Abstract: Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the network I/O device. Information associated with the packet is queued onto an I/O device queue. The information is then transferred from the I/O device queue to a host memory of the network security device. Based on the control settings for the I/O device queue only those portions of the information corresponding to the one or more specified portions are copied to the cache of the corresponding CPU.

Abstract: Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a virus processing system includes a virus co-processor, a first memory, a general purpose processor (GPP) and a second memory. The first memory is communicably coupled to the co-processor via a first memory interface. The first memory includes a first signature compiled for execution on the co-processor. The GPP is communicably coupled to the co-processor. The second memory is communicably coupled to the co-processor via a second memory interface and to the GPP. The second memory includes a second signature compiled for execution on the GPP. The co-processor is operable to retrieve the first signature stored within the first memory through an instruction cache. The co-processor is operable to retrieve a data segment to be scanned from second memory through a data cache that is separate from the instruction cache.

Abstract: A non quenched and tempered steel and manufacturing process thereof. The manufacturing process of the non quenched and tempered steel has a cooling step after the finish rolling step, wherein intense cooling and moderate cooling are carried out alternatively. The intense cooling can ensure the surface temperature of the steel to decrease rapidly; and the moderate cooling allows the core temperature of the steel to dissipate gradually to the surface; a further intense cooling is carried out to allow rapid heat dissipation. The intense cooling and the moderate cooling can be carried out alternately several times according to practical requirement. A water cooling mode combining intense cooling and moderate cooling allows the core temperature and the surface temperature of the steel to become the same within a short time, and thus ensures the uniformity of the mechanical properties of the steel and improves production efficiency.

Abstract: Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of a network device is fetched by an interface of the network device by performing direct virtual memory addressing of a user memory space of a system memory of the network device on behalf of a network interface unit of the network device. The direct virtual memory addressing maps physical addresses of various portions of the payload data to corresponding virtual addresses. The payload data is segmented by the network interface unit across one or more packets.

Abstract: A non-quenched and tempered steel and manufacturing process thereof. The process alters the cooling mode before finish rolling in previous production of non-quenched and tempered steel; the process at least has a cooling step after the finish rolling step; the process utilizes alternate intense cooling and moderate cooling. The intense cooling can ensure the surface temperature of the steel to decrease rapidly; and the moderate cooling allows the core temperature of the steel to dissipate gradually to the surface; a further intense cooling is carried out to allow rapid heat dissipation. The intense cooling and the moderate cooling can be carried out alternately several times accordingly. A water cooling mode combining intense cooling and moderate cooling allows the core temperature and the surface temperature of the steel to become the same within a short time, the uniformity of the mechanical properties of the steel.

Abstract: A non quenched and tempered steel and manufacturing process thereof. The process comprises a cooling step after the finish rolling step; and the process utilizes alternate intense cooling and moderate cooling. The intense cooling can ensure the surface temperature of the steel to decrease rapidly; and the moderate cooling allows the core temperature of the steel to dissipate gradually to the surface; a further intense cooling is carried out to allow rapid heat dissipation. The intense cooling and the moderate cooling can be carried out alternately several times according to practical requirement. A water cooling mode combining intense cooling and moderate cooling allows the core temperature and the surface temperature of the steel to become the same within a short time, and thus ensures the uniformity of the mechanical properties of the steel and improves the production efficiency.

Abstract: Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus co-processing is provided. A general purpose processor stores a data segment to its system memory using a virtual address. The system memory has stored therein a page directory and a page table containing information for translating virtual addresses to physical addresses within a physical address space of the system memory. A virus processing hardware accelerator translates the virtual address of the data segment to a physical address of the data segment based on the page directory and the page table. The hardware accelerator accesses the data segment based on the physical address. The hardware accelerator scans the data segment for viruses by executing multiple pattern comparisons against the data segment. The hardware accelerator returns a result of the scanning to the general purpose processor via the system memory.

Abstract: Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of a network device is fetched by an interface of the network device by performing direct virtual memory addressing of a user memory space of a system memory of the network device on behalf of a network interface unit of the network device. The direct virtual memory addressing maps physical addresses of various portions of the payload data to corresponding virtual addresses. The payload data is segmented by the network interface unit across one or more packets.

Abstract: Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of a network device is fetched by an interface of the network device by performing direct virtual memory addressing of a user memory space of a system memory of the network device on behalf of a network interface unit of the network device. The direct virtual memory addressing maps physical addresses of various portions of the payload data to corresponding virtual addresses. The payload data is segmented by the network interface unit across one or more packets.

Abstract: Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, payload data originated by a user process running on a host processor of the computer system is fetched by an interface of the computer system by performing direct virtual memory addressing of a user memory space of a system memory of the computer system on behalf of a network processor of the computer system. The direct virtual memory addressing maps a physical address of the payload data to a virtual address. The payload data is segmented by the network processor across one or more packets.

Abstract: Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a virus processing system includes a virus co-processor, a first memory, a general purpose processor (GPP) and a second memory. The first memory is communicably coupled to the co-processor via a first memory interface. The first memory includes a first signature compiled for execution on the co-processor. The GPP is communicably coupled to the co-processor. The second memory is communicably coupled to the co-processor via a second memory interface and to the GPP. The second memory includes a second signature compiled for execution on the GPP. The co-processor is operable to retrieve the first signature stored within the first memory through an instruction cache. The co-processor is operable to retrieve a data segment to be scanned from second memory through a data cache that is separate from the instruction cache.

Abstract: Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the network I/O device. Information associated with the packet is queued onto an I/O device queue. The information is then transferred from the I/O device queue to a host memory of the network security device. Based on the control settings for the I/O device queue only those portions of the information corresponding to the one or more specified portions are copied to the cache of the corresponding CPU.

Abstract: Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a DCA control is defined by a network Input/Output (I/O) device for an I/O device queue corresponding to a central processing unit (CPU) of a host processor. A part of an incoming packet is configured by the DCA control to be copied to a cache of the CPU. The incoming packet is parsed by the network I/O device based on one or more of packet analysis, packet protocol, header format and payload data information. The parsed incoming packet is transferred from an I/O device queue of the network I/O device to a host queue of a host memory that is operatively coupled with the host processor. The specified part of the parsed incoming packet is copied by a host controller to the cache of the CPU based on the DCA control.

Abstract: Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A virus signature file that includes multiple virus signatures capable of detecting and identifying a variety of known viruses is downloaded by a general purpose processor. It is determined by the general purpose processor whether a virus co-processor is coupled to the general purpose processor. When the virus co-processor is determined to be coupled to the general purpose processor, then it is further determined by the general purpose processor which virus signatures are supported by the virus co-processor (“CP-supported virus signatures”). The CP-supported virus signatures are transferred to a memory associated with the virus co-processor. The virus co-processor is directed by the general purpose processor to perform a virus scan based on the supported virus signatures.

Abstract: Systems and methods for limiting the rate of packet transmission from a NIC to a host CPU are provided. According to one embodiment, data packets are received from a network by the NIC. The NIC is coupled to a host central processing unit (CPU) of a network appliance through a bus system. A status of the host CPU is monitored by the NIC. A rate limiting mode indicator is set by the NIC based on the status. When the rate limiting mode indicator indicates rate limiting is inactive, then the received data packets are transmitted from the NIC to the host CPU for processing. When the rate limiting mode indicator indicates rate limiting is active, then rate limiting is performing by temporarily stopping or slowing transmission of the received data packets from the NIC to the host CPU for processing.

Abstract: Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned to a first instruction pipe of multiple instruction pipes of the virus co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory.

Abstract: Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received by a first stage of a CPMP hardware accelerator of a network device. A pre-matching process is performed by the first stage to identify a candidate packet that matches a string or over-flow pattern associated with IPS or ADC rules. A candidate rule is identified based on a correlation of results of the pre-matching process. The candidate packet is tokened to produce matching tokens and corresponding locations. A full-match process is performed on the candidate packet by a second stage of the CPMP hardware accelerator to determine whether it satisfies the candidate rule by performing one or more of (i) context-aware pattern matching, (ii) context-aware string matching and (iii) regular expression matching based on contextual information, the matching tokens and the corresponding locations.

Abstract: Methods and systems for implementing improved partitioning and virtualization in a multi-host environment are provided. According to one embodiment, multiple devices, including CPUs and peripherals, coupled with a system via an interconnect matrix/bus are associated with a shared memory logically partitioned into multiple domains. A first domain is associated with a first set of the devices and a second domain is associated with a second set of the devices. A single shared virtual map module (VMM), maps a memory access request to an appropriate partitioned domain of the memory to which the originating device has been assigned based on an identifier associated with the device and further based on they type of memory access. The VMM causes a memory controller to perform memory access on behalf of the device by outputting a physical address based on the identified domain and the virtual address specified by the request.

Abstract: Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a processor maintains a page directory and a page table within a system memory that contain information for translating virtual addresses to physical addresses. Virus processing of a content object is offloaded to a hardware accelerator coupled to the processor by storing scanning parameters, including the content object and a type of the content object, to the memory using one or more virtual addresses and indicating to the hardware accelerator that the content object is available for processing. Responsive thereto, the hardware accelerator: (i) translates the virtual addresses to corresponding physical addresses based on the page directory and the page table; (ii) accesses the scanning parameters based on the physical addresses; (iii) scans the content object for viruses by applying multiple virus signatures; and (iv) returns a result of the scanning to the processor.

Abstract: Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a system includes a system memory, a general purpose processor, an instruction memory and a virus co-processor. The processor is coupled to the system memory and operable to store a data segment therein. The instruction memory includes a virus signature, having a first instruction of a first instruction type and a second instruction of a second instruction type, for detection of a computer virus. The co-processor is coupled to the instruction memory and the system memory and is operable to access the data segment. The co-processor includes first and second instruction pipes operable to execute the first and second instruction types, respectively. The first and second instruction pipes include first and second write back circuits, respectively, that are linked to ensure a ordered write back of instructions.