Abstract: A method to offload a network stack connection is presented. A request, which includes a list of resource requirements from each software layer in the stack, to offload the network stack connection is sent through the stack to the peripheral device. The device allocates resources for the list and sends a handle to each of the software layers for communication with the device. The state for each layer is sent to the device that includes state variables that are classified as a constant, a cached variable handled by the CPU, or a delegated variable handled by the device.

Abstract: A method to offload a network stack connection is presented. A request, which includes a list of resource requirements from each software layer in the stack, to offload the network stack connection is sent through the stack to the peripheral device. The device allocates resources for the list and sends a handle to each of the software layers for communication with the device. The state for each layer is sent to the device that includes state variables that are classified as a constant, a cached variable handled by the CPU, or a delegated variable handled by the device.

Abstract: A system and method for defeating SYN attacks are provided. When the number of packets received by a server is above the capacity of the server, the server assumes that a SYN attack is in progress. The server randomly drops SYN packets without processing them. The percentage of SYN packets dropped is increased while the load on the server exceeds capacity, and decreased while the load on the server does not exceed capacity. Under attack conditions, a percentage of TCP connections are still maintained.

Abstract: An initial sequence number generator is provided that prevents the local server from being attacked while maintaining reliable data transfer. A random intermediate value is created that is unique to each connection identifier and is combined with a random value created from a global counter to generate the initial sequence number. The counter capable of monotonically increasing by both a fixed and variable amount for ensuring that the same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and also to ensures randomness of the initial sequence number on a per connection basis for preventing attacks on the local server.

Abstract: A method to synchronize and upload an offloaded network stack connection between a host network stack and processing device is presented. A state object for each layer in the stack is sent to the device that includes state variables that are classified as a constant, a cached variable handled by the host, or a delegated variable handled by the device. State that must be updated by the network stack and the processing device is cleanly divided. For example, statistics are tracked by the host, the device, or the host and the device. A statistic tracked by both the host and processing device is divided into non-overlapping portions and combined to produce the statistic. Once an upload is initiated, the device achieves a consistent state and hands delegated states to the stack. Each layer in the stack takes control of its delegated state and resources at the device are freed.

Abstract: The present invention protects against denial of service attacks on lookup or hash tables used to store state information for data transfer protocols used to transfer data between two host computers. Two hash tables are provided for holding state information, one for verified remote entities (i.e., those where the remote local address can be traced to a host), and one for unverified entities. A cryptographically secure hash is applied to packets from unverified remote entities, since these are the most likely to attempt attacks on the hash tables. The performance of the local server for packets from verified remote entities, however, is maintained.

Abstract: A method to offload a network stack connection is presented. A request, which includes a list of resource requirements from each software layer in the stack, to offload the network stack connection is sent through the stack to the peripheral device. The peripheral device is a second processor that processes the offloaded network stack connection in software, in hardware, or a mixture of hardware and software. The device allocates resources for the list and sends a handle to each of the software layers for communication with the device. The state for each layer is sent to the device that includes state variables that are classified as a constant, a cached variable handled by the CPU, or a delegated variable handled by the device.

Abstract: The present invention provides mechanisms for transferring processor control of multiple network connections between two component devices of a computerized system, such as between a host CPU and a NIC. In one aspect of the invention, two or more network communications may each have a different state object in the upper layers of a network protocol stack, and have a common state object in the lower layers (e.g., the Framing Layer) of the network protocol stack. In part due to the commonalities in the lower software layer states, the invention provides for offloading processor control of multiple network communications at once, including long and short-lived connections. In addition, the invention can negotiate with an alternative peripheral device to offload the network communication to the alternative peripheral device in the event of a failover event, and provides a solution to incoming data packets destined for one or more VLANs.

Abstract: In an exemplary device implementation, a device includes: a connection migrator that is configured to migrate connections away from the device; the connection migrator capable of precipitating a compilation of protocol state for a connection across a protocol stack; the connection migrator adapted to aggregate the compiled protocol state with data for the connection into an aggregated connection state; the connection migrator further capable of causing the aggregated connection state to be sent toward a target device. In an exemplary media implementation, processor-executable instructions direct a device to perform actions including: obtaining at least a portion of a source/destination pair from a packet; accessing an encapsulation mapping table using the at least a portion of the source/destination pair to locate an encapsulation mapping entry; extracting a flow identifier from the encapsulation mapping entry; and replacing part of the packet with the flow identifier to produce an encapsulated packet.

Abstract: A method to offload a network stack connection is presented. A request, which includes a list of resource requirements from each software layer in the stack, to offload the network stack connection is sent through the stack to the peripheral device. The device allocates resources for the list and sends a handle to each of the software layers for communication with the device. The state for each layer is sent to the device that includes state variables that are classified as a constant, a cached variable handled by the CPU, or a delegated variable handled by the device.

Abstract: A method to synchronize and upload an offloaded network stack connection between a host network stack and peripheral device is presented. A state object for each layer in the stack is sent to the device that includes state variables that are classified as a constant, a cached variable handled by the host, or a delegated variable handled by the device. State that must be updated by the network stack and the peripheral device is cleanly divided. For example, statistics are tracked by the host, the device, or the host and the device. A statistic tracked by both the host and peripheral device is divided into non-overlapping portions and combined to produce the statistic. Once an upload is initiated, the device achieves a consistent state and hands delegated states to the stack. Each layer in the stack takes control of its delegated state and resources at the device are freed.