Abstract: Methods and systems are provided for creation and implementation of firewall policies. Method of the present invention includes enabling a firewall device to maintain a log of network traffic flow observed by the device. The method further includes enabling firewall device to receive an administrator request for a customized report to be generated based on log of network traffic and generating the report by extracting information from the log based on report parameters, where the report includes desired network traffic items that are associated with one or more action objects. The method further provides for firewall device to receive a directive to implement an appropriate firewall policy on one or more network traffic items responsive to interaction of administrator with one or more action objects corresponding to the network traffic items. Based on the directive and information from log, the firewall then defines and/or establishes appropriate firewall policy.

Abstract: Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, a user process of a host processor requests a network driver to store payload data within a system memory. The network driver stores (i) payload buffers each containing therein at least a subset of the payload data and (ii) buffer descriptors each containing therein information indicative of a starting address of a corresponding payload buffer within a user memory space. A network processor transmits onto a network the payload data within multiple transport layer protocol packets by (i) causing a network interface to retrieve the payload data from the payload buffers by performing direct virtual memory addressing of the user memory space using the buffer descriptors and information contained within a translation data structure stored within the system memory; and (ii) segmenting the payload data across the transport layer protocol packets.

Abstract: Methods and systems for routing client requests are provided. According to one embodiment, a request handling server obtains a rule set for managing the traffic of a content publisher. A request associated with the content publisher is received at the request handling server. When the received request is a content request, directly servicing the received request or redirecting the received request by the request handling server to another server capable of handling the request based on the rule set. When the received request comprises a Domain Name System (DNS) request, responding to the DNS request, by the request handling server, with a DNS response based on the rule set.

Abstract: A method for processing network traffic data includes receiving a packet, and determining whether the packet is a previously dropped packet that is being retransmitted. A method for processing network traffic content includes receiving a plurality of headers, the plurality of headers having respective first field values, and determining whether the first field values of the respective headers form a first prescribed pattern. A method for processing network traffic content includes receiving a plurality of packets, and determining an existence of a flooding attack without tracking each of the plurality of packets with a SYN bit.

Abstract: Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a connection for a subscriber is created based on a service context of the subscriber. A connection request is received from a subscriber of a network service delivery environment. The subscriber is associated with a first-level profile identifier indicative of a service context for the subscriber. One or more other subscribers can be associated with the first-level profile identifier. Lower-level profile identifiers are determined using the first-level profile identifier. The lower-level profile identifiers indicate a set of services that is available to the subscriber during the connection. Creating a connection for the subscriber that enables forwarding of packets based on the lower-level profile identifiers.

Abstract: Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, active multicast IP sessions are identified by a router. A data structure is maintained by the router and contains therein information regarding the multicast sessions, including a first pointer for each of the multicast sessions, at least one chain of one or more blocks of second pointers and one or more transmit control blocks (TCBs). Each first pointer points to a chain of one or more blocks of second pointers. Each second pointer corresponds to an outbound interface (OIF) participating in the multicast session and identifies a number of times packets associated with the multicast session are to be replicated. The TCBs have stored therein control information to process or route packets. Each second pointer points to a TCB that identifies an OIF of the router through which packets are to be transmitted.

Abstract: Methods and systems for performing rate limiting are provided. According to one embodiment, information is maintained regarding a set of virtual networks into which a network has been logically divided. Each virtual network comprises a loop-free switching path, reverse path learning network and provides a path through the network between a first and second component thereby collectively providing multiple paths between the first and second components. Packets are received by the first component that are associated with a flow sent by a source component. The packets are forwarded by the first component to the second component along a particular path defined by the set of virtual networks. A congestion metric is determined for the particular path and based thereon it is determined whether a congestion threshold has been reached. Responsive to an affirmative determination, the source component is instructed to limit the rate at which the packets are sent.

Abstract: Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus processing content objects is provided. A content object is stored within a system memory by a general purpose processor using a virtual address. Most recently used entries of a page directory and a page table of the system memory are cached within a translation lookaside buffer (TLB) of a virus co-processor. Instructions are read from a virus signature memory of the co-processor. Those of a first type are assigned to a first of multiple instruction pipes of the co-processor. The first instruction pipe executes an instruction including accessing a portion of the content object by performing direct virtual memory addressing of the system memory using a physical address derived based on the virtual address and the TLB and comparing it to a string associated with the instruction.

Abstract: Methods and systems for performing load balancing within an Ethernet network are provided. According to one embodiment, a set of virtual networks, into which a network has been logically divided that can be used by a first component is maintained. Each of the virtual networks is a loop-free switching path, reverse path learning network and provides a path through the network between the first component and a second component. A packet destined for the second component is received by the first component. On a packet-by-packet basis or on a per flow basis, the first component dynamically selects a particular path by selecting a virtual network for transporting the received packet that tends to balance traffic load across the virtual networks. The first component causes the received packet to be transported through the network to the second component via the particular path.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a first set of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and a second set of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file are transparently proxied by a gateway device. The existence or non-existence of malicious, dangerous or unauthorized content contained within the file is determined by the gateway device by (i) buffering data being read from or written to the file as a result of the first and second set of SMB/CIFS protocol requests into a shared file buffer; and (ii) performing content filtering on the shared file buffer when a scanning condition is satisfied.

Abstract: Systems and methods for content filtering are provided. According to one embodiment, a type and structure of an archive file are determined. The archive file includes identification bytes that identify the type of archive file and header information both in unencrypted and uncompressed form and a file data portion containing contents of files in encrypted form, compressed form or both. The determination is based solely on the identification bytes and/or the header information. Based thereon, descriptive information, describing characteristics of the files, is extracted from the header information for each file. The descriptive information includes a checksum of the file in uncompressed form, a size of the file in uncompressed form and/or a size of the file in compressed form. A file is identified as being potentially malicious or undesired when a comparison of the descriptive information to detection signatures of known malicious or undesired files results in a match.

Abstract: Methods and systems are provided for provisioning and managing network-based virtual private networks (VPNs). According to one embodiment, routing information, including virtual private network (VPN) addresses reachable, for customer sites connected via service processing switches is learned or discovered. The routing information is disseminated among routers associated with multiple network-based customer VPNs for multiple customers. A routing configuration is generated for a network-based customer VPN based on the routing information and a global customer routing profile. Virtual routers (VRs) of the service processing switches are provisioned to support the customer VPN based on the routing configuration. A custom routing profile for the customer VPN is received that identifies one or more routing protocols to be used for one or more segments of the customer VPN.