Method and system for handling connection setup in a network

US 8,259,628 B2
Filed: 09/06/2011
Issued: 09/04/2012
Est. Priority Date: 06/14/2005
Status: Active Grant

First Claim

Patent Images

1. A method for data communication, the method comprising:

in a network interface hardware device;

receiving connection acceptance criteria from a guest operating system running virtually on a host system;

determining whether to allow establishment of a requested connection from a remote peer based on said received connection acceptance criteria; and

maintaining a connection state that comprises information regarding set up of said requested connection.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain embodiments of a method and system for handling connection setup in a network may comprise a network interface hardware device (NIHW) that may be operable to receive a services list and/or connection acceptance criteria from a first guest operating system running on a host system, receive a connection request from a second guest operating system running on the host system, and determine whether to allow establishment of the requested connection based on one or both of the services list and the connection acceptance criteria. The determination may be made prior to or during connection set up. The NIHW may maintain a connection state comprising information regarding set up of the requested connection. The services list may comprise one or more of a local network address, a local transport address, a network protocol, and a transport protocol. The communicated acceptance criteria may comprise packet filtering operations and/or security operations.

Citations

20 Claims

1. A method for data communication, the method comprising:
- in a network interface hardware device;
  
  receiving connection acceptance criteria from a guest operating system running virtually on a host system;
  
  determining whether to allow establishment of a requested connection from a remote peer based on said received connection acceptance criteria; and
  
  maintaining a connection state that comprises information regarding set up of said requested connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, comprising receiving a services list from said guest operating system.
  - 3. The method according to claim 2, comprising determining whether to allow establishment of said requested connection from said remote peer based on said received services list prior to or during connection set up.
  - 4. The method according to claim 1, wherein said services list comprises one or more of:
    - a local network address, a local transport address, a network protocol, and/or a transport protocol.
  - 5. The method according to claim 1, comprising determining whether to allow establishment of said requested connection from said remote peer based on receiving, from said guest operating system, an indication regarding results from one or more of:
    - a resident packet filtering, a denial of service mitigation service, and/or a security and cryptography service.
  - 6. The method according to claim 1, comprising tearing down an established said requested connection based on an indication from said guest operating system running virtually on said host, a fatal network event, or a signal from said remote peer.
  - 7. The method according to claim 1, comprising making said connection state available to one or more other guest operating systems running virtually on said host to enable said one or more other guest operating systems to tear down an established said requested connection.
  - 8. The method according to claim 1, wherein said communicated acceptance criteria comprises one or more of:
    - qualifying remote IP addresses, packet filtering and/or security operations.
  - 9. The method according to claim 1, comprising, subsequent to receiving an indication that said guest operating system has rejected said requested connection, discontinuing exchanging network primitives and discarding associated said connection state information.
  - 10. The method according to claim 1, comprising, subsequent to establishing said requested connection, tearing down said requested connection and discarding associated said connection state information upon receiving an indication that said requested connection has been rejected by said guest operating system.

11. A system for data communication, the system comprising:
- one or more circuits for use in a network interface hardware device, said one or more circuits being operable to;
  
  receive connection acceptance criteria from a guest operating system running virtually on a host system;
  
  determine whether to allow establishment of a requested connection from a remote peer based on said received connection acceptance criteria; and
  
  maintain a connection state that comprises information regarding set up of said requested connection.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system according to claim 11, wherein said one or more circuits are operable to receive a services list from said guest operating system.
  - 13. The system according to claim 12, wherein said one or more circuits are operable to determine whether to allow establishment of said requested connection from said remote peer based on said received services list prior to or during connection set up.
  - 14. The system according to claim 11, wherein said services list comprises one or more of:
    - a local network address, a local transport address, a network protocol, and/or a transport protocol.
  - 15. The system according to claim 11, wherein said one or more circuits are operable to determine whether to allow establishment of said requested connection from said remote peer based on receiving, from said guest operating system, an indication regarding results from one or more of:
    - a resident packet filtering, a denial of service mitigation service, and/or a security and cryptography service.
  - 16. The system according to claim 11, wherein said one or more circuits are operable to tear down an established said requested connection based on an indication from said guest operating system running virtually on said host, a fatal network event, or a signal from said remote peer.
  - 17. The system according to claim 11, wherein said one or more circuits are operable to make said connection state available to one or more other guest operating systems running virtually on said host to enable said one or more other guest operating systems to tear down an established said requested connection.
  - 18. The system according to claim 11, wherein said communicated acceptance criteria comprises one or more of:
    - qualifying remote IP addresses, packet filtering and/or security operations.
  - 19. The system according to claim 11, wherein said one or more circuits are operable to discontinue exchanging network primitives and discard associated said connection state information subsequent to receiving an indication that said guest operating system has rejected said requested connection.

20. A method for data communication, the method comprising:
- in a network interface hardware device;
  
  receiving a services list from a guest operating system running virtually on a host system;
  
  determining whether to allow establishment of a requested connection from a remote peer based on said received services list prior to or during connection set up; and
  
  maintaining a connection state that comprises information regarding set up of said requested connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
El Zur, Uri
Primary Examiner(s)
Pezzlo, John

Application Number

US13/226,306
Publication Number

US 20120036272A1
Time in Patent Office

364 Days
Field of Search

370/252, 370/278, 370/389, 370/386
US Class Current

370/278
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1458   Denial of Service

H04W 4/50   Service provisioning or rec...

H04W 80/06   Transport layer protocols, ...

Method and system for handling connection setup in a network

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for handling connection setup in a network

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links