Abstract: Apparatus including a first interface to a host processor, a second interface to transmit and receive data packets having headers and payloads, to and from a packet communication network, a memory holding context information regarding a flow of the data and assigning serial numbers to the data packets in the flow, according to a session-layer protocol, and processing circuitry between the first and second interfaces and having acceleration logic, to decode the data records according to the session-layer protocol, using and updating the context information based on the serial numbers and the data records of the received packets, and processing circuitry writing the decoded data records through the first interface to a host memory. The acceleration logic, upon receiving in a given flow a data packet containing a serial number that is out of order, reconstructs the context information and applies that context information in decoding data records in subsequent data packets in the flow.

Abstract: A network node includes a network adapter and a host. The network adapter is coupled to a communication network. The host includes a processor running a client process and a communication stack, and is configured to receive packets from the communication network, and classify the received packets into respective flows that are associated with respective chunks in a receive buffer, to distribute payloads of the received packets among the chunks so that payloads of packets classified to a given flow are stored in a given chunk assigned to the given flow, and to notify the communication stack of the payloads in the given chunk, for transferring the payloads in the given chunk to the client process.

Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.

Abstract: Apparatus including a first interface to a host processor, a second interface to transmit and receive data packets having headers and payloads, to and from a packet communication network, a memory holding context information regarding a flow of the data and assigning serial numbers to the data packets in the flow, according to a session-layer protocol, and processing circuitry between the first and second interfaces and having acceleration logic, to decode the data records according to the session-layer protocol, using and updating the context information based on the serial numbers and the data records of the received packets, and processing circuitry writing the decoded data records through the first interface to a host memory. The acceleration logic, upon receiving in a given flow a data packet containing a serial number that is out of order, reconstructs the context information and applies that context information in decoding data records in subsequent data packets in the flow.

Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium. The network interface layer is configured to: A) receive a plurality of user datagram protocol (UDP) message segments from the physical network connection; B) coalesce the plurality of UDP message segments into a coalesced UDP message; and C) send the coalesced UDP message to an application layer external to the system. Related apparatus and methods are also provided.

Abstract: Packet processing apparatus includes a first interface coupled to a host processor and a second interface configured to transmit and receive data packets to and from a packet communication network. A memory holds context information with respect to one or more flows of the data packets conveyed between the host processor and the network in accordance with a reliable transport protocol and with respect to encoding, in accordance with a session-layer protocol, of data records that are conveyed in the payloads of the data packets in the one or more flows. Processing circuitry, coupled between the first and second interfaces, transmits and receives the data packets and includes acceleration logic, which encodes and decodes the data records in accordance with the session-layer protocol using the context information while updating the context information in accordance with the serial numbers and the data records of the transmitted data packets.

Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium, wherein the network interface layer is configured to: A) receive a user datagram protocol (UDP) message for sending, the UDP message having a length L, and a desired maximum network message size (MSS), B) segment the UDP message in accordance with the MSS into a plurality of message segments, each message segment having a size no greater than MSS, and adjust information in each of the plurality of message segments, and C) send the plurality of message segments via the physical network connection to a networking medium. Related apparatus and methods are also provided.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: A system including a network interface layer, and a physical network connection configured to connect with a networking medium, wherein the network interface layer is configured to: A) receive a user datagram protocol (UDP) message for sending, the UDP message having a length L, and a desired maximum network message size (MSS), B) segment the UDP message in accordance with the MSS into a plurality of message segments, each message segment having a size no greater than MSS, and adjust information in each of the plurality of message segments, and C) send the plurality of message segments via the physical network connection to a networking medium. Related apparatus and methods are also provided.

Abstract: Computing apparatus includes a host processor, which runs a virtual machine monitor (VMM), which supports a plurality of virtual machines and includes a cryptographic security software module. A network interface controller (NIC) links the host processor to a network so as to transmit and receive data packets from and to the virtual machines and includes a cryptographic security hardware logic module, which when invoked by the VMM, applies the cryptographic security protocol to the data packets while maintaining a state context of the protocol with respect to each of the virtual machines. Upon encountering an exception in applying the cryptographic security protocol, the NIC transfers the data packet, together with the state context of the cryptographic security protocol with respect to the given virtual machine, to the cryptographic security software module for processing.

Abstract: A method, apparatus, and computer program product for processing a data record including encrypted and decrypted data is described. Various embodiments include receiving a data record including ciphertext and plaintext blocks and determining whether each block in the data record is a ciphertext block or a plaintext block. If a block is a ciphertext block, the ciphertext block is stored into a ciphertext record, decrypted into a plaintext block utilizing a decryption algorithm, and stored in a plaintext record. If the block is a plaintext block, the plaintext block is stored into the plaintext record, encrypted into a ciphertext block utilizing an encryption algorithm, and stored in the ciphertext record. Embodiments described also include authenticating the data record by passing each block of the ciphertext record to an authentication scheme and outputting the plaintext record to a destination application.

Abstract: Packet processing apparatus includes a first interface coupled to a host processor and a second interface configured to transmit and receive data packets to and from a packet communication network. A memory holds context information with respect to one or more flows of the data packets conveyed between the host processor and the network in accordance with a reliable transport protocol and with respect to encoding, in accordance with a session-layer protocol, of data records that are conveyed in the payloads of the data packets in the one or more flows. Processing circuitry, coupled between the first and second interfaces, transmits and receives the data packets and includes acceleration logic, which encodes and decodes the data records in accordance with the session-layer protocol using the context information while updating the context information in accordance with the serial numbers and the data records of the transmitted data packets.