Abstract: A special syslog daemon on a send node, wherein the send node is connected to a receive node by a one-way data link, the special syslog daemon configured to receive a syslog message from a syslog sender, insert a portion of IP information of the syslog sender in the body of the received syslog message and route the resulting syslog message to the one-way data link so that the resulting syslog message can be sent through the one-way data link to a syslog receiver communicatively coupled to the receive node. The present invention resolves the potential conflict between syslog and one-way data transfer applications that are configured to remove IP information from data prior to its passage through a one-way data link, thereby leading to a further enhancement of network security through their combination.

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, mechanisms for handling memory management and optimization within a system utilizing an offload network adapter are provided. The memory management mechanism permits both buffered sending and receiving of data as well as zero-copy sending and receiving of data. In addition, the memory management mechanism permits grouping of DMA buffers that can be shared among specified connections based on any number of attributes. The memory management mechanism further permits partial send and receive buffer operation, delaying of DMA requests so that they may be communicated to the host system in bulk, and expedited transfer of data to the host system.

Abstract: Embodiments of the present invention are directed to a one-way data transfer system with built-in data verification mechanism, comprising three nodes (Send Node, Receive Node, and Feedback Node) wherein (1) the three nodes are interconnected with each other by a one-way data link, and (2) the Feedback Node is designed solely for processing and relaying data verification information from the Receive Node to the Send Node. In these embodiments, the Send Node is capable of verifying the status of data it transferred to the Receive Node over a one-way data link without sacrificing the unidirectionality of data flow in the system and thereby compromising the level of security provided by use of one-way data links.

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, a mechanism for improving connection establishment in a system utilizing an offload network adapter is provided. The connection establishment mechanism provides the ability to offload connection establishment and maintenance of connection state information to the offload network adapter. As a result of this offloading of connection establishment and state information maintenance, the number of communications needed between the host system and the offload network adapter may be reduced. In addition, offloading of these functions to the offload network adapter permits bulk notification of established connections and state information to the host system rather than piecemeal notifications as is present in known computing systems.

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, a mechanism for improving connection establishment in a system utilizing an offload network adapter is provided. The connection establishment mechanism provides the ability to offload connection establishment and maintenance of connection state information to the offload network adapter. As a result of this offloading of connection establishment and state information maintenance, the number of communications needed between the host system and the offload network adapter may be reduced. In addition, offloading of these functions to the offload network adapter permits bulk notification of established connections and state information to the host system rather than piecemeal notifications as is present in known computing systems.

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, an improved mechanism for handling receipt of data packets in a system utilizing an offload network adapter. The offload network adapter may include logic that permits the offload network adapter to delay notification of data reception to the host system in different ways. The advantage of delaying the notice of data packet reception to the host system is the potential for aggregation of several data packets, which can arrive immediately after the first one, for example, in a single notification. Given a stream with continuous data packet arrival, a value may be set, either statically or dynamically, for notification delay and this value may be configurable for the host system per communication socket.

Abstract: Network interface circuitry for a secure one-way data transfer from a sender's computer (“Send Node”) to a receiver's computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node.

Abstract: The present invention provides a method, computer program product, and data processing system for efficiently recovering state and performing failover of a network offload engine. The present invention distinguishes between the hard state and the soft state of a protocol. Hard state is state information that, when lost, leads to incorrect protocol behavior. Soft state is state information that may be lost or become inconsistent without loss of correctness. The present invention ensures correctness by always being able to recover the hard state of the protocol. A preferred embodiment of the present invention performs a failover of a network offload engine by temporarily blocking the reception of network packets, recovering hard state from host information, resuming network operation using a substitute network offload engine, and recovering soft state from the subsequent network activity.

Abstract: A distributed data processing system, computer program product, and method of efficiently serving secure network transactions is disclosed. The present invention achieves efficiency and scalability by distributing the work load involved in secure network communications among three classes of servers, inline crypto engines for performing encryption and decryption, dedicated handshake engines for establishing cryptographic parameters, and transaction servers for actually servicing the transactions. The server system can be scaled so that more resource-intensive operations, such as the handshaking procedure, can be distributed across a larger number of servers than less resource-intensive operations. In addition, an added benefit is realized by having transaction servers operate on unencrypted data in that a packet-sniffing firewall or site-wide web document caching system may be implemented, whereas such features were previously unavailable to secure Internet sites.

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, a mechanism for improving connection establishment in a system utilizing an offload network adapter is provided. The connection establishment mechanism provides the ability to offload connection establishment and maintenance of connection state information to the offload network adapter. As a result of this offloading of connection establishment and state information maintenance, the number of communications needed between the host system and the offload network adapter may be reduced. In addition, offloading of these functions to the offload network adapter permits bulk notification of established connections and state information to the host system rather than piecemeal notifications as is present in known computing systems.

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, mechanisms for handling memory management and optimization within a system utilizing an offload network adapter are provided. The memory management mechanism permits both buffered sending and receiving of data as well as zero-copy sending and receiving of data. In addition, the memory management mechanism permits grouping of DMA buffers that can be shared among specified connections based on any number of attributes. The memory management mechanism further permits partial send and receive buffer operation, delaying of DMA requests so that they may be communicated to the host system in bulk, and expedited transfer of data to the host system.

Abstract: A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, an improved mechanism for handling receipt of data packets in a system utilizing an offload network adapter. The offload network adapter may include logic that permits the offload network adapter to delay notification of data reception to the host system in different ways. The advantage of delaying the notice of data packet reception to the host system is the potential for aggregation of several data packets, which can arrive immediately after the first one, for example, in a single notification. Given a stream with continuous data packet arrival, a value may be set, either statically or dynamically, for notification delay and this value may be configurable for the host system per communication socket.

Abstract: A mechanism for bottleneck avoidance is provided in an intelligent adapter. The mechanism allows the adapter to be used such that host/adapter system throughput is optimized. The bottleneck avoidance mechanism of the present invention determines when the adapter becomes a bottleneck. If certain conditions exist, then new connections are refused so that the adapter can process packets for existing connections. If certain other conditions exist, the adapter may migrate workload to the host processor for processing. These conditions may be determined by comparing memory usage or central processing unit usage to predetermined thresholds. Alternatively, the conditions may be determined by comparing adapter response time to host response time.

Abstract: A task schedule is enforced among multiple processes by setting process priorities based upon which tasks are running on which processes and based upon the task schedule. The task scheduling may be provided by a local or global scheduler which uses application information to prioritize tasks. The task schedule, or priority list, is provided at Local Activity Schedulers which schedule the activities for their local execution elements/nodes. Execution of activities locally are performed by any number of processes that reside in each execution element. These processes are assigned operating system priorities by the respective Local Activity Scheduler based on their assigned activities for execution and the task schedule.

Abstract: The present invention provides a method, computer program product, and data processing system for efficiently recovering state and performing failover of a network offload engine. The present invention distinguishes between the hard state and the soft state of a protocol. Hard state is state information that, when lost, leads to incorrect protocol behavior. Soft state is state information that may be lost or become inconsistent without loss of correctness. The present invention ensures correctness by always being able to recover the hard state of the protocol. A preferred embodiment of the present invention performs a failover of a network offload engine by temporarily blocking the reception of network packets, recovering hard state from host information, resuming network operation using a substitute network offload engine, and recovering soft state from the subsequent network activity.

Abstract: A method, apparatus, and computer instructions for transferring data objects. A request for a data object is received at a communication adapter. A determination is made as to whether the data object is stored in a memory in the communication adapter in response to receiving the request. The data object is transferred from the memory to a receiver of the data object through the communication adapter in which transfer of the data across a bus connecting the communication adapter to the data processing system is unnecessary in response to the data object being present in the memory.

Abstract: A system transfers data between a client computer and a server computer over a network, wherein communications are established over a first data link between the client and the server to provide the server with identification of the data to be transferred, then communications are established over a second data link between the client and the server for data transfer such that the second data link has a faster data transfer rate than the first data link, then the identified data is transferred from the client to the server; and then finally the client computer is provided with status information relating to the transfer of the identified data. The first data link is sufficient to support normal data operations utilizing existing network resources. The second data link can connect the clients to one or more of the servers, or may connect only particular clients and servers with special needs for large data transfer.

Abstract: A method for dynamically converting electronically encoded HTML document from a text format to an image format. The method includes receiving a request for the content from a client, obtaining the content in text format, determining a content creation preference, and converting the content in text format to content in the image format according to the content creation preference. The method includes replying to the requests wherein the reply includes the content in the image format. The method applies a watermark to the content in the image format according to a watermarking preference. The method generates an image map in accordance with a mapping preference, wherein the image map relates selectable spatial display coordinates to external document identifiers.

Abstract: A distributed data processing system, computer program product, and method of efficiently serving secure network transactions is disclosed. The present invention achieves efficiency and scalability by distributing the work load involved in secure network communications among three classes of servers, inline crypto engines for performing encryption and decryption, dedicated handshake engines for establishing cryptographic parameters, and transaction servers for actually servicing the transactions. The server system can be scaled so that more resource-intensive operations, such as the handshaking procedure, can be distributed across a larger number of servers than less resource-intensive operations. In addition, an added benefit is realized by having transaction servers operate on unencrypted data in that a packet-sniffing firewall or site-wide web document caching system may be implemented, whereas such features were previously unavailable to secure Internet sites.

Abstract: A system and method are provided which significantly speed up the ability to reassemble network message transfer units (MTUs) using existing virtual memory systems. Discontiguous physical pages are rearranged in a continuous format in virtual memory by manipulating virtual page pointers in a hardware memory page table. The hardware memory page table provides any necessary virtual-to-real address translations during the execution of a process.