Patent application number | Description | Published |
20100049876 | PACKET VALIDATION IN VIRTUAL NETWORK INTERFACE ARCHITECTURE - Roughly described, a network interface device receiving data packets from a computing device for transmission onto a network, the data packets having a certain characteristic, transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses, for example. Authorizations can be programmed into the NIC by a kernel routine upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from certain kinds of compromise. | 02-25-2010 |
20100192163 | INTERRUPT MANAGEMENT FOR MULTIPLE EVENT QUEUES - Method of managing interaction between a host subsystem and a peripheral device. Roughly described, the peripheral device writes an event into an individual event queue, and in conjunction therewith, also writes a wakeup event into an intermediary event queue. The wakeup event identifies the individual event queue. The host subsystem, in response to retrieval of the wakeup event from the intermediary event queue, activates an individual event handler to consume events from the individual event queue. | 07-29-2010 |
20110029734 | Controller Integration - Roughly described, a data processing system comprises a central processing unit and a split network interface functionality, the split network interface functionality comprising: a first sub-unit collocated with the central processing unit and configured to at least partially form a series of network data packets for transmission to a network endpoint by generating data link layer information for each of those packets; and a second sub-unit external to the central processing unit and coupled to the central processing unit via an interconnect, the second sub-unit being configured to physically signal the series of network data packets over a network. | 02-03-2011 |
20110149966 | Header Processing Engine - Roughly described, a header processing engine for a network interface device has a header recognizer to parse the headers of a data packet stored at a buffer to identify the type and position of each header in the packet; a constructor unit; and a processor including an execution pipeline. The header recognizer is configured to, for each header: select in dependence on the header type commands stored at a command memory; and form one or more messages for the constructor unit identifying the selected commands and the position of the header in the data packet. The commands selected for the packet headers are collectively such as to, if executed by the constructor unit, cause the constructor unit to generate a data structure which operates to cause the processor to process of the packet headers without accessing the data packet at the buffer. | 06-23-2011 |
20110173514 | DATA PROTOCOL - A method of transmitting data according to a data transmission protocol wherein the data is transmitted as a plurality of data frames and each data frame includes an error checking field comprising at least two sub-fields, the data of the first sub-field being formed by a first error checking method performed on data of the frame and the data of the second sub-field being formed by a second error checking method performed on the said data of the frame, the first and second methods being such that the data of the first sub-field has different error checking properties from those of the data of the second sub-field. | 07-14-2011 |
20110246489 | HASHING ALGORITHM FOR NETWORK RECEIVE FILTERING - Roughly described, a network interface device is assigned a maximum extent-of-search. A hash function is applied to the header information of each incoming packet, to generate a hash code for the packet. The hash code designates a particular subset of the table within which the particular header information should be found, and an iterative search is made within that subset. If the search locates a matching entry before the search limit is exceeded, then the incoming data packet is delivered to the receive queue identified in the matching entry. But if the search reaches the search limit before a matching entry is located, then device delivers the packet to a default queue, such as a kernel queue, in the host computer system. The kernel is then responsible for delivering the packet to the correct endpoint. | 10-06-2011 |
20140059221 | PACKET VALIDATION IN VIRTUAL NETWORK INTERFACE ARCHITECTURE - Roughly described, a network interface device receiving data packets from a computing device for transmission onto a network, the data packets having a certain characteristic, transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses, for example. Authorizations can be programmed into the NIC by a kernel routine upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from certain kinds of compromise. | 02-27-2014 |
20140233571 | HEADER PROCESSING ENGINE - Roughly described, a header processing engine for a network interface device has a header recognizer to parse the headers of a data packet stored at a buffer to identify the type and position of each header in the packet; a constructor unit; and a processor including an execution pipeline. The header recognizer is configured to, for each header: select in dependence on the header type commands stored at a command memory; and form one or more messages for the constructor unit identifying the selected commands and the position of the header in the data packet. The commands selected for the packet headers are collectively such as to, if executed by the constructor unit, cause the constructor unit to generate a data structure which operates to cause the processor to process of the packet headers without accessing the data packet at the buffer. | 08-21-2014 |
20140304802 | LOCKED DOWN NETWORK INTERFACE - A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a compliance rule associated with the inspected data flow. A packet filter is configured to, when the data flow is identified as being associated with a compliance rule, carry out an action with respect to the data flow corresponding to the compliance rule. | 10-09-2014 |
20140304803 | LOCKED DOWN NETWORK INTERFACE - A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid. | 10-09-2014 |