者进程; 并且处理的分组捕获数据流被存储在分组捕获缓冲器中。

公开(公告)号：US20140310405A1

公开(公告)日：2014-10-16

申请号：US14231510

申请日：2014-03-31

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope ,  David J. Riddoch

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L69/16 ,  G06Q40/04 ,  H04L12/1804 ,  H04L69/22 ,  H04L69/321 ,  H04L69/326

Abstract: A data processing system is provided. A host processing device supports a host transport engine operable to establish a first transport stream over a network with a remote peer. Device hardware comprises a device transport engine. The device transport engine is configured to monitor the first transport stream to determine a state of the first transport stream and in response to an indication from the host processing device perform transport processing of the first transport stream.

Abstract translation: 提供了一种数据处理系统。 主机处理设备支持主机传输引擎，其可操作以通过网络与远程对等体建立第一传输流。 设备硬件包括设备传输引擎。 设备传输引擎被配置为监视第一传输流以确定第一传输流的状态，并且响应于来自主处理设备的指示执行第一传输流的传输处理。

公开(公告)号：US20140304803A1

公开(公告)日：2014-10-09

申请号：US14248082

申请日：2014-04-08

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope ,  Derek Roberts ,  David J. Riddoch

IPC: H04L29/06

CPC classification number: H04L63/0263 ,  H04L63/0236

Abstract: A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.

Abstract translation: 提供了用于截取从网络源到网络目的地的数据流的逻辑设备和方法。 数据存储器保存一组遵从性规则和相应的动作，其中该组合规规则中的至少一个是对于预定时间段有效的临时合规规则。 分组检查器被配置为检查所截获的数据流并且从数据存储中识别与被检查数据流相关联的临时合规性规则。 分组过滤器被配置为当数据流被识别为与临时遵从规则相关联时，在临时遵从规则有效的情况下，针对对应于临时遵从规则的数据流执行动作。

公开(公告)号：US20200092120A1

公开(公告)日：2020-03-19

申请号：US16694879

申请日：2019-11-25

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope ,  David J. Riddoch

IPC: H04L12/18 ,  H04L12/861 ,  G06F13/38

Abstract: A data processing system comprising: a processing subsystem supporting a plurality of consumers, each consumer being arranged to process messages received into a corresponding receive queue; a network interface device supporting a virtual interface for each of the receive queues; and a hardware accelerator coupled to the processing subsystem by the network interface device and configured to parse one or more streams of data packets received from a network so as to, for each consumer: identify in the data packets messages having one or more of a set of characteristics associated with the consumer; and frame the identified messages in a new stream of data packets addressed to a network endpoint associated with the virtual interface of the consumer so as to cause said new stream of data packets to be delivered into the receive queue of the consumer.

公开(公告)号：US20200084095A1

公开(公告)日：2020-03-12

申请号：US16681615

申请日：2019-11-12

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/08 ,  H04L29/14

Abstract: A data processing system comprising: first and second network ports each operable to support a network connection configured according to one or more of a predetermined set of physical layer protocols; and a processor configured to, on a network message being formed for transmission to a network endpoint accessible over either of the first and second network ports: estimate the total time required to, for each of the predetermined set of physical layer protocols, negotiate a respective network connection and transmit the entire network message over that respective network connection; select the physical layer protocol having the lowest estimate of the total time required to negotiate a respective network connection and transmit the network message over that respective network connection; and configure at least one of the first and second network ports to use the selected physical layer protocol.

公开(公告)号：US10212135B2

公开(公告)日：2019-02-19

申请号：US15231564

申请日：2016-08-08

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope ,  Derek Roberts ,  David J. Riddoch

IPC: H04L9/32 ,  H04L29/06

Abstract: A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.

公开(公告)号：US20180139089A1

公开(公告)日：2018-05-17

申请号：US15868857

申请日：2018-01-11

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope

IPC: H04L12/24 ,  H04L29/06 ,  H04L29/14 ,  H04L29/08

CPC classification number: H04L41/083 ,  H04L69/14 ,  H04L69/18 ,  H04L69/323 ,  H04L69/40

Abstract: A data processing system comprising: first and second network ports each operable to support a network connection configured according to one or more of a predetermined set of physical layer protocols; and a processor configured to, on a network message being formed for transmission to a network endpoint accessible over either of the first and second network ports: estimate the total time required to, for each of the predetermined set of physical layer protocols, negotiate a respective network connection and transmit the entire network message over that respective network connection; select the physical layer protocol having the lowest estimate of the total time required to negotiate a respective network connection and transmit the network message over that respective network connection; and configure at least one of the first and second network ports to use the selected physical layer protocol.

公开(公告)号：US09912665B2

公开(公告)日：2018-03-06

申请号：US13765579

申请日：2013-02-12

Applicant: SOLARFLARE COMMUNICATIONS, INC.

Inventor： Steve L. Pope ,  David J. Riddoch ,  Ching Yu ,  Derek Roberts

IPC: G06F15/16 ,  H04L29/06 ,  H04L12/861 ,  H04L12/879 ,  H04L12/863

CPC classification number: H04L63/10 ,  H04L47/50 ,  H04L49/90 ,  H04L49/901 ,  H04L49/9031 ,  H04L49/9063

Abstract: Roughly described, a network interface device receiving data packets from a computing device for transmission onto a network, the data packets having a certain characteristic, transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses, for example. Authorizations can be programmed into the NIC by a kernel routine upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from certain kinds of compromise.