Efficient classification, manipulation, and control of network transmissions by associating network flows with rule based functions
First Claim
1. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:
- one or more applications executed by one or more of the CPUs, each application using one or more sockets connected to the networks to communicate over the networks;
one or more rule sets containing one or more rules; and
one or more socket sets of one or more of the connected sockets, each of the socket sets associated with one of the rule sets, the rule set controlling one or more packets sent by the applications on each of the sockets in the associated socket set;
wherein the rule set controls the timing of the sending procedure of the packets to the network or the sending of received packets to the application on any socket in the associated socket set in one or more of the following ways;
limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer connected to one or more networks through appropriate network interfaces is used to classify, manipulate, and/or control communications, e.g., packets sent and/or received over the network by one or more applications executing in the computer. Each application is connected to the network through one or more sockets to enable this communication. The computer also comprises one or more rule sets of one or more rules. A socket set of one or more of the sockets is associated with only one of the rule sets. The rules in the rule set are used to control one or more of the packets communicated by the applications communicating over the socket(s) associated with the respective rule set. Rules can be added to the rule set, deleted from the rule set, or modified in order to classify, manipulate, and/or control the communication of the packets, e.g. to control the rate at which the packets are sent or to provide certain security functions.
-
Citations
21 Claims
-
1. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:
-
one or more applications executed by one or more of the CPUs, each application using one or more sockets connected to the networks to communicate over the networks;
one or more rule sets containing one or more rules; and
one or more socket sets of one or more of the connected sockets, each of the socket sets associated with one of the rule sets, the rule set controlling one or more packets sent by the applications on each of the sockets in the associated socket set;
wherein the rule set controls the timing of the sending procedure of the packets to the network or the sending of received packets to the application on any socket in the associated socket set in one or more of the following ways;
limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.- View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, executed by a computer system, the computer system having one or more network connections to one or more networks, the method comprising the steps of:
-
verifying that there is information in the form of packets to be communicated between one or more applications executing on the computer system over one or more of the network connections;
verifying that the information can be communicated as determined by one or more rules in a rule set associated with one of the network connections, wherein the rule set is accessible for associating with one or more of the network connections;
communicating the information if the rules in the rule set are satisfied; and
wherein rule set controls the timing of a sending procedure of the packets to the network or the sending of received packets to an application on any socket in an associated socket set in one or more of the following ways;
limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.- View Dependent Claims (9)
-
-
10. A computer connected through a connection on one or more network interfaces to one or more networks, the computer comprising:
-
means for verifying that there is information in the form of packets to be communicated between one or more applications executing on the computer system over one or more of the network connections;
means for verifying that the information can be communicated as determined by one or more rules in a rule set associated with one of the network connections, wherein the rule set is accessible for associating with one or more of the network connections;
means for communicating the information if the rules in the rule set are satisfied; and
wherein the rule set controls timing of a sending procedure of the packets to the network or the sending of received packets to an application on any socket in an associated socket set in one or more of the following ways;
limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.
-
-
11. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:
-
one or more applications executed by one or more of the CPUs, each application using one or more sockets to communicate over the network;
one or more rule sets of one or more rules, one or more of the rules containing one or more client constraints; and
one or more socket sets of one or more of the connected sockets, each of the socket sets associated with only one of the rule sets, the rule set controlling one or more packets sent by each of the sockets in the associated socket set. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A server connected through one or more network interfaces to one or more networks, each of the networks connected to one or more clients, the server having one or more memories and one or more central processing units (CPUs) and further comprising:
-
one or more applications executed by one or more of the CPUs, each application using one or more sockets connected to the networks to communicate over the networks;
one or more rule sets containing one or more rules, wherein the rule sets are data structures for associating with one or more sockets;
one or more socket sets of one or more of the connected sockets, each of the socket sets associated with one of the rule sets, the rule set controlling one or more packets sent by the applications on each of the sockets in the associated socket set; and
wherein the rule set controls the timing of the sending procedure of the packets to the network or the sending of received packets to the application on any socket in the associated socket set in one or more of the following ways;
limiting a peak rate of delivered packets, limiting size of a burst of packets delivered at the peak rate, and limiting size of sent packets.
-
Specification