45 results about "Martian packet" patented technology

Computerized methods, systems, and computer-readable media are provided for distributing virtualized gateway functionality to multiple nodes within a physical network. Initially, drivers that carry out the gateway functionality are provisioned to cooperate with endpoints instantiated on the network nodes, while a directory service is implemented to maintain a mapping between virtual internet protocol (IP) addresses and location-dependent addresses, as well as a table enumerating transformation actions according to known pathways connecting the endpoints within a network. In operation, the directory service replies to requests from the driver (carrying source and destination IP addresses of data packets) with the appropriate location-dependent addresses (utilizing the mapping) and the appropriate transformation action(s) (utilizing the table). The transformation action(s) include rewriting headers of the data packets to include the location-dependent addresses, encapsulating the data packets as inner data packets within respective outer data packets, or configuring the data packets with a tunneling protocol.

An object of the present invention is to provide a mechanism for improving the detection of missed DL assignment. A method in a base station (110) for sending a data packet to a mobile terminal (120) is provided. The base station (110) uses a current bundling window for transmitting data packets in subframes of a radio channel. The bundling window comprises a number of data packets, already transmitted or to be transmitted to the mobile terminal (120). The data packets are to be confirmed by the mobile terminal (120). In a first subframe, the base station signals to the mobile terminal (120), a first downlink assignment of a first data packet of the bundling window. The downlink assignment comprises knowledge about a minimum total number of data packets within the bundling window that are scheduled to be transmitted to the mobile terminal (120).

The invention relates to a node privacy protection method based on directional random routing in a wireless sensor network. The method comprises the following six steps: establishment of grids, establishment of rings, determination of the grid, where a node locates, in the network, determination of the ring, where the node locates, in the network, routing of a real data packet and routing of confusion data packets. The confusion data packets are introduced to each direction of the network to prevent direction attack of an attacker, and network traffic is equalized; ring-based routing is introduced at the start position of a data packet to prolong the safety period of the network; through a time-domain confusion mechanism, the attacker cannot continue tracing after tracing back to the last node; and the directional routing policy of the real data packet increases diversity of the routing, and improves attack difficulty of the attacker. The node privacy protection method based on the directional random routing in the wireless sensor network can protect a source node and a base station node simultaneously through the design of grid and ring based routing, is suitable for the case of mobile source nodes and multisource nodes, and has good expansibility.

This document describes tools that forward data packets to trusted ports and prevent data packets from egressing non-trusted ports. To do so, the tools receive a data packet having a destination address specifying that the data packet be forwarded to a set of ports associated with a domain. The tools identify a subset of the set of ports as trusted ports and forward the data packet to the subset. The tools prevent the data packet from egressing non-trusted ports of the set. In one embodiment, the tools may classify a port as trusted. To do so, the tools receive a configuration communication identifying trusted devices. The tools broadcast a request to the trusted devices and receive a reply from a reply device on a reply port. The tools determine that the reply device is one of the trusted devices and mark the reply port as a trusted port.

The invention discloses a transmission layer control method oriented to data packet deadline. The active packet loss and admission control are performed at a sending end transmission layer, and the data capable of arriving overtime is not sent; the transmission layer places the data packets with different priorities and issued by an application layer in different sending queues, and a forward error correction redundancy packet is generated according to the network packet loss rate and packet arrival time requirement, and the data packet which cannot arrive before the deadline is abandoned, andthen a scheduler computes the number of the data packet capable of arriving before the deadline according to the bandwidth, the delay and the packet arrival time requirement, and the corresponding number of data packet is selected to send. The admission control is performed at the transmission layer of the sending end, thereby guaranteeing that the data packet transmitted to the receiving end canarrive before the deadline, the retransmission caused by the random packet loss of the network is avoided, the delay is enlarged, and the retransmission cannot be avoided without using the redundancyencoding.

The invention discloses a wireless sensor network security data discovery and dissemination method based on a Hash tree. The method comprises the following steps that: (1) in the initialization phase of a system, a base station constructs an elliptic curve cryptosystem and generates a public key, a private key as well as public parameters; (2) the base station constructs data packets aiming at small data needing distribution, carries out digital signature on the data packets, and then sends the data packets to all sensor nodes of a network; and (3) after the data packets are received by all the sensor nodes, the sensor nodes judge whether the received data packets are legal data packets or not, receive the data packets and update if the received data packets are legal, and directly give up the data packets if the received data packets are illegal. According to the method, the condition that sensor node resources are limited is taken into account, and the security is guaranteed on the basis that the efficiency of a data discovery and dissemination process is guaranteed. The method has the advantages that the node compromise is resisted, the robustness for packet loss and packet transmission disorder is high, no time synchronization between the base station and the sensor nodes exists, and the like.

The invention discloses a safe processing method of a network protocol data packet. The method comprises the following steps of receiving a network protocol data packet P1 from a client; analyzing the network protocol data packet P1; determining whether the analyzed data packet contains a keyword identification of an application layer protocol; if the keyword identification is found, determining whether a packet header content of the network protocol data packet P1 contains a predetermined keyword; and if the predetermined keyword exists, according to a type of the predetermined keyword, carrying out corresponding operation on a content in a packet body of the network protocol data packet P1 and sending a generated network protocol data packet P2 after the operation to a client. In the invention, through safely transmitting the data packet to a remote server, network attacks of different layers can be withstood so that safety of data packet transmission is increased; in addition, different types of the data packets can be distinguished, signature message integrity is verified, and an identity of a sender is confirmed so that a repudiation condition in a transaction is prevented.

The invention discloses a communication method avoiding p2p traffic identification. The method comprises the following steps: S20: serializing information to be sent; S40: splitting the serialized information into a plurality of data packets with random lengths; S60: adding random data with preset lengths at the heads and/or tails of the data packets; and S80: sending the plurality of data packets in a random sequence through a dynamic network port. According to the communication method disclosed by the invention, the means of serializing the information to binary, splitting the data, randomly setting the lengths of the data packets, filling random data in important identification areas, sending the data packets in the random sequence and sending the data packets through the dynamic port and the like are integrated to effectively avoid the identification of the existing p2p traffic identification means and realize speed limitation or interception, and no single module needs to be set to establish an additional communication channel; such means as encrypting the data packets and adding random disturbing data packets and the like are further integrated to reduce the identification rate; and the instruction and the data are divided into double-channel communication to further reduce the identification rate.

A method and apparatus for multipath switching using per-hop virtual local area network (VLAN) remapping is disclosed. In the method and apparatus, a data packet is forwarded for transmission over one of a first port and a second port. The device identifies a VLAN ID of the data packet as a second VLAN ID and changes the second VLAN ID to a first VLAN ID. Then one or more criteria of a classification set entry for forwarding the data packet over the second port are evaluated. The data packet is forwarded over the second port if the criteria are met and the data packet is associated with the second VLAN ID. Alternatively, the data packet is forwarded over the first port and is associated with the first VLAN ID if a dynamic entry specifies the data packet is to be forwarded over the first port.

The invention provides an IPSec VPN safety forwarding method and system for handling power protocols. When an IP data packet enters an IPSec VPN device, a safety policy according with the IP data packet is sought for in a safety policy database according to IP message grouping information, data decryption is performed on the IP message grouping information according to the SP, and an original data message is obtained; then, power protocol characteristic value information identification is performed on the original data message according to characteristic value information in the SP to judge whether the current IP data packet message needs to be forwarded or not. Through the SP subjected to power protocol characteristic identification, fine grit inspecting and matching can be performed on the IP data packet bearing power service, in-tunnel attack to the data packet can be prevented, and thus the problems that because a large number of firewall policies are added into the IPSec VPN device and the data packet enters a protocol stack twice, performance is lowered, and operation maintenance difficulty is increased can be avoided, and the forwarding performance and the forwarding safety of the IPSec VPN data packet are promoted.

The invention provides a network session traffic alignment method based on address translation. The network session traffic alignment method comprises the specific steps: distributing a correspondingavailable address pool for each flow processing server, wherein the address pool comprises a group of available IP addresses; when the traffic server acquires an uplink data packet, selecting an IP address from a corresponding address pool to replace a source IP address in the data packet, then extracting a quintuple of the uplink data packet, and storing the quintuple into a session mapping table; when the target receives the uplink data packet, generating a downlink data packet, and when the downlink data packet passes through another traffic server, sending the downlink data packet to a traffic processing server corresponding to the uplink; and obtaining the quintuple of the data packet after the traffic server receives the downlink data packet, completing alignment when determining that the data packet is the same session data packet after comparing the quintuple with the stored session mapping table, and otherwise, re-injecting the data packet into the network. According to the invention, the function that a specific point only uses a specific IP address is realized, and the scene that bidirectional flow needs to be processed in related applications such as network auditing and network security is satisfied, and the network session traffic alignment method is fast and efficient.

The present invention relates to access node device (1) arranged for receiving and forwarding data packets in a communication network (2), the device comprising at least one processor (20) arranged to: receive data packets from an user node (3); and forward the data packets in a stateless mode over a first path to a destination gateway node (4), the first path being a default path, or forward the data packets in a stateful mode over a second path to a destination node, the second path being determined by user and/or session specific information for said user node (3). Furthermore, the invention also relates to a corresponding gateway node device, a method in an access node, a method in a gateway node, a computer program, and a computer program product thereof.

An apparatus of a communication network system, which routes data packets and stores trusted routes between different communication network systems in a database, detects (S12) that a data packet requires a route with a specific level of trust, determines (S13), from the trusted routes stored in the database, a specific trusted route towards a destination as indicated in the data packet, and sets (S15) the data packet on the specific trusted route towards the destination.

The invention discloses an MPTCP scheduling method based on link state information in a wireless network, and relates to the technical field of computer networks. The scheduling method comprises the following steps: after each TCP sub-stream receives an ACK data packet, updating the position of the TCP sub-stream in the sequence of the network states of all TCP sub-streams according to the networkstate of the TCP sub-stream, and selecting the sent data packet according to the position of the TCP sub-stream in the sequence. Each TCP sub-stream updates the network state of the TCP sub-stream aslong as receiving the ACK data packet, and then sends the next round of data packet without waiting for the next round of scheduling after all TCP sub-streams complete the data packet transmission task, so that the waiting time is greatly shortened, and the data transmission efficiency is improved.

A system for reliably broadcasting a data packet under an ad-hoc network environment including a determining unit for determining whether or not at least one node receiving the broadcast data packet is a relay node, a comparing unit for comparing a first relay node sequence number contained in a management packet which the node transmits with a second relay node sequence number stored in a neighbor table of the node, and a control unit for determining whether or not the data packet is retransmitted to the node according to a result of the comparison of the comparing unit. By comparing the second relay node sequence number stored in the neighbor table of the node which has broadcast the data packet with the first relay node sequence numbers transmitted through a Hello packet, it is possible to check whether or not the data packet is lost during broadcasting, and thus it is possible to reduce a loss factor of the data packet which is generated during broadcasting. Thereby, the data packet can be reliably broadcast.

The invention relates to the technical field of mobile routers, in particular to a remote access method applicable to a mobile router, which comprises the following steps that: 1, a file server running in the mobile router requests a public network server for an IP (Internet Protocol) of the file server, and then returns an outlet IP and a port of the file server; 2, the file server informs clientsoftware of an outlet IP and a port of the mobile router in a short message mode, and the client software tries to be directly connected with the file server; 3, if the direct connection fails, the client software sends the data packet to a public network server, and the public network server adds an outlet IP and a port of the client software to the forwarded data packet and forwards the forwarded data packet to a file server; and 4, the file server makes a reply, attempts to directly connect, and sends the reply to the public network server if the direct connection fails. According to the invention, public network server resources can be better saved.