Abstract: Packets in an intrusion prevention system are inspected by a deep packet inspection engine. A packet may be queued for transmission onto an output queue and transmitted over a network while deep packet inspection is still being performed on the packet. Such simultaneous inspection processing and transmission may be implemented using two ownership bits for the packet, one to indicate “ownership to process” and one to indicate “ownership to send,” instead of the single ownership bit that is used in conventional systems. Furthermore, the packet may be inspected, queued onto the output queue, and transmitted without making a copy of the packet within the deep packet inspection engine. These techniques enable the inspection latency, and therefore the overall transmission latency, of packets to decrease, thereby improving the overall performance of the intrusion prevent system.

Abstract: A computer-implemented method of accessing data comprises resetting the value of a register of a first processing core of a multi-core processor, copying the bits of a compressed pointer into the lowest order bits of the register, left shifting the register a predetermined number of bits, and executing on the first processing core a first instruction referencing memory at a virtual address specified by the register.

Abstract: Deep packet inspection is performed on packets in a network intrusion prevention system. A processing priority may be assigned to a packet based on characteristics such as the protocol type of the packet. Higher-priority packets may be processed before lower-priority packets or otherwise given preferential processing treatment. Deep packet inspection may be performed on the packet, and the processing priority of the packet may be changed based on the amount of time required to complete inspection of the packet. For example, the processing priority of the packet may be lowered if inspection of the packet takes longer than a predetermined time threshold. Furthermore, inspection of such packets may be suspended and either terminated or resumed at a subsequent time.

Abstract: A method of accessing data in a shared-memory, parallel-processing computing system, comprises, on a first processing unit, receiving a reference for a data structure stored in a memory and a first value of a generation attribute associated with the data structure, waiting to receive an exclusive lock on the data structure, obtaining an exclusive lock on the data structure, receiving a second value of a second generation attribute associated with the data structure; and accessing the data structure only if the first generation attribute value and the second generation attribute value are identical.

Abstract: A method for assigning Media Access Control (MAC) addresses to devices of a computing system includes: for each of a plurality of devices of the computing system, determining particular information regarding that device during a boot process for that device, and dynamically generating a MAC address for each device that indicates the determined particular information regarding that device. The particular information regarding each device may include, for example, information regarding the location of the device in the system (e.g., slot information), device type information, device number information, etc.

Abstract: A method of flexibly binding physical network interface ports to a processor in a network testing system comprises generating an egress network packet with a prepend header at a processor, wherein the prepend header specifies a particular physical network interface through which the egress network packet should be transmitted, transmitting the prepended network packet to a configurable logic device (CLD), routing the prepended network packet to the specified physical network interface.

Abstract: A computer-implemented method of accessing data comprises resetting the value of a register of a first processing core of a multi-core processor, copying the bits of a compressed pointer into the lowest order bits of the register, left shifting the register a predetermined number of bits, and executing on the first processing core a first instruction referencing memory at a virtual address specified by the register.

Abstract: A system includes a plurality of deep packet inspection engines for performing deep packet inspection on packets in a network. The deep packet inspection engines share at least some state. One of the deep packet inspection engines is assigned responsibility for writing data to the shared state. For one of the deep packet inspection engines to write data to the shared state, the deep packet inspection write provides a write request to the assigned “writer” deep packet inspection engine, which queues the request on a write queue. The writer deep packet inspection engine may queue multiple write requests from multiple deep packet inspection engines. The writer deep packet inspection engine dequeues the write requests and processes them serially, thereby avoiding the need to manage contention using locks.

Abstract: Traffic flow rate limits are enforced in an Intrusion Prevention System (IPS) having a plurality of deep packet inspection (DPI) engines by using a floating token bucket scheme. The IPS includes a plurality of rate limiters which are associated with different classes (e.g., protocols) of traffic. A floating token bucket is associated with each rate limiter. The token bucket associated with a rate limiter is passed from DPI engine to DPI engine. Only the DPI engine currently in possession of the token bucket for a particular rate limiter is allowed to process traffic of the class associated with that rate limiter. A DPI engine is only allowed to process traffic associated with a token bucket in its possession if that token bucket is not empty. Use of such floating token buckets enforces rate limits for each traffic class across the multiple DPI engine.

Abstract: A method for managing a memory communicatively coupled to a plurality of processors may include analyzing a data structure associated with a processor to determine if one or more portions of memory associated with the processor are sufficient to store data associated with an operation of the processor. The method may also include storing data associated with the operation in the one or more portions of the memory associated with the processor if the portions of memory associated with the processor are sufficient. If the portions of memory associated with the processor are not sufficient, the method may include determining if at least one portion of the memory is unassociated with any of the plurality of processors storing data associated with the operation in the at least one unassociated portion of the memory.

Abstract: A service request system for a subsystem of a computer including a processor, a driver, and inhibit logic. The inhibit logic detects requests for service by the subsystem and asserts an interrupt unless the driver is executing and servicing the subsystem. The driver is executed by the processor in response to the interrupt to service the subsystem, where the driver controls the inhibit logic to prevent interrupts associated with the subsystem from being asserted while the driver is being executed by the processor. In this manner, redundant interrupts or service requests initiated by the subsystem are eliminated. The service request system may include an activity indicator that indicates whether the driver is being executed. Th inhibit logic asserts an interrupt in response to a service request from the subsystem unless the activity indicator indicates that the driver is in control of the processor.

Abstract: Systems and methods are provided for network connected content delivery systems that employ functional multi-processing to optimize bandwidth utilization and accelerate system performance. In one embodiment, the content delivery system may include a switch based computing system. The system may further include an asymmetric multi-processor system configured in a staged pipeline manner.

Abstract: Systems and methods are provided for network connected computing systems that employ functional multi-processing to optimize bandwidth utilization and accelerate system performance. In one embodiment, the network connected computing system may include a switch based computing system. The system may further include an asymmetric multi-processor system configured in a staged pipeline manner. The components of the system may communicate as peers in a peer to peer environment. The network connected computing system may be utilized in one embodiment as a network endpoint system that provides content delivery.

Abstract: Systems and methods are provided for network connected computing systems that employ functional multi-processing to optimize bandwidth utilization and accelerate system performance. In one embodiment, the network connected computing system may include a switch based computing system. The system may further include an asymmetric multi-processor system configured in a staged pipeline manner. The network connected computing system may be utilized in one embodiment as a network endpoint system that provides content delivery.

Abstract: A dynamic early indication system for a computer includes a processor subsystem logic that performs a subsystem function, an early indicator, indication logic, and a driver that is executed by the processor in response to an indication to perform processing. The indication logic may be coupled to the subsystem logic and early indicator to provide an indication that informs the processor when processing associated with the subsystem function is needed at a completion time of the subsystem function. The indication may be provided before the completion time of the subsystem function if the early indicator represents early indication. The driver controls the early indicator to improve efficiency of subsystem processing.

Abstract: Systems and methods are provided for network connected computing systems that employ functional multi-processing to optimize bandwidth utilization and accelerate system performance. In one embodiment, the network connected computing system may include a switch based computing system. The system may further include an asymmetric multi-processor system configured in a staged pipeline manner. The network connected computing system may be utilized in one embodiment as a network endpoint system that provides content delivery.

Abstract: A network processing system uses intelligent security hardware as a security accelerator at its front end. The security hardware performs initial processing of incoming data, such as security detection tasks. The security hardware is directly connected to one or more processing units, via a bus or switch fabric, which execute appropriate applications and/or storage programming.

Abstract: Systems and methods are provided for network connected computing systems that employ functional multi-processing to optimize bandwidth utilization and accelerate system performance. In one embodiment, the network connected computing system may include a switch based computing system. The switch employed in the system may be a switch fabric. The system may further include an asymmetric multi-processor system configured in a staged pipeline manner. The network connected computing system may be utilized in one embodiment as a network endpoint system that provides content delivery.

Abstract: Systems and methods are provided for network connected computing systems that employ functional multi-processing to optimize bandwidth utilization and accelerate system performance. In one embodiment, the network connected computing system may include a switch based computing system. The system may further include an asymmetric multi-processor system configured in a staged pipeline manner. The network connected computing system may be utilized in one embodiment as a network endpoint system that provides content delivery.

Abstract: Systems and methods are provided for network connected computing systems that employ functional multi-processing to optimize bandwidth utilization and accelerate system performance. In one embodiment, the network connected computing system may include a switch based computing system. The system may further include an asymmetric multi-processor system configured in a staged pipeline manner. The network connected computing system may be utilized in one embodiment as a network endpoint system that provides content delivery.